djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Compare commits

base: djpbessems:ac546633d17c265c7672f8d055820e357cf2a919
Branches Tags
djpbessems:master djpbessems:development
djpbessems:0.6 djpbessems:0.5
...
compare: djpbessems:0.6
Branches Tags
djpbessems:development djpbessems:master
djpbessems:0.6 djpbessems:0.5

37 Commits
ac546633d1 ... 0.6

Author SHA1 Message Date
Danny Bessems
69bb1368cb Periodic merge upstream 2019-12-30 12:18:42 +00:00
Danny Bessems
aabc6cf196 Pulled changes from master 2019-12-30 11:58:51 +00:00
Danny Bessems
f7760ab568 Added UI elements for managing sessions 2019-12-30 11:44:35 +00:00
Danny Bessems
f14f3866e6 Added session details/fingerprint (w/ icons) 2019-12-24 12:58:01 +00:00
Danny Bessems
3111185c10 Added garbage collection for expired and defunct tokens in database. 2019-12-10 15:57:06 +00:00
Danny Bessems
5c2ae98afb Update 'README.md' 2019-12-09 09:27:59 +00:00
Danny Bessems
6f53abf521 First draft of session management for admins 2019-12-06 15:15:38 +00:00
Danny Bessems
018b74e140 Update 'README.md' 2019-12-06 14:08:19 +00:00
Danny Bessems
160784c912 Merge branch 'development' of https://code.spamasaurus.com/djpbessems/lucidAuth into development 2019-12-06 13:13:49 +00:00
Danny Bessems
ad20071a86 Added CrossDomain logging to console 2019-12-06 13:13:35 +00:00
Danny Bessems
0a6d0bf329 Resolved mergeconflicts 2019-12-06 12:58:24 +00:00
Danny Bessems
2f1beb47c7 Resolved mergeconflict 2019-12-06 12:56:31 +00:00
Danny Bessems
e520108237 Added CrossDomain logging to console 2019-12-06 12:55:10 +00:00
Danny Bessems
c94b736062 Added CrossDomain logging to console 2019-12-04 12:04:20 +00:00
Danny Bessems
e17aed8297 Added initial config for TOTP; for use with the Spomky-Labs/otphp class 2019-08-20 11:48:40 +00:00
Danny Bessems
2a56efd353 added placeholders for error handling in CrossDomainLogin 2019-06-20 08:02:42 +00:00
Danny Bessems
55413d20c5 Merge branch 'development' of djpbessems/lucidAuth into master 2019-06-20 07:50:15 +00:00
Danny Bessems
ba6b6f277a Added external library NProgress and ajax-timeouts 2019-06-19 13:27:00 +00:00
Danny Bessems
75e8640439 Merge branch 'development' of djpbessems/lucidAuth into master 2019-06-19 10:57:55 +00:00
Danny Bessems
dca8f74f25 Minor edits (housekeeping) 2019-06-19 10:55:01 +00:00
Danny Bessems
21f272e9f0 Renamed file to reflect actual purpose 2019-06-19 10:37:20 +00:00
Danny Bessems
5a2d3313e7 Added missing CORS headers and xhrFields 2019-06-19 10:34:31 +00:00
Danny Bessems
6081e42d14 Resolved merge conflicts 2019-06-19 10:14:04 +00:00
Danny Bessems
0675ad8512 Controller for cross-domain iframes added 2019-06-19 10:09:46 +00:00
Danny Bessems
ee35696cd4 Controller for cross-domain iframes added 2019-06-18 13:21:44 +00:00
Danny Bessems
e3405369ca Delete 'public/misc/script.theme.js' 2019-03-13 10:53:22 +00:00
Danny Bessems
f9664eab18 Periodic merge upstream 
Resolved merge conflicts
 2019-03-13 10:44:00 +00:00
Danny Bessems
a20f13ab7c Babysteps towards cross-domain-cookies-in-iframes 2019-03-13 09:59:12 +00:00
Danny Bessems
0a5384f6a8 Authentication failed due to case sensitive SQL-queries 2019-03-07 19:50:04 +00:00
Danny Bessems
3dbb6b9932 Implemented GUI aspect of usermanagement page 
TODO: add ajax-call that will update database
 2019-03-06 14:21:47 +01:00
Danny Bessems
958897dc0a Implemented GUI aspect of usermanagement page 
TODO: add ajax-call that will update database
 2019-03-06 14:18:07 +01:00
Danny Bessems
a049bdbd24 Refactored template; make main content scrollable without overflow 
Switched to Flexbox CSS based layout
Retargeted HTML-elements for theming
 2019-03-05 11:14:17 +01:00
Danny Bessems
efc66fc3d8 Refactored template; make main content scrollable without overflow 
Switched to Flexbox CSS based layout
Removed theme-easteregg.
 2019-03-05 10:12:26 +01:00
Danny Bessems
1548cd4bb6 Managementinterface retrieves data from database; 
Table on interface is editable; replaced library.
 2019-03-04 10:43:08 +01:00
Danny Bessems
b5df954322 Managementinterface retrieves data from database; 
Table on interface is editable; replaced library.
 2019-03-03 17:06:41 +01:00
Danny Bessems
c8fe81d222 Migrated IDE platform; accepting nonexisting diffs to make IDE happy 2019-02-27 21:39:31 +01:00
djpbessems
1ffa164160 Added placeholder management page (usermanagement, dbmanagement) 2019-02-25 15:00:32 +01:00
25 changed files with 816 additions and 328 deletions
Expand all files Collapse all files

36
README.md
View File

@ -1,5 +1,5 @@
# lucidAuth
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
# lucidAuth [![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
> *Respect* the unexpected, mitigate your risks
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
@ -14,6 +14,7 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
- #### in Traefik
Add the following lines (change to reflect your existing configuration):
##### 1.7
```
[frontends.server1]
entrypoints = ["https"]
@ -24,6 +25,37 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
[frontends.server1.routes.ext]
rule = "Host:<fqdn>"
```
##### 2.0
Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration:
```
entryPoints:
https:
address: :443
forwardedHeaders:
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.0/24"
# insecure: true
```
Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider:
```
https:
middlewares:
ldap-authentication:
forwardAuth:
address: "https://<fqdn>/lucidAuth.validateRequest.php"
trustForwardHeader: true
```
And finally add the new middleware to your service (different methods; this depends on your configuration):
```
# as a label (when using Docker provider)
traefik.http.routers.router1.middlewares: "ldap-authentication@file"
# as yaml (when using file provider)
routers:
router1:
middlewares:
- "ldap-authentication"
```
- #### Important!
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.

122
include/lucidAuth.functions.php
View File

@ -36,12 +36,35 @@ function authenticateLDAP (string $username, string $password) {
// Successful authentication; get additional userdetails from authenticationsource
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
$browserDetails = get_browser(null, True);
$geoLocation = json_decode(file_get_contents("http://ip-api.com/json/{$_SERVER['HTTP_X_REAL_IP']}"));
if ($geoLocation->status === 'fail') {
switch ($geoLocation->message) {
case 'private range':
case 'reserved range':
$geoLocation = json_decode(file_get_contents("http://ip-api.com/json/" . trim(file_get_contents('https://api.ipify.org')) ));
break;
case 'invalid query':
default:
$geoLocation->city = null;
$geoLocation->countryCode = null;
break;
}
}
// Create JWT-payload
$jwtPayload = [
'iat' => time(), // Issued at: time when the token was generated
'iss' => $_SERVER['SERVER_NAME'], // Issuer
'sub' => $qualifiedUsername, // Subject (ie. username)
'name' => $commonName // Common name (as retrieved from AD)
'name' => $commonName, // Common name (as retrieved from AD)
'fp' => base64_encode(json_encode((object) [ // Fingerprint
'browser' => $browserDetails['browser'],
'platform' => $browserDetails['platform'],
'city' => $geoLocation->city,
'countrycode' => $geoLocation->countryCode
]))
];
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
@ -66,11 +89,11 @@ function storeToken (string $secureToken, string $qualifiedUsername, string $htt
INSERT INTO SecureToken (UserId, Value)
SELECT User.Id, :securetoken
FROM User
WHERE User.Username = :qualifiedusername
WHERE LOWER(User.Username) = :qualifiedusername
');
$pdoQuery->execute([
':securetoken' => $secureToken,
':qualifiedusername' => $qualifiedUsername
':qualifiedusername' => strtolower($qualifiedUsername)
]);
}
catch (Exception $e) {
@ -114,18 +137,19 @@ function validateToken (string $secureToken) {
// Retrieve all authentication tokens from database matching username
$pdoQuery = $pdoDB->prepare('
SELECT SecureToken.Value
SELECT User.Id, SecureToken.Value
FROM SecureToken
LEFT JOIN User
ON (User.Id=SecureToken.UserId)
WHERE User.Username = :username
WHERE LOWER(User.Username) = :username
');
$pdoQuery->execute([
':username' => (string)$jwtPayload->sub
':username' => (string) strtolower($jwtPayload->sub)
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
try {
$storedTokens[] = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
$currentUserId = $row['Id'];
} catch (Exception $e) {
continue;
}
@ -135,9 +159,12 @@ function validateToken (string $secureToken) {
if (!empty($storedTokens) && sizeof(array_filter($storedTokens, function ($value) use ($jwtPayload) {
return $value->iat === $jwtPayload->iat;
})) === 1) {
purgeTokens($currentUserId, $settings->Session['Duration']);
return [
'status' => 'Success',
'name' => $jwtPayload->name
'name' => $jwtPayload->name,
'uid' => $currentUserId
];
} else {
if ($settings->Debug['LogToFile']) {
@ -147,4 +174,85 @@ function validateToken (string $secureToken) {
}
}
function purgeTokens(int $userID, int $maximumTokenAge) {
global $settings, $pdoDB;
$defunctTokens = []; $expiredTokens = [];
$pdoQuery = $pdoDB->prepare('
SELECT SecureToken.Id, SecureToken.Value
FROM SecureToken
WHERE SecureToken.UserId = :userid
');
$pdoQuery->execute([
':userid' => (int) $userID
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
try {
$token = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
if ($token->iat < (time() - $maximumTokenAge)) {
$expiredTokens[] = $row['Id'];
}
} catch (Exception $e) {
$defunctTokens[] = $row['Id'];
}
}
try {
// Sadly, PDO does not support named parameters in constructions like 'IN ( :array )'
// instead, the supported syntax is unnamed placeholders like 'IN (?, ?, ?, ...)'
$pdoQuery = $pdoDB->prepare('
DELETE FROM SecureToken
WHERE SecureToken.Id IN (' . implode( ',', array_fill(0, count(array_merge($defunctTokens, $expiredTokens)), '?')) . ')
');
$pdoQuery->execute(array_merge($defunctTokens, $expiredTokens));
if ($settings->Debug['LogToFile']) {
file_put_contents('../purgeToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Garbage collection succeeded (' . $userID . ' => #' . $pdoQuery->rowCount() . ')' . PHP_EOL, FILE_APPEND);
}
return [
'status' => 'Success',
'amount' => $pdoQuery->rowCount()
];
} catch (Exception $e) {
if ($settings->Debug['LogToFile']) {
file_put_contents('../purgeToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Garbage collection failed (' . $userID . ' => ' . $e . ')' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => $e];
}
}
function deleteToken(array $tokenIDs, int $userID) {
try {
// Sadly, PDO does not support named parameters in constructions like 'IN ( :array )'
// instead, the supported syntax is unnamed placeholders like 'IN (?, ?, ?, ...)'
$pdoQuery = $pdoDB->prepare('
DELETE FROM SecureToken
WHERE SecureToken.Id IN (' . implode( ',', array_fill(0, count($tokenIDs), '?')) . ')
AND SecureToken.UserId = :userid
');
$pdoQuery->execute($tokenIDs,[
':userid' => (int) $userID
]);
if ($settings->Debug['LogToFile']) {
file_put_contents('../deleteToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Successfully deleted specific token(s) (' . $userID . ' => #' . $pdoQuery->rowCount() . ')' . PHP_EOL, FILE_APPEND);
}
return [
'status' => 'Success',
'amount' => $pdoQuery->rowCount()
];
} catch (Exception $e) {
if ($settings->Debug['LogToFile']) {
file_put_contents('../deleteToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Failed deleting specific token(s) (' . $userID . ' => ' . $e . ')' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => $e];
}
}
?>

107
include/lucidAuth.template.php
View File

@ -10,15 +10,13 @@ $pageLayout['full'] = <<<'FULL'
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<meta name="theme-color" content="#003399" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/manifest.json" />
<link href="misc/style.css" rel="stylesheet" />
<link href="misc/style.theme.css" rel="stylesheet" />
<link href="misc/style.button.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.theme.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
<script src="misc/script.translation.js"></script>
<script src="https://unpkg.com/nprogress@0.2.0/nprogress.js"></script>
<link href="https://unpkg.com/nprogress@0.2.0/nprogress.css" rel="stylesheet" />
</head>
<body>
<div id="horizon">
@ -36,34 +34,60 @@ $pageLayout['full'] = <<<'FULL'
</html>
FULL;
$pageLayout['bare'] = <<<'BARE'
$pageLayout['full_alt'] = <<<'FULL_ALT'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.iframe.js"></script>
<meta name="theme-color" content="#003399" />
<link href="misc/style.css" rel="stylesheet" />
<link href="misc/style.panes.css" rel="stylesheet" />
<link href="misc/style.button.css" rel="stylesheet" />
<link href="misc/style.theme.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
<script src="misc/script.translation.js"></script>
</head>
<body>
<div class="wrapper">
<section id="theme" class="content">
<div class="columns">
<main class="main">
<header class="header">
<div class="logo">
<div class="left"><div class="middle">lucidAuth</div></div><div class="right"></div>
<div class="sub"><em>Respect</em> the unexpected; mitigate your risks</div>
</div>
%1$s
</header>
<section>
%2$s
</section>
</main>
<aside class="sidebar-first"></aside>
<aside class="sidebar-second"></aside>
</div>
</section>
</div>
</body>
</html>
BARE;
FULL_ALT;
$contentLayout['login'] = <<<'LOGIN'
<script src="misc/script.index.js"></script>
<fieldset>
<legend>Login Details</legend>
<section>
<ul>
<li class="misc">
<span class="indent">&nbsp;</span>
</li>
<li>
<label class="pre" for="username" data-translation="label_username">Gebruikersnaam:</label>
<label class="pre" for="username" data-translation="label_username">Username:</label>
<input type="text" id="username" name="username" tabindex="100" />
<label for="username">@lucidAuth</label>
</li>
<li>
<label class="pre" for="password" data-translation="label_password">Wachtwoord:</label>
<label class="pre" for="password" data-translation="label_password">Password:</label>
<input type="password" id="password" name="password" tabindex="200" />
</li>
<li>
@ -71,44 +95,59 @@ $contentLayout['login'] = <<<'LOGIN'
<button id="btnlogin" class="bttn-simple bttn-xs bttn-primary" tabindex="300" data-translation="button_login">login</button>
</li>
<li class="misc">
<span class="indent">&nbsp;</span>
</li>
<li class="misc">
<span class="indent" data-translation="span_credentialsavailable">Inloggegevens verkrijgbaar op aanvraag!</span>
<span class="indent" data-translation="span_credentialsavailable">Login credentials available upon request!</span>
</li>
</ul>
</fieldset>
</section>
<img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" />
LOGIN;
$contentLayout['manage'] = <<<'MANAGE'
$contentLayout['manage']['header'] = <<<'MANAGE_HEADER'
<script src="misc/script.editable.table.js"></script>
<script src="misc/script.manage.js"></script>
<span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="#" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
<fieldset style="clear: both;">
<legend>Beheer Gebruikers</legend>
<span id="user"><span data-translation="span_loggedinas">Logged in as</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" class="current" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" href="#" tabindex="700">NL</a>]&nbsp;[<a id="linklogout" href="#" tabindex="800" data-translation="link_logout">Logout</a>]</span>
<ul style="clear: both; margin-top: 20px;">
<li class="buttons">
<button id="btnnewuser" class="bttn-simple bttn-xs bttn-primary" data-translation="button_new">new</button>
&nbsp;
<button id="btnsave" class="bttn-simple bttn-xs bttn-primary" data-translation="button_save">save</button>
<button id="btncancel" class="bttn-simple bttn-xs bttn-primary" data-translation="button_cancel">cancel</button>
</li>
</ul>
MANAGE_HEADER;
$contentLayout['manage']['section'] = <<<'MANAGE_SECTION'
<ul>
<li>
<table id="tabletest">
<table id="usertable">
<thead>
<tr>
<th>Username</th>
<th>Role</th>
<th>Sessions</th>
<th class="immutable" data-translation="th_username">Username</th>
<th class="immutable" data-translation="th_role">Role</th>
<th class="immutable" data-translation="th_manage">Manage</th>
</tr>
</thead>
<tbody>
%2$s
%1$s
</tbody>
</table>
</li>
<li>
<button id="btnaliasadd" class="bttn-simple bttn-xs bttn-primary" tabindex="200" data-translation="button_add">voeg toe</button>
<button id="btnaliasdelete" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_delete">verwijder</button>
<button id="btnsync" class="bttn-simple bttn-xs bttn-primary" tabindex="500" data-translation="button_sync">synchroniseer</button>
<div id="sessions">
<span data-translation="label_sessions" style="float: left; margin-left: 5px;">Sessions</span>
<br>
<table id="sessiontable">
<thead>
<tr>
<th data-translation="th_timestamp">Timestamp</th>
<th data-translation="th_origin">&lt;origin&gt;</th>
<th data-translation="th_description">Description</th>
<th data-translation="th_manage">Manage</th>
</tr>
</thead>
<tbody>
</tbody>
</table>
</div>
</li>
</ul>
</fieldset>
MANAGE;
MANAGE_SECTION;
?>

13
lucidAuth.config.php.example
View File

@ -18,6 +18,16 @@ return (object) array(
// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
],
'2FA' => [
'Protocol' => 'TOTP', // Possible options are HOTP (sequential codes) and TOTP (timebased codes)
'TOTP' => [
'Secret' => 'NULL', // By default, a 512 bits secret is generated. If you need, you can provide your own secret here.
'Age' => '30', // The duration that each OTP code is valid for.
'Length' => '6', // Number of digits the OTP code will consist of.
'Algorithm' => 'SHA256' // The hashing algorithm used.
],
],
'Sqlite' => [
'Path' => '../data/lucidAuth.sqlite.db'
// Relative path to the location where the database should be stored
@ -37,6 +47,9 @@ return (object) array(
'CrossDomainLogin' => False,
// Set this to True if SingleSignOn (albeit rudementary) is desired
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
// Important!
// If you leave this set to False, the domainname where lucidAuth will be running on,
// needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing the authentication proxy.
'CookieDomains' => [
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
]

27
public/example.php
View File

@ -1,27 +0,0 @@
<?php
// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
// Note that is just an example. Should take precautions such as filtering the input data.
header('Content-Type: application/json');
$input = filter_input_array(INPUT_POST);
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
if (mysqli_connect_errno()) {
echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
exit;
}
if ($input['action'] === 'edit') {
$mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
} else if ($input['action'] === 'delete') {
$mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
} else if ($input['action'] === 'restore') {
$mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
}
mysqli_close($mysqli);
echo json_encode($input);

1
public/images/README.md Normal file
View File

@ -0,0 +1 @@
Browser logo's obtained from [alrra/browser-logos](https://github.com/alrra/browser-logos).

BIN
public/images/chrome_256x256.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
public/images/edge_256x256.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
public/images/firefox_256x256.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
public/images/opera_256x256.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
public/images/safari_256x256.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

BIN
public/images/tor_256x256.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

6
public/lucidAuth.login.php
View File

@ -14,7 +14,6 @@
"Result" => "Failure",
"Reason" => "Failed storing authentication token in database and/or cookie"
]);
# echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
exit;
}
@ -30,7 +29,6 @@
"Result" => "Failure",
"Reason" => "Original request-URI lost in transition"
]);
# echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
exit;
}
$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
@ -40,7 +38,9 @@
echo json_encode([
"Result" => "Success",
"Location" => $originalUri,
"CrossDomainLogin" => $settings->Session['CrossDomainLogin']
"CrossDomainLogin" => $settings->Session['CrossDomainLogin'],
"CookieDomains" => json_encode(array_diff($settings->Session['CookieDomains'], [$_SERVER['HTTP_HOST']])),
"SecureToken" => $result['token']
]);
} else {
switch ($result['reason']) {

57
public/lucidAuth.manage.php
View File

@ -8,36 +8,73 @@
}
if ($validateTokenResult['status'] === "Success") {
if ($_REQUEST['do'] === 'retrievesessions') {
$storedTokens = [];
$pdoQuery = $pdoDB->prepare('
SELECT SecureToken.Id, SecureToken.UserId, SecureToken.Value
FROM SecureToken
WHERE SecureToken.UserId = :userid
');
$pdoQuery->execute([
':userid' => (int) $_REQUEST['userid']
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
try {
$JWTPayload = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
$storedTokens[] = [
'tid' => $row['Id'],
'iat' => $JWTPayload->iat,
'iss' => $JWTPayload->iss,
'fp' => $JWTPayload->fp
];
} catch (Exception $e) {
// Invalid token
continue;
}
}
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Success",
"SessionCount" => sizeof($storedTokens),
"UserSessions" => json_encode($storedTokens)
]);
} else {
// No action requested, default action
include_once('../include/lucidAuth.template.php');
try {
$allUsers = $pdoDB->query('
SELECT User.Username, Role.Rolename, COUNT(DISTINCT SecureToken.Value) AS Sessions
SELECT User.Id, User.Username, Role.Rolename
FROM User
LEFT JOIN Role
ON (User.RoleId=Role.Id)
LEFT JOIN SecureToken
ON (User.Id=SecureToken.UserId)
ON (Role.Id = User.RoleId)
')->fetchAll(PDO::FETCH_ASSOC);
} catch (Exception $e) {
// Should really do some actual errorhandling here
throw new Exception($e);
}
foreach($allUsers as $row) {
$tableRows[] = sprintf('<tr><td>%1$s</td><td>%2$s</td><td>%3$s</td></tr>',
$tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
$validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
$row['Id'],
explode('\\', $row['Username'])[1],
$row['Rolename'],
$row['Sessions']
'<button class="bttn-simple bttn-xs bttn-primary session" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : '&nbsp;<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')
);
}
echo sprintf($pageLayout['full'],
sprintf($contentLayout['manage'],
$validateTokenResult['name'],
echo sprintf($pageLayout['full_alt'],
sprintf($contentLayout['manage']['header'],
$validateTokenResult['name']
),
sprintf($contentLayout['manage']['section'],
implode($tableRows)
)
);
}
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage

59
public/lucidAuth.requestCookie.php Normal file
View File

@ -0,0 +1,59 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
// Start with checking $_REQUEST['ref']
if (!empty($_REQUEST['ref'])) {
try {
$queryString = json_decode(base64_decode($_REQUEST['ref']), JSON_OBJECT_AS_ARRAY);
}
catch (Exception $e) {
// Silently fail, unless explicitly specified otherwise
header("HTTP/1.1 400 Bad Request");
if ($settings->Debug['Verbose']) throw new Exception($e);
exit;
}
switch ($queryString['action']) {
case 'login':
if (validateToken($queryString['token'])['status'] === "Success") {
// This request appears valid; try storing a cookie
$httpHost = $_SERVER['HTTP_HOST'];
$httpOrigin = $_SERVER['HTTP_ORIGIN'];
// Check if $_SERVER['HTTP_HOST'] and $_SERVER['HTTP_ORIGIN'] match any of the configured domains (either explicitly or as a subdomain)
// This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
$cookieDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpHost) {
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
}))[0];
$originDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpOrigin) {
return (strlen($value) > strlen($httpOrigin)) ? false : (0 === substr_compare($httpOrigin, $value, -strlen($value)));
}))[0];
if (($cookieDomain && (is_null($httpOrigin) || $originDomain)) && setcookie('JWT', $queryString['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400');
header("HTTP/1.1 202 Accepted");
exit;
}
else {
header("HTTP/1.1 400 Bad Request");
exit;
}
}
else {
header("HTTP/1.1 401 Unauthorized");
exit;
}
break;
default:
header("HTTP/1.1 400 Bad Request");
exit;
break;
}
}
else {
header("HTTP/1.1 400 Bad Request");
exit;
}
?>

24
public/lucidAuth.setXDomainCookie.php
View File

@ -1,24 +0,0 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
// Start with checking $_REQUEST['ref']
// What do we need?
// token again?
// approach 1:
// origin domain, so we can intersect with $settings->Session['CookieDomains'] and iterate through the remaining domains, serving them in one page (which contains iframes already)
// this might be slower because it means one additional roundtrip between client and server
// approach 2:
// let the client setup multiple iframes for all domains other than origin domains
// this requires passing an array of domains to the client in asynchronous reply; which feels insecure
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['bare'],
'// iFrames go here'
);
?>

2
public/lucidAuth.validateRequest.php
View File

@ -22,7 +22,7 @@
if (sizeof($proxyHeaders) === 0) {
// Non-proxied request; this is senseless, go fetch!
header("HTTP/1.1 403 Forbidden");
header("HTTP/1.1 400 Bad Request");
exit;
}

4
public/misc/script.editable.table.js
View File

@ -13,7 +13,7 @@ $.fn.editableTableWidget = function (options) {
editor = activeOptions.editor.css('position', 'absolute').hide().appendTo(element.parent()),
active,
showEditor = function (select) {
active = element.find('td:focus');
active = element.find('td:focus:not(".immutable")');
if (active.length) {
editor.val(active.text())
.removeClass('error')
@ -126,6 +126,6 @@ $.fn.editableTableWidget.defaultOptions = {
cloneProperties: ['padding', 'padding-top', 'padding-bottom', 'padding-left', 'padding-right',
'text-align', 'font', 'font-size', 'font-family', 'font-weight',
'border', 'border-top', 'border-bottom', 'border-left', 'border-right'],
editor: $('<input>')
editor: $('<input id="editor">')
};

36
public/misc/script.index.js
View File

@ -31,11 +31,41 @@ $(document).ready(function(){
'color': '#FFF'
});
if (data.CrossDomainLogin) {
// Create iframes for other domains
console.log('CrossDomainLogin initiated');
var cookieDomains = JSON.parse(data.CookieDomains);
var XHR = [];
cookieDomains.forEach(function(domain) {
XHR.push($.get({
url: "https://auth." + domain + "/lucidAuth.requestCookie.php",
crossDomain: true,
xhrFields: {
withCredentials: true,
},
timeout: 750,
// origin domain should be exempted from timeout
// (because origin domain can/will be different from current domain --due to traefik design).
data: {
ref: btoa(JSON.stringify({
action: 'login',
token: data.SecureToken
}))
}
console.log("Navigating to :" + data.Location);
}).done(function(_data, _textStatus, jqXHR) {
NProgress.inc(1 / XHR.length);
console.log('CrossDomain login succeeded for domain `' + domain + '` [' + JSON.stringify(jqXHR) + ']');
}).fail(function(jqXHR) {
console.log('CrossDomain login failed for domain `' + domain + '` [' + JSON.stringify(jqXHR) + ')]');
// Should check why this failed (timeout or bad request?), and if this is the origin domain, take action
}));
});
$.when.apply($, XHR).then(function(){
$.each(arguments, function(_index, _arg) {
// Finished cross-domain logins (either successfully or through timeout)
NProgress.done();
console.log('CrossDomain login completed; forwarding to `' + data.Location + '`');
window.location.replace(data.Location);
});
});
}
}, 2250);
} else {
$('#btnlogin').css({

176
public/misc/script.manage.js
View File

@ -1,3 +1,175 @@
$(document).ready(function(){
$('#tabletest').editableTableWidget();
jQuery.fn.inlineConfirm = function() {
return this.on('click', function(event) {
sessionID = $(this).data('sessionid');
// event.preventDefault();
$(this).off('click').parent().empty().append(
$('<button>', {
text: locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_yes'],
class: 'bttn-simple bttn-xs bttn-primary sessiondeleteconfirm',
style: 'margin-right: 3px;',
'data-translation': 'button_yes',
'data-sessionid': sessionID
})).append(
$('<button>', {
text: locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_no'],
class: 'bttn-simple bttn-xs bttn-primary sessiondeletecancel',
'data-translation': 'button_no',
'data-sessionid': sessionID
})
);
});
};
$(document).ready(function(){
// Initialize the editable-table functionality
$('#usertable').editableTableWidget();
// Prevent clicking *through* popup-screens
$('#sessions').click(function(event) {
event.stopPropagation();
});
// Add eventhandlers to buttons
$('#usertable button.session').click(function() {
event.stopPropagation();
$('#sessions tbody').empty();
$('#sessions').fadeToggle();
$.post("lucidAuth.manage.php", {
do: "retrievesessions",
userid: $(this).closest('tr').find('td:nth-child(1)').data('userid')
})
.done(function(data,_status) {
if (data.Result === 'Success') {
var Sessions = JSON.parse(data.UserSessions);
for (var i = 0; i < data.SessionCount; i++) {
try {
var fingerPrint = JSON.parse(atob(Sessions[i]['fp']));
var sessionDetails = '<img class="browsericon" src="/images/' + fingerPrint['browser'] + '_256x256.png">';
sessionDetails += fingerPrint['browser'] + ' -- ' + fingerPrint['platform'];
sessionDetails += '<br>' + fingerPrint['city'] + ' (' + fingerPrint['countrycode'] + ')';
} catch(e) {
// Do nothing
}
$('#sessiontable tbody').append($('<tr>')
.append($('<td>', {
text: new Date(Sessions[i]['iat'] * 1000).toLocaleString('en-GB')
}))
.append($('<td>', {
text: Sessions[i]['iss']
}))
.append($('<td>', {
html: sessionDetails ? sessionDetails : ''
}))
.append($('<td>', {
html: $('<button>', {
text: locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_delete'],
class: 'bttn-simple bttn-xs bttn-primary sessiondelete',
'data-translation': 'button_delete',
'data-sessionid': Sessions[i]['tid']})
}))
);
}
$('#sessiontable .sessiondelete').inlineConfirm();
} else {
}
});
});
$('#usertable button.delete').click(function() {
$(this).closest('tr').addClass('removed');
});
$('#btnnewuser').click(function() {
// Create a new user; generate pseudo-random username
var newUser = 'User' + String(Math.floor(Math.random() * Math.floor(9999))).padStart(4, '0');
// Add new user to the interface
// (new `<tr>` in `<table id="usertable">`)
$('#usertable tbody').append($('<tr>', {class: 'new'})
.append($('<td>', {
text: newUser
}))
.append($('<td>', {
text: 'User'
}))
.append($('<td>', {
class: 'immutable',
html: '<button class="bttn-simple bttn-xs bttn-primary disabled" data-translation="button_sessions" disabled="true">' +
locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_sessions'] + '</button>&nbsp;' +
'<button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">' +
locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_delete'] +
'</button>'
}))
);
// Call `editableTableWidget()` again to include the newly added `<tr>`
// To prevent recreating multiple new editors; reference the already existing `<input>`
$('#usertable').editableTableWidget({editor: $('#editor')});
// Add eventhandlers to buttons of newly added `<tr>`
$('#usertable .new button.session').unbind().click(function() {
console.log('New user, unlikely to have sessions already, lets do nothing for now');
});
$('#usertable .new button.delete').unbind().click(function() {
$(this).closest('tr').remove();
});
});
$('#btnsave').click(function() {
var newEntries = [];
$('#usertable .new').each(function() {
newEntries.push({
'userName': $(this).find('td:nth-child(1)').text(),
'roleName': $(this).find('td:nth-child(2)').text()
});
});
var removedEntries = [];
$('#usertable .removed').each(function() {
removedEntries.push({
'userId': $(this).find('td:nth-child(1)').data('userid'),
'userName': $(this).find('td:nth-child(1)').text(),
'roleName': $(this).find('td:nth-child(2)').text()
});
});
console.log({'new': newEntries, 'removed': removedEntries});
/* $.get("psworker.php", {
do: "mutate",
mutations: {
new: newEntries,
removed: removedEntries
}
})*/
});
$('#btncancel').click(function() {
window.location.reload();
});
$('#linklogout').click(function() {
console.log('Logging out!');
});
if (localStorage.getItem('theme') !== null) {
$('#theme').addClass(localStorage.getItem('theme'));
}
$('.logo .sub').click(function(event) {
var classes = ["tablecloth", "weave", "madras", "tartan", "seigaiha"];
if (event.ctrlKey) {
var selectedTheme = classes[~~(Math.random()*classes.length)];
$('#theme').removeClass(classes.join(' ')).addClass(selectedTheme);
localStorage.setItem('theme', selectedTheme);
}
if (event.altKey) {
$('#theme').removeClass(classes.join(' '));
localStorage.removeItem('theme');
}
});
});
$(document).click(function () {
$('#sessions').fadeOut();
});

19
public/misc/script.theme.js
View File

@ -1,19 +0,0 @@
$(document).ready(function() {
if (localStorage.getItem('theme') != '') {
$('html').addClass(localStorage.getItem('theme'));
}
$('.logo .sub').on('click', function(event) {
if (event.ctrlKey) {
var classes = ["tablecloth", "weave", "madras", "tartan", "seigaiha"];
var selectedTheme = classes[~~(Math.random()*classes.length)];
$('html').removeClass().addClass(selectedTheme);
localStorage.setItem('theme', selectedTheme);
}
if (event.altKey) {
$('html').removeClass();
localStorage.removeItem('theme');
}
});
});

32
public/misc/script.translation.js
View File

@ -1,29 +1,43 @@
var locales = {
en: {
button_add: "add",
button_new: "new",
button_save: "save",
button_cancel: "cancel",
button_continue: "continue",
button_sessions: "sessions",
button_delete: "delete",
button_yes: "yes",
button_no: "no",
button_login: "login",
heading_error: "ERROR!",
label_password: "Password:",
label_sessions: "Sessions",
label_username: "Username:",
link_logout: "Logout",
span_credentialsavailable: "Login credentials available upon request!",
span_loggedinas: "Logged in as"
span_loggedinas: "Logged in as",
th_username: "Username",
th_role: "Role",
th_manage: "Manage"
},
nl: {
button_add: "voeg toe",
button_cancel: "annuleer",
button_continue: "doorgaan",
button_new: "nieuw",
button_save: "opslaan",
button_cancel: "annuleren",
button_sessions: "sessies",
button_delete: "verwijder",
button_yes: "ja",
button_no: "nee",
button_login: "log in",
heading_error: "FOUT!",
label_password: "Wachtwoord:",
label_sessions: "Sessies",
label_username: "Gebruikersnaam:",
link_logout: "Log uit",
span_credentialsavailable: "Inloggegevens verkrijgbaar op aanvraag!",
span_loggedinas: "Ingelogd als"
span_loggedinas: "Ingelogd als",
th_username: "Gebruikersnaam",
th_role: "Rol",
th_manage: "Beheer"
} // ... etc.
};
@ -31,7 +45,7 @@ $(document).ready(function(){
$('[id^=linklanguage-]').click(function() {
var selectedlang = $(this).attr('id').split('-')[1];
// Replace text of each element with translated value
$('[data-translation]').each(function(index) {
$('[data-translation]').each(function() {
$(this).text(locales[selectedlang][$(this).data('translation')]);
});
// Enable/disable (toggle) anchors
@ -43,7 +57,7 @@ $(document).ready(function(){
});
if (localStorage.getItem('language') !== null) {
$('[data-translation]').each(function(index) {
$('[data-translation]').each(function() {
$(this).text(locales[localStorage.getItem('language')][$(this).data('translation')]);
});
$('span#user a.current').removeClass('current');

113
public/misc/style.css
View File

@ -96,63 +96,88 @@ body {
.main {
clear: both;
}
.main fieldset {
border: 0;
.main section {
clear: both;
}
.main fieldset legend {
visibility: hidden;
}
.main fieldset label.pre {
.main section label.pre {
display: inline-block;
width: 155px;
text-align: right;
vertical-align: top;
margin-top: 3px;
}
.main fieldset label#labelallaliases {
float: left;
}
.main fieldset output#aliasstats {
float: left;
clear: left;
width: 160px;
text-align: right;
font-size: 12px;
}
.main fieldset output#aliasstats:after {
margin-left: 7px;
content: ' ';
}
.main fieldset input {
.main section input {
border: 1px solid #003399;
padding: 2px;
width: 100px;
}
.main fieldset input[type=radio] {
.main section input[type=radio] {
border: none;
margin-top: 7px;
width: 20px;
}
.main fieldset button {
.main header button,
.main section button {
margin-left: 160px;
text-transform: uppercase;
}
.main fieldset select {
border: 1px solid #003399;
padding: 2px;
width: 375px;
.main header .buttons,
.main section .buttons {
text-align: center;
}
.main fieldset select .new {
.main header .buttons button,
.main section .buttons button {
margin-left: inherit;
}
.main section #sessions {
display: none;
position: absolute;
top: calc(50% - 160px);
right: 20%;
height: 320px;
width: 60%;
border: 1px solid rgb(0, 51, 153);
box-shadow: black 0px 0px 20px;
box-sizing: border-box;
padding-top: 5px;
background: white;
font-size: inherit;
z-index: 99;
overflow-y: auto;
}
.main section #sessions .browsericon {
height: 30px;
float: left;
margin-right: 5px;
border: none;
filter: drop-shadow(0px 0px 1px #000);
}
.main section #sessions .sessiondeleteconfirm {
background: crimson linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.33) 51%) no-repeat center;
}
.main section #sessions .sessiondeletecancel {
background: green linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center;
}
.main section table {
width: 100%;
}
.main section table * {
font-size: 14px;
padding: 2px;
margin: 0;
}
.main section table .new {
font-weight: bold;
}
.main fieldset select .deleted {
.main section table .removed td:nth-child(-n+2) {
text-decoration: line-through;
color: grey;
}
.main fieldset#signup label.pre {
width: 205px;
.main section table tbody tr:nth-child(odd) {
background-color: rgb(215, 215, 215);
}
.main fieldset#signup span.indent, .main fieldset#signup input.button {
margin-left: 210px;
.main section table .immutable {
cursor: default !important;
}
.main li {
list-style: none;
@ -214,25 +239,3 @@ body {
.main span#user nav {
display: inline;
}
.main span#user #pluginlogos {
display: none;
position: absolute;
top: 72px;
right: 10px;
height: 112px;
width: 250px;
border: 1px solid rgb(0, 51, 153);
box-shadow: black 0px 0px 20px;
box-sizing: border-box;
padding-top: 5px;
background: white;
font-size: inherit;
font-weight: bold;
}
.main span#user #pluginlogos img {
width: 75px;
height: 75px;
filter: saturate(500%) contrast(200%) grayscale(100%) opacity(50%);
transition: all 375ms;
cursor: pointer;
}

50
public/misc/style.panes.css Normal file
View File

@ -0,0 +1,50 @@
body{
margin: 0;
}
.wrapper{
min-height: 100vh;
background: #FFFFFF;
display: flex;
flex-direction: column;
}
.header {
height: 100px;
background: #FFFFFF;
color: #000000;
}
.content {
display: flex;
flex: 1;
background: #333333;
color: #000;
min-height: 0px;
max-height: 100vh;
}
.columns{
display: flex;
flex:1;
}
.main{
flex: 1;
order: 2;
background: #fff;
border: 3px solid #CCCCCC;
border-radius: 5px;
height: 400px;
margin-top: auto;
margin-bottom: auto;
}
.main section {
overflow-y: scroll;
height: calc(100% - 100px);
}
.sidebar-first{
width: 25%;
background: transparent;
order: 1;
}
.sidebar-second{
width: 25%;
order: 3;
background: transparent;
}

10
public/misc/style.theme.css
View File

@ -1,11 +1,11 @@
html.tablecloth {
#theme.tablecloth {
height: 100%;
background: repeating-linear-gradient(-45deg, transparent, transparent 1em, rgba(136, 136, 136, 0.4) 0, rgba(136, 136, 136, 0.1) 2em, transparent 0, transparent 1em, rgba(136, 136, 136, 0.3) 0, rgba(136, 136, 136, 0.2) 4em, transparent 0, transparent 1em, rgba(68, 68, 68, 0.6) 0, rgba(68, 68, 68, 0.2) 2em),
repeating-linear-gradient(45deg, transparent, transparent 1em, rgba(136, 136, 136, 0.4) 0, rgba(136, 136, 136, 0.1) 2em, transparent 0, transparent 1em, rgba(136, 136, 136, 0.3) 0, rgba(136, 136, 136, 0.2) 4em, transparent 0, transparent 1em, rgba(68, 68, 68, 0.4) 0, rgba(68, 68, 68, 0.1) 2em), #666;
background-blend-mode: multiply;
}
html.weave {
#theme.weave {
background: linear-gradient(45deg, #666 12%, transparent 0, transparent 88%, #666 0),
linear-gradient(135deg, transparent 37%, #888 0, #888 63%, transparent 0),
linear-gradient(45deg, transparent 37%, #666 0, #666 63%, transparent 0),
@ -13,14 +13,14 @@ html.weave {
background-size: 40px 40px;
}
html.madras {
#theme.madras {
height: 100%;
background-color: #e9d4b9;
background-image: repeating-linear-gradient(45deg, transparent 5px, rgba(11, 36, 45, 0.5) 5px, rgba(11, 36, 45, 0.5) 10px, rgba(211, 119, 111, 0) 10px, rgba(211, 119, 111, 0) 35px, rgba(211, 119, 111, 0.5) 35px, rgba(211, 119, 111, 0.5) 40px, rgba(11, 36, 45, 0.5) 40px, rgba(11, 36, 45, 0.5) 50px, rgba(11, 36, 45, 0) 50px, rgba(11, 36, 45, 0) 60px, rgba(211, 119, 111, 0.5) 60px, rgba(211, 119, 111, 0.5) 70px, rgba(247, 179, 85, 0.5) 70px, rgba(247, 179, 85, 0.5) 80px, rgba(247, 179, 85, 0) 80px, rgba(247, 179, 85, 0) 90px, rgba(211, 119, 111, 0.5) 90px, rgba(211, 119, 111, 0.5) 110px, rgba(211, 119, 111, 0) 110px, rgba(211, 119, 111, 0) 120px, rgba(11, 36, 45, 0.5) 120px, rgba(11, 36, 45, 0.5) 140px),
repeating-linear-gradient(135deg, transparent 5px, rgba(11, 36, 45, 0.5) 5px, rgba(11, 36, 45, 0.5) 10px, rgba(211, 119, 111, 0) 10px, rgba(211, 119, 111, 0) 35px, rgba(211, 119, 111, 0.5) 35px, rgba(211, 119, 111, 0.5) 40px, rgba(11, 36, 45, 0.5) 40px, rgba(11, 36, 45, 0.5) 50px, rgba(11, 36, 45, 0) 50px, rgba(11, 36, 45, 0) 60px, rgba(211, 119, 111, 0.5) 60px, rgba(211, 119, 111, 0.5) 70px, rgba(247, 179, 85, 0.5) 70px, rgba(247, 179, 85, 0.5) 80px, rgba(247, 179, 85, 0) 80px, rgba(247, 179, 85, 0) 90px, rgba(211, 119, 111, 0.5) 90px, rgba(211, 119, 111, 0.5) 110px, rgba(211, 119, 111, 0) 110px, rgba(211, 119, 111, 0) 140px, rgba(11, 36, 45, 0.5) 140px, rgba(11, 36, 45, 0.5) 160px);
}
html.tartan {
#theme.tartan {
height: 100%;
background-color: #a0302c;
background-image: repeating-linear-gradient(20deg, transparent, transparent 50px, rgba(0, 0, 0, 0.4) 50px, rgba(0, 0, 0, 0.4) 53px, transparent 53px, transparent 63px, rgba(0, 0, 0, 0.4) 63px, rgba(0, 0, 0, 0.4) 66px, transparent 66px, transparent 116px, rgba(0, 0, 0, 0.5) 116px, rgba(0, 0, 0, 0.5) 166px, rgba(255, 255, 255, 0.2) 166px, rgba(255, 255, 255, 0.2) 169px, rgba(0, 0, 0, 0.5) 169px, rgba(0, 0, 0, 0.5) 179px, rgba(255, 255, 255, 0.2) 179px, rgba(255, 255, 255, 0.2) 182px, rgba(0, 0, 0, 0.5) 182px, rgba(0, 0, 0, 0.5) 232px, transparent 232px),
@ -28,7 +28,7 @@ html.tartan {
repeating-linear-gradient(145deg, transparent, transparent 2px, rgba(0, 0, 0, 0.2) 2px, rgba(0, 0, 0, 0.2) 3px, transparent 3px, transparent 5px, rgba(0, 0, 0, 0.2) 5px);
}
html.seigaiha {
#theme.seigaiha {
background-color: grey;
background-image: radial-gradient(circle at 100% 150%, grey 24%, silver 25%, silver 28%, grey 29%, grey 36%, silver 36%, silver 40%, rgba(0, 0, 0, 0) 40%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 0 150%, grey 24%, silver 25%, silver 28%, grey 29%, grey 36%, silver 36%, silver 40%, rgba(0, 0, 0, 0) 40%, rgba(0, 0, 0, 0)),