lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 09:04:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auth: webui session usernames and case sensitivity. for https://github.com/opnsense/core/issues/4451

Browse Source
This commit is contained in:
Ad Schellevis 2020-12-06 19:29:19 +01:00
parent 184b126cb1
commit edf1e2e8e0
2 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/etc/inc/authgui.inc
View File

@ -111,7 +111,8 @@ function session_auth(&$Login_Error)
if ($is_authenticated) {
// Generate a new id to avoid session fixation
session_regenerate_id();
$_SESSION['Username'] = $_POST['usernamefld'];
// XXX: eventually we should replace the login flow for a service based one (IService).
$_SESSION['Username'] = $authenticator->getUserName($_POST['usernamefld']);
$_SESSION['last_access'] = time();
$_SESSION['protocol'] = $config['system']['webgui']['protocol'];
if ($authenticator != null && $authenticator->shouldChangePassword($_SESSION['Username'], $_POST['passwordfld'])) {

18
src/opnsense/mvc/app/library/OPNsense/Auth/Base.php
View File

@ -130,4 +130,22 @@ abstract class Base
}
return $userObject;
}
/**
* return actual username.
* This is more or less a temporary function to support case insensitive names in sessions
* @param string $username username
* @return string
*/
public function getUserName($username)
{
if ($this->caseInSensitiveUsernames) {
$user = $this->getUser($username);
if ($user) {
return (string)$user->name;
}
} else {
return $username;
}
}
}