Use Laravel authentication

[murrant]

Use Laravel for authentication, but call into legacy auth code for now.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply 8702 and run ./build-base.php to update your db schema.

TODO:

• Implement token auth for API
• Remember Me (updated and tested)
• Two Factor Auth
• Unauth status screen
• Remove legacy includes
• API check auth
• Remove unneeded legacy code
• Test each auth type (simple tests done for mysql, ldap, and active directory)
• General Testing

Auth types tested:

• Mysql
• Active Directory
• LDAP
• Radius
• HTTP
• HTTP-LDAP
• HTTP-AD
• SSO

What to test:

• login/logout
• user management (if applicable)
• api token creation
• api access / full usage
• other auth related things
• 2FA

[laf]

Ok, first thing from me is using Firefox (not tested on other browsers). Login either with or without remember me. Close the browser and reopen. Both times you will be faced with Unauthenticated and nothing more.

Had to delete the librenms_session cookie to allow me to get back to the login page. Hitting /logout didn't make a difference.

[laf]

Second thing is the API no longer works, Get:

<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url=https://web01.lathwood.uk/login" />

        <title>Redirecting to https://web01.lathwood.uk/login</title>
    </head>
    <body>
        Redirecting to <a href="https://web01.lathwood.uk/login">https://web01.lathwood.uk/login</a>.
    </body>
</html>

[murrant]

Ready for testing. Still have some small issues to work out but I think it is all there.

[theherodied]

@murrant Using AD auth and getting `Unhandled MySQL Error [42S22] SQLSTATE[42S22]: Column not found: 1054 Unknown column 'auth_type' in 'where clause'

[theherodied]

Removed the PR and reapplied it. It's working now.

[murrant]

Yeah, you will need to apply the sql schema update to use it.

[laf]

I'm not running mysql strict here but I get:

Unhandled MySQL Error [23000] SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'can_modify_passwd' cannot be null

When trying to edit an existing user.

[laf]

Delete user redirects to dashboard: deluser?action=del&id=30 - missing .php.

[laf]

When logging in with read only user (with or without devices assigned), you see the yellow pop up of you have unpolled devices in the last 15 minutes.

[laf]

I've tried to test sso and not sure it is working. Following the test example from #7601 (comment) which I used when that auth type landed and it worked fine.

[laf]

@TheMysteriousX if you get chance, could you test this PR with SSO?

[murrant]

2FA has some issues with adding+removing tokens right now. I've got it almost worked out, but I'm running into an issue involving the ajax request setResolution.

[TheMysteriousX]

Sure, I'll give it a try when I can. Once its merged I'll look at what hooks are available in Laravel itself too - I know it has some support for single sign on.

[murrant]

Mysql error on edit fixed.
deleting user works for me, it should not end in .php
restrict polling alert to devices the user can access (or should it only be admins?) Also, should it be on every page like it is now?
I have not looked into sso or authorizers.

I noticed something odd going on with dashboards... phpdebugbar I think, will check it later.

[murrant]

@TheMysteriousX You didn't run composer install

[TheMysteriousX]

Is there a dependency that hasn't made it into composer.json?

Component | Version
--------- | -------
LibreNMS  | 1.42.01-92-g29549f6
DB Schema | 261
PHP       | 7.1.18
MySQL     | 5.5.56-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
====================================

[OK]    Composer Version: 1.7.2
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
[WARN]  Your local git branch is not master, this will prevent automatic updates.
	[FIX] You can switch back to master with git checkout master
[WARN]  Your local git contains modified files, this could prevent automatic updates.
	[FIX] You can fix this with ./scripts/github-remove
	Modified Files:

$ ./scripts/composer_wrapper.php install
> LibreNMS\ComposerHelper::preInstall
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Nothing to install or update
Generating autoload files
> LibreNMS\ComposerHelper::postInstall
> Illuminate\Foundation\ComposerScripts::postInstall
> php artisan optimize
Generating optimized class loader
The compiled services file has been removed.

[murrant]

@TheMysteriousX I think sometimes the autoloader just needs to be bumped.

[TheMysteriousX]

Apologies, I was unclear - validation passes and I've run composer install, and this still PR breaks my install regardless of auth method used.

[murrant]

@TheMysteriousX I can't reproduce the issue. Please try php artisan cache:clear.

[TheMysteriousX]

No change I'm afraid - ~~~I might have a theory though. What happens if you set the following cookie manually and try to load LibreNMS with this patchset:~~~

Tried the inverse, no change - error occurs with or without foreign cookies.

[TheMysteriousX]

Just reproduced this using the librenms docker image here: https://hub.docker.com/r/jarischaefer/docker-librenms/

root@librenms:/opt/librenms# ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 1.42.01-97-ge603fcf
DB Schema | 263
PHP       | 7.2.8-1+ubuntu16.04.1+deb.sury.org+1
MySQL     | 5.6.41
RRDTool   | 1.5.5
SNMP      | NET-SNMP 5.7.3
====================================

[OK]    Composer Version: 1.7.2
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[OK]    Database schema correct
[WARN]  You have not added any devices yet.
	[FIX] You can add a device in the webui or with ./addhost.php
[WARN]  IPv6 is disabled on your server, you will not be able to add IPv6 devices.
[WARN]  Your local git branch is not master, this will prevent automatic updates.
	[FIX] You can switch back to master with git checkout master
[WARN]  Your local git contains modified files, this could prevent automatic updates.
	[FIX] You can fix this with ./scripts/github-remove
	Modified Files:

Error is exactly the same - librenms isn't even installed yet:

[2018-08-29 16:35:25] production.ERROR: Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Illuminate\Cookie\Middleware\EncryptCookies::encrypt() must be an instance of Symfony\Component\HttpFoundation\Response, instance of Wpb\String_Blade_Compiler\View given, called in /opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php on line 59 in /opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php:123
Stack trace:
#0 /opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Cookie\Middleware\EncryptCookies->encrypt(Object(Wpb\String_Blade_Compiler\View))
#1 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(148): Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))
#2 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#3 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#4 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(574): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#5 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(533): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))
#6 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(511): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))
#7 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))
#8 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request))
#9 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#10 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(148): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))
#11 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#12 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(30): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#13 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(148): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))
#14 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#15 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#16 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(148): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle(Object(Illuminate\Http\Request), Object(Closure))
#17 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#18 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(46): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#19 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(148): Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure))
#20 /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#21 /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(102): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))
#22 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#23 /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))
#24 /opt/librenms/html/index.php(53): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))
#25 {main}

[murrant]

@TheMysteriousX
Thanks found the problem. When APP_DEBUG is disabled and there is no existing session and you visit a url besides /login, it will trigger.

There was an error in the exception handling, I hooked in at the wrong place and caused the unauthenticated exception to be handle incorrectly. (and once the session was created, it didn't trigger again)

[TheMysteriousX]

All working with fine for me with the latest changes.

[murrant]

@TheMysteriousX what authentication methods did you test? Also a huge thanks for testing :)

[TheMysteriousX]

I tested MySQL and SSO - everything seemed to work as expected, including editing, creation, password resets and all that.

[paulocoimbrati]

Authentication using LDAP not working here.

Component	Version
LibreNMS	1.43-57-g31e931d8e
DB Schema	267
PHP	7.0.27-0+deb9u1
MySQL	10.1.26-MariaDB-0+deb9u1
RRDTool	1.6.0
SNMP	NET-SNMP 5.7.3

Although, LDAP server is OK, as you can see:

./scripts/auth_test.php -u user
Authenticate user user:
AUTH SUCCESS

[titanismo]

After latest changes I can see following in librenms.log:

[2018-09-13 17:21:48] production.ERROR: 2 /opt/librenms/LibreNMS/Component.php:162 Illegal offset type
[2018-09-13 17:21:48] production.ERROR: 2 /opt/librenms/LibreNMS/Component.php:162 ksort() expects parameter 1 to be array, null given
[2018-09-13 17:21:48] production.ERROR: 2 /opt/librenms/LibreNMS/Component.php:163 Illegal offset type
[2018-09-13 17:21:48] production.ERROR: 2 /opt/librenms/LibreNMS/Component.php:163 ksort() expects parameter 1 to be array, null given

I am using old auth_method.

[murrant]

This PR has been locked as it is not the correct place to ask for help.

For help please use our Discord server or the community site: http://docs.librenms.org/Support/FAQ/#faq3