djpbessems/lucidAuth
1
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Periodic merge upstream #1

Merged
djpbessems merged 3 commits from development into master 2019-02-28 14:31:11 +00:00
Conversation 0 Commits 3 Files Changed 18 +36 -10
5 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 1ffa164160 - Show all commits

2
README.md
View File

@ -29,4 +29,4 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy. The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
## Questions or bugs ## Questions or bugs
Feel free to open issues in this repository (or in its mirror on [GitHub](#)). Feel free to open issues in this repository.

3
include/lucidAuth.template.php
View File

@ -81,7 +81,7 @@ $contentLayout['login'] = <<<LOGIN
<img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" /> <img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" />
LOGIN; LOGIN;
$contentLayout['manage'] = <<<MANAGE $contentLayout['manage'] = <<<'MANAGE'
<script src="misc/script.manage.js"></script> <script src="misc/script.manage.js"></script>
<span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;{$_SESSION['fullname']}&nbsp;---&nbsp;[<a id="linkplugindialog" tabindex="600" data-translation="link_plugin">Browser plugin</a><div id="pluginlogos"><span data-translation="label_selectbrowser" style="float: left; margin-left: 5px;">Select browser:</span><span style="font-size: 8px; float: right; margin-right: 5px; margin-top: 2px;">[v0.2.122.4]</span><br /><img id="linkpluginchrome" src="images/chrome_256x256.png" /><img id="linkpluginfirefox" src="images/firefox_256x256.png" /><img id="linkpluginopera" src="images/opera_256x256.png" /></div>]&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="index.php?do=logout" tabindex="800" data-translation="link_logout">Log uit</a>]</span> <span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;{$_SESSION['fullname']}&nbsp;---&nbsp;[<a id="linkplugindialog" tabindex="600" data-translation="link_plugin">Browser plugin</a><div id="pluginlogos"><span data-translation="label_selectbrowser" style="float: left; margin-left: 5px;">Select browser:</span><span style="font-size: 8px; float: right; margin-right: 5px; margin-top: 2px;">[v0.2.122.4]</span><br /><img id="linkpluginchrome" src="images/chrome_256x256.png" /><img id="linkpluginfirefox" src="images/firefox_256x256.png" /><img id="linkpluginopera" src="images/opera_256x256.png" /></div>]&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="index.php?do=logout" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
<!-- <fieldset style="clear: both;"> <!-- <fieldset style="clear: both;">
@ -119,5 +119,4 @@ $contentLayout['dialog'] = <<<DIALOG
</ul> </ul>
DIALOG; DIALOG;
?> ?>

22
public/lucidAuth.login.php
View File

@ -2,12 +2,10 @@
error_reporting(E_ALL ^ E_NOTICE); error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php'); include_once('../include/lucidAuth.functions.php');
echo $settings->Debug['Verbose'];
if ($_POST['do'] == 'login') { if ($_POST['do'] == 'login') {
$result = authenticateLDAP($_POST['username'], $_POST['password']); $result = authenticateLDAP($_POST['username'], $_POST['password']);
if ($result['status'] == 'Success') { if ($result['status'] === 'Success') {
// Store authentication token; in database serverside & in cookie clientside // Store authentication token; in database serverside & in cookie clientside
if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') { if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') {
// Since this action is only ever called through an AJAX-request; return JSON object // Since this action is only ever called through an AJAX-request; return JSON object
@ -34,14 +32,24 @@
"Location" => $originalUri, "Location" => $originalUri,
"CrossDomainLogin" => $settings->Session['CrossDomainLogin'] "CrossDomainLogin" => $settings->Session['CrossDomainLogin']
]); ]);
# echo sprintf('{"Result":"Success","Location":"%1$s","CrossDomainLogin":%2$s}', $originalUri, $settings->Session['CrossDomainLogin'] ? 'True' : 'False') . PHP_EOL;
} else { } else {
switch ($result['reason']) { switch ($result['reason']) {
case '1': case '1':
echo '{"Result":"Fail","Reason":"Invalid username and/or password"}' . PHP_EOL; header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Invalid username and/or password"
]);
# echo '{"Result":"Fail","Reason":"Invalid username and/or password"}' . PHP_EOL;
break; break;
default: default:
echo '{"Result":"Fail","Reason":"Uncaught error"}' . PHP_EOL; header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Uncaught error"
]);
# echo '{"Result":"Fail","Reason":"Uncaught error"}' . PHP_EOL;
break;
} }
} }
} else { } else {

19
public/lucidAuth.manage.php Normal file
View File

@ -0,0 +1,19 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
if (!empty($_COOKIE['JWT']) && validateToken($_COOKIE['JWT'])['status'] === "Success") {
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['full'], $contentLayout['manage']);
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php");
}
?>

0
public/misc/script.manage.js Normal file
View File