225893fcd6
add mintokenexpiry to DB seek
2019-05-12 05:50:19 -04:00
88d50ec9ca
added revoke all tokens code, removed test code
2019-05-11 15:47:57 -04:00
95b448abdd
handle case when supplied password is hashed, fix wrong params in AppController
2019-05-10 11:25:55 -04:00
1770ebea23
make sure refresh token login doesn't generate another refresh token
2019-05-08 15:26:51 -04:00
0bc96dfe83
Error out if used did not create an AUTH_HASH_SECRET
2019-05-08 14:26:16 -04:00
bc050fe330
support refresh tokens as well for increased security
2019-05-08 13:38:42 -04:00
27e6e46f84
remove allowing auth_hash_ip for token
2019-05-08 12:11:32 -04:00
b293592e4c
added token validation to zms/zmu/zmuser
2019-05-08 10:55:32 -04:00
d36c1f5d3c
Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading
2019-05-07 15:04:12 -04:00
0bbc582971
New token= query for JWT
2019-05-07 15:03:13 -04:00
d270fbd0ad
added support for named params to consoleEvents ( #2571 )
2019-04-09 16:28:46 -04:00
110e5075f4
fix namespace fixes #3566
2019-04-01 17:21:01 -04:00
fa9803d819
Can't use this->data to avoid another db hit. Must load by id
2019-04-01 10:11:56 -04:00
b988ce0573
more parentheses to make logic more clear
2019-03-20 14:26:35 -04:00
520c41da23
Merge ../ZoneMinder.connortechnology.bad into storageareas
2019-03-18 14:40:03 -04:00
abb6ef1688
API: Escape 'named' params for SQLi in two more Event endpoints.
...
Fixes #2099
2019-03-11 00:21:51 -07:00
056b96f7fc
API: Monitor and Event 'index' SQLi. Fixes #2099
2019-03-11 00:21:51 -07:00
af9c87a112
Merge branch 'master' into storageareas
2019-02-27 10:53:19 -05:00
4c35f2910c
fix ZM namespace
2019-02-26 18:09:18 -05:00
df3e11d83c
Fix authentication in api because we no longer store the user object in the session
2019-02-26 17:01:45 -05:00
fbdb5bcb62
Merge branch 'master' into storageareas
2019-02-19 12:06:32 -05:00
eaa7341935
Add missing / in path to auth.php
2019-02-19 10:07:36 -05:00
5029d7214a
Merge branch 'master' into storageareas
2019-02-18 17:00:45 -05:00
4cd3a93e96
add missing /
2019-02-18 16:30:03 -05:00
04c17283ec
need to prefix with _dir_ otherwise relative to initial script ( #2531 )
2019-02-17 11:31:10 -05:00
5060358870
Merge branch 'master' into storageareas
2018-12-29 09:56:53 -05:00
3258d8e590
remove ZM_DIR_IMAGES ( #2374 )
2018-12-29 09:52:58 -05:00
27826b4aca
Merge branch 'master' into storageareas
2018-12-24 09:48:29 -05:00
47465260d1
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 10:01:48 -05:00
e626049f6b
Merge branch 'swresample' into storageareas
2018-12-20 14:08:40 -05:00
622c17f628
make sure auth is regenerated each time we call this API ( #2347 )
2018-12-16 11:02:07 -05:00
7d90a56561
Merge branch 'master' into storageareas
2018-11-30 14:46:42 -05:00
e6b8a7bc66
resolves #2327
2018-11-29 09:21:10 -05:00
f5328265ef
fix missing daemons definition
2018-11-28 09:12:22 -05:00
51d8c0ea73
add back daemon parameter, but make it actually work
2018-11-14 12:59:44 -05:00
d671761a35
simplify params to daemonControl since they really aren't being used anyways. Return the status text
2018-11-14 12:54:10 -05:00
073193e410
Merge pull request #2281 from connortechnology/fix_2279_delete_camera_through_api
...
Fix 2279 delete camera through api
2018-10-30 07:06:14 -05:00
39061038fb
Don't include related models in Storage index
2018-10-29 14:40:05 -04:00
9a2d58adce
We don't store all the permissions in the session anymore. We just use the global user object
2018-10-29 11:03:03 -04:00
8878397622
fix spacing
2018-10-20 11:36:25 -04:00
409fd6aa6f
Merge pull request #2232 from connortechnology/fix_2229_getDiskPercent
...
Fix 2229 get disk percent
2018-10-03 18:11:28 -05:00
66221e39ab
rough in a StorageController for api
2018-10-03 11:22:51 -04:00
12bed9b6ac
Use alternate, working test for relative ZM_DIR_EVENTS. Don't use human output from du when specifying mid to be consistent.
2018-10-03 11:11:33 -04:00
03f09bdc48
Use defined CONFIG constants instead of looking up config from db
2018-10-03 10:56:02 -04:00
23ddc83ad4
fix_2167 ( #2168 )
...
* Populate a global from the session on every request. Use the object instead of using allowedMonitors in session.
* fix when gets loaded.
* use for auth, and add Monitor Edit checks to Zone add/delete/edit
* add back the ZM_OPT_USE_AUTH test for being logged in in AppController
* Update permissions code to use
* change quotes
* Update permission code to use
* Use instal of session for systemPermission
* deprecate montiorPermision in session
* use instead of session streamPermission
* move login code back into AppController. Has to be done for every request
* deprecate eventPermission, controlPermission and systemPermission in session.
* handle auth params in query string as well as post
* exit on HUP to free up memory.
* add missing global user
* system should be System
2018-08-08 09:59:46 -04:00
dc57a3c91c
fix spacing/quotes/google code style
2018-07-24 16:41:09 -04:00
997aa6aa55
fixed getCredentials not working if called directly
2018-07-17 13:57:20 -04:00
0ff9002adf
2156 api login ( #2157 )
...
* error can be due to bad user or password
* added login/logout and related private functions
* handle case when userLogin fails, current code returns PHP error for and API throw is not called
* formatting
* converted login params to POST, removed user=&pass= for other APIs
* formatting
* add auth check back but leave out login/out
* fixes to make it work across zmN, postman and curl
* added back enabled check
2018-07-15 21:17:35 -04:00
fe5ebe094d
More work just using auth.php instead of cake code. Don't reload the User object
2018-07-11 11:45:49 -04:00
4f80ca6871
Use userLogin function from auth.php instead of cake code.
2018-07-11 10:33:49 -04:00
Pliable Pixels
Pliable Pixels
Isaac Connor
Matthew Noorenberghe
Mitch Capper
Andrew Bauer
Isaac Connor