OAuth2 Saved Login Session Mechanism
This commit is contained in:
@@ -2,6 +2,10 @@
|
||||
// Create an account and apply SSH key
|
||||
$config = json_decode(file_get_contents("/var/www/usergen/secret/config.json", true));
|
||||
|
||||
require_once("/var/www/usergen/secret/helpers.php");
|
||||
require_once("/var/www/usergen/secret/oauth.php");
|
||||
require_once("/var/www/usergen/secret/rsa.php");
|
||||
|
||||
function checkParameters($parameterArray){
|
||||
$error = false;
|
||||
foreach($parameterArray as $parameter){
|
||||
@@ -18,12 +22,13 @@ function apiResult($result){
|
||||
exit();
|
||||
}
|
||||
|
||||
function success(){
|
||||
apiResult(array("status" => true));
|
||||
function success($encryptedToken){
|
||||
$Auth = verifyEncToken($encryptedToken);
|
||||
returnSuccess(true, buildEncToken($Auth["AuthToken"], $Auth["UserID"], $_SERVER["REMOTE_ADDR"], $_SERVER["HTTP_USER_AGENT"]));
|
||||
}
|
||||
|
||||
function error($error){
|
||||
apiResult(array("status" => false, "error" => $error));
|
||||
returnError($error);
|
||||
}
|
||||
|
||||
function validateUsername($username){
|
||||
@@ -34,33 +39,30 @@ function validatePublicKey($key){
|
||||
return (preg_match("/^(ssh-rsa AAAAB3NzaC1yc2|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1Mj|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|ssh-dss AAAAB3NzaC1kc3)[0-9A-Za-z+\/]+[=]{0,3}( .*)?$/", $key) == 1);
|
||||
}
|
||||
|
||||
if (checkParameters(array("pubkey", "userId", "authToken"))){
|
||||
if (checkParameters(array("pubkey", "token"))){
|
||||
error("Missing parameters");
|
||||
}
|
||||
|
||||
$userToken = $_POST["authToken"];
|
||||
$userId = $_POST["userId"];
|
||||
$userToken = $_POST["token"];
|
||||
$pubkey = $_POST["pubkey"];
|
||||
|
||||
if(!validatePublicKey($pubkey)){
|
||||
error("Invalid public key");
|
||||
}
|
||||
|
||||
$request = curl_init();
|
||||
curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
|
||||
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
|
||||
curl_setopt($request, CURLOPT_HTTPHEADER, array(
|
||||
"Authorization: Bearer ".$userToken
|
||||
));
|
||||
$response = curl_exec($request);
|
||||
curl_close($request);
|
||||
$User = json_decode($response);
|
||||
$User = verifyEncToken($userToken);
|
||||
// Check User
|
||||
if($User->id != $userId){
|
||||
error("User Mismatch");
|
||||
|
||||
if (gettype($User) == "string") {
|
||||
// Invalid Token
|
||||
error($User);
|
||||
}else{
|
||||
// Valid Token
|
||||
$User = $User["MastodonData"];
|
||||
}
|
||||
|
||||
if(!validateUsername($User->username)){
|
||||
error("Invalid Username");
|
||||
error("Invalid POSIX Username");
|
||||
}
|
||||
// Create temporary pubkey holding file
|
||||
$TempFileName = "/etc/ttyserver/tmp/".uniqid("ssh-", true).".pub";
|
||||
@@ -68,11 +70,11 @@ if(!file_put_contents($TempFileName, $pubkey."\n")){
|
||||
error("Key Addition Failed: Temp");
|
||||
}
|
||||
// Run User Generation Tool
|
||||
// TODO: Replace with custom Rust PHP Extension
|
||||
// TODO: Replace with custom Rust PHP Extension?
|
||||
$UserGenCode = shell_exec("/usr/bin/sudo /etc/ttyserver/bin/mkuser \"".$User->username."\" \"".$TempFileName."\" 2>&1; echo $?");
|
||||
if($UserGenCode != "0"){
|
||||
error("Key Addition Failed: MK-".$UserGenCode);
|
||||
}
|
||||
success();
|
||||
success($userToken);
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user