This repository was archived by the owner on Oct 20, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 82
Expand file tree
/
Copy pathcheck_session_iframe_template.html
More file actions
57 lines (56 loc) · 2.11 KB
/
check_session_iframe_template.html
File metadata and controls
57 lines (56 loc) · 2.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<!--
This file is the template used to generate (manually-ish) the check_session_iframe content in OIDC plugin
To apply update, minimise the code below, ^C^V in the function generate_check_session_iframe in the source file plugin_oidc.c, and recompile the plugin
Copyright 2020 Nicolas Mora <mail@babelouest.org>
The MIT License (MIT)
-->
<html>
<head>
<meta charset="utf-8">
<title>Glewlwyd check_session_iframe</title>
</head>
<body>
iframe
</body>
<script>
function receiveMessage(e){
var client_id = e.data.split(' ')[0];
var session_state = e.data.split(' ')[1];
var salt = session_state.split('.')[1];
var origin = e.origin.toLowerCase();
var host = window.location.host;
if (origin.indexOf(host) !== -1) {
var request = new XMLHttpRequest();
request.open("GET", "%s/%s/profile_list/", true);
request.onload = function() {
if (this.status === 200) {
var profile_list = JSON.parse(this.response);
if (profile_list && profile_list[0]) {
const encoder = new TextEncoder();
var intermediate = (client_id + " " + origin + " " + profile_list[0].username + " " + salt);
const data = encoder.encode(intermediate);
crypto.subtle.digest('SHA-256', data).then((value) => {
if (session_state == (btoa(new Uint8Array(value).reduce((s, b) => s + String.fromCharCode(b), ''))+ "." + salt)) {
e.source.postMessage("unchanged", origin);
} else {
e.source.postMessage("changed", origin);
}
})
} else {
e.source.postMessage("error", origin);
}
} else if (this.status === 401) {
e.source.postMessage("changed", origin);
} else {
e.source.postMessage("error", origin);
}
};
request.onerror = function() {
e.source.postMessage("error", origin);
};
request.send();
}
};
window.addEventListener('message', receiveMessage, false);
</script>
</html>