tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-6472-graficas-con-phantomjs-y-saml' into 'develop' 

SAML with pandora sessions

See merge request artica/pandorafms!3533
This commit is contained in:
Daniel Rodriguez 2020-11-04 18:42:42 +01:00
parent c811f0b85d a961d04c6f
commit b0ccfc89b1
4 changed files with 134 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/general/login_page.php
View File

@ -457,7 +457,12 @@ if ($login_screen == 'logout') {
echo '<div class="content_message_alert">'; echo '<div class="content_message_alert">';
echo '<div class="text_message_alert">'; echo '<div class="text_message_alert">';
echo '<h1>'.__('Logged out').'</h1>'; echo '<h1>'.__('Logged out').'</h1>';
echo '<p>'.__('Your session has ended. Please close your browser window to close this %s session.', get_product_name()).'</p>'; if (empty($config['logout_msg']) === true) {
echo '<p>'.__('Your session has ended. Please close your browser window to close this %s session.', get_product_name()).'</p>';
} else {
echo '<p>'.__($config['logout_msg']).'</p>';
}
echo '</div>'; echo '</div>';
echo '<div class="button_message_alert">'; echo '<div class="button_message_alert">';
html_print_submit_button('Ok', 'hide-login-logout', false); html_print_submit_button('Ok', 'hide-login-logout', false);

3
pandora_console/include/auth/mysql.php
View File

@ -239,8 +239,7 @@ function process_user_login_remote($login, $pass, $api=false)
// Unknown authentication method // Unknown authentication method
default: default:
$config['auth_error'] = 'User not found in database $config['auth_error'] = 'User not found in database or incorrect password';
or incorrect password';
return false; return false;
break; break;
} }

114
pandora_console/include/load_session.php
View File

@ -64,14 +64,23 @@ function pandora_session_close()
function pandora_session_read($session_id) function pandora_session_read($session_id)
{ {
$session_id = addslashes($session_id); $session_id = addslashes($session_id);
$session_data = db_get_value(
'data', // Do not use SQL cache here.
'tsessions_php', $session_data = db_get_all_rows_sql(
'id_session', sprintf(
$session_id 'SELECT data
FROM `tsessions_php` WHERE id_session="%s"',
$session_id
),
false,
false
); );
if (!empty($session_data)) { if (is_array($session_data) === true) {
$session_data = $session_data[0]['data'];
}
if (empty($session_data) === false) {
return $session_data; return $session_data;
} else { } else {
return ''; return '';
@ -90,7 +99,6 @@ function pandora_session_read($session_id)
function pandora_session_write($session_id, $data) function pandora_session_write($session_id, $data)
{ {
$session_id = addslashes($session_id); $session_id = addslashes($session_id);
if (is_ajax()) { if (is_ajax()) {
// Avoid session upadte while processing ajax responses - notifications. // Avoid session upadte while processing ajax responses - notifications.
if (get_parameter('check_new_notifications', false)) { if (get_parameter('check_new_notifications', false)) {
@ -101,18 +109,22 @@ function pandora_session_write($session_id, $data)
$values = []; $values = [];
$values['last_active'] = time(); $values['last_active'] = time();
if (!empty($data)) { if (empty($data) === false) {
$values['data'] = addslashes($data); $values['data'] = addslashes($data);
} }
$session_exists = (bool) db_get_value( // Do not use SQL cache here.
'COUNT(id_session)', $session_exists = db_get_all_rows_sql(
'tsessions_php', sprintf(
'id_session', 'SELECT id_session
$session_id FROM `tsessions_php` WHERE id_session="%s"',
$session_id
),
false,
false
); );
if (!$session_exists) { if ($session_exists === false) {
$values['id_session'] = $session_id; $values['id_session'] = $session_id;
$retval_write = db_process_sql_insert('tsessions_php', $values); $retval_write = db_process_sql_insert('tsessions_php', $values);
} else { } else {
@ -198,11 +210,69 @@ function pandora_session_gc($max_lifetime=300)
} }
$result_handler = session_set_save_handler( /**
'pandora_session_open', * Enables custom session handlers.
'pandora_session_close', *
'pandora_session_read', * @return boolean Context changed or not.
'pandora_session_write', */
'pandora_session_destroy', function enable_session_handlers()
'pandora_session_gc' {
); global $config;
if ($config['_using_pandora_sessionhandlers'] !== true) {
if (session_status() !== PHP_SESSION_NONE) {
// Close previous version.
session_write_close();
}
$sesion_handler = session_set_save_handler(
'pandora_session_open',
'pandora_session_close',
'pandora_session_read',
'pandora_session_write',
'pandora_session_destroy',
'pandora_session_gc'
);
session_start();
// Restore previous session.
$config['_using_pandora_sessionhandlers'] = true;
return $sesion_handler;
}
return false;
}
/**
* Disables custom session handlers.
*
* @param string|null $id_session Force swap to target session.
*
* @return void
*/
function disable_session_handlers($id_session=null)
{
global $config;
if (session_status() !== PHP_SESSION_NONE) {
// Close previous version.
session_write_close();
}
$ss = new SessionHandler();
session_set_save_handler($ss, true);
if ($id_session !== null) {
session_id($id_session);
}
session_start();
$config['_using_pandora_sessionhandlers'] = false;
}
// Always enable session handler.
$result_handler = enable_session_handlers();

56
pandora_console/index.php
View File

@ -222,7 +222,7 @@ echo '<head>'."\n";
ob_start('ui_process_page_head'); ob_start('ui_process_page_head');
// Enterprise main. // Enterprise main.
enterprise_include('index.php'); enterprise_include_once('index.php');
echo '<script type="text/javascript">'; echo '<script type="text/javascript">';
echo 'var dispositivo = navigator.userAgent.toLowerCase();'; echo 'var dispositivo = navigator.userAgent.toLowerCase();';
@ -273,6 +273,7 @@ if (strlen($search) > 0) {
} }
// Login process. // Login process.
enterprise_include_once('include/auth/saml.php');
if (! isset($config['id_user'])) { if (! isset($config['id_user'])) {
// Clear error messages. // Clear error messages.
unset($_COOKIE['errormsg']); unset($_COOKIE['errormsg']);
@ -395,24 +396,33 @@ if (! isset($config['id_user'])) {
$nick_in_db = $_SESSION['prepared_login_da']['id_user']; $nick_in_db = $_SESSION['prepared_login_da']['id_user'];
$expired_pass = false; $expired_pass = false;
} else if (($config['auth'] == 'saml') && ($login_button_saml)) { } else if (($config['auth'] == 'saml') && ($login_button_saml)) {
$saml_configured = include_once $config['homedir'].'/'.ENTERPRISE_DIR.'/include/auth/saml.php'; $saml_user_id = enterprise_hook('saml_process_user_login');
if (!$saml_configured) {
include_once 'general/noaccesssaml.php';
}
$saml_user_id = saml_process_user_login();
if (!$saml_user_id) { if (!$saml_user_id) {
include_once 'general/noaccesssaml.php'; $login_failed = true;
} include_once 'general/login_page.php';
while (@ob_end_flush()) {
// Dumping...
continue;
}
exit('</html>');
}
$nick_in_db = $saml_user_id; $nick_in_db = $saml_user_id;
if (!$nick_in_db) { if (!$nick_in_db) {
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php'; if ($config['auth'] === 'saml') {
$as = new SimpleSAML_Auth_Simple($config['saml_source']); enterprise_hook('saml_logout');
$as->logout(); }
if (session_status() !== PHP_SESSION_NONE) {
$_SESSION = [];
session_destroy();
header_remove('Set-Cookie');
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
}
// Process logout.
include 'general/logoff.php';
} }
} else { } else {
// process_user_login is a virtual function which should be defined in each auth file. // process_user_login is a virtual function which should be defined in each auth file.
@ -735,7 +745,7 @@ if (! isset($config['id_user'])) {
exit('</html>'); exit('</html>');
} }
} else { } else if (isset($_GET['bye']) === false) {
// There is no user connected. // There is no user connected.
if ($config['enterprise_installed']) { if ($config['enterprise_installed']) {
enterprise_include_once('include/functions_reset_pass.php'); enterprise_include_once('include/functions_reset_pass.php');
@ -953,6 +963,10 @@ if (! isset($config['id_user'])) {
} }
exit('</html>'); exit('</html>');
} else {
if ($config['auth'] === 'saml') {
enterprise_hook('saml_login_status_verifier');
}
} }
} }
} }
@ -964,19 +978,19 @@ if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
// Log off. // Log off.
if (isset($_GET['bye'])) { if (isset($_GET['bye'])) {
include 'general/logoff.php';
$iduser = $_SESSION['id_usuario']; $iduser = $_SESSION['id_usuario'];
if ($config['auth'] === 'saml') {
enterprise_hook('saml_logout');
}
$_SESSION = []; $_SESSION = [];
session_destroy(); session_destroy();
header_remove('Set-Cookie'); header_remove('Set-Cookie');
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/'); setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
if ($config['auth'] == 'saml') { // Process logout.
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php'; include 'general/logoff.php';
$as = new SimpleSAML_Auth_Simple('PandoraFMS');
$as->logout();
}
while (@ob_end_flush()) { while (@ob_end_flush()) {
// Dumping... // Dumping...