djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Babysteps towards cross-domain-cookies-in-iframes

Browse Source
This commit is contained in:
Danny Bessems 2019-03-13 09:59:12 +00:00
parent 0a5384f6a8
commit a20f13ab7c
3 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/lucidAuth.template.php
View File

@ -13,7 +13,7 @@ $pageLayout['full'] = <<<'FULL'
<link href="misc/style.css" rel="stylesheet" /> <link href="misc/style.css" rel="stylesheet" />
<link href="misc/style.theme.css" rel="stylesheet" /> <link href="misc/style.theme.css" rel="stylesheet" />
<link href="misc/style.button.css" rel="stylesheet" /> <link href="misc/style.button.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
<script src="misc/script.translation.js"></script> <script src="misc/script.translation.js"></script>
</head> </head>
<body> <body>
@ -79,7 +79,7 @@ $pageLayout['bare'] = <<<'BARE'
<meta charset="utf-8" /> <meta charset="utf-8" />
<title>lucidAuth</title> <title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" /> <meta name="application-name" content="lucidAuth" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
<script src="misc/script.iframe.js"></script> <script src="misc/script.iframe.js"></script>
</head> </head>
<body> <body>
@ -119,7 +119,7 @@ LOGIN;
$contentLayout['manage']['header'] = <<<'MANAGE_HEADER' $contentLayout['manage']['header'] = <<<'MANAGE_HEADER'
<script src="misc/script.editable.table.js"></script> <script src="misc/script.editable.table.js"></script>
<script src="misc/script.manage.js"></script> <script src="misc/script.manage.js"></script>
<span id="user"><span data-translation="span_loggedinas">Logged in as</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="#" tabindex="800" data-translation="link_logout">Logout</a>]</span> <span id="user"><span data-translation="span_loggedinas">Logged in as</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" class="current" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" href="#" tabindex="700">NL</a>]&nbsp;[<a id="linklogout" href="#" tabindex="800" data-translation="link_logout">Logout</a>]</span>
<ul style="clear: both; margin-top: 20px;"> <ul style="clear: both; margin-top: 20px;">
<li class="buttons"> <li class="buttons">
<button id="btnnewuser" class="bttn-simple bttn-xs bttn-primary" data-translation="button_new">new</button> <button id="btnnewuser" class="bttn-simple bttn-xs bttn-primary" data-translation="button_new">new</button>

19
public/lucidAuth.setXDomainCookie.php
View File

@ -3,7 +3,6 @@
include_once('../include/lucidAuth.functions.php'); include_once('../include/lucidAuth.functions.php');
// Start with checking $_REQUEST['ref'] // Start with checking $_REQUEST['ref']
// What do we need? // What do we need?
// token again? // token again?
@ -16,6 +15,24 @@
// let the client setup multiple iframes for all domains other than origin domains // let the client setup multiple iframes for all domains other than origin domains
// this requires passing an array of domains to the client in asynchronous reply; which feels insecure // this requires passing an array of domains to the client in asynchronous reply; which feels insecure
if (!empty($_REQUEST['ref'])) {
try {
$queryString = json_decode(base64_decode($_REQUEST['ref']), JSON_OBJECT_AS_ARRAY);
}
catch (Exception $e) {
// Silently fail, unless explicitly specified otherwise
if ($settings->Debug['Verbose']) throw new Exception($e);
exit;
}
switch ($queryString['action']) {
case 'login':
break;
default:
break;
}
}
include_once('../include/lucidAuth.template.php'); include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['bare'], echo sprintf($pageLayout['bare'],

8
public/misc/script.manage.js
View File

@ -22,9 +22,9 @@ $(document).ready(function(){
.append($('<td>', { .append($('<td>', {
class: 'immutable', class: 'immutable',
html: '<button class="bttn-simple bttn-xs bttn-primary disabled" data-translation="button_sessions" disabled="true">' + html: '<button class="bttn-simple bttn-xs bttn-primary disabled" data-translation="button_sessions" disabled="true">' +
locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'nl')]['button_sessions'] + '</button>&nbsp;' + locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_sessions'] + '</button>&nbsp;' +
'<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">' + '<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">' +
locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'nl')]['button_delete'] + locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_delete'] +
'</button>' '</button>'
})) }))
); );
@ -69,6 +69,10 @@ console.log({'new': newEntries, 'removed': removedEntries});
window.location.reload(); window.location.reload();
}); });
$('#linklogout').click(function() {
console.log('Logging out!');
});
if (localStorage.getItem('theme') !== null) { if (localStorage.getItem('theme') !== null) {
$('#theme').addClass(localStorage.getItem('theme')); $('#theme').addClass(localStorage.getItem('theme'));
} }