make old API auth optional, on by default
This commit is contained in:
parent
21710b6e49
commit
881d531fe9
|
@ -396,6 +396,17 @@ our @options = (
|
||||||
type => $types{boolean},
|
type => $types{boolean},
|
||||||
category => 'system',
|
category => 'system',
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name => 'ZM_OPT_USE_LEGACY_API_AUTH',
|
||||||
|
default => 'yes',
|
||||||
|
description => 'Enable legacy API authentication',
|
||||||
|
help => q`
|
||||||
|
Starting version 1.34.0, ZoneMinder uses a more secure
|
||||||
|
Authentication mechanism using JWT tokens. Older versions used a less secure MD5 based auth hash. It is recommended you turn this off after you are sure you don't need it. If you are using a 3rd party app that relies on the older API auth mechanisms, you will have to update that app if you turn this off. Note that zmNinja 1.3.057 onwards supports the new token system
|
||||||
|
`,
|
||||||
|
type => $types{boolean},
|
||||||
|
category => 'system',
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name => 'ZM_OPT_USE_EVENTNOTIFICATION',
|
name => 'ZM_OPT_USE_EVENTNOTIFICATION',
|
||||||
default => 'no',
|
default => 'no',
|
||||||
|
|
|
@ -31,56 +31,52 @@ class HostController extends AppController {
|
||||||
}
|
}
|
||||||
|
|
||||||
function login() {
|
function login() {
|
||||||
$cred_depr = $this->_getCredentialsDeprecated();
|
|
||||||
$ver = $this->_getVersion();
|
|
||||||
|
|
||||||
$mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user');
|
$mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user');
|
||||||
$mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass');
|
$mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass');
|
||||||
$mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token');
|
$mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token');
|
||||||
|
|
||||||
|
$ver = $this->_getVersion();
|
||||||
|
$cred = [];
|
||||||
|
$cred_depr = [];
|
||||||
|
|
||||||
if ($mUser && $mPassword) {
|
if ($mUser && $mPassword) {
|
||||||
$cred = $this->_getCredentials(true);
|
$cred = $this->_getCredentials(true); // generate refresh
|
||||||
// if you authenticated via user/pass then generate new refresh
|
|
||||||
$this->set(array(
|
|
||||||
'access_token'=>$cred[0],
|
|
||||||
'access_token_expires'=>$cred[1],
|
|
||||||
'refresh_token'=>$cred[2],
|
|
||||||
'refresh_token_expires'=>$cred[3],
|
|
||||||
'credentials'=>$cred_depr[0],
|
|
||||||
'append_password'=>$cred_depr[1],
|
|
||||||
'version' => $ver[0],
|
|
||||||
'apiversion' => $ver[1],
|
|
||||||
'_serialize' => array(
|
|
||||||
'access_token',
|
|
||||||
'access_token_expires',
|
|
||||||
'refresh_token',
|
|
||||||
'refresh_token_expires',
|
|
||||||
'version',
|
|
||||||
'credentials',
|
|
||||||
'append_password',
|
|
||||||
'apiversion'
|
|
||||||
)));
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$cred = $this->_getCredentials(false);
|
$cred = $this->_getCredentials(false); // don't generate refresh
|
||||||
$this->set(array(
|
}
|
||||||
|
|
||||||
|
$login_array = array (
|
||||||
'access_token'=>$cred[0],
|
'access_token'=>$cred[0],
|
||||||
'access_token_expires'=>$cred[1],
|
'access_token_expires'=>$cred[1],
|
||||||
'credentials'=>$cred_depr[0],
|
|
||||||
'append_password'=>$cred_depr[1],
|
|
||||||
'version' => $ver[0],
|
'version' => $ver[0],
|
||||||
'apiversion' => $ver[1],
|
'apiversion' => $ver[1]
|
||||||
'_serialize' => array(
|
);
|
||||||
|
|
||||||
|
$login_serialize_list = array (
|
||||||
'access_token',
|
'access_token',
|
||||||
'access_token_expires',
|
'access_token_expires',
|
||||||
'version',
|
'version',
|
||||||
'credentials',
|
|
||||||
'append_password',
|
|
||||||
'apiversion'
|
'apiversion'
|
||||||
)));
|
);
|
||||||
|
|
||||||
|
if ($mUser && mPassword) {
|
||||||
|
$login_array['refresh_token'] = $cred[2];
|
||||||
|
$login_array['refresh_token_expires'] = $cred[3];
|
||||||
|
array_push ($login_serialize_list, 'refresh_token', 'refresh_token_expires');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ZM_OPT_USE_LEGACY_API_AUTH) {
|
||||||
|
$cred_depr = $this->_getCredentialsDeprecated();
|
||||||
|
$login_array ['credentials']=$cred_depr[0];
|
||||||
|
$login_array ['append_password']=$cred_depr[1];
|
||||||
|
array_push ($login_serialize_list, 'credentials', 'append_password');
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->set($login_array,
|
||||||
|
'_serialize' => $login_serialize_list);
|
||||||
|
|
||||||
|
|
||||||
} // end function login()
|
} // end function login()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue