From 969561f4adff899db00674f3eb1c07d3a68e63f6 Mon Sep 17 00:00:00 2001 From: Clement Michaud Date: Thu, 19 Oct 2017 22:30:59 +0200 Subject: [PATCH] Add Content-Security-Policy in Authelia web pages --- client/src/css/01-main.css | 2 +- client/src/img/background.svg | 5 ++ client/src/index.ts | 35 ++++++-------- server/src/views/firstfactor.pug | 5 +- server/src/views/layout/layout.pug | 51 +++++++++++---------- server/src/views/password-reset-form.pug | 5 +- server/src/views/password-reset-request.pug | 6 +-- server/src/views/secondfactor.pug | 39 +++++++--------- server/src/views/totp-register.pug | 3 -- server/src/views/u2f-register.pug | 5 +- 10 files changed, 68 insertions(+), 88 deletions(-) create mode 100644 client/src/img/background.svg diff --git a/client/src/css/01-main.css b/client/src/css/01-main.css index e4174f2c..443430d3 100644 --- a/client/src/css/01-main.css +++ b/client/src/css/01-main.css @@ -1,6 +1,6 @@ body { - background-image: url(""); + background-image: url("/img/background.svg"); } .authelia-brand { diff --git a/client/src/img/background.svg b/client/src/img/background.svg new file mode 100644 index 00000000..93b00339 --- /dev/null +++ b/client/src/img/background.svg @@ -0,0 +1,5 @@ + + + + + diff --git a/client/src/index.ts b/client/src/index.ts index 8c60127f..0b4f302e 100644 --- a/client/src/index.ts +++ b/client/src/index.ts @@ -10,27 +10,22 @@ import ResetPasswordForm from "./lib/reset-password/reset-password-form"; import jslogger = require("js-logger"); import jQuery = require("jquery"); import U2fApi = require("u2f-api"); +import Endpoints = require("../../shared/api"); jslogger.useDefaults(); jslogger.setLevel(jslogger.INFO); -export = { - firstfactor: function () { - FirstFactor(window, jQuery, FirstFactorValidator, jslogger); - }, - secondfactor: function () { - SecondFactor(window, jQuery, U2fApi); - }, - register_totp: function() { - TOTPRegister(window, jQuery); - }, - register_u2f: function () { - U2fRegister(window, jQuery); - }, - reset_password_request: function () { - ResetPasswordRequest(window, jQuery); - }, - reset_password_form: function () { - ResetPasswordForm(window, jQuery); - } -}; \ No newline at end of file +(function () { + if (window.location.pathname == Endpoints.FIRST_FACTOR_GET) + FirstFactor(window, jQuery, FirstFactorValidator, jslogger); + else if (window.location.pathname == Endpoints.SECOND_FACTOR_GET) + SecondFactor(window, jQuery, U2fApi); + else if (window.location.pathname == Endpoints.SECOND_FACTOR_TOTP_IDENTITY_FINISH_GET) + TOTPRegister(window, jQuery); + else if (window.location.pathname == Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET) + U2fRegister(window, jQuery); + else if (window.location.pathname == Endpoints.RESET_PASSWORD_IDENTITY_FINISH_GET) + ResetPasswordForm(window, jQuery); + else if (window.location.pathname == Endpoints.RESET_PASSWORD_REQUEST_GET) + ResetPasswordRequest(window, jQuery); +})(); diff --git a/server/src/views/firstfactor.pug b/server/src/views/firstfactor.pug index 4c93b576..ddf22527 100644 --- a/server/src/views/firstfactor.pug +++ b/server/src/views/firstfactor.pug @@ -15,7 +15,4 @@ block content a(href=reset_password_request_endpoint, class="pull-right link forgot-password") Forgot password? - - -block entrypoint - \ No newline at end of file + \ No newline at end of file diff --git a/server/src/views/layout/layout.pug b/server/src/views/layout/layout.pug index 07fb0613..613f6f05 100644 --- a/server/src/views/layout/layout.pug +++ b/server/src/views/layout/layout.pug @@ -1,31 +1,32 @@ block variables html - head - title Authelia - 2FA - meta(name="viewport", content="width=device-width, initial-scale=1.0")/ - meta(name="robots", content="noindex, nofollow, nosnippet, noarchive")/ - link(rel="icon", href="/img/icon.png" type="image/png" sizes="32x32")/ - link(rel="stylesheet", type="text/css", href="/css/authelia.css")/ - if redirection_url - - body -
+ head + title Authelia - 2FA + meta(name="viewport", content="width=device-width, initial-scale=1.0")/ + meta(name="robots", content="noindex, nofollow, nosnippet, noarchive")/ + meta(http-equiv="Content-Security-Policy", content="default-src 'self'; img-src 'self' data:;")/ + link(rel="icon", href="/img/icon.png" type="image/png" sizes="32x32")/ + link(rel="stylesheet", type="text/css", href="/css/authelia.css")/ + if redirection_url + + body +
+
+
+
- script(src="/js/authelia.js") - block entrypoint \ No newline at end of file +
+
+ block entrypoint + script(src="/js/authelia.js") \ No newline at end of file diff --git a/server/src/views/password-reset-form.pug b/server/src/views/password-reset-form.pug index 387edafd..a6fd6934 100644 --- a/server/src/views/password-reset-form.pug +++ b/server/src/views/password-reset-form.pug @@ -17,7 +17,4 @@ block content
- - -block entrypoint - + \ No newline at end of file diff --git a/server/src/views/password-reset-request.pug b/server/src/views/password-reset-request.pug index ab3c2adc..b72f2e2d 100644 --- a/server/src/views/password-reset-request.pug +++ b/server/src/views/password-reset-request.pug @@ -16,8 +16,4 @@ block content - - -block entrypoint - - + \ No newline at end of file diff --git a/server/src/views/secondfactor.pug b/server/src/views/secondfactor.pug index 9c39fdb8..03f1817b 100644 --- a/server/src/views/secondfactor.pug +++ b/server/src/views/secondfactor.pug @@ -5,25 +5,20 @@ block form-header block content - p Hi #{username}, please complete second factor or logout. -
-
-
- -
- - a(href=totp_identity_start_endpoint, class="pull-right link register-totp") Need to register? - -
-
-
-
- - a(href=u2f_identity_start_endpoint, class="pull-right link register-u2f") Need to register? - -
- -block entrypoint - \ No newline at end of file + p Hi #{username}, please complete second factor or logout. +
+
+
+ +
+ + a(href=totp_identity_start_endpoint, class="pull-right link register-totp") Need to register? + +
+
+
+
+ + a(href=u2f_identity_start_endpoint, class="pull-right link register-u2f") Need to register? + +
\ No newline at end of file diff --git a/server/src/views/totp-register.pug b/server/src/views/totp-register.pug index f4c4237e..443804fb 100644 --- a/server/src/views/totp-register.pug +++ b/server/src/views/totp-register.pug @@ -14,6 +14,3 @@ block content block entrypoint - diff --git a/server/src/views/u2f-register.pug b/server/src/views/u2f-register.pug index af24eae9..caca0620 100644 --- a/server/src/views/u2f-register.pug +++ b/server/src/views/u2f-register.pug @@ -8,7 +8,4 @@ block form-header

Touch the token to register your U2F device.

block content - pendrive - -block entrypoint - + pendrive \ No newline at end of file