Project

General

Profile

[Solved] Redirect if authentification failed

Added by schadeng over 6 years ago

Hi folks

At first: Sorry for my english. I'm more an technican than an speaker ;-)

I'm new here and i have a question. Like the most of new users. But I do not know if I'm right here. So, i give me a try:

If you have an example code it would be greatfull. But some keywords should be helpfull enough.
I'm looking for an redirection to an (own designed) login side for the case an user send wrong or no authentification data.
I'm using the "basic authentification" in the config file.

Is there an (easy) way to to this?
I dont can use the browser login dialog. The reason? The project is an home automation. The webpage load continuous data from an cgi (perl script) and shows the results. For example shows the webpage an opened or closed windows. Or some lamps.
On my laptop (windows 10) it work good enough. The dialog is shown only once. But on my smart phone the dialog is shown every second. That makes it impossible for me to enter the user data. On top: Within 10...15 seconds there are so many dialogs the smart phone can not handle and it crashed.

Do you need more Informations?
Do you need the config file or HTML- / Perl- / Javascript?
Ask me, i do not know what you need ;-)

Thx
Oliver


Replies (3)

RE: Redirect if authentification failed - Added by gstrauss over 6 years ago

Sounds like the client-side web page should be modified to stop making requests when it receives a 401 Unauthorized.

For your request here, you might consider moving the authentication out of lighttpd and into your cgi (perl script). Then, you can control the 401 Unauthorized response. Alternatively, take a look at server.error-handler See comments in commit dbdab5db

RE: Redirect if authentification failed - Added by schadeng over 6 years ago

Hi :-)
That was my first idea:
At first i tryed to handle this on the client side. I tryed to check the authentification in the javascript

      var xmlHttp_reload_Aussen = new XMLHttpRequest();
          xmlHttp_reload_Aussen.onreadystatechange = function() {
            if (xmlHttp_reload_Aussen.readyState == XMLHttpRequest.DONE) { Reasign_Aussen(); }
          }
.
.
.
      function Reload_Data () {
        xmlHttp_reload_Aussen.open( "GET", "/cgi-bin/rs485_getdata.pl?get=A", true );
        xmlHttp_reload_Aussen.send( null );
      }
      window.setInterval("Reload_Data()", 30000);
.
.
.
.
      function Reasign_Aussen () {
        Data_Aussen=xmlHttp_reload_Aussen.responseText;

        do_something_nice_stuff_here ;-)

     }

I know i could give the user data at this point

xmlHttp_reload_Aussen.open( "GET", "/cgi-bin/rs485_getdata.pl?get=A", true, *Username, Passwd* );

But I do not know how to check of valid data at this point because only the Server knew the login data

If i try to handle it at this point

    var xmlHttp_reload_Aussen = new XMLHttpRequest();
    xmlHttp_reload_Aussen.onreadystatechange = function() {
      if (xmlHttp_reload_Aussen.readyState == XMLHttpRequest.DONE) { Reasign_Aussen(); }
    }

maybe like this
    var xmlHttp_reload_Aussen = new XMLHttpRequest();
    xmlHttp_reload_Aussen.onreadystatechange = function() {
      if (xmlHttp_reload_Aussen.status == 401) { *Exceptionhanle!!* }
      elseif (xmlHttp_reload_Aussen.readyState == XMLHttpRequest.DONE) { Reasign_Aussen(); }
    }

the browser tested this bevor me and opened his own dialog.

At second I tryed to check it in my cgi-/perl-script. But this will only be startet with valid user data. So, there is no way to handle an authentification-error in the script.

At third (and this is the reason to open this thread) I tryed to handle it in the lighttpd or in it's config.
But i do not found any argument to redirect

I Dont'know what way will be the best way.....

RE: Redirect if authentification failed - Added by gstrauss over 6 years ago

I Dont'know what way will be the best way.....

Well, technically, you don't know any way. You have way too many moving parts and you have too little an understanding of each part. In addition, you have some incorrect assumptions about how each part works.

Therefore, start smaller. Get small pieces working, one at a time. Test a small piece so that you have an understanding of it. Do not modify your client side javascript, the lighttpd config, and your script all at the same time.

Instead of trying your complex setup above, why not follow the explicit suggestion given? I'll repeat it: Move the authentication into your script. It will require a little reading on your part to understand HTTP Basic Authentication and how to implement it. There are probably multiple libraries in your favorite scripting language which can help you.

At second I tryed to check it in my cgi-/perl-script. But this will only be startet with valid user data. So, there is no way to handle an authentification-error in the script.

You should try to change that assumption.

.

If you want to do what you're trying to do inside lighttpd, then you can do so with the lua scripting language and Docs_ModMagnet. However, we're not going to write that for you, so you'll have to learn lua on your own. I would instead suggest that you learn HTTP Basic Auth (which is not very complex) and implement it in your Perl script (the suggestion given above), since Perl is presumably a language that you already know.

    (1-3/3)