YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Cookies bugfix and rename

Browse source
This commit is contained in:
Kload 2013-10-16 16:20:51 +02:00
parent 3ffaa2a259
commit 4715e22ef4
1 changed files with 43 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

80
access.lua
View file

@ -44,16 +44,17 @@ function set_auth_cookie (user, domain)
local cookie_str = "; Domain=."..domain.. local cookie_str = "; Domain=."..domain..
"; Path=/".. "; Path=/"..
"; Max-Age="..maxAge "; Max-Age="..maxAge
cook("YnhAuthUser="..user..cookie_str) cook("SSOwAuthUser="..user..cookie_str)
cook("YnhAuthHash="..hash..cookie_str) cook("SSOwAuthHash="..hash..cookie_str)
cook("YnhAuthExpire="..expire..cookie_str) cook("SSOwAuthExpire="..expire..cookie_str)
end end
function set_token_cookie () function set_token_cookie ()
local token = tostring(math.random(111111, 999999)) local token = tostring(math.random(111111, 999999))
tokens[token] = token tokens[token] = token
cook( cook(
"YnhAuthToken="..token.. "SSOwAuthToken="..token..
"; Domain=."..conf["portal_domain"]..
"; Path="..conf["portal_path"].. "; Path="..conf["portal_path"]..
"; Max-Age=3600" "; Max-Age=3600"
) )
@ -61,52 +62,52 @@ end
function set_redirect_cookie (redirect_url) function set_redirect_cookie (redirect_url)
cook( cook(
"YnhAuthRedirect="..redirect_url.. "SSOwAuthRedirect="..redirect_url..
"; Domain=."..conf["portal_domain"]..
"; Path="..conf["portal_path"].. "; Path="..conf["portal_path"]..
"; Max-Age=3600" "; Max-Age=3600"
) )
end end
function delete_cookie () function delete_cookie ()
expired_time = ngx.req.start_time() - 3600 -- expired yesterday expired_time = "Thu, Jan 01 1970 00:00:00 UTC;"
cook("YnhAuthUser=;" ..expired_time) for _, domain in ipairs(conf["domains"]) do
cook("YnhAuthHash=;" ..expired_time) local cookie_str = "; Domain=."..domain..
cook("YnhAuthExpire=;" ..expired_time) "; Path=/"..
"; Max-Age="..expired_time
cook("SSOwAuthUser=;" ..cookie_str)
cook("SSOwAuthHash=;" ..cookie_str)
cook("SSOwAuthExpire=;" ..cookie_str)
end
end end
function delete_onetime_cookie () function delete_onetime_cookie ()
expired_time = ngx.req.start_time() - 3600 -- expired yesterday expired_time = "Thu, Jan 01 1970 00:00:00 UTC;"
cook("YnhAuthToken=;" ..expired_time) local cookie_str = "; Path="..conf["portal_path"]..
cook("YnhAuthRedirect=;"..expired_time) "; Max-Age="..expired_time
cook("SSOwAuthToken=;" ..cookie_str)
cook("SSOwAuthRedirect=;" ..cookie_str)
end end
function check_cookie () function check_cookie ()
-- Check if cookie is set -- Check if cookie is set
if not ngx.var.cookie_YnhAuthExpire if ngx.var.cookie_SSOwAuthExpire and ngx.var.cookie_SSOwAuthExpire ~= ""
or not ngx.var.cookie_YnhAuthUser and ngx.var.cookie_SSOwAuthHash and ngx.var.cookie_SSOwAuthHash ~= ""
or not ngx.var.cookie_YnhAuthHash and ngx.var.cookie_SSOwAuthUser and ngx.var.cookie_SSOwAuthUser ~= ""
then then
return false -- Check expire time
if (ngx.req.start_time() <= tonumber(ngx.var.cookie_SSOwAuthExpire)) then
-- Check hash
local hash = ngx.md5(auth_key..
"|"..ngx.var.remote_addr..
"|"..ngx.var.cookie_SSOwAuthUser..
"|"..ngx.var.cookie_SSOwAuthExpire)
return hash == ngx.var.cookie_SSOwAuthHash
end
end end
-- Check expire time return false
if (ngx.req.start_time() >= tonumber(ngx.var.cookie_YnhAuthExpire)) then
return false
end
-- Check hash
local hash = ngx.md5(auth_key..
"|"..ngx.var.remote_addr..
"|"..ngx.var.cookie_YnhAuthUser..
"|"..ngx.var.cookie_YnhAuthExpire)
if hash ~= ngx.var.cookie_YnhAuthHash then
return false
end
return true
end end
function authenticate (user, password) function authenticate (user, password)
@ -155,7 +156,9 @@ function display_login_form ()
-- Logout -- Logout
delete_cookie() delete_cookie()
return redirect(portal_url) return redirect(portal_url)
elseif ngx.var.cookie_YnhAuthToken then elseif ngx.var.cookie_SSOwAuthToken
and tokens[ngx.var.cookie_SSOwAuthToken]
then
-- Display normal form -- Display normal form
return pass return pass
else else
@ -170,14 +173,14 @@ function do_login ()
local args = ngx.req.get_post_args() local args = ngx.req.get_post_args()
-- CSRF check -- CSRF check
local token = ngx.var.cookie_YnhAuthToken local token = ngx.var.cookie_SSOwAuthToken
if token and tokens[token] then if token and tokens[token] then
tokens[token] = nil tokens[token] = nil
ngx.status = ngx.HTTP_CREATED ngx.status = ngx.HTTP_CREATED
if authenticate(args.user, args.password) then if authenticate(args.user, args.password) then
local redirect_url = ngx.var.cookie_YnhAuthRedirect local redirect_url = ngx.var.cookie_SSOwAuthRedirect
if not redirect_url then redirect_url = portal_url end if not redirect_url then redirect_url = portal_url end
connections[args.user] = {} connections[args.user] = {}
connections[args.user]["redirect_url"] = redirect_url connections[args.user]["redirect_url"] = redirect_url
@ -200,6 +203,7 @@ end
function pass () function pass ()
delete_onetime_cookie() delete_onetime_cookie()
ngx.header["Set-Cookie"] = cookies
return return
end end
@ -256,7 +260,7 @@ end
for _, url in ipairs(conf["unprotected_urls"]) do for _, url in ipairs(conf["unprotected_urls"]) do
if string.starts(ngx.var.host..ngx.var.uri, url) then if string.starts(ngx.var.host..ngx.var.uri, url) then
if check_cookie() then if check_cookie() then
set_headers(ngx.var.cookie_YnhAuthUser) set_headers(ngx.var.cookie_SSOwAuthUser)
end end
return pass return pass
end end
@ -264,8 +268,10 @@ end
-- Cookie validation -- Cookie validation
if check_cookie() then if check_cookie() then
set_headers(ngx.var.cookie_YnhAuthUser) set_headers(ngx.var.cookie_SSOwAuthUser)
return pass return pass
else
delete_cookie()
end end