Commit Graph

28 Commits

Author SHA1 Message Date
Isaac Connor 84492f29b1
Fix token auth sessions (#2676)
* If token is present do token based auth and do not do anything with session

* update HostController.  Use config constants, don't use sessions

* Remove Session from the components list

* spacing

* Remove Session from App Components list.

* Move APIEnabled check to the api from auth.php

* Rework auth.  login using username and password only occurs on login action now.  Including auth.php should not touch the session.  auth_hash logins no longer touch the session.  replace userLogin with a function called validateUser which matches the semantics of validateToken.

* remove debugging

* Add session storage if stateful query param is on, but only for LEGACY_API_AUTH

* fix mUser to username, etc.

* shuffle lines

* use  instead of session when generating auth hash.

* Add docs regarding the use of cookies and stateful query param

* Only open/close session if we are clearing a session var

* Use zm_session_start instead of session_start

* Should use zm_session_start instead of session_start

* document that zm_session_start should be called previously to session_regenerate_id

* Don't actually write out the session when generating auth hashes.  Means they should never actually persist.

* More backticking of SQL

* add .. to fix #2686

* Use material icons for sort because they look nicer

* fix typo

* have to add authhash to session on login

* restore username&password login for all urls

* fix

* fixes
2019-08-20 09:46:53 -04:00
Isaac Connor 68052368f7 use backticks on table and column names. Use data-on-change-this in group dropdown 2019-08-15 16:04:37 -04:00
Isaac Connor 5f77634aca Update Group object to use shared code in Object.php. Should fix #2659 2019-08-08 13:51:56 -04:00
Isaac Connor 8dd8888975
Php namespace (#2537)
* experiment with namespaces on the Server class

* experiment with namespaces on the Server class

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor 63199289ad Change depth function to be 0-based. 2018-12-24 09:38:55 -05:00
Isaac Connor 115141bf9f add caching to Group::find 2018-10-24 10:02:42 -04:00
Isaac Connor b0c555599c Merge updated objects from sa. Implements caching of objects and fixes logged errors when using the default storage group. Fixes #2209 2018-09-15 09:42:59 -04:00
Isaac Connor 55dcb161ae find should always return an array 2018-09-09 13:59:10 -04:00
Isaac Connor dfdac2ed70 make find and find_one functions consistent across Objects 2018-09-07 16:31:11 -04:00
Isaac Connor 88a2c0d953 spacing 2018-04-18 12:30:32 -04:00
Isaac Connor 92c8b9038c fix to group caching and group deleting 2018-04-17 12:36:35 -04:00
Isaac Connor 03ff2fcde4 add caching and find_one to Storage and Groups 2018-04-10 13:05:37 -07:00
Isaac Connor 48ff480907 whitespace 2018-04-03 10:36:14 -07:00
Isaac Connor debe4607bc add Parent and Parents functions 2018-03-01 19:23:03 -08:00
Isaac Connor 944298428a break out get_groups_dropdown to call a function called get_dropdown_options to populate thje options 2018-02-26 16:10:10 -08:00
Isaac Connor 57bae7cf17 Fix filtering 2018-01-25 09:14:09 -05:00
Isaac Connor 4b37c6fc42 Change the Group dropdown to a single indented dropdown, and use chosen on it 2018-01-12 11:25:15 -08:00
Isaac Connor 7d7e73977f use stored session group 2017-12-13 16:51:56 -05:00
Isaac Connor abad266c5b introduce chosen to use it to make the filtering dropdowns awesome 2017-12-13 16:15:03 -05:00
Isaac Connor 6270408c8f rework group MonitorIds and add GroupId filters to api 2017-12-04 15:52:16 -05:00
Isaac Connor 8abb8a9259 add Type to Storage 2017-10-12 07:32:48 -07:00
Isaac Connor 3af795264d add actual disk space as a mouseover in nav bar 2017-10-10 10:38:13 -04:00
Isaac Connor 40972383c1 remove debug 2017-10-05 10:48:04 -04:00
Isaac Connor b56a976d7a fixes to montage review and cleanup in group filtering/editing 2017-10-05 10:46:04 -04:00
Isaac Connor 87a49ad009 work on infinite depths of groups 2017-10-04 16:40:09 -04:00
Isaac Connor 4be133ed09 remove btn styles from buttons. make groups, cycle, montage, montage review non-popups. Add datetime filters to montagereview. Fix dark skin 2017-09-30 14:19:32 -04:00
Isaac Connor aada54769f add a Group object 2017-09-23 13:42:39 -04:00