Autres/RaspAP
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2025-07-08 22:47:40 +02:00
Code Issues Releases Wiki Activity

Merge pull request #1796 from RaspAP/feat/auth-enhancements

Browse Source 
Feature: Auth enhancements
This commit is contained in:
Bill Zimmerman 2025-03-23 15:00:57 +01:00 committed by GitHub
commit 8bd5b1b988
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 64 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
app/img/uri-qr-code.php Executable file
View File

@ -0,0 +1,29 @@
<?php
if (!isset($_GET['uri']) || !filter_var($_GET['uri'], FILTER_VALIDATE_URL)) {
header("HTTP/1.1 400 Bad Request");
exit("Invalid or missing URI parameter");
}
$uri = $_GET['uri'];
$command = "qrencode -t svg -m 0 -o - " . escapeshellarg($uri);
$svg = shell_exec($command);
if ($svg === null) {
error_log("QR generation failed for URI: $uri");
header("HTTP/1.1 500 Internal Server Error");
exit("Failed to generate QR code");
}
$etag = hash('sha256', $uri);
$content_length = strlen($svg);
$last_modified = gmdate("D, d M Y H:i:s") . " GMT";
header("Content-Type: image/svg+xml");
header("Content-Length: $content_length");
header("Last-Modified: $last_modified");
header("ETag: \"$etag\"");
header("X-QR-Code-Content: " . htmlspecialchars($uri, ENT_QUOTES, 'UTF-8'));
echo $svg;

8
app/js/custom.js
View File

@ -1019,6 +1019,14 @@ document.addEventListener("DOMContentLoaded", function () {
} }
}); });
function disableValidation(form) {
form.removeAttribute("novalidate");
form.classList.remove("needs-validation");
form.querySelectorAll("[required]").forEach(function (field) {
field.removeAttribute("required");
});
}
$(document).ready(function() { $(document).ready(function() {
const $htmlElement = $('html'); const $htmlElement = $('html');
const $modeswitch = $('#night-mode'); const $modeswitch = $('#night-mode');

2
includes/admin.php
View File

@ -35,6 +35,8 @@ function DisplayAuthConfig($username)
} else { } else {
$status->addMessage('Old password does not match', 'danger'); $status->addMessage('Old password does not match', 'danger');
} }
} elseif (isset($_POST['logout'])) {
$auth->logout();
} }
echo renderTemplate( echo renderTemplate(

14
src/RaspAP/Auth/HTTPAuth.php
View File

@ -74,6 +74,20 @@ class HTTPAuth
return false; return false;
} }
/*
* Logs out the administrative user
*/
public function logout(): void
{
session_unset(); // unset all session variables
session_destroy(); // destroy the session
$redirectUrl = $_SERVER['REQUEST_URI'];
if (strpos($redirectUrl, '/login') === false) {
header('Location: /login?action=' . urlencode($redirectUrl));
exit();
}
}
/* /*
* Gets the current authentication config * Gets the current authentication config
* return array $config * return array $config

3
src/RaspAP/UI/Sidebar.php
View File

@ -39,9 +39,6 @@ class Sidebar {
); );
$this->addItem(_(getProviderValue($_SESSION["providerID"], "name")), 'fas fa-shield-alt', 'provider_conf', 90, $this->addItem(_(getProviderValue($_SESSION["providerID"], "name")), 'fas fa-shield-alt', 'provider_conf', 90,
fn() => RASPI_VPN_PROVIDER_ENABLED fn() => RASPI_VPN_PROVIDER_ENABLED
);
$this->addItem(_('Authentication'), 'fas fa-user-lock', 'auth_conf', 100,
fn() => RASPI_CONFAUTH_ENABLED
); );
$this->addItem(_('Data usage'), 'fas fa-chart-area', 'data_use', 110, $this->addItem(_('Data usage'), 'fas fa-chart-area', 'data_use', 110,
fn() => RASPI_VNSTAT_ENABLED fn() => RASPI_VNSTAT_ENABLED

13
templates/admin.php
View File

@ -1,10 +1,17 @@
<?php ob_start() ?>
<?php if (!RASPI_MONITOR_ENABLED) : ?>
<input type="submit" class="btn btn-outline btn-primary" name="UpdateAdminPassword" value="<?php echo _("Save settings"); ?>" />
<input type="submit" class="btn btn-warning" name="logout" value="<?php echo _("Logout") ?>" onclick="disableValidation(this.form)"/>
<?php endif ?>
<?php $buttons = ob_get_clean(); ob_end_clean() ?>
<div class="row"> <div class="row">
<div class="col-lg-12"> <div class="col-lg-12">
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<div class="row"> <div class="row">
<div class="col"> <div class="col">
<i class="fas fa-user-lock me-2"></i><?php echo _("Authentication"); ?> <i class="fas fa-user-lock me-2"></i><?php echo _("Authentication"); ?>
</div> </div>
</div><!-- /.row --> </div><!-- /.row -->
</div><!-- /.card-header --> </div><!-- /.card-header -->
@ -58,7 +65,7 @@
</div> </div>
</div> </div>
</div> </div>
<input type="submit" class="btn btn-outline btn-primary" name="UpdateAdminPassword" value="<?php echo _("Save settings"); ?>" /> <?php echo $buttons ?>
</form> </form>
</div><!-- /.card-body --> </div><!-- /.card-body -->
<div class="card-footer"></div> <div class="card-footer"></div>

1
templates/login.php
View File

@ -32,6 +32,7 @@
</div> </div>
<button type="submit" class="btn btn-outline btn-admin-login rounded-pill w-75 mt-4"><?php echo _("Login") ?></button> <button type="submit" class="btn btn-outline btn-admin-login rounded-pill w-75 mt-4"><?php echo _("Login") ?></button>
<div class="small mt-2"><a href="https://docs.raspap.com/authentication/#restoring-defaults" target="_blank"><?php echo _("Forgot password") ?></a></div> <div class="small mt-2"><a href="https://docs.raspap.com/authentication/#restoring-defaults" target="_blank"><?php echo _("Forgot password") ?></a></div>
<img src="app/img/uri-qr-code.php?uri=https://docs.raspap.com/authentication/" class="figure-img img-fluid mt-2" alt="RaspAP docs" style="width:75px;">
</form> </form>
</div> </div>
</div><!-- /.col --> </div><!-- /.col -->