User info view + password edition

This commit is contained in:
Kload 2013-10-21 13:13:43 +02:00
parent 96067e62c8
commit 92d2e8848f
7 changed files with 185 additions and 19 deletions

View file

@ -93,7 +93,7 @@ function delete_redirect_cookie ()
cook("SSOwAuthRedirect=;" ..cookie_str)
end
function check_cookie ()
function is_logged_in ()
-- Check if cookie is set
if ngx.var.cookie_SSOwAuthExpire and ngx.var.cookie_SSOwAuthExpire ~= ""
@ -129,15 +129,18 @@ function authenticate (user, password)
end
function set_headers (user)
if not cache[user]["uid"] then
user = user or ngx.var.cookie_SSOwAuthUser
if not cache[user]["mail"] then
ldap = lualdap.open_simple("localhost")
for dn, attribs in ldap:search {
base = "uid=".. user ..",ou=users,dc=yunohost,dc=org",
scope = "base",
sizelimit = 1,
attrs = {"uid", "givenName", "sn", "cn", "homeDirectory", "mail"}
attrs = {"uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"}
} do
for k,v in pairs(attribs) do cache[user][k] = v end
for k,v in pairs(attribs) do
cache[user][k] = v
end
end
end
@ -159,8 +162,12 @@ function serve(uri)
-- Load login.html as index
if rel_path == "/" then
if is_logged_in() then
rel_path = "/info.html"
else
rel_path = "/login.html"
end
end
-- Access to directory root: forbidden
if string.ends(rel_path, "/") then
@ -215,6 +222,7 @@ function serve(uri)
end
function get_data_for(view)
local user = ngx.var.cookie_SSOwAuthUser
local data = {}
data['flash_fail'] = {flashs["fail"]}
data['flash_win'] = {flashs["win"] }
@ -222,10 +230,69 @@ function get_data_for(view)
if view == "login.html" then
data["title"] = "YunoHost Login"
elseif view == "info.html" then
set_headers()
data["title"] = cache[user]["uid"].." <small>"..cache[user]["cn"].."</small>"
data["connected"] = true
data["uid"] = cache[user]["uid"]
data["cn"] = cache[user]["cn"]
data["mailalias"] = {}
data["maildrop"] = {}
if type(cache[user]["mail"]) == "table" then
data["mail"] = cache[user]["mail"][1]
for k, mail in ipairs(cache[user]["mail"]) do
if k ~= 1 then table.insert(data["mailalias"], mail) end
end
else
data["mail"] = cache[user]["mail"]
end
if type(cache[user]["maildrop"]) == "table" then
for k, mail in ipairs(cache[user]["maildrop"]) do
if k ~= 1 then table.insert(data["maildrop"], mail) end
end
end
elseif view == "password.html" then
data["title"] = "Change password"
data["connected"] = true
end
return data
end
function do_edit ()
ngx.req.read_body()
local args = ngx.req.get_post_args()
if is_logged_in() and args
then
ngx.status = ngx.HTTP_CREATED
if string.ends(ngx.var.uri, "password.html") then
if args.actualpassword
and args.actualpassword == cache[ngx.var.cookie_SSOwAuthUser]["password"]
then
if args.newpassword == args.confirm then
local dn = "uid="..ngx.var.cookie_SSOwAuthUser..",ou=users,dc=yunohost,dc=org"
local ldap = lualdap.open_simple("localhost", dn, args.actualpassword)
local password = "{SHA}"..ngx.encode_base64(ngx.sha1_bin(args.newpassword))
if ldap:modify(dn, {'=', userPassword = password }) then
flash("win", "Password successfully changed")
cache[ngx.var.cookie_SSOwAuthUser]["password"] = args.newpassword
return redirect(portal_url.."info.html")
else
flash("fail", "An error occured on password changing")
end
else
flash("fail", "New passwords don't match")
end
else
flash("fail", "Actual password is wrong")
end
return redirect(portal_url.."password.html")
elseif string.ends(ngx.var.uri, "edit.html") then
return redirect(portal_url.."edit.html")
end
end
end
function do_login ()
ngx.req.read_body()
local args = ngx.req.get_post_args()
@ -256,7 +323,7 @@ end
function do_logout()
local args = ngx.req.get_uri_args()
if check_cookie() then
if is_logged_in() then
local redirect_url = portal_url
if args.r then
redirect_url = ngx.decode_base64(args.r)
@ -270,7 +337,7 @@ function do_logout()
end
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologout="..user)
else
flash("info", "You are already logged out")
flash("info", "Logged out")
return redirect(portal_url)
end
end
@ -286,7 +353,9 @@ function login_walkthrough (user)
-- All the redirections has been made
local redirect_url = login[user]["redirect_url"]
login[user] = nil
flash("win", "Successfully logged in")
if redirect_url == portal_url then
flash("win", "Logged in")
end
return redirect(redirect_url)
else
-- Redirect to the next domain
@ -307,7 +376,9 @@ function logout_walkthrough (user)
-- All the redirections has been made
local redirect_url = logout[user]["redirect_url"]
logout[user] = nil
flash("win", "Successfully logged out")
if redirect_url == portal_url then
flash("info", "Logged out")
end
return redirect(redirect_url)
else
-- Redirect to the next domain
@ -367,7 +438,7 @@ then
-- Logout
return do_logout()
elseif check_cookie() -- Authenticated
elseif is_logged_in() -- Authenticated
or ngx.var.uri == conf["portal_path"] -- OR Want to serve portal login
or (string.starts(ngx.var.uri, conf["portal_path"].."assets")
and ngx.var.http_referer
@ -384,9 +455,15 @@ then
elseif ngx.var.request_method == "POST" then
if string.starts(ngx.var.http_referer, portal_url) then
-- CSRF protection
if string.starts(ngx.var.http_referer, portal_url) then
if string.ends(ngx.var.uri, conf["portal_path"].."password.html")
or string.ends(ngx.var.uri, conf["portal_path"].."edit.html")
then
return do_edit()
else
return do_login()
end
else
-- Redirect to portal
flash("fail", "Please log in from the portal")
@ -411,8 +488,8 @@ end
for _, url in ipairs(conf["unprotected_urls"]) do
if string.starts(ngx.var.host..ngx.var.uri, url) then
if check_cookie() then
set_headers(ngx.var.cookie_SSOwAuthUser)
if is_logged_in() then
set_headers()
end
return pass()
end
@ -422,8 +499,8 @@ end
-- Cookie validation
--
if check_cookie() then
set_headers(ngx.var.cookie_SSOwAuthUser)
if is_logged_in() then
set_headers()
return pass()
else
delete_cookie()

Binary file not shown.

After

Width:  |  Height:  |  Size: 569 B

0
portal/edit.html Normal file
View file

View file

@ -1,2 +1,7 @@
</div>
</div>
</div>
</div>
<div style="height: 20px"></div>
</body>
</html>

View file

@ -1,13 +1,23 @@
<html>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" >
<head>
<title>{{title}}</title>
<title>YunoHost</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css"/>
</head>
<body>
<!-- Padding bootstrap style -->
<div class="row">
<div class="col-sm-4 col-sm-offset-4">
<h1>{{title}}</h1>
<div class="col-xs-1 visible-xs"></div>
<div class="col-sm-10 col-sm-offset-1 col-xs-10 col-xs-offest-1">
<div class="row">
<div class="col-sm-6 col-sm-offset-3 col-xs-12">
<h2>{{{title}}}</h2>
{{#connected}}
<div class="pull-right" style="margin-top: -31px">
<a href="?action=logout">Logout</a>
</div>
{{/connected}}
<hr>
{{#flash_win}}

43
portal/info.html Normal file
View file

@ -0,0 +1,43 @@
<div class="row">
<div class="col-md-4 text-center">
<img src="assets/img/avatar.png">
</div>
<div class="visible-sm" style="height: 20px"></div>
<div class="col-md-8">
<div class="row">
<div class="col-sm-4 text-right hidden-xs"><strong>Mail</strong></div>
<div class="col-sm-4 visible-xs "><h4>Mail</h4></div>
<div class="col-sm-8"><blockquote>{{mail}}</blockquote></div>
<div class="clearfix"></div><br>
<div class="col-sm-4 text-right hidden-xs"><strong>Aliases</strong></div>
<div class="col-sm-4 visible-xs "><h4>Aliases</h4></div>
<div class="col-sm-8">
<blockquote>
{{#mailalias}}
<div style="line-height: 25px">{{.}}</div>
{{/mailalias}}
</blockquote>
</div>
<div class="clearfix"></div><br>
<div class="col-sm-4 text-right hidden-xs"><strong>Forward</strong></div>
<div class="col-sm-4 visible-xs "><h4>Forward</h4></div>
<div class="col-sm-8">
<blockquote>
{{#maildrop}}
<div style="line-height: 25px">{{.}}</div>
{{/maildrop}}
</blockquote>
</div>
</div>
</div>
</div>
<hr>
<div class="row">
<div class="col-sm-6 text-center">
<a href="password.html" class="btn btn-lg btn-primary">Change password</a>
</div>
<div class="visible-xs" style="height: 20px"></div>
<div class="col-sm-6 text-center">
<a href="edit.html" class="btn btn-lg btn-info">Edit</a>
</div>
</div>

31
portal/password.html Normal file
View file

@ -0,0 +1,31 @@
<form class="form-horizontal" role="form" method="POST" action="password.html">
<div class="form-group">
<label for="actualpassword" class="col-md-5 control-label">Actual password</label>
<div class="col-md-7">
<input type="password" class="form-control" id="actualpassword" name="actualpassword">
</div>
</div>
<hr>
<div class="form-group">
<label for="newpassword" class="col-md-5 control-label">New password</label>
<div class="col-md-7">
<input type="password" class="form-control" id="newpassword" name="newpassword">
</div>
</div>
<div class="form-group">
<label for="confirm" class="col-md-5 control-label">Confirm</label>
<div class="col-md-7">
<input type="password" class="form-control" id="confirm" name="confirm">
</div>
</div>
<hr>
<div class="row">
<div class="col-sm-6 text-center">
<input type="submit" class="btn btn-lg btn-primary" value="OK">
</div>
<div class="visible-xs" style="height: 20px"></div>
<div class="col-sm-6 text-center">
<a href="info.html" class="btn btn-lg btn-default">Cancel</a>
</div>
</div>
</form>