$h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
$errors = $utils->checkForSecureConnection();
+$utils->sendSecurityHeaders();
$para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
$para->setAttribute('id', 'jswarning');
$utils->log('login', 'user: '.$user['id']);
$sesskey = $utils->createSessionKey();
setcookie('sessionkey', $sesskey, 0, "", "", !$utils->running_on_localhost, true); // Last two params are secure and httponly, secure is not set on localhost.
+ // If the session has a redirect set, make sure it's performed.
+ if (strlen(@$session['saved_redirect'])) {
+ header('Location: '.$utils->getDomainBaseURL().$session['saved_redirect']);
+ // Remove redirect.
+ $result = $db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;');
+ if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) {
+ $utils->log('redir_save_failure', 'session: '.$session['id'].', redirect: (empty)');
+ }
+ }
// If the session has a user set, create a new one - otherwise take existing session entry.
if (intval($session['user'])) {
$result = $db->prepare('INSERT INTO `auth_sessions` (`sesskey`, `time_expire`, `user`, `logged_in`) VALUES (:sesskey, :expire, :userid, TRUE);');
$mail->addMailText(sprintf(_('This email address, %s, has been used for registration on "%s".'),
$user['email'], _('KaiRo.at Authentication Service'))."\n\n");
$mail->addMailText(_('Please confirm that registration by clicking the following link (or calling it up in your browser):')."\n");
- $mail->addMailText(($utils->running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'].strstr($_SERVER['REQUEST_URI'], '?', true)
+ $mail->addMailText($utils->getDomainBaseURL().strstr($_SERVER['REQUEST_URI'], '?', true)
.'?email='.rawurlencode($user['email']).'&verification_code='.rawurlencode($user['verify_hash'])."\n\n");
$mail->addMailText(_('With this confirmation, you accept that we handle your data for the purpose of logging you into other websites when you request that.')."\n");
$mail->addMailText(_('Those websites will get to know your email address but not your password, which we store securely.')."\n");
$mail->addMailText(sprintf(_('A request for setting a new password for this email address, %s, has been submitted on "%s".'),
$user['email'], _('KaiRo.at Authentication Service'))."\n\n");
$mail->addMailText(_('You can set a new password by clicking the following link (or calling it up in your browser):')."\n");
- $mail->addMailText(($utils->running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'].strstr($_SERVER['REQUEST_URI'], '?', true)
+ $mail->addMailText($utils->getDomainBaseURL().strstr($_SERVER['REQUEST_URI'], '?', true)
.'?email='.rawurlencode($user['email']).'&reset_code='.rawurlencode($resetcode)."\n\n");
$mail->addMailText(_('If you do not call this confirmation link within 1 hour, this link expires and the existing password is being kept in place.')."\n\n");
$mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
}
}
else {
- $errors[] = _('The form you used was not valid. Possibly it has expired and you need to initiate the action again.');
+ $errors[] = _('The form you used was not valid. Possibly it has expired and you need to initiate the action again, or you have disabled cookies for this site.');
}
}
elseif (array_key_exists('reset', $_GET)) {
$errors[] = _('The password reset link you called is not valid. Possibly it has expired and you need to call the "Password forgotten?" function again.');
}
}
+ elseif (array_key_exists('clients', $_GET)) {
+ $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
+ $result->execute(array(':userid' => $session['user']));
+ $user = $result->fetch(PDO::FETCH_ASSOC);
+ if ($session['logged_in'] && $user['id']) {
+ if (array_key_exists('client_id', $_POST) && (strlen($_POST['client_id']) >= 5)) {
+ $clientid = $_POST['client_id'];
+ $clientsecret = $utils->createClientSecret();
+ $rediruri = strval(@$_POST['redirect_uri']);
+ $scope = strval(@$_POST['scope']);
+ $result = $db->prepare('INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`, `scope`, `user_id`) VALUES (:clientid, :secret, :rediruri, :scope, :userid);');
+ if (!$result->execute(array(':clientid' => $clientid,
+ ':secret' => $clientsecret,
+ ':rediruri' => $rediruri,
+ ':scope' => $scope,
+ ':userid' => $user['id']))) {
+ $utils->log('client_save_failure', 'client: '.$clientid);
+ $errors[] = 'Unexpectedly failed to save new client information. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.';
+ }
+ }
+ if (!count($errors)) {
+ // List clients
+ $result = $db->prepare('SELECT `client_id`,`client_secret`,`redirect_uri`,`scope` FROM `oauth_clients` WHERE `user_id` = :userid;');
+ $result->execute(array(':userid' => $user['id']));
+ $clients = $result->fetchAll(PDO::FETCH_ASSOC);
+ if (!$clients) { $clients = array(); }
+ $pagetype = 'clientlist';
+ }
+ }
+ else {
+ $errors[] = _('This function is only available if you are logged in.');
+ }
+ }
elseif (intval($session['user'])) {
$result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `id` = :userid;');
$result->execute(array(':userid' => $session['user']));
if ($pagetype == 'verification_sent') {
$para = $body->appendElement('p', sprintf(_('An email for confirmation has been sent to %s. Please follow the link provided there to complete the process.'), $user['email']));
$para->setAttribute('class', 'verifyinfo pending');
+ $para = $body->appendElement('p', _('Reload this page after you confirm to continue.'));
+ $para->setAttribute('class', 'verifyinfo pending');
+ $para = $body->appendElement('p');
+ $para->setAttribute('class', 'verifyinfo pending');
+ $link = $para->appendLink('./', _('Reload'));
}
elseif ($pagetype == 'resetmail_sent') {
$para = $body->appendElement('p',
_('An email has been sent to the requested account with further information. If you do not receive an email then please confirm you have entered the same email address used during account registration.'));
$para->setAttribute('class', 'resetinfo pending');
+ $para = $body->appendElement('p');
+ $para->setAttribute('class', 'resetinfo pending small');
+ $link = $para->appendLink('./', _('Back to top'));
}
elseif ($pagetype == 'resetstart') {
$para = $body->appendElement('p', _('If you forgot your password or didn\'t receive the registration confirmation, please enter your email here.'));
$litem = $ulist->appendElement('li');
$litem->appendInputHidden('tcode', $utils->createTimeCode($session));
$submit = $litem->appendInputSubmit(_('Send instructions to email'));
+ $para = $form->appendElement('p');
+ $para->setAttribute('class', 'toplink small');
+ $link = $para->appendLink('./', _('Cancel'));
}
elseif ($pagetype == 'resetpwd') {
$para = $body->appendElement('p', sprintf(_('You can set a new password for %s here.'), $user['email']));
- $para->setAttribute('class', '');
+ $para->setAttribute('class', 'newpwdinfo');
$form = $body->appendForm('./', 'POST', 'newpwdform');
$form->setAttribute('id', 'loginform');
$form->setAttribute('class', 'loginarea hidden');
$litem->appendInputHidden('vcode', $user['verify_hash']);
}
$submit = $litem->appendInputSubmit(_('Save password'));
+ $para = $form->appendElement('p');
+ $para->setAttribute('class', 'toplink small');
+ $link = $para->appendLink('./', _('Cancel'));
+ }
+ elseif ($pagetype == 'clientlist') {
+ $scopes = array('clientreg', 'email');
+ $form = $body->appendForm('?clients', 'POST', 'newclientform');
+ $form->setAttribute('id', 'clientform');
+ $tbl = $form->appendElement('table');
+ $tbl->setAttribute('class', 'clientlist border');
+ $thead = $tbl->appendElement('thead');
+ $trow = $thead->appendElement('tr');
+ $trow->appendElement('th', _('Client ID'));
+ $trow->appendElement('th', _('Client Secrect'));
+ $trow->appendElement('th', _('Redirect URI'));
+ $trow->appendElement('th', _('Scope'));
+ $trow->appendElement('th');
+ $tbody = $tbl->appendElement('tbody');
+ foreach ($clients as $client) {
+ $trow = $tbody->appendElement('tr');
+ $trow->appendElement('td', $client['client_id']);
+ $trow->appendElement('td', $client['client_secret']);
+ $trow->appendElement('td', $client['redirect_uri']);
+ $trow->appendElement('td', $client['scope']);
+ $trow->appendElement('td'); // Future: Delete link?
+ }
+ // Form fields for adding a new one.
+ $tfoot = $tbl->appendElement('tfoot');
+ $trow = $tfoot->appendElement('tr');
+ $cell = $trow->appendElement('td');
+ $inptxt = $cell->appendInputText('client_id', 80, 25, 'client_id');
+ $cell = $trow->appendElement('td'); // Empty, as secret will be generated.
+ $cell = $trow->appendElement('td');
+ $inptxt = $cell->appendInputText('redirect_uri', 500, 50, 'redirect_uri');
+ $cell = $trow->appendElement('td');
+ $select = $cell->appendElementSelect('scope');
+ foreach ($scopes as $scope) {
+ $select->appendElementOption($scope, $scope);
+ }
+ //$inptxt = $cell->appendInputText('scope', 100, 20, 'scope');
+ $cell = $trow->appendElement('td');
+ $submit = $cell->appendInputSubmit(_('Create'));
+ $para = $form->appendElement('p');
+ $para->setAttribute('class', 'toplink');
+ $link = $para->appendLink('./', _('Back to top'));
}
elseif ($session['logged_in']) {
if ($pagetype == 'reset_done') {
$ulist->setAttribute('class', 'flat');
$litem = $ulist->appendElement('li');
$link = $litem->appendLink('./?logout', _('Log out'));
+ if (in_array($user['email'], $utils->client_reg_email_whitelist)) {
+ $litem = $ulist->appendElement('li');
+ $link = $litem->appendLink('./?clients', _('Manage OAuth2 clients'));
+ }
$litem = $ulist->appendElement('li');
$litem->appendLink('./?reset', _('Set new password'));
}
$para = $body->appendElement('p', _('Your password has successfully been reset. You can log in now with the new password.'));
$para->setAttribute('class', 'resetinfo done');
}
- $form = $body->appendForm('./', 'POST', 'loginform');
- $form->setAttribute('id', 'loginform');
- $form->setAttribute('class', 'loginarea hidden');
- $ulist = $form->appendElement('ul');
- $ulist->setAttribute('class', 'flat login');
- $litem = $ulist->appendElement('li');
- $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval($user['id'])?$user['email']:''));
- $inptxt->setAttribute('autocomplete', 'email');
- $inptxt->setAttribute('required', '');
- $inptxt->setAttribute('placeholder', _('Email'));
- $inptxt->setAttribute('class', 'login');
- $litem = $ulist->appendElement('li');
- $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
- $inptxt->setAttribute('required', '');
- $inptxt->setAttribute('placeholder', _('Password'));
- $inptxt->setAttribute('class', 'login');
- $litem = $ulist->appendElement('li');
- $litem->appendLink('./?reset', _('Forgot password?'));
- $litem = $ulist->appendElement('li');
- $cbox = $litem->appendInputCheckbox('remember', 'login_remember', 'true', false);
- $cbox->setAttribute('class', 'logincheck');
- $label = $litem->appendLabel('login_remember', _('Remember me'));
- $label->setAttribute('id', 'rememprompt');
- $label->setAttribute('class', 'loginprompt');
- $litem = $ulist->appendElement('li');
- $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
- $submit = $litem->appendInputSubmit(_('Log in / Register'));
- $submit->setAttribute('class', 'loginbutton');
+ $utils->appendLoginForm($body, $session, $user);
}
}
projects / authserver.git / blobdiff