djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Compare commits

base: djpbessems:2f1beb47c7271039b14fa8782176dc84fa58d6a4
Branches Tags
djpbessems:master djpbessems:development
djpbessems:0.6 djpbessems:0.5
..
compare: djpbessems:0.5
Branches Tags
djpbessems:development djpbessems:master
djpbessems:0.6 djpbessems:0.5

1 Commits
2f1beb47c7 ... 0.5

Author SHA1 Message Date
Danny Bessems
75e8640439 Merge branch 'development' of djpbessems/lucidAuth into master 2019-06-19 10:57:55 +00:00
5 changed files with 45 additions and 45 deletions
Expand all files Collapse all files

21
README.md
View File

@ -1,19 +1,19 @@
# lucidAuth # lucidAuth
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#) [![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
Forward Authentication for use with proxies (caddy, nginx, traefik, etc) Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
## Usage ## Usage
- Create a new folder, navigate to it in a commandprompt and run the following command: - Create a new folder, navigate to it in a commandprompt and run the following command:
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git` `git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php` - Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder - Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on) - Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
- Edit your proxy's configuration to use the new website as forward proxy: - Edit your proxy's configuration to use the new website as forward proxy:
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small> - #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
- #### in Traefik - #### in Traefik
Add the following lines (change to reflect your existing configuration): Add the following lines (change to reflect your existing configuration):
``` ```
[frontends.server1] [frontends.server1]
entrypoints = ["https"] entrypoints = ["https"]
@ -25,5 +25,8 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
rule = "Host:<fqdn>" rule = "Host:<fqdn>"
``` ```
- #### Important!
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
## Questions or bugs ## Questions or bugs
Feel free to open issues in this repository. Feel free to open issues in this repository.

2
include/lucidAuth.template.php
View File

@ -15,8 +15,6 @@ $pageLayout['full'] = <<<'FULL'
<link href="misc/style.button.css" rel="stylesheet" /> <link href="misc/style.button.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
<script src="misc/script.translation.js"></script> <script src="misc/script.translation.js"></script>
<script src="https://unpkg.com/nprogress@0.2.0/nprogress.js"></script>
<link href="https://unpkg.com/nprogress@0.2.0/nprogress.css" rel="stylesheet" />
</head> </head>
<body> <body>
<div id="horizon"> <div id="horizon">

13
lucidAuth.config.php.example
View File

@ -18,16 +18,6 @@ return (object) array(
// Specify the NetBios name of the domain; to allow users to log on with just their usernames. // Specify the NetBios name of the domain; to allow users to log on with just their usernames.
], ],
'2FA' => [
'Protocol' => 'TOTP', // Possible options are HOTP (sequential codes) and TOTP (timebased codes)
'TOTP' => [
'Secret' => 'NULL', // By default, a 512 bits secret is generated. If you need, you can provide your own secret here.
'Age' => '30', // The duration that each OTP code is valid for.
'Length' => '6', // Number of digits the OTP code will consist of.
'Algorithm' => 'SHA256' // The hashing algorithm used.
],
],
'Sqlite' => [ 'Sqlite' => [
'Path' => '../data/lucidAuth.sqlite.db' 'Path' => '../data/lucidAuth.sqlite.db'
// Relative path to the location where the database should be stored // Relative path to the location where the database should be stored
@ -47,9 +37,6 @@ return (object) array(
'CrossDomainLogin' => False, 'CrossDomainLogin' => False,
// Set this to True if SingleSignOn (albeit rudementary) is desired // Set this to True if SingleSignOn (albeit rudementary) is desired
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains) // (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
// Important!
// If you leave this set to False, the domainname where lucidAuth will be running on,
// needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing the authentication proxy.
'CookieDomains' => [ 'CookieDomains' => [
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld' 'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
] ]

27
public/example.php Normal file
View File

@ -0,0 +1,27 @@
<?php
// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
// Note that is just an example. Should take precautions such as filtering the input data.
header('Content-Type: application/json');
$input = filter_input_array(INPUT_POST);
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
if (mysqli_connect_errno()) {
echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
exit;
}
if ($input['action'] === 'edit') {
$mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
} else if ($input['action'] === 'delete') {
$mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
} else if ($input['action'] === 'restore') {
$mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
}
mysqli_close($mysqli);
echo json_encode($input);

27
public/misc/script.index.js
View File

@ -40,40 +40,25 @@ $(document).ready(function(){
xhrFields: { xhrFields: {
withCredentials: true, withCredentials: true,
}, },
timeout: 750,
// origin domain should be exempted from timeout
// (because origin domain can/will be different from current domain --due to traefik design).
data: { data: {
ref: btoa(JSON.stringify({ ref: btoa(JSON.stringify({
action: 'login', action: 'login',
token: data.SecureToken token: data.SecureToken
})) }))
} }
<<<<<<< HEAD
}).done(function(_data, _textStatus, jqXHR) {
NProgress.inc(1 / XHR.length);
console.log('CrossDomain login succeeded for domain `' + domain + '` [' + JSON.stringify(jqXHR) + ']');
}).fail(function(jqXHR) {
console.log('CrossDomain login failed for domain `' + domain + '` [' + JSON.stringify(jqXHR) + ')]');
=======
}).done(function(data, textStatus) {
NProgress.inc(1 / XHR.length);
console.log('CrossDomain login step [' + data + ':' + textStatus + ']');
}).fail(function(_jqXHR, textStatus, errorThrown) {
console.log('CrossDomain login failed for at least one domain [' + textStatus + ':' + errorThrown + ']');
>>>>>>> c94b73606231da5206372f69103173d56135a960
// Should check why this failed (timeout or bad request?), and if this is the origin domain, take action
})); }));
}); });
$.when.apply($, XHR).then(function(){ $.when.apply($, XHR).then(function(){
$.each(arguments, function(_index, _arg) { $.each(arguments, function(_index, _arg) {
// Finished cross-domain logins (either successfully or through timeout) // Show progress somehow (maybe something like https://minicss.org/v2/progress)
NProgress.done();
console.log('CrossDomain login completed; forwarding to `' + data.Location + '`');
window.location.replace(data.Location);
}); });
}); });
} }
// Finished (either succesfully or through timeout) cross-domain logins
// redirect once all finished loading or timeout after $X ms
// origin domain should be exempted from timeout
// (because origin domain can/will be different from current domain --due to traefik design).
//window.location.replace(data.Location);
}, 2250); }, 2250);
} else { } else {
$('#btnlogin').css({ $('#btnlogin').css({