Added database queries during login flow
This commit is contained in:
parent
118e45db9c
commit
ef4c97a784
@ -41,6 +41,18 @@ function authenticateLDAP (string $username, string $password) {
|
|||||||
];
|
];
|
||||||
|
|
||||||
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
|
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
|
||||||
|
// Store authentication token in database
|
||||||
|
$pdoQuery = $pdoDB->prepare('
|
||||||
|
INSERT INTO SecureToken (UserId, Value)
|
||||||
|
SELECT User.Id, :securetoken
|
||||||
|
FROM User
|
||||||
|
WHERE User.Username = :qualifiedusername
|
||||||
|
');
|
||||||
|
$pdoQuery->execute([
|
||||||
|
'securetoken' => $secureToken,
|
||||||
|
'qualifiedusername' => $qualifiedUsername
|
||||||
|
]);
|
||||||
|
|
||||||
return ['status' => 'Success', 'token' => $secureToken];
|
return ['status' => 'Success', 'token' => $secureToken];
|
||||||
} else {
|
} else {
|
||||||
// LDAP authentication failed!
|
// LDAP authentication failed!
|
||||||
@ -68,12 +80,12 @@ function validateToken (string $secureToken) {
|
|||||||
try {
|
try {
|
||||||
$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
|
$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
// Invalid token, inform client (client should handle discarding invalid token)
|
// Invalid token
|
||||||
return ['status' => 'Fail', 'reason' => '3'];
|
return ['status' => 'Fail', 'reason' => '1'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$pdoQuery = $pdoDB->prepare('
|
$pdoQuery = $pdoDB->prepare('
|
||||||
SELECT SecureToken.Payload
|
SELECT SecureToken.Value
|
||||||
FROM SecureToken
|
FROM SecureToken
|
||||||
LEFT JOIN User
|
LEFT JOIN User
|
||||||
ON (User.Id=SecureToken.UserId)
|
ON (User.Id=SecureToken.UserId)
|
||||||
@ -83,16 +95,19 @@ function validateToken (string $secureToken) {
|
|||||||
'username' => $jwtPayload['sub']
|
'username' => $jwtPayload['sub']
|
||||||
]);
|
]);
|
||||||
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
|
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
|
||||||
$storedTokens[] = $row['Payload'];
|
$storedTokens[] = $row['Value'];
|
||||||
}
|
}
|
||||||
|
|
||||||
print_r($storedTokens);
|
print_r($storedTokens);
|
||||||
# if (!empty($storedTokens) && <in_array or array_walk to determine if any of the stored tokens match>) {
|
# if (!empty($storedTokens) && <in_array or array_walk to determine if any of the stored tokens match>) {
|
||||||
|
|
||||||
|
# } else {
|
||||||
|
// No matching token in database
|
||||||
|
# return ['status' => 'Fail', 'reason' => '2'];
|
||||||
# }
|
# }
|
||||||
|
|
||||||
If ($secureToken['iat'] < (time() - $settings->Session['Duration'])) {
|
If ($secureToken['iat'] < (time() - $settings->Session['Duration'])) {
|
||||||
// Expired token (shouldn't the browser disregard it?)
|
// Expired token
|
||||||
return ['status' => 'Fail', 'reason' => '3'];
|
return ['status' => 'Fail', 'reason' => '3'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,7 +35,10 @@
|
|||||||
header("HTTP/1.1 202 Accepted");
|
header("HTTP/1.1 202 Accepted");
|
||||||
exit;
|
exit;
|
||||||
} else {
|
} else {
|
||||||
// No cookie containing valid authentication token found, redirecting to loginpage
|
// No cookie containing valid authentication token found;
|
||||||
|
// explicitly deleting any remaining cookie, then redirecting to loginpage
|
||||||
|
setcookie('JWT', FALSE);
|
||||||
|
|
||||||
header("HTTP/1.1 401 Unauthorized");
|
header("HTTP/1.1 401 Unauthorized");
|
||||||
header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
|
header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user