From: Marcin Haba Date: Sun, 24 Nov 2019 02:50:55 +0000 (+0100) Subject: baculum: Refactor authentication, authorization and exceptions X-Git-Tag: Release-9.6.0~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dde36bd484c7efc3c3802690be34389762da3a99;p=thirdparty%2Fbacula.git baculum: Refactor authentication, authorization and exceptions --- diff --git a/gui/baculum/protected/API/Class/APIDbModule.php b/gui/baculum/protected/API/Class/APIDbModule.php index 93fcf088a..63c25dc10 100644 --- a/gui/baculum/protected/API/Class/APIDbModule.php +++ b/gui/baculum/protected/API/Class/APIDbModule.php @@ -3,7 +3,7 @@ * Bacula(R) - The Network Backup Solution * Baculum - Bacula web interface * - * Copyright (C) 2013-2016 Kern Sibbald + * Copyright (C) 2013-2019 Kern Sibbald * * The main author of Baculum is Marcin Haba. * The original author of Bacula is Kern Sibbald, with contributions @@ -29,7 +29,7 @@ Prado::using('Application.Common.Class.Errors'); Prado::using('Application.API.Class.APIConfig'); -Prado::using('Application.API.Class.BException'); +Prado::using('Application.API.Class.BAPIException'); Prado::using('Application.API.Class.Database'); Prado::using('System.Data.ActiveRecord.TActiveRecord'); diff --git a/gui/baculum/protected/API/Class/BAPIException.php b/gui/baculum/protected/API/Class/BAPIException.php new file mode 100644 index 000000000..9ff96b3d7 --- /dev/null +++ b/gui/baculum/protected/API/Class/BAPIException.php @@ -0,0 +1,36 @@ + diff --git a/gui/baculum/protected/API/Class/BaculaSetting.php b/gui/baculum/protected/API/Class/BaculaSetting.php index c8ca53bfe..887b6c129 100644 --- a/gui/baculum/protected/API/Class/BaculaSetting.php +++ b/gui/baculum/protected/API/Class/BaculaSetting.php @@ -22,7 +22,7 @@ Prado::using('Application.Common.Class.Params'); Prado::using('Application.Common.Class.Errors'); -Prado::using('Application.API.Class.BException'); +Prado::using('Application.API.Class.BAPIException'); Prado::using('Application.API.Class.APIModule'); Prado::using('Application.API.Class.APIConfig'); diff --git a/gui/baculum/protected/API/Class/BaculumAPIServer.php b/gui/baculum/protected/API/Class/BaculumAPIServer.php index 960f94bff..4865791aa 100644 --- a/gui/baculum/protected/API/Class/BaculumAPIServer.php +++ b/gui/baculum/protected/API/Class/BaculumAPIServer.php @@ -25,7 +25,7 @@ Prado::using('System.Exceptions.TException'); Prado::using('Application.Common.Class.Errors'); Prado::using('Application.Common.Class.OAuth2'); Prado::using('Application.Common.Class.Logging'); -Prado::using('Application.API.Class.BException'); +Prado::using('Application.API.Class.BAPIException'); Prado::using('Application.API.Class.APIDbModule'); Prado::using('Application.API.Class.Bconsole'); Prado::using('Application.API.Class.OAuth2.TokenRecord'); @@ -65,6 +65,9 @@ abstract class BaculumAPIServer extends TPage { */ protected $user; + /** + * Endpoints available for every authenticated client. + */ private $public_endpoints = array('auth', 'token', 'welcome', 'catalog', 'dbsize', 'directors'); /** @@ -83,6 +86,67 @@ abstract class BaculumAPIServer extends TPage { // delete element const DELETE_METHOD = 'DELETE'; + /** + * API Server authentication. + * + * @return true if user is successfully authenticated, otherwise false + */ + private function authenticate() { + $is_auth = false; + $config = $this->getModule('api_config')->getConfig('api'); + if ($config['auth_type'] === 'basic' && $this->getModule('auth_basic')->isAuthRequest()) { + $is_auth = true; + } elseif ($config['auth_type'] === 'oauth2' && $this->getModule('auth_oauth2')->isAuthRequest()) { + $is_auth = $this->authorize(); + } + if (!$is_auth && is_null($this->error)) { + $this->output = AuthenticationError::MSG_ERROR_AUTHENTICATION_TO_API_PROBLEM; + $this->error = AuthenticationError::ERROR_AUTHENTICATION_TO_API_PROBLEM; + } + return $is_auth; + } + + /** + * API Server authorization. + * Check if authenticated user is allowed to get requested API endpoint. + * + * @return true if user is successfully authorized, otherwise false + */ + private function authorize() { + $is_auth = false; + $is_token = false; + + // deleting expired tokens + $this->getModule('oauth2_token')->deleteExpiredTokens(); + + $auth_oauth2 = $this->getModule('auth_oauth2'); + + // Check if token exists + $scopes = ''; + $token = $auth_oauth2->getToken(); + $auth = TokenRecord::findByPk($token); + if (is_array($auth)) { + // Token found + $scopes = $auth['scope']; + $is_token = true; + } + + // Check if requested scope is valid according allowed scopes assigned to token + if ($is_token) { + $path = $this->getRequest()->getUrl()->getPath(); + if ($auth_oauth2->isScopeValid($path, $scopes, $this->public_endpoints)) { + // Authorization valid + $is_auth = true; + $this->initAuthParams($auth); + } else { + // Scopes error. Access attempt to not allowed resource + $this->output = AuthorizationError::MSG_ERROR_ACCESS_ATTEMPT_TO_NOT_ALLOWED_RESOURCE .' Endpoint: ' . $path; + $this->error = AuthorizationError::ERROR_ACCESS_ATTEMPT_TO_NOT_ALLOWED_RESOURCE; + } + } + return $is_auth; + } + /** * Get request, login user and do request action. * @@ -92,55 +156,20 @@ abstract class BaculumAPIServer extends TPage { */ public function onInit($params) { parent::onInit($params); - /* - * Workaround to bug in PHP 5.6 by FastCGI that caused general protection error. - * @TODO: Check on newer PHP if it is already fixed. - */ - // @TODO: Move it to API module. - //$db_params = $this->getModule('api_config')->getConfig('db'); - //APIDbModule::getAPIDbConnection($db_params); + // Initialize auth modules + $this->getModule('auth_basic')->initialize($this->Request); + $this->getModule('auth_oauth2')->initialize($this->Request); // set Director to bconsole execution $this->director = $this->Request->contains('director') ? $this->Request['director'] : null; - $is_auth = false; $config = $this->getModule('api_config')->getConfig('api'); - Logging::$debug_enabled = (array_key_exists('debug', $config) && $config['debug'] == 1); - $headers = $this->getRequest()->getHeaders(CASE_LOWER); - if (array_key_exists('auth_type', $config) && array_key_exists('authorization', $headers) && preg_match('/^\w+ [\w=]+$/', $headers['authorization']) === 1) { - list($type, $token) = explode(' ', $headers['authorization'], 2); - if ($config['auth_type'] === 'oauth2' && $type === 'Bearer') { - // deleting expired tokens - $this->getModule('oauth2_token')->deleteExpiredTokens(); - - $auth = TokenRecord::findByPk($token); - if (is_array($auth)) { - if ($this->isScopeValid($auth['scope'])) { - // AUTH OK - $is_auth = true; - $this->init_auth($auth); - } else { - // Scopes error. Access to not allowed resource - header(OAuth2::HEADER_UNAUTHORIZED); - $url = $this->getRequest()->getUrl()->getPath(); - $this->output = AuthorizationError::MSG_ERROR_ACCESS_ATTEMPT_TO_NOT_ALLOWED_RESOURCE .' Endpoint: ' . $url; - $this->error = AuthorizationError::ERROR_ACCESS_ATTEMPT_TO_NOT_ALLOWED_RESOURCE; - return; - - } - } - } elseif ($config['auth_type'] === 'basic' && $type === 'Basic') { - // AUTH OK - $is_auth = true; - } - } + Logging::$debug_enabled = (key_exists('debug', $config) && $config['debug'] == 1); - if ($is_auth === false) { + if ($this->authenticate() === false) { // Authorization error. header(OAuth2::HEADER_UNAUTHORIZED); - $this->output = AuthorizationError::MSG_ERROR_AUTHENTICATION_TO_API_PROBLEM; - $this->error = AuthorizationError::ERROR_AUTHENTICATION_TO_API_PROBLEM; return; } try { @@ -170,7 +199,7 @@ abstract class BaculumAPIServer extends TPage { __FILE__, __LINE__ ); - if ($e instanceof BException) { + if ($e instanceof BAPIException) { $this->output = $e->getErrorMessage(); $this->error = $e->getErrorCode(); } else { @@ -186,7 +215,7 @@ abstract class BaculumAPIServer extends TPage { * @param array $auth token params stored in TokenRecord session * @return none */ - private function init_auth(array $auth) { + private function initAuthParams(array $auth) { // if client has own bconsole config, assign it here if (array_key_exists('bconsole_cfg_path', $auth) && !empty($auth['bconsole_cfg_path'])) { Bconsole::setCfgPath($auth['bconsole_cfg_path'], true); @@ -314,38 +343,6 @@ abstract class BaculumAPIServer extends TPage { $this->remove($id); } - /** - * Check if request is allowed to access basing on OAuth2 scope. - * - * @access private - * @param string scopes assigned with token - * @return bool true if scope in url and from token are valid, otherwise false - */ - private function isScopeValid($scope) { - $is_valid = false; - $scopes = explode(' ', $scope); - $url = $this->getRequest()->getUrl()->getPath(); - $params = explode('/', $url); - if (count($params) >= 3 && $params[1] === 'api') { - $endpoint = $params[2]; - if (preg_match('/^v\d+$/', $params[2]) === 1 && count($params) >= 4) { - // for versioned API (v1, v2 ...etc.) - $endpoint = $params[3]; - } - if (in_array($endpoint, $this->public_endpoints)) { - $is_valid = true; - } else { - for ($i = 0; $i < count($scopes); $i++) { - if ($endpoint === $scopes[$i]) { - $is_valid = true; - break; - } - } - } - } - return $is_valid; - } - /** * Shortcut method for getting application modules instances by * module name. diff --git a/gui/baculum/protected/API/Class/Bconsole.php b/gui/baculum/protected/API/Class/Bconsole.php index b6bd0596e..690b02daf 100644 --- a/gui/baculum/protected/API/Class/Bconsole.php +++ b/gui/baculum/protected/API/Class/Bconsole.php @@ -21,7 +21,7 @@ */ Prado::using('Application.Common.Class.Errors'); -Prado::using('Application.API.Class.BException'); +Prado::using('Application.API.Class.BAPIException'); Prado::using('Application.API.Class.APIModule'); class Bconsole extends APIModule { @@ -328,7 +328,7 @@ class Bconsole extends APIModule { try { $director = array_shift($this->getDirectors()->output); $result = $this->bconsoleCommand($director, $command); - } catch (BException $e) { + } catch (BAPIException $e) { $result = (object)array( 'output' => $e->getErrorMessage(), 'exitcode' => $e->getErrorCode() diff --git a/gui/baculum/protected/API/Class/Database.php b/gui/baculum/protected/API/Class/Database.php index 8c7e1dbbb..4e608db3c 100644 --- a/gui/baculum/protected/API/Class/Database.php +++ b/gui/baculum/protected/API/Class/Database.php @@ -3,7 +3,7 @@ * Bacula(R) - The Network Backup Solution * Baculum - Bacula web interface * - * Copyright (C) 2013-2016 Kern Sibbald + * Copyright (C) 2013-2019 Kern Sibbald * * The main author of Baculum is Marcin Haba. * The original author of Bacula is Kern Sibbald, with contributions @@ -21,7 +21,7 @@ */ Prado::using('Application.Common.Class.Errors'); -Prado::using('Application.API.Class.BException'); +Prado::using('Application.API.Class.BAPIException'); Prado::using('Application.API.Class.APIModule'); Prado::using('Application.API.Class.APIDbModule'); diff --git a/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php b/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php index 0ce83b3e4..efad0169c 100644 --- a/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php +++ b/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php @@ -30,7 +30,7 @@ Prado::using('System.Web.UI.ActiveControls.TActiveRadioButton'); Prado::using('System.Web.UI.ActiveControls.TActiveCustomValidator'); Prado::using('Application.Common.Class.OAuth2'); Prado::using('Application.API.Class.APIConfig'); -Prado::using('Application.API.Class.BException'); +Prado::using('Application.API.Class.BAPIException'); Prado::using('Application.API.Class.BaculumAPIPage'); Prado::using('Application.API.Class.Database'); Prado::using('Application.API.Class.BasicAPIUserConfig'); @@ -409,12 +409,12 @@ class APIInstallWizard extends BaculumAPIPage { if ($validation === true) { try { $is_validate = $this->getModule('db')->testDbConnection($db_params); - } catch (BException $e) { + } catch (BAPIException $e) { $emsg = $e; } } $this->DbTestResultOk->Display = ($is_validate === true) ? 'Dynamic' : 'None'; - if ($emsg instanceof BException) { + if ($emsg instanceof BAPIException) { $this->DbTestResultErr->Text = $emsg; } $this->DbTestResultErr->Display = ($is_validate === false) ? 'Dynamic' : 'None'; diff --git a/gui/baculum/protected/Common/Class/AuthBase.php b/gui/baculum/protected/Common/Class/AuthBase.php new file mode 100644 index 000000000..3ad4666e0 --- /dev/null +++ b/gui/baculum/protected/Common/Class/AuthBase.php @@ -0,0 +1,91 @@ + + */ +abstract class AuthBase extends CommonModule { + + /** + * Stores HTTP request object. + */ + private static $req = null; + + /** + * Public constructor. + * + * @param THttpRequest $request HTTP request object. + * @return none + */ + public function initialize(THttpRequest $request) { + self::$req = $request; + } + + /** + * Get all HTTP request headers. + * + * @return array request headers + */ + private function getRequestHeaders() { + return self::$req->getHeaders(CASE_LOWER); + } + + /** + * Check if HTTP request contains authorization header + * ex: 'Authorization: Basic dGVzdGVyOnRlc3Q=' + * + * @return boolean true if request contains valid authorization header + */ + public function isAuthRequest() { + return ($this->getRequestHeader() !== null); + } + + /** + * Get authorization request header. + * + * @return string|null authorization header or null if header is invalid + */ + public function getRequestHeader() { + $auth_header = null; + $headers = $this->getRequestHeaders(); + if (is_array($headers) && key_exists('authorization', $headers)) { + if ($this->validateRequestHeader($headers['authorization'])) { + $auth_header = $headers['authorization']; + } + } + return $auth_header; + } + + /** + * Validate request header. + * + * @return boolean true - success, false - validation error + */ + abstract protected function validateRequestHeader($header); +} +?> diff --git a/gui/baculum/protected/Common/Class/AuthBasic.php b/gui/baculum/protected/Common/Class/AuthBasic.php new file mode 100644 index 000000000..e948754ad --- /dev/null +++ b/gui/baculum/protected/Common/Class/AuthBasic.php @@ -0,0 +1,80 @@ + + */ +class AuthBasic extends AuthBase implements AuthModule { + + /** + * Request header value pattern. + */ + const REQUEST_HEADER_CREDENTIALS_PATTERN = '/^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{4})$/'; + + /** + * Get auth type. + * + * @return string auth type. + */ + public function getAuthType() { + return 'Basic'; + } + + /** + * Validate auth request header. + * + * @param string $header auth request header value (ex: 'Basic dGVzdGVyOnRlc3Q=') + * @return boolean true - valid, false - validation error + */ + public function validateRequestHeader($header) { + $valid = false; + $value = $this->getRequestHeaderValue($header); + if (is_array($value)) { + $valid = ($value['type'] === $this->getAuthType() && preg_match(self::REQUEST_HEADER_CREDENTIALS_PATTERN, $value['credentials']) === 1); + } + return $valid; + } + + /** + * Get parsed request header value. + * + * @param string $header auth request header value (ex: 'Basic dGVzdGVyOnRlc3Q=') + * @return array|null list with type and credentials or null if header is invalid + */ + public function getRequestHeaderValue($header) { + $ret = null; + if (is_string($header)) { + $values = explode(' ', $header, 2); + if (count($values) == 2) { + list($type, $credentials) = $values; + $ret = ['type' => $type, 'credentials' => $credentials]; + } + } + return $ret; + } +} +?> diff --git a/gui/baculum/protected/Common/Class/AuthOAuth2.php b/gui/baculum/protected/Common/Class/AuthOAuth2.php new file mode 100644 index 000000000..31624f9a0 --- /dev/null +++ b/gui/baculum/protected/Common/Class/AuthOAuth2.php @@ -0,0 +1,125 @@ + + */ +class AuthOAuth2 extends AuthBase implements AuthModule { + + /** + * Get auth type. + * + * @return string auth type. + */ + public function getAuthType() { + return 'Bearer'; + } + + /** + * Validate auth request header. + * + * @param string $header auth request header value (ex: 'Bearer 39607568825eba6b72088b1ab054ed9d0f857eb7') + * @return boolean true - valid, false - validation error + */ + public function validateRequestHeader($header) { + $valid = false; + $value = $this->getRequestHeaderValue($header); + if (is_array($value)) { + $valid = ($value['type'] === $this->getAuthType() && OAuth2::validateAccessToken($value['token']) === true); + } + return $valid; + } + + /** + * Get parsed request header value. + * + * @param string $header auth request header value (ex: 'Basic 39607568825eba6b72088b1ab054ed9d0f857eb7') + * @return array|null list with type and token or null if header is invalid + */ + public function getRequestHeaderValue($header) { + $ret = null; + if (is_string($header)) { + $values = explode(' ', $header, 2); + if (count($values) == 2) { + list($type, $token) = $values; + $ret = ['type' => $type, 'token' => $token]; + } + } + return $ret; + } + + /** + * Get token from authorization header. + * + * @return string token value or empty string if header is invalid + */ + public function getToken() { + $token = ''; + $header = $this->getRequestHeader(); + $value = $this->getRequestHeaderValue($header); + if (is_array($value)) { + $token = $value['token']; + } + return $token; + } + + /** + * Check if request is allowed to access basing on OAuth2 scopes. + * Note, public endpoints are available for every client that uses + * valid token. + * + * @param string $path requested URL path + * @param string $tscopes scopes assigned to token + * @param array $public_endpoints endpoints that are public for all valid clients + * @return boolean true if scope in path and scope assigned to token are valid, otherwise false + */ + public function isScopeValid($path, $tscopes, $public_endpoints) { + $valid = false; + $scopes = explode(' ', $tscopes); + $params = explode('/', $path); + if (count($params) >= 3 && $params[1] === 'api') { + $endpoint = $params[2]; + if (preg_match('/^v\d+$/', $params[2]) === 1 && count($params) >= 4) { + // for versioned API (v1, v2 ...etc.) + $endpoint = $params[3]; + } + if (in_array($endpoint, $public_endpoints)) { + $valid = true; + } else { + for ($i = 0; $i < count($scopes); $i++) { + if ($endpoint === $scopes[$i]) { + $valid = true; + break; + } + } + } + } + return $valid; + } +} +?> diff --git a/gui/baculum/protected/API/Class/BException.php b/gui/baculum/protected/Common/Class/BException.php similarity index 77% rename from gui/baculum/protected/API/Class/BException.php rename to gui/baculum/protected/Common/Class/BException.php index d838c2920..f2486d2e2 100644 --- a/gui/baculum/protected/API/Class/BException.php +++ b/gui/baculum/protected/Common/Class/BException.php @@ -3,7 +3,7 @@ * Bacula(R) - The Network Backup Solution * Baculum - Bacula web interface * - * Copyright (C) 2013-2017 Kern Sibbald + * Copyright (C) 2013-2019 Kern Sibbald * * The main author of Baculum is Marcin Haba. * The original author of Bacula is Kern Sibbald, with contributions @@ -20,9 +20,9 @@ * Bacula(R) is a registered trademark of Kern Sibbald. */ -Prado::using('System.Exceptions.TException'); +use Prado\Exceptions; -class BException extends TException { +class BException extends \Prado\Exceptions\TException { private $error_code; private $error_message; @@ -50,16 +50,14 @@ class BException extends TException { } public function __toString() { - $msg = sprintf('Error: %d, Message: %s', $this->getErrorCode(), $this->getErrorMessage()); - return $msg; + return sprintf( + 'Error: %d, Message: %s', + $this->getErrorCode(), + $this->getErrorMessage() + ); } } -class BCatalogException extends BException { -} - -class BConsoleException extends BException { -} - -class BConfigException extends BException { +class AuthException extends BException { } +?> diff --git a/gui/baculum/protected/Common/Class/BasicUserConfig.php b/gui/baculum/protected/Common/Class/BasicUserConfig.php index f1d6f5abe..b65a6bdee 100644 --- a/gui/baculum/protected/Common/Class/BasicUserConfig.php +++ b/gui/baculum/protected/Common/Class/BasicUserConfig.php @@ -3,7 +3,7 @@ * Bacula(R) - The Network Backup Solution * Baculum - Bacula web interface * - * Copyright (C) 2013-2017 Kern Sibbald + * Copyright (C) 2013-2019 Kern Sibbald * * The main author of Baculum is Marcin Haba. * The original author of Bacula is Kern Sibbald, with contributions @@ -56,7 +56,7 @@ abstract class BasicUserConfig extends CommonModule { } $all_users = $this->getAllUsers(); - $password = $this->getModule('misc')->getCryptedPassword($password); + $password = $this->getModule('misc')->getHashedPassword($password); $userExists = array_key_exists($user, $all_users); diff --git a/gui/baculum/protected/Common/Class/Errors.php b/gui/baculum/protected/Common/Class/Errors.php index de9a5a9d5..b8b2e97c1 100644 --- a/gui/baculum/protected/Common/Class/Errors.php +++ b/gui/baculum/protected/Common/Class/Errors.php @@ -51,12 +51,17 @@ class BconsoleError extends GenericError { const MSG_ERROR_BCONSOLE_DISABLED = 'Bconsole support is disabled.'; } -class AuthorizationError extends GenericError { +class AuthenticationError extends GenericError { const ERROR_AUTHENTICATION_TO_API_PROBLEM = 6; - const ERROR_ACCESS_ATTEMPT_TO_NOT_ALLOWED_RESOURCE = 7; const MSG_ERROR_AUTHENTICATION_TO_API_PROBLEM = 'Problem with authentication to Baculum API.'; +} + +class AuthorizationError extends GenericError { + + const ERROR_ACCESS_ATTEMPT_TO_NOT_ALLOWED_RESOURCE = 7; + const MSG_ERROR_ACCESS_ATTEMPT_TO_NOT_ALLOWED_RESOURCE = 'Access attempt to not allowed resource. Permission denied.'; } diff --git a/gui/baculum/protected/Common/Class/Interfaces.php b/gui/baculum/protected/Common/Class/Interfaces.php index 56c722783..a2ab45c2a 100644 --- a/gui/baculum/protected/Common/Class/Interfaces.php +++ b/gui/baculum/protected/Common/Class/Interfaces.php @@ -3,7 +3,7 @@ * Bacula(R) - The Network Backup Solution * Baculum - Bacula web interface * - * Copyright (C) 2013-2016 Kern Sibbald + * Copyright (C) 2013-2019 Kern Sibbald * * The main author of Baculum is Marcin Haba. * The original author of Bacula is Kern Sibbald, with contributions @@ -21,10 +21,14 @@ */ /** - * Interface that defines methods to work on config data. + * Common interfaces. * * @author Marcin Haba */ + +/** + * Defines methods to work on config data. + */ interface ConfigFormat { public function write($source, $config); @@ -34,6 +38,9 @@ interface ConfigFormat { public function prepareConfig($config); } +/** + * Defines single session item. + */ interface SessionItem { public static function getRecordId(); @@ -42,4 +49,18 @@ interface SessionItem { public static function getSessionFile(); } + +/** + * Defines auth module methods. + */ +interface AuthModule { + + public function getAuthType(); + + public function isAuthRequest(); + + public function validateRequestHeader($header); + + public function getRequestHeaderValue($header); +} ?> diff --git a/gui/baculum/protected/Common/Class/Miscellaneous.php b/gui/baculum/protected/Common/Class/Miscellaneous.php index 678a82449..b42ceec86 100644 --- a/gui/baculum/protected/Common/Class/Miscellaneous.php +++ b/gui/baculum/protected/Common/Class/Miscellaneous.php @@ -432,15 +432,14 @@ class Miscellaneous extends TModule { } /** - * Get encrypted password to use in HTTP Basic auth. + * Get hashed password to use in web server auth. * * @access public * @param string $password plain text password - * @return string encrypted password + * @return string hashed password */ - public function getCryptedPassword($password) { - $enc_pwd = crypt($password, base64_encode($password)); - return $enc_pwd; + public function getHashedPassword($password) { + return crypt($password, base64_encode($password)); } } diff --git a/gui/baculum/protected/Common/Class/OAuth2.php b/gui/baculum/protected/Common/Class/OAuth2.php index 753abc757..e1fd09613 100644 --- a/gui/baculum/protected/Common/Class/OAuth2.php +++ b/gui/baculum/protected/Common/Class/OAuth2.php @@ -3,7 +3,7 @@ * Bacula(R) - The Network Backup Solution * Baculum - Bacula web interface * - * Copyright (C) 2013-2017 Kern Sibbald + * Copyright (C) 2013-2019 Kern Sibbald * * The main author of Baculum is Marcin Haba. * The original author of Bacula is Kern Sibbald, with contributions @@ -197,7 +197,7 @@ abstract class OAuth2 extends CommonModule { * @param string $token access token value * @return true if access token is valid, otherwise false */ - final public function validateAccessToken($token) { + final public static function validateAccessToken($token) { return (preg_match('/' . self::ACCESS_TOKEN_PATTERN . '/', $token) === 1); } @@ -208,7 +208,7 @@ abstract class OAuth2 extends CommonModule { * @param string $token refresh token value * @return true if refresh token is valid, otherwise false */ - final public function validateRefreshToken($token) { + final public static function validateRefreshToken($token) { return (preg_match('/' . self::REFRESH_TOKEN_PATTERN . '/', $token) === 1); } diff --git a/gui/baculum/protected/application.xml b/gui/baculum/protected/application.xml index 22c61d9e6..78af43d7f 100644 --- a/gui/baculum/protected/application.xml +++ b/gui/baculum/protected/application.xml @@ -12,6 +12,9 @@ + + +