Commit Graph

212 Commits

Author SHA1 Message Date
Pliable Pixels 41ae745b17 removed stale code 2019-05-12 18:53:51 -04:00
Pliable Pixels ec279ccc9a make old API auth mechanism optional 2019-05-12 18:51:07 -04:00
Pliable Pixels 881d531fe9 make old API auth optional, on by default 2019-05-12 18:19:19 -04:00
Pliable Pixels 225893fcd6 add mintokenexpiry to DB seek 2019-05-12 05:50:19 -04:00
Pliable Pixels 88d50ec9ca added revoke all tokens code, removed test code 2019-05-11 15:47:57 -04:00
Pliable Pixels 95b448abdd handle case when supplied password is hashed, fix wrong params in AppController 2019-05-10 11:25:55 -04:00
Pliable Pixels 1770ebea23 make sure refresh token login doesn't generate another refresh token 2019-05-08 15:26:51 -04:00
Pliable Pixels 0bc96dfe83 Error out if used did not create an AUTH_HASH_SECRET 2019-05-08 14:26:16 -04:00
Pliable Pixels bc050fe330 support refresh tokens as well for increased security 2019-05-08 13:38:42 -04:00
Pliable Pixels 27e6e46f84 remove allowing auth_hash_ip for token 2019-05-08 12:11:32 -04:00
Pliable Pixels b293592e4c added token validation to zms/zmu/zmuser 2019-05-08 10:55:32 -04:00
Pliable Pixels d36c1f5d3c Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading 2019-05-07 15:04:12 -04:00
Pliable Pixels 0bbc582971 New token= query for JWT 2019-05-07 15:03:13 -04:00
Isaac Connor 5b68ddcc9a add a note deprecating getDiskPercent 2019-04-17 09:55:34 -04:00
Pliable Pixels d270fbd0ad added support for named params to consoleEvents (#2571) 2019-04-09 16:28:46 -04:00
Isaac Connor 110e5075f4 fix namespace fixes #3566 2019-04-01 17:21:01 -04:00
Isaac Connor fa9803d819 Can't use this->data to avoid another db hit. Must load by id 2019-04-01 10:11:56 -04:00
Isaac Connor b988ce0573 more parentheses to make logic more clear 2019-03-20 14:26:35 -04:00
Isaac Connor 520c41da23 Merge ../ZoneMinder.connortechnology.bad into storageareas 2019-03-18 14:40:03 -04:00
Matthew Noorenberghe abb6ef1688 API: Escape 'named' params for SQLi in two more Event endpoints.
Fixes #2099
2019-03-11 00:21:51 -07:00
Matthew Noorenberghe 056b96f7fc API: Monitor and Event 'index' SQLi. Fixes #2099 2019-03-11 00:21:51 -07:00
Isaac Connor af9c87a112 Merge branch 'master' into storageareas 2019-02-27 10:53:19 -05:00
Isaac Connor 4c35f2910c fix ZM namespace 2019-02-26 18:09:18 -05:00
Isaac Connor df3e11d83c Fix authentication in api because we no longer store the user object in the session 2019-02-26 17:01:45 -05:00
Isaac Connor fbdb5bcb62 Merge branch 'master' into storageareas 2019-02-19 12:06:32 -05:00
Isaac Connor eaa7341935 Add missing / in path to auth.php 2019-02-19 10:07:36 -05:00
Isaac Connor 5029d7214a Merge branch 'master' into storageareas 2019-02-18 17:00:45 -05:00
Isaac Connor 4cd3a93e96 add missing / 2019-02-18 16:30:03 -05:00
Mitch Capper 04c17283ec need to prefix with _dir_ otherwise relative to initial script (#2531) 2019-02-17 11:31:10 -05:00
Isaac Connor 5060358870 Merge branch 'master' into storageareas 2018-12-29 09:56:53 -05:00
Andrew Bauer 3258d8e590 remove ZM_DIR_IMAGES (#2374) 2018-12-29 09:52:58 -05:00
Isaac Connor 27826b4aca Merge branch 'master' into storageareas 2018-12-24 09:48:29 -05:00
Isaac Connor 47465260d1 Update permissions checking for Groups to not use session. Fixes #2353 2018-12-21 10:01:48 -05:00
Isaac Connor e626049f6b Merge branch 'swresample' into storageareas 2018-12-20 14:08:40 -05:00
Pliable Pixels 622c17f628 make sure auth is regenerated each time we call this API (#2347) 2018-12-16 11:02:07 -05:00
Isaac Connor 7d90a56561 Merge branch 'master' into storageareas 2018-11-30 14:46:42 -05:00
Pliable Pixels e6b8a7bc66 resolves #2327 2018-11-29 09:21:10 -05:00
Isaac Connor f5328265ef fix missing daemons definition 2018-11-28 09:12:22 -05:00
Isaac Connor 51d8c0ea73 add back daemon parameter, but make it actually work 2018-11-14 12:59:44 -05:00
Isaac Connor d671761a35 simplify params to daemonControl since they really aren't being used anyways. Return the status text 2018-11-14 12:54:10 -05:00
Andrew Bauer 073193e410
Merge pull request #2281 from connortechnology/fix_2279_delete_camera_through_api
Fix 2279 delete camera through api
2018-10-30 07:06:14 -05:00
Isaac Connor 39061038fb Don't include related models in Storage index 2018-10-29 14:40:05 -04:00
Isaac Connor 9a2d58adce We don't store all the permissions in the session anymore. We just use the global user object 2018-10-29 11:03:03 -04:00
Isaac Connor 8878397622 fix spacing 2018-10-20 11:36:25 -04:00
Andrew Bauer 409fd6aa6f
Merge pull request #2232 from connortechnology/fix_2229_getDiskPercent
Fix 2229 get disk percent
2018-10-03 18:11:28 -05:00
Isaac Connor 66221e39ab rough in a StorageController for api 2018-10-03 11:22:51 -04:00
Isaac Connor 12bed9b6ac Use alternate, working test for relative ZM_DIR_EVENTS. Don't use human output from du when specifying mid to be consistent. 2018-10-03 11:11:33 -04:00
Isaac Connor 03f09bdc48 Use defined CONFIG constants instead of looking up config from db 2018-10-03 10:56:02 -04:00
Isaac Connor 23ddc83ad4
fix_2167 (#2168)
* Populate a global  from the session on every request. Use the  object instead of using allowedMonitors in session.

* fix when  gets loaded.

* use  for auth, and add Monitor Edit checks to Zone add/delete/edit

* add back the ZM_OPT_USE_AUTH test for being logged in in AppController

* Update permissions code to use

* change quotes

* Update permission code to use

* Use  instal of session for systemPermission

* deprecate montiorPermision in session

* use  instead of session streamPermission

* move login code back into AppController. Has to be done for every request

* deprecate eventPermission, controlPermission and systemPermission in session.

* handle auth params in query string as well as post

* exit on HUP to free up memory.

* add missing global user

* system should be System
2018-08-08 09:59:46 -04:00
Isaac Connor dc57a3c91c fix spacing/quotes/google code style 2018-07-24 16:41:09 -04:00
Pliable Pixels 997aa6aa55 fixed getCredentials not working if called directly 2018-07-17 13:57:20 -04:00
Pliable Pixels 0ff9002adf 2156 api login (#2157)
* error can be due to bad user or password

* added login/logout and related private functions

* handle case when userLogin fails, current code returns PHP error for  and API throw is not called

* formatting

* converted login params to POST, removed user=&pass= for other APIs

* formatting

* add auth check back but leave out login/out

* fixes to make it work across zmN, postman and curl

* added back enabled check
2018-07-15 21:17:35 -04:00
Isaac Connor fe5ebe094d More work just using auth.php instead of cake code. Don't reload the User object 2018-07-11 11:45:49 -04:00
Isaac Connor 4f80ca6871 Use userLogin function from auth.php instead of cake code. 2018-07-11 10:33:49 -04:00
Isaac Connor 983e3c45be Fix spacing and quotes 2018-07-11 09:54:25 -04:00
Isaac Connor f10509690b add username and passwordHash to Session so that generateAuthHash works 2018-07-11 09:54:15 -04:00
Isaac Connor 21438d17ac Fix authenticating User 2018-07-10 13:19:51 -04:00
Isaac Connor 930d929427 Merge branch 'storageareas' into api_auth 2018-07-10 12:46:30 -04:00
Isaac Connor e04eac57ae Include values in /etc/zm files in viewByName 2018-06-25 15:43:01 -04:00
Isaac Connor 24ceb75936 Merge branch 'master' into include_fs_config_in_api_config 2018-06-21 21:41:54 -04:00
Isaac Connor cd64619743 Fix controlling daemon when the monitor is Local 2018-06-06 12:56:33 -04:00
Isaac Connor 2a5f05499e Munge the config in the global configvals into the configs array before returning it. 2018-05-10 13:44:46 -04:00
Isaac Connor 62edca6dcb add fileSize to the api, and use it to add remote fileSize reporting in includes/Event 2018-05-08 13:33:56 -07:00
Isaac Connor 1a012c62ff Add fileExists to event view 2018-05-07 14:07:03 -07:00
Pliable Pixels e953a04f61 naming consistency of attribute (#2096) 2018-05-03 14:03:49 -04:00
Pliable Pixels a3158fcc97 auth_key api for different situations (#2090)
* auth_key api for different situations

* added new flag to indicate if password needs to be appended

* pure json view
2018-05-02 12:26:28 -04:00
Isaac Connor c3b6cd4bab include auth.php if auth is on, and return '' for auth_hash is auth is disabled 2018-04-30 11:24:53 -04:00
Isaac Connor 513708b11c don't need to define the config, it will have already been done. Include auth.php instead of functions.php as the code has been moved 2018-04-06 14:42:10 -04:00
Isaac Connor a789fc88aa implement getAuthHash 2018-04-06 14:41:39 -04:00
Isaac Connor 632ab143fe error when can't set session in cake 2018-04-05 14:21:56 -04:00
Isaac Connor a4fee5c91c further merges from cakephp 2.10.8 2018-03-21 13:09:55 -04:00
Isaac Connor b4c13d56d6 Merge ../ZoneMinder.master into storageareas 2018-03-06 12:29:59 -05:00
tim 0654c7e3b2 Adding group handling in API 2018-03-04 23:01:52 -08:00
Isaac Connor 475c465b0d define 2018-01-26 10:39:12 -05:00
Isaac Connor 1503c586d2 When there is an error saving, add the invalidFields() info to the error message. Only restart the daemon on success. 2018-01-26 10:30:29 -05:00
Isaac Connor 933259f9a5 fix bracket 2018-01-23 13:16:21 -08:00
Isaac Connor bd2da456f4 handle non-multi-server case when restarting monitors via API 2018-01-19 21:09:33 -05:00
Isaac Connor d586faf7fb Fix restarting Monitor 2018-01-19 08:16:28 -08:00
Isaac Connor 1b1b93f811 use CakePHP-Enum-Behavior to add support for ENUMs to the Monitor model. This should fix #48 2018-01-01 14:43:02 -05:00
Isaac Connor bb8e326392 Fix not restarting a monitor if it has moved to a different server 2017-12-22 09:16:56 -08:00
Isaac Connor 85b7baa131 Fix event Groups associations 2017-12-19 18:09:41 -05:00
Isaac Connor d312482a2b add StorageScheme to Storage and Events. Deprecate ZM_USE_DEEP_STORAGE 2017-12-18 12:52:26 -05:00
Isaac Connor dd69bc3d7b Merge branch 'master' into storageareas 2017-12-11 11:39:42 -05:00
Isaac Connor ef1af9cc15 disable FilterComponent as it doesn't actually do anything. Add Groups join when needed 2017-12-09 14:03:42 -05:00
Pliable Pixels 08b5c26a15 2019 maxscoreframeid (#2020)
* added MaxScoreFrameId to address #2019

* consistent quotes
2017-12-07 14:11:06 -05:00
Isaac Connor f7a2db4e49 remove MaxScore from the sorting because it really doesn't make sense to sort by time then maxscore... time is going to be pretty much unique 2017-12-04 21:50:29 -05:00
Isaac Connor 97c9ae02c2 cleanup 2017-12-04 17:02:38 -05:00
Isaac Connor 6270408c8f rework group MonitorIds and add GroupId filters to api 2017-12-04 15:52:16 -05:00
Isaac Connor 489d3ba6ed Merge ../ZoneMinder.master into storageareas 2017-11-21 12:23:17 -05:00
APHW2 MFGENG f093cfbcef add Filtering to monitors index 2017-11-13 10:27:24 -08:00
Pliable Pixels a8fc832481 fix for monitor API edit perm (#1995) 2017-10-07 09:55:13 -04:00
Isaac Connor 150aa5be51 Merge branch 'master' into api_auth 2017-06-09 12:33:17 -04:00
Isaac Connor 75dc774a08 Continue to support non-USE_DEEP_STORAGE option 2017-05-22 21:21:49 -04:00
Matt N 33092e4022 Allow API authentication using the `auth` query parameter containing an auth. hash. (#1845)
* Allow API authentication using the `auth` query parameter containing an auth. hash.

Fixes #1827

The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.

* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals

This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.

* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
2017-05-15 21:51:48 -04:00
Matthew Noorenberghe ea558c79a0 Fix check that API user is enabled 2017-03-20 17:16:24 -07:00
Andy Bauer 2dda2d9e1e remove unneeded, empty files 2016-12-26 09:49:14 -06:00
Pliable Pixels 192d0dbb45 added TimeZone get API 2016-10-18 14:07:31 -04:00
Pliable Pixels 1440dd9265 retab 2016-09-03 15:02:32 -04:00
Pliable Pixels 7bf0b3c423 readded forMonitor - removed by mistake 2016-09-03 14:51:24 -04:00
Pliable Pixels 9a4330eb59 #1537 Zones Controller not returning all zones 2016-09-03 14:46:47 -04:00