Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding redirect warnings to external systems
Deploy / deploy (push) Successful in 33s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-07 22:37:44 +02:00
parent f9a814445b
commit f038581c34
5 changed files with 86 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/login/confirm_external_redirect.php
+8
View File
@@ -0,0 +1,8 @@
<?php
include "../utils/security.php";
secure_session_start();
header('Content-Type: application/json');
$_SESSION["external_domain_confirmed"] = true;
echo json_encode(['success' => true]);
app-code/api/login/redirect.php
+13 -4
View File
@@ -56,10 +56,19 @@ else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 &&
mysqli_stmt_execute($stmt); mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt); mysqli_stmt_close($stmt);
if(!empty($send_to)){ if(!empty($send_to)){
$data=[ $external_domain = is_external_domain($send_to);
'message' => 'done', if ($external_domain !== null && !isset($_SESSION["external_domain_confirmed"])){
'redirect' => append_auth_token_to_redirect($send_to, $auth_token) $data=[
]; 'message' => 'external_redirect_warning',
'domain' => $external_domain,
'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
];
}else{
$data=[
'message' => 'done',
'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
];
}
}else{ }else{
$data=[ $data=[
'message' => 'done', 'message' => 'done',
app-code/api/login/set_username.php
+1
View File
@@ -11,6 +11,7 @@ $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
check_rate_limit($conn, 'set_username', 30, 60); check_rate_limit($conn, 'set_username', 30, 60);
$_SESSION["needs_auth"]=true; $_SESSION["needs_auth"]=true;
$_SESSION["logged_in"]=false; $_SESSION["logged_in"]=false;
unset($_SESSION["external_domain_confirmed"]);
$username = strtolower((string) ($_POST["username"] ?? "")); $username = strtolower((string) ($_POST["username"] ?? ""));
$_SESSION["username"]=preg_replace("/[^a-z0-9_]/","",$username); $_SESSION["username"]=preg_replace("/[^a-z0-9_]/","",$username);
session_regenerate_id(true); session_regenerate_id(true);
app-code/api/utils/security.php
+19
View File
@@ -295,4 +295,23 @@ function append_auth_token_to_redirect(string $redirect, string $auth_token): st
return $redirect . $separator . 'auth=' . rawurlencode($auth_token); return $redirect . $separator . 'auth=' . rawurlencode($auth_token);
} }
function is_external_domain(string $url): ?string
{
if (!str_starts_with($url, 'http://') && !str_starts_with($url, 'https://')) {
return null;
}
$host = parse_url($url, PHP_URL_HOST);
if ($host === null || $host === '') {
return null;
}
$host = strtolower($host);
if ($host === 'auth.jakach.ch' || str_ends_with($host, '.jakach.ch')) {
return null;
}
return $host;
}
?> ?>
app-code/login/index.php
+45 -6
View File
@@ -12,15 +12,39 @@
<body> <body>
<div class="d-flex flex-column justify-content-center align-items-center" style="height: 100vh;"> <div class="d-flex flex-column justify-content-center align-items-center" style="height: 100vh;">
<!-- Spinner --> <!-- Spinner -->
<div class="spinner-border text-primary mb-3" role="status"> <div class="spinner-border text-primary mb-3" role="status" id="loadingSpinner">
<span class="visually-hidden">Loading...</span> <span class="visually-hidden">Loading...</span>
</div> </div>
<!-- Redirecting Text --> <!-- Redirecting Text -->
<p class="text-center fs-4">Redirecting...</p> <p class="text-center fs-4" id="statusText">Redirecting...</p>
</div>
<div class="modal fade" id="externalWarningModal" data-bs-backdrop="static" data-bs-keyboard="false" tabindex="-1" aria-labelledby="externalWarningModalLabel" aria-hidden="true">
<div class="modal-dialog modal-dialog-centered">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title" id="externalWarningModalLabel">⚠️ External Login Warning</h5>
</div>
<div class="modal-body">
<p>You are being logged in into <strong id="externalDomainDisplay"></strong></p>
<p>This service is <strong>not operated by Jakach</strong>. The service will have access to:</p>
<ul>
<li>Email username</li>
<li>Telegram ID</li>
<li>User ID &amp; User Token</li>
</ul>
<p class="mb-0 text-muted">Do you want to continue?</p>
</div>
<div class="modal-footer">
<a href="/account/" class="btn btn-secondary">Cancel</a>
<button type="button" class="btn btn-primary" id="confirmExternalRedirect">Continue</button>
</div>
</div>
</div>
</div> </div>
<script> <script>
const redirect_api="/api/login/redirect.php"; const redirect_api="/api/login/redirect.php";
let pendingRedirectUrl = null;
async function redirect() { async function redirect() {
try { try {
@@ -39,15 +63,30 @@
// Check if the redirect URL exists // Check if the redirect URL exists
if (redirectUrl) { if (redirectUrl) {
// Redirect the user to the URL if (data.message === 'external_redirect_warning') {
window.location.href = redirectUrl; pendingRedirectUrl = redirectUrl;
document.getElementById('externalDomainDisplay').textContent = data.domain;
document.getElementById('loadingSpinner').style.display = 'none';
document.getElementById('statusText').textContent = 'Login warning';
var warningModal = new bootstrap.Modal(document.getElementById('externalWarningModal'));
warningModal.show();
} else {
// Redirect the user to the URL
window.location.href = redirectUrl;
}
} }
} catch (error) { } catch (error) {
// Handle errors (e.g., network issues or API errors) // Handle errors (e.g., network issues or API errors)
console.error("Error fetching data:", error); console.error("Error fetching data:", error);
} }
} }
document.getElementById('confirmExternalRedirect').addEventListener('click', function() {
fetch('/api/login/confirm_external_redirect.php', { method: 'POST' }).then(() => {
window.location.href = pendingRedirectUrl;
});
});
// Call the function on page load // Call the function on page load
redirect(); redirect();
</script> </script>