Using JQuery Terminal how do I setup an authentication routine that uses a javascript (not php) function?

Question

I'm working on a project where I use jQuery Terminal for a command line interface to functions.

I've been trying to use it's built in authentication capability, but want it to call a JavaScript function to obtain authentication and not calling PHP.

Do you happen to have an example of JQuery Terminal that calls a JavaScript authentication function, not a PHP function?

The documentation says:

You can provide your authentication function which will be called when user enter login and password. Function must have 3 arguments first is user name, second his password and third is callback function which must be called with token or null if user enter wrong user and password.

Been trying to get it to work without much luck....

jQuery(document).ready(function($) 
{ 
    var userName = ""; 
    var password = ""; 

    $('#term_demo').terminal(
            test1(
                userName,
                password,
                callbackFunction1() {
                    alert("Your login is incorrect");
                },
                {
                    login: true, 
                    greetings: "You are authenticated"
                }
            );        
    }); 

function test1(name1, password1, callbackFunction1)
{ 
    if(name1 == "Derek") 
    { 
        return true; 
    } 
    else 
    {
        return false;
    } 
}

function callbackFunction1() 
{ 
    alert("Invalid user name and password"); 
}

Let me know if you have any suggestions or a simple example to get me going again...

t.niese · Accepted Answer · 2013-07-05T21:05:48.263

2

The first parameter of .terminal(...) is either a url to your rpc-service (string) or it is an object containing the commands you want to add (object).

The json-rpc implementation that is used does not need to be written in php. The rpc definitions are just a standardized way to provide a interface for remote procedure calls.

So if you don't want to use the rpc you would do something like this:

function test1(name, password, callback) 
{ 
    console.log("ok");

    if(name == "Derek") 
    {
        callback("some token");
    } 
    else 
    { 
        callback(false);
    } 
} 
jQuery(document).ready(function($) {
    $('body').terminal({}, {
        login: test1,
        greetings: "You are authenticated",
        onBlur: function() {
            // the height of the body is only 2 lines initialy
            return false;
        }
    });
});

The callback that is passed to the login function needs to be called, passing a token if login was successful, or false if not.

Normally you would to authentication server side, because everything that is in the browsers is not save. But because i don't know what you want to do with jquery.terminal i can't suggest you anything about this.

edited Jul 05 '13 at 21:05

answered Jul 05 '13 at 20:42

t.niese

39,256
9
74
101

Thank you - I was completely going about it wrong. From the test1 function will call a web service via ajax call to check for user name and password matches.... – Derek Jul 05 '13 at 21:06
3

@Derek Are you aware that that doesn't give you any real authentication? It would be easy for a user to disable that AJAX check altogether and just return true (that the authentication succeeded). You should always assume that your user's have full control of your client-side Javascript and HTML (as they do), and can edit it anyway they want before running it. – Paul Jul 05 '13 at 21:12
1

@Derek Paulpro is right, I wasn't clear enough about this. With every request you do to the server after login you need to validate if the user is really logged in (e.g. by session id). Honestly i don't know the library that detailed (just had a short look on if a while before), that i could tell you what it exactly provides for you, and what you need to implement yourself. – t.niese Jul 05 '13 at 21:20
@Derek if you want to make authentication right, you can mimic how builtin JSON-RPC work, in that login rpc method is called, that return the token (generated by the server or null on fail) and you must pass that token to every method and that method need to check if the token is valid before execution. it's the same idea behid php sessions but the token is send using Cookies. – jcubic Dec 04 '13 at 15:10

Using JQuery Terminal how do I setup an authentication routine that uses a javascript (not php) function?

1 Answers1