admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JWT iets robuuster

Browse Source 
svn path=/Website/trunk/; revision=32115
This commit is contained in:
Jos Groot Lipman
2016-12-22 13:31:08 +00:00
parent 57faa4cab6
commit 7a8bc4020e
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
APPL/Shared/loginTry.asp
View File

@@ -86,7 +86,6 @@ if (user_key < 0)
doLogin(userauth);
}
}
// jwt claim
// TODO: altijd/ ook als user_key > 0?
// Niet zo maar een getFParam proberen. Dat nekt API2/PUT's binaryRead
@@ -149,14 +148,22 @@ if ((user_key < 0 || getQParamInt("jwtforce", 0) == 1) && jwt)
{
settings.overrule_setting("login_use_email", 0);
tryLogin(claim.payload.username, null, { noPassword: true, noFacSession: by_bearer, isFACFACinternal: isFACFACinternal });
if (user_key < 0)
__DoLog("JWT Claimed username not found: {0}".format(claim.payload.username))
}
if (user_key < 0 && claim.payload.email) // je mag email meegeven
{
settings.overrule_setting("login_use_email", 1);
tryLogin(claim.payload.email, null, { noPassword: true, noFacSession: by_bearer, isFACFACinternal: isFACFACinternal });
if (user_key < 0)
__DoLog("JWT Claimed email not found: {0}".format(claim.payload.email))
}
if (user_key < 0 && claim.perslid_key > 0)
{
doLogin(claim.payload.perslid_key, { noFacSession: by_bearer, isFACFACinternal: isFACFACinternal }); // je mag ook key meegeven
if (user_key < 0)
__DoLog("JWT Claimed perslid_key not found: {0}".format(claim.payload.perslid_key))
}
if (user_key > 0)
{
@@ -252,6 +259,8 @@ if (user_key < 0 && sso && sso != "0") // "0" is een hardcoded special case
var audience = oRs("fac_idp_audience").Value;
var issuer = oRs("fac_idp_issuer").Value;
var url = oRs("fac_idp_remote_loginurl").Value;
if (!url) // regulier bij Logcenter-sso CUSTOMER als gebruiker (nog) niet bekend is
shared.internal_error("User unknown and Identity Provider '{0}' has no login url".format(sso));
url += (url.indexOf("?")>=0?"&":"?") + "fac_id=" + customerId;
url += "&aud=" + safe.url(audience) + "&iss=" + safe.url(issuer) ;
var redirect_uri = HTTP.urlzelf() + "/";