mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
Bugfixes + flash system
This commit is contained in:
parent
0ddd88c409
commit
b7743cbe45
2 changed files with 60 additions and 27 deletions
58
access.lua
58
access.lua
|
@ -42,6 +42,15 @@ function cook (cookie_str)
|
||||||
table.insert(cookies, cookie_str)
|
table.insert(cookies, cookie_str)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function flash (wat, message)
|
||||||
|
if wat == "fail"
|
||||||
|
or wat == "win"
|
||||||
|
or wat == "info"
|
||||||
|
then
|
||||||
|
flashs[wat] = message
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
function set_auth_cookie (user, domain)
|
function set_auth_cookie (user, domain)
|
||||||
local maxAge = 60 * 60 * 24 * 7 -- 1 week
|
local maxAge = 60 * 60 * 24 * 7 -- 1 week
|
||||||
local expire = ngx.req.start_time() + maxAge
|
local expire = ngx.req.start_time() + maxAge
|
||||||
|
@ -61,7 +70,7 @@ function set_redirect_cookie (redirect_url)
|
||||||
cook(
|
cook(
|
||||||
"SSOwAuthRedirect="..redirect_url..
|
"SSOwAuthRedirect="..redirect_url..
|
||||||
"; Path="..conf["portal_path"]..
|
"; Path="..conf["portal_path"]..
|
||||||
"; Max-Age=3600"
|
"; Max-Age=3600;"
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -77,14 +86,13 @@ function delete_cookie ()
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
function delete_onetime_cookie ()
|
function delete_redirect_cookie ()
|
||||||
expired_time = "Thu, Jan 01 1970 00:00:00 UTC;"
|
expired_time = "Thu, Jan 01 1970 00:00:00 UTC;"
|
||||||
local cookie_str = "; Path="..conf["portal_path"]..
|
local cookie_str = "; Path="..conf["portal_path"]..
|
||||||
"; Max-Age="..expired_time
|
"; Max-Age="..expired_time
|
||||||
cook("SSOwAuthRedirect=;" ..cookie_str)
|
cook("SSOwAuthRedirect=;" ..cookie_str)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
function check_cookie ()
|
function check_cookie ()
|
||||||
|
|
||||||
-- Check if cookie is set
|
-- Check if cookie is set
|
||||||
|
@ -160,7 +168,7 @@ function serve(uri)
|
||||||
end
|
end
|
||||||
|
|
||||||
-- Try to get file content
|
-- Try to get file content
|
||||||
content = read_file(script_path.."portal"..rel_path)
|
local content = read_file(script_path.."portal"..rel_path)
|
||||||
if not content then
|
if not content then
|
||||||
return ngx.exit(ngx.HTTP_NOT_FOUND)
|
return ngx.exit(ngx.HTTP_NOT_FOUND)
|
||||||
end
|
end
|
||||||
|
@ -189,19 +197,33 @@ function serve(uri)
|
||||||
|
|
||||||
-- Render as mustache
|
-- Render as mustache
|
||||||
if ext == "html" then
|
if ext == "html" then
|
||||||
data = get_data_for(file)
|
local data = get_data_for(file)
|
||||||
content = string.gsub(hige.render(content, data), "</html>(%d+)", "</html>")
|
local rendered = hige.render(read_file(script_path.."portal/header.ms"), data)
|
||||||
|
rendered = rendered..hige.render(content, data)
|
||||||
|
content = rendered..hige.render(read_file(script_path.."portal/footer.ms"), data)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
-- Reset flash messages
|
||||||
|
flashs["fail"] = nil
|
||||||
|
flashs["win"] = nil
|
||||||
|
flashs["info"] = nil
|
||||||
|
|
||||||
|
-- Ain't nobody got time for cache
|
||||||
ngx.header["Cache-Control"] = "no-cache"
|
ngx.header["Cache-Control"] = "no-cache"
|
||||||
ngx.say(content)
|
ngx.say(content)
|
||||||
return ngx.exit(ngx.HTTP_OK)
|
return ngx.exit(ngx.HTTP_OK)
|
||||||
end
|
end
|
||||||
|
|
||||||
function get_data_for(view)
|
function get_data_for(view)
|
||||||
|
local data = {}
|
||||||
|
data['flash_fail'] = {flashs["fail"]}
|
||||||
|
data['flash_win'] = {flashs["win"] }
|
||||||
|
data['flash_info'] = {flashs["info"]}
|
||||||
|
|
||||||
if view == "login.html" then
|
if view == "login.html" then
|
||||||
return { title = "YunoHost Login" }
|
data["title"] = "YunoHost Login"
|
||||||
end
|
end
|
||||||
|
return data
|
||||||
end
|
end
|
||||||
|
|
||||||
function do_login ()
|
function do_login ()
|
||||||
|
@ -227,13 +249,13 @@ function do_login ()
|
||||||
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologin="..args.user)
|
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologin="..args.user)
|
||||||
else
|
else
|
||||||
ngx.status = ngx.HTTP_UNAUTHORIZED
|
ngx.status = ngx.HTTP_UNAUTHORIZED
|
||||||
|
flash("fail", "Wrong username/password combination")
|
||||||
return redirect(portal_url)
|
return redirect(portal_url)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
function do_logout()
|
function do_logout()
|
||||||
local args = ngx.req.get_uri_args()
|
local args = ngx.req.get_uri_args()
|
||||||
ngx.req.set_header("Cache-Control", "no-cache")
|
|
||||||
if check_cookie() then
|
if check_cookie() then
|
||||||
local redirect_url = portal_url
|
local redirect_url = portal_url
|
||||||
if args.r then
|
if args.r then
|
||||||
|
@ -247,6 +269,9 @@ function do_logout()
|
||||||
table.insert(logout[user]["domains"], value)
|
table.insert(logout[user]["domains"], value)
|
||||||
end
|
end
|
||||||
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologout="..user)
|
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologout="..user)
|
||||||
|
else
|
||||||
|
flash("info", "You are already logged out")
|
||||||
|
return redirect(portal_url)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -261,6 +286,7 @@ function login_walkthrough (user)
|
||||||
-- All the redirections has been made
|
-- All the redirections has been made
|
||||||
local redirect_url = login[user]["redirect_url"]
|
local redirect_url = login[user]["redirect_url"]
|
||||||
login[user] = nil
|
login[user] = nil
|
||||||
|
flash("win", "Successfully logged in")
|
||||||
return redirect(redirect_url)
|
return redirect(redirect_url)
|
||||||
else
|
else
|
||||||
-- Redirect to the next domain
|
-- Redirect to the next domain
|
||||||
|
@ -281,6 +307,7 @@ function logout_walkthrough (user)
|
||||||
-- All the redirections has been made
|
-- All the redirections has been made
|
||||||
local redirect_url = logout[user]["redirect_url"]
|
local redirect_url = logout[user]["redirect_url"]
|
||||||
logout[user] = nil
|
logout[user] = nil
|
||||||
|
flash("win", "Successfully logged out")
|
||||||
return redirect(redirect_url)
|
return redirect(redirect_url)
|
||||||
else
|
else
|
||||||
-- Redirect to the next domain
|
-- Redirect to the next domain
|
||||||
|
@ -296,7 +323,7 @@ function redirect (url)
|
||||||
end
|
end
|
||||||
|
|
||||||
function pass ()
|
function pass ()
|
||||||
delete_onetime_cookie()
|
delete_redirect_cookie()
|
||||||
ngx.req.set_header("Set-Cookie", cookies)
|
ngx.req.set_header("Set-Cookie", cookies)
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
@ -340,15 +367,18 @@ then
|
||||||
-- Logout
|
-- Logout
|
||||||
return do_logout()
|
return do_logout()
|
||||||
|
|
||||||
elseif check_cookie()
|
elseif check_cookie() -- Authenticated
|
||||||
or ngx.var.uri == conf["portal_path"]
|
or ngx.var.uri == conf["portal_path"] -- OR Want to serve portal login
|
||||||
or string.starts(ngx.var.uri, conf["portal_path"].."assets")
|
or (string.starts(ngx.var.uri, conf["portal_path"].."assets")
|
||||||
|
and ngx.var.http_referer
|
||||||
|
and string.starts(ngx.var.http_referer, portal_url)) -- OR Want to serve assets for portal login
|
||||||
then
|
then
|
||||||
-- Serve normal portal
|
-- Serve normal portal
|
||||||
return serve(ngx.var.uri)
|
return serve(ngx.var.uri)
|
||||||
|
|
||||||
else
|
else
|
||||||
-- Redirect to portal
|
-- Redirect to portal
|
||||||
|
flash("info", "Please log in to access to this content")
|
||||||
return redirect(portal_url)
|
return redirect(portal_url)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -359,6 +389,7 @@ then
|
||||||
return do_login()
|
return do_login()
|
||||||
else
|
else
|
||||||
-- Redirect to portal
|
-- Redirect to portal
|
||||||
|
flash("fail", "Please log in from the portal")
|
||||||
return redirect(portal_url)
|
return redirect(portal_url)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -393,7 +424,7 @@ end
|
||||||
|
|
||||||
if check_cookie() then
|
if check_cookie() then
|
||||||
set_headers(ngx.var.cookie_SSOwAuthUser)
|
set_headers(ngx.var.cookie_SSOwAuthUser)
|
||||||
return pass
|
return pass()
|
||||||
else
|
else
|
||||||
delete_cookie()
|
delete_cookie()
|
||||||
end
|
end
|
||||||
|
@ -415,6 +446,7 @@ end
|
||||||
-- Else redirect to portal
|
-- Else redirect to portal
|
||||||
--
|
--
|
||||||
|
|
||||||
|
flash("info", "Please log in to access to this content")
|
||||||
local back_url = ngx.var.scheme .. "://" .. ngx.var.http_host .. ngx.var.uri
|
local back_url = ngx.var.scheme .. "://" .. ngx.var.http_host .. ngx.var.uri
|
||||||
return redirect(portal_url.."?r="..ngx.encode_base64(back_url))
|
return redirect(portal_url.."?r="..ngx.encode_base64(back_url))
|
||||||
|
|
||||||
|
|
1
init.lua
1
init.lua
|
@ -16,6 +16,7 @@ srvkey = math.random(1111111, 9999999)
|
||||||
|
|
||||||
-- Shared table
|
-- Shared table
|
||||||
cache = {}
|
cache = {}
|
||||||
|
flashs = {}
|
||||||
login = {}
|
login = {}
|
||||||
logout = {}
|
logout = {}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue