X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=index.php;h=cfe66ec2669589a1b138e1b8a2cdcb33e29c1fb5;hp=e01c7d157b47706dff8f6b793f122fa3c9a7d83c;hb=46f7aedadd9c6b1bb64e72c4c0770d9b1030454f;hpb=409b55f4dbb4267e83e8ae2fda56f243ab8be250 diff --git a/index.php b/index.php index e01c7d1..cfe66ec 100644 --- a/index.php +++ b/index.php @@ -18,6 +18,7 @@ $title->appendText('KaiRo.at Authentication Server'); $h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server'); $errors = $utils->checkForSecureConnection(); +$utils->sendSecurityHeaders(); $para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.')); $para->setAttribute('id', 'jswarning'); @@ -70,6 +71,11 @@ if (!count($errors)) { // If the session has a redirect set, make sure it's performed. if (strlen(@$session['saved_redirect'])) { header('Location: '.$utils->getDomainBaseURL().$session['saved_redirect']); + // Remove redirect. + $result = $db->prepare('UPDATE `auth_sessions` SET `saved_redirect` = :redir WHERE `id` = :sessid;'); + if (!$result->execute(array(':redir' => '', ':sessid' => $session['id']))) { + $utils->log('redir_save_failure', 'session: '.$session['id'].', redirect: (empty)'); + } } // If the session has a user set, create a new one - otherwise take existing session entry. if (intval($session['user'])) { @@ -279,6 +285,39 @@ if (!count($errors)) { $errors[] = _('The password reset link you called is not valid. Possibly it has expired and you need to call the "Password forgotten?" function again.'); } } + elseif (array_key_exists('clients', $_GET)) { + $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;'); + $result->execute(array(':userid' => $session['user'])); + $user = $result->fetch(PDO::FETCH_ASSOC); + if ($session['logged_in'] && $user['id']) { + if (array_key_exists('client_id', $_POST) && (strlen($_POST['client_id']) >= 5)) { + $clientid = $_POST['client_id']; + $clientsecret = $utils->createClientSecret(); + $rediruri = strval(@$_POST['redirect_uri']); + $scope = strval(@$_POST['scope']); + $result = $db->prepare('INSERT INTO `oauth_clients` (`client_id`, `client_secret`, `redirect_uri`, `scope`, `user_id`) VALUES (:clientid, :secret, :rediruri, :scope, :userid);'); + if (!$result->execute(array(':clientid' => $clientid, + ':secret' => $clientsecret, + ':rediruri' => $rediruri, + ':scope' => $scope, + ':userid' => $user['id']))) { + $utils->log('client_save_failure', 'client: '.$clientid); + $errors[] = 'Unexpectedly failed to save new client information. Please contact KaiRo.at and tell the team about this.'; + } + } + if (!count($errors)) { + // List clients + $result = $db->prepare('SELECT `client_id`,`client_secret`,`redirect_uri`,`scope` FROM `oauth_clients` WHERE `user_id` = :userid;'); + $result->execute(array(':userid' => $user['id'])); + $clients = $result->fetchAll(PDO::FETCH_ASSOC); + if (!$clients) { $clients = array(); } + $pagetype = 'clientlist'; + } + } + else { + $errors[] = _('This function is only available if you are logged in.'); + } + } elseif (intval($session['user'])) { $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `id` = :userid;'); $result->execute(array(':userid' => $session['user'])); @@ -371,6 +410,45 @@ if (!count($errors)) { } $submit = $litem->appendInputSubmit(_('Save password')); } + elseif ($pagetype == 'clientlist') { + $scopes = array('clientreg', 'email'); + $form = $body->appendForm('?clients', 'POST', 'newclientform'); + $form->setAttribute('id', 'clientform'); + $tbl = $form->appendElement('table'); + $tbl->setAttribute('class', 'clientlist border'); + $thead = $tbl->appendElement('thead'); + $trow = $thead->appendElement('tr'); + $trow->appendElement('th', _('Client ID')); + $trow->appendElement('th', _('Client Secrect')); + $trow->appendElement('th', _('Redirect URI')); + $trow->appendElement('th', _('Scope')); + $trow->appendElement('th'); + $tbody = $tbl->appendElement('tbody'); + foreach ($clients as $client) { + $trow = $tbody->appendElement('tr'); + $trow->appendElement('td', $client['client_id']); + $trow->appendElement('td', $client['client_secret']); + $trow->appendElement('td', $client['redirect_uri']); + $trow->appendElement('td', $client['scope']); + $trow->appendElement('td'); // Future: Delete link? + } + // Form fields for adding a new one. + $tfoot = $tbl->appendElement('tfoot'); + $trow = $tfoot->appendElement('tr'); + $cell = $trow->appendElement('td'); + $inptxt = $cell->appendInputText('client_id', 80, 25, 'client_id'); + $cell = $trow->appendElement('td'); // Empty, as secret will be generated. + $cell = $trow->appendElement('td'); + $inptxt = $cell->appendInputText('redirect_uri', 500, 50, 'redirect_uri'); + $cell = $trow->appendElement('td'); + $select = $cell->appendElementSelect('scope'); + foreach ($scopes as $scope) { + $select->appendElementOption($scope, $scope); + } + //$inptxt = $cell->appendInputText('scope', 100, 20, 'scope'); + $cell = $trow->appendElement('td'); + $submit = $cell->appendInputSubmit(_('Create')); + } elseif ($session['logged_in']) { if ($pagetype == 'reset_done') { $para = $body->appendElement('p', _('Your password has successfully been reset.')); @@ -384,6 +462,10 @@ if (!count($errors)) { $ulist->setAttribute('class', 'flat'); $litem = $ulist->appendElement('li'); $link = $litem->appendLink('./?logout', _('Log out')); + if (in_array($user['email'], $utils->client_reg_email_whitelist)) { + $litem = $ulist->appendElement('li'); + $link = $litem->appendLink('./?clients', _('Manage OAuth2 clients')); + } $litem = $ulist->appendElement('li'); $litem->appendLink('./?reset', _('Set new password')); }