225893fcd6
add mintokenexpiry to DB seek
2019-05-12 05:50:19 -04:00
88d50ec9ca
added revoke all tokens code, removed test code
2019-05-11 15:47:57 -04:00
95b448abdd
handle case when supplied password is hashed, fix wrong params in AppController
2019-05-10 11:25:55 -04:00
1770ebea23
make sure refresh token login doesn't generate another refresh token
2019-05-08 15:26:51 -04:00
0bc96dfe83
Error out if used did not create an AUTH_HASH_SECRET
2019-05-08 14:26:16 -04:00
bc050fe330
support refresh tokens as well for increased security
2019-05-08 13:38:42 -04:00
27e6e46f84
remove allowing auth_hash_ip for token
2019-05-08 12:11:32 -04:00
b293592e4c
added token validation to zms/zmu/zmuser
2019-05-08 10:55:32 -04:00
d36c1f5d3c
Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading
2019-05-07 15:04:12 -04:00
0bbc582971
New token= query for JWT
2019-05-07 15:03:13 -04:00
d270fbd0ad
added support for named params to consoleEvents ( #2571 )
2019-04-09 16:28:46 -04:00
3abf263e7a
fixup half-merged changes to filter to view in montagereview
2019-04-08 16:57:41 -04:00
780f4f9b9a
Merge branch 'master' of github.com:zoneminder/ZoneMinder
2019-04-06 09:27:44 -04:00
110e5075f4
fix namespace fixes #3566
2019-04-01 17:21:01 -04:00
fa9803d819
Can't use this->data to avoid another db hit. Must load by id
2019-04-01 10:11:56 -04:00
b988ce0573
more parentheses to make logic more clear
2019-03-20 14:26:35 -04:00
a634d8b774
use id instead of this->data when loading Event to delete in API
2019-03-19 17:26:20 -04:00
520c41da23
Merge ../ZoneMinder.connortechnology.bad into storageareas
2019-03-18 14:40:03 -04:00
abb6ef1688
API: Escape 'named' params for SQLi in two more Event endpoints.
...
Fixes #2099
2019-03-11 00:21:51 -07:00
056b96f7fc
API: Monitor and Event 'index' SQLi. Fixes #2099
2019-03-11 00:21:51 -07:00
af9c87a112
Merge branch 'master' into storageareas
2019-02-27 10:53:19 -05:00
4c35f2910c
fix ZM namespace
2019-02-26 18:09:18 -05:00
df3e11d83c
Fix authentication in api because we no longer store the user object in the session
2019-02-26 17:01:45 -05:00
a00e2381b7
Merge branch 'master' into storageareas
2019-02-26 11:33:29 -05:00
92dc7878de
Fix 2340 ( #2368 )
...
* include includes/functions.php so that we have access to all it's contents
* add a beforeDelete function which deletes the files. Add other needed functions like Path() LinkPath() etc.
* add require_once for Storage and functions because we use them in Event
* Now that ZM has namespaces use the ZM Event class to do the heavy lifting of delete
* Don't need functions in AppController anymore
2019-02-26 11:28:56 -05:00
fbdb5bcb62
Merge branch 'master' into storageareas
2019-02-19 12:06:32 -05:00
eaa7341935
Add missing / in path to auth.php
2019-02-19 10:07:36 -05:00
5029d7214a
Merge branch 'master' into storageareas
2019-02-18 17:00:45 -05:00
4cd3a93e96
add missing /
2019-02-18 16:30:03 -05:00
04c17283ec
need to prefix with _dir_ otherwise relative to initial script ( #2531 )
2019-02-17 11:31:10 -05:00
5060358870
Merge branch 'master' into storageareas
2018-12-29 09:56:53 -05:00
3258d8e590
remove ZM_DIR_IMAGES ( #2374 )
2018-12-29 09:52:58 -05:00
27826b4aca
Merge branch 'master' into storageareas
2018-12-24 09:48:29 -05:00
47465260d1
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 10:01:48 -05:00
e626049f6b
Merge branch 'swresample' into storageareas
2018-12-20 14:08:40 -05:00
622c17f628
make sure auth is regenerated each time we call this API ( #2347 )
2018-12-16 11:02:07 -05:00
c8c34d3f95
Merge branch 'master' into storageareas
2018-12-11 10:21:22 -05:00
b3bed9a28a
fix whitespace
2018-12-11 10:20:02 -05:00
7d90a56561
Merge branch 'master' into storageareas
2018-11-30 14:46:42 -05:00
e6b8a7bc66
resolves #2327
2018-11-29 09:21:10 -05:00
f5328265ef
fix missing daemons definition
2018-11-28 09:12:22 -05:00
51d8c0ea73
add back daemon parameter, but make it actually work
2018-11-14 12:59:44 -05:00
9d8f0fef0c
add templates for daemonControl to api
2018-11-14 12:54:40 -05:00
d671761a35
simplify params to daemonControl since they really aren't being used anyways. Return the status text
2018-11-14 12:54:10 -05:00
6360b84e15
Merge pull request #2288 from connortechnology/add_monitor_status_to_api
...
rough in adding Monitor_Status to Monitors
2018-11-03 20:46:11 -05:00
e87ded35f1
rough in adding Monitor_Status to Monitors
2018-10-31 11:08:44 -04:00
2b0df3e4e2
API - Disable E_NOTICE from php error reporting in cake debug
...
Using zmNinja, the API reports E_NOTICE errors
Notice (8): compact(): Undefined variable: subject [CORE/Cake/Utility/ObjectCollection.php, line 128]
Notice (8): compact() [<a href='http://php.net/function.compact '>function.compact</a>]: Undefined variable: subject [CORE/Cake/Utility/ObjectCollection.php, line 128]
Notice (8): compact() [<a href='http://php.net/function.compact '>function.compact</a>]: Undefined variable: subject [CORE/Cake/Utility/ObjectCollection.php, line 128]
Notice (8): compact() [<a href='http://php.net/function.compact '>function.compact</a>]: Undefined variable: subject [CORE/Cake/Utility/ObjectCollection.php, line 128]
and zmNinja will not work...
there is a better way, but i think disabling E_NOTICE error is way easier
see: https://github.com/ZoneMinder/zoneminder/pull/2269
2018-10-31 10:17:36 +02:00
073193e410
Merge pull request #2281 from connortechnology/fix_2279_delete_camera_through_api
...
Fix 2279 delete camera through api
2018-10-30 07:06:14 -05:00
39061038fb
Don't include related models in Storage index
2018-10-29 14:40:05 -04:00
9a2d58adce
We don't store all the permissions in the session anymore. We just use the global user object
2018-10-29 11:03:03 -04:00
Pliable Pixels
Pliable Pixels
Isaac Connor
Isaac Connor
Matthew Noorenberghe
Mitch Capper
Andrew Bauer
ratmole