*/
class Apr1Md5 extends CommonModule {
+ // APR-MD5 hash prefix
+ const HASH_PREFIX = '$apr1';
+
+ // Salt length
+ const DEF_SALT_LEN = 8;
+
/**
* Get hashed password using APR1-MD5 algorithm.
* This function is based on common sample using PHP implementation APR1-MD5.
* @see https://stackoverflow.com/questions/1038791/how-to-programmatically-build-an-apr1-md5-using-php
*
* @param string $password plain text password
+ * @param string $salt cryptographic salt
* @return string hashed password
*/
- public function crypt($password) {
- $salt = $this->getModule('crypto')->getRandomString(8);
+ public function crypt($password, $salt = null) {
+ if (is_null($salt)) {
+ $salt = $this->getModule('crypto')->getRandomString(self::DEF_SALT_LEN);
+ }
$len = strlen($password);
$text = sprintf('%s$apr1$%s', $password, $salt);
$bin = pack('H32', md5($password . $salt . $password));
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
);
- return sprintf('$apr1$%s$%s', $salt, $tmp);
+ return sprintf('%s$%s$%s', self::HASH_PREFIX, $salt, $tmp);
+ }
+
+ /**
+ * Verify if for given hash given password is valid.
+ *
+ * @param string $password password to check
+ * @param string $hash hash to check
+ * @return boolean true if password and hash are match, otherwise false
+ */
+ public function verify($password, $hash) {
+ $valid = false;
+ $parts = explode('$', $hash, 4);
+ if (count($parts) === 4) {
+ $salt = $parts[2];
+ $hash2 = $this->crypt($password, $salt);
+ $valid = ($hash === $hash2);
+ }
+ return $valid;
}
}
?>
*/
class BCrypt extends CommonModule {
+ // BCrypt hash prefix
+ const HASH_PREFIX = '$2y';
+
+ // Salt length
+ const DEF_SALT_LEN = 22;
+
// bcrypt uses not standard base64 alphabet
const BCRYPT_BASE64_CODE = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
* Get hashed password using BCrypt algorithm and salt.
*
* @param string $password plain text password
+ * @param string $salt cryptographic salt
* @return string hashed password
*/
- public function crypt($password) {
- // Suffle string
- $rand_string = str_shuffle(self::BCRYPT_BASE64_CODE);
+ public function crypt($password, $salt = null) {
+ if (is_null($salt)) {
+ // Suffle string
+ $rand_string = str_shuffle(self::BCRYPT_BASE64_CODE);
- // BCrypt salt - 22 characters
- $salt_str = substr($rand_string, 0, 22);
+ // BCrypt salt
+ $salt = substr($rand_string, 0, self::DEF_SALT_LEN);
+ }
- $salt = sprintf(
- '$2y$%d$%s$',
+ $salt_val = sprintf(
+ '%s$%d$%s$',
+ self::HASH_PREFIX,
self::BCRYPT_COST,
- $salt_str
+ $salt
);
- return crypt($password, $salt);
+ return crypt($password, $salt_val);
+ }
+
+ /**
+ * Verify if for given hash given password is valid.
+ *
+ * @param string $password password to check
+ * @param string $hash hash to check
+ * @return boolean true if password and hash are match, otherwise false
+ */
+ public function verify($password, $hash) {
+ $valid = false;
+ $parts = explode('$', $hash, 4);
+ if (count($parts) === 4) {
+ $salt = substr($parts[3], 0, self::DEF_SALT_LEN);
+ $hash2 = $this->crypt($password, $salt);
+ $valid = ($hash === $hash2);
+ }
+ return $valid;
}
}
?>
return $all_users;
}
+ /**
+ * Get user and password hash from config.
+ *
+ * @param string $user username
+ * @return array username and password hash or empty array if user not found
+ */
+ public function getUserCfg($username) {
+ $user = [];
+ $u = $this->getUsers($username);
+ if (count($u) == 1) {
+ $user = [
+ 'username' => $username,
+ 'pwd_hash' => $u[$username]
+ ];
+ }
+ return $user;
+ }
+
/**
* Save HTTP Basic users file.
* Given parameter is associative array with usernames as keys
}
/**
- * Get hashed password to use in web server auth.
- * If no hash algorithm given, use APR1-MD5.
+ * Get hash algorithm module instance by hash algorithm name.
*
- * @access public
- * @param string $password plain text password
- * @param string $hash_alg hash algorithm (apr1-md5|sha1)
- * @return string hashed password
+ * @param string $hash_alg hash algorithm
+ * @return object hash algorithm module instance
*/
- public function getHashedPassword($password, $hash_alg = null) {
+ private function getModuleByHashAlg($hash_alg) {
$mod = '';
switch ($hash_alg) {
case self::HASH_ALG_BCRYPT: {
$mod = 'apr1md5';
}
}
- return $this->getModule($mod)->crypt($password);
+ return $this->getModule($mod);
+ }
+
+ /**
+ * Get hashed password to use in web server auth.
+ * If no hash algorithm given, use APR1-MD5.
+ *
+ * @access public
+ * @param string $password plain text password
+ * @param string $hash_alg hash algorithm
+ * @return string hashed password
+ */
+ public function getHashedPassword($password, $hash_alg = null) {
+ if (is_null($hash_alg)) {
+ $hash_alg = self::HASH_ALG_APR1_MD5;
+ }
+ return $this->getModuleByHashAlg($hash_alg)->crypt($password);
+ }
+
+ /*
+ * Get all supported hash algorithms.
+ * It bases on HASH_ALG_ constants definition.
+ *
+ * @return array supported hash algorithms
+ */
+ private function getSupportedHashAlgs() {
+ $hash_algs = [];
+ $ocls = new ReflectionClass(__CLASS__);
+ foreach ($ocls->getConstants() as $const => $hash_alg) {
+ if (strpos($const, 'HASH_ALG_') !== 0) {
+ continue;
+ }
+ $hash_algs[$const] = $hash_alg;
+ }
+ return $hash_algs;
+ }
+
+ /**
+ * Get module corresponding a hash string.
+ *
+ * @param string $hash hash string to check
+ * @return object|null module object on true, false if hash algorithm not recognized
+ */
+ public function getModuleByHash($hash) {
+ $module = null;
+ foreach ($this->getSupportedHashAlgs() as $const => $hash_alg) {
+ $mod = $this->getModuleByHashAlg($hash_alg);
+ if (strpos($hash, $mod::HASH_PREFIX) === 0) {
+ $module = $mod;
+ break;
+ }
+ }
+ return $module;
}
}
?>
*/
class Sha1 extends CommonModule {
+ // SHA-1 hash prefix
+ const HASH_PREFIX = '{SHA}';
+
/**
* Get hashed password using SHA-1 algorithm.
*
public function crypt($password) {
$hash = sha1($password, true);
$bh = base64_encode($hash);
- $ret = '{SHA}' . $bh;
+ $ret = self::HASH_PREFIX . $bh;
return $ret;
}
+ /**
+ * Verify if for given hash given password is valid.
+ *
+ * @param string $password password to check
+ * @param string $hash hash to check
+ * @return boolean true if password and hash are match, otherwise false
+ */
+ public function verify($password, $hash) {
+ $hash2 = $this->crypt($password);
+ return ($hash === $hash2);
+ }
}
?>
*/
class Sha256 extends CommonModule {
+ // SHA-256 hash prefix
+ const HASH_PREFIX = '$5';
+
+ // Salt length
+ const DEF_SALT_LEN = 16;
+
const SHA256_ROUNDS = 10000;
/**
* Get hashed password using SHA-256 algorithm and salt.
*
* @param string $password plain text password
+ * @param string $salt cryptographic salt
* @return string hashed password
*/
- public function crypt($password) {
- // Salt string - 16 characters for SHA-256
- $salt_str = $this->getModule('crypto')->getRandomString(16);
+ public function crypt($password, $salt = null) {
+ if (is_null($salt)) {
+ // Salt string - 16 characters for SHA-256
+ $salt = $this->getModule('crypto')->getRandomString(self::DEF_SALT_LEN);
+ }
- $salt = sprintf(
- '$5$rounds=%d$%s$',
+ $salt_val = sprintf(
+ '%s$rounds=%d$%s$',
+ self::HASH_PREFIX,
self::SHA256_ROUNDS,
- $salt_str
+ $salt
);
- return crypt($password, $salt);
+ return crypt($password, $salt_val);
+ }
+
+ /**
+ * Verify if for given hash given password is valid.
+ *
+ * @param string $password password to check
+ * @param string $hash hash to check
+ * @return boolean true if password and hash are match, otherwise false
+ */
+ public function verify($password, $hash) {
+ $valid = false;
+ $parts = explode('$', $hash, 5);
+ if (count($parts) === 5) {
+ $salt = $parts[3];
+ $hash2 = $this->crypt($password, $salt);
+ $valid = ($hash === $hash2);
+ }
+ return $valid;
}
}
?>
*/
class Sha512 extends CommonModule {
+ // SHA-512 hash prefix
+ const HASH_PREFIX = '$6';
+
+ // Salt length
+ const DEF_SALT_LEN = 16;
+
const SHA512_ROUNDS = 10000;
/**
* Get hashed password using SHA-512 algorithm and salt.
*
* @param string $password plain text password
+ * @param string $salt cryptographic salt
* @return string hashed password
*/
- public function crypt($password) {
- // Salt string - 16 characters for SHA-512
- $salt_str = $this->getModule('crypto')->getRandomString(16);
+ public function crypt($password, $salt = null) {
+ if (is_null($salt)) {
+ // Salt string - 16 characters for SHA-512
+ $salt = $this->getModule('crypto')->getRandomString(self::DEF_SALT_LEN);
+ }
- $salt = sprintf(
- '$6$rounds=%d$%s$',
+ $salt_val = sprintf(
+ '%s$rounds=%d$%s$',
+ self::HASH_PREFIX,
self::SHA512_ROUNDS,
- $salt_str
+ $salt
);
- return crypt($password, $salt);
+ return crypt($password, $salt_val);
+ }
+
+ /**
+ * Verify if for given hash given password is valid.
+ *
+ * @param string $password password to check
+ * @param string $hash hash to check
+ * @return boolean true if password and hash are match, otherwise false
+ */
+ public function verify($password, $hash) {
+ $valid = false;
+ $parts = explode('$', $hash, 5);
+ if (count($parts) === 5) {
+ $salt = $parts[3];
+ $hash2 = $this->crypt($password, $salt);
+ $valid = ($hash === $hash2);
+ }
+ return $valid;
}
}
?>
*/
class Ssha1 extends CommonModule {
+ // Salted SHA-1 hash prefix
+ const HASH_PREFIX = '{SSHA}';
+
+ // Salt length
+ const DEF_SALT_LEN = 4;
+
/**
* Get hashed password using SHA-1 algorithm and salt.
*
* @param string $salt cryptographic salt
* @return string hashed password
*/
- public function crypt($password) {
- // Salt string - 16 characters for SHA-256
- $salt = $this->getModule('crypto')->getRandomString(4);
-
+ public function crypt($password, $salt = null) {
+ if (is_null($salt)) {
+ $salt = $this->getModule('crypto')->getRandomString(self::DEF_SALT_LEN);
+ }
$hash = sha1($password . $salt, true);
$bh = base64_encode($hash . $salt);
- $ret = '{SSHA}' . $bh;
+ $ret = self::HASH_PREFIX . $bh;
return $ret;
}
+ /**
+ * Verify if for given hash given password is valid.
+ *
+ * @param string $password password to check
+ * @param string $hash hash to check
+ * @return boolean true if password and hash are match, otherwise false
+ */
+ public function verify($password, $hash) {
+ $pos = strlen(self::HASH_PREFIX) - 1;
+ $bh = substr($hash, $pos);
+ $h = base64_decode($bh);
+ $salt = substr($h, -(self::DEF_SALT_LEN));
+ $hash2 = $this->crypt($password, $salt);
+ return ($hash === $hash2);
+ }
}
?>
*/
class WebBasicUserManager extends WebModule implements UserManager {
+ /**
+ * Module initialization.
+ *
+ * @param TXmlElement $config module configuration
+ */
public function init($config) {
}
+ /**
+ * Validate username and password.
+ * Used during logging in process.
+ *
+ * @param string $username username
+ * @param string $password password
+ * @return boolean true if user and password valid, otherwise false
+ */
public function validateUser($username, $password) {
/**
* Basic auth is realized by web server, so validating
/**
* Supported authentication methods.
*/
+ const AUTH_METHOD_LOCAL = 'local';
const AUTH_METHOD_BASIC = 'basic';
const AUTH_METHOD_LDAP = 'ldap';
return ($this->getAuthMethod() === self::AUTH_METHOD_LDAP);
}
+ /**
+ * Check if current authentication method is set to Local.
+ *
+ * @return boolean true if is set local auth, otherwise false
+ */
+ public function isAuthMethodLocal() {
+ return ($this->getAuthMethod() === self::AUTH_METHOD_LOCAL);
+ }
+
/**
* Check if current default access method for not existing users
* in configuration file is set to no access.
*/
class WebLdapUserManager extends WebModule implements UserManager {
+ /**
+ * LDAP module object.
+ */
private $ldap = null;
+ /**
+ * Module initialization.
+ *
+ * @param TXmlElement $config module configuration
+ */
public function init($config) {
parent::init($config);
$web_config = $this->getModule('web_config')->getConfig();
}
}
+ /**
+ * Validate username and password.
+ * Used during logging in process.
+ *
+ * @param string $username username
+ * @param string $password password
+ * @return boolean true if user and password valid, otherwise false
+ */
public function validateUser($username, $password) {
return $this->ldap->login($username, $password);
}
--- /dev/null
+<?php
+/*
+ * Bacula(R) - The Network Backup Solution
+ * Baculum - Bacula web interface
+ *
+ * Copyright (C) 2013-2020 Kern Sibbald
+ *
+ * The main author of Baculum is Marcin Haba.
+ * The original author of Bacula is Kern Sibbald, with contributions
+ * from many others, a complete list can be found in the file AUTHORS.
+ *
+ * You may use this file and others of this release according to the
+ * license defined in the LICENSE file, which includes the Affero General
+ * Public License, v3.0 ("AGPLv3") and some additional permissions and
+ * terms pursuant to its AGPLv3 Section 7.
+ *
+ * This notice must be preserved when any source code is
+ * conveyed and/or propagated.
+ *
+ * Bacula(R) is a registered trademark of Kern Sibbald.
+ */
+
+Prado::using('Application.Web.Class.WebModule');
+
+/**
+ * Web local user manager module.
+ *
+ * @author Marcin Haba <marcin.haba@bacula.pl>
+ * @category Module
+ * @package Baculum Web
+ */
+class WebLocalUserManager extends WebModule implements UserManager {
+
+ /**
+ * Module initialization.
+ *
+ * @param TXmlElement $config module configuration
+ */
+ public function init($config) {
+ }
+
+ /**
+ * Validate username and password.
+ * Used during logging in process.
+ *
+ * @param string $username username
+ * @param string $password password
+ * @return boolean true if user and password valid, otherwise false
+ */
+ public function validateUser($username, $password) {
+ $valid = false;
+ $user = $this->getModule('basic_webuser')->getUserCfg($username);
+ if (count($user) == 2) {
+ if (!empty($user['pwd_hash'])) {
+ $mod = $this->getModule('crypto')->getModuleByHash($user['pwd_hash']);
+ if (is_object($mod)) {
+ $valid = $mod->verify($password, $user['pwd_hash']);
+ }
+ }
+ }
+ return $valid;
+ }
+}
+?>
$auth_method = $this->getModule('web_config')->getAuthMethod();
switch ($auth_method) {
+ case WebConfig::AUTH_METHOD_LOCAL:
+ $cls = 'Application.Web.Class.WebLocalUserManager';
+ break;
case WebConfig::AUTH_METHOD_BASIC:
$cls = 'Application.Web.Class.WebBasicUserManager';
break;
msgid "12-hours format time 5:22:41 PM"
msgstr "12-hours format time 5:22:41 PM"
+
+msgid "Local user authentication method"
+msgstr "Local user authentication method"
+
+msgid "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+msgstr "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+
+msgid "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+msgstr "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
msgid "12-hours format time 5:22:41 PM"
msgstr "12-hours format time 5:22:41 PM"
+
+msgid "Local user authentication method"
+msgstr "Local user authentication method"
+
+msgid "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+msgstr "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+
+msgid "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+msgstr "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
msgid "12-hours format time 5:22:41 PM"
msgstr "12-godzinny format czasu 5:22:41 PM"
+
+msgid "Local user authentication method"
+msgstr "Metoda uwierzytelniania lokalnych użytkowników"
+
+msgid "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+msgstr "Ten typ uwierzytelniania jest w pełni realizowany Baculum Web. Do uwierzytelniania używa formularza logowania Baculum Web. Uwierzytelnianie basic serwera WWW może być wyłączone w tej metodzie."
+
+msgid "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+msgstr "Ten typ uwierzytelniania jest realizowany przez zewnętrzną usługę katalogową. Do uwierzytelniania używa formularza logowania Baculum Web. Uwierzytelnianie basic serwera WWW może być wyłączone w tej metodzie."
msgid "12-hours format time 5:22:41 PM"
msgstr "12-hours format time 5:22:41 PM"
+
+msgid "Local user authentication method"
+msgstr "Local user authentication method"
+
+msgid "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+msgstr "This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+
+msgid "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
+msgstr "This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method."
OnClick="logout"
>
<prop:ClientSide.OnComplete>
- if (!window.chrome || window.navigator.webdriver) {
- window.location.href = main_side_bar_reload_url;
+ if (login_form_reload_url && (!window.chrome || window.navigator.webdriver)) {
+ window.location.href = login_form_reload_url;
} else if (window.chrome) {
// For chrome this reload is required to show login Basic auth prompt
window.location.reload();
$this->LoginForm->Display = 'None';
$this->AuthorizationError->Display = 'Dynamic';
}
- } else if ($web_config->isAuthMethodLdap() && !$authorized) {
- // Ldap - user authenticated but not authorized
+ } else if (($web_config->isAuthMethodLdap() || $web_config->isAuthMethodLocal()) && !$authorized) {
+ // Ldap and Local - user authenticated but not authorized
$this->LoginForm->Display = 'None';
$this->AuthorizationError->Display = 'Dynamic';
}
</div>
<h4><%[ Authentication method ]%></h4>
+ <div class="w3-container w3-row w3-padding opt_row">
+ <div class="w3-col" style="width: 40px">
+ <com:TRadioButton
+ ID="LocalAuth"
+ GroupName="AuthMethod"
+ CssClass="w3-radio"
+ Attributes.onclick="oUserSecurity.select_auth_method('local');"
+ />
+ </div>
+ <label for="<%=$this->LocalAuth->ClientID%>"><%[ Local user authentication method ]%></label>
+ </div>
+ <div id="authentication_method_local" class="w3-container" style="display: none">
+ <%[ This type of authentication is fully realized by Baculum Web. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method. ]%>
+ </div>
<div class="w3-container w3-row w3-padding opt_row">
<div class="w3-col" style="width: 40px">
<com:TRadioButton
<label for="<%=$this->LdapAuth->ClientID%>"><%[ LDAP authentication ]%></label>
</div>
<div id="authentication_method_ldap" class="w3-container w3-half w3-margin-left" style="display: none">
+ <%[ This type of authentication is realized by an external directory service. To authenticate it uses the Baculum Web login form. The web server basic authentication can be disabled in this method. ]%>
<h5><%[ LDAP server options ]%></h5>
<div class="w3-container w3-row w3-padding">
<div class="w3-third w3-col">
<script>
var oUserSecurity = {
ids: {
+ auth_method_local: 'authentication_method_local',
auth_method_basic: 'authentication_method_basic',
auth_method_ldap: 'authentication_method_ldap',
get_users: 'get_users_table',
this.set_events();
},
select_auth_method: function(auth) {
+ var auth_local = document.getElementById(this.ids.auth_method_local);
var auth_basic = document.getElementById(this.ids.auth_method_basic);
var auth_ldap = document.getElementById(this.ids.auth_method_ldap);
// hide all auth containers
- [auth_basic, auth_ldap].forEach(function(el) {
+ [auth_local, auth_basic, auth_ldap].forEach(function(el) {
el.style.display = 'none';
});
switch (auth) {
+ case 'local': {
+ auth_local.style.display = 'block';
+ this.user_obj = oLocalUserSecurity;
+ break;
+ }
case 'basic': {
auth_basic.style.display = 'block';
this.user_obj = oBasicUserSecurity;
}
}
};
+
+var oLocalUserSecurity = {
+ ids: {},
+ name: 'local',
+ table_title: '',
+ supported_fields: [],
+ enabled: <%=$this->LocalAuth->Checked ? 'true' : 'false'%>,
+ init: function() {
+ jQuery.extend(this.ids, oUserSecurity.ids);
+ if (this.enabled) {
+ oUserSecurity.select_auth_method(this.name);
+ }
+ },
+ show_user_modal: function() {
+ }
+};
+
var oBasicUserSecurity = {
ids: {},
name: 'basic',
return validate_comma_separated_list(parameter);
}
oUserSecurity.init();
+oLocalUserSecurity.init();
oBasicUserSecurity.init();
oLdapUserSecurity.init();
</script>
Prado::using('System.Web.UI.WebControls.TRegularExpressionValidator');
Prado::using('System.Web.UI.WebControls.TRequiredFieldValidator');
Prado::using('System.Web.UI.WebControls.TValidationSummary');
+Prado::using('Application.Common.Class.Crypto');
Prado::using('Application.Common.Class.Ldap');
Prado::using('Application.Web.Class.BaculumWebPage');
*/
public function initAuthForm() {
if (isset($this->web_config['security']['auth_method'])) {
- if ($this->web_config['security']['auth_method'] === WebConfig::AUTH_METHOD_BASIC) {
+ if ($this->web_config['security']['auth_method'] === WebConfig::AUTH_METHOD_LOCAL) {
+ $this->LocalAuth->Checked = true;
+ } elseif ($this->web_config['security']['auth_method'] === WebConfig::AUTH_METHOD_BASIC) {
$this->BasicAuth->Checked = true;
} elseif ($this->web_config['security']['auth_method'] === WebConfig::AUTH_METHOD_LDAP) {
$this->LdapAuth->Checked = true;
// Set password if auth method supports it
if ($result === true && !empty($this->UserPassword->Text) && $this->isManageUsersAvail()) {
- // Set Basic auth users password
- if ($this->getModule('web_config')->isAuthMethodBasic() &&
- isset($this->web_config['auth_basic']['user_file'])) {
+ $basic = $this->getModule('basic_webuser');
+ if ($this->getModule('web_config')->isAuthMethodLocal()) {
+ $basic->setUsersConfig(
+ $username,
+ $this->UserPassword->Text
+ );
+ } elseif ($this->getModule('web_config')->isAuthMethodBasic() &&
+ isset($this->web_config['auth_basic']['user_file'])) { // Set Basic auth users password
$opts = [];
if (isset($this->web_config['auth_basic']['hash_alg'])) {
}
// Setting basic users works both for adding and editing users
- $basic = $this->getModule('basic_webuser');
$basic->setUsersConfig(
$username,
$this->UserPassword->Text,
}
$result = $this->getModule('user_config')->setConfig($config);
- if ($result === true && $this->isManageUsersAvail() &&
- $this->getModule('web_config')->isAuthMethodBasic() &&
- isset($this->web_config['auth_basic']['user_file'])) {
+ $wcm = $this->getModule('web_config');
+ if ($result === true &&
+ (($this->isManageUsersAvail() && $wcm->isAuthMethodBasic() && isset($this->web_config['auth_basic']['user_file'])) ||
+ $wcm->isAuthMethodLocal())) {
// Remove basic auth users too
$basic = $this->getModule('basic_webuser');
$basic->removeUsers($usernames);
* @return none
*/
private function setBasicAuthConfig() {
- if ($this->isManageUsersAvail() && isset($this->web_config['auth_basic']['user_file'])) {
+ $is_basic = $this->getModule('web_config')->isAuthMethodBasic();
+ if ($is_basic && $this->isManageUsersAvail() && isset($this->web_config['auth_basic']['user_file'])) {
$this->getModule('basic_webuser')->setConfigPath($this->web_config['auth_basic']['user_file']);
}
}
$config['security']['def_role'] = $this->GeneralDefaultAccessRole->SelectedValue;
$config['security']['def_api_host'] = $this->GeneralDefaultAccessAPIHost->SelectedValue;
}
- if ($this->BasicAuth->Checked) {
+ if ($this->LocalAuth->Checked) {
+ $config['security']['auth_method'] = WebConfig::AUTH_METHOD_LOCAL;
+ } elseif ($this->BasicAuth->Checked) {
$config['security']['auth_method'] = WebConfig::AUTH_METHOD_BASIC;
$config['auth_basic'] = $this->getBasicParams();
} else if ($this->LdapAuth->Checked) {
* @return boolean true if managing users is enabled, otherwise false
*/
private function isManageUsersAvail() {
+ $is_local = $this->getModule('web_config')->isAuthMethodLocal();
$is_basic = $this->getModule('web_config')->isAuthMethodBasic();
$allow_manage_users = (isset($this->web_config['auth_basic']['allow_manage_users']) &&
$this->web_config['auth_basic']['allow_manage_users'] == 1);
- return ($is_basic && $allow_manage_users);
+ return (($is_basic && $allow_manage_users) || $is_local);
}
/**
]);
$basic_webuser = $this->getModule('basic_webuser');
- if($this->first_run && $ret && $web_config->isAuthMethodBasic()) {
+ if ($this->first_run && $ret && $web_config->isAuthMethodBasic()) {
// set new user on first wizard run
$previous_user = parent::DEFAULT_AUTH_USER;
$ret = $basic_webuser->setUsersConfig(
projects / thirdparty / bacula.git / commitdiff
