admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#41669 Basic Auth voor API2

Browse Source 
svn path=/Website/trunk/; revision=35029
This commit is contained in:
Jos Groot Lipman
2017-08-21 19:39:19 +00:00
parent 92f94663e5
commit de2387cd3b
2 changed files with 33 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
APPL/AUT/Login.inc
View File

@@ -607,6 +607,7 @@ function getIdentity(username, wachtwoord, params)
var oSLNKDWF = new ActiveXObject("SLNKDWF.About");
// maximaal 80 seconde slapen, anders ASP-timeout
var sleepsec = Math.min(80, S("prs_login_lockout_delay") * Math.pow(S("prs_login_lockout_delayfactor"), founddata.count - 1));
__Log("Vanwege {0} pogingen ga ik {1}ms slapen".format(founddata.count, 1000*sleepsec), "ffd0d0");
oSLNKDWF.Sleep(1000 * sleepsec);
}
@@ -640,8 +641,9 @@ function getIdentity(username, wachtwoord, params)
var usStart = oSLNKDWF.usTimer;
var test_hash = oCrypto.hex_pbkdf2("password", "salt", Math.pow(2, workfactor - 5), 20); // 1/32e van een echt wachtwoord als test
var tmicro = oSLNKDWF.usTimer - usStart;
__Log("Vanwege niet gevonden gebruiker {0}ms slapen".format(Math.round(tmicro / 1000 * 32)), "ffd0d0");
var oSLNKDWF = new ActiveXObject("SLNKDWF.About");
var sleepmsec = Math.min(80000, tmicro / 1000 * 32);
var sleepmsec = Math.min(80000, tmicro / 1000 * 31);
oSLNKDWF.Sleep(sleepmsec);
oRs.Close();
return result;
@@ -651,9 +653,13 @@ function getIdentity(username, wachtwoord, params)
var otpcounter = oRs("prs_perslid_otpcounter").Value || -1;
var found = false;
if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null // SSO
|| oRs("prs_perslid_apikey").Value === username
)
if (oRs("prs_perslid_apikey").Value === username)
{
params.stateless = true;
wachtwoord = null; // die is verder irrelevant
found = true; // En zijn we verder wel klaar
}
else if (/* nog niet vanuit SAML/default.asp params.noPassword && */ wachtwoord == null) // SSO
found = true; // En zijn we verder wel klaar
else
found = testpassword(oRs("prs_perslid_key").Value, wachtwoord, params.mobile);

2
APPL/AUT/loginTry.asp
View File

@@ -89,8 +89,6 @@ if (user_key < 0)
var auth = String(Request.ServerVariables("HTTP_AUTHORIZATION"));
if (auth.match(/^Basic /))
{
__DoLog("Found Authorization: Basic");
__Logging = 3;
var b64 = auth.substring(6);
var plain = decode_b64(b64);
if (plain.split(":").length > 1)