a63b6486b9
Remove Session from App Components list.
2019-08-12 15:36:40 -04:00
c2e1293472
spacing
2019-08-12 15:10:58 -04:00
0bf036fc55
Remove Session from the components list
2019-08-12 15:06:46 -04:00
2320ab4d66
update HostController. Use config constants, don't use sessions
2019-08-12 15:01:40 -04:00
a9d01ba3d2
Alarm api ( #2665 )
...
* fixed alarm api to use tokens if present
* clearer debug logs for tokens
* space
2019-07-17 20:38:58 -04:00
c4dc5f34e4
add event file system path to API ( #2639 )
2019-06-16 11:59:23 -04:00
bc0565858b
check for API disabled only when auth is on ( #2624 )
2019-05-28 13:44:06 -04:00
1ddd5b1f74
Merge branch 'master' of github.com:ZoneMinder/zoneminder
2019-05-24 13:56:30 -04:00
fc27393a96
Replace MySQL Password() with bcrypt, allow for alternate JWT tokens ( #2598 )
...
* added sha1 and bcrypt submodules
* added bcrypt and sha to src build process
* added test sha1 and bcrypt code to validate working
* bcrypt auth migration in PHP land
* added include path
* add sha source
* added bcrypt to others
* put link_dir ahead of add_executable
* fixed typo
* try add_library instead
* absolute path
* absolute path
* build bcrypt as static
* move to wrapper
* move to fork
* logs tweak
* added lib-ssl/dev for JWT signing
* Moved to openSSL SHA1, initial JWT plugin
* removed vog
* fixed SHA1 algo
* typo
* use php-jwt, use proper way to add PHP modules, via composer
* fixed module path
* first attempt to fix cast error
* own fork
* own fork
* add composer vendor directory
* go back to jwt-cpp as PR merged
* moved to jwt-cpp after PR merge
* New token= query for JWT
* Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading
* JWT integration, validate JWT token via validateToken
* added token validation to zms/zmu/zmuser
* add token to command line for zmu
* move decode inside try/catch
* exception handling for try/catch
* fix db read, forgot to exec query
* remove allowing auth_hash_ip for token
* support refresh tokens as well for increased security
* remove auth_hash_ip
* Error out if used did not create an AUTH_HASH_SECRET
* fixed type conversion
* make sure refresh token login doesn't generate another refresh token
* fix absolute path
* move JWT/Bcrypt inside zm_crypt
* move sha headers out
* move out sha header
* handle case when supplied password is hashed, fix wrong params in AppController
* initial baby step for api tab
* initial plumbing to introduce token expiry and API bans per user
* remove M typo
* display user table in api
* added revoke all tokens code, removed test code
* use strtoul for conversion
* use strtoul for conversion
* use strtoul for conversion
* more fixes
* more fixes
* add mintokenexpiry to DB seek
* typo
* add ability to revoke tokens and enable/disable APIs per user
* moved API enable back to system
* comma
* enable API options only if API enabled
* move user creation to bcrypt
* added password_compat for PHP >=5.3 <5.5
* add Password back so User object indexes don't change
* move token index after adding password
* demote logs
* make old API auth optional, on by default
* make old API auth mechanism optional
* removed stale code
* forgot to checkin update file
* bulk overlay hash mysql encoded passwords
* add back ssl_dev, got deleted
* fix update script
* added token support to index.php
* reworked API document for new changes in 2.0
* Migrate from libdigest to crypt-eks-blowfish due to notice
* merge typo
* css classess for text that disappear
* fixed html typo
* added deps to ubuntu control files
* spaces
* removed extra line
* when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist
* add libssl1.0.0 for ubuntu 16/12
* small API fixes
* clean up of API, remove redundant sections
* moved to ZM fork for bcrypt
* whitespace and google code style
* regenerate auth hash if doing password migration
* dont need AUTH HASH LOGIN to be on
* Add auth hash verification to the user logged in already case
* fix missing ]
* reject requests if per user API disabled
2019-05-24 13:48:40 -04:00
2ce2381269
Merge branch 'crypt-replacement' of https://github.com/pliablepixels/ZoneMinder into pliablepixels-crypt-replacement
2019-05-19 08:45:42 -04:00
8e1037458a
when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist
2019-05-18 11:23:16 -04:00
93aeceecfc
Merge branch 'crypt-replacement' of https://github.com/pliablepixels/ZoneMinder into pliablepixels-crypt-replacement
2019-05-17 10:18:15 -04:00
41ae745b17
removed stale code
2019-05-12 18:53:51 -04:00
ec279ccc9a
make old API auth mechanism optional
2019-05-12 18:51:07 -04:00
881d531fe9
make old API auth optional, on by default
2019-05-12 18:19:19 -04:00
225893fcd6
add mintokenexpiry to DB seek
2019-05-12 05:50:19 -04:00
88d50ec9ca
added revoke all tokens code, removed test code
2019-05-11 15:47:57 -04:00
95b448abdd
handle case when supplied password is hashed, fix wrong params in AppController
2019-05-10 11:25:55 -04:00
1770ebea23
make sure refresh token login doesn't generate another refresh token
2019-05-08 15:26:51 -04:00
0bc96dfe83
Error out if used did not create an AUTH_HASH_SECRET
2019-05-08 14:26:16 -04:00
bc050fe330
support refresh tokens as well for increased security
2019-05-08 13:38:42 -04:00
27e6e46f84
remove allowing auth_hash_ip for token
2019-05-08 12:11:32 -04:00
b293592e4c
added token validation to zms/zmu/zmuser
2019-05-08 10:55:32 -04:00
d36c1f5d3c
Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading
2019-05-07 15:04:12 -04:00
0bbc582971
New token= query for JWT
2019-05-07 15:03:13 -04:00
5b68ddcc9a
add a note deprecating getDiskPercent
2019-04-17 09:55:34 -04:00
d270fbd0ad
added support for named params to consoleEvents ( #2571 )
2019-04-09 16:28:46 -04:00
110e5075f4
fix namespace fixes #3566
2019-04-01 17:21:01 -04:00
fa9803d819
Can't use this->data to avoid another db hit. Must load by id
2019-04-01 10:11:56 -04:00
b988ce0573
more parentheses to make logic more clear
2019-03-20 14:26:35 -04:00
520c41da23
Merge ../ZoneMinder.connortechnology.bad into storageareas
2019-03-18 14:40:03 -04:00
abb6ef1688
API: Escape 'named' params for SQLi in two more Event endpoints.
...
Fixes #2099
2019-03-11 00:21:51 -07:00
056b96f7fc
API: Monitor and Event 'index' SQLi. Fixes #2099
2019-03-11 00:21:51 -07:00
af9c87a112
Merge branch 'master' into storageareas
2019-02-27 10:53:19 -05:00
4c35f2910c
fix ZM namespace
2019-02-26 18:09:18 -05:00
df3e11d83c
Fix authentication in api because we no longer store the user object in the session
2019-02-26 17:01:45 -05:00
fbdb5bcb62
Merge branch 'master' into storageareas
2019-02-19 12:06:32 -05:00
eaa7341935
Add missing / in path to auth.php
2019-02-19 10:07:36 -05:00
5029d7214a
Merge branch 'master' into storageareas
2019-02-18 17:00:45 -05:00
4cd3a93e96
add missing /
2019-02-18 16:30:03 -05:00
04c17283ec
need to prefix with _dir_ otherwise relative to initial script ( #2531 )
2019-02-17 11:31:10 -05:00
5060358870
Merge branch 'master' into storageareas
2018-12-29 09:56:53 -05:00
3258d8e590
remove ZM_DIR_IMAGES ( #2374 )
2018-12-29 09:52:58 -05:00
27826b4aca
Merge branch 'master' into storageareas
2018-12-24 09:48:29 -05:00
47465260d1
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 10:01:48 -05:00
e626049f6b
Merge branch 'swresample' into storageareas
2018-12-20 14:08:40 -05:00
622c17f628
make sure auth is regenerated each time we call this API ( #2347 )
2018-12-16 11:02:07 -05:00
7d90a56561
Merge branch 'master' into storageareas
2018-11-30 14:46:42 -05:00
e6b8a7bc66
resolves #2327
2018-11-29 09:21:10 -05:00
f5328265ef
fix missing daemons definition
2018-11-28 09:12:22 -05:00
51d8c0ea73
add back daemon parameter, but make it actually work
2018-11-14 12:59:44 -05:00
d671761a35
simplify params to daemonControl since they really aren't being used anyways. Return the status text
2018-11-14 12:54:10 -05:00
073193e410
Merge pull request #2281 from connortechnology/fix_2279_delete_camera_through_api
...
Fix 2279 delete camera through api
2018-10-30 07:06:14 -05:00
39061038fb
Don't include related models in Storage index
2018-10-29 14:40:05 -04:00
9a2d58adce
We don't store all the permissions in the session anymore. We just use the global user object
2018-10-29 11:03:03 -04:00
8878397622
fix spacing
2018-10-20 11:36:25 -04:00
409fd6aa6f
Merge pull request #2232 from connortechnology/fix_2229_getDiskPercent
...
Fix 2229 get disk percent
2018-10-03 18:11:28 -05:00
66221e39ab
rough in a StorageController for api
2018-10-03 11:22:51 -04:00
12bed9b6ac
Use alternate, working test for relative ZM_DIR_EVENTS. Don't use human output from du when specifying mid to be consistent.
2018-10-03 11:11:33 -04:00
03f09bdc48
Use defined CONFIG constants instead of looking up config from db
2018-10-03 10:56:02 -04:00
23ddc83ad4
fix_2167 ( #2168 )
...
* Populate a global from the session on every request. Use the object instead of using allowedMonitors in session.
* fix when gets loaded.
* use for auth, and add Monitor Edit checks to Zone add/delete/edit
* add back the ZM_OPT_USE_AUTH test for being logged in in AppController
* Update permissions code to use
* change quotes
* Update permission code to use
* Use instal of session for systemPermission
* deprecate montiorPermision in session
* use instead of session streamPermission
* move login code back into AppController. Has to be done for every request
* deprecate eventPermission, controlPermission and systemPermission in session.
* handle auth params in query string as well as post
* exit on HUP to free up memory.
* add missing global user
* system should be System
2018-08-08 09:59:46 -04:00
dc57a3c91c
fix spacing/quotes/google code style
2018-07-24 16:41:09 -04:00
997aa6aa55
fixed getCredentials not working if called directly
2018-07-17 13:57:20 -04:00
0ff9002adf
2156 api login ( #2157 )
...
* error can be due to bad user or password
* added login/logout and related private functions
* handle case when userLogin fails, current code returns PHP error for and API throw is not called
* formatting
* converted login params to POST, removed user=&pass= for other APIs
* formatting
* add auth check back but leave out login/out
* fixes to make it work across zmN, postman and curl
* added back enabled check
2018-07-15 21:17:35 -04:00
fe5ebe094d
More work just using auth.php instead of cake code. Don't reload the User object
2018-07-11 11:45:49 -04:00
4f80ca6871
Use userLogin function from auth.php instead of cake code.
2018-07-11 10:33:49 -04:00
983e3c45be
Fix spacing and quotes
2018-07-11 09:54:25 -04:00
f10509690b
add username and passwordHash to Session so that generateAuthHash works
2018-07-11 09:54:15 -04:00
21438d17ac
Fix authenticating User
2018-07-10 13:19:51 -04:00
930d929427
Merge branch 'storageareas' into api_auth
2018-07-10 12:46:30 -04:00
e04eac57ae
Include values in /etc/zm files in viewByName
2018-06-25 15:43:01 -04:00
24ceb75936
Merge branch 'master' into include_fs_config_in_api_config
2018-06-21 21:41:54 -04:00
cd64619743
Fix controlling daemon when the monitor is Local
2018-06-06 12:56:33 -04:00
2a5f05499e
Munge the config in the global configvals into the configs array before returning it.
2018-05-10 13:44:46 -04:00
62edca6dcb
add fileSize to the api, and use it to add remote fileSize reporting in includes/Event
2018-05-08 13:33:56 -07:00
1a012c62ff
Add fileExists to event view
2018-05-07 14:07:03 -07:00
e953a04f61
naming consistency of attribute ( #2096 )
2018-05-03 14:03:49 -04:00
a3158fcc97
auth_key api for different situations ( #2090 )
...
* auth_key api for different situations
* added new flag to indicate if password needs to be appended
* pure json view
2018-05-02 12:26:28 -04:00
c3b6cd4bab
include auth.php if auth is on, and return '' for auth_hash is auth is disabled
2018-04-30 11:24:53 -04:00
513708b11c
don't need to define the config, it will have already been done. Include auth.php instead of functions.php as the code has been moved
2018-04-06 14:42:10 -04:00
a789fc88aa
implement getAuthHash
2018-04-06 14:41:39 -04:00
632ab143fe
error when can't set session in cake
2018-04-05 14:21:56 -04:00
a4fee5c91c
further merges from cakephp 2.10.8
2018-03-21 13:09:55 -04:00
b4c13d56d6
Merge ../ZoneMinder.master into storageareas
2018-03-06 12:29:59 -05:00
0654c7e3b2
Adding group handling in API
2018-03-04 23:01:52 -08:00
475c465b0d
define
2018-01-26 10:39:12 -05:00
1503c586d2
When there is an error saving, add the invalidFields() info to the error message. Only restart the daemon on success.
2018-01-26 10:30:29 -05:00
933259f9a5
fix bracket
2018-01-23 13:16:21 -08:00
bd2da456f4
handle non-multi-server case when restarting monitors via API
2018-01-19 21:09:33 -05:00
d586faf7fb
Fix restarting Monitor
2018-01-19 08:16:28 -08:00
1b1b93f811
use CakePHP-Enum-Behavior to add support for ENUMs to the Monitor model. This should fix #48
2018-01-01 14:43:02 -05:00
bb8e326392
Fix not restarting a monitor if it has moved to a different server
2017-12-22 09:16:56 -08:00
85b7baa131
Fix event Groups associations
2017-12-19 18:09:41 -05:00
d312482a2b
add StorageScheme to Storage and Events. Deprecate ZM_USE_DEEP_STORAGE
2017-12-18 12:52:26 -05:00
dd69bc3d7b
Merge branch 'master' into storageareas
2017-12-11 11:39:42 -05:00
ef1af9cc15
disable FilterComponent as it doesn't actually do anything. Add Groups join when needed
2017-12-09 14:03:42 -05:00
08b5c26a15
2019 maxscoreframeid ( #2020 )
...
* added MaxScoreFrameId to address #2019
* consistent quotes
2017-12-07 14:11:06 -05:00
f7a2db4e49
remove MaxScore from the sorting because it really doesn't make sense to sort by time then maxscore... time is going to be pretty much unique
2017-12-04 21:50:29 -05:00
97c9ae02c2
cleanup
2017-12-04 17:02:38 -05:00
6270408c8f
rework group MonitorIds and add GroupId filters to api
2017-12-04 15:52:16 -05:00
489d3ba6ed
Merge ../ZoneMinder.master into storageareas
2017-11-21 12:23:17 -05:00
f093cfbcef
add Filtering to monitors index
2017-11-13 10:27:24 -08:00
a8fc832481
fix for monitor API edit perm ( #1995 )
2017-10-07 09:55:13 -04:00
150aa5be51
Merge branch 'master' into api_auth
2017-06-09 12:33:17 -04:00
75dc774a08
Continue to support non-USE_DEEP_STORAGE option
2017-05-22 21:21:49 -04:00
33092e4022
Allow API authentication using the `auth` query parameter containing an auth. hash. ( #1845 )
...
* Allow API authentication using the `auth` query parameter containing an auth. hash.
Fixes #1827
The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.
* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals
This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.
* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
2017-05-15 21:51:48 -04:00
ea558c79a0
Fix check that API user is enabled
2017-03-20 17:16:24 -07:00
2dda2d9e1e
remove unneeded, empty files
2016-12-26 09:49:14 -06:00
192d0dbb45
added TimeZone get API
2016-10-18 14:07:31 -04:00
1440dd9265
retab
2016-09-03 15:02:32 -04:00
7bf0b3c423
readded forMonitor - removed by mistake
2016-09-03 14:51:24 -04:00
9a4330eb59
#1537 Zones Controller not returning all zones
2016-09-03 14:46:47 -04:00
55f5db55dd
implement suggested code to stop the monitor when Function is set to None
2016-09-01 11:43:20 -04:00
b4aec41d3d
fix warnings and move User import up higher to where it needs to be
2016-06-21 09:09:58 -04:00
dbdd1ae51e
remove debug logging
2016-06-07 16:26:58 -04:00
f26c9168c4
if user=&pass= are in request, use them for auth
2016-06-07 16:25:35 -04:00
6cb163c37f
Merge branch 'master' into api_auth
2016-06-07 16:23:50 -04:00
4018cab743
don't pass partial data to daemoncontrol
2016-05-19 14:53:16 -04:00
b513bcef82
icon's gonna kill me
2016-05-10 20:09:41 -04:00
af3cae578e
fixed verbose handling bug for status command on zmu
2016-05-10 20:07:28 -04:00
8d5f2a8e5d
added iconnor's change back
2016-05-10 19:17:09 -04:00
df830a5190
resolved merge conflicts
2016-05-10 19:15:00 -04:00
2888142e68
added status command to retrieve alarmed status of monitor in addition to on/of
2016-05-10 16:55:43 -04:00
b03d2660cb
Merge pull request #1455 from ZoneMinder/api_servers
...
rough in Server object support
2016-05-10 08:00:58 +10:00
966a9dcd8d
Merge pull request #1467 from ZoneMinder/api_fixes
...
Don't pass request data as a monitor array to daemonControl
2016-05-07 18:25:35 -04:00
e35b0a1eb2
Merge pull request #1469 from pliablepixels/1468-api-consoleEvents-alarmedFrames
...
added alarmed frames filter
2016-05-07 17:06:37 -04:00
be329e1e0d
switched to named param format, more flexible, in line with other APIs
2016-05-07 16:28:25 -04:00
8347b69b09
added alarmed frames filter
2016-05-07 14:26:09 -04:00
6d991a1c6c
Merge pull request #1466 from pliablepixels/1465-api-alarm-on-off
...
added alarm enable/disable
2016-05-07 11:26:49 -04:00
6f9cc0f19f
to be safe, lets add system edit permissions, so rogue users can't turn alarms OFF
2016-05-07 11:01:03 -04:00
15977f1a3c
Don't pass request data as a monitor array to daemonControl
2016-05-07 10:56:38 -04:00
0280ae4dd5
added alarm enable/disable
2016-05-07 10:37:42 -04:00
01aa2c9319
change permissions to stream permissions for view
2016-05-02 19:48:24 -04:00
75f9fde920
rough in Server object support
2016-05-02 10:41:25 -04:00
8a47241e18
address issue #1335
2016-03-12 08:07:25 -05:00
6e606aa74b
removed issue #
2015-12-19 19:04:27 -05:00
38b4785557
PP - Gone,flitted away, Taken the starts from the night and sun, From the day! Gone, and a cloud in my heart. - Tennyson
2015-12-19 18:36:38 -05:00
b4fdaa9b4d
initial user role support
2015-12-19 17:44:46 -05:00
e812398fb9
initial user role support
2015-12-19 17:44:39 -05:00
f56688e7c2
initial user role support
2015-12-19 17:44:16 -05:00
028c9b956c
check for opt_use_api, also pull in user roles support
2015-12-19 17:44:02 -05:00
5add10289b
Merge pull request #1136 from pliablepixels/1135-events-API-prev-next
...
added prev/next event ids
2015-11-16 09:23:36 -07:00
7cbad44ae4
also return the prev and next events for the same monitor as the current event
2015-11-04 14:23:28 -05:00
e3d06ca103
added prev/next event ids
2015-11-02 16:54:52 -05:00
d39f57c4ff
Merge pull request #1073 from pliablepixels/1072-events-API-delete-fix
...
Delete fixes for Events
2015-09-28 14:46:01 -04:00
a00fed480d
Delete fixes for Events
2015-09-28 14:41:36 -04:00
ee78ae5c49
restart monitor when edited via APIs
2015-09-28 09:31:57 -04:00
66ec84fdea
Merge pull request #1008 from pliablepixels/993-API-Auth
...
Included logic to not enforce authentication in API layer if ZM auth is off
2015-08-11 14:51:02 -05:00
a64f7c0036
Included logic to not enforce authentication in API layer if ZM_OPT_USE_AUTH is disabled
...
If ZM auth is off, API won't work. Changed this to make sure API disables auth if ZM disables auth
2015-08-11 14:47:49 -04:00
3e5170678e
Merge pull request #1006 from pliablepixels/993-API-Auth
...
I was using the wrong field to check for portal authentication
2015-08-10 15:58:50 -04:00
Isaac Connor
Pliable Pixels
Pliable Pixels
Matthew Noorenberghe
Mitch Capper
Andrew Bauer
Isaac Connor
Isaac Connor
Isaac Connor
tim
APHW2 MFGENG
Andy Bauer
Isaac Connor
Steve Gilvarry
Isaac Connor
Kyle Johnson