tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-3693-pete-php-pantalla-en-blanco-con-auth-saml' into 'develop' 

Add message for autenticaition error SAML

See merge request artica/pandorafms!2562
This commit is contained in:
Alejandro Fraguas 2019-07-04 14:45:45 +02:00
parent e0a1f1b8b9 6349c29eb5
commit 8c1d119819
3 changed files with 338 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
pandora_console/general/noaccesssaml.php Normal file
View File

@ -0,0 +1,164 @@
<html>
<head>
<style>
#alert_messages_na{
z-index:2;
position: absolute;
left: 50%;
top: 50%;
transform: translate(-50%, -50%);
-webkit-transform: translate(-50%, -50%);
width:650px;
height: 400px;
background:white;
background-image:url('images/imagen-no-acceso.jpg');
background-repeat:no-repeat;
justify-content: center;
display: flex;
flex-direction: column;
box-shadow:4px 5px 10px 3px rgba(0, 0, 0, 0.4);
}
.modalheade{
text-align:center;
width:100%;
position:absolute;
top:0;
}
.modalheadertex{
color:#000;
font-family:Nunito;
line-height: 40px;
font-size: 23pt;
margin-bottom:30px;
}
.modalclose{
cursor:pointer;
display:inline;
float:right;
margin-right:10px;
margin-top:10px;
}
.modalconten{
color:black;
width:300px;
margin-left: 30px;
}
.modalcontenttex{
text-align:left;
color:black;
font-size: 11pt;
line-height:13pt;
margin-bottom:30px;
}
.modalokbutto{
cursor:pointer;
text-align:center;
display: inline-block;
padding: 6px 45px;
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
border-radius: 3px;
background-color:white;
border: 1px solid #82b92e;
}
.modalokbuttontex{
color:#82b92e;
font-family:Nunito;
font-size:13pt;
}
.modalgobutto{
cursor:pointer;
text-align:center;
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
border-radius: 3px;
background-color:white;
border: 1px solid #82b92e;
}
.modalgobuttontex{
color:#82b92e;
font-family:Nunito;
font-size:10pt;
}
#opacidad{
position:fixed;
background:black;
opacity:0.6;
z-index:-1;
left:0px;
top:0px;
width:100%;
height:100%;
}
/*
.textodialog{
margin-left: 0px;
color:#333;
padding:20px;
font-size:9pt;
}
.cargatextodialog{
max-width:58.5%;
width:58.5%;
min-width:58.5%;
float:left;
margin-left: 0px;
font-size:18pt;
padding:20px;
text-align:center;
}
.cargatextodialog p, .cargatextodialog b, .cargatextodialog a{
font-size:18pt;
}
*/
</style>
</head>
<body>
<div id="alert_messages_na">
<div class='modalheade'>
<img class='modalclose cerrar' src='<?php echo $config['homeurl']; ?>images/input_cross.png'>
</div>
<div class='modalconten'>
<div class='modalheadertex'>
<?php echo __("You don't have access to this page"); ?>
</div>
<div class='modalcontenttex'>
<?php
echo __('Access to this page is restricted to authorized users SAML only, please contact system administrator if you need assistance.');
echo '<br/> <br/>';
echo __('Please make sure you have SAML authentication properly configured. For more information the error to access this page are recorded in security logs of %s System Database', get_product_name());
?>
</div>
<div class='modalokbutto cerrar'>
<span class='modalokbuttontex'>OK</span>
</div>
</div>
</div>
<div id="opacidad"></div>
</body>
</html>
<script>
$(".cerrar").click(function(){
window.location=".";
});
$('div#page').css('background-color','#d3d3d3');
</script>

166
pandora_console/include/auth/saml.php Executable file
View File

@ -0,0 +1,166 @@
<?php
// ______ __ _______ _______ _______
// | __ \.---.-.-----.--| |.-----.----.---.-. | ___| | | __|
// | __/| _ | | _ || _ | _| _ | | ___| |__ |
// |___| |___._|__|__|_____||_____|__| |___._| |___| |__|_|__|_______|
//
// ============================================================================
// Copyright (c) 2007-2010 Artica Soluciones Tecnologicas, http://www.artica.es
// This code is NOT free software. This code is NOT licenced under GPL2 licence
// You cannnot redistribute it without written permission of copyright holder.
// ============================================================================
global $config;
if (!file_exists($config['saml_path'].'simplesamlphp/lib/_autoload.php')) {
return false;
}
/**
* Authenticate in saml system (red.es)
*
* @param string Login
* @param string Password
*
* @return boolean True if the login succeeds, false otherwise
*/
function saml_process_user_login()
{
global $config;
// SAML authentication attributes
$as = new SimpleSAML_Auth_Simple('PandoraFMS');
$as->requireAuth();
$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();
$attributes = $as->getAttributes();
if (empty($attributes)) {
return false;
}
$id_user = $attributes[SAML_MAIL_IN_PANDORA][0];
$email = $attributes[SAML_MAIL_IN_PANDORA][0];
$group_name = $attributes[SAML_GROUP_IN_PANDORA][0];
$profiles_and_tags = $attributes[SAML_ROLE_AND_TAG];
$profile_names = [];
$tag_names = [];
// Manages array with tags and roles to separate them
foreach ($profiles_and_tags as $profile_or_tag) {
$is_profile_or_tag = explode(SAML_DEFAULT_PROFILES_AND_TAGS_FORM, $profile_or_tag);
$is_profile_or_tag2 = explode(':', $is_profile_or_tag[1]);
if ($is_profile_or_tag2[0] == 'role') {
$profile_names[] = $is_profile_or_tag2[1];
} else if ($is_profile_or_tag2[0] == 'tag') {
$tag_names[] = $is_profile_or_tag2[1];
}
}
// Connect to Pandora db
$connection = mysql_connect_db(
$config['pandora_server'],
$config['pandora_dbname'],
$config['pandora_user'],
$config['pandora_pass']
);
if ($connection === false) {
return false;
}
// Get the red.es user id
$rows = db_get_all_rows_sql(
"SELECT * FROM tusuario
WHERE id_user = '".$id_user."'",
false,
false,
$connection
);
// Checks group id, profiles id and tags id
$group_id = '';
$profile_id = [];
$tag_id = '';
$tags_to_profile = '';
if ($group_name != '') {
$group_id = db_get_all_rows_sql("SELECT id_grupo FROM tgrupo WHERE nombre = '".$group_name."'");
$group_id = $group_id[0]['id_grupo'];
if (empty($group_id)) {
$config['auth_error'] = 'Group not found in database';
db_pandora_audit('Logon Failed', 'Group '.$group_name.' not found in database', $_SERVER['REMOTE_ADDR']);
return false;
}
}
if (!empty($profile_names)) {
foreach ($profile_names as $profile_name) {
$profile_id[] = db_get_row_sql("SELECT id_perfil FROM tperfil WHERE name = '".io_safe_input($profile_name)."'");
}
}
if (!empty($tag_names)) {
$i = 0;
foreach ($tag_names as $tag_name) {
$tag_id = db_get_row_sql("SELECT id_tag FROM ttag WHERE name = '".io_safe_input($tag_name)."'");
if ($i == 0) {
$tags_to_profile = (String) $tag_id['id_tag'];
} else {
$tags_to_profile .= ','.(String) $tag_id['id_tag'];
}
$i++;
}
}
// If user does not exist in Pandora
if (empty($rows)) {
if ($id_user != '') {
$values_user = [];
$values_user['id_user'] = $id_user;
$values_user['email'] = $email;
$result_insert_user = db_process_sql_insert('tusuario', $values_user);
// Separates user insert of profile insert
$values_user_profile = [];
$values_user_profile['id_usuario'] = $id_user;
$values_user_profile['id_grupo'] = $group_id;
$values_user_profile['tags'] = $tags_to_profile;
foreach ($profile_id as $id) {
$values_user_profile['id_perfil'] = $id['id_perfil'];
$result_insert_user_profile = db_process_sql_insert('tusuario_perfil', $values_user_profile);
}
if (!$result_insert_user_profile) {
$config['auth_error'] = 'Login error';
return false;
}
return $id_user;
} else {
return false;
}
} else {
$user = $rows[0];
// To update the profiles, delete the old and insert the new
$have_profiles = db_get_all_rows_sql("SELECT id_up FROM tusuario_perfil WHERE id_usuario = '".$user['id_user']."'");
if ($have_profiles) {
$delete_old_profiles = db_process_sql("DELETE FROM tusuario_perfil WHERE id_usuario = '".$user['id_user']."'");
}
$values_user_profile = [];
$values_user_profile['id_usuario'] = $user['id_user'];
$values_user_profile['id_grupo'] = $group_id;
$values_user_profile['tags'] = $tags_to_profile;
foreach ($profile_id as $id) {
$values_user_profile['id_perfil'] = $id['id_perfil'];
$result_insert_user_profile = db_process_sql_insert('tusuario_perfil', $values_user_profile);
}
return $user['id_user'];
}
$config['auth_error'] = 'User not found in database or incorrect password';
return false;
}

11
pandora_console/index.php
View File

@ -359,12 +359,17 @@ if (! isset($config['id_user'])) {
$nick_in_db = $_SESSION['prepared_login_da']['id_user']; $nick_in_db = $_SESSION['prepared_login_da']['id_user'];
$expired_pass = false; $expired_pass = false;
} else if (($config['auth'] == 'saml') && ($login_button_saml)) { } else if (($config['auth'] == 'saml') && ($login_button_saml)) {
include_once ENTERPRISE_DIR.'/include/auth/saml.php'; if (!include_once 'include/auth/saml.php') {
include_once 'general/noaccesssaml.php';
$saml_user_id = saml_process_user_login(); } else {
$saml_user_id = saml_process_user_login();
}
$nick_in_db = $saml_user_id; $nick_in_db = $saml_user_id;
if (!$nick_in_db) { if (!$nick_in_db) {
include_once 'general/noaccesssaml.php';
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php'; include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
$as = new SimpleSAML_Auth_Simple('PandoraFMS'); $as = new SimpleSAML_Auth_Simple('PandoraFMS');
$as->logout(); $as->logout();