Improvements to the auth implementation. Refactor logout page, handle auth redirects in XHR responses and allow auth to work off an OpenID AX attribute or OAuth resource attribute.

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1204401 13f79535-47bb-0310-9956-ffa450edef68

8 files changed, 95 insertions, 136 deletions

diff --git a/sca-cpp/trunk/modules/edit/Makefile.am b/sca-cpp/trunk/modules/edit/Makefile.am
index 98c0ecc2e9..6bf47676d1 100644
--- a/sca-cpp/trunk/modules/edit/Makefile.am
+++ b/sca-cpp/trunk/modules/edit/Makefile.am
@@ -18,7 +18,7 @@
 if WANT_PYTHON
 
 moddir = $(prefix)/modules/edit
-dist_mod_SCRIPTS = start stop ssl-start mkapplinks
+dist_mod_SCRIPTS = start stop ssl-start mkapplinks config-backup data-backup
 
 BUILT_SOURCES = htdocs/config.js htdocs/public/config.js
 htdocs/config.js:
@@ -27,9 +27,9 @@ htdocs/config.js:
 htdocs/public/config.js:
 	touch htdocs/public/config.js
 
-not_minified = htdocs/public/iframe.html htdocs/create/index.html htdocs/page/index.html htdocs/login/index.html htdocs/public/notfound/index.html htdocs/public/oops/index.html htdocs/graph/index.html htdocs/public/notauth/index.html htdocs/account/index.html htdocs/home/index.html htdocs/index.html htdocs/public/notyet/index.html htdocs/clone/index.html htdocs/stats/index.html htdocs/app/index.html htdocs/logout/index.html htdocs/store/index.html htdocs/config.js htdocs/public/config.js
+not_minified = htdocs/public/iframe.html htdocs/create/index.html htdocs/page/index.html htdocs/login/index.html htdocs/public/notfound/index.html htdocs/public/oops/index.html htdocs/graph/index.html htdocs/public/notauth/index.html htdocs/account/index.html htdocs/home/index.html htdocs/index.html htdocs/public/notyet/index.html htdocs/clone/index.html htdocs/stats/index.html htdocs/app/index.html htdocs/store/index.html htdocs/config.js htdocs/public/config.js
 
-minified = htdocs/public/iframe-min.html htdocs/create/index-min.html htdocs/page/index-min.html htdocs/login/index-min.html htdocs/public/notfound/index-min.html htdocs/public/oops/index-min.html htdocs/graph/index-min.html htdocs/public/notauth/index-min.html htdocs/account/index-min.html htdocs/home/index-min.html htdocs/index-min.html htdocs/public/notyet/index-min.html htdocs/clone/index-min.html htdocs/stats/index-min.html htdocs/app/index-min.html htdocs/logout/index-min.html htdocs/store/index-min.html htdocs/config-min.js htdocs/public/config-min.js
+minified = htdocs/public/iframe-min.html htdocs/create/index-min.html htdocs/page/index-min.html htdocs/login/index-min.html htdocs/public/notfound/index-min.html htdocs/public/oops/index-min.html htdocs/graph/index-min.html htdocs/public/notauth/index-min.html htdocs/account/index-min.html htdocs/home/index-min.html htdocs/index-min.html htdocs/public/notyet/index-min.html htdocs/clone/index-min.html htdocs/stats/index-min.html htdocs/app/index-min.html htdocs/store/index-min.html htdocs/config-min.js htdocs/public/config-min.js
 
 resources = edit.composite *.py htdocs/*.cmf htdocs/*.ico htdocs/home/*.png htdocs/app/*.cmf htdocs/home/*.b64 htdocs/*.txt htdocs/public/*.png htdocs/public/*.b64 palettes/*/palette.composite accounts/*/*.account apps/*/app.composite apps/*/app.stats apps/*/htdocs/app.html dashboards/*/user.apps store/*/store.apps ${not_minified} ${minified}
 
diff --git a/sca-cpp/trunk/modules/edit/htdocs/index.html b/sca-cpp/trunk/modules/edit/htdocs/index.html
index 0a57717a06..3bc1529dbb 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/index.html
@@ -260,7 +260,7 @@ function showmenu(mdiv, view, appname) {
                         ui.menu(isNil(config.compose)? 'Composition' : config.compose, '/#view=graph&app=' + appname, '_view', view == 'graph'))),
         mklist(
             ui.menu('Account', '/#view=account', '_view', view == 'account'),
-            ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+            ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
 }
 
 /**
@@ -423,6 +423,27 @@ window.onnavigate = function(url) {
 };
 
 /**
+ * Handle login redirect.
+ */
+window.onloginredirect = function(e) {
+    document.location = '/login/';
+};
+
+/**
+ * Log the current user out.
+ */
+function logout() {
+    // Clear session cookie and user-specific local storage entries
+    var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+    document.cookie = reset;
+    localStorage.removeItem('/r/EditWidget/accounts');
+    localStorage.removeItem('/r/EditWidget/dashboards');
+    //localStorage.clear();
+    document.location = '/login/';
+    return true;
+}
+
+/**
  * Handle history.
  */
 window.addEventListener('popstate', function(e) {
diff --git a/sca-cpp/trunk/modules/edit/htdocs/login/index.html b/sca-cpp/trunk/modules/edit/htdocs/login/index.html
index 982f8cf446..9052abe8d3 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/login/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/login/index.html
@@ -32,19 +32,6 @@
 
 <h1>Sign in</h1>
 
-<!--
-<form name="passwordSignin" onsubmit="submitPasswordSignin();" method="POST" action="/login/dologin/">
-<table border="0">
-<tr><td><b>Username:</b></td></tr>
-<tr><td><input type="text" id="httpd_username" name="httpd_username" value="" size="15" autocapitalize="off" placeholder="Enter your user name" style="width: 300px;"/></td></tr>
-<tr><td><b>Password:</b></td></tr>
-<tr><td><input type="password" name="httpd_password" value="" size="15" placeholder="Enter your password" style="width: 300px;"/></td></tr>
-<tr><td><input type="submit" value="Sign in" class="graybutton" style="font-weight: bold;"/></td><td></td></tr>
-</table>
-<input type="hidden" name="httpd_location" value="/"/>
-</form>
--->
-
 <form name="openIDForm">
 <table border="0">
 <tr><td><b>Sign in with your Google account</b></td></tr>
@@ -68,58 +55,33 @@
 <input type="hidden" name="mod_oauth2_access_token" value=""/>
 <input type="hidden" name="mod_oauth2_client_id" value=""/>
 <input type="hidden" name="mod_oauth2_info" value=""/>
+<input type="hidden" name="mod_oauth2_display" value=""/>
 <input type="hidden" name="mod_oauth2_step" value="authorize"/>
 </form>
 
 <script type="text/javascript">
 function queryParams() {
-    qp = new Array();
-    qs = window.location.search.substring(1).split('&');
-    for (i = 0; i < qs.length; i++) {
-        e = qs[i].indexOf('=');
+    var qp = new Array();
+    var qs = window.location.search.substring(1).split('&');
+    for (var i = 0; i < qs.length; i++) {
+        var e = qs[i].indexOf('=');
         if (e > 0)
             qp[qs[i].substring(0, e)] = unescape(qs[i].substring(e + 1));
     }
     return qp;
 }
 
-function formReferrer() {
-    r = queryParams()['openauth_referrer'];
-    if (typeof(r) == 'undefined')
-        return '/';
-    s = r.indexOf('//');
-    if (s > 0)
-        r = r.substring(s + 2);
-    s = r.indexOf('/');
-    if (s > 0)
-        r = r.substring(s);
-    return r;
-}
-
 function openauthReferrer() {
-    r = queryParams()['openauth_referrer'];
-    if (typeof(r) == 'undefined')
+    var r = queryParams()['openauth_referrer'];
+    if (typeof(r) == 'undefined' || domainname(r) != domainname(window.location.hostname))
         return '/';
-    q = r.indexOf('?');
+    var q = r.indexOf('?');
     if (q > 0)
         return r.substring(0, q);
     return r;
 }
 
 /**
- * Signin with a userid and password.
- */
-function submitPasswordSignin() {
-    var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
-    document.cookie = reset;
-    localStorage.removeItem('/r/EditWidget/accounts');
-    localStorage.removeItem('/r/EditWidget/dashboards');
-    //localStorage.clear();
-    document.passwordSignin.httpd_location.value = formReferrer();
-    document.passwordSignin.submit();
-}
-
-/**
  * Signin with OpenID.
  */
 function submitOpenIDSignin(w) {
@@ -151,12 +113,13 @@ function submitOAuth2Signin(w) {
     document.oauth2Signin.mod_oauth2_access_token.value = parms[1];
     document.oauth2Signin.mod_oauth2_client_id.value = parms[2];
     document.oauth2Signin.mod_oauth2_info.value = parms[3];
+    document.oauth2Signin.mod_oauth2_display.value = parms[4];
     document.oauth2Signin.action = openauthReferrer();
     document.oauth2Signin.submit();
 }
 
 function withFacebook() {
-    var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'facebook.com', 'https://graph.facebook.com/me'];
+    var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'facebook.com', 'https://graph.facebook.com/me', ui.isMobile()? 'touch' : 'page'];
     return parms;
 }
 
diff --git a/sca-cpp/trunk/modules/edit/htdocs/logout/index.html b/sca-cpp/trunk/modules/edit/htdocs/logout/index.html
deleted file mode 100644
index 133b6b7348..0000000000
--- a/sca-cpp/trunk/modules/edit/htdocs/logout/index.html
+++ /dev/null
@@ -1,81 +0,0 @@
-<!DOCTYPE html>
-<!--
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- *   http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.    
--->
-<html>
-<head>
-<title>Sign out</title>
-<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0"/> 
-<meta name="apple-mobile-web-app-capable" content="yes"/>
-<meta name="apple-mobile-web-app-status-bar-style" content="black"/>
-<base href="/logout/"/>
-<link rel="stylesheet" type="text/css" href="/ui-min.css"/>
-<script type="text/javascript" src="/all-min.js"></script>
-</head>
-<body class="delayed" onload="onload();">
-<div id="bodydiv" class="bodydiv">
-
-<h1>Sign out</h1>
-
-<form name="signout" onsubmit="submitSignout();" action="/login/" method="GET">
-<input type="submit" id="signOut" value="Sign out" class="graybutton" style="font-weight: bold"/>
-</form>
-
-<script type="text/javascript">
-function submitSignout() {
-    // Clear session cookie and user-specific local storage entries
-    var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
-    document.cookie = reset;
-    localStorage.removeItem('/r/EditWidget/accounts');
-    localStorage.removeItem('/r/EditWidget/dashboards');
-    //localStorage.clear();
-    document.signout.submit();
-    return true;
-}
-
-/**
- * Handle orientation change.
- */
-document.body.onorientationchange = function(e) {
-    //log('onorientationchange');
-
-    // Scroll to the top and hide the address bar
-    window.scrollTo(0, 0);
-
-    return true;
-};
-
-/**
- * Document load post processing.
- */
-function onload() {
-    //log('onload');
-
-    // Show the page
-    document.body.style.visibility = 'visible';
-
-    // Scroll to the top and hide the address bar
-    window.scrollTo(0, 0);
-    return true;
-}
-
-</script>
-
-</div>
-</body>
-</html>
diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html
index 8a688c9aa5..f366533e17 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/public/notauth/index.html
@@ -110,13 +110,27 @@ var cdiv = $('content');
 function showmenu(mdiv) {
     mdiv.innerHTML = ui.menubar(
         mklist(ui.menu('Home', '/', '_view', false)),
-            mklist(ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+            mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
 }
 
 showmenu(mdiv);
 cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight);
 
 /**
+ * Log the current user out.
+ */
+function logout() {
+    // Clear session cookie and user-specific local storage entries
+    var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+    document.cookie = reset;
+    localStorage.removeItem('/r/EditWidget/accounts');
+    localStorage.removeItem('/r/EditWidget/dashboards');
+    //localStorage.clear();
+    document.location = '/login/';
+    return true;
+}
+
+/**
  * Handle orientation change.
  */
 document.body.onorientationchange = function(e) {
diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html
index b7ba34c416..24efb159ea 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/public/notfound/index.html
@@ -111,13 +111,27 @@ var cdiv = $('content');
 function showmenu(mdiv) {
     mdiv.innerHTML = ui.menubar(
         mklist(ui.menu('Home', '/', '_view', false)),
-            mklist(ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+            mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
 }
 
 showmenu(mdiv);
 cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight);
 
 /**
+ * Log the current user out.
+ */
+function logout() {
+    // Clear session cookie and user-specific local storage entries
+    var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+    document.cookie = reset;
+    localStorage.removeItem('/r/EditWidget/accounts');
+    localStorage.removeItem('/r/EditWidget/dashboards');
+    //localStorage.clear();
+    document.location = '/login/';
+    return true;
+}
+
+/**
  * Handle orientation change.
  */
 document.body.onorientationchange = function(e) {
diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html
index ca164f3172..b8457485fb 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/public/notyet/index.html
@@ -111,13 +111,27 @@ var cdiv = $('content');
 function showmenu(mdiv) {
     mdiv.innerHTML = ui.menubar(
         mklist(ui.menu('Home', '/', '_view', false)),
-            mklist(ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+            mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
 }
 
 showmenu(mdiv);
 cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight);
 
 /**
+ * Log the current user out.
+ */
+function logout() {
+    // Clear session cookie and user-specific local storage entries
+    var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+    document.cookie = reset;
+    localStorage.removeItem('/r/EditWidget/accounts');
+    localStorage.removeItem('/r/EditWidget/dashboards');
+    //localStorage.clear();
+    document.location = '/login/';
+    return true;
+}
+
+/**
  * Handle orientation change.
  */
 document.body.onorientationchange = function(e) {
diff --git a/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html b/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html
index 8cfe2f6537..ca3e7706e3 100644
--- a/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html
+++ b/sca-cpp/trunk/modules/edit/htdocs/public/oops/index.html
@@ -110,13 +110,27 @@ var cdiv = $('content');
 function showmenu(mdiv) {
     mdiv.innerHTML = ui.menubar(
         mklist(ui.menu('Home', '/', '_view', false)),
-            mklist(ui.signedin()? ui.menu('Sign out', '/logout/', '_self', false) : ui.menu('Sign in', '/login/', '_self', false)));
+            mklist(ui.signedin()? ui.menufunc('Sign out', 'logout();', false) : ui.menu('Sign in', '/login/', '_self', false)));
 }
 
 showmenu(mdiv);
 cdiv.style.top = ui.pixpos(mdiv.offsetTop + mdiv.offsetHeight);
 
 /**
+ * Log the current user out.
+ */
+function logout() {
+    // Clear session cookie and user-specific local storage entries
+    var reset = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/';
+    document.cookie = reset;
+    localStorage.removeItem('/r/EditWidget/accounts');
+    localStorage.removeItem('/r/EditWidget/dashboards');
+    //localStorage.clear();
+    document.location = '/login/';
+    return true;
+}
+
+/**
  * Handle orientation change.
  */
 document.body.onorientationchange = function(e) {