make old API auth optional, on by default

This commit is contained in:
Pliable Pixels 2019-05-12 18:19:19 -04:00
parent 21710b6e49
commit 881d531fe9
2 changed files with 48 additions and 41 deletions

View File

@ -396,6 +396,17 @@ our @options = (
type => $types{boolean},
category => 'system',
},
{
name => 'ZM_OPT_USE_LEGACY_API_AUTH',
default => 'yes',
description => 'Enable legacy API authentication',
help => q`
Starting version 1.34.0, ZoneMinder uses a more secure
Authentication mechanism using JWT tokens. Older versions used a less secure MD5 based auth hash. It is recommended you turn this off after you are sure you don't need it. If you are using a 3rd party app that relies on the older API auth mechanisms, you will have to update that app if you turn this off. Note that zmNinja 1.3.057 onwards supports the new token system
`,
type => $types{boolean},
category => 'system',
},
{
name => 'ZM_OPT_USE_EVENTNOTIFICATION',
default => 'no',

View File

@ -31,56 +31,52 @@ class HostController extends AppController {
}
function login() {
$cred_depr = $this->_getCredentialsDeprecated();
$ver = $this->_getVersion();
$mUser = $this->request->query('user') ? $this->request->query('user') : $this->request->data('user');
$mPassword = $this->request->query('pass') ? $this->request->query('pass') : $this->request->data('pass');
$mToken = $this->request->query('token') ? $this->request->query('token') : $this->request->data('token');
$ver = $this->_getVersion();
$cred = [];
$cred_depr = [];
if ($mUser && $mPassword) {
$cred = $this->_getCredentials(true);
// if you authenticated via user/pass then generate new refresh
$this->set(array(
'access_token'=>$cred[0],
'access_token_expires'=>$cred[1],
'refresh_token'=>$cred[2],
'refresh_token_expires'=>$cred[3],
'credentials'=>$cred_depr[0],
'append_password'=>$cred_depr[1],
'version' => $ver[0],
'apiversion' => $ver[1],
'_serialize' => array(
'access_token',
'access_token_expires',
'refresh_token',
'refresh_token_expires',
'version',
'credentials',
'append_password',
'apiversion'
)));
$cred = $this->_getCredentials(true); // generate refresh
}
else {
$cred = $this->_getCredentials(false);
$this->set(array(
'access_token'=>$cred[0],
'access_token_expires'=>$cred[1],
'credentials'=>$cred_depr[0],
'append_password'=>$cred_depr[1],
'version' => $ver[0],
'apiversion' => $ver[1],
'_serialize' => array(
'access_token',
'access_token_expires',
'version',
'credentials',
'append_password',
'apiversion'
)));
$cred = $this->_getCredentials(false); // don't generate refresh
}
$login_array = array (
'access_token'=>$cred[0],
'access_token_expires'=>$cred[1],
'version' => $ver[0],
'apiversion' => $ver[1]
);
$login_serialize_list = array (
'access_token',
'access_token_expires',
'version',
'apiversion'
);
if ($mUser && mPassword) {
$login_array['refresh_token'] = $cred[2];
$login_array['refresh_token_expires'] = $cred[3];
array_push ($login_serialize_list, 'refresh_token', 'refresh_token_expires');
}
if (ZM_OPT_USE_LEGACY_API_AUTH) {
$cred_depr = $this->_getCredentialsDeprecated();
$login_array ['credentials']=$cred_depr[0];
$login_array ['append_password']=$cred_depr[1];
array_push ($login_serialize_list, 'credentials', 'append_password');
}
$this->set($login_array,
'_serialize' => $login_serialize_list);
} // end function login()