dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[bug fix] get the domain from the username (#6691) 

* [bug fix] get the domain from the username

When the URL domain doesn't match the user's domain

Authentication can use domain from the username.

username:
user@domain
This commit is contained in:
FusionPBX 2023-05-11 18:58:22 -06:00 committed by GitHub
parent 733b206664
commit ffd9a2c4b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 44 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
core/authentication/resources/classes/authentication.php
View File

@ -1,7 +1,7 @@
<?php <?php
/** /**
* authentication * authentication
* *
* @method validate uses authentication plugins to check if a user is authorized to login * @method validate uses authentication plugins to check if a user is authorized to login
* @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid * @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
@ -409,14 +409,35 @@ class authentication {
/** /**
* get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid * get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
*/ */
function get_domain() { public static function get_domain() {
//get the domain from the url //get the domain from the url
$this->domain_name = $_SERVER["HTTP_HOST"]; $domain_name = $_SERVER["HTTP_HOST"];
//get the domain name from the http value
if (!empty($_REQUEST["domain_name"])) {
$domain_name = $_REQUEST["domain_name"];
}
//remote port number from the domain name
$domain_array = explode(":", $domain_name);
if (count($domain_array) > 1) {
$domain_name = $domain_array[0];
}
//if the username
if (!empty($_REQUEST["username"])) {
$_SESSION['username'] = $_REQUEST["username"];
}
//set a default value for unqiue
if (empty($_SESSION["users"]["unique"]["text"])) {
$_SESSION["users"]["unique"]["text"] = 'false';
}
//get the domain name from the username //get the domain name from the username
if (isset($_SESSION["users"]["unique"]) && $_SESSION["users"]["unique"]["text"] != "global") { if (!empty($_SESSION['username']) && $_SESSION["users"]["unique"]["text"] != "global") {
$username_array = explode("@", $_REQUEST["username"] ?? ''); $username_array = explode("@", $_SESSION['username']);
if (count($username_array) > 1) { if (count($username_array) > 1) {
//get the domain name //get the domain name
$domain_name = $username_array[count($username_array) -1]; $domain_name = $username_array[count($username_array) -1];
@ -425,7 +446,7 @@ class authentication {
$domain_exists = false; $domain_exists = false;
foreach ($_SESSION['domains'] as $row) { foreach ($_SESSION['domains'] as $row) {
if (lower_case($row['domain_name']) == lower_case($domain_name)) { if (lower_case($row['domain_name']) == lower_case($domain_name)) {
$this->domain_uuid = $row['domain_uuid']; $domain_uuid = $row['domain_uuid'];
$domain_exists = true; $domain_exists = true;
break; break;
} }
@ -433,10 +454,10 @@ class authentication {
//if the domain exists then set domain_name and update the username //if the domain exists then set domain_name and update the username
if ($domain_exists) { if ($domain_exists) {
$this->domain_name = $domain_name; $username = substr($_SESSION['username'], 0, -(strlen($domain_name)+1));
$this->username = substr($_REQUEST["username"], 0, -(strlen($domain_name)+1)); $_SESSION['domain_name'] = $domain_name;
$_SESSION['username'] = $this->username; $_SESSION['username'] = $username;
$_SESSION['domain_uuid'] = $this->domain_uuid; $_SESSION['domain_uuid'] = $domain_uuid;
} }
//unset the domain name variable //unset the domain name variable
@ -444,22 +465,11 @@ class authentication {
} }
} }
//get the domain name from the http value
if (!empty($_REQUEST["domain_name"] ?? '')) {
$this->domain_name = $_REQUEST["domain_name"];
}
//remote port number from the domain name
$domain_array = explode(":", $this->domain_name);
if (count($domain_array) > 1) {
$this->domain_name = $domain_array[0];
}
//get the domain uuid and domain settings //get the domain uuid and domain settings
if (isset($this->domain_name) && !isset($this->domain_uuid)) { if (isset($domain_name) && !isset($domain_uuid)) {
foreach ($_SESSION['domains'] as $row) { foreach ($_SESSION['domains'] as $row) {
if (lower_case($row['domain_name']) == lower_case($this->domain_name)) { if (lower_case($row['domain_name']) == lower_case($domain_name)) {
$this->domain_uuid = $row['domain_uuid']; $domain_uuid = $row['domain_uuid'];
$_SESSION['domain_uuid'] = $row['domain_uuid']; $_SESSION['domain_uuid'] = $row['domain_uuid'];
break; break;
} }
@ -471,11 +481,11 @@ class authentication {
$obj->set(); $obj->set();
//set the domain settings //set the domain settings
$_SESSION['domain_name'] = $this->domain_name; $_SESSION['domain_name'] = $domain_name;
$_SESSION['domain_parent_uuid'] = $_SESSION["domain_uuid"]; $_SESSION['domain_parent_uuid'] = $_SESSION["domain_uuid"];
//set the domain name //set the domain name
return $this->domain_name; return $domain_name;
} }
} }

10
core/authentication/resources/classes/plugins/database.php
View File

@ -3,8 +3,7 @@
/** /**
* plugin_database * plugin_database
* *
* @method validate uses authentication plugins to check if a user is authorized to login * @method plugin_database validates the authentication using information from the database
* @method get_domain used to get the domain name from the URL or username and then sets both domain_name and domain_uuid
*/ */
class plugin_database { class plugin_database {
@ -138,6 +137,13 @@ class plugin_database {
$this->key = $_REQUEST["key"]; $this->key = $_REQUEST["key"];
} }
//get the domain name
$auth = new authentication;
$auth->get_domain();
$this->domain_uuid = $_SESSION['domain_uuid'];
$this->domain_name = $_SESSION['domain_name'];
$this->username = $_SESSION['username'];
//set the default status //set the default status
$user_authorized = false; $user_authorized = false;