diff options
Diffstat (limited to 'modules/luci-base/luasrc')
| -rw-r--r-- | modules/luci-base/luasrc/controller/admin/index.lua | 13 | ||||
| -rw-r--r-- | modules/luci-base/luasrc/dispatcher.lua | 9 |
2 files changed, 13 insertions, 9 deletions
diff --git a/modules/luci-base/luasrc/controller/admin/index.lua b/modules/luci-base/luasrc/controller/admin/index.lua index 736d0cdccf..8f9b481cce 100644 --- a/modules/luci-base/luasrc/controller/admin/index.lua +++ b/modules/luci-base/luasrc/controller/admin/index.lua @@ -11,9 +11,13 @@ function action_logout() if sid then utl.ubus("session", "destroy", { ubus_rpc_session = sid }) - luci.http.header("Set-Cookie", "sysauth=%s; expires=%s; path=%s" %{ - '', 'Thu, 01 Jan 1970 01:00:00 GMT', dsp.build_url() - }) + local url = dsp.build_url() + + if luci.http.getenv('HTTPS') == 'on' then + luci.http.header("Set-Cookie", "sysauth_https=; expires=Thu, 01 Jan 1970 01:00:00 GMT; path=%s" % url) + end + + luci.http.header("Set-Cookie", "sysauth_http=; expires=Thu, 01 Jan 1970 01:00:00 GMT; path=%s" % url) end luci.http.redirect(dsp.build_url()) @@ -185,10 +189,9 @@ end function action_menu() local dsp = require "luci.dispatcher" - local utl = require "luci.util" local http = require "luci.http" - local acls = utl.ubus("session", "access", { ubus_rpc_session = http.getcookie("sysauth") }) + local _, _, acls = dsp.is_authenticated({ methods = { "cookie:sysauth_https", "cookie:sysauth_http" } }) local menu = dsp.menu_json(acls or {}) or {} http.prepare_content("application/json") diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index d27af0755a..a3726fb1c1 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -343,12 +343,12 @@ local function tree_to_json(node, json) if subnode.sysauth_authenticator == "htmlauth" then spec.auth = { login = true, - methods = { "cookie:sysauth" } + methods = { "cookie:sysauth_https", "cookie:sysauth_http" } } elseif subname == "rpc" and subnode.module == "luci.controller.rpc" then spec.auth = { login = false, - methods = { "query:auth", "cookie:sysauth" } + methods = { "query:auth", "cookie:sysauth_https", "cookie:sysauth_http" } } elseif subnode.module == "luci.controller.admin.uci" then spec.auth = { @@ -732,7 +732,7 @@ local function init_template_engine(ctx) return tpl end -local function is_authenticated(auth) +function is_authenticated(auth) if type(auth) == "table" and type(auth.methods) == "table" and #auth.methods > 0 then local sid, sdat, sacl for _, method in ipairs(auth.methods) do @@ -929,7 +929,8 @@ function dispatch(request) return tpl.render("sysauth", scope) end - http.header("Set-Cookie", 'sysauth=%s; path=%s; SameSite=Strict; HttpOnly%s' %{ + http.header("Set-Cookie", 'sysauth_%s=%s; path=%s; SameSite=Strict; HttpOnly%s' %{ + http.getenv("HTTPS") == "on" and "https" or "http", sid, build_url(), http.getenv("HTTPS") == "on" and "; secure" or "" }) |