[checkmk-commits] [tribe29/checkmk] 2c5561: Multiple session infos can now be stored per user

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 2c55619fad0012d2b9dd43de2a7d74047b321467 https://github.com/tribe29/checkmk/commit/2c55619fad0012d2b9dd43de2a7d74047… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-09-29 (Tue, 29 Sep 2020) Changed paths: M cmk/gui/login.py M cmk/gui/userdb.py M tests/unit/cmk/gui/test_userdb.py Log Message: ----------- Multiple session infos can now be stored per user The session info structure will be used not only by the "single user session" feature anymore. It will be used by default. Since the default login mechanism allows multiple logins per user at a time, we have to extend the session_info data structure to be able to store multiple sessions. Next steps: Clarify naming of session methods, store user session information even when "single user session" is not enabled. CMK-5498 Change-Id: I7272ea68731c18ddc980f7c190fa8541f7434a00 Commit: ef78dc81111d3a334a328489829aeaa861eacac6 https://github.com/tribe29/checkmk/commit/ef78dc81111d3a334a328489829aeaa86… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-09-29 (Tue, 29 Sep 2020) Changed paths: M cmk/gui/userdb.py M tests/unit/cmk/gui/test_userdb.py Log Message: ----------- Clarify naming The methods now load/save multiple sessions. Reflect that in their names and mark the methods to be private. CMK-5498 Change-Id: I643762010b4af8bbfd2c00638078c5d20e56ba4d Commit: 97478fc8d4e8e7b225b30cbc6ea140db5e429c17 https://github.com/tribe29/checkmk/commit/97478fc8d4e8e7b225b30cbc6ea140db5… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-09-29 (Tue, 29 Sep 2020) Changed paths: M cmk/gui/userdb.py M tests/unit/cmk/gui/test_userdb.py Log Message: ----------- Always store user session information Instead of just working with the user sessions when the "single sessions" feature is enabled, the feature is now always enabled. The intend is to use invalidate user login sessions not only on client side (by removing a cookie), but also invalidating the session on the server side to fully terminate the login session. CMK-5080 Change-Id: I5023722624a3cdd9d18971d51e0fb60270b1e3de Commit: a3c281805f4ca4b405e7462edc40c76677c74685 https://github.com/tribe29/checkmk/commit/a3c281805f4ca4b405e7462edc40c7667… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-09-29 (Tue, 29 Sep 2020) Changed paths: M cmk/gui/login.py M cmk/gui/userdb.py M cmk/gui/wato/user_profile.py A tests/unit/cmk/gui/test_login.py M tests/unit/cmk/gui/test_userdb.py Log Message: ----------- Add login session ID to auth cookie Previously we used a separate session cookie named "session_[site]" to track the user login session ID in case the "single user session" feature was active. After we are now always storing and tracking the user sessions, there was no point in separating both cookies. The session ID has now been added to the auth cookie. This change makes the pre 2.0 cookies incompatible with the new ones. It means that all users will have to login into the GUI after the update to Checkmk 2.0. CMK-5499 Change-Id: I55f01ac6f36e78bad2b08f65d1073a62f1537847 Commit: 936140ca48d243207fde6d80e7e2eead6946fb9a https://github.com/tribe29/checkmk/commit/936140ca48d243207fde6d80e7e2eead6… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-09-29 (Tue, 29 Sep 2020) Changed paths: M cmk/gui/login.py Log Message: ----------- Use sha256 for signing auth cookie values Using md5 at this point is not a security problem, but it can be considered bad practice. In the past we have put this change on hold because we did not want to break with the compatibility of cookies of old versions. Now that we just changed the format incompatibly anyway, we can now also change the hashing algorithms without additional consequences. Change-Id: If14ad7b8a8052eb17ac9d7c0b81560d42111a30c Commit: ee82750fce85d1ed921134be34a5489be43dcede https://github.com/tribe29/checkmk/commit/ee82750fce85d1ed921134be34a5489be… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-09-29 (Tue, 29 Sep 2020) Changed paths: M cmk/gui/userdb.py M tests/unit/cmk/gui/test_userdb.py Log Message: ----------- Cleanup old auth sessions of a user When authenticating with the GUI, the existing sessions of a user are loaded and now sanitized. * Per user we can now have up to: 20 parallel login sessions. Once a user account reaches the 21st sessions, the session with the longest inactivity will be invalidated. * Existing sessions with an inactivity of more than 7 days will be invalidated. CMK-5502 Change-Id: I87ecfde9d73de06ef5742cff17c09534ba4249ac Commit: 5c014299403b64e0417e7b8a073172f36e8ecaf8 https://github.com/tribe29/checkmk/commit/5c014299403b64e0417e7b8a073172f36… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-09-29 (Tue, 29 Sep 2020) Changed paths: M .werks/11494 R omd/packages/nagvis/nagvis-1.9.22.tar.gz A omd/packages/nagvis/nagvis-1.9.23.tar.gz M omd/packages/nagvis/nagvis.make Log Message: ----------- NagVis: Updated to 1.9.23 Change-Id: Ie354bc59f01a3391758a30028172bc6dd3b92b51 Compare: https://github.com/tribe29/checkmk/compare/203748feed3a...5c014299403b