mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
Logout is cool too :)
This commit is contained in:
parent
8af807a98b
commit
800d8ccf44
2 changed files with 74 additions and 38 deletions
97
access.lua
97
access.lua
|
@ -154,10 +154,18 @@ function display_login_form ()
|
|||
ngx.req.set_header("Cache-Control", "no-cache")
|
||||
|
||||
if args.action and args.action == 'logout' then
|
||||
-- Logout
|
||||
delete_cookie()
|
||||
return redirect(portal_url)
|
||||
else
|
||||
if check_cookie() then
|
||||
local user = ngx.var.cookie_SSOwAuthUser
|
||||
logout[user] = {}
|
||||
logout[user]["redirect_url"] = portal_url
|
||||
logout[user]["domains"] = {}
|
||||
for _, value in ipairs(conf["domains"]) do
|
||||
table.insert(logout[user]["domains"], value)
|
||||
end
|
||||
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologout="..user)
|
||||
end
|
||||
end
|
||||
|
||||
-- Set redirect
|
||||
if args.r then set_redirect_cookie(ngx.decode_base64(args.r)) end
|
||||
-- Set token
|
||||
|
@ -166,7 +174,6 @@ function display_login_form ()
|
|||
ngx.header["Set-Cookie"] = cookies
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
function do_login ()
|
||||
ngx.req.read_body()
|
||||
|
@ -186,20 +193,60 @@ function do_login ()
|
|||
redirect_url = ngx.decode_base64(uri_args.r)
|
||||
end
|
||||
if not redirect_url then redirect_url = portal_url end
|
||||
connections[args.user] = {}
|
||||
connections[args.user]["redirect_url"] = redirect_url
|
||||
connections[args.user]["domains"] = {}
|
||||
login[args.user] = {}
|
||||
login[args.user]["redirect_url"] = redirect_url
|
||||
login[args.user]["domains"] = {}
|
||||
for _, value in ipairs(conf["domains"]) do
|
||||
table.insert(connections[args.user]["domains"], value)
|
||||
table.insert(login[args.user]["domains"], value)
|
||||
end
|
||||
|
||||
-- Connect to the first domain (self)
|
||||
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssoconnect="..args.user)
|
||||
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologin="..args.user)
|
||||
end
|
||||
end
|
||||
return redirect(portal_url)
|
||||
end
|
||||
|
||||
function login_walkthrough (user)
|
||||
-- Set Authentication cookies
|
||||
set_auth_cookie(user, ngx.var.host)
|
||||
-- Remove domain from login table
|
||||
domain_key = is_in_table(login[user]["domains"], ngx.var.host)
|
||||
table.remove(login[user]["domains"], domain_key)
|
||||
|
||||
if table.getn(login[user]["domains"]) == 0 then
|
||||
-- All the redirections has been made
|
||||
local redirect_url = login[user]["redirect_url"]
|
||||
login[user] = nil
|
||||
return redirect(ngx.unescape_uri(redirect_url))
|
||||
else
|
||||
-- Redirect to the next domain
|
||||
for _, domain in ipairs(login[user]["domains"]) do
|
||||
return redirect(ngx.var.scheme.."://"..domain.."/?ssologin="..user)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
function logout_walkthrough (user)
|
||||
-- Expire Authentication cookies
|
||||
delete_cookie()
|
||||
-- Remove domain from logout table
|
||||
domain_key = is_in_table(logout[user]["domains"], ngx.var.host)
|
||||
table.remove(logout[user]["domains"], domain_key)
|
||||
|
||||
if table.getn(logout[user]["domains"]) == 0 then
|
||||
-- All the redirections has been made
|
||||
local redirect_url = logout[user]["redirect_url"]
|
||||
logout[user] = nil
|
||||
return redirect(ngx.unescape_uri(redirect_url))
|
||||
else
|
||||
-- Redirect to the next domain
|
||||
for _, domain in ipairs(logout[user]["domains"]) do
|
||||
return redirect(ngx.var.scheme.."://"..domain.."/?ssologout="..user)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
function redirect (url)
|
||||
ngx.header["Set-Cookie"] = cookies
|
||||
return ngx.redirect(url)
|
||||
|
@ -215,30 +262,18 @@ end
|
|||
-- Routing
|
||||
--
|
||||
|
||||
-- Connection
|
||||
-- Logging in/out
|
||||
if ngx.var.request_method == "GET" then
|
||||
local args = ngx.req.get_uri_args()
|
||||
|
||||
-- /?ssoconnect=user
|
||||
local user = args.ssoconnect
|
||||
if user and connections[user] then
|
||||
-- Set Authentication cookie
|
||||
set_auth_cookie(user, ngx.var.host)
|
||||
-- Remove domain from connection table
|
||||
domain_key = is_in_table(connections[user]["domains"], ngx.var.host)
|
||||
table.remove(connections[user]["domains"], domain_key)
|
||||
local user = args.ssologin
|
||||
if user and login[user] then
|
||||
return login_walkthrough(user)
|
||||
end
|
||||
|
||||
if table.getn(connections[user]["domains"]) == 0 then
|
||||
-- All the redirections has been made
|
||||
local redirect_url = connections[user]["redirect_url"]
|
||||
connections[user] = nil
|
||||
return redirect(ngx.unescape_uri(redirect_url))
|
||||
else
|
||||
-- Redirect to the next domain
|
||||
for _, domain in ipairs(connections[user]["domains"]) do
|
||||
return redirect(ngx.var.scheme.."://"..domain.."/?ssoconnect="..user)
|
||||
end
|
||||
end
|
||||
user = args.ssologout
|
||||
if user and logout[user] then
|
||||
return logout_walkthrough(user)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -279,7 +314,7 @@ else
|
|||
end
|
||||
|
||||
|
||||
-- Connect with HTTP Auth if credentials are brought
|
||||
-- Login with HTTP Auth if credentials are brought
|
||||
local auth_header = ngx.req.get_headers()["Authorization"]
|
||||
if auth_header then
|
||||
_, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
|
||||
|
|
3
init.lua
3
init.lua
|
@ -10,7 +10,8 @@ srvkey = math.random(1111111, 9999999)
|
|||
-- Shared table
|
||||
tokens = {}
|
||||
cache = {}
|
||||
connections = {}
|
||||
login = {}
|
||||
logout = {}
|
||||
|
||||
-- Path of the configuration
|
||||
conf_path = '/etc/ssowat/conf.json'
|
||||
|
|
Loading…
Reference in a new issue