Added CrossDomain logging to console

README.md

@@ -1,19 +1,19 @@
 # lucidAuth
-[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)  
+[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
 
 Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
 
 ## Usage
-- Create a new folder, navigate to it in a commandprompt and run the following command:  
+- Create a new folder, navigate to it in a commandprompt and run the following command:
-  `git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`  
+  `git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
-- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`  
+- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
-- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder  
+- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
-- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)  
+- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
-- Edit your proxy's configuration to use the new website as forward proxy:  
+- Edit your proxy's configuration to use the new website as forward proxy:
   - #### ~~in Caddy/nginx~~    <small>(planned for a later stage)</small>
 
-  - #### in Traefik  
+  - #### in Traefik
-  Add the following lines (change to reflect your existing configuration):  
+  Add the following lines (change to reflect your existing configuration):
   ```
   [frontends.server1]
     entrypoints = ["https"]
@@ -25,8 +25,5 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
         rule = "Host:<fqdn>"
   ```
 
-- #### Important!  
-  The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
-
 ## Questions or bugs
 Feel free to open issues in this repository.

include/lucidAuth.template.php

@@ -15,6 +15,8 @@ $pageLayout['full'] = <<<'FULL'
     <link href="misc/style.button.css" rel="stylesheet" />
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
     <script src="misc/script.translation.js"></script>
+    <script src="https://unpkg.com/nprogress@0.2.0/nprogress.js"></script>
+    <link href="https://unpkg.com/nprogress@0.2.0/nprogress.css" rel="stylesheet" />
   </head>
   <body>
     <div id="horizon">

lucidAuth.config.php.example

@@ -18,6 +18,16 @@ return (object) array(
 		// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
 	],
 
+    '2FA'   => [
+        'Protocol'  => 'TOTP',      // Possible options are HOTP (sequential codes) and TOTP (timebased codes)
+        'TOTP'  => [
+            'Secret'    => 'NULL',  // By default, a 512 bits secret is generated. If you need, you can provide your own secret here.
+            'Age'       => '30',    // The duration that each OTP code is valid for.
+            'Length'    => '6',     // Number of digits the OTP code will consist of.
+            'Algorithm' => 'SHA256' // The hashing algorithm used.
+        ],
+    ],
+
 	'Sqlite'	=> [
 		'Path'	=> '../data/lucidAuth.sqlite.db'
 		// Relative path to the location where the database should be stored
@@ -37,6 +47,9 @@ return (object) array(
 		'CrossDomainLogin'	=> False,
 		// Set this to True if SingleSignOn (albeit rudementary) is desired
 		//   (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
+        // Important!
+        // If you leave this set to False, the domainname where lucidAuth will be running on,
+        // needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing the authentication proxy.
 		'CookieDomains'	=> [
 			'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
 		]

public/example.php

@@ -1,27 +0,0 @@
-<?php
-
-// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
-// Note that is just an example. Should take precautions such as filtering the input data.
-
-header('Content-Type: application/json');
-
-$input = filter_input_array(INPUT_POST);
-
-$mysqli = new mysqli('localhost', 'user', 'password', 'database');
-
-if (mysqli_connect_errno()) {
-  echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
-  exit;
-}
-
-if ($input['action'] === 'edit') {
-    $mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
-} else if ($input['action'] === 'delete') {
-    $mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
-} else if ($input['action'] === 'restore') {
-    $mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
-}
-
-mysqli_close($mysqli);
-
-echo json_encode($input);

public/misc/script.index.js

@@ -40,25 +40,31 @@ $(document).ready(function(){
                                 xhrFields: {
                                     withCredentials: true,
                                 },
+                                timeout: 750,
+// origin domain should be exempted from timeout
+//   (because origin domain can/will be different from current domain --due to traefik design).
                                 data: {
                                     ref: btoa(JSON.stringify({
                                         action: 'login',
                                         token: data.SecureToken
                                     }))
                                 }
+                            }).done(function(data, textStatus) {
+                                NProgress.inc(1 / XHR.length);
+                                console.log('CrossDomain login step [' + data + ':' + textStatus + ']');
+                            }).fail(function(_jqXHR, textStatus, errorThrown) {
+                                console.log('CrossDomain login failed for at least one domain [' + textStatus + ':' + errorThrown + ']');
+                                // Should check why this failed (timeout or bad request?), and if this is the origin domain, take action
                             }));
                         });
                         $.when.apply($, XHR).then(function(){
                             $.each(arguments, function(_index, _arg) {
-                                // Show progress somehow (maybe something like https://minicss.org/v2/progress)
+                                // Finished cross-domain logins (either successfully or through timeout)
+                                NProgress.done();
+                                window.location.replace(data.Location);
                             });
                         });
 					}
-                    // Finished (either succesfully or through timeout) cross-domain logins
-// redirect once all finished loading or timeout after $X ms
-// origin domain should be exempted from timeout
-//   (because origin domain can/will be different from current domain --due to traefik design).
-					//window.location.replace(data.Location);
 				}, 2250);
 			} else {
 				$('#btnlogin').css({