diff options
author | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2011-08-06 05:59:04 +0000 |
---|---|---|
committer | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2011-08-06 05:59:04 +0000 |
commit | 96659f703781c4223a9db5013cac10b850daa46b (patch) | |
tree | fed109b192a9d4d8c9f1358fd289fff45318f9a8 /sca-cpp/trunk/modules | |
parent | 9bc3767bab48bbd5897441a36d90f5b7daa8e321 (diff) |
Make authentication work with wildcard domains and increase authentication cookie max-age.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1154445 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp/trunk/modules')
-rw-r--r-- | sca-cpp/trunk/modules/http/htdocs/login/index.html | 3 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/http/htdocs/logout/index.html | 3 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-conf | 4 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/open-auth-conf | 7 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/htdocs/login/index.html | 6 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html | 12 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/htdocs/logout/index.html | 3 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth1.cpp | 1 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth2.cpp | 3 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/openid/htdocs/login/index.html | 3 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/openid/htdocs/logout/index.html | 3 |
11 files changed, 34 insertions, 14 deletions
diff --git a/sca-cpp/trunk/modules/http/htdocs/login/index.html b/sca-cpp/trunk/modules/http/htdocs/login/index.html index f4bdcd7f42..8b0ad48bd6 100644 --- a/sca-cpp/trunk/modules/http/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/http/htdocs/login/index.html @@ -31,7 +31,8 @@ <script type="text/javascript"> function submitFormSignin() { - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.formSignin.httpd_location.value = '/'; document.formSignin.submit(); } diff --git a/sca-cpp/trunk/modules/http/htdocs/logout/index.html b/sca-cpp/trunk/modules/http/htdocs/logout/index.html index bdff9a441e..0365af36a1 100644 --- a/sca-cpp/trunk/modules/http/htdocs/logout/index.html +++ b/sca-cpp/trunk/modules/http/htdocs/logout/index.html @@ -32,7 +32,8 @@ <form name="signout" action="/login" method="GET"> <script type="text/javascript"> function submitSignout() { - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.signout.submit(); return true; } diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index 1fac0d56e2..ada4e0a713 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -82,6 +82,8 @@ LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Refere CustomLog $root/logs/access_log combined CookieTracking on CookieName TuscanyVisitorId +CookieStyle Cookie +CookieExpires 31556926 # Configure Mime types and default charsets TypesConfig $here/conf/mime.types @@ -90,7 +92,7 @@ AddCharset utf-8 .js .css # Configure cache control SetEnvIf Request_URI "^/app.html$" must-revalidate -Header onsuccess set Cache-Control "max-age=86400" env=!must-revalidate +Header onsuccess set Cache-Control "max-age=604800" env=!must-revalidate Header set Cache-Control "must-revalidate, max-age=0" env=must-revalidate Header set Expires "Tue, 01 Jan 1980 00:00:00 GMT" env=must-revalidate diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf index cde0c6b05f..bed20d75a9 100755 --- a/sca-cpp/trunk/modules/http/open-auth-conf +++ b/sca-cpp/trunk/modules/http/open-auth-conf @@ -35,7 +35,7 @@ cat >>$root/conf/auth.conf <<EOF AuthType Open AuthName "$host" Session On -SessionCookieName TuscanyOpenAuth domain=.$host;path=/;secure=TRUE +SessionCookieName TuscanyOpenAuth domain=.$host; path=/; max-age=31556926 SessionCryptoPassphrase $pw AuthOpenAuth On AuthOpenAuthLoginPage /login @@ -53,5 +53,10 @@ Require valid-user SetHandler form-login-handler </Location> +# Mark login page with a header +<Location /login> +Header set X-Login open-auth +</Location> + EOF diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html index 5de29ca9da..3805deade3 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html @@ -57,7 +57,8 @@ if (typeof(oauthReferrer()) == 'undefined') { function submitSignin2(w) { parms = w(); - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.signin2.mod_oauth2_authorize.value = parms[0]; document.signin2.mod_oauth2_access_token.value = parms[1]; document.signin2.mod_oauth2_client_id.value = parms[2]; @@ -78,7 +79,8 @@ function withGithub() { function submitSignin1(w) { parms = w(); - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.signin1.mod_oauth1_request_token.value = parms[0]; document.signin1.mod_oauth1_authorize.value = parms[1]; document.signin1.mod_oauth1_access_token.value = parms[2]; diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html index 59e45b470b..8be8a4deaa 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html @@ -30,7 +30,8 @@ <script type="text/javascript"> function submitFormSignin() { - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.formSignin.httpd_location.value = '/'; document.formSignin.submit(); } @@ -61,7 +62,8 @@ if (typeof(openauthReferrer()) == 'undefined') { } function submitOpenIDSignin(w) { - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.openIDSignin.openid_identifier.value = w(); document.openIDSignin.action = openauthReferrer(); document.openIDSignin.submit(); @@ -109,7 +111,8 @@ function withXRDSEndpoint() { function submitOAuth2Signin(w) { parms = w(); - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.oauth2Signin.mod_oauth2_authorize.value = parms[0]; document.oauth2Signin.mod_oauth2_access_token.value = parms[1]; document.oauth2Signin.mod_oauth2_client_id.value = parms[2]; @@ -130,7 +133,8 @@ function withGithub() { function submitOAuth1Signin(w) { parms = w(); - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.oauth1Signin.mod_oauth1_request_token.value = parms[0]; document.oauth1Signin.mod_oauth1_authorize.value = parms[1]; document.oauth1Signin.mod_oauth1_access_token.value = parms[2]; diff --git a/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html b/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html index 37c2594ffb..267c501b83 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html @@ -32,7 +32,8 @@ <form name="signout" action="/login" method="GET"> <script type="text/javascript"> function submitSignout() { - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + window.location.hostname + ';path=/;secure=TRUE'; + document.cookie = reset; document.signout.submit(); return true; } diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp index e990f6dba2..252d5c5ee0 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp @@ -378,6 +378,7 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r, return mkfailure<int>(reason(prc)); // Send session ID to the client in a cookie + debug(c_str(openauth::cookie(sid, httpd::hostName(sc.server))), "modoauth1::access_token::setcookie"); apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid, httpd::hostName(sc.server)))); return httpd::externalRedirect(httpd::url(r->uri, r), r); } diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp index 61f242a80e..2e4b2e5b80 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp @@ -203,7 +203,7 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r, if (!hasContent(tr)) return mkfailure<int>(reason(tr)); debug(tr, "modoauth2::access_token::response"); - const list<value> tv = assoc<value>("access_token", httpd::queryArgs(join("", convertValues<string>(content(tr))))); + const list<value> tv = assoc<value>("access_token", httpd::queryArgs(join("", convertValues<string>(cadr<value>(content(tr)))))); if (isNil(tv) || isNil(cdr(tv))) return mkfailure<int>("Couldn't retrieve access_token"); debug(tv, "modoauth2::access_token::token"); @@ -230,6 +230,7 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r, return mkfailure<int>(reason(prc)); // Send session ID to the client in a cookie + debug(c_str(openauth::cookie(sid, httpd::hostName(sc.server))), "modoauth2::access_token::setcookie"); apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid, httpd::hostName(sc.server)))); return httpd::externalRedirect(httpd::url(r->uri, r), r); } diff --git a/sca-cpp/trunk/modules/openid/htdocs/login/index.html b/sca-cpp/trunk/modules/openid/htdocs/login/index.html index 32a0dca608..a90b669dd7 100644 --- a/sca-cpp/trunk/modules/openid/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/openid/htdocs/login/index.html @@ -56,7 +56,8 @@ if (typeof(openidReferrer()) == 'undefined') { } function submitSignin(w) { - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.signin.openid_identifier.value = w(); document.signin.action = openidReferrer(); document.signin.submit(); diff --git a/sca-cpp/trunk/modules/openid/htdocs/logout/index.html b/sca-cpp/trunk/modules/openid/htdocs/logout/index.html index 37c2594ffb..7780e9dec3 100644 --- a/sca-cpp/trunk/modules/openid/htdocs/logout/index.html +++ b/sca-cpp/trunk/modules/openid/htdocs/logout/index.html @@ -32,7 +32,8 @@ <form name="signout" action="/login" method="GET"> <script type="text/javascript"> function submitSignout() { - document.cookie = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';path=/;secure=TRUE'; + var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; + document.cookie = reset; document.signout.submit(); return true; } |