Added database queries during login flow
This commit is contained in:
djpbessems
parent
118e45db9c
commit
ef4c97a784
|
|
@ -41,6 +41,18 @@ function authenticateLDAP (string $username, string $password) {
|
|||
];
|
||||
|
||||
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
|
||||
// Store authentication token in database
|
||||
$pdoQuery = $pdoDB->prepare('
|
||||
INSERT INTO SecureToken (UserId, Value)
|
||||
SELECT User.Id, :securetoken
|
||||
FROM User
|
||||
WHERE User.Username = :qualifiedusername
|
||||
');
|
||||
$pdoQuery->execute([
|
||||
'securetoken' => $secureToken,
|
||||
'qualifiedusername' => $qualifiedUsername
|
||||
]);
|
||||
|
||||
return ['status' => 'Success', 'token' => $secureToken];
|
||||
} else {
|
||||
// LDAP authentication failed!
|
||||
|
|
@ -68,12 +80,12 @@ function validateToken (string $secureToken) {
|
|||
try {
|
||||
$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
|
||||
} catch (Exception $e) {
|
||||
// Invalid token, inform client (client should handle discarding invalid token)
|
||||
return ['status' => 'Fail', 'reason' => '3'];
|
||||
// Invalid token
|
||||
return ['status' => 'Fail', 'reason' => '1'];
|
||||
}
|
||||
|
||||
$pdoQuery = $pdoDB->prepare('
|
||||
SELECT SecureToken.Payload
|
||||
SELECT SecureToken.Value
|
||||
FROM SecureToken
|
||||
LEFT JOIN User
|
||||
ON (User.Id=SecureToken.UserId)
|
||||
|
|
@ -83,16 +95,19 @@ function validateToken (string $secureToken) {
|
|||
'username' => $jwtPayload['sub']
|
||||
]);
|
||||
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
|
||||
$storedTokens[] = $row['Payload'];
|
||||
$storedTokens[] = $row['Value'];
|
||||
}
|
||||
|
||||
print_r($storedTokens);
|
||||
print_r($storedTokens);
|
||||
# if (!empty($storedTokens) && <in_array or array_walk to determine if any of the stored tokens match>) {
|
||||
|
||||
# } else {
|
||||
// No matching token in database
|
||||
# return ['status' => 'Fail', 'reason' => '2'];
|
||||
# }
|
||||
|
||||
If ($secureToken['iat'] < (time() - $settings->Session['Duration'])) {
|
||||
// Expired token (shouldn't the browser disregard it?)
|
||||
// Expired token
|
||||
return ['status' => 'Fail', 'reason' => '3'];
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
$result = authenticateLDAP($_POST['username'], $_POST['password']);
|
||||
if ($result['status'] == 'Success') {
|
||||
// Save secure token in cookie
|
||||
setcookie('JWT', $result['token'], (time() + $settings->Session['Duration']));
|
||||
setcookie('JWT', $result['token'], (time() + $settings->Session['Duration']));
|
||||
|
||||
// Convert base64 encoded string back from JSON;
|
||||
// forcing it into an associative array (instead of javascript's default StdClass object)
|
||||
|
|
|
|||
|
|
@ -35,7 +35,10 @@
|
|||
header("HTTP/1.1 202 Accepted");
|
||||
exit;
|
||||
} else {
|
||||
// No cookie containing valid authentication token found, redirecting to loginpage
|
||||
// No cookie containing valid authentication token found;
|
||||
// explicitly deleting any remaining cookie, then redirecting to loginpage
|
||||
setcookie('JWT', FALSE);
|
||||
|
||||
header("HTTP/1.1 401 Unauthorized");
|
||||
header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue