From 4bf0a7052b448315eda710857acafe24bb112a5b Mon Sep 17 00:00:00 2001 From: jsdelfino Date: Mon, 14 Nov 2011 07:10:15 +0000 Subject: Change authentication scheme from Form based auth to OpenID + OAuth. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1201614 13f79535-47bb-0310-9956-ffa450edef68 --- sca-cpp/trunk/.gitignore | 6 +- sca-cpp/trunk/README | 9 +- sca-cpp/trunk/macos/macos-install | 16 ++- sca-cpp/trunk/macos/memcached-1.4.7.patch | 12 -- sca-cpp/trunk/modules/edit/Makefile.am | 14 +- sca-cpp/trunk/modules/edit/accounts.py | 2 +- sca-cpp/trunk/modules/edit/apps.py | 2 +- sca-cpp/trunk/modules/edit/composites.py | 2 +- sca-cpp/trunk/modules/edit/dashboards.py | 2 +- .../modules/edit/htdocs/app/cache-manifest.cmf | 8 +- sca-cpp/trunk/modules/edit/htdocs/app/index.html | 20 +-- .../trunk/modules/edit/htdocs/cache-manifest.cmf | 8 +- sca-cpp/trunk/modules/edit/htdocs/index.html | 24 ++-- sca-cpp/trunk/modules/edit/htdocs/login/index.html | 97 ++++++++++++- .../trunk/modules/edit/htdocs/logout/index.html | 8 +- .../trunk/modules/edit/htdocs/notauth/index.html | 157 -------------------- .../trunk/modules/edit/htdocs/notfound/index.html | 158 --------------------- .../trunk/modules/edit/htdocs/notyet/index.html | 158 --------------------- sca-cpp/trunk/modules/edit/htdocs/oops/index.html | 157 -------------------- .../modules/edit/htdocs/public/notauth/index.html | 152 ++++++++++++++++++++ .../modules/edit/htdocs/public/notfound/index.html | 153 ++++++++++++++++++++ .../modules/edit/htdocs/public/notyet/index.html | 153 ++++++++++++++++++++ .../modules/edit/htdocs/public/oops/index.html | 152 ++++++++++++++++++++ sca-cpp/trunk/modules/edit/pages.py | 2 +- sca-cpp/trunk/modules/edit/ssl-start | 41 ++++-- sca-cpp/trunk/modules/edit/start | 10 +- sca-cpp/trunk/modules/edit/stop | 3 +- sca-cpp/trunk/modules/edit/store.py | 2 +- sca-cpp/trunk/modules/http/httpd-conf | 5 + sca-cpp/trunk/modules/http/httpd.hpp | 1 + sca-cpp/trunk/modules/http/open-auth-conf | 7 +- sca-cpp/trunk/modules/http/openauth.hpp | 2 +- sca-cpp/trunk/modules/js/htdocs/ui.js | 7 + .../trunk/modules/oauth/htdocs/login/index.html | 4 +- .../trunk/modules/oauth/htdocs/login/mixed.html | 8 +- .../trunk/modules/oauth/htdocs/logout/index.html | 2 +- sca-cpp/trunk/modules/oauth/oauth-conf | 15 +- .../trunk/modules/openid/htdocs/login/index.html | 2 +- .../trunk/modules/openid/htdocs/logout/index.html | 2 +- sca-cpp/trunk/modules/openid/openid-conf | 3 +- sca-cpp/trunk/patches/memcached-1.4.7.patch | 12 ++ sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch | 8 ++ sca-cpp/trunk/ubuntu/ubuntu-install | 7 +- sca-cpp/trunk/ubuntu/ubuntu-install-all | 7 +- 44 files changed, 877 insertions(+), 743 deletions(-) delete mode 100644 sca-cpp/trunk/macos/memcached-1.4.7.patch delete mode 100644 sca-cpp/trunk/modules/edit/htdocs/notauth/index.html delete mode 100644 sca-cpp/trunk/modules/edit/htdocs/notfound/index.html delete mode 100644 sca-cpp/trunk/modules/edit/htdocs/notyet/index.html delete mode 100644 sca-cpp/trunk/modules/edit/htdocs/oops/index.html create mode 100644 sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html create mode 100644 sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html create mode 100644 sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html create mode 100644 sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html create mode 100644 sca-cpp/trunk/patches/memcached-1.4.7.patch create mode 100644 sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch (limited to 'sca-cpp') diff --git a/sca-cpp/trunk/.gitignore b/sca-cpp/trunk/.gitignore index 0a161b3717..1dd44f8fd9 100644 --- a/sca-cpp/trunk/.gitignore +++ b/sca-cpp/trunk/.gitignore @@ -56,7 +56,7 @@ m4/ config.guess config.sub config.status -*config.js +config.js all.js *-min.html *-min.js @@ -93,7 +93,7 @@ doxygen *.jar *.prefix *.crt -*.patch +/*.patch index.yaml core gen-cpp/ @@ -135,7 +135,7 @@ scribe-cat js-test js-eval file-test -test-start +test-start* xml-value value-xml json-value diff --git a/sca-cpp/trunk/README b/sca-cpp/trunk/README index d532fe68d4..92dfde8154 100644 --- a/sca-cpp/trunk/README +++ b/sca-cpp/trunk/README @@ -15,9 +15,9 @@ can be used to help assemble distributed SCA composite applications: Cache: key/value memory cache, using Memcached; Chat: XMPP chat, using Apache Vysper and Libstrophe; Constdb: fast persistent store for mostly constant data, using TinyCDB; -Filedb: key/value 'NoSQL' persistent store, using plain files; +Filedb: key/value persistent store, using plain files; Http: HTTP client, using Libcurl; -Kvdb: fast key/value 'NoSQL' persistent store, using LevelDB; +Kvdb: fast key/value persistent store, using LevelDB; Log: distributed logger, using Facebook Scribe; Queue: AMQP queuing, using Apache Qpid/C; Sqldb: SQL database, using PostgreSQL; @@ -77,9 +77,9 @@ Here's a rough guide to the Tuscany SCA source tree: | | |-- cache Memcached key/value cache | | |-- chat XMPP chat | | |-- constdb TinyCDB constant persistent store - | | |-- filedb Plain file NoSQL persistent store + | | |-- filedb Plain file persistent store | | |-- http HTTP client - | | |-- kvdb LevelDB NoSQL persistent store + | | |-- kvdb LevelDB key/value persistent store | | |-- log Scribe logger | | |-- queue AMQP message queue | | |-- sqldb PostgreSQL database @@ -98,6 +98,7 @@ Here's a rough guide to the Tuscany SCA source tree: | | | |-- macos Automated install on Mac OS X 10.1.7 | |-- ubuntu Automated install on Ubuntu 10.10 + | |-- patches Temporary patches to some of the dependencies | |-- branches Topic and release branches | diff --git a/sca-cpp/trunk/macos/macos-install b/sca-cpp/trunk/macos/macos-install index 2cc8a57dfa..b9474482a4 100755 --- a/sca-cpp/trunk/macos/macos-install +++ b/sca-cpp/trunk/macos/macos-install @@ -105,7 +105,8 @@ curl -OL http://memcached.googlecode.com/files/memcached-1.4.7.tar.gz tar xzf memcached-1.4.7.tar.gz cd memcached-1.4.7 # http://code.google.com/p/memcached/issues/detail?id=218 -patch -p0<$build/../memcached-1.4.7.patch +curl -OL http://svn.apache.org/repos/asf/tuscany/sca-cpp/trunk/patches/memcached-1.4.7.patch +patch -p0 @@ -77,7 +86,7 @@ appcache.get = function(uri) {
@@ -117,8 +126,8 @@ var locationcomp = sca.httpclient('location', '/' + appname + '/location'); var appresources = [ ['/all-min.js'], ['/ui-min.css'], - ['/footconfig-min.js'], - ['/headconfig-min.js'], + ['/config-min.js'], + ['/public/config-min.js'] ]; /** @@ -889,11 +898,6 @@ function onload() {
-
diff --git a/sca-cpp/trunk/modules/edit/htdocs/cache-manifest.cmf b/sca-cpp/trunk/modules/edit/htdocs/cache-manifest.cmf index 0be3e662d7..cb76f773a3 100644 --- a/sca-cpp/trunk/modules/edit/htdocs/cache-manifest.cmf +++ b/sca-cpp/trunk/modules/edit/htdocs/cache-manifest.cmf @@ -5,12 +5,12 @@ CACHE MANIFEST # App resources / /favicon.ico -/notauth/ -/notfound/ -/notyet/ -/oops/ /public/iframe-min.html /public/img.png +/public/notauth/ +/public/notfound/ +/public/notyet/ +/public/oops/ /public/touchicon.png NETWORK: diff --git a/sca-cpp/trunk/modules/edit/htdocs/index.html b/sca-cpp/trunk/modules/edit/htdocs/index.html index 547c11652a..0a57717a06 100644 --- a/sca-cpp/trunk/modules/edit/htdocs/index.html +++ b/sca-cpp/trunk/modules/edit/htdocs/index.html @@ -48,6 +48,8 @@ appcache.get = function(uri) { if (http.status == 200) { if (http.getResponseHeader("X-Login") != null) { if (log) log('http error', u, 'X-Login'); + // Redirect to login page if not signed in + document.location = '/login/'; return null; } else if (http.responseText == '' || http.getResponseHeader("Content-Type") == null) { if (log) log('http error', u, 'No-Content'); @@ -57,6 +59,9 @@ appcache.get = function(uri) { return http.responseText; } if (log) log('http error', u, http.status, http.statusText); + // Redirect to login page if not signed in + if (http.status == 403) + document.location = '/login/'; return null; }; @@ -69,6 +74,10 @@ appcache.get = function(uri) { document.head.appendChild(ui.declareCSS(appcache.get('/ui-min.css'))); })(); +// Redirect to login page if not signed in +if (document.location.protocol == 'https:' && !ui.signedin()) + document.location = '/login/'; + @@ -77,7 +86,7 @@ appcache.get = function(uri) {
@@ -117,13 +126,13 @@ var appresources = [ ['/account/', 'flip'], ['/clone/', 'flip'], ['/create/', 'flip'], - ['/footconfig-min.js'], ['/graph/', 'flip'], - ['/headconfig-min.js'], + ['/config-min.js'], ['/home/', 'right'], ['/home/home.b64'], ['/page/', 'flip'], ['/public/app.b64'], + ['/public/config-min.js'], ['/public/grid72.b64'], ['/public/iframe-min.html'], ['/public/img.b64'], @@ -249,7 +258,9 @@ function showmenu(mdiv, view, appname) { ui.menu('Stats', '/#view=stats&app=' + appname, '_view', view == 'stats'), ui.menu('Page', '/#view=page&app=' + appname, '_view', view == 'page'), ui.menu(isNil(config.compose)? 'Composition' : config.compose, '/#view=graph&app=' + appname, '_view', view == 'graph'))), - mklist(ui.menu('Account', '/#view=account', '_view', view == 'account'), ui.menu('Sign out', '/logout/', '_self', false))); + mklist( + ui.menu('Account', '/#view=account', '_view', view == 'account'), + ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false))); } /** @@ -486,11 +497,6 @@ function onload() {
-
diff --git a/sca-cpp/trunk/modules/edit/htdocs/login/index.html b/sca-cpp/trunk/modules/edit/htdocs/login/index.html index 76709af15e..982f8cf446 100644 --- a/sca-cpp/trunk/modules/edit/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/edit/htdocs/login/index.html @@ -32,7 +32,8 @@

Sign in

-
+ + + + + + +
Sign in with your Google account
+
+ +
+ + + +
Sign in with your Facebook account
+
+ +
+ +
+ +
+ + + + + +
- - -
- -
- -
- - - -
- - - -

- -
-
Sorry, you're not authorized to view this page.
-
- -
- - - -
- -
- -
- - diff --git a/sca-cpp/trunk/modules/edit/htdocs/notfound/index.html b/sca-cpp/trunk/modules/edit/htdocs/notfound/index.html deleted file mode 100644 index 6b3bb09824..0000000000 --- a/sca-cpp/trunk/modules/edit/htdocs/notfound/index.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - -Page not found - - - - - - - -
- -
- -
- - - -
- - - -

- -
-
Sorry, that page was not found.
-
You may have clicked an expired link or mistyped the address.
-
- -
- - - -
- -
- -
- - diff --git a/sca-cpp/trunk/modules/edit/htdocs/notyet/index.html b/sca-cpp/trunk/modules/edit/htdocs/notyet/index.html deleted file mode 100644 index d01e535299..0000000000 --- a/sca-cpp/trunk/modules/edit/htdocs/notyet/index.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - -Page not found - - - - - - - -
- -
- -
- - - -
- - - -

- -
-
Sorry, that page is still under construction.
-
Please check back later.
-
- -
- - - -
- -
- -
- - diff --git a/sca-cpp/trunk/modules/edit/htdocs/oops/index.html b/sca-cpp/trunk/modules/edit/htdocs/oops/index.html deleted file mode 100644 index aeb5ae5d2c..0000000000 --- a/sca-cpp/trunk/modules/edit/htdocs/oops/index.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - -Oops - - - - - - -
- -
- -
- - - -
- - - -

- -
-
Oops, something went wrong...
-
- -
- - - -
- -
- -
- - diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html new file mode 100644 index 0000000000..8a688c9aa5 --- /dev/null +++ b/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html @@ -0,0 +1,152 @@ + + + + +Sorry + + + + + + + +
+ +
+ +
+ + + +
+ + + +

+ +
+
Sorry, you're not authorized to view this page.
+
+ +
+ + + +
+
+ +
+ + diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html new file mode 100644 index 0000000000..b7ba34c416 --- /dev/null +++ b/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html @@ -0,0 +1,153 @@ + + + + +Page not found + + + + + + + +
+ +
+ +
+ + + +
+ + + +

+ +
+
Sorry, that page was not found.
+
You may have clicked an expired link or mistyped the address.
+
+ +
+ + + +
+
+ +
+ + diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html new file mode 100644 index 0000000000..ca164f3172 --- /dev/null +++ b/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html @@ -0,0 +1,153 @@ + + + + +Page not found + + + + + + + +
+ +
+ +
+ + + +
+ + + +

+ +
+
Sorry, that page is still under construction.
+
Please check back later.
+
+ +
+ + + +
+
+ +
+ + diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html new file mode 100644 index 0000000000..8cfe2f6537 --- /dev/null +++ b/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html @@ -0,0 +1,152 @@ + + + + +Oops + + + + + + +
+ +
+ +
+ + + +
+ + + +

+ +
+
Oops, something went wrong...
+
+ +
+ + + +
+
+ +
+ + diff --git a/sca-cpp/trunk/modules/edit/pages.py b/sca-cpp/trunk/modules/edit/pages.py index aa84f40162..99392aeeef 100644 --- a/sca-cpp/trunk/modules/edit/pages.py +++ b/sca-cpp/trunk/modules/edit/pages.py @@ -33,7 +33,7 @@ def get(id, cache): if isNil(id): return (("'feed", ("'title", "Pages"), ("'id", "pages")),) xhtml = cache.get(appid(id)) - if (isNil(xhtml) or xhtml is None): + if isNil(xhtml) or xhtml is None: return (("'entry", ("'title", car(id)), ("'id", car(id))),) return (("'entry", ("'title", car(id)), ("'id", car(id)), ("'content", car(xhtml))),) diff --git a/sca-cpp/trunk/modules/edit/ssl-start b/sca-cpp/trunk/modules/edit/ssl-start index f467371b80..5103566a5c 100755 --- a/sca-cpp/trunk/modules/edit/ssl-start +++ b/sca-cpp/trunk/modules/edit/ssl-start @@ -32,11 +32,30 @@ jsprefix=`echo "import os; print os.path.realpath('$here/../js')" | python` ../../modules/http/httpd-event-conf tmp ../../modules/http/httpd-ssl-conf tmp 8453 -# Configure authentication -../../modules/http/open-auth-conf tmp -../../modules/http/passwd-auth-conf tmp john john -../../modules/http/passwd-auth-conf tmp jane jane -../../modules/http/passwd-auth-conf tmp admin admin +# Configure password authentication +#../../modules/http/open-auth-conf tmp +#../../modules/http/passwd-auth-conf tmp john john +#../../modules/http/passwd-auth-conf tmp jane jane +#../../modules/http/passwd-auth-conf tmp admin admin + +# Configure OAuth authentication +# Configure your OAuth app keys here +../../modules/oauth/oauth-conf tmp +../../modules/oauth/oauth-memcached-conf tmp sca-store.com 11212 +../../modules/oauth/oauth2-appkey-conf tmp facebook.com 12345 67890 + +# Configure OpenID step2 authentication +../../modules/openid/openid-conf tmp +../../modules/openid/openid-step2-conf tmp +../../modules/openid/openid-memcached-conf tmp sca-store.com 11212 + +# Configure authorized users +#../../modules/http/group-auth-conf tmp john +#../../modules/http/group-auth-conf tmp jane +#../../modules/http/group-auth-conf tmp admin +# Configure your OpenID and OAuth ids here +../../modules/http/group-auth-conf tmp https://www.google.com/accounts/o8/id?id=45678 +../../modules/http/group-auth-conf tmp 23456789 # Configure mod-security ../../modules/http/mod-security-conf tmp @@ -48,9 +67,10 @@ jsprefix=`echo "import os; print os.path.realpath('$here/../js')" | python` # Configure error pages cat >>tmp/conf/svhost-ssl.conf <>tmp/conf/svhost.conf < +# Mark login page with a header + +Header set X-Login open-auth + + EOF # Create password and group files diff --git a/sca-cpp/trunk/modules/http/httpd.hpp b/sca-cpp/trunk/modules/http/httpd.hpp index d413e6c288..c1cc16d08d 100644 --- a/sca-cpp/trunk/modules/http/httpd.hpp +++ b/sca-cpp/trunk/modules/http/httpd.hpp @@ -603,6 +603,7 @@ const int externalRedirect(const string& uri, request_rec* r) { debug(uri, "httpd::externalRedirect"); r->status = HTTP_MOVED_TEMPORARILY; apr_table_setn(r->headers_out, "Location", apr_pstrdup(r->pool, c_str(uri))); + apr_table_setn(r->headers_out, "Cache-Control", "no-cache"); r->filename = apr_pstrdup(r->pool, c_str(string("/redirect:/") + uri)); return HTTP_MOVED_TEMPORARILY; } diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf index bed20d75a9..66d36242e2 100755 --- a/sca-cpp/trunk/modules/http/open-auth-conf +++ b/sca-cpp/trunk/modules/http/open-auth-conf @@ -35,7 +35,7 @@ cat >>$root/conf/auth.conf < -# Mark login page with a header - -Header set X-Login open-auth - - EOF diff --git a/sca-cpp/trunk/modules/http/openauth.hpp b/sca-cpp/trunk/modules/http/openauth.hpp index d7377324d9..e044a74fe2 100644 --- a/sca-cpp/trunk/modules/http/openauth.hpp +++ b/sca-cpp/trunk/modules/http/openauth.hpp @@ -77,7 +77,7 @@ const string cookie(const string& sid, const string& domain) { const time_t t = time(NULL) + 86400; char exp[32]; strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t)); - const string c = string("TuscanyOpenAuth=") + sid + ";domain=." + domain + ";path=/;expires=" + string(exp) + ";secure=TRUE"; + const string c = string("TuscanyOpenAuth=") + sid + "; expires=" + string(exp) + "; domain=." + domain + "; path=/"; debug(c, "openauth::cookie"); return c; } diff --git a/sca-cpp/trunk/modules/js/htdocs/ui.js b/sca-cpp/trunk/modules/js/htdocs/ui.js index d8628f6dd0..ee65d62e56 100644 --- a/sca-cpp/trunk/modules/js/htdocs/ui.js +++ b/sca-cpp/trunk/modules/js/htdocs/ui.js @@ -192,6 +192,13 @@ ui.windowtitle = function(host) { return d.substr(0, 1).toUpperCase() + d.substr(1); }; +/** + * Return true if the session cookie contains signin information. + */ +ui.signedin = function() { + return !isNil(document.cookie) && document.cookie.indexOf('TuscanyOpenAuth=') != -1; +}; + /** * Convert a CSS position to a numeric position. */ diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html index 3805deade3..d1002f79ec 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html @@ -57,7 +57,7 @@ if (typeof(oauthReferrer()) == 'undefined') { function submitSignin2(w) { parms = w(); - var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + window.location.hostname + '; path=/'; document.cookie = reset; document.signin2.mod_oauth2_authorize.value = parms[0]; document.signin2.mod_oauth2_access_token.value = parms[1]; @@ -79,7 +79,7 @@ function withGithub() { function submitSignin1(w) { parms = w(); - var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + window.location.hostname + '; path=/'; document.cookie = reset; document.signin1.mod_oauth1_request_token.value = parms[0]; document.signin1.mod_oauth1_authorize.value = parms[1]; diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html index 8be8a4deaa..57484dc479 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html @@ -30,7 +30,7 @@