Commits
Pavels Jelisejevs authored ea43e723bb9
A......... [ZBX-7703] fixed being able to switch users without proper credentials when using HTTP authentication Before the fix: - When Zabbix was configured to use HTTP authentication, an API user could login with his HTTP authentication credentials and then use the user.login method to login as a different user without specifying a password. After the fix: - The user.login method will now check if the user name passed to the method is the same as the name used for HTTP authentication. That way an API user will only be able to login as a user for which he has HTTP authentication credentials. The method will now also throw an error if HTTP authentication is selected in Zabbix, but not configured on the web server.