diff --git a/APPL/AUT/Login.inc b/APPL/AUT/Login.inc index b9e1e26532..844a1d9faf 100644 --- a/APPL/AUT/Login.inc +++ b/APPL/AUT/Login.inc @@ -369,16 +369,16 @@ function testpassword(prs_key, wachtwoord, pmobile) if (!wachtwoord) return false; - var sql = " SELECT prs_perslid_key" - + " , prs_perslid_flags" - + " , prs_perslid_authenticatie" - + " , prs_perslid_authenticatie_exp" - + " , prs_perslid_salt" - + " , prs_perslid_wachtwoord_hash" - + " , prs_perslid_oslogin" - + " , prs_perslid_apikey" - + " FROM prs_perslid" - + " WHERE prs_perslid_key = " + prs_key; + var sql = "SELECT prs_perslid_key" + + " , prs_perslid_flags" + + " , prs_perslid_authenticatie" + + " , prs_perslid_authenticatie_exp" + + " , prs_perslid_salt" + + " , prs_perslid_wachtwoord_hash" + + " , prs_perslid_oslogin" + + " , prs_perslid_apikey" + + " FROM prs_perslid" + + " WHERE prs_perslid_key = " + prs_key; var oRs = Oracle.Execute(sql); var passsalt = oRs("prs_perslid_salt").Value; @@ -492,10 +492,10 @@ function setpassword(prs_key, wachtwoord, expired) function testotp (prs_key, otprequest) { - var sql = " SELECT prs_perslid_otpsecret" - + " , prs_perslid_otpcounter" - + " FROM prs_perslid" - + " WHERE prs_perslid_key = " + prs_key; + var sql = "SELECT prs_perslid_otpsecret" + + " , prs_perslid_otpcounter" + + " FROM prs_perslid" + + " WHERE prs_perslid_key = " + prs_key; var oRs = Oracle.Execute(sql); var otpsecret = oRs("prs_perslid_otpsecret").Value; @@ -607,6 +607,7 @@ function getIdentity(username, wachtwoord, params) var oSLNKDWF = new ActiveXObject("SLNKDWF.About"); // maximaal 80 seconde slapen, anders ASP-timeout var sleepsec = Math.min(80, S("prs_login_lockout_delay") * Math.pow(S("prs_login_lockout_delayfactor"), founddata.count - 1)); + __Log("Vanwege {0} pogingen ga ik {1}ms slapen".format(founddata.count, 1000*sleepsec), "ffd0d0"); oSLNKDWF.Sleep(1000 * sleepsec); } @@ -621,15 +622,15 @@ function getIdentity(username, wachtwoord, params) logins.push(" prs_perslid_oslogin = " + safe.quoted_sql_upper(username, 30)); logins.push(" prs_perslid_oslogin2 = " + safe.quoted_sql_upper(username, 30)); } - var sql = " SELECT prs_perslid_key " - + " , prs_perslid_flags" - + " , prs_perslid_otpsecret" - + " , prs_perslid_otpcounter" - + " , prs_perslid_apikey" - + " FROM prs_perslid" - + " WHERE prs_perslid_verwijder IS NULL" - + " AND (" + logins.join(" OR ") + ")" - + " AND BITAND(prs_perslid_flags, 1+4+8) = 0"; // 2==unconfirmed staan we nog heel even toe + var sql = "SELECT prs_perslid_key " + + " , prs_perslid_flags" + + " , prs_perslid_otpsecret" + + " , prs_perslid_otpcounter" + + " , prs_perslid_apikey" + + " FROM prs_perslid" + + " WHERE prs_perslid_verwijder IS NULL" + + " AND (" + logins.join(" OR ") + ")" + + " AND BITAND(prs_perslid_flags, 1+4+8) = 0"; // 2==unconfirmed staan we nog heel even toe var oRs = Oracle.Execute(sql); if (oRs.Eof) // Gebruikersnaam niet eens gevonden @@ -640,8 +641,9 @@ function getIdentity(username, wachtwoord, params) var usStart = oSLNKDWF.usTimer; var test_hash = oCrypto.hex_pbkdf2("password", "salt", Math.pow(2, workfactor - 5), 20); // 1/32e van een echt wachtwoord als test var tmicro = oSLNKDWF.usTimer - usStart; + __Log("Vanwege niet gevonden gebruiker {0}ms slapen".format(Math.round(tmicro / 1000 * 32)), "ffd0d0"); var oSLNKDWF = new ActiveXObject("SLNKDWF.About"); - var sleepmsec = Math.min(80000, tmicro / 1000 * 32); + var sleepmsec = Math.min(80000, tmicro / 1000 * 31); oSLNKDWF.Sleep(sleepmsec); oRs.Close(); return result; @@ -651,9 +653,13 @@ function getIdentity(username, wachtwoord, params) var otpcounter = oRs("prs_perslid_otpcounter").Value || -1; var found = false; - if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null // SSO - || oRs("prs_perslid_apikey").Value === username - ) + if (oRs("prs_perslid_apikey").Value === username) + { + params.stateless = true; + wachtwoord = null; // die is verder irrelevant + found = true; // En zijn we verder wel klaar + } + else if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null) // SSO found = true; // En zijn we verder wel klaar else found = testpassword(oRs("prs_perslid_key").Value, wachtwoord, params.mobile); diff --git a/APPL/AUT/loginTry.asp b/APPL/AUT/loginTry.asp index 5788572aff..1b4a2fce15 100644 --- a/APPL/AUT/loginTry.asp +++ b/APPL/AUT/loginTry.asp @@ -89,8 +89,6 @@ if (user_key < 0) var auth = String(Request.ServerVariables("HTTP_AUTHORIZATION")); if (auth.match(/^Basic /)) { - __DoLog("Found Authorization: Basic"); - __Logging = 3; var b64 = auth.substring(6); var plain = decode_b64(b64); if (plain.split(":").length > 1)