diff options
Diffstat (limited to 'sca-cpp/trunk/modules/oauth')
-rw-r--r-- | sca-cpp/trunk/modules/oauth/htdocs/login/index.html | 14 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html | 18 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/htdocs/logout/index.html | 12 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth1.cpp | 22 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/oauth/mod-oauth2.cpp | 22 |
5 files changed, 50 insertions, 38 deletions
diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html index 0740afd8b3..bf5e196bae 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html @@ -55,17 +55,17 @@ if (typeof(oauthReferrer()) == 'undefined') { document.location = '/'; } -function clearauthcookie() { - document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; +function clearAuthCookie() { + document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; return true; } function submitSignin2(w) { parms = w(); - clearauthcookie(); + clearAuthCookie(); document.signin2.oauth2_authorize.value = parms[0]; document.signin2.oauth2_access_token.value = parms[1]; document.signin2.oauth2_client_id.value = parms[2]; @@ -89,7 +89,7 @@ function withGithub() { function submitSignin1(w) { parms = w(); - clearauthcookie(); + clearAuthCookie(); document.signin1.oauth1_request_token.value = parms[0]; document.signin1.oauth1_authorize.value = parms[1]; document.signin1.oauth1_access_token.value = parms[2]; diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html index fdf2b64a3f..ef5afcdc7e 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html @@ -29,16 +29,16 @@ <h1>Sign in with a Form, an OpenID provider or an OAuth provider</h1> <script type="text/javascript"> -function clearauthcookie() { - document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; +function clearAuthCookie() { + document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; return true; } function submitFormSignin() { - clearauthcookie(); + clearAuthCookie(); document.formSignin.httpd_location.value = '/'; document.formSignin.submit(); } @@ -69,7 +69,7 @@ if (typeof(openauthReferrer()) == 'undefined') { } function submitOpenIDSignin(w) { - clearauthcookie(); + clearAuthCookie(); document.openIDSignin.openid_identifier.value = w(); document.openIDSignin.action = openauthReferrer(); document.openIDSignin.submit(); @@ -117,7 +117,7 @@ function withXRDSEndpoint() { function submitOAuth2Signin(w) { parms = w(); - clearauthcookie(); + clearAuthCookie(); document.oauth2Signin.oauth2_authorize.value = parms[0]; document.oauth2Signin.oauth2_access_token.value = parms[1]; document.oauth2Signin.oauth2_client_id.value = parms[2]; @@ -141,7 +141,7 @@ function withGithub() { function submitOAuth1Signin(w) { parms = w(); - clearauthcookie(); + clearAuthCookie(); document.oauth1Signin.oauth1_request_token.value = parms[0]; document.oauth1Signin.oauth1_authorize.value = parms[1]; document.oauth1Signin.oauth1_access_token.value = parms[2]; diff --git a/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html b/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html index 8cf786043b..437d39e882 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/logout/index.html @@ -31,16 +31,16 @@ <form name="signout" action="/login" method="GET"> <script type="text/javascript"> -function clearauthcookie() { - document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; - document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainname(window.location.hostname) + '; path=/'; +function clearAuthCookie() { + document.cookie = 'TuscanyOpenAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOAuth1=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOAuth2=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; + document.cookie = 'TuscanyOpenIDAuth=; expires=' + new Date(1970,01,01).toGMTString() + '; domain=.' + domainName(window.location.hostname) + '; path=/'; return true; } function submitSignout() { - clearauthcookie(); + clearAuthCookie(); document.signout.submit(); return true; } diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp index b1786d1098..e34c0c2359 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp @@ -139,7 +139,7 @@ const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) /** * Handle an authenticated request. */ -const failable<int> authenticated(const list<value>& userinfo, const bool check, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) { +const failable<int> authenticated(const list<value>& userinfo, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) { debug(userinfo, "modoauth2::authenticated::userinfo"); if (isNull(scopeattrs)) { @@ -156,8 +156,15 @@ const failable<int> authenticated(const list<value>& userinfo, const bool check, r->user = apr_pstrdup(r->pool, c_str(cadr(id))); // Run the authnz hooks to check the authenticated user - if (check) - return checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs); + const failable<int> arc = checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs); + if (!hasContent(arc)) + return arc; + + // Update the request user field with the authorized user id returned by the authnz hooks + const char* auser = apr_table_get(r->subprocess_env, "AUTHZ_USER"); + if (auser != NULL) + r->user = apr_pstrdup(r->pool, auser); + return OK; } @@ -172,7 +179,7 @@ const failable<int> authenticated(const list<value>& userinfo, const bool check, else apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v)))); } - return authenticated(userinfo, check, r, cdr(scopeattrs), apcs); + return authenticated(userinfo, r, cdr(scopeattrs), apcs); } /** @@ -293,8 +300,7 @@ const failable<int> authorize(const list<value>& args, request_rec* const r, con /** * Extract user info from a profile/info response. - * TODO This currently only works for Twitter, Foursquare and LinkedIn. - * User profile parsing needs to be made configurable. + * TODO Make this configurable */ const failable<list<value> > profileUserInfo(const value& cid, const string& info) { const string b = substr(info, 0, 1); @@ -424,7 +430,7 @@ const failable<int> accessToken(const list<value>& args, request_rec* r, const l return mkfailure<int>(userinfo); // Validate the authenticated user - const failable<int> authrc = authenticated(content(userinfo), true, r, scopeattrs, apcs); + const failable<int> authrc = authenticated(content(userinfo), r, scopeattrs, apcs); if (!hasContent(authrc)) return authrc; @@ -471,7 +477,7 @@ static int checkAuthn(request_rec *r) { if (!hasContent(userinfo)) return openauth::reportStatus(mkfailure<int>(reason(userinfo), HTTP_UNAUTHORIZED), dc.login, nilValue, r); r->ap_auth_type = const_cast<char*>(atype); - return openauth::reportStatus(authenticated(content(userinfo), false, r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r); + return openauth::reportStatus(authenticated(content(userinfo), r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r); } // Get the request args diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp index 0a4405ce2e..c5de134926 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp @@ -133,7 +133,7 @@ const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) /** * Handle an authenticated request. */ -const failable<int> authenticated(const list<value>& userinfo, const bool check, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) { +const failable<int> authenticated(const list<value>& userinfo, request_rec* const r, const list<value>& scopeattrs, const list<AuthnProviderConf>& apcs) { debug(userinfo, "modoauth2::authenticated::userinfo"); if (isNull(scopeattrs)) { @@ -150,8 +150,15 @@ const failable<int> authenticated(const list<value>& userinfo, const bool check, r->user = apr_pstrdup(r->pool, c_str(cadr(id))); // Run the authnz hooks to check the authenticated user - if (check) - return checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs); + const failable<int> arc = checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs); + if (!hasContent(arc)) + return arc; + + // Update the request user field with the authorized user id returned by the authnz hooks + const char* auser = apr_table_get(r->subprocess_env, "AUTHZ_USER"); + if (auser != NULL) + r->user = apr_pstrdup(r->pool, auser); + return OK; } @@ -166,7 +173,7 @@ const failable<int> authenticated(const list<value>& userinfo, const bool check, else apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v)))); } - return authenticated(userinfo, check, r, cdr(scopeattrs), apcs); + return authenticated(userinfo, r, cdr(scopeattrs), apcs); } /** @@ -219,8 +226,7 @@ const failable<int> authorize(const list<value>& args, request_rec* const r, con /** * Extract user info from a profile/info response. - * TODO This currently only works for Facebook and Gowalla. - * User profile parsing needs to be made configurable. + * TODO Make this configurable. */ const failable<list<value> > profileUserInfo(const value& cid, const list<value>& info) { return cons<value>(mklist<value>("realm", cid), info); @@ -299,7 +305,7 @@ const failable<int> accessToken(const list<value>& args, request_rec* r, const l return mkfailure<int>(userinfo); // Validate the authenticated user - const failable<int> authrc = authenticated(content(userinfo), true, r, scopeattrs, apcs); + const failable<int> authrc = authenticated(content(userinfo), r, scopeattrs, apcs); if (!hasContent(authrc)) return authrc; @@ -346,7 +352,7 @@ static int checkAuthn(request_rec *r) { if (!hasContent(userinfo)) return openauth::reportStatus(mkfailure<int>(reason(userinfo), HTTP_UNAUTHORIZED), dc.login, nilValue, r); r->ap_auth_type = const_cast<char*>(atype); - return openauth::reportStatus(authenticated(content(userinfo), false, r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r); + return openauth::reportStatus(authenticated(content(userinfo), r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r); } // Get the request args |