Commit Graph

375 Commits

Author SHA1 Message Date
Isaac Connor a92a16f13e Merge branch 'update_users_controller' into release-1.34 2020-08-17 19:33:31 -04:00
Isaac Connor 7e679809f2 Merge branch 'update_users_controller' 2020-08-17 19:31:30 -04:00
Isaac Connor 2cfa5fde98 Add missing view tempplates for zone add/edit. Fixes #2986 2020-07-30 16:54:00 -04:00
Isaac Connor bf163beedb Update permissions checking when viewing/editing users. Fixes #2982. Also add a beforeFind that will remove the Password field from the query so that we don't return passwords 2020-07-30 11:03:24 -04:00
Isaac Connor 5ac4677c02 Add missing view tempplates for zone add/edit. Fixes #2986 2020-07-29 18:59:44 -04:00
Isaac Connor d716d1d686 Merge branch 'release-1.34' 2020-07-20 16:25:41 -04:00
Isaac Connor e839919b5e Add foreign key MonitorId validation 2020-07-20 16:25:08 -04:00
Isaac Connor 955fc00b87 Fix Zone add api. Restart zmc when adding a zone. Use validation. Fixes #2983 2020-07-20 16:24:49 -04:00
Isaac Connor bbee6b4f58 Whitespace, delete dead code 2020-07-20 16:23:55 -04:00
Isaac Connor 135bbb4190 remove unneeded config loading, just use defines. Spacing, remove commented out dead code 2020-07-19 17:51:28 -04:00
Isaac Connor c4c4c5bcbf fix Crud submodule version 2020-05-15 11:34:34 -04:00
Isaac Connor 94b29c6c7a replace inline javascript in timeline zoom 2020-05-15 10:44:48 -04:00
Pliable Pixels dadcea4884 remove recursive from index 2020-05-05 16:35:14 -04:00
Pliable Pixels 0817ea3bfb added association method to GroupsController to get Monitor Id/Name of monitors that belong to the group 2020-05-05 16:32:54 -04:00
Isaac Connor daff14df9b Allow users without System::View to read servers.json 2020-04-23 11:10:30 -04:00
Pliable Pixels 9b77f77ac3 better logs 2020-04-23 11:09:39 -04:00
hax0kartik ae80b3b859 Start implementing VNC 2020-03-27 14:32:50 -04:00
Isaac Connor 4ce944da23 Merge branch 'release-1.34' 2020-03-26 15:38:35 -04:00
Isaac Connor 3e55795cad Handle different command line syntax for zmcontrol.pl 2020-03-26 13:57:43 -04:00
Isaac Connor 561479dd93 Merge branch 'release-1.34' 2020-03-09 14:45:00 -04:00
Pliable Pixels a261efe0a7 return relative frameId, also sort score frame by lowest frame to avoid bulk frames incase score is 0 2020-03-09 12:04:40 -04:00
Pliable Pixels 3611d147e6 fix score frameID to return ID not Score 2020-03-09 11:25:07 -04:00
Pliable Pixels c5e838fa33 return global frame IDs of snapshot and alarm frames for a specific event 2020-03-09 11:09:20 -04:00
Isaac Connor d29b93216d Allow users without System::View to read servers.json 2020-03-02 16:39:12 -05:00
Pliable Pixels 54c14db863 better logs 2020-03-01 14:02:44 -05:00
Javier Gonzalez 8b375de455 Avoid duplicate Monitors in API 2020-01-15 20:31:05 +01:00
Pliable Pixels 399508b211 fix JWT access token always being 1 hr 2020-01-02 10:25:48 -05:00
Isaac Connor 76b54a468f use left join instead of inner join when listing monitors 2019-12-22 18:43:53 -05:00
Isaac Connor d25a91ad13 Make Group containable 2019-12-20 14:56:14 -05:00
Isaac Connor bcda92058e proper way to make cakephp filter by group. Make Group containable, always add the join 2019-12-20 14:56:01 -05:00
Isaac Connor 0142c71c85 Merge branch 'master' into fix_2772 2019-12-20 11:02:27 -05:00
Isaac Connor 5f006421cc fix #2771. Correct relationship from hasMany to hasAndBelongsToMany for Monitors in Group Modelel. Use save Assiociated in Controller, and add code to handle backwards compatibility by turning MonitorIds into the appropriate Monitor array 2019-12-15 15:31:40 -05:00
Isaac Connor eee3729b85 dirty fix filtering Monitors by GroupId. Change occurrences of GroupId to ' ' as that is what the key is in conditions. Please note that other operators like != won't work. 2019-12-04 22:23:55 -05:00
Isaac Connor c19632e114
Merge pull request #2769 from connortechnology/fix_api_alarm_auth
Fix api alarm auth
2019-12-02 07:53:50 -05:00
Isaac Connor 76d795f413 add rendering of enums for Events Controller 2019-12-01 12:32:14 -05:00
Isaac Connor 0b2853095e cleanup auth in monitors alarm method 2019-12-01 12:30:27 -05:00
Isaac Connor 393c25b4f2 fix array keys 2019-11-29 14:26:03 -05:00
Isaac Connor 4817efe17c Add enum support for Orientation and Scheme to Events 2019-11-29 13:48:20 -05:00
Isaac Connor d02e30ceca Change Orientation Enum to use strings instead of numbers as values. Sync them up with what we use in C code 2019-11-29 13:48:02 -05:00
Isaac Connor 9d4c802b48 netEmpty is deprecated. Use notBlank instead 2019-11-20 09:32:19 -05:00
Pliable Pixels 16a6938710 add model validation so that we don't create empty monitors 2019-11-02 08:30:25 -04:00
Isaac Connor 9889311b03 Handle username=&password= as well in HostController::login 2019-09-18 11:40:55 -04:00
Pliable Pixels be99f6a4d6
In production mode, debug should be 0 2019-09-04 08:47:09 -04:00
Isaac Connor 50aa0108e5 Add authhash to session 2019-09-03 11:33:02 -04:00
Isaac Connor a384e978c8 don't load user from session if we have already gotten it from elsewhere 2019-09-03 11:19:42 -04:00
Isaac Connor b84d005d8f Load use from session when it exists 2019-09-03 10:54:34 -04:00
Isaac Connor 84492f29b1
Fix token auth sessions (#2676)
* If token is present do token based auth and do not do anything with session

* update HostController.  Use config constants, don't use sessions

* Remove Session from the components list

* spacing

* Remove Session from App Components list.

* Move APIEnabled check to the api from auth.php

* Rework auth.  login using username and password only occurs on login action now.  Including auth.php should not touch the session.  auth_hash logins no longer touch the session.  replace userLogin with a function called validateUser which matches the semantics of validateToken.

* remove debugging

* Add session storage if stateful query param is on, but only for LEGACY_API_AUTH

* fix mUser to username, etc.

* shuffle lines

* use  instead of session when generating auth hash.

* Add docs regarding the use of cookies and stateful query param

* Only open/close session if we are clearing a session var

* Use zm_session_start instead of session_start

* Should use zm_session_start instead of session_start

* document that zm_session_start should be called previously to session_regenerate_id

* Don't actually write out the session when generating auth hashes.  Means they should never actually persist.

* More backticking of SQL

* add .. to fix #2686

* Use material icons for sort because they look nicer

* fix typo

* have to add authhash to session on login

* restore username&password login for all urls

* fix

* fixes
2019-08-20 09:46:53 -04:00
Isaac Connor cfeedd39a4 Use zm_session_start instead of session_start 2019-08-16 15:07:20 -04:00
Isaac Connor 1d0ee227d7 fix mUser to username, etc. 2019-08-16 14:12:37 -04:00
Isaac Connor 4108495a7d Add session storage if stateful query param is on, but only for LEGACY_API_AUTH 2019-08-16 14:12:14 -04:00
Isaac Connor 618e6816ef Rework auth. login using username and password only occurs on login action now. Including auth.php should not touch the session. auth_hash logins no longer touch the session. replace userLogin with a function called validateUser which matches the semantics of validateToken. 2019-08-15 14:59:15 -04:00
Isaac Connor 9da10abca9 Move APIEnabled check to the api from auth.php 2019-08-13 11:29:32 -04:00
Isaac Connor a63b6486b9 Remove Session from App Components list. 2019-08-12 15:36:40 -04:00
Isaac Connor c2e1293472 spacing 2019-08-12 15:10:58 -04:00
Isaac Connor 0bf036fc55 Remove Session from the components list 2019-08-12 15:06:46 -04:00
Isaac Connor 2320ab4d66 update HostController. Use config constants, don't use sessions 2019-08-12 15:01:40 -04:00
Pliable Pixels a9d01ba3d2 Alarm api (#2665)
* fixed alarm api to use tokens if present

* clearer debug logs for tokens

* space
2019-07-17 20:38:58 -04:00
Pliable Pixels c4dc5f34e4 add event file system path to API (#2639) 2019-06-16 11:59:23 -04:00
Pliable Pixels bc0565858b check for API disabled only when auth is on (#2624) 2019-05-28 13:44:06 -04:00
Isaac Connor 1ddd5b1f74 Merge branch 'master' of github.com:ZoneMinder/zoneminder 2019-05-24 13:56:30 -04:00
Pliable Pixels fc27393a96 Replace MySQL Password() with bcrypt, allow for alternate JWT tokens (#2598)
* added sha1 and bcrypt submodules

* added bcrypt and sha to src build process

* added test sha1 and bcrypt code to validate working

* bcrypt auth migration in PHP land

* added include path

* add sha source

* added bcrypt to others

* put link_dir ahead of add_executable

* fixed typo

* try add_library instead

* absolute path

* absolute path

* build bcrypt as static

* move to wrapper

* move to fork

* logs tweak

* added lib-ssl/dev for JWT signing

* Moved to openSSL SHA1, initial JWT plugin

* removed vog

* fixed SHA1 algo

* typo

* use php-jwt, use proper way to add PHP modules, via composer

* fixed module path

* first attempt to fix cast error

* own fork

* own fork

* add composer vendor directory

* go back to jwt-cpp as PR merged

* moved to jwt-cpp after PR merge

* New token= query for JWT

* Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading

* JWT integration, validate JWT token via validateToken

* added token validation to zms/zmu/zmuser

* add token to command line for zmu

* move decode inside try/catch

* exception handling for try/catch

* fix db read, forgot to exec query

* remove allowing auth_hash_ip for token

* support refresh tokens as well for increased security

* remove auth_hash_ip

* Error out if used did not create an AUTH_HASH_SECRET

* fixed type conversion

* make sure refresh token login doesn't generate another refresh token

* fix absolute path

* move JWT/Bcrypt inside zm_crypt

* move sha headers out

* move out sha header

* handle case when supplied password is hashed, fix wrong params in AppController

* initial baby step for api tab

* initial plumbing to introduce token expiry and API bans per user

* remove M typo

* display user table in api

* added revoke all tokens code, removed test code

* use strtoul for conversion

* use strtoul for conversion

* use strtoul for conversion

* more fixes

* more fixes

* add mintokenexpiry to DB seek

* typo

* add ability to revoke tokens and enable/disable APIs per user

* moved API enable back to system

* comma

* enable API options only if API enabled

* move user creation to bcrypt

* added password_compat for PHP >=5.3 <5.5

* add Password back so User object indexes don't change

* move token index after adding password

* demote logs

* make old API auth optional, on by default

* make old API auth mechanism optional

* removed stale code

* forgot to checkin update file

* bulk overlay hash mysql encoded passwords

* add back ssl_dev, got deleted

* fix update script

* added token support to index.php

* reworked API document for new changes in 2.0

* Migrate from libdigest to crypt-eks-blowfish due to notice

* merge typo

* css classess for text that disappear

* fixed html typo

* added deps to ubuntu control files

* spaces

* removed extra line

* when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist

* add libssl1.0.0 for ubuntu 16/12

* small API fixes

* clean up of API, remove redundant sections

* moved to ZM fork for bcrypt

* whitespace and google code style

* regenerate auth hash if doing password migration

* dont need AUTH HASH LOGIN to be on

* Add auth hash verification to the user logged in already case

* fix missing ]

* reject requests if per user API disabled
2019-05-24 13:48:40 -04:00
Isaac Connor 2ce2381269 Merge branch 'crypt-replacement' of https://github.com/pliablepixels/ZoneMinder into pliablepixels-crypt-replacement 2019-05-19 08:45:42 -04:00
Pliable Pixels 8e1037458a when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist 2019-05-18 11:23:16 -04:00
Isaac Connor 93aeceecfc Merge branch 'crypt-replacement' of https://github.com/pliablepixels/ZoneMinder into pliablepixels-crypt-replacement 2019-05-17 10:18:15 -04:00
Pliable Pixels 41ae745b17 removed stale code 2019-05-12 18:53:51 -04:00
Pliable Pixels ec279ccc9a make old API auth mechanism optional 2019-05-12 18:51:07 -04:00
Pliable Pixels 881d531fe9 make old API auth optional, on by default 2019-05-12 18:19:19 -04:00
Pliable Pixels 225893fcd6 add mintokenexpiry to DB seek 2019-05-12 05:50:19 -04:00
Pliable Pixels 88d50ec9ca added revoke all tokens code, removed test code 2019-05-11 15:47:57 -04:00
Pliable Pixels 95b448abdd handle case when supplied password is hashed, fix wrong params in AppController 2019-05-10 11:25:55 -04:00
Pliable Pixels 1770ebea23 make sure refresh token login doesn't generate another refresh token 2019-05-08 15:26:51 -04:00
Pliable Pixels 0bc96dfe83 Error out if used did not create an AUTH_HASH_SECRET 2019-05-08 14:26:16 -04:00
Pliable Pixels bc050fe330 support refresh tokens as well for increased security 2019-05-08 13:38:42 -04:00
Pliable Pixels 27e6e46f84 remove allowing auth_hash_ip for token 2019-05-08 12:11:32 -04:00
Pliable Pixels b293592e4c added token validation to zms/zmu/zmuser 2019-05-08 10:55:32 -04:00
Pliable Pixels d36c1f5d3c Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading 2019-05-07 15:04:12 -04:00
Pliable Pixels 0bbc582971 New token= query for JWT 2019-05-07 15:03:13 -04:00
Isaac Connor 5b68ddcc9a add a note deprecating getDiskPercent 2019-04-17 09:55:34 -04:00
Pliable Pixels d270fbd0ad added support for named params to consoleEvents (#2571) 2019-04-09 16:28:46 -04:00
Isaac Connor 3abf263e7a fixup half-merged changes to filter to view in montagereview 2019-04-08 16:57:41 -04:00
Isaac Connor 780f4f9b9a Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-04-06 09:27:44 -04:00
Isaac Connor 110e5075f4 fix namespace fixes #3566 2019-04-01 17:21:01 -04:00
Isaac Connor fa9803d819 Can't use this->data to avoid another db hit. Must load by id 2019-04-01 10:11:56 -04:00
Isaac Connor b988ce0573 more parentheses to make logic more clear 2019-03-20 14:26:35 -04:00
Isaac Connor a634d8b774 use id instead of this->data when loading Event to delete in API 2019-03-19 17:26:20 -04:00
Isaac Connor 520c41da23 Merge ../ZoneMinder.connortechnology.bad into storageareas 2019-03-18 14:40:03 -04:00
Matthew Noorenberghe abb6ef1688 API: Escape 'named' params for SQLi in two more Event endpoints.
Fixes #2099
2019-03-11 00:21:51 -07:00
Matthew Noorenberghe 056b96f7fc API: Monitor and Event 'index' SQLi. Fixes #2099 2019-03-11 00:21:51 -07:00
Isaac Connor af9c87a112 Merge branch 'master' into storageareas 2019-02-27 10:53:19 -05:00
Isaac Connor 4c35f2910c fix ZM namespace 2019-02-26 18:09:18 -05:00
Isaac Connor df3e11d83c Fix authentication in api because we no longer store the user object in the session 2019-02-26 17:01:45 -05:00
Isaac Connor a00e2381b7 Merge branch 'master' into storageareas 2019-02-26 11:33:29 -05:00
Isaac Connor 92dc7878de
Fix 2340 (#2368)
* include includes/functions.php so that we have access to all it's contents

* add a beforeDelete function which deletes the files.  Add other needed functions like Path() LinkPath() etc.

* add require_once for Storage and functions because we use them in Event

* Now that ZM has namespaces use the ZM Event class to do the heavy lifting of delete

* Don't need functions in AppController anymore
2019-02-26 11:28:56 -05:00
Isaac Connor fbdb5bcb62 Merge branch 'master' into storageareas 2019-02-19 12:06:32 -05:00
Isaac Connor eaa7341935 Add missing / in path to auth.php 2019-02-19 10:07:36 -05:00
Isaac Connor 5029d7214a Merge branch 'master' into storageareas 2019-02-18 17:00:45 -05:00
Isaac Connor 4cd3a93e96 add missing / 2019-02-18 16:30:03 -05:00
Mitch Capper 04c17283ec need to prefix with _dir_ otherwise relative to initial script (#2531) 2019-02-17 11:31:10 -05:00
Isaac Connor 5060358870 Merge branch 'master' into storageareas 2018-12-29 09:56:53 -05:00
Andrew Bauer 3258d8e590 remove ZM_DIR_IMAGES (#2374) 2018-12-29 09:52:58 -05:00