From 0efde55e4be0e77fc4621796e1d2fd49f3eb0b4d Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Tue, 8 Feb 2022 18:19:17 -0500 Subject: [PATCH] Re-encode the auth cookie with the properly formatted user name. This makes the client side parse it properly. --- webcit-ng/admin_functions.c | 39 ++++++++++++++++++++++++++---------- webcit-ng/ctdlclient.c | 11 +++++++--- webcit-ng/static/js/login.js | 9 ++++++--- 3 files changed, 42 insertions(+), 17 deletions(-) diff --git a/webcit-ng/admin_functions.c b/webcit-ng/admin_functions.c index 196fe5286..4865b8c66 100644 --- a/webcit-ng/admin_functions.c +++ b/webcit-ng/admin_functions.c @@ -31,18 +31,36 @@ void try_login(struct http_transaction *h, struct ctdlsession *c) { syslog(LOG_DEBUG, "try_login(username='%s',password=(%d bytes))", username, (int) strlen(password)); - ctdl_printf(c, "LOUT"); // log out, in case we were logged in - ctdl_readline(c, buf, sizeof(buf)); // ignore the result - memset(c->auth, 0, AUTH_MAX); // if this connection had auth, it doesn't now. - memset(c->whoami, 0, 64); // if this connection had auth, it doesn't now. - - login_success = login_to_citadel(c, auth, buf); // Now try logging in to Citadel + ctdl_printf(c, "LOUT"); // log out, in case we were logged in + ctdl_readline(c, buf, sizeof(buf)); // ignore the result + memset(c->auth, 0, AUTH_MAX); // if this connection had auth, it doesn't now. + memset(c->whoami, 0, 64); // if this connection had auth, it doesn't now. + login_success = login_to_citadel(c, auth, buf); // Now try logging in to Citadel + + JsonValue *j = NewJsonObject(HKEY("login")); // Compose a JSON object with the results + if (buf[0] == '2') { + JsonObjectAppend(j, NewJsonBool(HKEY("result"), 1)); + JsonObjectAppend(j, NewJsonPlainString(HKEY("message"), "logged in", -1)); + extract_token(username, &buf[4], 0, '|', sizeof username); // This will have the proper capitalization etc. + JsonObjectAppend(j, NewJsonPlainString(HKEY("fullname"), username, -1)); + JsonObjectAppend(j, NewJsonNumber(HKEY("axlevel"), extract_int(&buf[4], 1) )); + JsonObjectAppend(j, NewJsonNumber(HKEY("timescalled"), extract_long(&buf[4], 2) )); + JsonObjectAppend(j, NewJsonNumber(HKEY("posted"), extract_long(&buf[4], 3) )); + JsonObjectAppend(j, NewJsonNumber(HKEY("usernum"), extract_long(&buf[4], 5) )); + JsonObjectAppend(j, NewJsonNumber(HKEY("previous_login"), extract_long(&buf[4], 6) )); + } + else { + JsonObjectAppend(j, NewJsonBool(HKEY("result"), 0)); + JsonObjectAppend(j, NewJsonPlainString(HKEY("message"), &buf[4], -1)); + } + StrBuf *sj = NewStrBuf(); + SerializeJson(sj, j, 1); // '1' == free the source object - h->response_code = 200; // 'buf' will contain the relevant response + add_response_header(h, strdup("Content-type"), strdup("application/json")); + h->response_code = 200; h->response_string = strdup("OK"); - add_response_header(h, strdup("Content-type"), strdup("text/plain")); - h->response_body = strdup(buf); - h->response_body_length = strlen(h->response_body); + h->response_body_length = StrLength(sj); + h->response_body = SmashStrBuf(&sj); } @@ -57,7 +75,6 @@ void logout(struct http_transaction *h, struct ctdlsession *c) { ctdl_printf(c, "LOUT"); // log out ctdl_readline(c, buf, sizeof(buf)); // ignore the result strcpy(c->auth, "x"); - //memset(c->auth, 0, AUTH_MAX); // if this connection had auth, it doesn't now. memset(c->whoami, 0, 64); // if this connection had auth, it doesn't now. http_redirect(h, "/ctdl/s/index.html"); // go back where we started :) diff --git a/webcit-ng/ctdlclient.c b/webcit-ng/ctdlclient.c index def999ec2..a861e2af7 100644 --- a/webcit-ng/ctdlclient.c +++ b/webcit-ng/ctdlclient.c @@ -204,13 +204,18 @@ int login_to_citadel(struct ctdlsession *c, char *auth, char *resultbuf) { ctdl_readline(c, buf, 1024); if (buf[0] == '2') { - strcpy(c->auth, auth); extract_token(c->whoami, &buf[4], 0, '|', sizeof c->whoami); - syslog(LOG_DEBUG, "Login succeeded: %s", buf); + syslog(LOG_DEBUG, "Logged in as %s", c->whoami); + + // Re-encode the auth string so it contains the properly formatted username + char new_auth_string[1024]; + snprintf(new_auth_string, sizeof(new_auth_string), "%s:%s", c->whoami, supplied_password); + CtdlEncodeBase64(c->auth, new_auth_string, strlen(new_auth_string), 0); + return(0); } - syslog(LOG_DEBUG, "Login failed: %s", buf); + syslog(LOG_DEBUG, "Login failed: %s", &buf[4]); return(1); // login failed; resultbuf will explain why } diff --git a/webcit-ng/static/js/login.js b/webcit-ng/static/js/login.js index 7f35b8ea3..bc13e00f2 100644 --- a/webcit-ng/static/js/login.js +++ b/webcit-ng/static/js/login.js @@ -52,20 +52,23 @@ function login_button(username) { var request = new XMLHttpRequest(); request.open("POST", "/ctdl/a/login", true); request.onreadystatechange = function() { - login_result(this.responseText); + if (this.readyState === XMLHttpRequest.DONE) { + login_result(JSON.parse(this.responseText)); + } }; request.send(parms); request = null; } +// Feed this a JSON output from login_button() or a similar function function login_result(data) { - if (data.substring(0,1) == "2") { + if (data.result) { document.getElementById("ctdl_big_modal").style.display = "none"; ctdl_startup(); // let the regular startup code take care of everything else } else { - display_login_screen(data.substring(4)); + display_login_screen(data.message); } } -- 2.39.2