nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Authentication reject on single plugin authorized false

Browse Source
This commit is contained in:
markjcrane
2023-06-17 16:18:02 -06:00
parent 719b84ed2a
commit 8393701d13
1 changed files with 9 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
core/authentication/resources/classes/authentication.php
View File

@@ -44,34 +44,6 @@ class authentication {
$_SESSION['authentication']['methods'][] = 'database';
}
//automatically block multiple authentication failures
if (!isset($_SESSION['users']['max_retry']['numeric'])) {
$_SESSION['users']['max_retry']['numeric'] = 5;
}
if (!isset($_SESSION['users']['find_time']['numeric'])) {
$_SESSION['users']['find_time']['numeric'] = 3600;
}
$sql = "select count(user_log_uuid) \n";
$sql .= "from v_user_logs \n";
$sql .= "where result = 'failure' \n";
$sql .= "and floor(extract(epoch from now()) - extract(epoch from timestamp)) < :find_time \n";
$sql .= "and type = 'login' \n";
$sql .= "and remote_address = :remote_address \n";
$sql .= "and username = :username \n";
$parameters['remote_address'] = $_SERVER['REMOTE_ADDR'];
$parameters['find_time'] = $_SESSION['users']['find_time']['numeric'];
$parameters['username'] = isset($_SESSION['username']) ? $_SESSION['username'] : null;
$database = new database;
$auth_tries = $database->select($sql, $parameters, 'column');
if ($_SESSION['users']['max_retry']['numeric'] <= $auth_tries) {
$result["plugin"] = "database";
$result["domain_name"] = $this->domain_name;
$result["username"] = $this->username;
$result["domain_uuid"] = $this->domain_uuid;
$result["authorized"] = "false";
return $result;
}
//set the database as the default plugin
if (!isset($_SESSION['authentication']['methods'])) {
$_SESSION['authentication']['methods'][] = 'database';
@@ -81,7 +53,7 @@ class authentication {
foreach ($_SESSION['authentication']['methods'] as $name) {
//already processed the plugin move to the next plugin
if (!empty($_SESSION['authentication']['plugin'][$name]['authorized'])) {
if ($_SESSION['authentication']['plugin'][$name]['authorized']) {
continue;
}
@@ -92,6 +64,7 @@ class authentication {
//process the plugin
if (file_exists($plugin)) {
//run the plugin
include_once $plugin;
$object = new $class_name();
$object->domain_name = $this->domain_name;
@@ -105,7 +78,7 @@ class authentication {
}
$array = $object->$name();
$id = $array["plugin"];
//build a result array
$result['plugin'] = $array["plugin"];
$result['domain_name'] = $array["domain_name"];
$result['username'] = $array["username"];
@@ -116,6 +89,11 @@ class authentication {
//save the result to the authentication plugin
$_SESSION['authentication']['plugin'][$name] = $result;
//plugin authorized false
if (!$result['authorized']) {
break;
}
}
}
@@ -168,7 +146,7 @@ class authentication {
user_logs::add($result);
//user is authorized - get user settings, check user cidr
if (!empty($authorized)) {
if ($authorized) {
//set a session variable to indicate authorized is set to true
$_SESSION['authorized'] = true;