Periodic merge upstream #1
@ -29,4 +29,4 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
|
||||
|
||||
## Questions or bugs
|
||||
Feel free to open issues in this repository (or in its mirror on [GitHub](#)).
|
||||
Feel free to open issues in this repository.
|
@ -135,10 +135,13 @@ function validateToken (string $secureToken) {
|
||||
if (!empty($storedTokens) && sizeof(array_filter($storedTokens, function ($value) use ($jwtPayload) {
|
||||
return $value->iat === $jwtPayload->iat;
|
||||
})) === 1) {
|
||||
return ['status' => 'Success'];
|
||||
return [
|
||||
'status' => 'Success',
|
||||
'name' => $jwtPayload->name
|
||||
];
|
||||
} else {
|
||||
if ($settings->Debug['LogToFile']) {
|
||||
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- No matching token in database' . PHP_EOL, FILE_APPEND);
|
||||
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Either no matching token or multiple matching tokens found in database' . PHP_EOL, FILE_APPEND);
|
||||
}
|
||||
return ['status' => 'Fail', 'reason' => '2'];
|
||||
}
|
||||
|
@ -9,7 +9,7 @@ $pageLayout['full'] = <<<'FULL'
|
||||
<meta charset="utf-8" />
|
||||
<title>lucidAuth</title>
|
||||
<meta name="application-name" content="lucidAuth" />
|
||||
<meta name="theme-color" content="#B50000" />
|
||||
<meta name="theme-color" content="#003399" />
|
||||
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
|
||||
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
|
||||
<link rel="manifest" href="/manifest.json" />
|
||||
@ -52,7 +52,7 @@ $pageLayout['bare'] = <<<'BARE'
|
||||
</html>
|
||||
BARE;
|
||||
|
||||
$contentLayout['login'] = <<<LOGIN
|
||||
$contentLayout['login'] = <<<'LOGIN'
|
||||
<script src="misc/script.index.js"></script>
|
||||
<fieldset>
|
||||
<legend>Login Details</legend>
|
||||
@ -67,7 +67,7 @@ $contentLayout['login'] = <<<LOGIN
|
||||
<input type="password" id="password" name="password" tabindex="200" />
|
||||
</li>
|
||||
<li>
|
||||
<input type="hidden" id="ref" name="ref" value="{$_GET['ref']}" />
|
||||
<input type="hidden" id="ref" name="ref" value="%1$s" />
|
||||
<button id="btnlogin" class="bttn-simple bttn-xs bttn-primary" tabindex="300" data-translation="button_login">login</button>
|
||||
</li>
|
||||
<li class="misc">
|
||||
@ -81,43 +81,34 @@ $contentLayout['login'] = <<<LOGIN
|
||||
<img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" />
|
||||
LOGIN;
|
||||
|
||||
$contentLayout['manage'] = <<<MANAGE
|
||||
$contentLayout['manage'] = <<<'MANAGE'
|
||||
<script src="misc/script.editable.table.js"></script>
|
||||
<script src="misc/script.manage.js"></script>
|
||||
<span id="user"><span data-translation="span_loggedinas">Ingelogd als</span> {$_SESSION['fullname']} --- [<a id="linkplugindialog" tabindex="600" data-translation="link_plugin">Browser plugin</a><div id="pluginlogos"><span data-translation="label_selectbrowser" style="float: left; margin-left: 5px;">Select browser:</span><span style="font-size: 8px; float: right; margin-right: 5px; margin-top: 2px;">[v0.2.122.4]</span><br /><img id="linkpluginchrome" src="images/chrome_256x256.png" /><img id="linkpluginfirefox" src="images/firefox_256x256.png" /><img id="linkpluginopera" src="images/opera_256x256.png" /></div>] [<a id="linklanguage-en" href="#" tabindex="700">EN</a> <a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>] [<a href="index.php?do=logout" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
|
||||
<!-- <fieldset style="clear: both;">
|
||||
<legend>Beheer Account</legend>
|
||||
<span id="user"><span data-translation="span_loggedinas">Ingelogd als</span> %1$s --- [<a id="linklanguage-en" href="#" tabindex="700">EN</a> <a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>] [<a href="#" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
|
||||
<fieldset style="clear: both;">
|
||||
<legend>Beheer Gebruikers</legend>
|
||||
<ul>
|
||||
<li>
|
||||
<table id="tabletest">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Username</th>
|
||||
<th>Role</th>
|
||||
<th>Sessions</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
%2$s
|
||||
</tbody>
|
||||
</table>
|
||||
</li>
|
||||
<li>
|
||||
<button id="btnaliasadd" class="bttn-simple bttn-xs bttn-primary" tabindex="200" data-translation="button_add">voeg toe</button>
|
||||
</li>
|
||||
<li>
|
||||
<label id="labelallaliases" class="pre" for="allaliases" data-translation="label_allaliases">Alle aliassen:</label><output id="aliasstats">[--]</output>
|
||||
<select id="allaliases" size="10" multiple="multiple" tabindex="300">
|
||||
</select>
|
||||
</li>
|
||||
<li>
|
||||
<button id="btnaliasdelete" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_delete">verwijder</button>
|
||||
</li>
|
||||
<li>
|
||||
<button id="btnsync" class="bttn-simple bttn-xs bttn-primary" style="background-position: center;" tabindex="500" data-translation="button_sync">synchroniseer</button>
|
||||
<button id="btnsync" class="bttn-simple bttn-xs bttn-primary" tabindex="500" data-translation="button_sync">synchroniseer</button>
|
||||
</li>
|
||||
</ul>
|
||||
</fieldset>
|
||||
-->
|
||||
MANAGE;
|
||||
|
||||
$contentLayout['dialog'] = <<<DIALOG
|
||||
<ul class="dialog">
|
||||
<li>
|
||||
<!--REPL_DIALOGDESC-->
|
||||
</li>
|
||||
<li>
|
||||
<button id="btnhome" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_home">ga naar startpagina</button>
|
||||
</li>
|
||||
</ul>
|
||||
DIALOG;
|
||||
|
||||
|
||||
?>
|
27
public/example.php
Normal file
27
public/example.php
Normal file
@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
|
||||
// Note that is just an example. Should take precautions such as filtering the input data.
|
||||
|
||||
header('Content-Type: application/json');
|
||||
|
||||
$input = filter_input_array(INPUT_POST);
|
||||
|
||||
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
|
||||
|
||||
if (mysqli_connect_errno()) {
|
||||
echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($input['action'] === 'edit') {
|
||||
$mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
|
||||
} else if ($input['action'] === 'delete') {
|
||||
$mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
|
||||
} else if ($input['action'] === 'restore') {
|
||||
$mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
|
||||
}
|
||||
|
||||
mysqli_close($mysqli);
|
||||
|
||||
echo json_encode($input);
|
@ -3,15 +3,18 @@
|
||||
|
||||
include_once('../include/lucidAuth.functions.php');
|
||||
|
||||
echo $settings->Debug['Verbose'];
|
||||
|
||||
if ($_POST['do'] == 'login') {
|
||||
$result = authenticateLDAP($_POST['username'], $_POST['password']);
|
||||
if ($result['status'] == 'Success') {
|
||||
if ($result['status'] === 'Success') {
|
||||
// Store authentication token; in database serverside & in cookie clientside
|
||||
if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') {
|
||||
// Since this action is only ever called through an AJAX-request; return JSON object
|
||||
echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
|
||||
// Return JSON object
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Failure",
|
||||
"Reason" => "Failed storing authentication token in database and/or cookie"
|
||||
]);
|
||||
# echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -21,33 +24,50 @@
|
||||
$proxyHeaders = json_decode(base64_decode($_POST['ref']), JSON_OBJECT_AS_ARRAY);
|
||||
}
|
||||
catch (Exception $e) {
|
||||
// Since this action is only ever called through an AJAX-request; return JSON object
|
||||
echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
|
||||
// Return JSON object
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Failure",
|
||||
"Reason" => "Original request-URI lost in transition"
|
||||
]);
|
||||
# echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
|
||||
exit;
|
||||
}
|
||||
$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
|
||||
|
||||
// Since this request is only ever called through an AJAX-request; return JSON object
|
||||
// Return JSON object
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Success",
|
||||
"Location" => $originalUri,
|
||||
"CrossDomainLogin" => $settings->Session['CrossDomainLogin']
|
||||
]);
|
||||
# echo sprintf('{"Result":"Success","Location":"%1$s","CrossDomainLogin":%2$s}', $originalUri, $settings->Session['CrossDomainLogin'] ? 'True' : 'False') . PHP_EOL;
|
||||
} else {
|
||||
switch ($result['reason']) {
|
||||
case '1':
|
||||
echo '{"Result":"Fail","Reason":"Invalid username and/or password"}' . PHP_EOL;
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Failure",
|
||||
"Reason" => "Invalid username and/or password"
|
||||
]);
|
||||
break;
|
||||
default:
|
||||
echo '{"Result":"Fail","Reason":"Uncaught error"}' . PHP_EOL;
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
"Result" => "Failure",
|
||||
"Reason" => "Uncaught error"
|
||||
]);
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
include_once('../include/lucidAuth.template.php');
|
||||
|
||||
echo sprintf($pageLayout['full'], $contentLayout['login']);
|
||||
echo sprintf($pageLayout['full'],
|
||||
sprintf($contentLayout['login'],
|
||||
$_GET['ref']
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
?>
|
50
public/lucidAuth.manage.php
Normal file
50
public/lucidAuth.manage.php
Normal file
@ -0,0 +1,50 @@
|
||||
<?php
|
||||
error_reporting(E_ALL ^ E_NOTICE);
|
||||
|
||||
include_once('../include/lucidAuth.functions.php');
|
||||
|
||||
if (!empty($_COOKIE['JWT'])) {
|
||||
$validateTokenResult = validateToken($_COOKIE['JWT']);
|
||||
}
|
||||
|
||||
if ($validateTokenResult['status'] === "Success") {
|
||||
include_once('../include/lucidAuth.template.php');
|
||||
|
||||
try {
|
||||
$allUsers = $pdoDB->query('
|
||||
SELECT User.Username, Role.Rolename, COUNT(DISTINCT SecureToken.Value) AS Sessions
|
||||
FROM User
|
||||
LEFT JOIN Role
|
||||
ON (User.RoleId=Role.Id)
|
||||
LEFT JOIN SecureToken
|
||||
ON (User.Id=SecureToken.UserId)
|
||||
')->fetchAll(PDO::FETCH_ASSOC);
|
||||
} catch (Exception $e) {
|
||||
// Should really do some actual errorhandling here
|
||||
throw new Exception($e);
|
||||
}
|
||||
|
||||
foreach($allUsers as $row) {
|
||||
$tableRows[] = sprintf('<tr><td>%1$s</td><td>%2$s</td><td>%3$s</td></tr>',
|
||||
explode('\\', $row['Username'])[1],
|
||||
$row['Rolename'],
|
||||
$row['Sessions']
|
||||
);
|
||||
}
|
||||
|
||||
echo sprintf($pageLayout['full'],
|
||||
sprintf($contentLayout['manage'],
|
||||
$validateTokenResult['name'],
|
||||
implode($tableRows)
|
||||
)
|
||||
);
|
||||
} else {
|
||||
// No cookie containing valid authentication token found;
|
||||
// explicitly deleting any remaining cookie, then redirecting to loginpage
|
||||
setcookie('JWT', FALSE);
|
||||
|
||||
header("HTTP/1.1 401 Unauthorized");
|
||||
header("Location: lucidAuth.login.php");
|
||||
}
|
||||
|
||||
?>
|
@ -18,7 +18,7 @@
|
||||
|
||||
include_once('../include/lucidAuth.template.php');
|
||||
|
||||
echo sprintf($pageLayout['bare',
|
||||
echo sprintf($pageLayout['bare'],
|
||||
'// iFrames go here'
|
||||
);
|
||||
?>
|
131
public/misc/script.editable.table.js
Normal file
131
public/misc/script.editable.table.js
Normal file
@ -0,0 +1,131 @@
|
||||
/*global $, window*/
|
||||
$.fn.editableTableWidget = function (options) {
|
||||
'use strict';
|
||||
return $(this).each(function () {
|
||||
var buildDefaultOptions = function () {
|
||||
var opts = $.extend({}, $.fn.editableTableWidget.defaultOptions);
|
||||
opts.editor = opts.editor.clone();
|
||||
return opts;
|
||||
},
|
||||
activeOptions = $.extend(buildDefaultOptions(), options),
|
||||
ARROW_LEFT = 37, ARROW_UP = 38, ARROW_RIGHT = 39, ARROW_DOWN = 40, ENTER = 13, ESC = 27, TAB = 9,
|
||||
element = $(this),
|
||||
editor = activeOptions.editor.css('position', 'absolute').hide().appendTo(element.parent()),
|
||||
active,
|
||||
showEditor = function (select) {
|
||||
active = element.find('td:focus');
|
||||
if (active.length) {
|
||||
editor.val(active.text())
|
||||
.removeClass('error')
|
||||
.show()
|
||||
.offset(active.offset())
|
||||
.css(active.css(activeOptions.cloneProperties))
|
||||
.width(active.width())
|
||||
.height(active.height())
|
||||
.focus();
|
||||
if (select) {
|
||||
editor.select();
|
||||
}
|
||||
}
|
||||
},
|
||||
setActiveText = function () {
|
||||
var text = editor.val(),
|
||||
evt = $.Event('change'),
|
||||
originalContent;
|
||||
if (active.text() === text || editor.hasClass('error')) {
|
||||
return true;
|
||||
}
|
||||
originalContent = active.html();
|
||||
active.text(text).trigger(evt, text);
|
||||
if (evt.result === false) {
|
||||
active.html(originalContent);
|
||||
}
|
||||
},
|
||||
movement = function (element, keycode) {
|
||||
if (keycode === ARROW_RIGHT) {
|
||||
return element.next('td');
|
||||
} else if (keycode === ARROW_LEFT) {
|
||||
return element.prev('td');
|
||||
} else if (keycode === ARROW_UP) {
|
||||
return element.parent().prev().children().eq(element.index());
|
||||
} else if (keycode === ARROW_DOWN) {
|
||||
return element.parent().next().children().eq(element.index());
|
||||
}
|
||||
return [];
|
||||
};
|
||||
editor.blur(function () {
|
||||
setActiveText();
|
||||
editor.hide();
|
||||
}).keydown(function (e) {
|
||||
if (e.which === ENTER) {
|
||||
setActiveText();
|
||||
editor.hide();
|
||||
active.focus();
|
||||
e.preventDefault();
|
||||
e.stopPropagation();
|
||||
} else if (e.which === ESC) {
|
||||
editor.val(active.text());
|
||||
e.preventDefault();
|
||||
e.stopPropagation();
|
||||
editor.hide();
|
||||
active.focus();
|
||||
} else if (e.which === TAB) {
|
||||
active.focus();
|
||||
} else if (this.selectionEnd - this.selectionStart === this.value.length) {
|
||||
var possibleMove = movement(active, e.which);
|
||||
if (possibleMove.length > 0) {
|
||||
possibleMove.focus();
|
||||
e.preventDefault();
|
||||
e.stopPropagation();
|
||||
}
|
||||
}
|
||||
})
|
||||
.on('input paste', function () {
|
||||
var evt = $.Event('validate');
|
||||
active.trigger(evt, editor.val());
|
||||
if (evt.result === false) {
|
||||
editor.addClass('error');
|
||||
} else {
|
||||
editor.removeClass('error');
|
||||
}
|
||||
});
|
||||
element.on('click keypress dblclick', showEditor)
|
||||
.css('cursor', 'pointer')
|
||||
.keydown(function (e) {
|
||||
var prevent = true,
|
||||
possibleMove = movement($(e.target), e.which);
|
||||
if (possibleMove.length > 0) {
|
||||
possibleMove.focus();
|
||||
} else if (e.which === ENTER) {
|
||||
showEditor(false);
|
||||
} else if (e.which === 17 || e.which === 91 || e.which === 93) {
|
||||
showEditor(true);
|
||||
prevent = false;
|
||||
} else {
|
||||
prevent = false;
|
||||
}
|
||||
if (prevent) {
|
||||
e.stopPropagation();
|
||||
e.preventDefault();
|
||||
}
|
||||
});
|
||||
|
||||
element.find('td').prop('tabindex', 1);
|
||||
|
||||
$(window).on('resize', function () {
|
||||
if (editor.is(':visible')) {
|
||||
editor.offset(active.offset())
|
||||
.width(active.width())
|
||||
.height(active.height());
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
};
|
||||
$.fn.editableTableWidget.defaultOptions = {
|
||||
cloneProperties: ['padding', 'padding-top', 'padding-bottom', 'padding-left', 'padding-right',
|
||||
'text-align', 'font', 'font-size', 'font-family', 'font-weight',
|
||||
'border', 'border-top', 'border-bottom', 'border-left', 'border-right'],
|
||||
editor: $('<input>')
|
||||
};
|
||||
|
@ -19,7 +19,7 @@ $(document).ready(function(){
|
||||
password: $('#password').val(),
|
||||
ref: $('#ref').val()
|
||||
})
|
||||
.done(function(data,status) {
|
||||
.done(function(data,_status) {
|
||||
if (data.Result === 'Success') {
|
||||
$('#btnlogin').css({
|
||||
'background': 'green url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaklEQVQ4jeXOMQ5AQBBG4T2BC4i76EWich7ncAKbqCRuodTqnMNTkFgJs3ZU4tXz/Rlj/hUQv8EpMAClFk9sjUAiHVcCnoFMwhZYgPYG575Xe46aIOyMdJx7ji9GwrEzUgOFCu8DkRp/qxU2BKCUyZR6ygAAAABJRU5ErkJggg==) no-repeat center',
|
||||
|
3
public/misc/script.manage.js
Normal file
3
public/misc/script.manage.js
Normal file
@ -0,0 +1,3 @@
|
||||
$(document).ready(function(){
|
||||
$('#tabletest').editableTableWidget();
|
||||
});
|
@ -8,13 +8,9 @@ var locales = {
|
||||
heading_error: "ERROR!",
|
||||
label_password: "Password:",
|
||||
label_username: "Username:",
|
||||
label_selectbrowser: "Select browser:",
|
||||
link_install: "Install!",
|
||||
link_logout: "Logout",
|
||||
link_plugin: "Browser plugin",
|
||||
span_credentialsavailable: "Login credentials available upon request!",
|
||||
span_loggedinas: "Logged in as",
|
||||
span_plugin: "Browser plugin?"
|
||||
span_loggedinas: "Logged in as"
|
||||
},
|
||||
nl: {
|
||||
button_add: "voeg toe",
|
||||
@ -25,13 +21,9 @@ var locales = {
|
||||
heading_error: "FOUT!",
|
||||
label_password: "Wachtwoord:",
|
||||
label_username: "Gebruikersnaam:",
|
||||
label_selectbrowser: "Selecteer browser:",
|
||||
link_install: "Installeer!",
|
||||
link_logout: "Log uit",
|
||||
link_plugin: "Browser plugin",
|
||||
span_credentialsavailable: "Inloggegevens verkrijgbaar op aanvraag!",
|
||||
span_loggedinas: "Ingelogd als",
|
||||
span_plugin: "Browser plugin?"
|
||||
span_loggedinas: "Ingelogd als"
|
||||
} // ... etc.
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user