项目最近有一个需求就是想把zabbix网站作为插件集成到项目,实现从主网站直接登录zabbix的功能。查了sso单点登录,发现公司的项目没有一个单独的sso验证系统,没法和原生的zabbix系统共享用户验证,sso单点登录这个方案行不通,就开始看zabbix登录的代码,看看能不能找不到解决办法。看了zabbix的登录函数,它有两种登录方式,一种是通过登录页面,填写表单的形式;第二种是通过获取sessionid,如果能获取到sessionid就登录成功。这样就好办多了,从主网站登录zabbix,没有登录页面,只能是提前获取zabbix的sessionid,然后把它写进去,登录的时候就能获取到sessionID了。下面是具体的代码实现:
index.php
// login via form
$local_url = $_SERVER['QUERY_STRING'];
if (isset($_REQUEST['enter']) && $_REQUEST['enter'] == _('Sign in') && ($local_url == null | $local_url == ' ') ) {
// try to login
$autoLogin = getRequest('autologin', 0);
DBstart();
$loginSuccess = CWebUser::login(getRequest('name', ''), getRequest('password', ''));
DBend(true);
if ($loginSuccess) {
// save remember login preference
$user = ['autologin' => $autoLogin];
if (CWebUser::$data['autologin'] != $autoLogin) {
API::User()->updateProfile($user);
}
$request = getRequest('request');
if (!zbx_empty($request)) {
$url = $request;
}
elseif (!zbx_empty(CWebUser::$data['url'])) {
$url = CWebUser::$data['url'];
}
else {
$url = ZBX_DEFAULT_URL;
}
redirect($url);
exit;
}
// login failed, fall back to a guest account
else {
CWebUser::checkAuthentication(null);
}
}
else {
// login the user from the session,if the session id is empty - login as a guest
if($local_url){
$session_id = explode('=', $local_url)[1];
CWebUser::setSessionCookie($session_id); # 将sessionid写在url里,然后从url中获取sessionid,然后再把sessionid写进去
$url = "zabbix.php?action=dashboard.view";
header("Location:$url"); # 302跳转
exit;
}
CWebUser::checkAuthentication(CWebUser::getSessionCookie());
}
获取token:
通过zabbix的user.login函数获取tokenID, tokenID 就是sessionID
data = json.dumps({
"jsonrpc": "2.0",
"method": "user.login",
"params": {
"user": "test",
"password": "xxxxxxx",
},
"id": 3
})
header = {"Content-Type": "application/json"}
try:
req = requests.post("http://127.0.0.0/zabbix/api_jsonrpc.php", headers=header, data=data)
except Exception ,exc:
pass
else:
rest = req.json()
toekn_id = rest.get("result")