Oliver/nano-pro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
24 commits 1 branch 0 tags 196 KiB
Commit graph

2 commits

Author SHA1 Message Date
DJP
3c3523d960 Add graceful fallback if auth system fails 
CRITICAL FIX: Page now loads even if auth system has errors

Changes:

1. WRAPPED AUTH IN TRY-CATCH (index.php)
   - Auth errors no longer break the app
   - Falls back to default user if auth fails
   - Logs error but continues loading
   - App functional even with broken auth

2. ADDED COMPOSER AUTOLOAD (JWTValidator.php)
   - Includes vendor/autoload.php for Firebase JWT
   - Checks if file exists before requiring
   - Prevents "Class not found" errors

3. RESILIENT ERROR HANDLING
   - Default user: ['name' => 'User', 'preferred_username' => 'user@localhost']
   - SSO disabled by default if auth fails
   - Error logged to error_log for debugging
   - No blank/broken pages

This ensures:
 App always loads (even with auth issues)
 Can diagnose auth problems without breaking site
 Graceful degradation if Composer not installed yet
 Works during deployment/setup

Perfect for testing and deployment scenarios!

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
 2025-12-16 10:26:22 -05:00
DJP
61aa1931bb Add MSAL/Azure AD authentication with toggle support 
Implemented complete Microsoft Authentication Library (MSAL) / Azure AD
Single Sign-On (SSO) system following Ferrero app pattern.

KEY FEATURE: Toggle authentication on/off via environment variable
- SSO_ENABLED=false → Mock user, no login required (local dev)
- SSO_ENABLED=true → Full Azure AD authentication (production)

NEW FILES:
- composer.json - Firebase JWT dependency
- .env.example - Environment variable template
- env_loader.php - Parse .env file
- JWTValidator.php - Validate JWT tokens from Azure AD
- AuthMiddleware.php - Core auth orchestrator with login UI
- auth.php - Authentication API (login/logout/status)
- auth-test.php - Debug authentication status
- AUTH_README.md - Complete setup documentation

UPDATED FILES:
- config.php - Load env vars, add SSO constants
- index.php - Require auth, add logout button, MSAL script
- api.php - Add authentication check
- enhance_prompt.php - Add authentication check
- .gitignore - Exclude .env and vendor/

AUTHENTICATION FLOW:
1. User visits app → Auth check
2. If SSO disabled → Mock "Local Developer" user
3. If SSO enabled → Validate JWT from cookie
4. If no token → Show MSAL login page
5. User signs in → Token validated → Cookie set → App loads

SECURITY FEATURES:
 httpOnly cookies (XSS prevention)
 SameSite=Lax (CSRF prevention)
 JWT signature validation
 Claims validation (exp, nbf, aud, iss)
 JWKS from Azure AD
 24-hour token expiration
 Secure flag for HTTPS

DEPENDENCIES INSTALLED:
- firebase/php-jwt v6.11.1

TESTING:
- Local: SSO disabled by default in .env
- Server: Set SSO_ENABLED=true with Azure AD credentials
- Cannot test MSAL locally (redirect URI bound to server)

DEPLOYMENT:
1. Install composer dependencies
2. Configure .env with Azure AD credentials
3. Set SSO_ENABLED=true when ready
4. Visit auth-test.php to verify setup

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
 2025-12-16 10:08:07 -05:00