Added session details/fingerprint (w/ icons)

This commit is contained in:
Danny Bessems 2019-12-24 12:58:01 +00:00
parent 3111185c10
commit f14f3866e6
10 changed files with 42 additions and 11 deletions

View File

@ -35,14 +35,36 @@ function authenticateLDAP (string $username, string $password) {
if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) {
// Successful authentication; get additional userdetails from authenticationsource
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
// Create JWT-payload
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
$browserDetails = get_browser(null, True);
$geoLocation = json_decode(file_get_contents("http://ip-api.com/json/{$_SERVER['HTTP_X_REAL_IP']}"));
if ($geoLocation->status === 'fail') {
switch ($geoLocation->message) {
case 'private range':
case 'reserved range':
$geoLocation = json_decode(file_get_contents("http://ip-api.com/json/" . trim(file_get_contents('https://api.ipify.org')) ));
break;
case 'invalid query':
default:
$geoLocation->city = null;
$geoLocation->countryCode = null;
break;
}
}
// Create JWT-payload
$jwtPayload = [
'iat' => time(), // Issued at: time when the token was generated
'iss' => $_SERVER['SERVER_NAME'], // Issuer
'sub' => $qualifiedUsername, // Subject (ie. username)
'name' => $commonName, // Common name (as retrieved from AD)
'fp' => base64_encode(json_encode(get_browser(null, True))) // Fingerprint (based on `HTTP_USER_AGENT`)
'iat' => time(), // Issued at: time when the token was generated
'iss' => $_SERVER['SERVER_NAME'], // Issuer
'sub' => $qualifiedUsername, // Subject (ie. username)
'name' => $commonName, // Common name (as retrieved from AD)
'fp' => base64_encode(json_encode((object) [ // Fingerprint
'browser' => $browserDetails['browser'],
'platform' => $browserDetails['platform'],
'city' => $geoLocation->city,
'countrycode' => $geoLocation->countryCode
]))
];
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));

1
public/images/README.md Normal file
View File

@ -0,0 +1 @@
Browser logo's obtained from [alrra/browser-logos](https://github.com/alrra/browser-logos).

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 12 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 64 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 24 KiB

View File

@ -22,7 +22,10 @@ $(document).ready(function(){
var Sessions = JSON.parse(data.UserSessions);
for (var i = 0; i < data.SessionCount; i++) {
try {
var Fingerprint = JSON.parse(atob(Sessions[i]['fp']));
var fingerPrint = JSON.parse(atob(Sessions[i]['fp']));
var sessionDetails = '<img class="browsericon" src="/images/' + fingerPrint['browser'] + '_256x256.png">';
sessionDetails += fingerPrint['browser'] + ' -- ' + fingerPrint['platform'];
sessionDetails += '<br>' + fingerPrint['city'] + ' (' + fingerPrint['countrycode'] + ')';
} catch(e) {
// Do nothing
}
@ -34,8 +37,7 @@ $(document).ready(function(){
text: Sessions[i]['iss']
}))
.append($('<td>', {
// text: Sessions[i]['fp'] ? atob(Sessions[i]['fp'])['browser'] + '(' + atob(Sessions[i]['fp'])['platform'] + ')' : ''
text: Fingerprint ? Fingerprint['browser'] + ' (' + Fingerprint['platform'] + ')' : ''
html: sessionDetails ? sessionDetails : ''
}))
);
}

View File

@ -142,10 +142,16 @@ body {
padding-top: 5px;
background: white;
font-size: inherit;
font-weight: bold;
z-index: 99;
overflow-y: auto;
}
.main section #sessions .browsericon {
height: 30px;
float: left;
margin-right: 5px;
border: none;
filter: drop-shadow(0px 0px 1px #000);
}
.main section table {
width: 100%;
}