YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Bugfixes + flash system

Browse source
This commit is contained in:
Kload 2013-10-20 22:07:26 +02:00
parent 0ddd88c409
commit b7743cbe45
2 changed files with 60 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
access.lua
View file

@ -42,6 +42,15 @@ function cook (cookie_str)
table.insert(cookies, cookie_str) table.insert(cookies, cookie_str)
end end
function flash (wat, message)
if wat == "fail"
or wat == "win"
or wat == "info"
then
flashs[wat] = message
end
end
function set_auth_cookie (user, domain) function set_auth_cookie (user, domain)
local maxAge = 60 * 60 * 24 * 7 -- 1 week local maxAge = 60 * 60 * 24 * 7 -- 1 week
local expire = ngx.req.start_time() + maxAge local expire = ngx.req.start_time() + maxAge
@ -61,7 +70,7 @@ function set_redirect_cookie (redirect_url)
cook( cook(
"SSOwAuthRedirect="..redirect_url.. "SSOwAuthRedirect="..redirect_url..
"; Path="..conf["portal_path"].. "; Path="..conf["portal_path"]..
"; Max-Age=3600" "; Max-Age=3600;"
) )
end end
@ -77,14 +86,13 @@ function delete_cookie ()
end end
end end
function delete_onetime_cookie () function delete_redirect_cookie ()
expired_time = "Thu, Jan 01 1970 00:00:00 UTC;" expired_time = "Thu, Jan 01 1970 00:00:00 UTC;"
local cookie_str = "; Path="..conf["portal_path"].. local cookie_str = "; Path="..conf["portal_path"]..
"; Max-Age="..expired_time "; Max-Age="..expired_time
cook("SSOwAuthRedirect=;" ..cookie_str) cook("SSOwAuthRedirect=;" ..cookie_str)
end end
function check_cookie () function check_cookie ()
-- Check if cookie is set -- Check if cookie is set
@ -160,7 +168,7 @@ function serve(uri)
end end
-- Try to get file content -- Try to get file content
content = read_file(script_path.."portal"..rel_path) local content = read_file(script_path.."portal"..rel_path)
if not content then if not content then
return ngx.exit(ngx.HTTP_NOT_FOUND) return ngx.exit(ngx.HTTP_NOT_FOUND)
end end
@ -189,19 +197,33 @@ function serve(uri)
-- Render as mustache -- Render as mustache
if ext == "html" then if ext == "html" then
data = get_data_for(file) local data = get_data_for(file)
content = string.gsub(hige.render(content, data), "</html>(%d+)", "</html>") local rendered = hige.render(read_file(script_path.."portal/header.ms"), data)
rendered = rendered..hige.render(content, data)
content = rendered..hige.render(read_file(script_path.."portal/footer.ms"), data)
end end
-- Reset flash messages
flashs["fail"] = nil
flashs["win"] = nil
flashs["info"] = nil
-- Ain't nobody got time for cache
ngx.header["Cache-Control"] = "no-cache" ngx.header["Cache-Control"] = "no-cache"
ngx.say(content) ngx.say(content)
return ngx.exit(ngx.HTTP_OK) return ngx.exit(ngx.HTTP_OK)
end end
function get_data_for(view) function get_data_for(view)
local data = {}
data['flash_fail'] = {flashs["fail"]}
data['flash_win'] = {flashs["win"] }
data['flash_info'] = {flashs["info"]}
if view == "login.html" then if view == "login.html" then
return { title = "YunoHost Login" } data["title"] = "YunoHost Login"
end end
return data
end end
function do_login () function do_login ()
@ -227,27 +249,30 @@ function do_login ()
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologin="..args.user) return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologin="..args.user)
else else
ngx.status = ngx.HTTP_UNAUTHORIZED ngx.status = ngx.HTTP_UNAUTHORIZED
flash("fail", "Wrong username/password combination")
return redirect(portal_url) return redirect(portal_url)
end end
end end
function do_logout() function do_logout()
local args = ngx.req.get_uri_args() local args = ngx.req.get_uri_args()
ngx.req.set_header("Cache-Control", "no-cache") if check_cookie() then
if check_cookie() then local redirect_url = portal_url
local redirect_url = portal_url if args.r then
if args.r then redirect_url = ngx.decode_base64(args.r)
redirect_url = ngx.decode_base64(args.r) end
end local user = ngx.var.cookie_SSOwAuthUser
local user = ngx.var.cookie_SSOwAuthUser logout[user] = {}
logout[user] = {} logout[user]["redirect_url"] = redirect_url
logout[user]["redirect_url"] = redirect_url logout[user]["domains"] = {}
logout[user]["domains"] = {} for _, value in ipairs(conf["domains"]) do
for _, value in ipairs(conf["domains"]) do table.insert(logout[user]["domains"], value)
table.insert(logout[user]["domains"], value) end
end return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologout="..user)
return redirect(ngx.var.scheme.."://"..ngx.var.http_host.."/?ssologout="..user) else
end flash("info", "You are already logged out")
return redirect(portal_url)
end
end end
function login_walkthrough (user) function login_walkthrough (user)
@ -261,6 +286,7 @@ function login_walkthrough (user)
-- All the redirections has been made -- All the redirections has been made
local redirect_url = login[user]["redirect_url"] local redirect_url = login[user]["redirect_url"]
login[user] = nil login[user] = nil
flash("win", "Successfully logged in")
return redirect(redirect_url) return redirect(redirect_url)
else else
-- Redirect to the next domain -- Redirect to the next domain
@ -281,6 +307,7 @@ function logout_walkthrough (user)
-- All the redirections has been made -- All the redirections has been made
local redirect_url = logout[user]["redirect_url"] local redirect_url = logout[user]["redirect_url"]
logout[user] = nil logout[user] = nil
flash("win", "Successfully logged out")
return redirect(redirect_url) return redirect(redirect_url)
else else
-- Redirect to the next domain -- Redirect to the next domain
@ -296,7 +323,7 @@ function redirect (url)
end end
function pass () function pass ()
delete_onetime_cookie() delete_redirect_cookie()
ngx.req.set_header("Set-Cookie", cookies) ngx.req.set_header("Set-Cookie", cookies)
return return
end end
@ -340,15 +367,18 @@ then
-- Logout -- Logout
return do_logout() return do_logout()
elseif check_cookie() elseif check_cookie() -- Authenticated
or ngx.var.uri == conf["portal_path"] or ngx.var.uri == conf["portal_path"] -- OR Want to serve portal login
or string.starts(ngx.var.uri, conf["portal_path"].."assets") or (string.starts(ngx.var.uri, conf["portal_path"].."assets")
and ngx.var.http_referer
and string.starts(ngx.var.http_referer, portal_url)) -- OR Want to serve assets for portal login
then then
-- Serve normal portal -- Serve normal portal
return serve(ngx.var.uri) return serve(ngx.var.uri)
else else
-- Redirect to portal -- Redirect to portal
flash("info", "Please log in to access to this content")
return redirect(portal_url) return redirect(portal_url)
end end
@ -359,6 +389,7 @@ then
return do_login() return do_login()
else else
-- Redirect to portal -- Redirect to portal
flash("fail", "Please log in from the portal")
return redirect(portal_url) return redirect(portal_url)
end end
end end
@ -393,7 +424,7 @@ end
if check_cookie() then if check_cookie() then
set_headers(ngx.var.cookie_SSOwAuthUser) set_headers(ngx.var.cookie_SSOwAuthUser)
return pass return pass()
else else
delete_cookie() delete_cookie()
end end
@ -415,6 +446,7 @@ end
-- Else redirect to portal -- Else redirect to portal
-- --
flash("info", "Please log in to access to this content")
local back_url = ngx.var.scheme .. "://" .. ngx.var.http_host .. ngx.var.uri local back_url = ngx.var.scheme .. "://" .. ngx.var.http_host .. ngx.var.uri
return redirect(portal_url.."?r="..ngx.encode_base64(back_url)) return redirect(portal_url.."?r="..ngx.encode_base64(back_url))

1
init.lua
View file

@ -16,6 +16,7 @@ srvkey = math.random(1111111, 9999999)
-- Shared table -- Shared table
cache = {} cache = {}
flashs = {}
login = {} login = {}
logout = {} logout = {}