diff options
author | Sergej Pupykin | 2023-04-20 21:44:30 +0300 |
---|---|---|
committer | Sergej Pupykin | 2023-04-20 21:45:49 +0300 |
commit | 0f6c5b2f3c14361d0f24cc3864dd03cd70d08bf2 (patch) | |
tree | c99a611da3d626f642ad008f10d51afb02442f14 | |
parent | 042bc44d994fb5cc0a6bfb5bc3dd1b910d2e8268 (diff) | |
download | aur-0f6c5b2f3c14361d0f24cc3864dd03cd70d08bf2.tar.gz |
upd
-rw-r--r-- | .SRCINFO | 8 | ||||
-rw-r--r-- | PKGBUILD | 18 | ||||
-rw-r--r-- | nginx-totp-auth.service | 2 | ||||
-rw-r--r-- | nginx-totp-only-auth.service | 9 | ||||
-rw-r--r-- | remove-password.patch | 65 |
5 files changed, 95 insertions, 7 deletions
@@ -1,7 +1,7 @@ pkgbase = nginx-totp-auth pkgdesc = totp auth for nginx pkgver = r16.09bf6d9 - pkgrel = 2 + pkgrel = 3 url = https://github.com/davidgfnet/nginx_totp_auth arch = x86_64 arch = i686 @@ -14,7 +14,11 @@ pkgbase = nginx-totp-auth depends = openssl source = git+https://github.com/davidgfnet/nginx_totp_auth.git source = nginx-totp-auth.service + source = nginx-totp-only-auth.service + source = remove-password.patch sha256sums = SKIP - sha256sums = cf63954266f7f0baa4d193a574535f5b222395d512c5fb50640267b4c6d9665b + sha256sums = cfdf3cbd84be9791800124cd87e1b5ff1d430a7d38309e4b6052e105f51ca245 + sha256sums = e24859e92386dbb50661063328d3ac66975367a2772def43e075114667ec35d8 + sha256sums = 814119238c3030f00f408d7f1e42718c1b31351a55ad7cb96579e41f995488bd pkgname = nginx-totp-auth @@ -1,6 +1,6 @@ pkgname=nginx-totp-auth pkgver=r16.09bf6d9 -pkgrel=2 +pkgrel=3 pkgdesc="totp auth for nginx" arch=(x86_64 i686) url="https://github.com/davidgfnet/nginx_totp_auth" @@ -8,9 +8,13 @@ license=('') depends=('spawn-fcgi' 'fcgi' 'libconfig' 'openssl') makedepends=('git' 'python') source=('git+https://github.com/davidgfnet/nginx_totp_auth.git' - 'nginx-totp-auth.service') + 'nginx-totp-auth.service' + 'nginx-totp-only-auth.service' + 'remove-password.patch') sha256sums=('SKIP' - 'cf63954266f7f0baa4d193a574535f5b222395d512c5fb50640267b4c6d9665b') + 'cfdf3cbd84be9791800124cd87e1b5ff1d430a7d38309e4b6052e105f51ca245' + 'e24859e92386dbb50661063328d3ac66975367a2772def43e075114667ec35d8' + '814119238c3030f00f408d7f1e42718c1b31351a55ad7cb96579e41f995488bd') pkgver() { cd "$srcdir/nginx_totp_auth" @@ -20,12 +24,18 @@ pkgver() { build() { cd "$srcdir/nginx_totp_auth" make + mv server.bin nginx-totp-auth.bin + patch -p1 <../remove-password.patch + make + mv server.bin nginx-totp-only-auth.bin } package() { cd "$srcdir/nginx_totp_auth" - install -Dm0755 server.bin "$pkgdir"/usr/lib/$pkgname/$pkgname.bin + install -Dm0755 nginx-totp-auth.bin "$pkgdir"/usr/lib/$pkgname/nginx-totp-auth.bin + install -Dm0755 nginx-totp-only-auth.bin "$pkgdir"/usr/lib/$pkgname/nginx-totp-only-auth.bin install -Dm0644 nginx.config.sample "$pkgdir"/usr/share/doc/$pkgname/nginx.config.sample install -Dm0644 README.md "$pkgdir"/usr/share/doc/$pkgname/README.md install -Dm0644 ../nginx-totp-auth.service "$pkgdir"/usr/lib/systemd/system/nginx-totp-auth.service + install -Dm0644 ../nginx-totp-only-auth.service "$pkgdir"/usr/lib/systemd/system/nginx-totp-only-auth.service } diff --git a/nginx-totp-auth.service b/nginx-totp-auth.service index b2ba2de42ea7..e791f424eeb3 100644 --- a/nginx-totp-auth.service +++ b/nginx-totp-auth.service @@ -2,7 +2,7 @@ Description=TOTP auth daemon for nginx [Service] -RuntimeDir=totp_auth +RuntimeDirectory=totp_auth ExecStart=/usr/bin/spawn-fcgi -u http -s /run/totp_auth/sock -M 666 -n /usr/lib/nginx-totp-auth/nginx-totp-auth.bin /etc/nginx-totp-auth.conf [Install] diff --git a/nginx-totp-only-auth.service b/nginx-totp-only-auth.service new file mode 100644 index 000000000000..4f67a6459145 --- /dev/null +++ b/nginx-totp-only-auth.service @@ -0,0 +1,9 @@ +[Unit] +Description=TOTP auth daemon for nginx (TOTP without password) + +[Service] +RuntimeDirectory=totp_auth +ExecStart=/usr/bin/spawn-fcgi -u http -s /run/totp_auth/sock -M 666 -n /usr/lib/nginx-totp-auth/nginx-totp-only-auth.bin /etc/nginx-totp-auth.conf + +[Install] +WantedBy=multi-user.target diff --git a/remove-password.patch b/remove-password.patch new file mode 100644 index 000000000000..cf68943f56ef --- /dev/null +++ b/remove-password.patch @@ -0,0 +1,65 @@ +diff --git a/server.cc b/server.cc +index 04b33f8..8263f64 100644 +--- a/server.cc ++++ b/server.cc +@@ -58,7 +58,7 @@ int nthreads = 4; + typedef std::unordered_map<std::string, std::string> StrMap; + + struct cred_t { +- std::string password, totp; // Pass and TOTP (binary) ++ std::string totp; // Pass and TOTP (binary) + unsigned sduration; // Duration of a valid session (seconds) + unsigned digits; // Digits of TOTP + unsigned period; // Period of TOTP +@@ -162,12 +162,10 @@ private: + bool lerror = false; + if (req->method == "POST") { + std::string user = req->postvars["username"]; +- std::string pass = req->postvars["password"]; + unsigned totp = atoi(req->postvars["totp"].c_str()); + + // Validate the authentication to issue a cookie or throw an error + if (wcfg->users.count(user) && +- wcfg->users.at(user).password == pass && + totp_valid(wcfg->users.at(user), totp, wcfg->totp_generations)) { + + logger->log("Login successful for user " + user); +@@ -378,7 +376,6 @@ int main(int argc, char **argv) { + for (int j = 0; j < config_setting_length(users_cfg); j++) { + config_setting_t *userentry = config_setting_get_elem(users_cfg, j); + config_setting_t *user = config_setting_get_member(userentry, "username"); +- config_setting_t *pass = config_setting_get_member(userentry, "password"); + config_setting_t *totp = config_setting_get_member(userentry, "totp"); + config_setting_t *algo = config_setting_get_member(userentry, "algorithm"); + config_setting_t *digi = config_setting_get_member(userentry, "digits"); +@@ -389,8 +386,8 @@ int main(int argc, char **argv) { + int digits = !digi ? TOTP_DEF_DIGITS : config_setting_get_int(digi); + int period = !peri ? TOTP_DEF_PERIOD : config_setting_get_int(peri); + +- if (!user || !pass || !totp || !durt) +- RET_ERR("username, password, totp and duration must be present in the user group"); ++ if (!user || !totp || !durt) ++ RET_ERR("username, totp and duration must be present in the user group"); + if (digits < 6 || digits > 9) + RET_ERR("digits must be between 6 and 9 (included)"); + if (period <= 0) +@@ -399,7 +396,6 @@ int main(int argc, char **argv) { + RET_ERR("invalid algorithm specified"); + + wentry.users[config_setting_get_string(user)] = cred_t { +- .password = config_setting_get_string(pass), + .totp = b32dec(b32pad(config_setting_get_string(totp))), + .sduration = (unsigned)config_setting_get_int(durt), + .digits = (unsigned)digits, +diff --git a/templates/gradient.html b/templates/gradient.html +index 8916b88..06dea7c 100644 +--- a/templates/gradient.html ++++ b/templates/gradient.html +@@ -71,7 +71,6 @@ + <h1>Login</h1> + <form method="post" action="login"> + <input type="text" name="username" placeholder="Username" required="required" /> +- <input type="password" name="password" placeholder="Password" required="required" /> + <input type="text" name="totp" placeholder="OTP token" required="required" /> + <input type="hidden" name="follow_page" value="{{follow_page}}" /> + {{loginfailed}}<h4 class="failedp">Login failed</h4>{{/loginfailed}} |