Typical usage scenarios with plugins
From AuthPuppy Wiki
This page describes typical usage scenario a network may want to implement and how to make them happen with plugins
Contents |
Use an external login page instead of the default login page
Plugins to use
- apExternalCMSPlugin > 0.1.2-stable
- apWebServicePlugin
- any authenticator plugin
Configure apExternalCMSPlugin
To redirect the login page to and external page, you need to configure the url of that external page. When the login comes from an access point, a connection will need to be created for the user logging in, so all the parameters sent by the router to the login page also need to be sent to the external url.
Example:
The login page
You may design as you wish the login page, with the proper login form. The login form must correspond to one active authenticator plugin. For instance, you can copy-paste the form elements from the built-in login page to your external page. Note that the names of the elements are important when they will be posted to the web service afterwards.
Also keep in mind that all get parameters coming from the router that were sent along with the url need to be saved by the login form because they are necessary to create the connection token for this connection.
Using the web service to verify login information
To effectively login a user from an external page, the login form should be posted to authpuppy through the web service. The following php script shows how to send a request to authpuppy with apAuthLocalUser authenticator:
$curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_URL, "http://local.authpuppy/ws/?action=auth&authenticator=apAuthLocalUser"); curl_setopt($curl_session, CURLOPT_POSTFIELDS, "authenticator=apAuthLocalUser& submit[apAuthLocalUserconnect]=Connect& apAuthLocalUser[username]=test& apAuthLocalUser[password]=123123123& gw_id=default& gw_address=192.168.1.1& gw_port=2060"); curl_setopt($curl_session, CURLOPT_HEADER, 0); ob_start(); curl_exec($curl_session); $errno = curl_errno($curl_session); $returnjsonstring = ob_get_contents(); ob_end_clean(); curl_close($curl_session); if (!$errno) { $returnvalues = json_decode($returnjsonstring, true); if ($returnvalues['result'] == 1) { if ($returnvalues['values']['auth'] == 1) if (isset($returnvalues['values']['redirect'])) // redirect to url $returnvalues['values']['redirect'] else echo "Login successful but no connection token created. Is this intentional?"; else echo "Login unsuccessful"; } else { echo "Some exception occurred using the web service: " . $returnvalues['values']['type'] . " " . $returnvalues['values']['message']; } }
Note: Passing a password, even as post parameter, on an unsecure http is a security risk. Use https for the authentication web service requests.
Completing the authentication process
The request to the web service, if successful and for an access point, should have returned an url to redirect to containing a connection token. Something like this:
{"result":1,"values":{"auth":1,"redirect":"http:\/\/192.168.1.1:2060\/auth?token=54c47brd3fef405272e9adae2632ffaa545f64fb"}}
Your login script should redirect to this url, which is on the machine with the wifidog client.
The wifidog client will verify if the user is allowed, grant him access (or not) and redirect to the portal page (or gw_message page if access is refused).
