Allow API authentication using the `auth` query parameter containing an auth. hash. (#1845)
* Allow API authentication using the `auth` query parameter containing an auth. hash. Fixes #1827 The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form. * Move logger.php's global Debug function to Logger::Debug to avoid polluting globals This avoids a conflict with CakePHP when logger.php gets included indrectly from API code. * Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
This commit is contained in:
parent
1e45146db8
commit
33092e4022
|
@ -21,23 +21,23 @@ if ( !@socket_bind( $socket, $locSockFile ) )
|
||||||
switch ( $_REQUEST['command'] )
|
switch ( $_REQUEST['command'] )
|
||||||
{
|
{
|
||||||
case CMD_VARPLAY :
|
case CMD_VARPLAY :
|
||||||
Debug( "Varplaying to ".$_REQUEST['rate'] );
|
Logger::Debug( "Varplaying to ".$_REQUEST['rate'] );
|
||||||
$msg = pack( "lcn", MSG_CMD, $_REQUEST['command'], $_REQUEST['rate']+32768 );
|
$msg = pack( "lcn", MSG_CMD, $_REQUEST['command'], $_REQUEST['rate']+32768 );
|
||||||
break;
|
break;
|
||||||
case CMD_ZOOMIN :
|
case CMD_ZOOMIN :
|
||||||
Debug( "Zooming to ".$_REQUEST['x'].",".$_REQUEST['y'] );
|
Logger::Debug( "Zooming to ".$_REQUEST['x'].",".$_REQUEST['y'] );
|
||||||
$msg = pack( "lcnn", MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] );
|
$msg = pack( "lcnn", MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] );
|
||||||
break;
|
break;
|
||||||
case CMD_PAN :
|
case CMD_PAN :
|
||||||
Debug( "Panning to ".$_REQUEST['x'].",".$_REQUEST['y'] );
|
Logger::Debug( "Panning to ".$_REQUEST['x'].",".$_REQUEST['y'] );
|
||||||
$msg = pack( "lcnn", MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] );
|
$msg = pack( "lcnn", MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] );
|
||||||
break;
|
break;
|
||||||
case CMD_SCALE :
|
case CMD_SCALE :
|
||||||
Debug( "Scaling to ".$_REQUEST['scale'] );
|
Logger::Debug( "Scaling to ".$_REQUEST['scale'] );
|
||||||
$msg = pack( "lcn", MSG_CMD, $_REQUEST['command'], $_REQUEST['scale'] );
|
$msg = pack( "lcn", MSG_CMD, $_REQUEST['command'], $_REQUEST['scale'] );
|
||||||
break;
|
break;
|
||||||
case CMD_SEEK :
|
case CMD_SEEK :
|
||||||
Debug( "Seeking to ".$_REQUEST['offset'] );
|
Logger::Debug( "Seeking to ".$_REQUEST['offset'] );
|
||||||
$msg = pack( "lcN", MSG_CMD, $_REQUEST['command'], $_REQUEST['offset'] );
|
$msg = pack( "lcN", MSG_CMD, $_REQUEST['command'], $_REQUEST['offset'] );
|
||||||
break;
|
break;
|
||||||
default :
|
default :
|
||||||
|
|
|
@ -88,6 +88,31 @@ class AppController extends Controller {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( isset($_REQUEST['auth']) ) {
|
||||||
|
require_once "../../../includes/functions.php";
|
||||||
|
|
||||||
|
// Define some defines required by getAuthUser in functions.php
|
||||||
|
$defines = array('ZM_AUTH_HASH_IPS', 'ZM_AUTH_HASH_SECRET', 'ZM_AUTH_RELAY', 'ZM_OPT_USE_AUTH');
|
||||||
|
$configQuery = array(
|
||||||
|
'conditions' => array('OR' => array('Name' => $defines)),
|
||||||
|
'fields' => array('Name', 'Value')
|
||||||
|
);
|
||||||
|
$config = $this->Config->find('list', $configQuery);
|
||||||
|
|
||||||
|
foreach ($defines as $define) {
|
||||||
|
define($define, $config[$define]);
|
||||||
|
}
|
||||||
|
|
||||||
|
$user = getAuthUser($_REQUEST['auth']);
|
||||||
|
if ( ! $user ) {
|
||||||
|
throw new UnauthorizedException(__('User not found'));
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
|
$this->Session->Write( 'user.Username', $user['Username'] );
|
||||||
|
$this->Session->Write( 'user.Enabled', $user['Enabled'] );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if( ! $this->Session->Read('user.Username') ) {
|
if( ! $this->Session->Read('user.Username') ) {
|
||||||
throw new UnauthorizedException(__('Not Authenticated'));
|
throw new UnauthorizedException(__('Not Authenticated'));
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -218,11 +218,11 @@ class Event {
|
||||||
}
|
}
|
||||||
|
|
||||||
$command ='ffmpeg -v 0 -i '.$videoPath.' -vf "select=gte(n\\,'.$frame['FrameId'].'),setpts=PTS-STARTPTS" '.$eventPath.'/'.$captImage;
|
$command ='ffmpeg -v 0 -i '.$videoPath.' -vf "select=gte(n\\,'.$frame['FrameId'].'),setpts=PTS-STARTPTS" '.$eventPath.'/'.$captImage;
|
||||||
Debug( "Running $command" );
|
Logger::Debug( "Running $command" );
|
||||||
$output = array();
|
$output = array();
|
||||||
$retval = 0;
|
$retval = 0;
|
||||||
exec( $command, $output, $retval );
|
exec( $command, $output, $retval );
|
||||||
Debug("Retval: $retval, output: " . implode("\n", $output));
|
Logger::Debug("Retval: $retval, output: " . implode("\n", $output));
|
||||||
} else {
|
} else {
|
||||||
Error("Can't create frame images from video becuase there is no video file for this event (".$Event->DefaultVideo() );
|
Error("Can't create frame images from video becuase there is no video file for this event (".$Event->DefaultVideo() );
|
||||||
}
|
}
|
||||||
|
|
|
@ -88,7 +88,7 @@ function dbLog( $sql, $update=false )
|
||||||
global $dbLogLevel;
|
global $dbLogLevel;
|
||||||
$noExecute = $update && ($dbLogLevel >= DB_LOG_DEBUG);
|
$noExecute = $update && ($dbLogLevel >= DB_LOG_DEBUG);
|
||||||
if ( $dbLogLevel > DB_LOG_OFF )
|
if ( $dbLogLevel > DB_LOG_OFF )
|
||||||
Debug( "SQL-LOG: $sql".($noExecute?" (not executed)":"") );
|
Logger::Debug( "SQL-LOG: $sql".($noExecute?" (not executed)":"") );
|
||||||
return( $noExecute );
|
return( $noExecute );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -27,6 +27,9 @@ if ( version_compare( phpversion(), "4.3.0", "<") ) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
require_once( 'logger.php' );
|
||||||
|
require_once( 'database.php' );
|
||||||
|
|
||||||
function userLogin( $username, $password="", $passwordHashed=false ) {
|
function userLogin( $username, $password="", $passwordHashed=false ) {
|
||||||
global $user, $cookies;
|
global $user, $cookies;
|
||||||
|
|
||||||
|
|
|
@ -165,7 +165,7 @@ class Logger
|
||||||
|
|
||||||
$this->initialised = true;
|
$this->initialised = true;
|
||||||
|
|
||||||
Debug( "LogOpts: level=".self::$codes[$this->level]."/".self::$codes[$this->effectiveLevel].", screen=".self::$codes[$this->termLevel].", database=".self::$codes[$this->databaseLevel].", logfile=".self::$codes[$this->fileLevel]."->".$this->logFile.", weblog=".self::$codes[$this->weblogLevel].", syslog=".self::$codes[$this->syslogLevel] );
|
Logger::Debug( "LogOpts: level=".self::$codes[$this->level]."/".self::$codes[$this->effectiveLevel].", screen=".self::$codes[$this->termLevel].", database=".self::$codes[$this->databaseLevel].", logfile=".self::$codes[$this->fileLevel]."->".$this->logFile.", weblog=".self::$codes[$this->weblogLevel].", syslog=".self::$codes[$this->syslogLevel] );
|
||||||
}
|
}
|
||||||
|
|
||||||
private function terminate()
|
private function terminate()
|
||||||
|
@ -212,6 +212,11 @@ class Logger
|
||||||
return self::$instance;
|
return self::$instance;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function Debug( $string )
|
||||||
|
{
|
||||||
|
Logger::fetch()->logPrint( Logger::DEBUG, $string );
|
||||||
|
}
|
||||||
|
|
||||||
public function id( $id=NULL )
|
public function id( $id=NULL )
|
||||||
{
|
{
|
||||||
if ( isset($id) && $this->id != $id )
|
if ( isset($id) && $this->id != $id )
|
||||||
|
@ -505,11 +510,6 @@ function Dump( &$var, $label="VAR" )
|
||||||
Logger::fetch()->logPrint( Logger::DEBUG, ob_get_clean() );
|
Logger::fetch()->logPrint( Logger::DEBUG, ob_get_clean() );
|
||||||
}
|
}
|
||||||
|
|
||||||
function Debug( $string )
|
|
||||||
{
|
|
||||||
Logger::fetch()->logPrint( Logger::DEBUG, $string );
|
|
||||||
}
|
|
||||||
|
|
||||||
function Info( $string )
|
function Info( $string )
|
||||||
{
|
{
|
||||||
Logger::fetch()->logPrint( Logger::INFO, $string );
|
Logger::fetch()->logPrint( Logger::INFO, $string );
|
||||||
|
|
|
@ -114,7 +114,7 @@ if ( !file_exists( ZM_SKIN_PATH ) )
|
||||||
$skinBase[] = $skin;
|
$skinBase[] = $skin;
|
||||||
|
|
||||||
$currentCookieParams = session_get_cookie_params();
|
$currentCookieParams = session_get_cookie_params();
|
||||||
Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)');
|
Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)');
|
||||||
session_set_cookie_params(
|
session_set_cookie_params(
|
||||||
$currentCookieParams["lifetime"],
|
$currentCookieParams["lifetime"],
|
||||||
$currentCookieParams["path"],
|
$currentCookieParams["path"],
|
||||||
|
@ -176,8 +176,8 @@ isset($view) || $view = NULL;
|
||||||
isset($request) || $request = NULL;
|
isset($request) || $request = NULL;
|
||||||
isset($action) || $action = NULL;
|
isset($action) || $action = NULL;
|
||||||
|
|
||||||
if ( ZM_ENABLE_CSRF_MAGIC && $action != 'login' ) {
|
if ( ZM_ENABLE_CSRF_MAGIC ) {
|
||||||
Debug("Calling csrf_check with the following values: \$request = \"$request\", \$view = \"$view\", \$action = \"$action\"");
|
Logger::Debug("Calling csrf_check with the following values: \$request = \"$request\", \$view = \"$view\", \$action = \"$action\"");
|
||||||
csrf_check();
|
csrf_check();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue