diff options
| author | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2014-05-05 14:36:43 +0200 |
|---|---|---|
| committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2014-05-13 21:07:24 +0200 |
| commit | 0db96cce9f83f09b07a46f31f9930e5b7cc19f6f (patch) | |
| tree | 577ed4c85e1346193b5fe5e4e6fef0a4abb77d87 | |
| parent | d8907f11f5c255727b8a814746a0114e5c62e30a (diff) | |
Fix bugs introduced by the previous patch.
| -rwxr-xr-x | lib/Net/MulkyID/Setup.pm | 18 | ||||
| -rw-r--r-- | www/authenticate-with-password.html | 39 | ||||
| -rw-r--r-- | www/authenticate-with-password.js | 35 | ||||
| -rw-r--r-- | www/authenticate.html | 28 | ||||
| -rw-r--r-- | www/authenticate.js | 35 | ||||
| -rwxr-xr-x | www/authenticate.pl | 61 | ||||
| -rw-r--r-- | www/common.pl | 7 | ||||
| -rwxr-xr-x | www/login.pl | 36 |
8 files changed, 151 insertions, 108 deletions
diff --git a/lib/Net/MulkyID/Setup.pm b/lib/Net/MulkyID/Setup.pm index acfe018..2393023 100755 --- a/lib/Net/MulkyID/Setup.pm +++ b/lib/Net/MulkyID/Setup.pm @@ -51,22 +51,31 @@ sub setup() { my $configpath = $::MULKONF->{configpath} // "/etc/mulkyid"; my $pemfile = $::MULKONF->{pemfile} // "$configpath/rsa2048.pem"; - my $auth_type = $::MULKONF->{auth_type} // "imap"; + my $auth_type = $::MULKONF->{auth_type} // "imap"; my $aliases_file = $::MULKONF->{aliases_file} // "/etc/aliases"; my $imap_server = $::MULKONF->{imap_server} // "localhost"; my $imap_port = $::MULKONF->{imap_port} // 143; my $basepath = $::MULKONF->{basepath} // "/browserid"; + my $fake_domain = $::MULKONF->{fake_domain} // ""; + my $real_domain = $::MULKONF->{real_domain} // ""; $configpath = prompt("Where shall I put configuration files?", $configpath); $pemfile = prompt("Where shall I put the private key?", $pemfile); $auth_type = prompt("How will users authenticate? (imap, google)", $auth_type); - $basepath = int(prompt("What will be the web-facing base path for IdP files and scripts?", $basepath)); - for ($auth_type) { + $basepath = prompt("What will be the web-facing base path for IdP files and scripts?", $basepath); + given (my $_ = $auth_type) { when ("imap") { $aliases_file = prompt("Where is the aliases file? Type a single dot for none.", $aliases_file); $imap_server = prompt("What is the IMAP server's address?", $imap_server); $imap_port = int(prompt("What is the IMAP server's port?", $imap_port)); } when ("google") { + $fake_domain = prompt("Fake domain name for email addresses? Type a single dot for none. (FOR DEVELOPMENT)", $fake_domain); + if ($fake_domain eq '.' or $fake_domain eq '') { + $fake_domain = ''; + } else { + $real_domain = prompt("Real domain name?", $real_domain); + $real_domain = '' if ($real_domain eq '.'); + } } default { die "Invalid authentication type"; @@ -114,6 +123,9 @@ sub setup() { imap_server => $imap_server, imap_port => $imap_port, basepath => $basepath, + auth_type => $auth_type, + fake_domain => $fake_domain, + real_domain => $real_domain, }; write_file($conffile, <<EOF #! /usr/bin/env perl diff --git a/www/authenticate-with-password.html b/www/authenticate-with-password.html new file mode 100644 index 0000000..e000209 --- /dev/null +++ b/www/authenticate-with-password.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> + <title>Persona IMAP Authentication</title> + + <script type="text/javascript" src="https://login.persona.org/include.js"></script> + <script type="text/javascript" src="https://login.persona.org/authentication_api.js"></script> + +<!-- + <script type="text/javascript" src="https://dev.diresworb.org/include.js"></script> + <script type="text/javascript" src="https://dev.diresworb.org/authentication_api.js"></script> +--> + + <script type="text/javascript" src="jquery/jquery.js"></script> + <script type="text/javascript" src="authenticate-with-password.js"></script> +</head> +<body> + <h1>Persona IMAP Login</h1> + + <form action="#" method="POST" id="auth-form"> + <table> + <tbody> + <tr> + <td>E-Mail: </td> + <td><input type="text" id="email" name="email" disabled="disabled"></input></td> + </tr> + <tr> + <td>Password: </td> + <td><input type="password" id="password" name="password"></input></td> + </tr> + </tbody> + </table> + <div class="button-box"> + <button class="cancel">Cancel</button> + <input type="submit" value="Log in"></input> + </div> + </form> +</body> +</html> diff --git a/www/authenticate-with-password.js b/www/authenticate-with-password.js new file mode 100644 index 0000000..776d1e3 --- /dev/null +++ b/www/authenticate-with-password.js @@ -0,0 +1,35 @@ +jQuery(function($) { + var getParameterByName = function(name) { + // https://stackoverflow.com/a/5158301 + var match = RegExp('[?&]' + name + '=([^&]*)').exec(window.location.search); + return match && decodeURIComponent(match[1].replace(/\+/g, ' ')); + }; + + var email = getParameterByName('email'); + $('#email').val(email); + + var onAuthentication = function() { + var password = $('#password').val(); + $.ajax({ + type: 'POST', + url: '/browserid/login.pl', + dataType: 'json', + data: { email: email, password: password }, + success: function(sig, status, xhr) { + console.log("Login successful!"); + navigator.id.completeAuthentication(); + }, + error: function(reason, status, xhr) { + navigator.id.raiseAuthenticationFailure(reason.responseText); + } + }); + return false; + }; + + var onCancel = function() { + navigator.id.cancelAuthentication(); + }; + + $('#auth-form').submit(onAuthentication); + $('.cancel').click(onCancel); +}); diff --git a/www/authenticate.html b/www/authenticate.html index 8123aab..603a596 100644 --- a/www/authenticate.html +++ b/www/authenticate.html @@ -1,39 +1,17 @@ <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> - <title>Persona IMAP Authentication</title> + <title>MulkyID Persona Login</title> <script type="text/javascript" src="https://login.persona.org/include.js"></script> <script type="text/javascript" src="https://login.persona.org/authentication_api.js"></script> -<!-- - <script type="text/javascript" src="https://dev.diresworb.org/include.js"></script> - <script type="text/javascript" src="https://dev.diresworb.org/authentication_api.js"></script> ---> - <script type="text/javascript" src="jquery/jquery.js"></script> <script type="text/javascript" src="authenticate.js"></script> </head> <body> - <h1>Persona IMAP Login</h1> + <h1>MulkyID Persona Login</h1> - <form action="#" method="POST" id="auth-form"> - <table> - <tbody> - <tr> - <td>E-Mail: </td> - <td><input type="text" id="email" name="email" disabled="disabled"></input></td> - </tr> - <tr> - <td>Password: </td> - <td><input type="password" id="password" name="password"></input></td> - </tr> - </tbody> - </table> - <div class="button-box"> - <button class="cancel">Cancel</button> - <input type="submit" value="Log in"></input> - </div> - </form> + <p>Logging in...</p> </body> </html> diff --git a/www/authenticate.js b/www/authenticate.js index 2d72480..86d722c 100644 --- a/www/authenticate.js +++ b/www/authenticate.js @@ -1,33 +1,6 @@ jQuery(function($) { - var email; - - navigator.id.beginAuthentication(function(email_) { - email = email_; - $('#email').val(email); - }); - - var onAuthentication = function() { - var password = $('#password').val(); - $.ajax({ - type: 'POST', - url: '/browserid/login.pl', - dataType: 'json', - data: { email: email, password: password }, - success: function(sig, status, xhr) { - console.log("Login successful!"); - navigator.id.completeAuthentication(); - }, - error: function(reason, status, xhr) { - navigator.id.raiseAuthenticationFailure(reason.responseText); - } - }); - return false; - }; - - var onCancel = function() { - navigator.id.cancelAuthentication(); - }; - - $('#auth-form').submit(onAuthentication); - $('.cancel').click(onCancel); + navigator.id.beginAuthentication(function(email) { + var escapedEmail = encodeURIComponent(email); + window.location = 'authenticate.pl?email=' + escapedEmail; + }); }); diff --git a/www/authenticate.pl b/www/authenticate.pl index a36ad02..d73869d 100755 --- a/www/authenticate.pl +++ b/www/authenticate.pl @@ -15,34 +15,53 @@ use Net::Google::FederatedLogin; do "common.pl"; -while (my $cgi = new CGI::Fast) { - load_config(); - - my $claimed_email = $cgi->param('email'); - - my $g = Net::Google::FederatedLogin->new( - claimed_id => $claimed_email, - return_to => reluri($cgi, 'login.pl'), - extensions => [{ns => 'ax', - uri => 'http://openid.net/srv/ax/1.0', - attributes => {mode => 'fetch_request', - required => 'email', - type => {email => 'http://axschema.org/contact/email'}}}] - ); - - my $cookie = $cgi->cookie('mulkid_session'); - my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"}); - $session->param('claimed_email', $claimed_email); +sub redirect_with_cookie($$$$) { + my ($cgi, $uri, $session, $cookie) = @_; if ($cookie) { - print $cgi->redirect(-url => $g->get_auth_url()); + print $cgi->redirect(-url => $uri); } else { my $cookie = $cgi->cookie(-name => 'mulkid_session', -value => $session->id, -expires => '+1d', - #-secure => 1, + -secure => 1, -httponly => 1, #-domain => '.'.$::MULKONF->{realm} ); - print $cgi->redirect(-cookie => $cookie, -url => $g->get_auth_url()); + print $cgi->redirect(-cookie => $cookie, -url => $uri); + } +} + +while (my $cgi = new CGI::Fast) { + load_config(); + + my $claimed_email = $cgi->param('email'); + my $cookie = $cgi->cookie('mulkid_session'); + my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"}); + + my $fakedomain = $::MULKONF->{fake_domain}; + my $realdomain = $::MULKONF->{real_domain}; + $claimed_email =~ s/\@$fakedomain/\@$realdomain/ if $fakedomain; + + $session->param('claimed_email', $claimed_email); + + given (my $_ = $::MULKONF->{auth_type}) { + when ('imap') { + redirect_with_cookie($cgi, reluri($cgi, "authenticate-with-password.html?email=$claimed_email"), $session, $cookie); + } + when ('google') { + my $g = Net::Google::FederatedLogin->new( + claimed_id => $claimed_email, + return_to => reluri($cgi, 'login.pl'), + extensions => [{ns => 'ax', + uri => 'http://openid.net/srv/ax/1.0', + attributes => {mode => 'fetch_request', + required => 'email', + type => {email => 'http://axschema.org/contact/email'}}}] + ); + redirect_with_cookie($cgi, $g->get_auth_url(), $session, $cookie); + } + default { + die "Invalid auth_type! " . $::MULKONF->{auth_type}; + } } } diff --git a/www/common.pl b/www/common.pl index 3f3a5b0..736bf00 100644 --- a/www/common.pl +++ b/www/common.pl @@ -14,9 +14,12 @@ sub load_config() { } sub email_users($) { - return @_ - if $::MULKONF->{auth_type} eq 'google'; my ($email) = @_; + my $fakedomain = $::MULKONF->{fake_domain}; + my $realdomain = $::MULKONF->{real_domain}; + $email =~ s/\@$realdomain/\@$fakedomain/ if $fakedomain; + return ($email) + if $::MULKONF->{auth_type} eq 'google'; my $alias; if ($email =~ /^(.*?)@/) { $alias = $1; } my $aliases_file = $::MULKONF->{aliases}; diff --git a/www/login.pl b/www/login.pl index a2f06c4..1b196fa 100755 --- a/www/login.pl +++ b/www/login.pl @@ -39,40 +39,24 @@ sub check_imap_password($$) { while (my $cgi = new CGI::Fast) { - load_config; + load_config(); my $cookie = $cgi->cookie('mulkid_session'); - my $session; - if ($cookie) { - $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"}); - print $cgi->header(-content_type => 'application/json; charset=UTF-8'); - } else { - $session = new CGI::Session("driver:File", undef, {Directory=>"/tmp"}); - my $cookie = $cgi->cookie(-name => 'mulkid_session', - -value => $session->id, - -expires => '+1d', - -secure => 1, - -httponly => 1, - #-domain => '.mulk.eu' - ); - print $cgi->header(-content_type => 'application/json; charset=UTF-8', - -cookie => $cookie); - } - - my $email = $cgi->param('email') or die "No email address provided"; - - for ($::MULKONF->{auth_type}) { + my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"}); + given (my $_ = $::MULKONF->{auth_type}) { when ('imap') { + my $email = $cgi->param('email') or die "No email address provided"; my $password = $cgi->param('password') or die "Empty password"; for my $user (email_users($email)) { #say STDERR "Trying user: $user"; if (check_imap_password($user, $password)) { $session->param('user', $user); - #say encode_json({user => $user}); - print $cgi->redirect(-url => reluri($cgi, 'successful-login.html')); + print $cgi->header(-content_type => 'application/json; charset=UTF-8'); + say encode_json({user => $user}); exit 0; } } + die "Could not authenticate."; } when ('google') { my $g = Net::Google::FederatedLogin->new( @@ -82,8 +66,10 @@ while (my $cgi = new CGI::Fast) { $g->verify_auth or die "Could not verify the OpenID assertion!"; my $ext = $g->get_extension('http://openid.net/srv/ax/1.0'); my $verified_email = $ext->get_parameter('value.email'); + my $fakedomain = $::MULKONF->{fake_domain}; + my $realdomain = $::MULKONF->{real_domain}; + $verified_email =~ s/\@$realdomain/\@$fakedomain/ if $fakedomain; $session->param('user', $verified_email); - #say encode_json({user => $user}); print $cgi->redirect(-url => reluri($cgi, 'successful-login.html')); exit 0; } @@ -91,6 +77,4 @@ while (my $cgi = new CGI::Fast) { die "Invalid auth_type. Check MulkyID configuration!"; } } - - die "Could not authenticate."; } |