ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

if user=&pass= are in request, use them for auth

This commit is contained in:
Isaac Connor 2016-06-07 16:25:35 -04:00
parent 2385575c56
commit f26c9168c4
1 changed files with 56 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
web/api/app/Controller/AppController.php
View File

@ -63,8 +63,7 @@ class AppController extends Controller {
$config = $this->Config->find('first', $options); $config = $this->Config->find('first', $options);
$zmOptApi = $config['Config']['Value']; $zmOptApi = $config['Config']['Value'];
if ($zmOptApi !='1') if ($zmOptApi !='1') {
{
throw new UnauthorizedException(__('API Disabled')); throw new UnauthorizedException(__('API Disabled'));
return; return;
} }
@ -72,27 +71,33 @@ class AppController extends Controller {
$options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH')); $options = array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_OPT_USE_AUTH'));
$config = $this->Config->find('first', $options); $config = $this->Config->find('first', $options);
$zmOptAuth = $config['Config']['Value']; $zmOptAuth = $config['Config']['Value'];
if (!$this->Session->Read('user.Username') && ($zmOptAuth=='1'))
{ if ( $zmOptAuth=='1' ) {
if ( $_REQUEST['user'] and $_REQUEST['pass'] ) {
$this->loadModel('User');
$this->log("have user " . $_REQUEST['user'] ." and pass " . $_REQUEST['pass'] ."!", 'error');
$user = $this->User->find('first', array ('conditions' => array (
'User.Username' => $_REQUEST['user'],
'User.Password' => $_REQUEST['pass'],
)) );
if ( ! $user ) {
throw new UnauthorizedException(__('User not found'));
return;
} else {
$this->log("Found user " . $_REQUEST['user'] ." and pass " . $_REQUEST['pass'] ."!", 'error');
$this->Session->Write( 'user.Username', $user['User']['Username'] );
$this->Session->Write( 'user.Enabled', $user['User']['Enabled'] );
}
}
if( ! $this->Session->Read('user.Username') ) {
throw new UnauthorizedException(__('Not Authenticated')); throw new UnauthorizedException(__('Not Authenticated'));
return; return;
} } else if ( ! $this->Session->Read('user.Username') ) {
else
{
$this->loadModel('User');
$loggedinUser = $this->Session->Read('user.Username');
$isEnabled = $this->Session->Read('user.Enabled');
// this will likely never happen as if its
// not enabled, login will fail and Not Auth will be returned
// however, keeping this here for now
if ($isEnabled != "1" && $zmOptAuth=="1")
{
throw new UnauthorizedException(__('User is not enabled')); throw new UnauthorizedException(__('User is not enabled'));
return; return;
} }
if ($zmOptAuth=='1')
{
$options = array ('conditions' => array ('User.Username' => $loggedinUser)); $options = array ('conditions' => array ('User.Username' => $loggedinUser));
$userMonitors = $this->User->find('first', $options); $userMonitors = $this->User->find('first', $options);
$this->Session->Write('allowedMonitors',$userMonitors['User']['MonitorIds']); $this->Session->Write('allowedMonitors',$userMonitors['User']['MonitorIds']);
@ -112,9 +117,8 @@ class AppController extends Controller {
$this->Session->Write('systemPermission','Edit'); $this->Session->Write('systemPermission','Edit');
$this->Session->Write('monitorPermission','Edit'); $this->Session->Write('monitorPermission','Edit');
} }
}
} } # end function beforeFilter()
} }