Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reinstate missing plugin hooks for 'custom_logout_message' and 'custom_denied' #2426

Closed
ddb4github opened this issue Feb 18, 2019 · 7 comments
Assignees
Labels
bug Undesired behaviour plugins Plugin related issue resolved A fixed issue
Milestone

Comments

@ddb4github
Copy link
Contributor

ddb4github commented Feb 18, 2019

In 0.8.8x, Cacti auto-logout will forward to:

  If "Web Server Auth"
    hook: custom_logout_message
    Or buildin  "logout message", reminder "close browser to end session"
  else
    index page

Since 1.x, Cacti auto-logout will forward to:

  if timeout
    buildin  "logout message", reminder "close your browser or login again"
  else If "Web Server Auth"
    hook: custom_logout_message
    Or buildin  "logout message", reminder "close your browser or login again"
  else
    index page

Issue:

  1. Keep consistency between similar behavior and hook, So "timeout-->logout message" should support hook:custom_logout_message too
  2. Does "Web Server Auth" support re-login? To-Be-Verified.
  3. Current "Permission Denied" UI is more like "Logout/Login", prefer to support a new hook like 'custom_denied_message'
2019-02-18 original issue body
-------------------------------------------------------------------------------------------------
lib/auth.php miss to support hook 'custom_logout_message' like logout.php
Actually, lib/auth.php should redirect to permission_denied.php if authentication failure.

Steps to reproduce the behavior:
0. Register something to hook: custom_logout_message
1. Access User(edit)->Permission(tab), 
2. Unselect a permission of test page, and click save.
3. Directly access test page by browser URL bar
4. See error message

Expectation:  redirect to permission_denied.php to support custom_logout_message```
@netniV
Copy link
Member

netniV commented Feb 19, 2019

In 1.3, the permission_denied.php file will likely disappear as I had already had plans to make the dialog an inline display rather than separate file.

In 1.2 and below, the permission_denied.php is only used by graph.php and graph_view.php, the realm permissions are handled by include/auth.php

custom_logout_message is used by logout.php, and is specific to being logged out of the system. That is only hooked if the authentication method is set to 2 (Web server auth).

@ddb4github ddb4github changed the title lib/auth.php miss to support hook 'custom_logout_message' like logout.php various issues about hook 'custom_logout_message' Feb 20, 2019
@ddb4github
Copy link
Contributor Author

In 1.3, the permission_denied.php file will likely disappear as I had already had plans to make the dialog an inline display rather than separate file.

dialog might be not safety if someone directly access unauthorized page from URL bar. e.g. from browser history/bookmark/....
dialog should be valid under click->jQuery->ajax load mode

In 1.2 and below, the permission_denied.php is only used by graph.php and graph_view.php, the realm permissions are handled by include/auth.php

Prefer to combine them as one file/function

custom_logout_message is used by logout.php, and is specific to being logged out of the system. That is only hooked if the authentication method is set to 2 (Web server auth).

Refer updated issue body

@netniV
Copy link
Member

netniV commented Feb 20, 2019

When I say dialog, I do mean functionalised, so that the permission denied is displayed and the page content suppressed. It's the output that to me looks like a dialog so bad terminology on my part.

I think the idea of providing a custom_denied message can be useful for your own look/feel to it using the same RESKIN options that can be used on logout and having login operate the same way too.

@ddb4github
Copy link
Contributor Author

ddb4github commented Feb 20, 2019

Yea:thumbsup:, Both custom_denied(for denied) and custom_logout_message(for timeout)

@cigamit
Copy link
Member

cigamit commented Feb 21, 2019

Can you do a pull request on this. Should be strait forward.

@netniV
Copy link
Member

netniV commented Feb 21, 2019

There is a re-jig required for it, I will take it as an enhancement because there are a number of changes related that I was looking at (but we ripped back out because it was too close to the beta release).

@netniV netniV added this to the Cacti 1.3 milestone Feb 21, 2019
@netniV netniV added enhancement General tag for an enhancement plugins Plugin related issue labels Feb 21, 2019
@netniV netniV self-assigned this Feb 21, 2019
cigamit added a commit that referenced this issue Feb 23, 2019
Various issues about hook 'custom_logout_message'
@cigamit cigamit added bug Undesired behaviour resolved A fixed issue and removed enhancement General tag for an enhancement labels Feb 23, 2019
@cigamit
Copy link
Member

cigamit commented Feb 23, 2019

Marking as a bug since these hooks were removed some time ago. Marking resolved after the last change. Discussing raise_message() for ajax based permission denied. So, keeping open for the moment.

@netniV netniV changed the title various issues about hook 'custom_logout_message' Reinstate missing plugin hooks for 'custom_logout_message' and 'custom_denied' Feb 24, 2019
@netniV netniV closed this as completed Feb 24, 2019
@netniV netniV modified the milestones: v1.3.0, 1.2.2, v1.2.2 Jul 19, 2019
ddb4github pushed a commit to ddb4github/documentation that referenced this issue Apr 20, 2020
TheWitness pushed a commit to Cacti/documentation that referenced this issue Apr 20, 2020
…#2426 (#77)

Co-authored-by: Jing Chen <three_chenjing@sohu.com>
@github-actions github-actions bot locked and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour plugins Plugin related issue resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

3 participants