Source of CControllerAuthenticationUpdate.php - Zabbix

Raw file
Source viewDiff to previous
19.27 KB
 
<?php
/*
** Copyright (C) 2001-2025 Zabbix SIA
**
** This program is free software: you can redistribute it and/or modify it under the terms of
** the GNU Affero General Public License as published by the Free Software Foundation, version 3.
**
** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
** See the GNU Affero General Public License for more details.
**
** You should have received a copy of the GNU Affero General Public License along with this program.
** If not, see <https://www.gnu.org/licenses/>.
**/
​
​
class CControllerAuthenticationUpdate extends CController {
​
    /**
     * @var CControllerResponseRedirect
     */
    private $response;
​
    private const PROVISION_ENABLED_FIELDS = ['group_basedn', 'group_member', 'group_membership',  'group_name',
        'user_username', 'user_lastname', 'uer_ref_attr', 'provision_groups', 'provision_media'
    ];
​
    protected function init() {
        $this->response = new CControllerResponseRedirect((new CUrl('zabbix.php'))
            ->setArgument('action', 'authentication.edit')
            ->getUrl()
        );
    }
​
    protected function checkInput() {
        global $ALLOW_HTTP_AUTH;
​
        $fields = [
            'form_refresh' =>                   'int32',
            'authentication_type' =>            'in '.ZBX_AUTH_INTERNAL.','.ZBX_AUTH_LDAP,
            'disabled_usrgrpid' =>              'id',
            'ldap_auth_enabled' =>              'in '.ZBX_AUTH_LDAP_DISABLED.','.ZBX_AUTH_LDAP_ENABLED,
            'ldap_servers' =>                   'array',
            'ldap_default_row_index' =>         'int32',
            'ldap_case_sensitive' =>            'in '.ZBX_AUTH_CASE_INSENSITIVE.','.ZBX_AUTH_CASE_SENSITIVE,
            'ldap_removed_userdirectoryids' =>  'array_id',
            'ldap_jit_status' =>                'in '.JIT_PROVISIONING_DISABLED.','.JIT_PROVISIONING_ENABLED,
            'jit_provision_interval' =>         'db config.jit_provision_interval|time_unit_year '.implode(':', [SEC_PER_HOUR, 25 * SEC_PER_YEAR]),
            'saml_auth_enabled' =>              'in '.ZBX_AUTH_SAML_DISABLED.','.ZBX_AUTH_SAML_ENABLED,
            'saml_jit_status' =>                'in '.JIT_PROVISIONING_DISABLED.','.JIT_PROVISIONING_ENABLED,
            'idp_entityid' =>                   'db userdirectory_saml.idp_entityid',
            'sso_url' =>                        'db userdirectory_saml.sso_url',
            'slo_url' =>                        'db userdirectory_saml.slo_url',
            'username_attribute' =>             'db userdirectory_saml.username_attribute',
            'sp_entityid' =>                    'db userdirectory_saml.sp_entityid',
            'nameid_format' =>                  'db userdirectory_saml.nameid_format',
            'sign_messages' =>                  'in 0,1',
            'sign_assertions' =>                'in 0,1',
            'sign_authn_requests' =>            'in 0,1',
            'sign_logout_requests' =>           'in 0,1',
            'sign_logout_responses' =>          'in 0,1',
            'encrypt_nameid' =>                 'in 0,1',
            'encrypt_assertions' =>             'in 0,1',