X-Git-Url: https://git-public.kairo.at/?a=blobdiff_plain;f=authutils.php-class;h=dc06a7f7547ab17cabfce789fe2c1624de47b477;hb=88191064f51f758e3dcd11cc7cd9612770316895;hp=bcf1b38dbb0a4e92929b6d7d5935977c0a6e06a2;hpb=4c6d80643398a11020d7f9f6c6682de90cbab9aa;p=authserver.git

diff --git a/authutils.php-class b/authutils.php-class
index bcf1b38..dc06a7f 100755
--- a/authutils.php-class
+++ b/authutils.php-class
@@ -18,6 +18,9 @@ class AuthUtils {
   // public $running_on_localhost
   //   A boolean telling if the system is running on localhost (where https is not required).
   //
+  // public $client_reg_email_whitelist
+  //   An array of emails that are whitelisted for registering clients.
+  //
   // private $pwd_cost
   //   The cost parameter for use with PHP password_hash function.
   //
@@ -34,6 +37,9 @@ class AuthUtils {
   // function initSession()
   //   Initialize a session. Returns an associative array of all the DB fields of the session.
   //
+  // function getDomainBaseURL()
+  //   Get the base URL of the current domain, e.g. 'https://example.com'.
+  //
   // function checkPasswordConstraints($new_password, $user_email)
   //   Check password constraints and return an array of error messages (empty if all constraints are met).
   //
@@ -43,6 +49,9 @@ class AuthUtils {
   // function createVerificationCode()
   //   Return a random acount/email verification code.
   //
+  // function createClientSecret()
+  //   Return a random client secret.
+  //
   // function createTimeCode($session, [$offset], [$validity_minutes])
   //   Return a time-based code based on the key and ID of the given session.
   //     An offset can be given to create a specific code for verification, otherwise and offset will be generated.
@@ -60,6 +69,9 @@ class AuthUtils {
   //
   // function pwdNeedsRehash($user)
   //   Return true if the pwdhash field of the user uses an outdated standard and needs to be rehashed.
+  //
+  // function appendLoginForm($dom_element, $session, $user)
+  //   append a login form for the given session to the given DOM element, possibly prefilling the email from the given user info array.
 
   function __construct($settings, $db) {
     // *** constructor ***
@@ -76,6 +88,7 @@ class AuthUtils {
 
   public $db = null;
   public $running_on_localhost = false;
+  public $client_reg_email_whitelist = array('kairo@kairo.at', 'com@kairo.at');
   private $pwd_cost = 10;
   private $pwd_nonces = array();
 
@@ -125,6 +138,10 @@ class AuthUtils {
     return $session;
   }
 
+  function getDomainBaseURL() {
+    return ($this->running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'];
+  }
+
   function checkPasswordConstraints($new_password, $user_email) {
     $errors = array();
     if ($new_password != trim($new_password)) {
@@ -156,6 +173,10 @@ class AuthUtils {
     return bin2hex(openssl_random_pseudo_bytes(512 / 8)); // Get 512 bits of randomness (128 byte hex string).
   }
 
+  function createClientSecret() {
+    return bin2hex(openssl_random_pseudo_bytes(160 / 8)); // Get 160 bits of randomness (40 byte hex string).
+  }
+
   function createTimeCode($session, $offset = null, $validity_minutes = 10) {
     // Matches TOTP algorithms, see https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
     $valid_seconds = intval($validity_minutes) * 60;
@@ -210,5 +231,36 @@ class AuthUtils {
       return true;
     }
   }
+
+  function appendLoginForm($dom_element, $session, $user) {
+    $form = $dom_element->appendForm('./', 'POST', 'loginform');
+    $form->setAttribute('id', 'loginform');
+    $form->setAttribute('class', 'loginarea hidden');
+    $ulist = $form->appendElement('ul');
+    $ulist->setAttribute('class', 'flat login');
+    $litem = $ulist->appendElement('li');
+    $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval(@$user['id'])?$user['email']:''));
+    $inptxt->setAttribute('autocomplete', 'email');
+    $inptxt->setAttribute('required', '');
+    $inptxt->setAttribute('placeholder', _('Email'));
+    $inptxt->setAttribute('class', 'login');
+    $litem = $ulist->appendElement('li');
+    $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
+    $inptxt->setAttribute('required', '');
+    $inptxt->setAttribute('placeholder', _('Password'));
+    $inptxt->setAttribute('class', 'login');
+    $litem = $ulist->appendElement('li');
+    $litem->appendLink('./?reset', _('Forgot password?'));
+    $litem = $ulist->appendElement('li');
+    $cbox = $litem->appendInputCheckbox('remember', 'login_remember', 'true', false);
+    $cbox->setAttribute('class', 'logincheck');
+    $label = $litem->appendLabel('login_remember', _('Remember me'));
+    $label->setAttribute('id', 'rememprompt');
+    $label->setAttribute('class', 'loginprompt');
+    $litem = $ulist->appendElement('li');
+    $litem->appendInputHidden('tcode', $this->createTimeCode($session));
+    $submit = $litem->appendInputSubmit(_('Log in / Register'));
+    $submit->setAttribute('class', 'loginbutton');
+  }
 }
 ?>