Commit Graph

27 Commits

Author SHA1 Message Date
Isaac Connor caa8adae5e fix when gets loaded. 2018-07-24 10:40:18 -04:00
Isaac Connor 8c35d4d1b0 Populate a global from the session on every request. Use the object instead of using allowedMonitors in session. 2018-07-24 10:32:37 -04:00
Pliable Pixels 997aa6aa55 fixed getCredentials not working if called directly 2018-07-17 13:57:20 -04:00
Pliable Pixels 0ff9002adf 2156 api login (#2157)
* error can be due to bad user or password

* added login/logout and related private functions

* handle case when userLogin fails, current code returns PHP error for  and API throw is not called

* formatting

* converted login params to POST, removed user=&pass= for other APIs

* formatting

* add auth check back but leave out login/out

* fixes to make it work across zmN, postman and curl

* added back enabled check
2018-07-15 21:17:35 -04:00
Isaac Connor fe5ebe094d More work just using auth.php instead of cake code. Don't reload the User object 2018-07-11 11:45:49 -04:00
Isaac Connor 4f80ca6871 Use userLogin function from auth.php instead of cake code. 2018-07-11 10:33:49 -04:00
Isaac Connor f10509690b add username and passwordHash to Session so that generateAuthHash works 2018-07-11 09:54:15 -04:00
Isaac Connor 21438d17ac Fix authenticating User 2018-07-10 13:19:51 -04:00
Isaac Connor 930d929427 Merge branch 'storageareas' into api_auth 2018-07-10 12:46:30 -04:00
Isaac Connor 513708b11c don't need to define the config, it will have already been done. Include auth.php instead of functions.php as the code has been moved 2018-04-06 14:42:10 -04:00
Isaac Connor 632ab143fe error when can't set session in cake 2018-04-05 14:21:56 -04:00
Isaac Connor 150aa5be51 Merge branch 'master' into api_auth 2017-06-09 12:33:17 -04:00
Matt N 33092e4022 Allow API authentication using the `auth` query parameter containing an auth. hash. (#1845)
* Allow API authentication using the `auth` query parameter containing an auth. hash.

Fixes #1827

The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.

* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals

This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.

* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
2017-05-15 21:51:48 -04:00
Matthew Noorenberghe ea558c79a0 Fix check that API user is enabled 2017-03-20 17:16:24 -07:00
Isaac Connor b4aec41d3d fix warnings and move User import up higher to where it needs to be 2016-06-21 09:09:58 -04:00
Isaac Connor dbdd1ae51e remove debug logging 2016-06-07 16:26:58 -04:00
Isaac Connor f26c9168c4 if user=&pass= are in request, use them for auth 2016-06-07 16:25:35 -04:00
Isaac Connor 6cb163c37f Merge branch 'master' into api_auth 2016-06-07 16:23:50 -04:00
arjunrc 6e606aa74b removed issue # 2015-12-19 19:04:27 -05:00
arjunrc 38b4785557 PP - Gone,flitted away, Taken the starts from the night and sun, From the day! Gone, and a cloud in my heart. - Tennyson 2015-12-19 18:36:38 -05:00
arjunrc 028c9b956c check for opt_use_api, also pull in user roles support 2015-12-19 17:44:02 -05:00
Pliable Pixels a64f7c0036 Included logic to not enforce authentication in API layer if ZM_OPT_USE_AUTH is disabled
If ZM auth is off, API won't work. Changed this to make sure API disables auth if ZM disables auth
2015-08-11 14:47:49 -04:00
Pliable Pixels f7025aaa26 I was using the wrong field to check for portal authentication
Should be user.Username instead of username
2015-08-10 15:55:44 -04:00
Pliable Pixels 38799050ef APIs will be served only if user is logged into the ZM portal 2015-08-07 16:14:02 -04:00
Isaac Connor fadfc01d81 TUrn on sessions and auth 2015-06-30 11:27:33 -04:00
Ubuntu dd9603f70f Merged Angular UI branch API to master 2015-06-11 02:58:58 +00:00
Kyle Johnson f1f3de6d7d Moved the api to underneath the web directory 2014-04-29 20:41:04 +00:00