<?php
class CControllerAuthenticationEdit extends CController {
protected function init() {
$this->disableCsrfValidation();
}
protected function checkInput() {
global $ALLOW_HTTP_AUTH;
$fields = [
'form_refresh' => 'int32',
'authentication_type' => 'in '.ZBX_AUTH_INTERNAL.','.ZBX_AUTH_LDAP,
'disabled_usrgrpid' => 'id',
'ldap_auth_enabled' => 'in '.ZBX_AUTH_LDAP_DISABLED.','.ZBX_AUTH_LDAP_ENABLED,
'ldap_servers' => 'array',
'ldap_default_row_index' => 'int32',
'ldap_case_sensitive' => 'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE,
'ldap_removed_userdirectoryids' => 'array_id',
'jit_provision_interval' => 'db config.jit_provision_interval',
'ldap_jit_status' => 'in '.JIT_PROVISIONING_DISABLED.','.JIT_PROVISIONING_ENABLED,
'saml_auth_enabled' => 'in '.ZBX_AUTH_SAML_DISABLED.','.ZBX_AUTH_SAML_ENABLED,
'saml_jit_status' => 'in '.JIT_PROVISIONING_DISABLED.','.JIT_PROVISIONING_ENABLED,
'idp_entityid' => 'db userdirectory_saml.idp_entityid',
'sso_url' => 'db userdirectory_saml.sso_url',
'slo_url' => 'db userdirectory_saml.slo_url',
'username_attribute' => 'db userdirectory_saml.username_attribute',
'sp_entityid' => 'db userdirectory_saml.sp_entityid',
'nameid_format' => 'db userdirectory_saml.nameid_format',
'sign_messages' => 'in 0,1',
'sign_assertions' => 'in 0,1',
'sign_authn_requests' => 'in 0,1',
'sign_logout_requests' => 'in 0,1',
'sign_logout_responses' => 'in 0,1',
'encrypt_nameid' => 'in 0,1',
'encrypt_assertions' => 'in 0,1',
'saml_provision_status' => 'in '.JIT_PROVISIONING_DISABLED.','.JIT_PROVISIONING_ENABLED,
'saml_case_sensitive' => 'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE,
'saml_group_name' => 'db userdirectory_saml.group_name',
'saml_user_username' => 'db userdirectory_saml.user_username',
'saml_user_lastname' => 'db userdirectory_saml.user_lastname',
'saml_provision_groups' => 'array',
'saml_provision_media' => 'array',
'scim_status' => 'in '.ZBX_AUTH_SCIM_PROVISIONING_DISABLED.','.ZBX_AUTH_SCIM_PROVISIONING_ENABLED,
'passwd_min_length' => 'int32',
'passwd_check_rules' => 'int32|ge 0|le '.(PASSWD_CHECK_CASE | PASSWD_CHECK_DIGITS | PASSWD_CHECK_SPECIAL | PASSWD_CHECK_SIMPLE),
'mfa_status' => 'in '.MFA_DISABLED.','.MFA_ENABLED,
'mfa_methods' => 'array',
'mfa_default_row_index' => 'int32',
'mfa_removed_mfaids' => 'array_id'
];
if ($ALLOW_HTTP_AUTH) {
$fields += [
'http_auth_enabled' => 'in '.ZBX_AUTH_HTTP_DISABLED.','.ZBX_AUTH_HTTP_ENABLED,
'http_login_form' => 'in '.ZBX_AUTH_FORM_ZABBIX.','.ZBX_AUTH_FORM_HTTP,
'http_strip_domains' => 'db config.http_strip_domains',
'http_case_sensitive' => 'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE
];
}
$ret = $this->validateInput($fields);
if (!$ret) {
$this->setResponse(new CControllerResponseFatal());
}
return $ret;
}