alpinux.cedrica5l/alpinux-portail
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

OTP : configuration via kc_action, login redirige vers profil

Browse source 
- auth/otp_setup.php : déclenche CONFIGURE_TOTP via kc_action Keycloak
- Tuile OTP pointe vers otp_setup.php (plus de lien externe vers la console)
- Bouton Activer en btn-primary, Reconfigurer en btn-outline
- login.php : redirige vers /profile.php si déjà connecté

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Alpinux 2026-05-04 00:46:05 +02:00
parent fcdd094e26
commit f5f831dfb0
3 changed files with 28 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
web/auth/login.php
View file

@ -6,7 +6,7 @@ require_once __DIR__ . '/../inc/oidc.php';
session_start_safe(); session_start_safe();
if (current_user()) { if (current_user()) {
header('Location: /dashboard.php'); header('Location: /profile.php');
exit; exit;
} }

25
web/auth/otp_setup.php Normal file
View file

@ -0,0 +1,25 @@
<?php
require_once __DIR__ . '/../inc/config.php';
require_once __DIR__ . '/../inc/auth.php';
session_start_safe();
require_login();
$state = bin2hex(random_bytes(16));
$nonce = bin2hex(random_bytes(16));
$_SESSION['oidc_state'] = $state;
$_SESSION['oidc_nonce'] = $nonce;
$_SESSION['next_url'] = '/profile.php';
$url = ALPID_AUTH_URL . '?' . http_build_query([
'client_id' => ALPID_CLIENT_ID,
'response_type' => 'code',
'scope' => 'openid profile email',
'redirect_uri' => CALLBACK_URL,
'state' => $state,
'nonce' => $nonce,
'kc_action' => 'CONFIGURE_TOTP',
]);
header('Location: ' . $url);
exit;

6
web/profile.php
View file

@ -128,8 +128,7 @@ $gps = ($membership && is_file($gps_file))
? (json_decode(file_get_contents($gps_file), true)[$membership['id']] ?? null) ? (json_decode(file_get_contents($gps_file), true)[$membership['id']] ?? null)
: null; : null;
$otp = kc_get_otp_credential($user['sub']); $otp = kc_get_otp_credential($user['sub']);
$otp_setup_url = ALPID_BASE . '/realms/' . ALPID_REALM . '/account/#/security/signingin';
$is_adherent = $user['is_adherent'] $is_adherent = $user['is_adherent']
|| ($membership && $membership['status']===1 && $membership['date_fin_ts']>time()); || ($membership && $membership['status']===1 && $membership['date_fin_ts']>time());
@ -350,8 +349,7 @@ require __DIR__ . '/views/layout.php';
<?= $otp ? 'Activée' : 'Désactivée' ?> <?= $otp ? 'Activée' : 'Désactivée' ?>
</div> </div>
</div> </div>
<a href="<?= htmlspecialchars($otp_setup_url) ?>" target="_blank" rel="noopener" <a href="/auth/otp_setup.php" class="btn-<?= $otp ? 'outline' : 'primary' ?> btn-sm tile-action">
class="btn-outline btn-sm tile-action">
<?= $otp ? 'Reconfigurer' : 'Activer' ?> <?= $otp ? 'Reconfigurer' : 'Activer' ?>
</a> </a>
</div> </div>