New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Improve authentication load time and security #6615

Merged
merged 8 commits into from May 16, 2017

Conversation

Projects
None yet
7 participants
@murrant
Member

murrant commented May 9, 2017

page/graphs speedup part 2

Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests.
Do not run through full authentication functions if the session is already authenticated.
Do not bind to AD every request when the session is already authenticated.
Extract login, logout, and remember_me functions.
Use Exceptions for authentication error handling.

Removes password from the session (See #4608)

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926

fixes: #4127

@mention-bot

This comment has been minimized.

Show comment
Hide comment
@mention-bot

mention-bot May 9, 2017

Thank you for submitting a PR @murrant! We have found the following @laf, @ekoyle and @miken32 based on the history of these files to review this PR.

mention-bot commented May 9, 2017

Thank you for submitting a PR @murrant! We have found the following @laf, @ekoyle and @miken32 based on the history of these files to review this PR.

@murrant murrant changed the title from fix: minimize session open time to fix: Graph/Page load speed. Minimize session open time. May 9, 2017

@laf

This comment has been minimized.

Show comment
Hide comment
@laf

laf May 10, 2017

Member

Still having graph issues with this and also getting kicked frequently.

One of the graph issues is that no width/height are set.

Member

laf commented May 10, 2017

Still having graph issues with this and also getting kicked frequently.

One of the graph issues is that no width/height are set.

@LibreNMS-CI

This comment has been minimized.

Show comment
Hide comment
@LibreNMS-CI

LibreNMS-CI commented May 11, 2017

Auto-Deploy finished, Test PR at http://6615.ci.librenms.org or https://6615.ci.librenms.org

@murrant murrant changed the title from fix: Graph/Page load speed. Minimize session open time. to fix: Improve Authentication load time and security May 11, 2017

@murrant murrant changed the title from fix: Improve Authentication load time and security to fix: Improve authentication load time and security May 11, 2017

murrant added some commits May 9, 2017

fix: minimize session open time
page/graphs speedup part 2

Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests.
Do not run through full authentication functions if the session is already authenticated.
Removes password from the session as well as some items to prevent session fixation from #4608.

WARNING: This will cause issues for ad/ldap users who do not have a bind user configured!
Do no erase username when using cookie auth.
Properly close the session in ajax_setresolution.php
Use exceptions for authentication and error logging
Tested: mysql, ad_auth with and without bind user
@murrant

This comment has been minimized.

Show comment
Hide comment
@murrant

murrant May 12, 2017

Member

@laf OK, I think this is ready for testing if you want to make a call. I didn't find anything obviously wrong.

I also found out calling ldap_bind() on include in ad auth was a huge waste of time if we aren't going to even use it most of the time.

Member

murrant commented May 12, 2017

@laf OK, I think this is ready for testing if you want to make a call. I didn't find anything obviously wrong.

I also found out calling ldap_bind() on include in ad auth was a huge waste of time if we aren't going to even use it most of the time.

@LibreNMS-CI

This comment has been minimized.

Show comment
Hide comment
@LibreNMS-CI

LibreNMS-CI commented May 12, 2017

Auto-Deploy finished, Test PR at http://6615.ci.librenms.org or https://6615.ci.librenms.org

@LibreNMS-CI

This comment has been minimized.

Show comment
Hide comment
@LibreNMS-CI

LibreNMS-CI commented May 12, 2017

Auto-Deploy finished, Test PR at http://6615.ci.librenms.org or https://6615.ci.librenms.org

@rbax82

This comment has been minimized.

Show comment
Hide comment
@rbax82

rbax82 May 12, 2017

Contributor

Deployed on my setup. Wow what a difference in page load time.

Contributor

rbax82 commented May 12, 2017

Deployed on my setup. Wow what a difference in page load time.

@olivierbeytrison

This comment has been minimized.

Show comment
Hide comment
@olivierbeytrison

olivierbeytrison May 12, 2017

Contributor

Currently in test on our setup with radius auth. There's a clear speed improvement!

Contributor

olivierbeytrison commented May 12, 2017

Currently in test on our setup with radius auth. There's a clear speed improvement!

@murrant

This comment has been minimized.

Show comment
Hide comment
@murrant

murrant May 12, 2017

Member

Thanks for testing! @rbax82 @olivierbeytrison

Member

murrant commented May 12, 2017

Thanks for testing! @rbax82 @olivierbeytrison

@LibreNMS-CI

This comment has been minimized.

Show comment
Hide comment
@LibreNMS-CI

LibreNMS-CI commented May 13, 2017

Auto-Deploy finished, Test PR at http://6615.ci.librenms.org or https://6615.ci.librenms.org

@scrutinizer-notifier

This comment has been minimized.

Show comment
Hide comment
@scrutinizer-notifier

scrutinizer-notifier May 13, 2017

The inspection completed: 54 new issues, 9 updated code elements

scrutinizer-notifier commented May 13, 2017

The inspection completed: 54 new issues, 9 updated code elements

@laf

laf approved these changes May 13, 2017

@laf

This comment has been minimized.

Show comment
Hide comment
@laf

laf May 13, 2017

Member

lgtm

Member

laf commented May 13, 2017

lgtm

@laf

This comment has been minimized.

Show comment
Hide comment
@laf

laf May 15, 2017

Member

@murrant Good for a merge from your perspective? If so, merge away

Member

laf commented May 15, 2017

@murrant Good for a merge from your perspective? If so, merge away

@murrant murrant merged commit 683a10e into librenms:master May 16, 2017

3 checks passed

Auto-Deploy Build finished.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
license/cla Contributor License Agreement is signed.
Details

@murrant murrant deleted the murrant:imp-sessions branch May 17, 2017

@lock

This comment has been minimized.

Show comment
Hide comment
@lock

lock bot May 18, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed.

lock bot commented May 18, 2018

This thread has been automatically locked since there has not been any recent activity after it was closed.

@lock lock bot locked as resolved and limited conversation to collaborators May 18, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.