Compare commits

...

2 commits

Author SHA1 Message Date
928267287d
fix cookies 2024-05-27 11:46:42 -04:00
9c5231c298
aaa 2024-05-27 11:39:53 -04:00
3 changed files with 32 additions and 14 deletions

View file

@ -7,3 +7,4 @@ LDAP_FILTER="(&)"
LDAP_UID="cn" LDAP_UID="cn"
HTTP_HOST=auth.example.com HTTP_HOST=auth.example.com
COOKIE_DOMAIN=example.com

View file

@ -2,6 +2,32 @@
$keys = array(); $keys = array();
function get_cookie() {
$cookie_name = 'X-LDAP-Auth-Key';
if(isset($_COOKIE[$cookie_name])) {
return $_COOKIE[$cookie_name];
} else {
return FALSE;
}
}
function store_cookie($key) {
$cookie_name = 'X-LDAP-Auth-Key';
$cookie_options = array (
'expires' => time() + 60*60*24*30,
'path' => '/',
'domain' => getenv("COOKIE_DOMAIN"),
'secure' => true,
'httponly' => true,
'samesite' => 'None'
);
setcookie(
$cookie_name,
$key,
$cookie_options
);
}
function load_key($key) { function load_key($key) {
$file = "/tmp/$key"; $file = "/tmp/$key";
if (!file_exists($file)) if (!file_exists($file))
@ -34,10 +60,10 @@ function get_random($n)
} }
function key_auth() { function key_auth() {
if (!isset($_SESSION['auth'])) { $key = get_cookie();
if ($key === FALSE) {
return FALSE; return FALSE;
} }
$key = $_SESSION['auth'];
$data = load_key($key); $data = load_key($key);
if ($data === FALSE) { if ($data === FALSE) {
return FALSE; return FALSE;
@ -55,5 +81,5 @@ function key_auth() {
function key_new($user) { function key_new($user) {
$key = get_random(128); $key = get_random(128);
store_key($key, $user); store_key($key, $user);
$_SESSION['auth'] = $key; store_cookie($key);
} }

View file

@ -10,15 +10,6 @@ require($webroot . '/helpers/ldap.php');
require($webroot . '/helpers/auth.php'); require($webroot . '/helpers/auth.php');
// start session // start session
session_set_cookie_params(
60 * 60 * 24, // lifetime (seconds),
'/', // path
NULL, // domain,
TRUE, // secure,
TRUE // http only
);
session_start();
function page($file, $data = array()) { function page($file, $data = array()) {
extract($data); extract($data);
$webroot = $GLOBALS['webroot']; $webroot = $GLOBALS['webroot'];
@ -56,8 +47,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_SERVER['REQUEST_URI'] !== '/login') { if ($_SERVER['REQUEST_URI'] !== '/login') {
// we are being forwarded authed // we are being forwarded authed
// redirect // redirect
http_response_code(301); http_response_code(303);
header("Location: https://$env/login"); header("Location: http://$env/login");
} else { } else {
page('login', array( page('login', array(
'title' => 'Login' 'title' => 'Login'