composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-19 16:48:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
jf-cbd
2026-03-06 16:53:14 +01:00
parent fea51d740d
commit a02db83d0a
3 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/config.class.inc.php
View File

@@ -1738,7 +1738,7 @@ class Config
'source_of_value' => '',
'show_in_conf_sample' => false,
],
'security.force_login_when_no_authentication_policy' => [
'security.force_login_when_no_delegated_authentication_endpoints_list' => [
'type' => 'bool',
'description' => 'If true, when no execution policy is defined, the user will be forced to log in (instead of being automatically logged in with the default profile)',
'default' => false,

9
pages/exec.php
View File

@@ -104,19 +104,16 @@ require_once(APPROOT.'/application/startup.inc.php');
$aModuleDelegatedExecutionPolicy = GetModuleDelegatedExecutionPolicy($sModule);
if (is_null($aModuleDelegatedExecutionPolicy) || !in_array($sPage, $aModuleDelegatedExecutionPolicy)) {
// TODO in N°9343 : remove the conf 'security.force_login_when_no_authentication_policy' to perform login by default when no execution policy is defined
$bForceLoginWhenNoExecutionPolicy = MetaModel::GetConfig()->Get('security.force_login_when_no_authentication_policy');
// TODO in N°9343 : remove the conf and this 'if' condition to perform login by default when no execution policy is defined
$bForceLoginWhenNoExecutionPolicy = MetaModel::GetConfig()->Get('security.force_login_when_no_delegated_authentication_endpoints_list');
if ($bForceLoginWhenNoExecutionPolicy) {
LoginWebPage::DoLoginEx();
}
}
if (is_null($aModuleDelegatedExecutionPolicy) && !MetaModel::GetConfig()->Get('security.force_login_when_no_authentication_policy')) {
// TODO in N°9343 : remove this if statement and its content
if (is_null($aModuleDelegatedExecutionPolicy) && !MetaModel::GetConfig()->Get('security.force_login_when_no_delegated_authentication_endpoints_list')) {
// check if user is not logged in, if not log a warning in the log file as the page is executed without login, which is not recommended for security reason
if (is_null(UserRights::GetUserId())) {
IssueLog::Warning("The page '$sPage' is called be executed without login. In the future, this call will be blocked, and will likely cause unwanted behavior in the module '$sModule'.
Please define an execution policy for the module as described in https://www.itophub.io/wiki/page?id=3_2_0:customization:new_extension#security.");
Please define an execution policy for the module as described in https://www.itophub.io/wiki/page?id=latest:customization:new_extension#security.");
}
}
if (is_array($aModuleDelegatedExecutionPolicy) && !in_array($sPage, $aModuleDelegatedExecutionPolicy)) {

2
tests/php-unit-tests/integration-tests/login-tests/LoginWebPageTest.php
View File

@@ -95,7 +95,7 @@ class LoginWebPageTest extends ItopDataTestCase
public function testNoPolicyFileWithForceLoginConf()
{
MetaModel::GetConfig()->Set('security.force_login_when_no_authentication_policy', true);
MetaModel::GetConfig()->Set('security.force_login_when_no_delegated_authentication_endpoints_list', true);
$sPageContent = $this->CallItopUri(
"pages/exec.php?exec_module=extension-with-execution-policy&exec_page=src/Controller/FileNotInExecutionPolicy.php",