Periodic merge upstream #5
@ -35,14 +35,36 @@ function authenticateLDAP (string $username, string $password) {
|
|||||||
if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) {
|
if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) {
|
||||||
// Successful authentication; get additional userdetails from authenticationsource
|
// Successful authentication; get additional userdetails from authenticationsource
|
||||||
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
|
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
|
||||||
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
|
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
|
||||||
// Create JWT-payload
|
|
||||||
|
$browserDetails = get_browser(null, True);
|
||||||
|
$geoLocation = json_decode(file_get_contents("http://ip-api.com/json/{$_SERVER['HTTP_X_REAL_IP']}"));
|
||||||
|
if ($geoLocation->status === 'fail') {
|
||||||
|
switch ($geoLocation->message) {
|
||||||
|
case 'private range':
|
||||||
|
case 'reserved range':
|
||||||
|
$geoLocation = json_decode(file_get_contents("http://ip-api.com/json/" . trim(file_get_contents('https://api.ipify.org')) ));
|
||||||
|
break;
|
||||||
|
case 'invalid query':
|
||||||
|
default:
|
||||||
|
$geoLocation->city = null;
|
||||||
|
$geoLocation->countryCode = null;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create JWT-payload
|
||||||
$jwtPayload = [
|
$jwtPayload = [
|
||||||
'iat' => time(), // Issued at: time when the token was generated
|
'iat' => time(), // Issued at: time when the token was generated
|
||||||
'iss' => $_SERVER['SERVER_NAME'], // Issuer
|
'iss' => $_SERVER['SERVER_NAME'], // Issuer
|
||||||
'sub' => $qualifiedUsername, // Subject (ie. username)
|
'sub' => $qualifiedUsername, // Subject (ie. username)
|
||||||
'name' => $commonName, // Common name (as retrieved from AD)
|
'name' => $commonName, // Common name (as retrieved from AD)
|
||||||
'fp' => base64_encode(json_encode(get_browser(null, True))) // Fingerprint (based on `HTTP_USER_AGENT`)
|
'fp' => base64_encode(json_encode((object) [ // Fingerprint
|
||||||
|
'browser' => $browserDetails['browser'],
|
||||||
|
'platform' => $browserDetails['platform'],
|
||||||
|
'city' => $geoLocation->city,
|
||||||
|
'countrycode' => $geoLocation->countryCode
|
||||||
|
]))
|
||||||
];
|
];
|
||||||
|
|
||||||
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
|
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
|
||||||
|
1
public/images/README.md
Normal file
1
public/images/README.md
Normal file
@ -0,0 +1 @@
|
|||||||
|
Browser logo's obtained from [alrra/browser-logos](https://github.com/alrra/browser-logos).
|
BIN
public/images/chrome_256x256.png
Normal file
BIN
public/images/chrome_256x256.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 26 KiB |
BIN
public/images/edge_256x256.png
Normal file
BIN
public/images/edge_256x256.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 26 KiB |
BIN
public/images/firefox_256x256.png
Normal file
BIN
public/images/firefox_256x256.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 37 KiB |
BIN
public/images/opera_256x256.png
Normal file
BIN
public/images/opera_256x256.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 12 KiB |
BIN
public/images/safari_256x256.png
Normal file
BIN
public/images/safari_256x256.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 64 KiB |
BIN
public/images/tor_256x256.png
Normal file
BIN
public/images/tor_256x256.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 24 KiB |
@ -22,7 +22,10 @@ $(document).ready(function(){
|
|||||||
var Sessions = JSON.parse(data.UserSessions);
|
var Sessions = JSON.parse(data.UserSessions);
|
||||||
for (var i = 0; i < data.SessionCount; i++) {
|
for (var i = 0; i < data.SessionCount; i++) {
|
||||||
try {
|
try {
|
||||||
var Fingerprint = JSON.parse(atob(Sessions[i]['fp']));
|
var fingerPrint = JSON.parse(atob(Sessions[i]['fp']));
|
||||||
|
var sessionDetails = '<img class="browsericon" src="/images/' + fingerPrint['browser'] + '_256x256.png">';
|
||||||
|
sessionDetails += fingerPrint['browser'] + ' -- ' + fingerPrint['platform'];
|
||||||
|
sessionDetails += '<br>' + fingerPrint['city'] + ' (' + fingerPrint['countrycode'] + ')';
|
||||||
} catch(e) {
|
} catch(e) {
|
||||||
// Do nothing
|
// Do nothing
|
||||||
}
|
}
|
||||||
@ -34,8 +37,7 @@ $(document).ready(function(){
|
|||||||
text: Sessions[i]['iss']
|
text: Sessions[i]['iss']
|
||||||
}))
|
}))
|
||||||
.append($('<td>', {
|
.append($('<td>', {
|
||||||
// text: Sessions[i]['fp'] ? atob(Sessions[i]['fp'])['browser'] + '(' + atob(Sessions[i]['fp'])['platform'] + ')' : ''
|
html: sessionDetails ? sessionDetails : ''
|
||||||
text: Fingerprint ? Fingerprint['browser'] + ' (' + Fingerprint['platform'] + ')' : ''
|
|
||||||
}))
|
}))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -142,10 +142,16 @@ body {
|
|||||||
padding-top: 5px;
|
padding-top: 5px;
|
||||||
background: white;
|
background: white;
|
||||||
font-size: inherit;
|
font-size: inherit;
|
||||||
font-weight: bold;
|
|
||||||
z-index: 99;
|
z-index: 99;
|
||||||
overflow-y: auto;
|
overflow-y: auto;
|
||||||
}
|
}
|
||||||
|
.main section #sessions .browsericon {
|
||||||
|
height: 30px;
|
||||||
|
float: left;
|
||||||
|
margin-right: 5px;
|
||||||
|
border: none;
|
||||||
|
filter: drop-shadow(0px 0px 1px #000);
|
||||||
|
}
|
||||||
.main section table {
|
.main section table {
|
||||||
width: 100%;
|
width: 100%;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user