diff options
author | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2010-11-13 07:53:10 +0000 |
---|---|---|
committer | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2010-11-13 07:53:10 +0000 |
commit | 3ac22b097d9a9e829ec45963a7c3a40dd12b40a1 (patch) | |
tree | ae26d54d061b8f61a1ee2513aa913e8a5e3a1277 /sca-cpp/trunk/modules/oauth/mod-oauth2.cpp | |
parent | 1b5f778e514d74d86eee83932b9d5948d7e6e316 (diff) |
Port to HTTPD 2.3.8. Add an auth module to make OpenID, OAuth 1/2 and HTTPD 2.3 Form auth modules play nice together.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1034693 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth2.cpp | 70 |
1 files changed, 34 insertions, 36 deletions
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp index bb96fcb916..b52967977e 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp @@ -33,8 +33,8 @@ #include "monad.hpp" #include "../http/httpd.hpp" #include "../http/http.hpp" +#include "../http/openauth.hpp" #include "../../components/cache/memcache.hpp" -#include "oauth.hpp" extern "C" { extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth2; @@ -77,20 +77,10 @@ public: }; /** - * Check user authentication. + * Return the user info for a session. */ -static int checkUserID(request_rec *r) { - // Decline if we're not enabled or AuthType is not set to Open - const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2); - if (!dc.enabled) - return DECLINED; - const char* atype = ap_auth_type(r); - if (atype == NULL || strcasecmp(atype, "Open")) - return DECLINED; - - gc_scoped_pool pool(r->pool); - httpdDebugRequest(r, "modoauth2::checkUserID::input"); - return OK; +const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) { + return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc); } /** @@ -99,6 +89,12 @@ static int checkUserID(request_rec *r) { const failable<int> authenticated(const list<list<value> >& info, request_rec* r) { debug(info, "modoauth2::authenticated::info"); + // Store user info in the request + const list<value> realm = assoc<value>("realm", info); + if (isNil(realm) || isNil(cdr(realm))) + return mkfailure<int>("Couldn't retrieve realm"); + apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm)))); + const list<value> id = assoc<value>("id", info); if (isNil(id) || isNil(cdr(id))) return mkfailure<int>("Couldn't retrieve user id"); @@ -122,9 +118,7 @@ const failable<int> authenticated(const list<list<value> >& info, request_rec* r if (!isNil(lastname) && !isNil(cdr(lastname))) apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname)))); - if(r->ap_auth_type == NULL) - r->ap_auth_type = const_cast<char*>("OAuth"); - return DECLINED; + return OK; } /** @@ -236,47 +230,47 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r, return mkfailure<int>(reason(prc)); // Send session ID to the client in a cookie - apr_table_set(r->err_headers_out, "Set-Cookie", c_str(oauth::cookie(sid))); + apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid))); return httpd::externalRedirect(httpd::url(r->uri, r), r); } /** - * Handle a request. + * Check user authentication. */ -int handler(request_rec* r) { - // Decline if we're not enabled or if the user is already - // authenticated by another module +static int checkAuthn(request_rec *r) { + // Decline if we're not enabled or AuthType is not set to Open const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2); - if(!dc.enabled) + if (!dc.enabled) return DECLINED; - if (r->user != NULL || apr_table_get(r->subprocess_env, "SSL_REMOTE_USER") != NULL) + const char* atype = ap_auth_type(r); + if (atype == NULL || strcasecmp(atype, "Open")) return DECLINED; gc_scoped_pool pool(r->pool); - httpdDebugRequest(r, "modoauth2::handler::input"); + httpdDebugRequest(r, "modoauth2::checkAuthn::input"); const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth2); // Get session id from the request - const maybe<string> sid = oauth::sessionID(r); + const maybe<string> sid = openauth::sessionID(r); if (hasContent(sid)) { // Decline if the session id was not created by this module if (substr(content(sid), 0, 7) != "OAuth2_") return DECLINED; // If we're authenticated store the user info in the request - const failable<value> info = oauth::userInfo(content(sid), sc.mc); - if (hasContent(info)) + const failable<value> info = userInfo(content(sid), sc.mc); + if (hasContent(info)) { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(authenticated(content(info), r)); + } } // Get the request args const list<list<value> > args = httpd::queryArgs(r); - // Decline if the request is for OpenID authentication + // Decline if the request is for another authentication provider if (!isNil(assoc<value>("openid_identifier", args))) return DECLINED; - - // Decline if the request is for OAuth1 authentication if (!isNil(assoc<value>("mod_oauth1_step", args))) return DECLINED; @@ -286,15 +280,20 @@ int handler(request_rec* r) { const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : ""; // Handle OAuth authorize request step - if (step == "authorize") + if (step == "authorize") { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(authorize(args, r, sc)); + } // Handle OAuth access_token request step - if (step == "access_token") + if (step == "access_token") { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(access_token(args, r, sc)); + } // Redirect to the login page - return httpd::reportStatus(oauth::login(dc.login, r)); + r->ap_auth_type = const_cast<char*>(atype); + return httpd::reportStatus(openauth::login(dc.login, r)); } /** @@ -412,8 +411,7 @@ const command_rec commands[] = { void registerHooks(unused apr_pool_t *p) { ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_check_user_id(checkUserID, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_handler(handler, NULL, NULL, APR_HOOK_FIRST); + ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF); } } |