From d08d1b1926e709bcdac1e29164b19bc1655caf56 Mon Sep 17 00:00:00 2001 From: Daniel Cebrian Date: Fri, 12 Apr 2024 13:28:47 +0200 Subject: [PATCH] #13035 added token login in mobile --- pandora_console/include/javascript/pandora.js | 9 ++++- pandora_console/mobile/include/user.class.php | 40 +++++-------------- pandora_console/mobile/index.php | 1 + 3 files changed, 20 insertions(+), 30 deletions(-) diff --git a/pandora_console/include/javascript/pandora.js b/pandora_console/include/javascript/pandora.js index 5287a0fd54..ca2f972f01 100644 --- a/pandora_console/include/javascript/pandora.js +++ b/pandora_console/include/javascript/pandora.js @@ -2745,9 +2745,16 @@ function redirectNode(url, target = "_blank") { event.preventDefault(); } + let pathAjax = "ajax.php"; + + // Detect if view is phone. + if (window.settings && window.settings.mobile) { + pathAjax = "../ajax.php"; + } + $.ajax({ method: "POST", - url: "ajax.php", + url: pathAjax, dataType: "json", data: { page: "include/ajax/token", diff --git a/pandora_console/mobile/include/user.class.php b/pandora_console/mobile/include/user.class.php index faedcdf03f..1299a1c38d 100644 --- a/pandora_console/mobile/include/user.class.php +++ b/pandora_console/mobile/include/user.class.php @@ -83,55 +83,37 @@ class User { $system = System::getInstance(); - $loginhash = $system->getRequest('loginhash', null); $autologin = $system->getRequest('autologin', false); + $auth_token = $_POST['auth_token']; if ($autologin !== false) { $user = $system->getRequest('user', null); $password = $system->getRequest('password', null); $this->login($user, $password); - } else { - if (empty($loginhash) === false) { - // Hash login process. - $loginhash_data = $system->getRequest('loginhash_data', null); - $loginhash_user = str_rot13($system->getRequest('loginhash_user', null)); - $this->login($loginhash_user, null, $loginhash_data); - } + } else if (empty($auth_token) === false) { + $this->login(null, null, $auth_token); } return $this->logged; } - public function login($user=null, $password=null, $loginhash_data='') + public function login($user=null, $password=null, $auth_token='') { global $config; $system = System::getInstance(); - - if (empty($loginhash_data) === false) { - if ($config['loginhash_pwd'] != '' - && $loginhash_data == md5( - $user.io_output_password( - $config['loginhash_pwd'] - ) - ) + if (empty($auth_token) === false && (bool) $config['JWT_signature'] !== false) { + $jwt = new JWTRepository($config['JWT_signature']); + if ($jwt->setToken($auth_token) + && $jwt->validate() ) { $this->logged = true; - $this->user = $user; + $this->user = $jwt->payload()->get('id_user'); $this->loginTime = time(); $this->errorLogin = false; $this->saveLogin(); } else { - include_once 'general/login_page.php'; - db_pandora_audit( - AUDIT_LOG_USER_REGISTRATION, - 'Loginhash failed', - 'system' - ); - while (ob_get_length() > 0) { - ob_end_flush(); - } - - exit(''); + $this->logged = false; + $this->errorLogin = __('Token invalid'); } return $this->logged; diff --git a/pandora_console/mobile/index.php b/pandora_console/mobile/index.php index 3ed9253747..be2e1dea2e 100644 --- a/pandora_console/mobile/index.php +++ b/pandora_console/mobile/index.php @@ -31,6 +31,7 @@ require_once 'include/user.class.php'; * serializing objects stored into the session. */ require_once '../include/config.php'; +require_once '../include/class/JWTRepository.class.php'; require_once 'operation/home.php'; require_once 'operation/tactical.php';