Compare commits

..

No commits in common. "928267287df532a6e8fb0775e3138ee21f2173f5" and "137b39af20ed18e02d0cb93095cecb3810bb6511" have entirely different histories.

3 changed files with 14 additions and 32 deletions

View file

@ -7,4 +7,3 @@ LDAP_FILTER="(&)"
LDAP_UID="cn" LDAP_UID="cn"
HTTP_HOST=auth.example.com HTTP_HOST=auth.example.com
COOKIE_DOMAIN=example.com

View file

@ -2,32 +2,6 @@
$keys = array(); $keys = array();
function get_cookie() {
$cookie_name = 'X-LDAP-Auth-Key';
if(isset($_COOKIE[$cookie_name])) {
return $_COOKIE[$cookie_name];
} else {
return FALSE;
}
}
function store_cookie($key) {
$cookie_name = 'X-LDAP-Auth-Key';
$cookie_options = array (
'expires' => time() + 60*60*24*30,
'path' => '/',
'domain' => getenv("COOKIE_DOMAIN"),
'secure' => true,
'httponly' => true,
'samesite' => 'None'
);
setcookie(
$cookie_name,
$key,
$cookie_options
);
}
function load_key($key) { function load_key($key) {
$file = "/tmp/$key"; $file = "/tmp/$key";
if (!file_exists($file)) if (!file_exists($file))
@ -60,10 +34,10 @@ function get_random($n)
} }
function key_auth() { function key_auth() {
$key = get_cookie(); if (!isset($_SESSION['auth'])) {
if ($key === FALSE) {
return FALSE; return FALSE;
} }
$key = $_SESSION['auth'];
$data = load_key($key); $data = load_key($key);
if ($data === FALSE) { if ($data === FALSE) {
return FALSE; return FALSE;
@ -81,5 +55,5 @@ function key_auth() {
function key_new($user) { function key_new($user) {
$key = get_random(128); $key = get_random(128);
store_key($key, $user); store_key($key, $user);
store_cookie($key); $_SESSION['auth'] = $key;
} }

View file

@ -10,6 +10,15 @@ require($webroot . '/helpers/ldap.php');
require($webroot . '/helpers/auth.php'); require($webroot . '/helpers/auth.php');
// start session // start session
session_set_cookie_params(
60 * 60 * 24, // lifetime (seconds),
'/', // path
NULL, // domain,
TRUE, // secure,
TRUE // http only
);
session_start();
function page($file, $data = array()) { function page($file, $data = array()) {
extract($data); extract($data);
$webroot = $GLOBALS['webroot']; $webroot = $GLOBALS['webroot'];
@ -47,8 +56,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($_SERVER['REQUEST_URI'] !== '/login') { if ($_SERVER['REQUEST_URI'] !== '/login') {
// we are being forwarded authed // we are being forwarded authed
// redirect // redirect
http_response_code(303); http_response_code(301);
header("Location: http://$env/login"); header("Location: https://$env/login");
} else { } else {
page('login', array( page('login', array(
'title' => 'Login' 'title' => 'Login'