mirror of
https://github.com/ElvishArtisan/rivendell.git
synced 2025-10-12 09:33:37 +02:00
2020-11-06 Fred Gleason <fredg@paravelsystems.com>
* Modified Webget to use tickets for authenticating media transfer requests. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
@@ -82,7 +82,7 @@ MainObject::MainObject(QObject *parent)
|
||||
TextExit("missing REQUEST_METHOD",500,LINE_NUMBER);
|
||||
}
|
||||
if(QString(getenv("REQUEST_METHOD")).lower()=="get") {
|
||||
ServeLogin();
|
||||
ServeLogin(200);
|
||||
Exit(0);
|
||||
}
|
||||
if(QString(getenv("REQUEST_METHOD")).lower()!="post") {
|
||||
@@ -118,7 +118,7 @@ MainObject::MainObject(QObject *parent)
|
||||
// Authenticate Connection
|
||||
//
|
||||
if(!Authenticate()) {
|
||||
ServeLogin();
|
||||
ServeLogin(403);
|
||||
Exit(0);
|
||||
}
|
||||
|
||||
@@ -156,7 +156,7 @@ void MainObject::ripcConnectedData(bool state)
|
||||
direction.toUtf8().constData(),
|
||||
webget_post->clientAddress().toString().toUtf8().constData());
|
||||
rda->logAuthenticationFailure(webget_post->clientAddress()); // So Fail2Ban can notice this
|
||||
ServeLogin();
|
||||
ServeLogin(403);
|
||||
}
|
||||
|
||||
|
||||
@@ -457,14 +457,11 @@ void MainObject::ServeForm()
|
||||
|
||||
printf(" <body>\n");
|
||||
|
||||
|
||||
//
|
||||
// Credentials
|
||||
//
|
||||
printf(" <input type=\"hidden\" name=\"LOGIN_NAME\" id=\"LOGIN_NAME\" value=\"%s\">\n",
|
||||
rda->user()->name().toUtf8().constData());
|
||||
printf(" <input type=\"hidden\" name=\"PASSWORD\" id=\"PASSWORD\" value=\"%s\">\n",
|
||||
webget_remote_password.toUtf8().constData());
|
||||
printf(" <input type=\"hidden\" name=\"TICKET\" id=\"TICKET\" value=\"%s\">\n",
|
||||
webget_ticket.toUtf8().constData());
|
||||
|
||||
//
|
||||
// Get Audio
|
||||
@@ -554,9 +551,11 @@ void MainObject::ServeForm()
|
||||
}
|
||||
|
||||
|
||||
void MainObject::ServeLogin()
|
||||
void MainObject::ServeLogin(int resp_code)
|
||||
{
|
||||
printf("Content-type: text/html\n\n");
|
||||
printf("Content-type: text/html\n");
|
||||
printf("Status: %d\n",resp_code);
|
||||
printf("\n");
|
||||
|
||||
//
|
||||
// Head
|
||||
@@ -601,6 +600,27 @@ void MainObject::ServeLogin()
|
||||
|
||||
bool MainObject::Authenticate()
|
||||
{
|
||||
QDateTime expire_dt;
|
||||
|
||||
//
|
||||
// First try ticket authentication
|
||||
//
|
||||
if(webget_post->getValue("TICKET",&webget_ticket)) {
|
||||
if(RDUser::ticketIsValid(webget_ticket,webget_post->clientAddress(),
|
||||
&webget_remote_username)) {
|
||||
rda->user()->setName(webget_remote_username);
|
||||
if(!rda->user()->webgetLogin()) {
|
||||
rda->logAuthenticationFailure(webget_post->clientAddress(),
|
||||
webget_remote_username);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// Then, try to authenticate by username/password
|
||||
//
|
||||
if(!webget_post->getValue("LOGIN_NAME",&webget_remote_username)) {
|
||||
rda->syslog(LOG_WARNING,"missing LOGIN_NAME");
|
||||
rda->logAuthenticationFailure(webget_post->clientAddress());
|
||||
@@ -620,6 +640,12 @@ bool MainObject::Authenticate()
|
||||
webget_remote_username);
|
||||
return false;
|
||||
}
|
||||
if(!rda->user()->createTicket(&webget_ticket,&expire_dt,
|
||||
webget_post->clientAddress())) {
|
||||
rda->logAuthenticationFailure(webget_post->clientAddress(),
|
||||
webget_remote_username);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ class MainObject : public QObject
|
||||
void GetAudio();
|
||||
void PutAudio();
|
||||
void ServeForm();
|
||||
void ServeLogin();
|
||||
void ServeLogin(int resp_code);
|
||||
bool Authenticate();
|
||||
void Exit(int code);
|
||||
void TextExit(const QString &msg,int code,int line) const;
|
||||
@@ -52,6 +52,7 @@ class MainObject : public QObject
|
||||
QString webget_remote_hostname;
|
||||
QString webget_remote_username;
|
||||
QString webget_remote_password;
|
||||
QString webget_ticket;
|
||||
QHostAddress webget_remote_address;
|
||||
};
|
||||
|
||||
|
||||
@@ -26,8 +26,7 @@ function ProcessGet()
|
||||
{
|
||||
form=new FormData();
|
||||
|
||||
form.append('LOGIN_NAME',Id('LOGIN_NAME').value);
|
||||
form.append('PASSWORD',Id('PASSWORD').value);
|
||||
form.append('TICKET',Id('TICKET').value);
|
||||
form.append('direction','get');
|
||||
form.append('title',Id('title').value);
|
||||
form.append('preset',Id('preset').value);
|
||||
@@ -40,8 +39,7 @@ function ProcessPut()
|
||||
{
|
||||
form=new FormData();
|
||||
|
||||
form.append('LOGIN_NAME',Id('LOGIN_NAME').value);
|
||||
form.append('PASSWORD',Id('PASSWORD').value);
|
||||
form.append('TICKET',Id('TICKET').value);
|
||||
form.append('direction','put');
|
||||
form.append('group',Id('group').value);
|
||||
form.append('filename',Id('filename').files[0]);
|
||||
@@ -77,7 +75,14 @@ function SendForm(form,url,spinner_id)
|
||||
if(f0[0]=='text/html') {
|
||||
reader=new FileReader();
|
||||
reader.addEventListener('loadend',()=> {
|
||||
alert(reader.result);
|
||||
if(http.status==403) { // Ticket expired, display the login
|
||||
document.open(http.getResponseHeader("Content-Type"));
|
||||
document.write(reader.result);
|
||||
document.close();
|
||||
}
|
||||
else {
|
||||
alert(reader.result);
|
||||
}
|
||||
});
|
||||
reader.readAsText(blob);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user