Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
2f8d4ae8
Commit
2f8d4ae8
authored
Nov 10, 2015
by
Ad Schellevis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
(legacy) add api keys to system_usermanager.php + fix issue when removing user (regression)
parent
7e5ff770
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
134 additions
and
3 deletions
+134
-3
system_usermanager.php
src/www/system_usermanager.php
+134
-3
No files found.
src/www/system_usermanager.php
View file @
2f8d4ae8
...
...
@@ -205,6 +205,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
gettext
(
"association removed."
);
redirectHeader
(
"system_usermanager.php?savemsg="
.
$savemsg
.
"&act=edit&userid="
.
$id
);
exit
;
}
elseif
(
$act
==
"newApiKey"
&&
isset
(
$id
))
{
// every action is using the sequence of the user, to keep it understandable, we will use
// the same strategy here (although we need a username to work with)
//
// the client side is (jquery) generates the actual download file.
$username
=
$a_user
[
$id
][
'name'
];
$authFactory
=
new
\OPNsense\Auth\AuthenticationFactory
;
$authenticator
=
$authFactory
->
get
(
"Local API"
);
$keyData
=
$authenticator
->
createKey
(
$username
);
if
(
$keyData
!=
null
)
{
echo
json_encode
(
$keyData
);
}
exit
;
}
elseif
(
$act
==
'delApiKey'
&&
isset
(
$id
))
{
$username
=
$a_user
[
$id
][
'name'
];
if
(
!
empty
(
$pconfig
[
'api_delete'
]))
{
$authFactory
=
new
\OPNsense\Auth\AuthenticationFactory
;
$authenticator
=
$authFactory
->
get
(
"Local API"
);
$authenticator
->
dropKey
(
$username
,
$pconfig
[
'api_delete'
]);
$savemsg
=
gettext
(
"API key"
)
.
"
{
$pconfig
[
'api_delete'
]
}
"
.
gettext
(
"removed."
);
}
else
{
$savemsg
=
gettext
(
'No API key found'
);
}
// redirect
redirectHeader
(
"system_usermanager.php?savemsg="
.
$savemsg
.
"&act=edit&userid="
.
$id
);
exit
;
}
elseif
(
isset
(
$pconfig
[
'save'
]))
{
// save user
/* input validation */
...
...
@@ -509,11 +536,12 @@ $( document ).ready(function() {
// remove user
$
(
"
.act-del-user
"
).
click
(
function
(
event
){
var
userid
=
$
(
this
).
data
(
'
userid
'
);
var
username
=
$
(
this
).
data
(
'
username
'
);
event
.
preventDefault
();
BootstrapDialog
.
show
({
type
:
BootstrapDialog
.
TYPE_INFO
,
title
:
"
<?=
gettext
(
"User"
);
?>
"
,
message
:
'
<?=
gettext
(
"Do you really want to delete this user?"
);
?>
'
+
'
<br/>(
'
+
user
id
+
"
)
"
,
message
:
'
<?=
gettext
(
"Do you really want to delete this user?"
);
?>
'
+
'
<br/>(
'
+
user
name
+
"
)
"
,
buttons
:
[{
label
:
"
<?=
gettext
(
"No"
);
?>
"
,
action
:
function
(
dialogRef
)
{
...
...
@@ -521,7 +549,7 @@ $( document ).ready(function() {
}},
{
label
:
"
<?=
gettext
(
"Yes"
);
?>
"
,
action
:
function
(
dialogRef
)
{
$
(
"
#user
name
"
).
val
(
userid
);
$
(
"
#user
id
"
).
val
(
userid
);
$
(
"
#act2
"
).
val
(
"
deluser
"
);
$
(
"
#iform2
"
).
submit
();
}
...
...
@@ -549,6 +577,53 @@ $( document ).ready(function() {
}
});
// generate a new API key for this user
$
(
"
#newApiKey
"
).
click
(
function
(
event
){
event
.
preventDefault
();
$
.
post
(
window
.
location
,
{
act
:
'
newApiKey
'
,
userid
:
$
(
"
#userid
"
).
val
()
},
function
(
data
)
{
if
(
data
[
'
key
'
]
!=
undefined
)
{
// only generate a key file if there's data
output_data
=
'
key=
'
+
data
[
'
key
'
]
+
'
\n
'
+
'
secret=
'
+
data
[
'
secret
'
]
+
'
\n
'
;
// create link, click and send to client
$
(
'
<a></a>
'
)
.
attr
(
'
id
'
,
'
downloadFile
'
)
.
attr
(
'
href
'
,
'
data:text/csv;charset=utf8,
'
+
encodeURIComponent
(
output_data
))
.
attr
(
'
download
'
,
'
apikey.ini
'
)
.
appendTo
(
'
body
'
);
$
(
'
#downloadFile
'
).
ready
(
function
()
{
$
(
'
#downloadFile
'
).
get
(
0
).
click
();
});
// reload form
location
.
reload
();
}
},
'
json
'
);
});
// delete API key
$
(
"
.act-del-api-key
"
).
click
(
function
(
event
){
event
.
preventDefault
();
var
apiKey
=
$
(
this
).
data
(
'
key
'
);
BootstrapDialog
.
show
({
type
:
BootstrapDialog
.
TYPE_INFO
,
title
:
"
<?=
gettext
(
"User"
);
?>
"
,
message
:
'
<?=
gettext
(
"Do you really want to delete this API key?"
);
?>
'
+
'
<br/><small>(
'
+
apiKey
.
substring
(
0
,
40
)
+
"
...)</small>
"
,
buttons
:
[{
label
:
"
<?=
gettext
(
"No"
);
?>
"
,
action
:
function
(
dialogRef
)
{
dialogRef
.
close
();
}},
{
label
:
"
<?=
gettext
(
"Yes"
);
?>
"
,
action
:
function
(
dialogRef
)
{
$
(
"
#act
"
).
val
(
"
delApiKey
"
);
$
(
"
#api_delete
"
).
val
(
apiKey
);
$
(
"
#iform
"
).
submit
();
}
}]
});
});
});
</script>
...
...
@@ -572,6 +647,7 @@ $( document ).ready(function() {
<
input
type
=
"hidden"
id
=
"act"
name
=
"act"
value
=
"<?=
$act
;?>"
/>
<
input
type
=
"hidden"
id
=
"userid"
name
=
"userid"
value
=
"<?=(isset(
$id
) ?
$id
: '');?>"
/>
<
input
type
=
"hidden"
id
=
"priv_delete"
name
=
"priv_delete"
value
=
""
/>
<!--
delete
priv
action
-->
<
input
type
=
"hidden"
id
=
"api_delete"
name
=
"api_delete"
value
=
""
/>
<!--
delete
api
ke
action
-->
<
input
type
=
"hidden"
id
=
"certid"
name
=
"certid"
value
=
""
/>
<!--
remove
cert
association
action
-->
<
table
class
="
table
table
-
striped
">
<tr>
...
...
@@ -800,6 +876,60 @@ $( document ).ready(function() {
</table>
</td>
</tr>
<tr>
<td><a
id=
"help_for_apikeys"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"API keys"
);
?>
</td>
<td>
<!-- -->
<table
class=
"table table-condensed"
>
<thead>
<tr>
<th>
<?=
gettext
(
'key'
);
?>
</th>
<th>
</th>
</tr>
</thead>
<tbody>
<?php
if
(
isset
(
$a_user
[
$id
][
'apikeys'
][
'item'
]))
:
foreach
(
$a_user
[
$id
][
'apikeys'
][
'item'
]
as
$userApiKey
)
:?>
<
tr
>
<
td
>
<
small
>
<?
php
// listtags always changes our key item to an array.. ?>
<?
php
// don't want to change "key" to something less sane. ?>
<?=
$userApiKey
[
'key'
][
0
];
?>
<small>
</td>
<td>
<button
data-key=
"
<?=
$userApiKey
[
'key'
][
0
];
?>
"
type=
"button"
class=
"btn btn-default btn-xs act-del-api-key"
title=
"
<?=
gettext
(
"delete API key"
);
?>
"
data-toggle=
"tooltip"
data-placement=
"left"
>
<span
class=
"glyphicon glyphicon-trash"
></span>
</button>
</td>
</tr>
<?php
endforeach
;
endif
;
?>
</tbody>
<tfoot>
<tr>
<td></td>
<td>
<button
type=
"button"
class=
"btn btn-default btn-xs"
id=
"newApiKey"
title=
"
<?=
gettext
(
"create API key"
);
?>
"
data-toggle=
"tooltip"
data-placement=
"left"
>
<span
class=
"glyphicon glyphicon-plus"
></span>
</button>
</td>
</tr>
</tfoot>
</table>
<div
class=
"hidden"
for=
"help_for_apikeys"
>
<?=
gettext
(
'manage API keys here for machine to machine interaction using this users credentials'
);
?>
</div>
</td>
</tr>
<?php
else
:
if
(
is_array
(
$config
[
'ca'
])
&&
count
(
$config
[
'ca'
])
>
0
)
:
...
...
@@ -943,7 +1073,8 @@ $( document ).ready(function() {
<?php
if
(
$userent
[
'scope'
]
!=
"system"
)
:?>
<
button
type
=
"button"
class
="
btn
btn
-
default
btn
-
xs
act
-
del
-
user
"
data-userid="
<?=
$userent
[
'name'
];
?>
" title="
<?=
gettext
(
"delete user"
);
?>
" data-toggle="tooltip"
data-username="
<?=
$userent
[
'name'
];
?>
"
data-userid="
<?=
$i
?>
" title="
<?=
gettext
(
"delete user"
);
?>
" data-toggle="tooltip"
data-placement="left" >
<span
class=
"glyphicon glyphicon-remove"
></span>
</button>
<?php
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
