mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
Screw tokens, be Batman
This commit is contained in:
parent
800d8ccf44
commit
5ae1199bf1
2 changed files with 5 additions and 23 deletions
27
access.lua
27
access.lua
|
@ -6,7 +6,6 @@ local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing
|
||||||
local conf = json.decode(conf_file:read("*all"))
|
local conf = json.decode(conf_file:read("*all"))
|
||||||
local portal_url = conf["portal_scheme"].."://"..
|
local portal_url = conf["portal_scheme"].."://"..
|
||||||
conf["portal_domain"]..
|
conf["portal_domain"]..
|
||||||
":"..conf["portal_port"]..
|
|
||||||
conf["portal_path"]
|
conf["portal_path"]
|
||||||
table.insert(conf["skipped_urls"], conf["portal_domain"]..conf["portal_path"])
|
table.insert(conf["skipped_urls"], conf["portal_domain"]..conf["portal_path"])
|
||||||
|
|
||||||
|
@ -49,17 +48,6 @@ function set_auth_cookie (user, domain)
|
||||||
cook("SSOwAuthExpire="..expire..cookie_str)
|
cook("SSOwAuthExpire="..expire..cookie_str)
|
||||||
end
|
end
|
||||||
|
|
||||||
function set_token_cookie ()
|
|
||||||
local token = tostring(math.random(111111, 999999))
|
|
||||||
tokens[token] = token
|
|
||||||
cook(
|
|
||||||
"SSOwAuthToken="..token..
|
|
||||||
"; Domain=."..conf["portal_domain"]..
|
|
||||||
"; Path="..conf["portal_path"]..
|
|
||||||
"; Max-Age=3600"
|
|
||||||
)
|
|
||||||
end
|
|
||||||
|
|
||||||
function set_redirect_cookie (redirect_url)
|
function set_redirect_cookie (redirect_url)
|
||||||
cook(
|
cook(
|
||||||
"SSOwAuthRedirect="..redirect_url..
|
"SSOwAuthRedirect="..redirect_url..
|
||||||
|
@ -84,7 +72,6 @@ function delete_onetime_cookie ()
|
||||||
expired_time = "Thu, Jan 01 1970 00:00:00 UTC;"
|
expired_time = "Thu, Jan 01 1970 00:00:00 UTC;"
|
||||||
local cookie_str = "; Path="..conf["portal_path"]..
|
local cookie_str = "; Path="..conf["portal_path"]..
|
||||||
"; Max-Age="..expired_time
|
"; Max-Age="..expired_time
|
||||||
cook("SSOwAuthToken=;" ..cookie_str)
|
|
||||||
cook("SSOwAuthRedirect=;" ..cookie_str)
|
cook("SSOwAuthRedirect=;" ..cookie_str)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -167,11 +154,11 @@ function display_login_form ()
|
||||||
end
|
end
|
||||||
|
|
||||||
-- Set redirect
|
-- Set redirect
|
||||||
if args.r then set_redirect_cookie(ngx.decode_base64(args.r)) end
|
if args.r then
|
||||||
-- Set token
|
set_redirect_cookie(ngx.decode_base64(args.r))
|
||||||
set_token_cookie()
|
|
||||||
ngx.header["Cache-Control"] = "no-cache"
|
|
||||||
ngx.header["Set-Cookie"] = cookies
|
ngx.header["Set-Cookie"] = cookies
|
||||||
|
end
|
||||||
|
ngx.header["Cache-Control"] = "no-cache"
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -180,11 +167,7 @@ function do_login ()
|
||||||
local args = ngx.req.get_post_args()
|
local args = ngx.req.get_post_args()
|
||||||
local uri_args = ngx.req.get_uri_args()
|
local uri_args = ngx.req.get_uri_args()
|
||||||
|
|
||||||
-- CSRF check
|
if string.starts(ngx.var.http_referer, portal_url) then
|
||||||
local token = ngx.var.cookie_SSOwAuthToken
|
|
||||||
|
|
||||||
if token and tokens[token] then
|
|
||||||
tokens[token] = nil
|
|
||||||
ngx.status = ngx.HTTP_CREATED
|
ngx.status = ngx.HTTP_CREATED
|
||||||
|
|
||||||
if authenticate(args.user, args.password) then
|
if authenticate(args.user, args.password) then
|
||||||
|
|
1
init.lua
1
init.lua
|
@ -8,7 +8,6 @@ math.randomseed(os.time())
|
||||||
srvkey = math.random(1111111, 9999999)
|
srvkey = math.random(1111111, 9999999)
|
||||||
|
|
||||||
-- Shared table
|
-- Shared table
|
||||||
tokens = {}
|
|
||||||
cache = {}
|
cache = {}
|
||||||
login = {}
|
login = {}
|
||||||
logout = {}
|
logout = {}
|
||||||
|
|
Loading…
Reference in a new issue