aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xlib/Net/MulkyID/Setup.pm18
-rw-r--r--www/authenticate-with-password.html39
-rw-r--r--www/authenticate-with-password.js35
-rw-r--r--www/authenticate.html28
-rw-r--r--www/authenticate.js35
-rwxr-xr-xwww/authenticate.pl61
-rw-r--r--www/common.pl7
-rwxr-xr-xwww/login.pl36
8 files changed, 151 insertions, 108 deletions
diff --git a/lib/Net/MulkyID/Setup.pm b/lib/Net/MulkyID/Setup.pm
index acfe018..2393023 100755
--- a/lib/Net/MulkyID/Setup.pm
+++ b/lib/Net/MulkyID/Setup.pm
@@ -51,22 +51,31 @@ sub setup() {
my $configpath = $::MULKONF->{configpath} // "/etc/mulkyid";
my $pemfile = $::MULKONF->{pemfile} // "$configpath/rsa2048.pem";
- my $auth_type = $::MULKONF->{auth_type} // "imap";
+ my $auth_type = $::MULKONF->{auth_type} // "imap";
my $aliases_file = $::MULKONF->{aliases_file} // "/etc/aliases";
my $imap_server = $::MULKONF->{imap_server} // "localhost";
my $imap_port = $::MULKONF->{imap_port} // 143;
my $basepath = $::MULKONF->{basepath} // "/browserid";
+ my $fake_domain = $::MULKONF->{fake_domain} // "";
+ my $real_domain = $::MULKONF->{real_domain} // "";
$configpath = prompt("Where shall I put configuration files?", $configpath);
$pemfile = prompt("Where shall I put the private key?", $pemfile);
$auth_type = prompt("How will users authenticate? (imap, google)", $auth_type);
- $basepath = int(prompt("What will be the web-facing base path for IdP files and scripts?", $basepath));
- for ($auth_type) {
+ $basepath = prompt("What will be the web-facing base path for IdP files and scripts?", $basepath);
+ given (my $_ = $auth_type) {
when ("imap") {
$aliases_file = prompt("Where is the aliases file? Type a single dot for none.", $aliases_file);
$imap_server = prompt("What is the IMAP server's address?", $imap_server);
$imap_port = int(prompt("What is the IMAP server's port?", $imap_port));
}
when ("google") {
+ $fake_domain = prompt("Fake domain name for email addresses? Type a single dot for none. (FOR DEVELOPMENT)", $fake_domain);
+ if ($fake_domain eq '.' or $fake_domain eq '') {
+ $fake_domain = '';
+ } else {
+ $real_domain = prompt("Real domain name?", $real_domain);
+ $real_domain = '' if ($real_domain eq '.');
+ }
}
default {
die "Invalid authentication type";
@@ -114,6 +123,9 @@ sub setup() {
imap_server => $imap_server,
imap_port => $imap_port,
basepath => $basepath,
+ auth_type => $auth_type,
+ fake_domain => $fake_domain,
+ real_domain => $real_domain,
};
write_file($conffile, <<EOF
#! /usr/bin/env perl
diff --git a/www/authenticate-with-password.html b/www/authenticate-with-password.html
new file mode 100644
index 0000000..e000209
--- /dev/null
+++ b/www/authenticate-with-password.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <title>Persona IMAP Authentication</title>
+
+ <script type="text/javascript" src="https://login.persona.org/include.js"></script>
+ <script type="text/javascript" src="https://login.persona.org/authentication_api.js"></script>
+
+<!--
+ <script type="text/javascript" src="https://dev.diresworb.org/include.js"></script>
+ <script type="text/javascript" src="https://dev.diresworb.org/authentication_api.js"></script>
+-->
+
+ <script type="text/javascript" src="jquery/jquery.js"></script>
+ <script type="text/javascript" src="authenticate-with-password.js"></script>
+</head>
+<body>
+ <h1>Persona IMAP Login</h1>
+
+ <form action="#" method="POST" id="auth-form">
+ <table>
+ <tbody>
+ <tr>
+ <td>E-Mail: </td>
+ <td><input type="text" id="email" name="email" disabled="disabled"></input></td>
+ </tr>
+ <tr>
+ <td>Password: </td>
+ <td><input type="password" id="password" name="password"></input></td>
+ </tr>
+ </tbody>
+ </table>
+ <div class="button-box">
+ <button class="cancel">Cancel</button>
+ <input type="submit" value="Log in"></input>
+ </div>
+ </form>
+</body>
+</html>
diff --git a/www/authenticate-with-password.js b/www/authenticate-with-password.js
new file mode 100644
index 0000000..776d1e3
--- /dev/null
+++ b/www/authenticate-with-password.js
@@ -0,0 +1,35 @@
+jQuery(function($) {
+ var getParameterByName = function(name) {
+ // https://stackoverflow.com/a/5158301
+ var match = RegExp('[?&]' + name + '=([^&]*)').exec(window.location.search);
+ return match && decodeURIComponent(match[1].replace(/\+/g, ' '));
+ };
+
+ var email = getParameterByName('email');
+ $('#email').val(email);
+
+ var onAuthentication = function() {
+ var password = $('#password').val();
+ $.ajax({
+ type: 'POST',
+ url: '/browserid/login.pl',
+ dataType: 'json',
+ data: { email: email, password: password },
+ success: function(sig, status, xhr) {
+ console.log("Login successful!");
+ navigator.id.completeAuthentication();
+ },
+ error: function(reason, status, xhr) {
+ navigator.id.raiseAuthenticationFailure(reason.responseText);
+ }
+ });
+ return false;
+ };
+
+ var onCancel = function() {
+ navigator.id.cancelAuthentication();
+ };
+
+ $('#auth-form').submit(onAuthentication);
+ $('.cancel').click(onCancel);
+});
diff --git a/www/authenticate.html b/www/authenticate.html
index 8123aab..603a596 100644
--- a/www/authenticate.html
+++ b/www/authenticate.html
@@ -1,39 +1,17 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
- <title>Persona IMAP Authentication</title>
+ <title>MulkyID Persona Login</title>
<script type="text/javascript" src="https://login.persona.org/include.js"></script>
<script type="text/javascript" src="https://login.persona.org/authentication_api.js"></script>
-<!--
- <script type="text/javascript" src="https://dev.diresworb.org/include.js"></script>
- <script type="text/javascript" src="https://dev.diresworb.org/authentication_api.js"></script>
--->
-
<script type="text/javascript" src="jquery/jquery.js"></script>
<script type="text/javascript" src="authenticate.js"></script>
</head>
<body>
- <h1>Persona IMAP Login</h1>
+ <h1>MulkyID Persona Login</h1>
- <form action="#" method="POST" id="auth-form">
- <table>
- <tbody>
- <tr>
- <td>E-Mail: </td>
- <td><input type="text" id="email" name="email" disabled="disabled"></input></td>
- </tr>
- <tr>
- <td>Password: </td>
- <td><input type="password" id="password" name="password"></input></td>
- </tr>
- </tbody>
- </table>
- <div class="button-box">
- <button class="cancel">Cancel</button>
- <input type="submit" value="Log in"></input>
- </div>
- </form>
+ <p>Logging in...</p>
</body>
</html>
diff --git a/www/authenticate.js b/www/authenticate.js
index 2d72480..86d722c 100644
--- a/www/authenticate.js
+++ b/www/authenticate.js
@@ -1,33 +1,6 @@
jQuery(function($) {
- var email;
-
- navigator.id.beginAuthentication(function(email_) {
- email = email_;
- $('#email').val(email);
- });
-
- var onAuthentication = function() {
- var password = $('#password').val();
- $.ajax({
- type: 'POST',
- url: '/browserid/login.pl',
- dataType: 'json',
- data: { email: email, password: password },
- success: function(sig, status, xhr) {
- console.log("Login successful!");
- navigator.id.completeAuthentication();
- },
- error: function(reason, status, xhr) {
- navigator.id.raiseAuthenticationFailure(reason.responseText);
- }
- });
- return false;
- };
-
- var onCancel = function() {
- navigator.id.cancelAuthentication();
- };
-
- $('#auth-form').submit(onAuthentication);
- $('.cancel').click(onCancel);
+ navigator.id.beginAuthentication(function(email) {
+ var escapedEmail = encodeURIComponent(email);
+ window.location = 'authenticate.pl?email=' + escapedEmail;
+ });
});
diff --git a/www/authenticate.pl b/www/authenticate.pl
index a36ad02..d73869d 100755
--- a/www/authenticate.pl
+++ b/www/authenticate.pl
@@ -15,34 +15,53 @@ use Net::Google::FederatedLogin;
do "common.pl";
-while (my $cgi = new CGI::Fast) {
- load_config();
-
- my $claimed_email = $cgi->param('email');
-
- my $g = Net::Google::FederatedLogin->new(
- claimed_id => $claimed_email,
- return_to => reluri($cgi, 'login.pl'),
- extensions => [{ns => 'ax',
- uri => 'http://openid.net/srv/ax/1.0',
- attributes => {mode => 'fetch_request',
- required => 'email',
- type => {email => 'http://axschema.org/contact/email'}}}]
- );
-
- my $cookie = $cgi->cookie('mulkid_session');
- my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"});
- $session->param('claimed_email', $claimed_email);
+sub redirect_with_cookie($$$$) {
+ my ($cgi, $uri, $session, $cookie) = @_;
if ($cookie) {
- print $cgi->redirect(-url => $g->get_auth_url());
+ print $cgi->redirect(-url => $uri);
} else {
my $cookie = $cgi->cookie(-name => 'mulkid_session',
-value => $session->id,
-expires => '+1d',
- #-secure => 1,
+ -secure => 1,
-httponly => 1,
#-domain => '.'.$::MULKONF->{realm}
);
- print $cgi->redirect(-cookie => $cookie, -url => $g->get_auth_url());
+ print $cgi->redirect(-cookie => $cookie, -url => $uri);
+ }
+}
+
+while (my $cgi = new CGI::Fast) {
+ load_config();
+
+ my $claimed_email = $cgi->param('email');
+ my $cookie = $cgi->cookie('mulkid_session');
+ my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"});
+
+ my $fakedomain = $::MULKONF->{fake_domain};
+ my $realdomain = $::MULKONF->{real_domain};
+ $claimed_email =~ s/\@$fakedomain/\@$realdomain/ if $fakedomain;
+
+ $session->param('claimed_email', $claimed_email);
+
+ given (my $_ = $::MULKONF->{auth_type}) {
+ when ('imap') {
+ redirect_with_cookie($cgi, reluri($cgi, "authenticate-with-password.html?email=$claimed_email"), $session, $cookie);
+ }
+ when ('google') {
+ my $g = Net::Google::FederatedLogin->new(
+ claimed_id => $claimed_email,
+ return_to => reluri($cgi, 'login.pl'),
+ extensions => [{ns => 'ax',
+ uri => 'http://openid.net/srv/ax/1.0',
+ attributes => {mode => 'fetch_request',
+ required => 'email',
+ type => {email => 'http://axschema.org/contact/email'}}}]
+ );
+ redirect_with_cookie($cgi, $g->get_auth_url(), $session, $cookie);
+ }
+ default {
+ die "Invalid auth_type! " . $::MULKONF->{auth_type};
+ }
}
}
diff --git a/www/common.pl b/www/common.pl
index 3f3a5b0..736bf00 100644
--- a/www/common.pl
+++ b/www/common.pl
@@ -14,9 +14,12 @@ sub load_config() {
}
sub email_users($) {
- return @_
- if $::MULKONF->{auth_type} eq 'google';
my ($email) = @_;
+ my $fakedomain = $::MULKONF->{fake_domain};
+ my $realdomain = $::MULKONF->{real_domain};
+ $email =~ s/\@$realdomain/\@$fakedomain/ if $fakedomain;
+ return ($email)
+ if $::MULKONF->{auth_type} eq 'google';
my $alias;
if ($email =~ /^(.*?)@/) { $alias = $1; }
my $aliases_file = $::MULKONF->{aliases};
diff --git a/www/login.pl b/www/login.pl
index a2f06c4..1b196fa 100755
--- a/www/login.pl
+++ b/www/login.pl
@@ -39,40 +39,24 @@ sub check_imap_password($$) {
while (my $cgi = new CGI::Fast) {
- load_config;
+ load_config();
my $cookie = $cgi->cookie('mulkid_session');
- my $session;
- if ($cookie) {
- $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"});
- print $cgi->header(-content_type => 'application/json; charset=UTF-8');
- } else {
- $session = new CGI::Session("driver:File", undef, {Directory=>"/tmp"});
- my $cookie = $cgi->cookie(-name => 'mulkid_session',
- -value => $session->id,
- -expires => '+1d',
- -secure => 1,
- -httponly => 1,
- #-domain => '.mulk.eu'
- );
- print $cgi->header(-content_type => 'application/json; charset=UTF-8',
- -cookie => $cookie);
- }
-
- my $email = $cgi->param('email') or die "No email address provided";
-
- for ($::MULKONF->{auth_type}) {
+ my $session = new CGI::Session("driver:File", $cookie, {Directory=>"/tmp"});
+ given (my $_ = $::MULKONF->{auth_type}) {
when ('imap') {
+ my $email = $cgi->param('email') or die "No email address provided";
my $password = $cgi->param('password') or die "Empty password";
for my $user (email_users($email)) {
#say STDERR "Trying user: $user";
if (check_imap_password($user, $password)) {
$session->param('user', $user);
- #say encode_json({user => $user});
- print $cgi->redirect(-url => reluri($cgi, 'successful-login.html'));
+ print $cgi->header(-content_type => 'application/json; charset=UTF-8');
+ say encode_json({user => $user});
exit 0;
}
}
+ die "Could not authenticate.";
}
when ('google') {
my $g = Net::Google::FederatedLogin->new(
@@ -82,8 +66,10 @@ while (my $cgi = new CGI::Fast) {
$g->verify_auth or die "Could not verify the OpenID assertion!";
my $ext = $g->get_extension('http://openid.net/srv/ax/1.0');
my $verified_email = $ext->get_parameter('value.email');
+ my $fakedomain = $::MULKONF->{fake_domain};
+ my $realdomain = $::MULKONF->{real_domain};
+ $verified_email =~ s/\@$realdomain/\@$fakedomain/ if $fakedomain;
$session->param('user', $verified_email);
- #say encode_json({user => $user});
print $cgi->redirect(-url => reluri($cgi, 'successful-login.html'));
exit 0;
}
@@ -91,6 +77,4 @@ while (my $cgi = new CGI::Fast) {
die "Invalid auth_type. Check MulkyID configuration!";
}
}
-
- die "Could not authenticate.";
}