Zabbix
Public
Source
48
48
}49
49
50
50
if ($request != '') {51
51
$redirect_to->setArgument('request', $request);52
52
}53
53
54
54
try {55
55
$session_data = json_decode(base64_decode(CCookieHelper::get(ZBX_SESSION_NAME)), true);56
56
57
57
// If no session data or MFA is not required - redirect to the main login page.58
-
if (!$session_data || !array_key_exists('mfaid', $session_data)) {58
+
if (!$session_data || !array_key_exists('confirmid', $session_data)) {59
59
redirect($redirect_to->toString());60
60
}61
61
62
62
$session_data_sign = CSessionHelper::get('sign');63
63
$session_data_sign_check = CEncryptHelper::sign(json_encode(array_diff_key($session_data, array_flip(['sign']))));64
64
65
65
if (!$session_data_sign || !CEncryptHelper::checkSign($session_data_sign, $session_data_sign_check)) {66
66
throw new Exception(_('Session initialization error.'));67
67
}68
68
73
73
$duo_redirect_uri = ((new CUrl($_SERVER['REQUEST_URI']))74
74
->removeArgument('state')75
75
->removeArgument('duo_code'))76
76
->setArgument('request', $request)77
77
->toString();78
78
79
79
$full_duo_redirect_url = implode('', [HTTPS ? 'https://' : 'http://', $_SERVER['HTTP_HOST'], $duo_redirect_uri]);80
80
81
81
$confirm_data = [82
82
'sessionid' => CSessionHelper::get('confirmid'),83
-
'mfaid' => CSessionHelper::get('mfaid'),84
83
'redirect_uri' => implode('', [HTTPS ? 'https://' : 'http://', $_SERVER['HTTP_HOST'], $duo_redirect_uri])85
84
];86
85
87
86
$error = null;88
87
89
88
if (!CSessionHelper::has('state') && !hasRequest('enter')) {90
89
$data = CUser::getConfirmData($confirm_data);91
90
92
91
if ($data['mfa']['type'] == MFA_TYPE_TOTP) {93
92
session_write_close();111
110
'duo_state' => getRequest('state'),112
111
'state' => CSessionHelper::get('state'),113
112
'username' => CSessionHelper::get('username')114
113
];115
114
116
115
$confirm = CUser::confirm($confirm_data + $data);117
116
118
117
if ($confirm) {119
118
CWebUser::checkAuthentication($confirm['sessionid']);120
119
CSessionHelper::set('sessionid', CWebUser::$data['sessionid']);121
-
CSessionHelper::unset(['mfaid', 'state', 'username', 'confirmid']);120
+
CSessionHelper::unset(['state', 'username', 'confirmid']);122
121
123
122
API::getWrapper()->auth = [124
123
'type' => CJsonRpc::AUTH_TYPE_FRONTEND,125
124
'auth' => CWebUser::$data['sessionid']126
125
];127
126
128
127
$redirect = array_filter([$request, CWebUser::$data['url'], CMenuHelper::getFirstUrl()]);129
128
redirect(reset($redirect));130
129
}131
130
}