djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Implemented storage of authentication token in database and cookies (latter are isolated per domain)

Browse Source
This commit is contained in:
djpbessems
2019-01-28 11:48:05 +01:00
parent ef4c97a784
commit 0c8b672b41
4 changed files with 51 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
public/lucidAuth.login.php
View File

@ -3,11 +3,26 @@
include_once('../include/lucidAuth.functions.php');
if ($_POST['do'] == 'login') {
if ($_POST['do'] === 'login') {
$result = authenticateLDAP($_POST['username'], $_POST['password']);
if ($result['status'] == 'Success') {
// Save secure token in cookie
setcookie('JWT', $result['token'], (time() + $settings->Session['Duration']));
if ($result['status'] === 'Success') {
// Save authentication token in database
$pdoQuery = $pdoDB->prepare('
INSERT INTO SecureToken (UserId, Value)
SELECT User.Id, :securetoken
FROM User
WHERE User.Username = :qualifiedusername
');
$pdoQuery->execute([
':securetoken' => $result['token'],
':qualifiedusername' => $settings->LDAP['Domain'] . '\\' . $_POST['username']
]);
// Save authentication token in cookie
$httpHost = $_SERVER['HTTP_HOST'];
$cookieDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpHost) {
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
}))[0];
setcookie('JWT', $result['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain);
// Convert base64 encoded string back from JSON;
// forcing it into an associative array (instead of javascript's default StdClass object)

5
public/lucidAuth.validateRequest.php
View File

@ -18,7 +18,6 @@
// For debugging purposes - enable it in ../lucidAuth.config.php
if ($settings->Debug['LogToFile']) {
file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT)) . PHP_EOL, FILE_APPEND);
file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --+ ' . (base64_encode(json_encode($proxyHeaders))) . PHP_EOL, FILE_APPEND);
}
# if (sizeof($proxyHeaders) == 0) {
@ -28,9 +27,7 @@
exit;
}
if (!empty($_COOKIE['JWT']) && validateToken([
'JWT' => $_COOKIE['JWT']
])['status'] == "Success") {
if (!empty($_COOKIE['JWT']) && validateToken($_COOKIE['JWT'])['status'] == "Success") {
// Valid authentication token found
header("HTTP/1.1 202 Accepted");
exit;