Compare commits
3 Commits
master
...
developmen
Author | SHA1 | Date | |
---|---|---|---|
c0ffd0a7ba | |||
3b43538f90 | |||
2d73384e17 |
83
README.md
83
README.md
@ -1,7 +1,7 @@
|
||||
# lucidAuth [![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
|
||||
> *Respect* the unexpected, mitigate your risks
|
||||
|
||||
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||
Forward Authentication for use with loadbalancers/proxies/webservers (Apache, ~~Caddy~~, Lighttpd, NGINX, Traefik, etc)
|
||||
|
||||
## Usage
|
||||
- Create a new folder, navigate to it in a commandprompt and run the following command:
|
||||
@ -9,42 +9,69 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
|
||||
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
|
||||
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
|
||||
- Edit your proxy's configuration to use the new website as forward proxy:
|
||||
#### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
|
||||
- Edit your webserver's/proxy's configuration to use the new website for forward authentication:
|
||||
- #### ~~in Apache~~ <small>(Soon™)</small>
|
||||
|
||||
#### in Traefik
|
||||
- #### ~~in Caddy~~ <small>(Never, due to lacking functionality)</small>
|
||||
|
||||
- #### ~~in Lighttpd~~ <small>(Soon™)</small>
|
||||
|
||||
- #### in NGINX
|
||||
Add the following lines (adjust to reflect your existing configuration - more [details](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/)):
|
||||
```
|
||||
http {
|
||||
#...
|
||||
server {
|
||||
#...
|
||||
location /private/ {
|
||||
auth_request /auth;
|
||||
auth_request_set $auth_status $upstream_status;
|
||||
}
|
||||
|
||||
location = /auth {
|
||||
internal;
|
||||
proxy_pass https://<fqdn>/lucidAuth.validateRequest.php;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
- #### in Traefik
|
||||
Add the following lines (change to reflect your existing configuration):
|
||||
##### 1.7
|
||||
##### 1.7.x (more [details](https://docs.traefik.io/v1.7/configuration/entrypoints/#forward-authentication))
|
||||
```
|
||||
[frontends.server1]
|
||||
entrypoints = ["https"]
|
||||
backend = "server1"
|
||||
[frontends.server1.auth.forward]
|
||||
address = "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||
[frontends.server1.routes]
|
||||
[frontends.server1.routes.ext]
|
||||
rule = "Host:<fqdn>"
|
||||
entrypoints = ["https"]
|
||||
backend = "server1"
|
||||
[frontends.server1.auth.forward]
|
||||
address = "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||
[frontends.server1.routes]
|
||||
[frontends.server1.routes.ext]
|
||||
rule = "Host:<fqdn>"
|
||||
```
|
||||
##### 2.0
|
||||
##### 2.x (more [details](https://docs.traefik.io/middlewares/forwardauth/))
|
||||
Either whitelist IP's which should be trusted to send `HTTP_X-Forwarded-*` headers, ór enable insecure-mode in your static configuration:
|
||||
```
|
||||
entryPoints:
|
||||
https:
|
||||
address: :443
|
||||
forwardedHeaders:
|
||||
trustedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.0/24"
|
||||
# insecure: true
|
||||
https:
|
||||
address: :443
|
||||
forwardedHeaders:
|
||||
trustedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.0/24"
|
||||
# insecure: true
|
||||
```
|
||||
Define a middleware that tells Traefik to forward requests for authentication in your dynamic file provider:
|
||||
```
|
||||
https:
|
||||
middlewares:
|
||||
ldap-authentication:
|
||||
forwardAuth:
|
||||
address: "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||
trustForwardHeader: true
|
||||
middlewares:
|
||||
ldap-authentication:
|
||||
forwardAuth:
|
||||
address: "https://<fqdn>/lucidAuth.validateRequest.php"
|
||||
trustForwardHeader: true
|
||||
```
|
||||
And finally add the new middleware to your service (different methods; this depends on your configuration):
|
||||
```
|
||||
@ -52,9 +79,9 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||
traefik.http.routers.router1.middlewares: "ldap-authentication@file"
|
||||
# as yaml (when using file provider)
|
||||
routers:
|
||||
router1:
|
||||
middlewares:
|
||||
- "ldap-authentication"
|
||||
router1:
|
||||
middlewares:
|
||||
- "ldap-authentication"
|
||||
```
|
||||
|
||||
- #### Important!
|
||||
|
@ -106,7 +106,7 @@ function storeToken (string $secureToken, string $qualifiedUsername, string $htt
|
||||
// This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
|
||||
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
|
||||
}))[0];
|
||||
if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
|
||||
if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain, TRUE)) {
|
||||
return ['status' => 'Success'];
|
||||
} else {
|
||||
return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)'];
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
include_once('../include/lucidAuth.functions.php');
|
||||
|
||||
if ($_POST['do'] == 'login') {
|
||||
if ($_POST['do'] === 'login') {
|
||||
$result = authenticateLDAP($_POST['username'], $_POST['password']);
|
||||
if ($result['status'] === 'Success') {
|
||||
// Store authentication token; in database serverside & in cookie clientside
|
||||
|
@ -8,72 +8,123 @@
|
||||
}
|
||||
|
||||
if ($validateTokenResult['status'] === "Success") {
|
||||
if ($_REQUEST['do'] === 'retrievesessions') {
|
||||
$storedTokens = [];
|
||||
|
||||
$pdoQuery = $pdoDB->prepare('
|
||||
SELECT SecureToken.Id, SecureToken.UserId, SecureToken.Value
|
||||
FROM SecureToken
|
||||
WHERE SecureToken.UserId = :userid
|
||||
');
|
||||
$pdoQuery->execute([
|
||||
':userid' => (int) $_REQUEST['userid']
|
||||
]);
|
||||
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
|
||||
try {
|
||||
$JWTPayload = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
|
||||
$storedTokens[] = [
|
||||
'tid' => $row['Id'],
|
||||
'iat' => $JWTPayload->iat,
|
||||
'iss' => $JWTPayload->iss,
|
||||
'fp' => $JWTPayload->fp
|
||||
];
|
||||
} catch (Exception $e) {
|
||||
// Invalid token
|
||||
continue;
|
||||
switch ($_REQUEST['do']) {
|
||||
case 'mutateusers':
|
||||
if (isset($_REQUEST['new']) && isset($_REQUEST['removed'])) {
|
||||
// Do magic!
|
||||
}
|
||||
}
|
||||
else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Failure",
|
||||
"Reason" => "Incomplete request data"
|
||||
]);
|
||||
}
|
||||
break;
|
||||
case 'retrievesessions':
|
||||
$storedTokens = [];
|
||||
|
||||
// Return JSON object
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Success",
|
||||
"SessionCount" => sizeof($storedTokens),
|
||||
"UserSessions" => json_encode($storedTokens)
|
||||
]);
|
||||
} else {
|
||||
// No action requested, default action
|
||||
include_once('../include/lucidAuth.template.php');
|
||||
$pdoQuery = $pdoDB->prepare('
|
||||
SELECT SecureToken.Id, SecureToken.UserId, SecureToken.Value
|
||||
FROM SecureToken
|
||||
WHERE SecureToken.UserId = :userid
|
||||
');
|
||||
$pdoQuery->execute([
|
||||
':userid' => (int) $_REQUEST['userid']
|
||||
]);
|
||||
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
|
||||
try {
|
||||
$JWTPayload = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
|
||||
$storedTokens[] = [
|
||||
'tid' => $row['Id'],
|
||||
'iat' => $JWTPayload->iat,
|
||||
'iss' => $JWTPayload->iss,
|
||||
'fp' => $JWTPayload->fp
|
||||
];
|
||||
} catch (Exception $e) {
|
||||
// Invalid token
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
$allUsers = $pdoDB->query('
|
||||
SELECT User.Id, User.Username, Role.Rolename
|
||||
FROM User
|
||||
LEFT JOIN Role
|
||||
ON (Role.Id = User.RoleId)
|
||||
')->fetchAll(PDO::FETCH_ASSOC);
|
||||
} catch (Exception $e) {
|
||||
// Return JSON object
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Success",
|
||||
"SessionCount" => sizeof($storedTokens),
|
||||
"UserSessions" => json_encode($storedTokens)
|
||||
]);
|
||||
break;
|
||||
case 'deletesession':
|
||||
if (isset($_REQUEST['userid']) && isset($_REQUEST['tokenid'])) {
|
||||
try {
|
||||
$pdoQuery = $pdoDB->prepare('
|
||||
DELETE FROM SecureToken
|
||||
WHERE SecureToken.UserId = :userid AND SecureToken.Id = :tokenid
|
||||
');
|
||||
$pdoQuery->execute([
|
||||
':userid' => (int) $_REQUEST['userid'],
|
||||
':tokenid' => (int) $_REQUEST['tokenid']
|
||||
]);
|
||||
|
||||
// Return JSON object
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Success",
|
||||
"RowCount" => $pdoQuery->RowCount()
|
||||
]);
|
||||
}
|
||||
catch (Exception $e) {
|
||||
// Return JSON object
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Failure",
|
||||
"Reason" => "Failed deleting tokens from database"
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Failure",
|
||||
"Reason" => "Incomplete request data"
|
||||
]);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
// No action requested, default action
|
||||
include_once('../include/lucidAuth.template.php');
|
||||
|
||||
try {
|
||||
$allUsers = $pdoDB->query('
|
||||
SELECT User.Id, User.Username, Role.Rolename
|
||||
FROM User
|
||||
LEFT JOIN Role
|
||||
ON (Role.Id = User.RoleId)
|
||||
')->fetchAll(PDO::FETCH_ASSOC);
|
||||
} catch (Exception $e) {
|
||||
// Should really do some actual errorhandling here
|
||||
throw new Exception($e);
|
||||
}
|
||||
foreach($allUsers as $row) {
|
||||
$tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
|
||||
$validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
|
||||
$row['Id'],
|
||||
explode('\\', $row['Username'])[1],
|
||||
$row['Rolename'],
|
||||
'<button class="bttn-simple bttn-xs bttn-primary session" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : ' <button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')
|
||||
);
|
||||
}
|
||||
throw new Exception($e);
|
||||
}
|
||||
foreach($allUsers as $row) {
|
||||
$tableRows[] = sprintf('<tr%1$s><td data-userid="%2$s">%3$s</td><td>%4$s</td><td class="immutable">%5$s</td></tr>',
|
||||
$validateTokenResult['uid'] === $row['Id'] ? ' class="currentuser"': null,
|
||||
$row['Id'],
|
||||
explode('\\', $row['Username'])[1],
|
||||
$row['Rolename'],
|
||||
'<button class="bttn-simple bttn-xs bttn-primary session" data-translation="button_sessions">Sessions</button>' . ($validateTokenResult['uid'] === $row['Id'] ? null : ' <button class="bttn-simple bttn-xs bttn-primary delete" data-translation="button_delete">Delete</button>')
|
||||
);
|
||||
}
|
||||
|
||||
echo sprintf($pageLayout['full_alt'],
|
||||
sprintf($contentLayout['manage']['header'],
|
||||
$validateTokenResult['name']
|
||||
),
|
||||
sprintf($contentLayout['manage']['section'],
|
||||
implode($tableRows)
|
||||
)
|
||||
);
|
||||
echo sprintf($pageLayout['full_alt'],
|
||||
sprintf($contentLayout['manage']['header'],
|
||||
$validateTokenResult['name']
|
||||
),
|
||||
sprintf($contentLayout['manage']['section'],
|
||||
implode($tableRows)
|
||||
)
|
||||
);
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
// No cookie containing valid authentication token found;
|
||||
|
@ -1,22 +1,74 @@
|
||||
jQuery.fn.inlineConfirm = function() {
|
||||
return this.on('click', function(event) {
|
||||
sessionID = $(this).data('sessionid');
|
||||
// event.preventDefault();
|
||||
$(this).off('click').parent().empty().append(
|
||||
$('<button>', {
|
||||
jQuery.fn.ConfirmDelete = function() {
|
||||
return this.on('click', function() {
|
||||
var sessionID = $(this).data('sessionid');
|
||||
|
||||
$(this).off('click').parent().empty()
|
||||
.append($('<button>', {
|
||||
text: locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_yes'],
|
||||
class: 'bttn-simple bttn-xs bttn-primary sessiondeleteconfirm',
|
||||
style: 'margin-right: 3px;',
|
||||
'data-translation': 'button_yes',
|
||||
'data-sessionid': sessionID
|
||||
})).append(
|
||||
$('<button>', {
|
||||
}).on('click', function() {
|
||||
// Move this out of 'ConfirmDelete()'
|
||||
var pressedButton = $(this);
|
||||
$(pressedButton).prop('disabled', true).css({
|
||||
'background': '#999 url(data:image/gif;base64,R0lGODlhEAAQAPIAAJmZmf///7CwsOPj4////9fX18rKysPDwyH+GkNyZWF0ZWQgd2l0aCBhamF4bG9hZC5pbmZvACH5BAAKAAAAIf8LTkVUU0NBUEUyLjADAQAAACwAAAAAEAAQAAADMwi63P4wyklrE2MIOggZnAdOmGYJRbExwroUmcG2LmDEwnHQLVsYOd2mBzkYDAdKa+dIAAAh+QQACgABACwAAAAAEAAQAAADNAi63P5OjCEgG4QMu7DmikRxQlFUYDEZIGBMRVsaqHwctXXf7WEYB4Ag1xjihkMZsiUkKhIAIfkEAAoAAgAsAAAAABAAEAAAAzYIujIjK8pByJDMlFYvBoVjHA70GU7xSUJhmKtwHPAKzLO9HMaoKwJZ7Rf8AYPDDzKpZBqfvwQAIfkEAAoAAwAsAAAAABAAEAAAAzMIumIlK8oyhpHsnFZfhYumCYUhDAQxRIdhHBGqRoKw0R8DYlJd8z0fMDgsGo/IpHI5TAAAIfkEAAoABAAsAAAAABAAEAAAAzIIunInK0rnZBTwGPNMgQwmdsNgXGJUlIWEuR5oWUIpz8pAEAMe6TwfwyYsGo/IpFKSAAAh+QQACgAFACwAAAAAEAAQAAADMwi6IMKQORfjdOe82p4wGccc4CEuQradylesojEMBgsUc2G7sDX3lQGBMLAJibufbSlKAAAh+QQACgAGACwAAAAAEAAQAAADMgi63P7wCRHZnFVdmgHu2nFwlWCI3WGc3TSWhUFGxTAUkGCbtgENBMJAEJsxgMLWzpEAACH5BAAKAAcALAAAAAAQABAAAAMyCLrc/jDKSatlQtScKdceCAjDII7HcQ4EMTCpyrCuUBjCYRgHVtqlAiB1YhiCnlsRkAAAOwAAAAAAAAAAAA==) no-repeat center',
|
||||
'color': 'transparent',
|
||||
'transform': 'rotateX(180deg)',
|
||||
'cursor': 'default'
|
||||
}).next().prop('disabled', true).addClass('disabled');
|
||||
|
||||
$.post("lucidAuth.manage.php", {
|
||||
do: "deletesession",
|
||||
tokenid: sessionID,
|
||||
userid: $(pressedButton).closest('tr').data('userid')
|
||||
})
|
||||
.done(function(data,_status) {
|
||||
if (data.Result === 'Success') {
|
||||
$(pressedButton).css({
|
||||
'background': 'green url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaklEQVQ4jeXOMQ5AQBBG4T2BC4i76EWich7ncAKbqCRuodTqnMNTkFgJs3ZU4tXz/Rlj/hUQv8EpMAClFk9sjUAiHVcCnoFMwhZYgPYG575Xe46aIOyMdJx7ji9GwrEzUgOFCu8DkRp/qxU2BKCUyZR6ygAAAABJRU5ErkJggg==) no-repeat center',
|
||||
'transform': 'rotateX(0deg)'
|
||||
});
|
||||
setTimeout(function() {
|
||||
$(pressedButton).closest('tr').fadeOut(500, function() {
|
||||
$(this).remove()});
|
||||
}, 2250);
|
||||
} else {
|
||||
$(pressedButton).css({
|
||||
'background': 'red url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAv0lEQVQ4jaWT0Q3CMAxELwh1BEag87AJ6hcLlE/KBLABrNEV2h26QaXHj4NMGgpS7sfJJXd24kQqRMiRQC3pIKk2apD0DCEMq25ABZyBmSVmW6vWxH1GmKLPmph7xJQReq5dnNmVPQE7oHOCzrhoMts9vQ1OSbYOCBb92OPkDe6ZkqMwJwa4SdJmtS1/YGsx7e9VUiPpYvPG4tHtGUsvcf+RkpI2mkHZQ3ImLd+fcpuKf32meM5R0iOEMOb2F+EF33vgCePVr8UAAAAASUVORK5CYII=) no-repeat center',
|
||||
'transform': 'rotateX(0deg)'
|
||||
});
|
||||
setTimeout(function() {
|
||||
$(pressedButton).closest('td').empty()
|
||||
.append(
|
||||
$('<button>', {
|
||||
text: locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_delete'],
|
||||
class: 'bttn-simple bttn-xs bttn-primary sessiondelete',
|
||||
'data-translation': 'button_delete',
|
||||
'data-sessionid': sessionID
|
||||
}).ConfirmDelete())
|
||||
}, 2250);
|
||||
}
|
||||
});
|
||||
}))
|
||||
.append($('<button>', {
|
||||
text: locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_no'],
|
||||
class: 'bttn-simple bttn-xs bttn-primary sessiondeletecancel',
|
||||
'data-translation': 'button_no',
|
||||
'data-sessionid': sessionID
|
||||
})
|
||||
);
|
||||
}).on('click', function() {
|
||||
// Move this out of 'ConfirmDelete()'
|
||||
var pressedButton = $(this);
|
||||
$(pressedButton).closest('td').empty()
|
||||
.append(
|
||||
$('<button>', {
|
||||
text: locales[(localStorage.getItem('language') !== null ? localStorage.getItem('language') : 'en')]['button_delete'],
|
||||
class: 'bttn-simple bttn-xs bttn-primary sessiondelete',
|
||||
'data-translation': 'button_delete',
|
||||
'data-sessionid': sessionID
|
||||
}).ConfirmDelete())
|
||||
}))
|
||||
});
|
||||
};
|
||||
|
||||
@ -35,9 +87,11 @@ $(document).ready(function(){
|
||||
$('#sessions tbody').empty();
|
||||
$('#sessions').fadeToggle();
|
||||
|
||||
var userID = $(this).closest('tr').find('td:nth-child(1)').data('userid');
|
||||
|
||||
$.post("lucidAuth.manage.php", {
|
||||
do: "retrievesessions",
|
||||
userid: $(this).closest('tr').find('td:nth-child(1)').data('userid')
|
||||
userid: userID
|
||||
})
|
||||
.done(function(data,_status) {
|
||||
if (data.Result === 'Success') {
|
||||
@ -51,7 +105,9 @@ $(document).ready(function(){
|
||||
} catch(e) {
|
||||
// Do nothing
|
||||
}
|
||||
$('#sessiontable tbody').append($('<tr>')
|
||||
$('#sessiontable tbody').append($('<tr>', {
|
||||
'data-userid': userID
|
||||
})
|
||||
.append($('<td>', {
|
||||
text: new Date(Sessions[i]['iat'] * 1000).toLocaleString('en-GB')
|
||||
}))
|
||||
@ -70,7 +126,7 @@ $(document).ready(function(){
|
||||
}))
|
||||
);
|
||||
}
|
||||
$('#sessiontable .sessiondelete').inlineConfirm();
|
||||
$('#sessiontable .sessiondelete').ConfirmDelete();
|
||||
} else {
|
||||
}
|
||||
});
|
||||
@ -131,14 +187,15 @@ $(document).ready(function(){
|
||||
});
|
||||
|
||||
console.log({'new': newEntries, 'removed': removedEntries});
|
||||
|
||||
/* $.get("psworker.php", {
|
||||
do: "mutate",
|
||||
mutations: {
|
||||
new: newEntries,
|
||||
removed: removedEntries
|
||||
}
|
||||
})*/
|
||||
/*
|
||||
$.post("lucidAuth.manage.php", {
|
||||
do: "mutateusers",
|
||||
new: newEntries,
|
||||
removed: removedEntries
|
||||
})
|
||||
.done(function(data,_status) {
|
||||
}
|
||||
*/
|
||||
});
|
||||
|
||||
$('#btncancel').click(function() {
|
||||
|
Loading…
Reference in New Issue
Block a user