admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#41669 Basic Auth voor API2

Browse Source 
svn path=/Website/trunk/; revision=35029
This commit is contained in:
Jos Groot Lipman
2017-08-21 19:39:19 +00:00
parent 92f94663e5
commit de2387cd3b
2 changed files with 33 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
APPL/AUT/Login.inc
View File

@@ -369,16 +369,16 @@ function testpassword(prs_key, wachtwoord, pmobile)
if (!wachtwoord) if (!wachtwoord)
return false; return false;
var sql = " SELECT prs_perslid_key" var sql = "SELECT prs_perslid_key"
+ " , prs_perslid_flags" + " , prs_perslid_flags"
+ " , prs_perslid_authenticatie" + " , prs_perslid_authenticatie"
+ " , prs_perslid_authenticatie_exp" + " , prs_perslid_authenticatie_exp"
+ " , prs_perslid_salt" + " , prs_perslid_salt"
+ " , prs_perslid_wachtwoord_hash" + " , prs_perslid_wachtwoord_hash"
+ " , prs_perslid_oslogin" + " , prs_perslid_oslogin"
+ " , prs_perslid_apikey" + " , prs_perslid_apikey"
+ " FROM prs_perslid" + " FROM prs_perslid"
+ " WHERE prs_perslid_key = " + prs_key; + " WHERE prs_perslid_key = " + prs_key;
var oRs = Oracle.Execute(sql); var oRs = Oracle.Execute(sql);
var passsalt = oRs("prs_perslid_salt").Value; var passsalt = oRs("prs_perslid_salt").Value;
@@ -492,10 +492,10 @@ function setpassword(prs_key, wachtwoord, expired)
function testotp (prs_key, otprequest) function testotp (prs_key, otprequest)
{ {
var sql = " SELECT prs_perslid_otpsecret" var sql = "SELECT prs_perslid_otpsecret"
+ " , prs_perslid_otpcounter" + " , prs_perslid_otpcounter"
+ " FROM prs_perslid" + " FROM prs_perslid"
+ " WHERE prs_perslid_key = " + prs_key; + " WHERE prs_perslid_key = " + prs_key;
var oRs = Oracle.Execute(sql); var oRs = Oracle.Execute(sql);
var otpsecret = oRs("prs_perslid_otpsecret").Value; var otpsecret = oRs("prs_perslid_otpsecret").Value;
@@ -607,6 +607,7 @@ function getIdentity(username, wachtwoord, params)
var oSLNKDWF = new ActiveXObject("SLNKDWF.About"); var oSLNKDWF = new ActiveXObject("SLNKDWF.About");
// maximaal 80 seconde slapen, anders ASP-timeout // maximaal 80 seconde slapen, anders ASP-timeout
var sleepsec = Math.min(80, S("prs_login_lockout_delay") * Math.pow(S("prs_login_lockout_delayfactor"), founddata.count - 1)); var sleepsec = Math.min(80, S("prs_login_lockout_delay") * Math.pow(S("prs_login_lockout_delayfactor"), founddata.count - 1));
__Log("Vanwege {0} pogingen ga ik {1}ms slapen".format(founddata.count, 1000*sleepsec), "ffd0d0");
oSLNKDWF.Sleep(1000 * sleepsec); oSLNKDWF.Sleep(1000 * sleepsec);
} }
@@ -621,15 +622,15 @@ function getIdentity(username, wachtwoord, params)
logins.push(" prs_perslid_oslogin = " + safe.quoted_sql_upper(username, 30)); logins.push(" prs_perslid_oslogin = " + safe.quoted_sql_upper(username, 30));
logins.push(" prs_perslid_oslogin2 = " + safe.quoted_sql_upper(username, 30)); logins.push(" prs_perslid_oslogin2 = " + safe.quoted_sql_upper(username, 30));
} }
var sql = " SELECT prs_perslid_key " var sql = "SELECT prs_perslid_key "
+ " , prs_perslid_flags" + " , prs_perslid_flags"
+ " , prs_perslid_otpsecret" + " , prs_perslid_otpsecret"
+ " , prs_perslid_otpcounter" + " , prs_perslid_otpcounter"
+ " , prs_perslid_apikey" + " , prs_perslid_apikey"
+ " FROM prs_perslid" + " FROM prs_perslid"
+ " WHERE prs_perslid_verwijder IS NULL" + " WHERE prs_perslid_verwijder IS NULL"
+ " AND (" + logins.join(" OR ") + ")" + " AND (" + logins.join(" OR ") + ")"
+ " AND BITAND(prs_perslid_flags, 1+4+8) = 0"; // 2==unconfirmed staan we nog heel even toe + " AND BITAND(prs_perslid_flags, 1+4+8) = 0"; // 2==unconfirmed staan we nog heel even toe
var oRs = Oracle.Execute(sql); var oRs = Oracle.Execute(sql);
if (oRs.Eof) // Gebruikersnaam niet eens gevonden if (oRs.Eof) // Gebruikersnaam niet eens gevonden
@@ -640,8 +641,9 @@ function getIdentity(username, wachtwoord, params)
var usStart = oSLNKDWF.usTimer; var usStart = oSLNKDWF.usTimer;
var test_hash = oCrypto.hex_pbkdf2("password", "salt", Math.pow(2, workfactor - 5), 20); // 1/32e van een echt wachtwoord als test var test_hash = oCrypto.hex_pbkdf2("password", "salt", Math.pow(2, workfactor - 5), 20); // 1/32e van een echt wachtwoord als test
var tmicro = oSLNKDWF.usTimer - usStart; var tmicro = oSLNKDWF.usTimer - usStart;
__Log("Vanwege niet gevonden gebruiker {0}ms slapen".format(Math.round(tmicro / 1000 * 32)), "ffd0d0");
var oSLNKDWF = new ActiveXObject("SLNKDWF.About"); var oSLNKDWF = new ActiveXObject("SLNKDWF.About");
var sleepmsec = Math.min(80000, tmicro / 1000 * 32); var sleepmsec = Math.min(80000, tmicro / 1000 * 31);
oSLNKDWF.Sleep(sleepmsec); oSLNKDWF.Sleep(sleepmsec);
oRs.Close(); oRs.Close();
return result; return result;
@@ -651,9 +653,13 @@ function getIdentity(username, wachtwoord, params)
var otpcounter = oRs("prs_perslid_otpcounter").Value || -1; var otpcounter = oRs("prs_perslid_otpcounter").Value || -1;
var found = false; var found = false;
if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null // SSO if (oRs("prs_perslid_apikey").Value === username)
|| oRs("prs_perslid_apikey").Value === username {
) params.stateless = true;
wachtwoord = null; // die is verder irrelevant
found = true; // En zijn we verder wel klaar
}
else if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null) // SSO
found = true; // En zijn we verder wel klaar found = true; // En zijn we verder wel klaar
else else
found = testpassword(oRs("prs_perslid_key").Value, wachtwoord, params.mobile); found = testpassword(oRs("prs_perslid_key").Value, wachtwoord, params.mobile);

2
APPL/AUT/loginTry.asp
View File

@@ -89,8 +89,6 @@ if (user_key < 0)
var auth = String(Request.ServerVariables("HTTP_AUTHORIZATION")); var auth = String(Request.ServerVariables("HTTP_AUTHORIZATION"));
if (auth.match(/^Basic /)) if (auth.match(/^Basic /))
{ {
__DoLog("Found Authorization: Basic");
__Logging = 3;
var b64 = auth.substring(6); var b64 = auth.substring(6);
var plain = decode_b64(b64); var plain = decode_b64(b64);
if (plain.split(":").length > 1) if (plain.split(":").length > 1)