Skip to content

added constant for testing on http connections #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
toastie89 wants to merge 5 commits into
base: master
Choose a base branch
from
Open

added constant for testing on http connections #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3466fef
added constant for testing on http connections
toastie89 Jan 17, 2019
7f0d788
initial
toastie89 Jan 20, 2019
3ae4383
initial
toastie89 Jan 20, 2019
1371a58
disabled secure (https) cookie
toastie89 Jan 20, 2019
3663d05
changed port and moved main.py in data
Jan 20, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions data/conf.d/default.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
server {
listen 80;

location / {
root /usr/share/nginx/html;
index index.html index.htm;
auth_request /auth/check;
}

location /auth {
proxy_pass http://totp-auth:8000; # This is the TOTP Server
proxy_set_header X-Original-URI $request_uri;
}

# This ensures that if the TOTP server returns 401 we redirect to login
error_page 401 = @error401;
location @error401 {
return 302 /auth/login;
}
}
5 changes: 3 additions & 2 deletions main.py → data/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
TOKEN_LIFETIME = 60 * 60 * 24
LAST_LOGIN_ATTEMPT = 0
SECRET = open('.totp_secret').read().strip()
SECURE_COOKIE = False # Switch to False for testing on http connections without TLS
FORM = """
<html>
<head>
Expand Down Expand Up @@ -84,7 +85,7 @@ def do_GET(self):
cookie = http.cookies.SimpleCookie()
cookie["token"] = '***'
cookie["token"]["path"] = '/'
cookie["token"]["secure"] = True
cookie["token"]["secure"] = SECURE_COOKIE
self.send_header('Set-Cookie', cookie.output(header=''))
self.send_header('Location', '/')
self.end_headers()
Expand All @@ -111,7 +112,7 @@ def do_POST(self):
cookie = http.cookies.SimpleCookie()
cookie["token"] = TOKEN_MANAGER.generate()
cookie["token"]["path"] = "/"
cookie["token"]["secure"] = True
cookie["token"]["secure"] = SECURE_COOKIE

self.send_response(302)
self.send_header('Set-Cookie', cookie.output(header=''))
Expand Down
31 changes: 31 additions & 0 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
version: '2'
services:
totp-auth:
image: alpine
container_name: totp-auth

volumes:
- ./data:/opt
environment:
TZ: Europe/Berlin
SECRET: 3EYUCWBS2LN7AJGV
expose:
- 80

command: >
sh -c -x '
apk add tzdata python3
&& date
&& pip3 install --upgrade pip pyotp
&& cd /opt/
&& echo $$SECRET > .totp_secret
&& python3 /opt/main.py'


totp-example:
image: nginx
container_name: totp-example
volumes:
- ./data/conf.d:/etc/nginx/conf.d
ports:
- "8080:80"