summaryrefslogtreecommitdiffstats
path: root/sca-cpp/trunk/modules/oauth
diff options
context:
space:
mode:
Diffstat (limited to 'sca-cpp/trunk/modules/oauth')
-rw-r--r--sca-cpp/trunk/modules/oauth/htdocs/login/index.html14
-rw-r--r--sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html18
-rw-r--r--sca-cpp/trunk/modules/oauth/htdocs/logout/index.html12
-rw-r--r--sca-cpp/trunk/modules/oauth/mod-oauth1.cpp22
-rw-r--r--sca-cpp/trunk/modules/oauth/mod-oauth2.cpp22
5 files changed, 50 insertions, 38 deletions
diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html
index 0740afd8b3..bf5e196bae 100644
--- a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html
+++ b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html
@@ -55,17 +55,17 @@ if (typeof(oauthReferrer()) == 'undefined') {
document.location = '/';
}
-function clearauthcookie() {
- document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+function clearAuthCookie() {
+ document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
return true;
}
function submitSignin2(w) {
parms = w();
- clearauthcookie();
+ clearAuthCookie();
document.signin2.oauth2_authorize.value = parms[0];
document.signin2.oauth2_access_token.value = parms[1];
document.signin2.oauth2_client_id.value = parms[2];
@@ -89,7 +89,7 @@ function withGithub() {
function submitSignin1(w) {
parms = w();
- clearauthcookie();
+ clearAuthCookie();
document.signin1.oauth1_request_token.value = parms[0];
document.signin1.oauth1_authorize.value = parms[1];
document.signin1.oauth1_access_token.value = parms[2];
diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html
index fdf2b64a3f..ef5afcdc7e 100644
--- a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html
+++ b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html
@@ -29,16 +29,16 @@
<h1>Sign in with a Form, an OpenID provider or an OAuth provider</h1>
<script type="text/javascript">
-function clearauthcookie() {
- document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+function clearAuthCookie() {
+ document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
return true;
}
function submitFormSignin() {
- clearauthcookie();
+ clearAuthCookie();
document.formSignin.httpd_location.value = '/';
document.formSignin.submit();
}
@@ -69,7 +69,7 @@ if (typeof(openauthReferrer()) == 'undefined') {
}
function submitOpenIDSignin(w) {
- clearauthcookie();
+ clearAuthCookie();
document.openIDSignin.openid_identifier.value = w();
document.openIDSignin.action = openauthReferrer();
document.openIDSignin.submit();
@@ -117,7 +117,7 @@ function withXRDSEndpoint() {
function submitOAuth2Signin(w) {
parms = w();
- clearauthcookie();
+ clearAuthCookie();
document.oauth2Signin.oauth2_authorize.value = parms[0];
document.oauth2Signin.oauth2_access_token.value = parms[1];
document.oauth2Signin.oauth2_client_id.value = parms[2];
@@ -141,7 +141,7 @@ function withGithub() {
function submitOAuth1Signin(w) {
parms = w();
- clearauthcookie();
+ clearAuthCookie();
document.oauth1Signin.oauth1_request_token.value = parms[0];
document.oauth1Signin.oauth1_authorize.value = parms[1];
document.oauth1Signin.oauth1_access_token.value = parms[2];
diff --git a/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html b/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html
index 8cf786043b..437d39e882 100644
--- a/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html
+++ b/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html
@@ -31,16 +31,16 @@
<form name="signout" action="/login" method="GET">
<script type="text/javascript">
-function clearauthcookie() {
- document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
- document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+function clearAuthCookie() {
+ document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
+ document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/';
return true;
}
function submitSignout() {
- clearauthcookie();
+ clearAuthCookie();
document.signout.submit();
return true;
}
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
index b1786d1098..e34c0c2359 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
@@ -139,7 +139,7 @@ const failable<value> userInfo(const value& sid, const memcache::MemCached& mc)
/**
* Handle an authenticated request.
*/
-const failable<int> authenticated(const list<value>& userinfo, const bool check, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) {
+const failable<int> authenticated(const list<value>& userinfo, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) {
debug(userinfo, "modoauth2::authenticated::userinfo");
if (isNull(scopeattrs)) {
@@ -156,8 +156,15 @@ const failable<int> authenticated(const list<value>& userinfo, const bool check,
r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
// Run the authnz hooks to check the authenticated user
- if (check)
- return checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs);
+ const failable<int> arc = checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs);
+ if (!hasContent(arc))
+ return arc;
+
+ // Update the request user field with the authorized user id returned by the authnz hooks
+ const char* auser = apr_table_get(r->subprocess_env, "AUTHZ_USER");
+ if (auser != NULL)
+ r->user = apr_pstrdup(r->pool, auser);
+
return OK;
}
@@ -172,7 +179,7 @@ const failable<int> authenticated(const list<value>& userinfo, const bool check,
else
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v))));
}
- return authenticated(userinfo, check, r, cdr(scopeattrs), apcs);
+ return authenticated(userinfo, r, cdr(scopeattrs), apcs);
}
/**
@@ -293,8 +300,7 @@ const failable<int> authorize(const list<value>& args, request_rec* const r, con
/**
* Extract user info from a profile/info response.
- * TODO This currently only works for Twitter, Foursquare and LinkedIn.
- * User profile parsing needs to be made configurable.
+ * TODO Make this configurable
*/
const failable<list<value> > profileUserInfo(const value& cid, const string& info) {
const string b = substr(info, 0, 1);
@@ -424,7 +430,7 @@ const failable<int> accessToken(const list<value>& args, request_rec* r, const l
return mkfailure<int>(userinfo);
// Validate the authenticated user
- const failable<int> authrc = authenticated(content(userinfo), true, r, scopeattrs, apcs);
+ const failable<int> authrc = authenticated(content(userinfo), r, scopeattrs, apcs);
if (!hasContent(authrc))
return authrc;
@@ -471,7 +477,7 @@ static int checkAuthn(request_rec *r) {
if (!hasContent(userinfo))
return openauth::reportStatus(mkfailure<int>(reason(userinfo), HTTP_UNAUTHORIZED), dc.login, nilValue, r);
r->ap_auth_type = const_cast<char*>(atype);
- return openauth::reportStatus(authenticated(content(userinfo), false, r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r);
+ return openauth::reportStatus(authenticated(content(userinfo), r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r);
}
// Get the request args
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
index 0a4405ce2e..c5de134926 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp
@@ -133,7 +133,7 @@ const failable<value> userInfo(const value& sid, const memcache::MemCached& mc)
/**
* Handle an authenticated request.
*/
-const failable<int> authenticated(const list<value>& userinfo, const bool check, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) {
+const failable<int> authenticated(const list<value>& userinfo, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) {
debug(userinfo, "modoauth2::authenticated::userinfo");
if (isNull(scopeattrs)) {
@@ -150,8 +150,15 @@ const failable<int> authenticated(const list<value>& userinfo, const bool check,
r->user = apr_pstrdup(r->pool, c_str(cadr(id)));
// Run the authnz hooks to check the authenticated user
- if (check)
- return checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs);
+ const failable<int> arc = checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs);
+ if (!hasContent(arc))
+ return arc;
+
+ // Update the request user field with the authorized user id returned by the authnz hooks
+ const char* auser = apr_table_get(r->subprocess_env, "AUTHZ_USER");
+ if (auser != NULL)
+ r->user = apr_pstrdup(r->pool, auser);
+
return OK;
}
@@ -166,7 +173,7 @@ const failable<int> authenticated(const list<value>& userinfo, const bool check,
else
apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v))));
}
- return authenticated(userinfo, check, r, cdr(scopeattrs), apcs);
+ return authenticated(userinfo, r, cdr(scopeattrs), apcs);
}
/**
@@ -219,8 +226,7 @@ const failable<int> authorize(const list<value>& args, request_rec* const r, con
/**
* Extract user info from a profile/info response.
- * TODO This currently only works for Facebook and Gowalla.
- * User profile parsing needs to be made configurable.
+ * TODO Make this configurable.
*/
const failable<list<value> > profileUserInfo(const value& cid, const list<value>& info) {
return cons<value>(mklist<value>("realm", cid), info);
@@ -299,7 +305,7 @@ const failable<int> accessToken(const list<value>& args, request_rec* r, const l
return mkfailure<int>(userinfo);
// Validate the authenticated user
- const failable<int> authrc = authenticated(content(userinfo), true, r, scopeattrs, apcs);
+ const failable<int> authrc = authenticated(content(userinfo), r, scopeattrs, apcs);
if (!hasContent(authrc))
return authrc;
@@ -346,7 +352,7 @@ static int checkAuthn(request_rec *r) {
if (!hasContent(userinfo))
return openauth::reportStatus(mkfailure<int>(reason(userinfo), HTTP_UNAUTHORIZED), dc.login, nilValue, r);
r->ap_auth_type = const_cast<char*>(atype);
- return openauth::reportStatus(authenticated(content(userinfo), false, r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r);
+ return openauth::reportStatus(authenticated(content(userinfo), r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r);
}
// Get the request args
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-26 22:27:14 +0000