use safer pve ticket endpoint
This commit is contained in:
parent
119efcda33
commit
c6d5d5dbc5
@ -1,10 +1,10 @@
|
||||
import {requestTicket, setTicket, NetworkError, goToPage, deleteAllCookies, requestPVE} from "./utils.js";
|
||||
import {requestTicket, NetworkError, goToPage, deleteAllCookies, requestPVE} from "./utils.js";
|
||||
import {alert} from "./dialog.js";
|
||||
|
||||
window.addEventListener("DOMContentLoaded", init);
|
||||
|
||||
async function init (){
|
||||
deleteAllCookies();
|
||||
await deleteAllCookies();
|
||||
let formSubmitButton = document.querySelector("#submit");
|
||||
let realms = await requestPVE("/access/domains", "GET");
|
||||
let realmSelect = document.querySelector("#realm");
|
||||
@ -22,7 +22,6 @@ async function init (){
|
||||
formSubmitButton.innerText = "Authenticating...";
|
||||
let ticket = await requestTicket(formData.get("username"), formData.get("password"), formData.get("realm"));
|
||||
if (ticket.status === 200) {
|
||||
setTicket(ticket.data.ticket, ticket.data.CSRFPreventionToken, formData.get("username"));
|
||||
formSubmitButton.innerText = "LOGIN";
|
||||
goToPage("index.html");
|
||||
}
|
||||
|
@ -96,18 +96,10 @@ export function getCookie(cname) {
|
||||
}
|
||||
|
||||
export async function requestTicket (username, password, realm) {
|
||||
let response = await requestPVE("/access/ticket", "POST", {username: `${username}@${realm}`, password: password}, false);
|
||||
let response = await requestAPI("/ticket", "POST", {username: `${username}@${realm}`, password: password}, false);
|
||||
return response;
|
||||
}
|
||||
|
||||
export function setTicket (ticket, csrf, username) {
|
||||
let d = new Date();
|
||||
d.setTime(d.getTime() + (2*60*60*1000));
|
||||
document.cookie = `PVEAuthCookie=${ticket}; path=/; expires=${d.toUTCString()}; domain=.tronnet.net; Secure;`;
|
||||
document.cookie = `CSRFPreventionToken=${csrf}; path=/; expires=${d.toUTCString()}; domain=.tronnet.net; Secure;`
|
||||
document.cookie = `username=${username}@ldap; path=/; expires=${d.toUTCString()}; domain=.tronnet.net; Secure;`
|
||||
}
|
||||
|
||||
export async function requestPVE (path, method, body = null) {
|
||||
let prms = new URLSearchParams(body);
|
||||
let content = {
|
||||
@ -204,6 +196,7 @@ export function getURIData () {
|
||||
return Object.fromEntries(url.searchParams);
|
||||
}
|
||||
|
||||
export function deleteAllCookies () {
|
||||
document.cookie.split(";").forEach(function(c) { document.cookie = c.replace(/^ +/, "").replace(/=.*/, "=;expires=" + new Date().toUTCString() + ";path=/;domain=.tronnet.net;"); });
|
||||
export async function deleteAllCookies () {
|
||||
document.cookie.split(";").forEach(function(c) { document.cookie = c.replace(/^ +/, "").replace(/=.*/, "=;expires=" + new Date().toUTCString() + ";path=/;domain=.client.tronnet.net;"); });
|
||||
await requestAPI("/ticket", "DELETE");
|
||||
}
|
Loading…
Reference in New Issue
Block a user