use safer pve ticket endpoint
This commit is contained in:
parent
119efcda33
commit
c6d5d5dbc5
@ -1,10 +1,10 @@
|
|||||||
import {requestTicket, setTicket, NetworkError, goToPage, deleteAllCookies, requestPVE} from "./utils.js";
|
import {requestTicket, NetworkError, goToPage, deleteAllCookies, requestPVE} from "./utils.js";
|
||||||
import {alert} from "./dialog.js";
|
import {alert} from "./dialog.js";
|
||||||
|
|
||||||
window.addEventListener("DOMContentLoaded", init);
|
window.addEventListener("DOMContentLoaded", init);
|
||||||
|
|
||||||
async function init (){
|
async function init (){
|
||||||
deleteAllCookies();
|
await deleteAllCookies();
|
||||||
let formSubmitButton = document.querySelector("#submit");
|
let formSubmitButton = document.querySelector("#submit");
|
||||||
let realms = await requestPVE("/access/domains", "GET");
|
let realms = await requestPVE("/access/domains", "GET");
|
||||||
let realmSelect = document.querySelector("#realm");
|
let realmSelect = document.querySelector("#realm");
|
||||||
@ -22,7 +22,6 @@ async function init (){
|
|||||||
formSubmitButton.innerText = "Authenticating...";
|
formSubmitButton.innerText = "Authenticating...";
|
||||||
let ticket = await requestTicket(formData.get("username"), formData.get("password"), formData.get("realm"));
|
let ticket = await requestTicket(formData.get("username"), formData.get("password"), formData.get("realm"));
|
||||||
if (ticket.status === 200) {
|
if (ticket.status === 200) {
|
||||||
setTicket(ticket.data.ticket, ticket.data.CSRFPreventionToken, formData.get("username"));
|
|
||||||
formSubmitButton.innerText = "LOGIN";
|
formSubmitButton.innerText = "LOGIN";
|
||||||
goToPage("index.html");
|
goToPage("index.html");
|
||||||
}
|
}
|
||||||
|
@ -96,18 +96,10 @@ export function getCookie(cname) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
export async function requestTicket (username, password, realm) {
|
export async function requestTicket (username, password, realm) {
|
||||||
let response = await requestPVE("/access/ticket", "POST", {username: `${username}@${realm}`, password: password}, false);
|
let response = await requestAPI("/ticket", "POST", {username: `${username}@${realm}`, password: password}, false);
|
||||||
return response;
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
export function setTicket (ticket, csrf, username) {
|
|
||||||
let d = new Date();
|
|
||||||
d.setTime(d.getTime() + (2*60*60*1000));
|
|
||||||
document.cookie = `PVEAuthCookie=${ticket}; path=/; expires=${d.toUTCString()}; domain=.tronnet.net; Secure;`;
|
|
||||||
document.cookie = `CSRFPreventionToken=${csrf}; path=/; expires=${d.toUTCString()}; domain=.tronnet.net; Secure;`
|
|
||||||
document.cookie = `username=${username}@ldap; path=/; expires=${d.toUTCString()}; domain=.tronnet.net; Secure;`
|
|
||||||
}
|
|
||||||
|
|
||||||
export async function requestPVE (path, method, body = null) {
|
export async function requestPVE (path, method, body = null) {
|
||||||
let prms = new URLSearchParams(body);
|
let prms = new URLSearchParams(body);
|
||||||
let content = {
|
let content = {
|
||||||
@ -204,6 +196,7 @@ export function getURIData () {
|
|||||||
return Object.fromEntries(url.searchParams);
|
return Object.fromEntries(url.searchParams);
|
||||||
}
|
}
|
||||||
|
|
||||||
export function deleteAllCookies () {
|
export async function deleteAllCookies () {
|
||||||
document.cookie.split(";").forEach(function(c) { document.cookie = c.replace(/^ +/, "").replace(/=.*/, "=;expires=" + new Date().toUTCString() + ";path=/;domain=.tronnet.net;"); });
|
document.cookie.split(";").forEach(function(c) { document.cookie = c.replace(/^ +/, "").replace(/=.*/, "=;expires=" + new Date().toUTCString() + ";path=/;domain=.client.tronnet.net;"); });
|
||||||
|
await requestAPI("/ticket", "DELETE");
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user