summaryrefslogtreecommitdiffstats
path: root/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2011-11-21 08:47:12 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2011-11-21 08:47:12 +0000
commit57ff384203570508e81cdf5dfaa0cb96478e7654 (patch)
treebaa71ee27ee1354cb633cd578c9d36fb15485124 /sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
parent5a4e8af02b6fc5fefc5f7a2a95cc1e735759c40a (diff)
Improvements to the auth implementation. Refactor logout page, handle auth redirects in XHR responses and allow auth to work off an OpenID AX attribute or OAuth resource attribute.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1204401 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp/trunk/modules/oauth/mod-oauth2.cpp')
-rw-r--r--sca-cpp/trunk/modules/oauth/mod-oauth2.cpp69
1 files changed, 39 insertions, 30 deletions
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
index 41d722f1e2..3d567040ac 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
@@ -75,6 +75,7 @@ public:
const char* dir;
bool enabled;
string login;
+ list<list<value> > scopeattrs;
};
/**
@@ -87,39 +88,36 @@ const failable<value> userInfo(const value& sid, const memcache::MemCached& mc)
/**
* Handle an authenticated request.
*/
-const failable<int> authenticated(const list<list<value> >& info, request_rec* r) {
+const failable<int> authenticated(const list<list<value> >& attrs, const list<list<value> >& info, request_rec* r) {
debug(info, "modoauth2::authenticated::info");
- // Store user info in the request
- const list<value> realm = assoc<value>("realm", info);
- if (isNil(realm) || isNil(cdr(realm)))
- return mkfailure<int>("Couldn't retrieve realm");
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm))));
-
- const list<value> id = assoc<value>("id", info);
- if (isNil(id) || isNil(cdr(id)))
- return mkfailure<int>("Couldn't retrieve user id");
- r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
-
- const list<value> email = assoc<value>("email", info);
- if (!isNil(email) && !isNil(cdr(email)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "EMAIL"), apr_pstrdup(r->pool, c_str(cadr(email))));
-
- const list<value> fullname = assoc<value>("name", info);
- if (!isNil(fullname) && !isNil(cdr(fullname))) {
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, c_str(cadr(fullname))));
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FULLNAME"), apr_pstrdup(r->pool, c_str(cadr(fullname))));
- }
+ if (isNil(attrs)) {
- const list<value> firstname = assoc<value>("first_name", info);
- if (!isNil(firstname) && !isNil(cdr(firstname)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FIRSTNAME"), apr_pstrdup(r->pool, c_str(cadr(firstname))));
+ // Store user id in an environment variable
+ const list<value> id = assoc<value>("id", info);
+ if (isNil(id) || isNil(cdr(id)))
+ return mkfailure<int>("Couldn't retrieve user id");
+ apr_table_set(r->subprocess_env, "OAUTH2_ID", apr_pstrdup(r->pool, c_str(cadr(id))));
- const list<value> lastname = assoc<value>("last_name", info);
- if (!isNil(lastname) && !isNil(cdr(lastname)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname))));
+ // If the request user field has not been mapped to another attribute, map the
+ // OAuth id attribute to it
+ if (r->user == NULL || r->user[0] == '\0')
+ r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
+ return OK;
+ }
- return OK;
+ // Store each configure OAuth scope attribute in an environment variable
+ const list<value> a = car(attrs);
+ const list<value> v = assoc<value>(cadr(a), info);
+ if (!isNil(v) && !isNil(cdr(v))) {
+
+ // Map the REMOTE_USER attribute to the request user field
+ if (string(car(a)) == "REMOTE_USER")
+ r->user = apr_pstrdup(r->pool, c_str(cadr(v)));
+ else
+ apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v))));
+ }
+ return authenticated(cdr(attrs), info, r);
}
/**
@@ -139,6 +137,7 @@ const failable<int> authorize(const list<list<value> >& args, request_rec* r, co
const list<value> info = assoc<value>("mod_oauth2_info", args);
if (isNil(info) || isNil(cdr(info)))
return mkfailure<int>("Missing mod_oauth2_info parameter");
+ const list<value> display = assoc<value>("mod_oauth2_display", args);
// Build the redirect URI
const list<list<value> > rargs = mklist<list<value> >(mklist<value>("mod_oauth2_step", "access_token"), tok, cid, info);
@@ -152,7 +151,8 @@ const failable<int> authorize(const list<list<value> >& args, request_rec* r, co
list<value> appkey = cadr(app);
// Redirect to the authorize URI
- const list<list<value> > aargs = mklist<list<value> >(mklist<value>("client_id", car(appkey)), mklist<value>("scope", "email"), mklist<value>("redirect_uri", httpd::escape(redir)));
+ const list<value> adisplay = (isNil(display) || isNil(cdr(display)))? list<value>() : mklist<value>("display", cadr(display));
+ const list<list<value> > aargs = mklist<list<value> >(mklist<value>("client_id", car(appkey)), mklist<value>("scope", "email"), adisplay, mklist<value>("redirect_uri", httpd::escape(redir)));
const string uri = httpd::unescape(cadr(auth)) + string("?") + http::queryString(aargs);
debug(uri, "modoauth2::authorize::uri");
return httpd::externalRedirect(uri, r);
@@ -266,7 +266,7 @@ static int checkAuthn(request_rec *r) {
const failable<value> info = userInfo(content(sid), sc.mc);
if (hasContent(info)) {
r->ap_auth_type = const_cast<char*>(atype);
- return httpd::reportStatus(authenticated(content(info), r));
+ return httpd::reportStatus(authenticated(dc.scopeattrs, content(info), r));
}
}
@@ -313,6 +313,8 @@ int postConfigMerge(ServerConf& mainsc, server_rec* s) {
// Merge configuration from main server
if (isNil(sc.appkeys))
sc.appkeys = mainsc.appkeys;
+ if (isNil(sc.mcaddrs))
+ sc.mcaddrs = mainsc.mcaddrs;
sc.mc = mainsc.mc;
sc.cs = mainsc.cs;
@@ -416,6 +418,12 @@ const char* confCertKeyFile(cmd_parms *cmd, unused void *c, const char *arg) {
sc.key = arg;
return NULL;
}
+const char* confScopeAttr(cmd_parms *cmd, void* c, const char* arg1, const char* arg2) {
+ gc_scoped_pool pool(cmd->pool);
+ DirConf& dc = httpd::dirConf<DirConf>(c);
+ dc.scopeattrs = cons<list<value> >(mklist<value>(arg1, arg2), dc.scopeattrs);
+ return NULL;
+}
/**
* HTTP server module declaration.
@@ -428,6 +436,7 @@ const command_rec commands[] = {
AP_INIT_TAKE1("AuthOAuthSSLCACertificateFile", (const char*(*)())confCAFile, NULL, RSRC_CONF, "OAUth 2.0 SSL CA certificate file"),
AP_INIT_TAKE1("AuthOAuthSSLCertificateFile", (const char*(*)())confCertFile, NULL, RSRC_CONF, "OAuth 2.0 SSL certificate file"),
AP_INIT_TAKE1("AuthOAuthSSLCertificateKeyFile", (const char*(*)())confCertKeyFile, NULL, RSRC_CONF, "OAuth 2.0 SSL certificate key file"),
+ AP_INIT_TAKE2("AddAuthOAuth2ScopeAttr", (const char*(*)())confScopeAttr, NULL, OR_AUTHCFG, "OAuth 2.0 scope attribute"),
{NULL, NULL, NULL, 0, NO_ARGS, NULL}
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 10:03:25 +0000