mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-28 23:19:42 -08:00
Merge remote-tracking branch 'origin/develop'
This commit is contained in:
commit
aa14d5e6b6
10
.upgrade_requirements.json
Normal file
10
.upgrade_requirements.json
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"DOC1": "This file is meant to be pulled from the current HEAD of the desired branch, NOT referenced locally",
|
||||||
|
"DOC2": "In other words, what you see locally are the requirements for your _current_ install",
|
||||||
|
"DOC3": "Please don't rely on these versions for planning upgrades unless you've fetched the most recent version",
|
||||||
|
"DOC4": "You should really just ignore it and run upgrade.php. Really",
|
||||||
|
"php_min_version": "7.4.0",
|
||||||
|
"php_max_major_minor": "8.1",
|
||||||
|
"php_max_wontwork": "8.2.0",
|
||||||
|
"current_snipeit_version": "6.3"
|
||||||
|
}
|
44
app/Console/Commands/SamlClearExpiredNonces.php
Normal file
44
app/Console/Commands/SamlClearExpiredNonces.php
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Console\Commands;
|
||||||
|
|
||||||
|
use Illuminate\Console\Command;
|
||||||
|
use App\Models\SamlNonce;
|
||||||
|
|
||||||
|
class SamlClearExpiredNonces extends Command
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* The name and signature of the console command.
|
||||||
|
*
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
protected $signature = 'saml:clear_expired_nonces';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The console command description.
|
||||||
|
*
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
protected $description = 'Clears out expired SAML assertions from the saml_nonces table';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a new command instance.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
parent::__construct();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Execute the console command.
|
||||||
|
*
|
||||||
|
* @return int
|
||||||
|
*/
|
||||||
|
public function handle()
|
||||||
|
{
|
||||||
|
SamlNonce::where('not_valid_after','<=',now())->delete();
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
|
@ -25,6 +25,7 @@ class Kernel extends ConsoleKernel
|
||||||
$schedule->command('backup:clean')->daily();
|
$schedule->command('backup:clean')->daily();
|
||||||
$schedule->command('snipeit:upcoming-audits')->daily();
|
$schedule->command('snipeit:upcoming-audits')->daily();
|
||||||
$schedule->command('auth:clear-resets')->everyFifteenMinutes();
|
$schedule->command('auth:clear-resets')->everyFifteenMinutes();
|
||||||
|
$schedule->command('saml:clear_expired_nonces')->weekly();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
namespace App\Http\Controllers\Auth;
|
namespace App\Http\Controllers\Auth;
|
||||||
|
|
||||||
use App\Http\Controllers\Controller;
|
use App\Http\Controllers\Controller;
|
||||||
|
use App\Models\SamlNonce;
|
||||||
use App\Models\Setting;
|
use App\Models\Setting;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
use App\Models\Ldap;
|
use App\Models\Ldap;
|
||||||
|
@ -109,7 +110,14 @@ class LoginController extends Controller
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$user = $saml->samlLogin($samlData);
|
$user = $saml->samlLogin($samlData);
|
||||||
|
$notValidAfter = new \Carbon\Carbon(@$samlData['assertionNotOnOrAfter']);
|
||||||
|
if(\Carbon::now()->greaterThanOrEqualTo($notValidAfter)) {
|
||||||
|
abort(400,"Expired SAML Assertion");
|
||||||
|
}
|
||||||
|
if(SamlNonce::where('nonce', @$samlData['nonce'])->count() > 0) {
|
||||||
|
abort(400,"Assertion has already been used");
|
||||||
|
}
|
||||||
|
Log::debug("okay, fine, this is a new nonce then. Good for you.");
|
||||||
if (!is_null($user)) {
|
if (!is_null($user)) {
|
||||||
Auth::login($user);
|
Auth::login($user);
|
||||||
} else {
|
} else {
|
||||||
|
@ -123,10 +131,14 @@ class LoginController extends Controller
|
||||||
$user->last_login = \Carbon::now();
|
$user->last_login = \Carbon::now();
|
||||||
$user->saveQuietly();
|
$user->saveQuietly();
|
||||||
}
|
}
|
||||||
|
$s = new SamlNonce();
|
||||||
|
$s->nonce = @$samlData['nonce'];
|
||||||
|
$s->not_valid_after = $notValidAfter;
|
||||||
|
$s->save();
|
||||||
|
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
\Log::debug('There was an error authenticating the SAML user: '.$e->getMessage());
|
\Log::debug('There was an error authenticating the SAML user: '.$e->getMessage());
|
||||||
throw new \Exception($e->getMessage());
|
throw $e;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fallthrough with better logging
|
// Fallthrough with better logging
|
||||||
|
|
15
app/Models/SamlNonce.php
Normal file
15
app/Models/SamlNonce.php
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Models;
|
||||||
|
|
||||||
|
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||||
|
use Illuminate\Database\Eloquent\Model;
|
||||||
|
|
||||||
|
class SamlNonce extends Model
|
||||||
|
{
|
||||||
|
use HasFactory;
|
||||||
|
|
||||||
|
protected $fillable = ['nonce','not_on_or_after'];
|
||||||
|
|
||||||
|
public $timestamps = false;
|
||||||
|
}
|
|
@ -394,6 +394,8 @@ class Saml
|
||||||
'nameIdSPNameQualifier' => $auth->getNameIdSPNameQualifier(),
|
'nameIdSPNameQualifier' => $auth->getNameIdSPNameQualifier(),
|
||||||
'sessionIndex' => $auth->getSessionIndex(),
|
'sessionIndex' => $auth->getSessionIndex(),
|
||||||
'sessionExpiration' => $auth->getSessionExpiration(),
|
'sessionExpiration' => $auth->getSessionExpiration(),
|
||||||
|
'nonce' => $auth->getLastAssertionId(),
|
||||||
|
'assertionNotOnOrAfter' => $auth->getLastAssertionNotOnOrAfter(),
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
|
||||||
|
class CreateSamlNonceTable extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
if (! Schema::hasTable('saml_nonces') ) {
|
||||||
|
Schema::create('saml_nonces', function (Blueprint $table) {
|
||||||
|
$table->id();
|
||||||
|
$table->string('nonce')->index();
|
||||||
|
$table->datetime('not_valid_after')->index();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
Schema::dropIfExists('saml_nonces');
|
||||||
|
}
|
||||||
|
}
|
39
upgrade.php
39
upgrade.php
|
@ -1,8 +1,24 @@
|
||||||
<?php
|
<?php
|
||||||
(PHP_SAPI !== 'cli' || isset($_SERVER['HTTP_USER_AGENT'])) && die('Access denied.');
|
(PHP_SAPI !== 'cli' || isset($_SERVER['HTTP_USER_AGENT'])) && die('Access denied.');
|
||||||
|
|
||||||
$php_min_works = '7.4.0';
|
$app_environment = 'develop';
|
||||||
$php_max_wontwork = '8.2.0';
|
|
||||||
|
// Check if a branch or tag was passed in the command line,
|
||||||
|
// otherwise just use master
|
||||||
|
(array_key_exists('1', $argv)) ? $branch = $argv[1] : $branch = 'master';
|
||||||
|
|
||||||
|
|
||||||
|
// Fetching most current upgrade requirements from github. Read more here: https://github.com/snipe/snipe-it/pull/14127
|
||||||
|
$remote_requirements_file = "https://raw.githubusercontent.com/snipe/snipe-it/$branch/.upgrade_requirements.json";
|
||||||
|
$upgrade_requirements = json_decode(file_get_contents($remote_requirements_file), true);
|
||||||
|
|
||||||
|
if (! $upgrade_requirements) {
|
||||||
|
die("\nERROR: Failed to retrieve remote requirements from $remote_requirements_file\nExiting.\n\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
$php_min_works = $upgrade_requirements['php_min_version'];
|
||||||
|
$php_max_wontwork = $upgrade_requirements['php_max_wontwork'];
|
||||||
|
// done fetching requirements
|
||||||
|
|
||||||
|
|
||||||
if ((strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') || (!function_exists('posix_getpwuid'))) {
|
if ((strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') || (!function_exists('posix_getpwuid'))) {
|
||||||
|
@ -17,12 +33,6 @@ if ((strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') || (!function_exists('posix_get
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
$app_environment = 'develop';
|
|
||||||
|
|
||||||
// Check if a branch or tag was passed in the command line,
|
|
||||||
// otherwise just use master
|
|
||||||
(array_key_exists('1', $argv)) ? $branch = $argv[1] : $branch = 'master';
|
|
||||||
|
|
||||||
echo "--------------------------------------------------------\n";
|
echo "--------------------------------------------------------\n";
|
||||||
echo "WELCOME TO THE SNIPE-IT UPGRADER! \n";
|
echo "WELCOME TO THE SNIPE-IT UPGRADER! \n";
|
||||||
echo "--------------------------------------------------------\n\n";
|
echo "--------------------------------------------------------\n\n";
|
||||||
|
@ -45,6 +55,12 @@ echo "--------------------------------------------------------\n\n";
|
||||||
|
|
||||||
// Check the .env looks ok
|
// Check the .env looks ok
|
||||||
$env = file('.env');
|
$env = file('.env');
|
||||||
|
if (! $env){
|
||||||
|
echo "\n!!!!!!!!!!!!!!!!!!!!!!!!!! .ENV FILE ERROR !!!!!!!!!!!!!!!!!!!!!!!!!!\n";
|
||||||
|
echo "Your .env file doesn't seem to exist in this directory or isn't readable! Please look into that.\n";
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
$env_good = '';
|
$env_good = '';
|
||||||
$env_bad = '';
|
$env_bad = '';
|
||||||
|
|
||||||
|
@ -133,7 +149,7 @@ if ($env_bad !='') {
|
||||||
echo "!!!!!!!!!!!!!!!!!!!!!!!!! ABORTING THE UPGRADER !!!!!!!!!!!!!!!!!!!!!!\n";
|
echo "!!!!!!!!!!!!!!!!!!!!!!!!! ABORTING THE UPGRADER !!!!!!!!!!!!!!!!!!!!!!\n";
|
||||||
echo "Please correct the issues above in ".getcwd()."/.env and try again.\n";
|
echo "Please correct the issues above in ".getcwd()."/.env and try again.\n";
|
||||||
echo "--------------------------------------------------------\n";
|
echo "--------------------------------------------------------\n";
|
||||||
exit;
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -152,7 +168,7 @@ if ((version_compare(phpversion(), $php_min_works, '>=')) && (version_compare(ph
|
||||||
echo "Snipe-IT requires PHP versions between ".$php_min_works." and ".$php_max_wontwork.".\n";
|
echo "Snipe-IT requires PHP versions between ".$php_min_works." and ".$php_max_wontwork.".\n";
|
||||||
echo "Please install a compatible version of PHP and re-run this script again. \n";
|
echo "Please install a compatible version of PHP and re-run this script again. \n";
|
||||||
echo "!!!!!!!!!!!!!!!!!!!!!!!!! ABORTING THE UPGRADER !!!!!!!!!!!!!!!!!!!!!!\n";
|
echo "!!!!!!!!!!!!!!!!!!!!!!!!! ABORTING THE UPGRADER !!!!!!!!!!!!!!!!!!!!!!\n";
|
||||||
exit;
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "Checking Required PHP extensions... \n\n";
|
echo "Checking Required PHP extensions... \n\n";
|
||||||
|
@ -240,7 +256,7 @@ if ($ext_missing!='') {
|
||||||
echo "ABORTING THE INSTALLER \n";
|
echo "ABORTING THE INSTALLER \n";
|
||||||
echo "Please install the extensions above and re-run this script.\n";
|
echo "Please install the extensions above and re-run this script.\n";
|
||||||
echo "--------------------------------------------------------\n";
|
echo "--------------------------------------------------------\n";
|
||||||
exit;
|
exit(1);
|
||||||
} else {
|
} else {
|
||||||
echo $ext_installed."\n";
|
echo $ext_installed."\n";
|
||||||
|
|
||||||
|
@ -295,6 +311,7 @@ if ($dirs_not_writable!='') {
|
||||||
echo "--------------------- !! ERROR !! ----------------------\n";
|
echo "--------------------- !! ERROR !! ----------------------\n";
|
||||||
echo "Please check the permissions on the directories above and re-run this script.\n";
|
echo "Please check the permissions on the directories above and re-run this script.\n";
|
||||||
echo "------------------------- :( ---------------------------\n\n";
|
echo "------------------------- :( ---------------------------\n\n";
|
||||||
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue