upd

author: Sergej Pupykin 2023-04-20 21:44:30 +0300
committer: Sergej Pupykin 2023-04-20 21:45:49 +0300
commit: 0f6c5b2f3c14361d0f24cc3864dd03cd70d08bf2 (patch)
tree: c99a611da3d626f642ad008f10d51afb02442f14
parent: 042bc44d994fb5cc0a6bfb5bc3dd1b910d2e8268 (diff)
download: aur-0f6c5b2f3c14361d0f24cc3864dd03cd70d08bf2.tar.gz
5 files changed, 95 insertions, 7 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 8ac87548fa24..8e67e3ed10bc 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = nginx-totp-auth
 	pkgdesc = totp auth for nginx
 	pkgver = r16.09bf6d9
-	pkgrel = 2
+	pkgrel = 3
 	url = https://github.com/davidgfnet/nginx_totp_auth
 	arch = x86_64
 	arch = i686
@@ -14,7 +14,11 @@ pkgbase = nginx-totp-auth
 	depends = openssl
 	source = git+https://github.com/davidgfnet/nginx_totp_auth.git
 	source = nginx-totp-auth.service
+	source = nginx-totp-only-auth.service
+	source = remove-password.patch
 	sha256sums = SKIP
-	sha256sums = cf63954266f7f0baa4d193a574535f5b222395d512c5fb50640267b4c6d9665b
+	sha256sums = cfdf3cbd84be9791800124cd87e1b5ff1d430a7d38309e4b6052e105f51ca245
+	sha256sums = e24859e92386dbb50661063328d3ac66975367a2772def43e075114667ec35d8
+	sha256sums = 814119238c3030f00f408d7f1e42718c1b31351a55ad7cb96579e41f995488bd
 
 pkgname = nginx-totp-auth
diff --git a/PKGBUILD b/PKGBUILD
index 0c1caf4224c8..952eb4cbf361 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,6 +1,6 @@
 pkgname=nginx-totp-auth
 pkgver=r16.09bf6d9
-pkgrel=2
+pkgrel=3
 pkgdesc="totp auth for nginx"
 arch=(x86_64 i686)
 url="https://github.com/davidgfnet/nginx_totp_auth"
@@ -8,9 +8,13 @@ license=('')
 depends=('spawn-fcgi' 'fcgi' 'libconfig' 'openssl')
 makedepends=('git' 'python')
 source=('git+https://github.com/davidgfnet/nginx_totp_auth.git'
-	'nginx-totp-auth.service')
+	'nginx-totp-auth.service'
+	'nginx-totp-only-auth.service'
+	'remove-password.patch')
 sha256sums=('SKIP'
-            'cf63954266f7f0baa4d193a574535f5b222395d512c5fb50640267b4c6d9665b')
+            'cfdf3cbd84be9791800124cd87e1b5ff1d430a7d38309e4b6052e105f51ca245'
+            'e24859e92386dbb50661063328d3ac66975367a2772def43e075114667ec35d8'
+            '814119238c3030f00f408d7f1e42718c1b31351a55ad7cb96579e41f995488bd')
 
 pkgver() {
 	cd "$srcdir/nginx_totp_auth"
@@ -20,12 +24,18 @@ pkgver() {
 build() {
 	cd "$srcdir/nginx_totp_auth"
 	make
+	mv server.bin nginx-totp-auth.bin
+	patch -p1 <../remove-password.patch
+	make
+	mv server.bin nginx-totp-only-auth.bin
 }
 
 package() {
 	cd "$srcdir/nginx_totp_auth"
-	install -Dm0755 server.bin "$pkgdir"/usr/lib/$pkgname/$pkgname.bin
+	install -Dm0755 nginx-totp-auth.bin "$pkgdir"/usr/lib/$pkgname/nginx-totp-auth.bin
+	install -Dm0755 nginx-totp-only-auth.bin "$pkgdir"/usr/lib/$pkgname/nginx-totp-only-auth.bin
 	install -Dm0644 nginx.config.sample "$pkgdir"/usr/share/doc/$pkgname/nginx.config.sample
 	install -Dm0644 README.md "$pkgdir"/usr/share/doc/$pkgname/README.md
 	install -Dm0644 ../nginx-totp-auth.service "$pkgdir"/usr/lib/systemd/system/nginx-totp-auth.service
+	install -Dm0644 ../nginx-totp-only-auth.service "$pkgdir"/usr/lib/systemd/system/nginx-totp-only-auth.service
 }
diff --git a/nginx-totp-auth.service b/nginx-totp-auth.service
index b2ba2de42ea7..e791f424eeb3 100644
--- a/nginx-totp-auth.service
+++ b/nginx-totp-auth.service
@@ -2,7 +2,7 @@
 Description=TOTP auth daemon for nginx
 
 [Service]
-RuntimeDir=totp_auth
+RuntimeDirectory=totp_auth
 ExecStart=/usr/bin/spawn-fcgi -u http -s /run/totp_auth/sock -M 666 -n /usr/lib/nginx-totp-auth/nginx-totp-auth.bin /etc/nginx-totp-auth.conf
 
 [Install]
diff --git a/nginx-totp-only-auth.service b/nginx-totp-only-auth.service
new file mode 100644
index 000000000000..4f67a6459145
--- /dev/null
+++ b/nginx-totp-only-auth.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=TOTP auth daemon for nginx (TOTP without password)
+
+[Service]
+RuntimeDirectory=totp_auth
+ExecStart=/usr/bin/spawn-fcgi -u http -s /run/totp_auth/sock -M 666 -n /usr/lib/nginx-totp-auth/nginx-totp-only-auth.bin /etc/nginx-totp-auth.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/remove-password.patch b/remove-password.patch
new file mode 100644
index 000000000000..cf68943f56ef
--- /dev/null
+++ b/remove-password.patch
@@ -0,0 +1,65 @@
+diff --git a/server.cc b/server.cc
+index 04b33f8..8263f64 100644
+--- a/server.cc
++++ b/server.cc
+@@ -58,7 +58,7 @@ int nthreads = 4;
+ typedef std::unordered_map<std::string, std::string> StrMap;
+ 
+ struct cred_t {
+-	std::string password, totp;  // Pass and TOTP (binary)
++	std::string totp;  // Pass and TOTP (binary)
+ 	unsigned sduration;          // Duration of a valid session (seconds)
+ 	unsigned digits;             // Digits of TOTP
+ 	unsigned period;             // Period of TOTP
+@@ -162,12 +162,10 @@ private:
+ 			bool lerror = false;
+ 			if (req->method == "POST") {
+ 				std::string user = req->postvars["username"];
+-				std::string pass = req->postvars["password"];
+ 				unsigned    totp = atoi(req->postvars["totp"].c_str());
+ 
+ 				// Validate the authentication to issue a cookie or throw an error
+ 				if (wcfg->users.count(user) &&
+-				    wcfg->users.at(user).password == pass &&
+ 				    totp_valid(wcfg->users.at(user), totp, wcfg->totp_generations)) {
+ 
+ 					logger->log("Login successful for user " + user);
+@@ -378,7 +376,6 @@ int main(int argc, char **argv) {
+ 		for (int j = 0; j < config_setting_length(users_cfg); j++) {
+ 			config_setting_t *userentry = config_setting_get_elem(users_cfg, j);
+ 			config_setting_t *user = config_setting_get_member(userentry, "username");
+-			config_setting_t *pass = config_setting_get_member(userentry, "password");
+ 			config_setting_t *totp = config_setting_get_member(userentry, "totp");
+ 			config_setting_t *algo = config_setting_get_member(userentry, "algorithm");
+ 			config_setting_t *digi = config_setting_get_member(userentry, "digits");
+@@ -389,8 +386,8 @@ int main(int argc, char **argv) {
+ 			int digits = !digi ? TOTP_DEF_DIGITS : config_setting_get_int(digi);
+ 			int period = !peri ? TOTP_DEF_PERIOD : config_setting_get_int(peri);
+ 
+-			if (!user || !pass || !totp || !durt)
+-				RET_ERR("username, password, totp and duration must be present in the user group");
++			if (!user || !totp || !durt)
++				RET_ERR("username, totp and duration must be present in the user group");
+ 			if (digits < 6 || digits > 9)
+ 				RET_ERR("digits must be between 6 and 9 (included)");
+ 			if (period <= 0)
+@@ -399,7 +396,6 @@ int main(int argc, char **argv) {
+ 				RET_ERR("invalid algorithm specified");
+ 
+ 			wentry.users[config_setting_get_string(user)] = cred_t {
+-				.password = config_setting_get_string(pass),
+ 				.totp = b32dec(b32pad(config_setting_get_string(totp))),
+ 				.sduration = (unsigned)config_setting_get_int(durt),
+ 				.digits = (unsigned)digits,
+diff --git a/templates/gradient.html b/templates/gradient.html
+index 8916b88..06dea7c 100644
+--- a/templates/gradient.html
++++ b/templates/gradient.html
+@@ -71,7 +71,6 @@
+       <h1>Login</h1>
+       <form method="post" action="login">
+         <input type="text" name="username" placeholder="Username" required="required" />
+-        <input type="password" name="password" placeholder="Password" required="required" />
+         <input type="text" name="totp" placeholder="OTP token" required="required" />
+         <input type="hidden" name="follow_page" value="{{follow_page}}" />
+         {{loginfailed}}<h4 class="failedp">Login failed</h4>{{/loginfailed}}
author	Sergej Pupykin	2023-04-20 21:44:30 +0300
committer	Sergej Pupykin	2023-04-20 21:45:49 +0300
commit	0f6c5b2f3c14361d0f24cc3864dd03cd70d08bf2 (patch)
tree	c99a611da3d626f642ad008f10d51afb02442f14
parent	042bc44d994fb5cc0a6bfb5bc3dd1b910d2e8268 (diff)
download	aur-0f6c5b2f3c14361d0f24cc3864dd03cd70d08bf2.tar.gz