diff options
Diffstat (limited to '')
-rw-r--r-- | sca-cpp/trunk/modules/http/openauth.hpp (renamed from sca-cpp/trunk/modules/oauth/oauth.hpp) | 36 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/htdocs/index.html | 2 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html | 18 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth1.cpp | 65 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth2.cpp | 70 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/oauth/oauth-conf | 29 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/oauth/oauth-memcached-conf | 2 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/oauth/start-mixed-test | 3 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/oauth/start-test | 10 |
9 files changed, 108 insertions, 127 deletions
diff --git a/sca-cpp/trunk/modules/oauth/oauth.hpp b/sca-cpp/trunk/modules/http/openauth.hpp index cea16e035f..53250b4732 100644 --- a/sca-cpp/trunk/modules/oauth/oauth.hpp +++ b/sca-cpp/trunk/modules/http/openauth.hpp @@ -19,11 +19,11 @@ /* $Rev$ $Date$ */ -#ifndef tuscany_oauth_hpp -#define tuscany_oauth_hpp +#ifndef tuscany_openauth_hpp +#define tuscany_openauth_hpp /** - * OAuth support utility functions. + * Tuscany Open auth support utility functions. */ #include "string.hpp" @@ -35,10 +35,9 @@ #include "../json/json.hpp" #include "../http/httpd.hpp" #include "../http/http.hpp" -#include "../../components/cache/memcache.hpp" namespace tuscany { -namespace oauth { +namespace openauth { /** * Return the session id from a request. @@ -51,30 +50,27 @@ const char* cookieName(const char* cs) { const maybe<string> sessionID(const list<string> c) { if (isNil(c)) return maybe<string>(); - const list<string> kv = tokenize("=", cookieName(c_str(car(c)))); - if (!isNil(kv) && !isNil(cdr(kv))) { - if (car(kv) == "TuscanyOpenAuth") - return cadr(kv); + const string cn = cookieName(c_str(car(c))); + const int i = find(cn, "="); + if (i < length(cn)) { + const list<string> kv = mklist<string>(substr(cn, 0, i), substr(cn, i+1)); + if (!isNil(kv) && !isNil(cdr(kv))) { + if (car(kv) == "TuscanyOpenAuth") + return cadr(kv); + } } return sessionID(cdr(c)); } const maybe<string> sessionID(const request_rec* r) { const char* c = apr_table_get(r->headers_in, "Cookie"); - debug(c, "oauth::sessionid::cookies"); + debug(c, "openauth::sessionid::cookies"); if (c == NULL) return maybe<string>(); return sessionID(tokenize(";", c)); } /** - * Return the user info for a session. - */ -const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) { - return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc); -} - -/** * Convert a session id to a cookie string. */ const string cookie(const string& sid) { @@ -82,7 +78,7 @@ const string cookie(const string& sid) { char exp[32]; strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t)); const string c = string("TuscanyOpenAuth=") + sid + string(";path=/;expires=" + string(exp)) + ";secure=TRUE"; - debug(c, "oauth::cookie"); + debug(c, "openauth::cookie"); return c; } @@ -92,11 +88,11 @@ const string cookie(const string& sid) { const failable<int> login(const string& page, request_rec* r) { const list<list<value> > largs = mklist<list<value> >(mklist<value>("openauth_referrer", httpd::escape(httpd::url(r->uri, r)))); const string loc = httpd::url(page, r) + string("?") + httpd::queryString(largs); - debug(loc, "oauth::login::uri"); + debug(loc, "openauth::login::uri"); return httpd::externalRedirect(loc, r); } } } -#endif /* tuscany_oauth_hpp */ +#endif /* tuscany_openauth_hpp */ diff --git a/sca-cpp/trunk/modules/oauth/htdocs/index.html b/sca-cpp/trunk/modules/oauth/htdocs/index.html index e8cdd2f26b..fc8ce922f1 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/index.html @@ -19,7 +19,7 @@ <html> <head> -<script type="text/javascript" src="/js/ref.js"></script> +<script type="text/javascript" src="/wiring/ref.js"></script> <script type="text/javascript"> var protected = component("Protected"); var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getnickname", "getfullname", "getfirstname", "getlastname", "getrealm"); diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html index 10773c4538..d0b4f94d55 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html @@ -17,9 +17,14 @@ under the License. --> -<html><body><h1>Sign in with an OpenID or OAuth provider</h1> +<html><body><h1>Sign in with a Form, an OpenID provider or an OAuth provider</h1> <script type="text/javascript"> +function submitFormSignin() { + document.formSignin.httpd_location.value = '/'; + document.formSignin.submit(); +} + function queryParams() { qp = new Array(); qs = window.location.search.substring(1).split('&'); @@ -133,6 +138,17 @@ function withTwitter() { } </script> +<form name="formSignin" method="POST" action="/login/dologin"> +<p>Sign in with your user id and password<br/> +<table border="0"> +<tr><td>Username:</td><td><input type="text" name="httpd_username" value=""/></td></tr> +<tr><td>Password:</td><td><input type="password" name="httpd_password" value=""/></td></tr> +<tr><td><input type="button" onclick="submitFormSignin()" value="Sign in"/></td><td></td></tr> +</table> +</p> +<input type="hidden" name="httpd_location" value="/"/> +</form> + <form name="fields"> <p>Sign in with your Google account<br/><input type="button" onclick="submitOpenIDSignin(withGoogle)" value="Sign in"/></p> <p>Sign in with your Yahoo account<br/><input type="button" onclick="submitOpenIDSignin(withYahoo)" value="Sign in"/></p> diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp index 22fdd0cce3..a417935c0a 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp @@ -39,8 +39,8 @@ extern "C" { #include "../json/json.hpp" #include "../http/httpd.hpp" #include "../http/http.hpp" +#include "../http/openauth.hpp" #include "../../components/cache/memcache.hpp" -#include "oauth.hpp" extern "C" { extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth1; @@ -83,20 +83,10 @@ public: }; /** - * Check user authentication. + * Return the user info for a session. */ -static int checkUserID(request_rec *r) { - // Decline if we're not enabled or AuthType is not set to Open - const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth1); - if (!dc.enabled) - return DECLINED; - const char* atype = ap_auth_type(r); - if (atype == NULL || strcasecmp(atype, "Open")) - return DECLINED; - - gc_scoped_pool pool(r->pool); - httpdDebugRequest(r, "modoauth1::checkUserID::input"); - return OK; +const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) { + return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc); } /** @@ -135,10 +125,7 @@ const failable<int> authenticated(const list<list<value> >& info, request_rec* r const list<value> lastname = assoc<value>("last-name", info); if (!isNil(lastname) && !isNil(cdr(lastname))) apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname)))); - - if(r->ap_auth_type == NULL) - r->ap_auth_type = const_cast<char*>("OAuth"); - return DECLINED; + return OK; } /** @@ -391,47 +378,47 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r, return mkfailure<int>(reason(prc)); // Send session ID to the client in a cookie - apr_table_set(r->err_headers_out, "Set-Cookie", c_str(oauth::cookie(sid))); + apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid))); return httpd::externalRedirect(httpd::url(r->uri, r), r); } /** - * Handle a request. + * Check user authentication. */ -int handler(request_rec* r) { - // Decline if we're not enabled or if the user is already - // authenticated by another module +static int checkAuthn(request_rec *r) { + // Decline if we're not enabled or AuthType is not set to Open const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth1); - if(!dc.enabled) + if (!dc.enabled) return DECLINED; - if (r->user != NULL || apr_table_get(r->subprocess_env, "SSL_REMOTE_USER") != NULL) + const char* atype = ap_auth_type(r); + if (atype == NULL || strcasecmp(atype, "Open")) return DECLINED; gc_scoped_pool pool(r->pool); - httpdDebugRequest(r, "modoauth1::handler::input"); + httpdDebugRequest(r, "modoauth1::checkAuthn::input"); const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth1); // Get session id from the request - const maybe<string> sid = oauth::sessionID(r); + const maybe<string> sid = openauth::sessionID(r); if (hasContent(sid)) { // Decline if the session id was not created by this module if (substr(content(sid), 0, 7) != "OAuth1_") return DECLINED; // If we're authenticated store the user info in the request - const failable<value> info = oauth::userInfo(content(sid), sc.mc); - if (hasContent(info)) + const failable<value> info = userInfo(content(sid), sc.mc); + if (hasContent(info)) { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(authenticated(content(info), r)); + } } // Get the request args const list<list<value> > args = httpd::queryArgs(r); - // Decline if the request is for OpenID authentication + // Decline if the request is for another authentication provider if (!isNil(assoc<value>("openid_identifier", args))) return DECLINED; - - // Decline if the request is for OAuth2 authentication if (!isNil(assoc<value>("mod_oauth2_step", args))) return DECLINED; @@ -441,15 +428,20 @@ int handler(request_rec* r) { const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : ""; // Handle OAuth authorize request step - if (step == "authorize") + if (step == "authorize") { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(authorize(args, r, sc)); + } // Handle OAuth access_token request step - if (step == "access_token") + if (step == "access_token") { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(access_token(args, r, sc)); + } // Redirect to the login page - return httpd::reportStatus(oauth::login(dc.login, r)); + r->ap_auth_type = const_cast<char*>(atype); + return httpd::reportStatus(openauth::login(dc.login, r)); } /** @@ -567,8 +559,7 @@ const command_rec commands[] = { void registerHooks(unused apr_pool_t *p) { ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_check_user_id(checkUserID, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_handler(handler, NULL, NULL, APR_HOOK_FIRST); + ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF); } } diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp index bb96fcb916..b52967977e 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp @@ -33,8 +33,8 @@ #include "monad.hpp" #include "../http/httpd.hpp" #include "../http/http.hpp" +#include "../http/openauth.hpp" #include "../../components/cache/memcache.hpp" -#include "oauth.hpp" extern "C" { extern module AP_MODULE_DECLARE_DATA mod_tuscany_oauth2; @@ -77,20 +77,10 @@ public: }; /** - * Check user authentication. + * Return the user info for a session. */ -static int checkUserID(request_rec *r) { - // Decline if we're not enabled or AuthType is not set to Open - const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2); - if (!dc.enabled) - return DECLINED; - const char* atype = ap_auth_type(r); - if (atype == NULL || strcasecmp(atype, "Open")) - return DECLINED; - - gc_scoped_pool pool(r->pool); - httpdDebugRequest(r, "modoauth2::checkUserID::input"); - return OK; +const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) { + return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc); } /** @@ -99,6 +89,12 @@ static int checkUserID(request_rec *r) { const failable<int> authenticated(const list<list<value> >& info, request_rec* r) { debug(info, "modoauth2::authenticated::info"); + // Store user info in the request + const list<value> realm = assoc<value>("realm", info); + if (isNil(realm) || isNil(cdr(realm))) + return mkfailure<int>("Couldn't retrieve realm"); + apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm)))); + const list<value> id = assoc<value>("id", info); if (isNil(id) || isNil(cdr(id))) return mkfailure<int>("Couldn't retrieve user id"); @@ -122,9 +118,7 @@ const failable<int> authenticated(const list<list<value> >& info, request_rec* r if (!isNil(lastname) && !isNil(cdr(lastname))) apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname)))); - if(r->ap_auth_type == NULL) - r->ap_auth_type = const_cast<char*>("OAuth"); - return DECLINED; + return OK; } /** @@ -236,47 +230,47 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r, return mkfailure<int>(reason(prc)); // Send session ID to the client in a cookie - apr_table_set(r->err_headers_out, "Set-Cookie", c_str(oauth::cookie(sid))); + apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid))); return httpd::externalRedirect(httpd::url(r->uri, r), r); } /** - * Handle a request. + * Check user authentication. */ -int handler(request_rec* r) { - // Decline if we're not enabled or if the user is already - // authenticated by another module +static int checkAuthn(request_rec *r) { + // Decline if we're not enabled or AuthType is not set to Open const DirConf& dc = httpd::dirConf<DirConf>(r, &mod_tuscany_oauth2); - if(!dc.enabled) + if (!dc.enabled) return DECLINED; - if (r->user != NULL || apr_table_get(r->subprocess_env, "SSL_REMOTE_USER") != NULL) + const char* atype = ap_auth_type(r); + if (atype == NULL || strcasecmp(atype, "Open")) return DECLINED; gc_scoped_pool pool(r->pool); - httpdDebugRequest(r, "modoauth2::handler::input"); + httpdDebugRequest(r, "modoauth2::checkAuthn::input"); const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth2); // Get session id from the request - const maybe<string> sid = oauth::sessionID(r); + const maybe<string> sid = openauth::sessionID(r); if (hasContent(sid)) { // Decline if the session id was not created by this module if (substr(content(sid), 0, 7) != "OAuth2_") return DECLINED; // If we're authenticated store the user info in the request - const failable<value> info = oauth::userInfo(content(sid), sc.mc); - if (hasContent(info)) + const failable<value> info = userInfo(content(sid), sc.mc); + if (hasContent(info)) { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(authenticated(content(info), r)); + } } // Get the request args const list<list<value> > args = httpd::queryArgs(r); - // Decline if the request is for OpenID authentication + // Decline if the request is for another authentication provider if (!isNil(assoc<value>("openid_identifier", args))) return DECLINED; - - // Decline if the request is for OAuth1 authentication if (!isNil(assoc<value>("mod_oauth1_step", args))) return DECLINED; @@ -286,15 +280,20 @@ int handler(request_rec* r) { const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : ""; // Handle OAuth authorize request step - if (step == "authorize") + if (step == "authorize") { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(authorize(args, r, sc)); + } // Handle OAuth access_token request step - if (step == "access_token") + if (step == "access_token") { + r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(access_token(args, r, sc)); + } // Redirect to the login page - return httpd::reportStatus(oauth::login(dc.login, r)); + r->ap_auth_type = const_cast<char*>(atype); + return httpd::reportStatus(openauth::login(dc.login, r)); } /** @@ -412,8 +411,7 @@ const command_rec commands[] = { void registerHooks(unused apr_pool_t *p) { ap_hook_post_config(postConfig, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_child_init(childInit, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_check_user_id(checkUserID, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_handler(handler, NULL, NULL, APR_HOOK_FIRST); + ap_hook_check_authn(checkAuthn, NULL, NULL, APR_HOOK_MIDDLE, AP_AUTH_INTERNAL_PER_CONF); } } diff --git a/sca-cpp/trunk/modules/oauth/oauth-conf b/sca-cpp/trunk/modules/oauth/oauth-conf index 91ae1916c7..4ac231a55b 100755 --- a/sca-cpp/trunk/modules/oauth/oauth-conf +++ b/sca-cpp/trunk/modules/oauth/oauth-conf @@ -26,7 +26,7 @@ conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` # Configure HTTPD mod_tuscany_oauth module -cat >>$root/conf/httpd.conf <<EOF +cat >>$root/conf/auth.conf <<EOF # Generated by: oauth-conf $* # Load support for OAuth authentication LoadModule mod_tuscany_oauth1 $here/libmod_tuscany_oauth1.so @@ -35,22 +35,10 @@ LoadModule mod_tuscany_oauth2 $here/libmod_tuscany_oauth2.so # Enable OAuth authentication <Location /> AuthType Open +AuthName "$host" AuthOAuth On AuthOAuthLoginPage /login -</Location> - -# Enable unauthenticated access to public areas -<Location /login> -AuthOAuth Off -</Location> -<Location /logout> -AuthOAuth Off -</Location> -<Location /public> -AuthOAuth Off -</Location> -<Location /ui> -AuthOAuth Off +Require valid-user </Location> # Configure OAuth App keys @@ -65,14 +53,3 @@ cat >$root/cert/oauth-keys.conf <<EOF EOF -cat >>$root/conf/vhost-ssl.conf <<EOF -# Generated by: oauth-conf $* -# Require OAuth authentication -<Location /> -AuthType Open -AuthName "$host" -Require valid-user -</Location> - -EOF - diff --git a/sca-cpp/trunk/modules/oauth/oauth-memcached-conf b/sca-cpp/trunk/modules/oauth/oauth-memcached-conf index 6634511d61..23a82a0486 100755 --- a/sca-cpp/trunk/modules/oauth/oauth-memcached-conf +++ b/sca-cpp/trunk/modules/oauth/oauth-memcached-conf @@ -24,7 +24,7 @@ host=$2 port=$3 # Configure HTTPD mod_tuscany_oauth module cache -cat >>$root/conf/httpd.conf <<EOF +cat >>$root/conf/auth.conf <<EOF # Generated by: oauth-memcached-conf $* AddAuthOAuthMemcached $host:$port diff --git a/sca-cpp/trunk/modules/oauth/start-mixed-test b/sca-cpp/trunk/modules/oauth/start-mixed-test index e838e9bb83..c368c29ed2 100755 --- a/sca-cpp/trunk/modules/oauth/start-mixed-test +++ b/sca-cpp/trunk/modules/oauth/start-mixed-test @@ -44,6 +44,8 @@ here=`readlink -f $0`; here=`dirname $here` ../openid/openid-memcached-conf tmp localhost 11212 ../openid/openid-memcached-conf tmp localhost 11213 +../http/open-auth-conf tmp + ../../modules/server/server-conf tmp ../../modules/server/scheme-conf tmp cat >>tmp/conf/httpd.conf <<EOF @@ -51,6 +53,7 @@ SCAContribution `pwd`/ SCAComposite oauth.composite Alias /login/index.html $here/htdocs/login/mixed.html + EOF ../../modules/http/httpd-start tmp diff --git a/sca-cpp/trunk/modules/oauth/start-test b/sca-cpp/trunk/modules/oauth/start-test index 8c59009102..8fd9d01302 100755 --- a/sca-cpp/trunk/modules/oauth/start-test +++ b/sca-cpp/trunk/modules/oauth/start-test @@ -21,14 +21,14 @@ ../../components/cache/memcached-start 11212 ../../components/cache/memcached-start 11213 -../../modules/http/ssl-ca-conf tmp jsdelfino.com -../../modules/http/ssl-cert-conf tmp jsdelfino.com -../../modules/http/httpd-conf tmp jsdelfino.com 8090/80 htdocs +../../modules/http/ssl-ca-conf tmp localhost +../../modules/http/ssl-cert-conf tmp localhost +../../modules/http/httpd-conf tmp localhost 8090/80 htdocs ../../modules/http/httpd-ssl-conf tmp 8453/443 ./oauth-conf tmp -./oauth-memcached-conf tmp jsdelfino.com 11212 -./oauth-memcached-conf tmp jsdelfino.com 11213 +./oauth-memcached-conf tmp localhost 11212 +./oauth-memcached-conf tmp localhost 11213 # Configure your app keys here ./oauth1-appkey-conf tmp twitter.com app2345 secret7890 |