Fix authentication in api because we no longer store the user object in the session
Isaac Connor
parent
92dc7878de
commit
df3e11d83c
|
|
@ -67,7 +67,6 @@ class AppController extends Controller {
|
|||
|
||||
# For use throughout the app. If not logged in, this will be null.
|
||||
global $user;
|
||||
$user = $this->Session->read('user');
|
||||
|
||||
if ( ZM_OPT_USE_AUTH ) {
|
||||
require_once __DIR__ .'/../../../includes/auth.php';
|
||||
|
|
|
|||
|
|
@ -48,8 +48,7 @@ class HostController extends AppController {
|
|||
|
||||
// clears out session
|
||||
function logout() {
|
||||
global $user;
|
||||
$this->Session->Write('user', null);
|
||||
userLogout();
|
||||
|
||||
$this->set(array(
|
||||
'result' => 'ok',
|
||||
|
|
@ -67,7 +66,7 @@ class HostController extends AppController {
|
|||
if ( $isZmAuth ) {
|
||||
// In future, we may want to completely move to AUTH_HASH_LOGINS and return &auth= for all cases
|
||||
require_once __DIR__ .'/../../../includes/auth.php'; # in the event we directly call getCredentials.json
|
||||
$this->Session->read('user'); # this is needed for command line/curl to recognize a session
|
||||
|
||||
$zmAuthRelay = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_RELAY')))['Config']['Value'];
|
||||
if ( $zmAuthRelay == 'hashed' ) {
|
||||
$zmAuthHashIps = $this->Config->find('first',array('conditions' => array('Config.' . $this->Config->primaryKey => 'ZM_AUTH_HASH_IPS')))['Config']['Value'];
|
||||
|
|
@ -75,7 +74,7 @@ class HostController extends AppController {
|
|||
$credentials = 'auth='.generateAuthHash($zmAuthHashIps,true);
|
||||
} else {
|
||||
// user will need to append the store password here
|
||||
$credentials = 'user='.$this->Session->read('user.Username').'&pass=';
|
||||
$credentials = 'user='.$this->Session->read('Username').'&pass=';
|
||||
$appendPassword = 1;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -126,10 +126,10 @@ class Event extends AppModel {
|
|||
if ( file_exists($storage['Storage']['Path'].'/'.$this->Relative_Path().'/'.$event['DefaultVideo']) ) {
|
||||
return 1;
|
||||
} else {
|
||||
Logger::Debug("FIle does not exist at " . $storage['Storage']['Path'].'/'.$this->Relative_Path().'/'.$event['DefaultVideo'] );
|
||||
ZM\Logger::Debug("FIle does not exist at " . $storage['Storage']['Path'].'/'.$this->Relative_Path().'/'.$event['DefaultVideo'] );
|
||||
}
|
||||
} else {
|
||||
Logger::Debug("No DefaultVideo in Event" . $this->Event);
|
||||
ZM\Logger::Debug("No DefaultVideo in Event" . $this->Event);
|
||||
return 0;
|
||||
}
|
||||
} // end function fileExists($event)
|
||||
|
|
|
|||
|
|
@ -205,19 +205,20 @@ function canEdit($area, $mid=false) {
|
|||
return ( $user[$area] == 'Edit' && ( !$mid || visibleMonitor($mid) ));
|
||||
}
|
||||
|
||||
global $user;
|
||||
if ( ZM_OPT_USE_AUTH ) {
|
||||
if ( isset($_SESSION['username']) ) {
|
||||
# Need to refresh permissions and validate that the user still exists
|
||||
$sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?';
|
||||
$user = dbFetchOne($sql, NULL, array($_SESSION['username']));
|
||||
}
|
||||
|
||||
$close_session = 0;
|
||||
if ( !is_session_started() ) {
|
||||
session_start();
|
||||
$close_session = 1;
|
||||
}
|
||||
|
||||
if ( isset($_SESSION['username']) ) {
|
||||
# Need to refresh permissions and validate that the user still exists
|
||||
$sql = 'SELECT * FROM Users WHERE Enabled=1 AND Username=?';
|
||||
$user = dbFetchOne($sql, NULL, array($_SESSION['username']));
|
||||
}
|
||||
|
||||
if ( ZM_AUTH_RELAY == 'plain' ) {
|
||||
// Need to save this in session
|
||||
$_SESSION['password'] = $password;
|
||||
|
|
|
|||
Loading…
Reference in New Issue