summaryrefslogtreecommitdiffstats
path: root/sca-cpp
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2011-11-21 08:47:12 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2011-11-21 08:47:12 +0000
commit57ff384203570508e81cdf5dfaa0cb96478e7654 (patch)
treebaa71ee27ee1354cb633cd578c9d36fb15485124 /sca-cpp
parent5a4e8af02b6fc5fefc5f7a2a95cc1e735759c40a (diff)
Improvements to the auth implementation. Refactor logout page, handle auth redirects in XHR responses and allow auth to work off an OpenID AX attribute or OAuth resource attribute.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1204401 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp')
-rw-r--r--sca-cpp/trunk/modules/edit/Makefile.am6
-rw-r--r--sca-cpp/trunk/modules/edit/htdocs/index.html23
-rw-r--r--sca-cpp/trunk/modules/edit/htdocs/login/index.html57
-rw-r--r--sca-cpp/trunk/modules/edit/htdocs/logout/index.html81
-rw-r--r--sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html16
-rw-r--r--sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html16
-rw-r--r--sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html16
-rw-r--r--sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html16
-rw-r--r--sca-cpp/trunk/modules/http/http.hpp7
-rwxr-xr-xsca-cpp/trunk/modules/http/mod-security-conf4
-rw-r--r--sca-cpp/trunk/modules/js/htdocs/component.js30
-rw-r--r--sca-cpp/trunk/modules/js/htdocs/ui.js15
-rw-r--r--sca-cpp/trunk/modules/js/htdocs/util.js9
-rw-r--r--sca-cpp/trunk/modules/oauth/mod-oauth1.cpp84
-rw-r--r--sca-cpp/trunk/modules/oauth/mod-oauth2.cpp69
-rwxr-xr-xsca-cpp/trunk/modules/oauth/oauth-conf16
-rwxr-xr-xsca-cpp/trunk/modules/openid/openid-conf1
17 files changed, 246 insertions, 220 deletions
diff --git a/sca-cpp/trunk/modules/edit/Makefile.am b/sca-cpp/trunk/modules/edit/Makefile.am
index 98c0ecc2e9..6bf47676d1 100644
--- a/sca-cpp/trunk/modules/edit/Makefile.am
+++ b/sca-cpp/trunk/modules/edit/Makefile.am
@@ -18,7 +18,7 @@
if WANT_PYTHON
moddir = $(prefix)/modules/edit
-dist_mod_SCRIPTS = start stop ssl-start mkapplinks
+dist_mod_SCRIPTS = start stop ssl-start mkapplinks config-backup data-backup
BUILT_SOURCES = htdocs/config.js htdocs/public/config.js
htdocs/config.js:
@@ -27,9 +27,9 @@ htdocs/config.js:
htdocs/public/config.js:
touch htdocs/public/config.js
-not_minified = htdocs/public/iframe.html htdocs/create/index.html htdocs/page/index.html htdocs/login/index.html htdocs/public/notfound/index.html htdocs/public/oops/index.html htdocs/graph/index.html htdocs/public/notauth/index.html htdocs/account/index.html htdocs/home/index.html htdocs/index.html htdocs/public/notyet/index.html htdocs/clone/index.html htdocs/stats/index.html htdocs/app/index.html htdocs/logout/index.html htdocs/store/index.html htdocs/config.js htdocs/public/config.js
+not_minified = htdocs/public/iframe.html htdocs/create/index.html htdocs/page/index.html htdocs/login/index.html htdocs/public/notfound/index.html htdocs/public/oops/index.html htdocs/graph/index.html htdocs/public/notauth/index.html htdocs/account/index.html htdocs/home/index.html htdocs/index.html htdocs/public/notyet/index.html htdocs/clone/index.html htdocs/stats/index.html htdocs/app/index.html htdocs/store/index.html htdocs/config.js htdocs/public/config.js
-minified = htdocs/public/iframe-min.html htdocs/create/index-min.html htdocs/page/index-min.html htdocs/login/index-min.html htdocs/public/notfound/index-min.html htdocs/public/oops/index-min.html htdocs/graph/index-min.html htdocs/public/notauth/index-min.html htdocs/account/index-min.html htdocs/home/index-min.html htdocs/index-min.html htdocs/public/notyet/index-min.html htdocs/clone/index-min.html htdocs/stats/index-min.html htdocs/app/index-min.html htdocs/logout/index-min.html htdocs/store/index-min.html htdocs/config-min.js htdocs/public/config-min.js
+minified = htdocs/public/iframe-min.html htdocs/create/index-min.html htdocs/page/index-min.html htdocs/login/index-min.html htdocs/public/notfound/index-min.html htdocs/public/oops/index-min.html htdocs/graph/index-min.html htdocs/public/notauth/index-min.html htdocs/account/index-min.html htdocs/home/index-min.html htdocs/index-min.html htdocs/public/notyet/index-min.html htdocs/clone/index-min.html htdocs/stats/index-min.html htdocs/app/index-min.html htdocs/store/index-min.html htdocs/config-min.js htdocs/public/config-min.js
resources = edit.composite *.py htdocs/*.cmf htdocs/*.ico htdocs/home/*.png htdocs/app/*.cmf htdocs/home/*.b64 htdocs/*.txt htdocs/public/*.png htdocs/public/*.b64 palettes/*/palette.composite accounts/*/*.account apps/*/app.composite apps/*/app.stats apps/*/htdocs/app.html dashboards/*/user.apps store/*/store.apps ${not_minified} ${minified}
diff --git a/sca-cpp/trunk/modules/edit/htdocs/index.html b/sca-cpp/trunk/modules/edit/htdocs/index.html
index 0a57717a06..3bc1529dbb 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/index.html
@@ -260,7 +260,7 @@ function showmenu(mdiv, view, appname) {
ui.menu(isNil(config.compose)? 'Composition' : config.compose, '/#view=graph&app=' + appname, '_view', view == 'graph'))),
mklist(
ui.menu('Account', '/#view=account', '_view', view == 'account'),
- ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+ ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
}
/**
@@ -423,6 +423,27 @@ window.onnavigate = function(url) {
};
/**
+ * Handle login redirect.
+ */
+window.onloginredirect = function(e) {
+ document.location = '/login/';
+};
+
+/**
+ * Log the current user out.
+ */
+function logout() {
+ // Clear session cookie and user-specific local storage entries
+ var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+ document.cookie = reset;
+ localStorage.removeItem('/r/EditWidget/accounts');
+ localStorage.removeItem('/r/EditWidget/dashboards');
+ //localStorage.clear();
+ document.location = '/login/';
+ return true;
+}
+
+/**
* Handle history.
*/
window.addEventListener('popstate', function(e) {
diff --git a/sca-cpp/trunk/modules/edit/htdocs/login/index.html b/sca-cpp/trunk/modules/edit/htdocs/login/index.html
index 982f8cf446..9052abe8d3 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/login/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/login/index.html
@@ -32,19 +32,6 @@
<h1>Sign in</h1>
-<!--
-<form name="passwordSignin" onsubmit="submitPasswordSignin();" method="POST" action="/login/dologin/">
-<table border="0">
-<tr><td><b>Username:</b></td></tr>
-<tr><td><input type="text" id="httpd_username" name="httpd_username" value="" size="15" autocapitalize="off" placeholder="Enter your user name" style="width: 300px;"/></td></tr>
-<tr><td><b>Password:</b></td></tr>
-<tr><td><input type="password" name="httpd_password" value="" size="15" placeholder="Enter your password" style="width: 300px;"/></td></tr>
-<tr><td><input type="submit" value="Sign in" class="graybutton" style="font-weight: bold;"/></td><td></td></tr>
-</table>
-<input type="hidden" name="httpd_location" value="/"/>
-</form>
--->
-
<form name="openIDForm">
<table border="0">
<tr><td><b>Sign in with your Google account</b></td></tr>
@@ -68,58 +55,33 @@
<input type="hidden" name="mod_oauth2_access_token" value=""/>
<input type="hidden" name="mod_oauth2_client_id" value=""/>
<input type="hidden" name="mod_oauth2_info" value=""/>
+<input type="hidden" name="mod_oauth2_display" value=""/>
<input type="hidden" name="mod_oauth2_step" value="authorize"/>
</form>
<script type="text/javascript">
function queryParams() {
- qp = new Array();
- qs = window.location.search.substring(1).split('&');
- for (i = 0; i < qs.length; i++) {
- e = qs[i].indexOf('=');
+ var qp = new Array();
+ var qs = window.location.search.substring(1).split('&');
+ for (var i = 0; i < qs.length; i++) {
+ var e = qs[i].indexOf('=');
if (e > 0)
qp[qs[i].substring(0, e)] = unescape(qs[i].substring(e + 1));
}
return qp;
}
-function formReferrer() {
- r = queryParams()['openauth_referrer'];
- if (typeof(r) == 'undefined')
- return '/';
- s = r.indexOf('//');
- if (s > 0)
- r = r.substring(s + 2);
- s = r.indexOf('/');
- if (s > 0)
- r = r.substring(s);
- return r;
-}
-
function openauthReferrer() {
- r = queryParams()['openauth_referrer'];
- if (typeof(r) == 'undefined')
+ var r = queryParams()['openauth_referrer'];
+ if (typeof(r) == 'undefined' || domainname(r) != domainname(window.location.hostname))
return '/';
- q = r.indexOf('?');
+ var q = r.indexOf('?');
if (q > 0)
return r.substring(0, q);
return r;
}
/**
- * Signin with a userid and password.
- */
-function submitPasswordSignin() {
- var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = reset;
- localStorage.removeItem('/r/EditWidget/accounts');
- localStorage.removeItem('/r/EditWidget/dashboards');
- //localStorage.clear();
- document.passwordSignin.httpd_location.value = formReferrer();
- document.passwordSignin.submit();
-}
-
-/**
* Signin with OpenID.
*/
function submitOpenIDSignin(w) {
@@ -151,12 +113,13 @@ function submitOAuth2Signin(w) {
document.oauth2Signin.mod_oauth2_access_token.value = parms[1];
document.oauth2Signin.mod_oauth2_client_id.value = parms[2];
document.oauth2Signin.mod_oauth2_info.value = parms[3];
+ document.oauth2Signin.mod_oauth2_display.value = parms[4];
document.oauth2Signin.action = openauthReferrer();
document.oauth2Signin.submit();
}
function withFacebook() {
- var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'facebook.com', 'https://graph.facebook.com/me'];
+ var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'facebook.com', 'https://graph.facebook.com/me', ui.isMobile()? 'touch' : 'page'];
return parms;
}
diff --git a/sca-cpp/trunk/modules/edit/htdocs/logout/index.html b/sca-cpp/trunk/modules/edit/htdocs/logout/index.html
deleted file mode 100644
index 133b6b7348..0000000000
--- a/sca-cpp/trunk/modules/edit/htdocs/logout/index.html
+++ /dev/null
@@ -1,81 +0,0 @@
-<!DOCTYPE html>
-<!--
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
--->
-<html>
-<head>
-<title>Sign out</title>
-<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0"/>
-<meta name="apple-mobile-web-app-capable" content="yes"/>
-<meta name="apple-mobile-web-app-status-bar-style" content="black"/>
-<base href="/logout/"/>
-<link rel="stylesheet" type="text/css" href="/ui-min.css"/>
-<script type="text/javascript" src="/all-min.js"></script>
-</head>
-<body class="delayed" onload="onload();">
-<div id="bodydiv" class="bodydiv">
-
-<h1>Sign out</h1>
-
-<form name="signout" onsubmit="submitSignout();" action="/login/" method="GET">
-<input type="submit" id="signOut" value="Sign out" class="graybutton" style="font-weight: bold"/>
-</form>
-
-<script type="text/javascript">
-function submitSignout() {
- // Clear session cookie and user-specific local storage entries
- var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = reset;
- localStorage.removeItem('/r/EditWidget/accounts');
- localStorage.removeItem('/r/EditWidget/dashboards');
- //localStorage.clear();
- document.signout.submit();
- return true;
-}
-
-/**
- * Handle orientation change.
- */
-document.body.onorientationchange = function(e) {
- //log('onorientationchange');
-
- // Scroll to the top and hide the address bar
- window.scrollTo(0, 0);
-
- return true;
-};
-
-/**
- * Document load post processing.
- */
-function onload() {
- //log('onload');
-
- // Show the page
- document.body.style.visibility = 'visible';
-
- // Scroll to the top and hide the address bar
- window.scrollTo(0, 0);
- return true;
-}
-
-</script>
-
-</div>
-</body>
-</html>
diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html
index 8a688c9aa5..f366533e17 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html
@@ -110,13 +110,27 @@ var cdiv = $('content');
function showmenu(mdiv) {
mdiv.innerHTML = ui.menubar(
mklist(ui.menu('Home', '/', '_view', false)),
- mklist(ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+ mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
}
showmenu(mdiv);
cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight);
/**
+ * Log the current user out.
+ */
+function logout() {
+ // Clear session cookie and user-specific local storage entries
+ var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+ document.cookie = reset;
+ localStorage.removeItem('/r/EditWidget/accounts');
+ localStorage.removeItem('/r/EditWidget/dashboards');
+ //localStorage.clear();
+ document.location = '/login/';
+ return true;
+}
+
+/**
* Handle orientation change.
*/
document.body.onorientationchange = function(e) {
diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html
index b7ba34c416..24efb159ea 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html
@@ -111,13 +111,27 @@ var cdiv = $('content');
function showmenu(mdiv) {
mdiv.innerHTML = ui.menubar(
mklist(ui.menu('Home', '/', '_view', false)),
- mklist(ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+ mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
}
showmenu(mdiv);
cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight);
/**
+ * Log the current user out.
+ */
+function logout() {
+ // Clear session cookie and user-specific local storage entries
+ var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+ document.cookie = reset;
+ localStorage.removeItem('/r/EditWidget/accounts');
+ localStorage.removeItem('/r/EditWidget/dashboards');
+ //localStorage.clear();
+ document.location = '/login/';
+ return true;
+}
+
+/**
* Handle orientation change.
*/
document.body.onorientationchange = function(e) {
diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html
index ca164f3172..b8457485fb 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html
@@ -111,13 +111,27 @@ var cdiv = $('content');
function showmenu(mdiv) {
mdiv.innerHTML = ui.menubar(
mklist(ui.menu('Home', '/', '_view', false)),
- mklist(ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+ mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
}
showmenu(mdiv);
cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight);
/**
+ * Log the current user out.
+ */
+function logout() {
+ // Clear session cookie and user-specific local storage entries
+ var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+ document.cookie = reset;
+ localStorage.removeItem('/r/EditWidget/accounts');
+ localStorage.removeItem('/r/EditWidget/dashboards');
+ //localStorage.clear();
+ document.location = '/login/';
+ return true;
+}
+
+/**
* Handle orientation change.
*/
document.body.onorientationchange = function(e) {
diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html
index 8cfe2f6537..ca3e7706e3 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html
@@ -110,13 +110,27 @@ var cdiv = $('content');
function showmenu(mdiv) {
mdiv.innerHTML = ui.menubar(
mklist(ui.menu('Home', '/', '_view', false)),
- mklist(ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+ mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
}
showmenu(mdiv);
cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight);
/**
+ * Log the current user out.
+ */
+function logout() {
+ // Clear session cookie and user-specific local storage entries
+ var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+ document.cookie = reset;
+ localStorage.removeItem('/r/EditWidget/accounts');
+ localStorage.removeItem('/r/EditWidget/dashboards');
+ //localStorage.clear();
+ document.location = '/login/';
+ return true;
+}
+
+/**
* Handle orientation change.
*/
document.body.onorientationchange = function(e) {
diff --git a/sca-cpp/trunk/modules/http/http.hpp b/sca-cpp/trunk/modules/http/http.hpp
index 5cf174f4e1..530f3c0c5c 100644
--- a/sca-cpp/trunk/modules/http/http.hpp
+++ b/sca-cpp/trunk/modules/http/http.hpp
@@ -869,8 +869,11 @@ const failable<size_t> recv(char* c, const size_t l, const CURLSession& cs) {
ostringstream& queryString(const list<list<value> > args, ostringstream& os) {
if (isNil(args))
return os;
- debug(car(args), "http::queryString::arg");
- os << car(car(args)) << "=" << c_str(cadr(car(args)));
+ const list<value> arg = car(args);
+ debug(arg, "http::queryString::arg");
+ if (isNil(arg) || isNil(cdr(arg)))
+ return queryString(cdr(args), os);
+ os << car(arg) << "=" << c_str(cadr(arg));
if (!isNil(cdr(args)))
os << "&";
return queryString(cdr(args), os);
diff --git a/sca-cpp/trunk/modules/http/mod-security-conf b/sca-cpp/trunk/modules/http/mod-security-conf
index c9f0728f88..a1373906fd 100755
--- a/sca-cpp/trunk/modules/http/mod-security-conf
+++ b/sca-cpp/trunk/modules/http/mod-security-conf
@@ -81,8 +81,8 @@ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
# Avoid a potential RegEx DoS condition
-SecPcreMatchLimit 1000
-SecPcreMatchLimitRecursion 1000
+SecPcreMatchLimit 10000
+SecPcreMatchLimitRecursion 10000
SecRule TX:/^MSC_/ "!@streq 0" "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
# Detect slow DoS attacks
diff --git a/sca-cpp/trunk/modules/js/htdocs/component.js b/sca-cpp/trunk/modules/js/htdocs/component.js
index d991f9aa61..10b4535470 100644
--- a/sca-cpp/trunk/modules/js/htdocs/component.js
+++ b/sca-cpp/trunk/modules/js/htdocs/component.js
@@ -265,13 +265,16 @@ HTTPBindingClient.prototype.get = function(id, cb) {
if (http.getResponseHeader("X-Login") != null) {
// Detect redirect to a login page
try {
- cb(null, new HTTPBindingClient.Exception(403, 'X-Login'));
+ var le = new HTTPBindingClient.Exception(403, 'X-Login');
+ if (window.onloginredirect)
+ window.onloginredirect(le);
+ return cb(null, le);
} catch(cbe) {}
} else if (http.responseText == '' || http.getResponseHeader("Content-Type") == null) {
// Report empty response
try {
- cb(null, new HTTPBindingClient.Exception(403, 'No-Content'));
+ return cb(null, new HTTPBindingClient.Exception(403, 'No-Content'));
} catch(cbe) {}
} else {
@@ -282,7 +285,7 @@ HTTPBindingClient.prototype.get = function(id, cb) {
localStorage.setItem(u, http.responseText);
}
try {
- cb(http.responseText);
+ return cb(http.responseText);
} catch(cbe) {}
}
}
@@ -291,7 +294,7 @@ HTTPBindingClient.prototype.get = function(id, cb) {
// Pass exception if we didn't have a local result
if (item == null) {
try {
- cb(null, new HTTPBindingClient.Exception(http.status, http.statusText));
+ return cb(null, new HTTPBindingClient.Exception(http.status, http.statusText));
} catch(cbe) {}
}
}
@@ -309,7 +312,10 @@ HTTPBindingClient.prototype.get = function(id, cb) {
if (http.getResponseHeader("X-Login") != null) {
// Detect redirect to a login page
- throw new HTTPBindingClient.Exception(403, 'X-Login');
+ var le = new HTTPBindingClient.Exception(403, 'X-Login');
+ if (window.onloginredirect)
+ window.onloginredirect(le);
+ throw le;
} else if (http.responseText == '' || http.getResponseHeader("Content-Type") == null) {
@@ -341,7 +347,10 @@ HTTPBindingClient.prototype.getnocache = function(id, cb) {
if (http.getResponseHeader("X-Login") != null) {
// Detect redirect to a login page
try {
- return cb(null, new HTTPBindingClient.Exception(403, 'X-Login'));
+ var le = new HTTPBindingClient.Exception(403, 'X-Login');
+ if (window.onloginredirect)
+ window.onloginredirect(le);
+ return cb(null, le);
} catch(cbe) {}
} else if (http.responseText == '' || http.getResponseHeader("Content-Type") == null) {
@@ -352,12 +361,12 @@ HTTPBindingClient.prototype.getnocache = function(id, cb) {
} else {
try {
- cb(http.responseText);
+ return cb(http.responseText);
} catch(cbe) {}
}
} else {
try {
- cb(null, new HTTPBindingClient.Exception(http.status, http.statusText));
+ return cb(null, new HTTPBindingClient.Exception(http.status, http.statusText));
} catch(cbe) {}
}
}
@@ -374,7 +383,10 @@ HTTPBindingClient.prototype.getnocache = function(id, cb) {
if (http.getResponseHeader("X-Login") != null) {
// Detect redirect to a login page
- throw new HTTPBindingClient.Exception(403, 'X-Login');
+ var le = new HTTPBindingClient.Exception(403, 'X-Login');
+ if (window.onloginredirect)
+ window.onloginredirect(le);
+ throw le;
} else if (http.responseText == '' || http.getResponseHeader("Content-Type") == null) {
diff --git a/sca-cpp/trunk/modules/js/htdocs/ui.js b/sca-cpp/trunk/modules/js/htdocs/ui.js
index ee65d62e56..eabf851b55 100644
--- a/sca-cpp/trunk/modules/js/htdocs/ui.js
+++ b/sca-cpp/trunk/modules/js/htdocs/ui.js
@@ -274,6 +274,21 @@ ui.menu = function(name, href, target, hilight) {
return new Menu();
};
+ui.menufunc = function(name, fun, hilight) {
+ function Menu() {
+ this.content = function() {
+ function href(fun, html) {
+ return '<a href="javascript:void(0)" onclick="' + fun + '">' + html + '</a>';
+ }
+
+ if (hilight)
+ return href(fun, '<span class="tbarsmenu">' + name + '</span>');
+ return href(fun, '<span class="tbaramenu">' + name + '</span>');
+ };
+ }
+ return new Menu();
+};
+
ui.menubar = function(left, right) {
var bar = '<table cellpadding="0" cellspacing="0" width="100%" class="tbar"><tr>' +
'<td class="dtbar"><table border="0" cellspacing="0" cellpadding="0"><tr>';
diff --git a/sca-cpp/trunk/modules/js/htdocs/util.js b/sca-cpp/trunk/modules/js/htdocs/util.js
index 86e17c4f60..60c8a0c8e6 100644
--- a/sca-cpp/trunk/modules/js/htdocs/util.js
+++ b/sca-cpp/trunk/modules/js/htdocs/util.js
@@ -315,8 +315,15 @@ function properties(o) {
* Convert a host name to a domain name.
*/
function domainname(host) {
+ var ds = host.indexOf('//');
+ if (ds != -1)
+ return domainname(host.substring(ds + 2));
+ var s = host.indexOf('/');
+ if (s != -1)
+ return domainname(host.substring(0, s));
var h = reverse(host.split('.'));
- return reverse(mklist(car(h), cadr(h))).join('.');
+ var d = (!isNil(cddr(h)) && caddr(h) == 'www')? mklist(car(h), cadr(h), caddr(h)) : mklist(car(h), cadr(h));
+ return reverse(d).join('.');
}
/**
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
index ca7f562b60..2381b16810 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
@@ -81,6 +81,7 @@ public:
const char* dir;
bool enabled;
string login;
+ list<list<value> > scopeattrs;
};
/**
@@ -93,40 +94,36 @@ const failable<value> userInfo(const value& sid, const memcache::MemCached& mc)
/**
* Handle an authenticated request.
*/
-const failable<int> authenticated(const list<list<value> >& info, request_rec* r) {
+const failable<int> authenticated(const list<list<value> >& attrs, const list<list<value> >& info, request_rec* r) {
debug(info, "modoauth1::authenticated::info");
- // Store user info in the request
- const list<value> realm = assoc<value>("realm", info);
- if (isNil(realm) || isNil(cdr(realm)))
- return mkfailure<int>("Couldn't retrieve realm");
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm))));
-
- const list<value> id = assoc<value>("id", info);
- if (isNil(id) || isNil(cdr(id)))
- return mkfailure<int>("Couldn't retrieve user id");
- r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
-
- const list<value> email = assoc<value>("email", info);
- if (!isNil(email) && !isNil(cdr(email)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "EMAIL"), apr_pstrdup(r->pool, c_str(cadr(email))));
-
- const list<value> screenname = assoc<value>("screen_name", info);
- if (!isNil(screenname) && !isNil(cdr(screenname)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, c_str(cadr(screenname))));
-
- const list<value> name = assoc<value>("name", info);
- if (!isNil(name) && !isNil(cdr(name)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FULLNAME"), apr_pstrdup(r->pool, c_str(cadr(name))));
-
- const list<value> firstname = assoc<value>("first-name", info);
- if (!isNil(firstname) && !isNil(cdr(firstname)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FIRSTNAME"), apr_pstrdup(r->pool, c_str(cadr(firstname))));
-
- const list<value> lastname = assoc<value>("last-name", info);
- if (!isNil(lastname) && !isNil(cdr(lastname)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname))));
- return OK;
+ if (isNil(attrs)) {
+
+ // Store user id in an environment variable
+ const list<value> id = assoc<value>("id", info);
+ if (isNil(id) || isNil(cdr(id)))
+ return mkfailure<int>("Couldn't retrieve user id");
+ apr_table_set(r->subprocess_env, "OAUTH1_ID", apr_pstrdup(r->pool, c_str(cadr(id))));
+
+ // If the request user field has not been mapped to another attribute, map the
+ // OAuth id attribute to it
+ if (r->user == NULL || r->user[0] == '\0')
+ r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
+ return OK;
+ }
+
+ // Store each configure OAuth scope attribute in an environment variable
+ const list<value> a = car(attrs);
+ const list<value> v = assoc<value>(cadr(a), info);
+ if (!isNil(v) && !isNil(cdr(v))) {
+
+ // Map the REMOTE_USER attribute to the request user field
+ if (string(car(a)) == "REMOTE_USER")
+ r->user = apr_pstrdup(r->pool, c_str(cadr(v)));
+ else
+ apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v))));
+ }
+ return authenticated(cdr(attrs), info, r);
}
/**
@@ -414,7 +411,7 @@ static int checkAuthn(request_rec *r) {
const failable<value> info = userInfo(content(sid), sc.mc);
if (hasContent(info)) {
r->ap_auth_type = const_cast<char*>(atype);
- return httpd::reportStatus(authenticated(content(info), r));
+ return httpd::reportStatus(authenticated(dc.scopeattrs, content(info), r));
}
}
@@ -461,6 +458,8 @@ int postConfigMerge(ServerConf& mainsc, server_rec* s) {
// Merge configuration from main server
if (isNil(sc.appkeys))
sc.appkeys = mainsc.appkeys;
+ if (isNil(sc.mcaddrs))
+ sc.mcaddrs = mainsc.mcaddrs;
sc.mc = mainsc.mc;
sc.cs = mainsc.cs;
@@ -564,18 +563,25 @@ const char* confCertKeyFile(cmd_parms *cmd, unused void *c, const char *arg) {
sc.key = arg;
return NULL;
}
+const char* confScopeAttr(cmd_parms *cmd, void* c, const char* arg1, const char* arg2) {
+ gc_scoped_pool pool(cmd->pool);
+ DirConf& dc = httpd::dirConf<DirConf>(c);
+ dc.scopeattrs = cons<list<value> >(mklist<value>(arg1, arg2), dc.scopeattrs);
+ return NULL;
+}
/**
* HTTP server module declaration.
*/
const command_rec commands[] = {
- AP_INIT_TAKE3("AddAuthOAuth1AppKey", (const char*(*)())confAppKey, NULL, RSRC_CONF, "OAuth 2.0 name app-id app-key"),
+ AP_INIT_TAKE3("AddAuthOAuth1AppKey", (const char*(*)())confAppKey, NULL, RSRC_CONF, "OAuth 1.0 name app-id app-key"),
AP_INIT_ITERATE("AddAuthOAuthMemcached", (const char*(*)())confMemcached, NULL, RSRC_CONF, "Memcached server host:port"),
- AP_INIT_FLAG("AuthOAuth", (const char*(*)())confEnabled, NULL, OR_AUTHCFG, "OAuth 2.0 authentication On | Off"),
- AP_INIT_TAKE1("AuthOAuthLoginPage", (const char*(*)())confLogin, NULL, OR_AUTHCFG, "OAuth 2.0 login page"),
- AP_INIT_TAKE1("AuthOAuthSSLCACertificateFile", (const char*(*)())confCAFile, NULL, RSRC_CONF, "OAUth 2.0 SSL CA certificate file"),
- AP_INIT_TAKE1("AuthOAuthSSLCertificateFile", (const char*(*)())confCertFile, NULL, RSRC_CONF, "OAuth 2.0 SSL certificate file"),
- AP_INIT_TAKE1("AuthOAuthSSLCertificateKeyFile", (const char*(*)())confCertKeyFile, NULL, RSRC_CONF, "OAuth 2.0 SSL certificate key file"),
+ AP_INIT_FLAG("AuthOAuth", (const char*(*)())confEnabled, NULL, OR_AUTHCFG, "OAuth 1.0 authentication On | Off"),
+ AP_INIT_TAKE1("AuthOAuthLoginPage", (const char*(*)())confLogin, NULL, OR_AUTHCFG, "OAuth 1.0 login page"),
+ AP_INIT_TAKE1("AuthOAuthSSLCACertificateFile", (const char*(*)())confCAFile, NULL, RSRC_CONF, "OAUth 1.0 SSL CA certificate file"),
+ AP_INIT_TAKE1("AuthOAuthSSLCertificateFile", (const char*(*)())confCertFile, NULL, RSRC_CONF, "OAuth 1.0 SSL certificate file"),
+ AP_INIT_TAKE1("AuthOAuthSSLCertificateKeyFile", (const char*(*)())confCertKeyFile, NULL, RSRC_CONF, "OAuth 1.0 SSL certificate key file"),
+ AP_INIT_TAKE2("AddAuthOAuth1ScopeAttr", (const char*(*)())confScopeAttr, NULL, OR_AUTHCFG, "OAuth 1.0 scope attribute"),
{NULL, NULL, NULL, 0, NO_ARGS, NULL}
};
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
index 41d722f1e2..3d567040ac 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
@@ -75,6 +75,7 @@ public:
const char* dir;
bool enabled;
string login;
+ list<list<value> > scopeattrs;
};
/**
@@ -87,39 +88,36 @@ const failable<value> userInfo(const value& sid, const memcache::MemCached& mc)
/**
* Handle an authenticated request.
*/
-const failable<int> authenticated(const list<list<value> >& info, request_rec* r) {
+const failable<int> authenticated(const list<list<value> >& attrs, const list<list<value> >& info, request_rec* r) {
debug(info, "modoauth2::authenticated::info");
- // Store user info in the request
- const list<value> realm = assoc<value>("realm", info);
- if (isNil(realm) || isNil(cdr(realm)))
- return mkfailure<int>("Couldn't retrieve realm");
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm))));
-
- const list<value> id = assoc<value>("id", info);
- if (isNil(id) || isNil(cdr(id)))
- return mkfailure<int>("Couldn't retrieve user id");
- r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
-
- const list<value> email = assoc<value>("email", info);
- if (!isNil(email) && !isNil(cdr(email)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "EMAIL"), apr_pstrdup(r->pool, c_str(cadr(email))));
-
- const list<value> fullname = assoc<value>("name", info);
- if (!isNil(fullname) && !isNil(cdr(fullname))) {
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, c_str(cadr(fullname))));
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FULLNAME"), apr_pstrdup(r->pool, c_str(cadr(fullname))));
- }
+ if (isNil(attrs)) {
- const list<value> firstname = assoc<value>("first_name", info);
- if (!isNil(firstname) && !isNil(cdr(firstname)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FIRSTNAME"), apr_pstrdup(r->pool, c_str(cadr(firstname))));
+ // Store user id in an environment variable
+ const list<value> id = assoc<value>("id", info);
+ if (isNil(id) || isNil(cdr(id)))
+ return mkfailure<int>("Couldn't retrieve user id");
+ apr_table_set(r->subprocess_env, "OAUTH2_ID", apr_pstrdup(r->pool, c_str(cadr(id))));
- const list<value> lastname = assoc<value>("last_name", info);
- if (!isNil(lastname) && !isNil(cdr(lastname)))
- apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname))));
+ // If the request user field has not been mapped to another attribute, map the
+ // OAuth id attribute to it
+ if (r->user == NULL || r->user[0] == '\0')
+ r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
+ return OK;
+ }
- return OK;
+ // Store each configure OAuth scope attribute in an environment variable
+ const list<value> a = car(attrs);
+ const list<value> v = assoc<value>(cadr(a), info);
+ if (!isNil(v) && !isNil(cdr(v))) {
+
+ // Map the REMOTE_USER attribute to the request user field
+ if (string(car(a)) == "REMOTE_USER")
+ r->user = apr_pstrdup(r->pool, c_str(cadr(v)));
+ else
+ apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v))));
+ }
+ return authenticated(cdr(attrs), info, r);
}
/**
@@ -139,6 +137,7 @@ const failable<int> authorize(const list<list<value> >& args, request_rec* r, co
const list<value> info = assoc<value>("mod_oauth2_info", args);
if (isNil(info) || isNil(cdr(info)))
return mkfailure<int>("Missing mod_oauth2_info parameter");
+ const list<value> display = assoc<value>("mod_oauth2_display", args);
// Build the redirect URI
const list<list<value> > rargs = mklist<list<value> >(mklist<value>("mod_oauth2_step", "access_token"), tok, cid, info);
@@ -152,7 +151,8 @@ const failable<int> authorize(const list<list<value> >& args, request_rec* r, co
list<value> appkey = cadr(app);
// Redirect to the authorize URI
- const list<list<value> > aargs = mklist<list<value> >(mklist<value>("client_id", car(appkey)), mklist<value>("scope", "email"), mklist<value>("redirect_uri", httpd::escape(redir)));
+ const list<value> adisplay = (isNil(display) || isNil(cdr(display)))? list<value>() : mklist<value>("display", cadr(display));
+ const list<list<value> > aargs = mklist<list<value> >(mklist<value>("client_id", car(appkey)), mklist<value>("scope", "email"), adisplay, mklist<value>("redirect_uri", httpd::escape(redir)));
const string uri = httpd::unescape(cadr(auth)) + string("?") + http::queryString(aargs);
debug(uri, "modoauth2::authorize::uri");
return httpd::externalRedirect(uri, r);
@@ -266,7 +266,7 @@ static int checkAuthn(request_rec *r) {
const failable<value> info = userInfo(content(sid), sc.mc);
if (hasContent(info)) {
r->ap_auth_type = const_cast<char*>(atype);
- return httpd::reportStatus(authenticated(content(info), r));
+ return httpd::reportStatus(authenticated(dc.scopeattrs, content(info), r));
}
}
@@ -313,6 +313,8 @@ int postConfigMerge(ServerConf& mainsc, server_rec* s) {
// Merge configuration from main server
if (isNil(sc.appkeys))
sc.appkeys = mainsc.appkeys;
+ if (isNil(sc.mcaddrs))
+ sc.mcaddrs = mainsc.mcaddrs;
sc.mc = mainsc.mc;
sc.cs = mainsc.cs;
@@ -416,6 +418,12 @@ const char* confCertKeyFile(cmd_parms *cmd, unused void *c, const char *arg) {
sc.key = arg;
return NULL;
}
+const char* confScopeAttr(cmd_parms *cmd, void* c, const char* arg1, const char* arg2) {
+ gc_scoped_pool pool(cmd->pool);
+ DirConf& dc = httpd::dirConf<DirConf>(c);
+ dc.scopeattrs = cons<list<value> >(mklist<value>(arg1, arg2), dc.scopeattrs);
+ return NULL;
+}
/**
* HTTP server module declaration.
@@ -428,6 +436,7 @@ const command_rec commands[] = {
AP_INIT_TAKE1("AuthOAuthSSLCACertificateFile", (const char*(*)())confCAFile, NULL, RSRC_CONF, "OAUth 2.0 SSL CA certificate file"),
AP_INIT_TAKE1("AuthOAuthSSLCertificateFile", (const char*(*)())confCertFile, NULL, RSRC_CONF, "OAuth 2.0 SSL certificate file"),
AP_INIT_TAKE1("AuthOAuthSSLCertificateKeyFile", (const char*(*)())confCertKeyFile, NULL, RSRC_CONF, "OAuth 2.0 SSL certificate key file"),
+ AP_INIT_TAKE2("AddAuthOAuth2ScopeAttr", (const char*(*)())confScopeAttr, NULL, OR_AUTHCFG, "OAuth 2.0 scope attribute"),
{NULL, NULL, NULL, 0, NO_ARGS, NULL}
};
diff --git a/sca-cpp/trunk/modules/oauth/oauth-conf b/sca-cpp/trunk/modules/oauth/oauth-conf
index 856eea7f39..21fc51cac8 100755
--- a/sca-cpp/trunk/modules/oauth/oauth-conf
+++ b/sca-cpp/trunk/modules/oauth/oauth-conf
@@ -53,9 +53,23 @@ cat >>$root/conf/auth.conf <<EOF
<Location />
AuthType Open
AuthName "$host"
+Require valid-user
AuthOAuth On
AuthOAuthLoginPage /login
-Require valid-user
+AddAuthOAuth2ScopeAttr REALM realm
+AddAuthOAuth2ScopeAttr REMOTE_USER email
+AddAuthOAuth2ScopeAttr EMAIL email
+AddAuthOAuth2ScopeAttr NICKNAME name
+AddAuthOAuth2ScopeAttr FULLNAME name
+AddAuthOAuth2ScopeAttr FIRSTNAME first_name
+AddAuthOAuth2ScopeAttr LASTNAME last_name
+AddAuthOAuth1ScopeAttr REALM realm
+AddAuthOAuth1ScopeAttr REMOTE_USER email
+AddAuthOAuth1ScopeAttr EMAIL email
+AddAuthOAuth1ScopeAttr NICKNAME screen_name
+AddAuthOAuth2ScopeAttr FULLNAME name
+AddAuthOAuth1ScopeAttr FIRSTNAME first-name
+AddAuthOAuth1ScopeAttr LASTNAME last-name
</Location>
# Configure OAuth App keys
diff --git a/sca-cpp/trunk/modules/openid/openid-conf b/sca-cpp/trunk/modules/openid/openid-conf
index 021c8b1e82..c6e63c128d 100755
--- a/sca-cpp/trunk/modules/openid/openid-conf
+++ b/sca-cpp/trunk/modules/openid/openid-conf
@@ -45,6 +45,7 @@ AuthOpenIDEnabled On
AuthOpenIDCookiePath /
AuthOpenIDCookieName TuscanyOpenAuth
AuthOpenIDLoginPage /login/
+AuthOpenIDAXAdd REMOTE_USER http://axschema.org/contact/email
AuthOpenIDAXAdd EMAIL http://axschema.org/contact/email
AuthOpenIDAXAdd FULLNAME http://axschema.org/namePerson
AuthOpenIDAXAdd NICKNAME http://axschema.org/namePerson/friendly
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-12 17:28:22 +0000