MirrorMirror
/
lufi
mirror of https://framagit.org/fiat-tux/hat-softwares/lufi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for header authentication

This commit is contained in:
mildis 2020-11-24 09:37:52 +01:00
parent 514eb64fcf
commit 537764508d
6 changed files with 51 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cpanfile
View File

@ -7,7 +7,7 @@ requires 'Mojolicious::Plugin::GzipStatic';
requires 'Mojolicious::Plugin::StaticCache';
requires 'Mojolicious::Plugin::CSPHeader', '>= 0.06';
requires 'Mojolicious::Plugin::FiatTux::Helpers', '== 0.12', url => 'https://framagit.org/fiat-tux/mojolicious/fiat-tux/mojolicious-plugin-fiattux-helpers/-/archive/0.12/mojolicious-plugin-fiattux-helpers-0.12.tar.gz';
requires 'Mojolicious::Plugin::FiatTux::GrantAccess', '== 0.07', url => 'https://framagit.org/fiat-tux/mojolicious/fiat-tux/mojolicious-plugin-fiattux-grantaccess/-/archive/0.07/mojolicious-plugin-fiattux-grantaccess-0.07.tar.gz';
requires 'Mojolicious::Plugin::FiatTux::GrantAccess', '== 0.08', url => 'https://framagit.org/fiat-tux/mojolicious/fiat-tux/mojolicious-plugin-fiattux-grantaccess/-/archive/0.08/mojolicious-plugin-fiattux-grantaccess-0.08.tar.gz';
requires 'Mojolicious::Plugin::FiatTux::Themes', '== 0.02', url => 'https://framagit.org/fiat-tux/mojolicious/fiat-tux/mojolicious-plugin-fiattux-themes/-/archive/0.02/mojolicious-plugin-fiattux-themes-0.02.tar.gz';
requires 'Filesys::DiskUsage';
requires 'Switch';
@ -43,6 +43,9 @@ feature 'htpasswd', 'Htpasswd authentication support' => sub {
requires 'Apache::Htpasswd';
requires 'Mojolicious::Plugin::Authentication';
};
feature 'auth_headers', 'Header authentication support' => sub {
requires 'Mojolicious::Plugin::Authentication';
};
feature 'postgresql', 'PostgreSQL support' => sub {
requires 'Mojo::Pg';
requires 'Mojolicious::Plugin::PgURLHelper';

4
lib/Lufi.pm
View File

@ -124,7 +124,7 @@ sub startup {
->to('Misc#change_lang')
->name('lang');
if (defined $self->config('ldap') || defined $self->config('htpasswd')) {
if (defined $self->config('ldap') || defined $self->config('htpasswd') || defined $self->config('auth_headers')) {
# Login page
$r->get('/login')
->to('Auth#login_page');
@ -138,7 +138,7 @@ sub startup {
->to('Auth#log_out')
->name('logout');
if (defined $self->config('ldap') && defined $self->config('invitations')) {
if ((defined $self->config('ldap') || defined $self->config('auth_headers')) && defined $self->config('invitations')) {
# Invitation creation page
$r->get('/invite')
->name('invite')

19
lib/Lufi/Controller/Auth.pm
View File

@ -9,10 +9,21 @@ sub login_page {
if ($c->is_user_authenticated) {
$c->redirect_to('/');
} else {
$c->render(
template => 'login',
redirect => $redirect
);
if ($c->config('auth_headers')) {
if($c->authenticate('dummy', 'dummy')) {
if ($redirect eq 'invite') {
return $c->redirect_to('invite');
} elsif ($redirect eq 'my_invitations') {
return $c->redirect_to('invite_list');
}
return $c->redirect_to('/');
}
} else {
$c->render(
template => 'login',
redirect => $redirect
);
}
}
}

4
lib/Lufi/Controller/Misc.pm
View File

@ -8,7 +8,7 @@ use Lufi::DB::File;
sub index {
my $c = shift;
if ((!defined($c->config('ldap')) && !defined($c->config('htpasswd'))) || $c->is_user_authenticated) {
if ((!defined($c->config('ldap')) && !defined($c->config('htpasswd')) && !defined($c->config('auth_headers'))) || $c->is_user_authenticated) {
$c->render(template => 'index');
} else {
$c->redirect_to('login');
@ -56,7 +56,7 @@ sub config_infos {
force_burn_after_reading => $c->config('force_burn_after_reading'),
keep_ip_during => $c->config('keep_ip_during'),
stop_upload => (-f 'stop-upload' || -f 'stop-upload.manual') ? true : false,
need_authentication => (defined($c->config('ldap')) || defined($c->config('htpasswd'))) ? true : false,
need_authentication => (defined($c->config('ldap')) || defined($c->config('htpasswd')) || defined($c->config('auth_headers'))) ? true : false,
version => $c->git_version
}
);

22
lufi.conf.template
View File

@ -291,6 +291,28 @@
# See 'man htpasswd' to know how to create such file
#htpasswd => 'lufi.passwd',
############################
# HTTP header authentication
############################
# Set `auth_headers` if you want to use HTTP header auth.
# Typically, these headers are set by a reverse-proxy
# acting as an authentication server. Useful for SSO.
# `auth_headers` should contains the user's username.
#
# /!\ LUFI BLINDLY TRUSTS THESE HEADERS
# /!\ IT'S UP TO YOU TO SANITIZE INCOMING HEADERS TO SECURE YOUR INSTANCE
#
#auth_headers => 'X-AUTH-PREFERRED-USERNAME',
#auth_headers_map_value => {
# # Like ldap_map_attr but for headers
# displayname => 'X-AUTH-DISPLAYNAME',
# firstname => 'X-AUTH-GIVENNAME',
# lastname => 'X-AUTH-LASTNAME',
# mail => 'X-AUTH-EMAIL'
#},
#######################
# HTTP Headers settings
#######################

12
themes/default/templates/layouts/default.html.ep
View File

@ -29,10 +29,10 @@
<a href="#" data-activates="mobile" class="button-collapse"><i class="mdi-navigation-menu"></i></a>
<ul id="nav-mobile" class="right hide-on-med-and-down">
<li><a href="<%= $self->config('report') %>"><%= l('Report file') %></a></li>
% if ((!defined(config('ldap')) && !defined(config('htpasswd'))) || is_user_authenticated()) {
% if ((!defined(config('ldap')) && !defined(config('htpasswd')) && !defined(config('auth_headers'))) || is_user_authenticated()) {
<li<%== ' class="active"' if (current_route eq 'index') %>><a href="<%= url_for('/') %>"><%= l('Upload files') %></a></li>
<li<%== ' class="active"' if (current_route eq 'files') %>><a href="<%= url_for('/files') %>"><%= l('My files') %></a></li>
% if (defined config('ldap') && defined config('invitations')) {
% if ((defined config('ldap') || defined config('auth_headers')) && defined config('invitations')) {
<li<%== ' class="active"' if (current_route eq 'invite') %>><a href="<%= url_for('/invite') %>"><%= l('Invite a guest') %></a></li>
<li<%== ' class="active"' if (current_route eq 'invite/list') %>><a href="<%= url_for('/invite/list') %>"><%= l('My invitations') %></a></li>
% }
@ -51,7 +51,7 @@
</div>
</li>
<li<%== ' class="active"' if (current_route eq 'about') %>><a href="<%= url_for('/about') %>"><%= l('About') %></a></li>
% if ((defined(config('ldap')) || defined(config('htpasswd'))) && is_user_authenticated()) {
% if ((defined(config('ldap')) || defined(config('htpasswd')) || defined(config('auth_headers'))) && is_user_authenticated()) {
<li>
<form action="<%= url_for('/logout') %>" method="POST">
%= csrf_field
@ -62,10 +62,10 @@
</ul>
<ul id="mobile" class="side-nav">
<li><a href="<%= $self->config('report') %>"><%= l('Report file') %></a></li>
% if ((!defined(config('ldap')) && !defined(config('htpasswd'))) || is_user_authenticated()) {
% if ((!defined(config('ldap')) && !defined(config('htpasswd')) && !defined(config('auth_headers'))) || is_user_authenticated()) {
<li<%== ' class="active"' if (current_route eq 'index') %>><a href="<%= url_for('/') %>"><%= l('Upload files') %></a></li>
<li<%== ' class="active"' if (current_route eq 'files') %>><a href="<%= url_for('/files') %>"><%= l('My files') %></a></li>
% if (defined config('ldap') && defined config('invitations')) {
% if ((defined config('ldap') || defined config('auth_headers')) && defined config('invitations')) {
<li<%== ' class="active"' if (current_route eq 'invite') %>><a href="<%= url_for('/invite') %>"><%= l('Invite a guest') %></a></li>
<li<%== ' class="active"' if (current_route eq 'invite/list') %>><a href="<%= url_for('/invite/list') %>"><%= l('My invitations') %></a></li>
% }
@ -84,7 +84,7 @@
</div>
</li>
<li<%== ' class="active"' if (current_route eq 'about') %>><a href="<%= url_for('/about') %>"><%= l('About') %></a></li>
% if ((defined(config('ldap')) || defined(config('htpasswd'))) && is_user_authenticated()) {
% if ((defined(config('ldap')) || defined(config('htpasswd')) || defined(config('auth_headers'))) && is_user_authenticated()) {
<li>
<form action="<%= url_for('/logout') %>" method="POST">
%= csrf_field