diff options
Diffstat (limited to '')
22 files changed, 130 insertions, 65 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index e48902fd82..5f1058ea75 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -117,7 +117,7 @@ BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-res SSLOptions -StrictRequire +OptRenegotiate # Verify client certificates -SSLVerifyClient optional +SSLVerifyClient none SSLVerifyDepth 1 # Enable SSL proxy engine @@ -195,7 +195,7 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 and ( \ ( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "tunnel" ) or \ ( %{SSL_CLIENT_I_DN_O} == "$org" and %{SSL_CLIENT_S_DN_OU} == "proxy" and \ %{HTTP:X-Forwarded-SSL-Issuer-DN-O} == "$org" and %{HTTP:X-Forwarded-SSL-Client-DN-OU} == "server" ) or \ -%{REQUEST_URI} =~ m/^.(login|logout|openid|unprotected).*$/ ) +%{REQUEST_URI} =~ m/^.(login|logout|openid|public|ui).*$/ ) # Record received SSL client certificate info in environment vars RewriteEngine on diff --git a/sca-cpp/trunk/modules/oauth/Makefile.am b/sca-cpp/trunk/modules/oauth/Makefile.am index 84bbe32eec..6c0cd2bc57 100644 --- a/sca-cpp/trunk/modules/oauth/Makefile.am +++ b/sca-cpp/trunk/modules/oauth/Makefile.am @@ -35,7 +35,7 @@ libmod_tuscany_oauth2_la_LDFLAGS = -lxml2 -lcurl -lmozjs libmod_tuscany_oauth2.so: ln -s .libs/libmod_tuscany_oauth2.so -EXTRA_DIST = oauth.composite user-info.scm htdocs/index.html htdocs/login/index.html htdocs/logout/index.html htdocs/unprotected/index.html +EXTRA_DIST = oauth.composite user-info.scm htdocs/index.html htdocs/login/index.html htdocs/logout/index.html htdocs/public/index.html dist_noinst_SCRIPTS = start-test stop-test diff --git a/sca-cpp/trunk/modules/oauth/htdocs/index.html b/sca-cpp/trunk/modules/oauth/htdocs/index.html index 779ea74986..e8cdd2f26b 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/index.html @@ -22,13 +22,14 @@ <script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript"> var protected = component("Protected"); -var userInfo = reference(protected, "userInfo"); -var user = userInfo.apply("getuser"); +var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getnickname", "getfullname", "getfirstname", "getlastname", "getrealm"); +var user = userInfo.getuser(); var email = userInfo.apply("getemail"); var nickname = userInfo.apply("getnickname"); var fullname = userInfo.apply("getfullname"); var firstname = userInfo.apply("getfirstname"); var lastname = userInfo.apply("getlastname"); +var realm = userInfo.apply("getrealm"); </script> </head> <body> @@ -40,6 +41,7 @@ var lastname = userInfo.apply("getlastname"); <div>Fullname: <span id="fullname"></span></div> <div>Firstname: <span id="firstname"></span></div> <div>Lastname: <span id="lastname"></span></div> +<div>Realm: <span id="realm"></span></div> <script type="text/javascript"> document.getElementById('user').innerHTML=user; document.getElementById('email').innerHTML=email; @@ -47,9 +49,10 @@ document.getElementById('nickname').innerHTML=nickname; document.getElementById('fullname').innerHTML=fullname; document.getElementById('firstname').innerHTML=firstname; document.getElementById('lastname').innerHTML=lastname; +document.getElementById('realm').innerHTML=realm; </script> <p><a href="info">User info</a></p> <p><a href="login">Sign in</a></p> <p><a href="logout">Sign out</a></p> -<p><a href="unprotected">Unprotected area</a></p> +<p><a href="public">Public area</a></p> </body></html> diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html index 607c55ca18..8cdcb1cf64 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/index.html @@ -56,12 +56,12 @@ function submitSignin2(w) { } function withFacebook() { - var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'testfacebookapp', 'https://graph.facebook.com/me']; + var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'facebook.com', 'https://graph.facebook.com/me']; return parms; } function withGithub() { - var parms = ['https://github.com/login/oauth/authorize', 'https://github.com/login/oauth/access_token', 'testgithubapp', 'https://github.com/api/v2/json/user/show']; + var parms = ['https://github.com/login/oauth/authorize', 'https://github.com/login/oauth/access_token', 'github.com', 'https://github.com/api/v2/json/user/show']; return parms; } @@ -77,12 +77,12 @@ function submitSignin1(w) { } function withLinkedin() { - var parms = ['https://api.linkedin.com/uas/oauth/requestToken', 'https://www.linkedin.com/uas/oauth/authorize', 'https://api.linkedin.com/uas/oauth/accessToken', 'testlinkedinapp', 'https://api.linkedin.com/v1/people/~:(id,first-name,last-name,public-profile-url)']; + var parms = ['https://api.linkedin.com/uas/oauth/requestToken', 'https://www.linkedin.com/uas/oauth/authorize', 'https://api.linkedin.com/uas/oauth/accessToken', 'linkedin.com', 'https://api.linkedin.com/v1/people/~:(id,first-name,last-name,public-profile-url)']; return parms; } function withTwitter() { - var parms = ['https://api.twitter.com/oauth/request_token', 'https://api.twitter.com/oauth/authorize', 'https://api.twitter.com/oauth/access_token', 'testtwitterapp', 'https://api.twitter.com/1/statuses/user_timeline.json']; + var parms = ['https://api.twitter.com/oauth/request_token', 'https://api.twitter.com/oauth/authorize', 'https://api.twitter.com/oauth/access_token', 'twitter.com', 'https://api.twitter.com/1/statuses/user_timeline.json']; return parms; } </script> diff --git a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html index c187aa2a84..10773c4538 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/login/mixed.html @@ -102,12 +102,12 @@ function submitOAuth2Signin(w) { } function withFacebook() { - var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'testfacebookapp', 'https://graph.facebook.com/me']; + var parms = ['https://graph.facebook.com/oauth/authorize', 'https://graph.facebook.com/oauth/access_token', 'facebook.com', 'https://graph.facebook.com/me']; return parms; } function withGithub() { - var parms = ['https://github.com/login/oauth/authorize', 'https://github.com/login/oauth/access_token', 'testgithubapp', 'https://github.com/api/v2/json/user/show']; + var parms = ['https://github.com/login/oauth/authorize', 'https://github.com/login/oauth/access_token', 'github.com', 'https://github.com/api/v2/json/user/show']; return parms; } @@ -123,12 +123,12 @@ function submitOAuth1Signin(w) { } function withLinkedin() { - var parms = ['https://api.linkedin.com/uas/oauth/requestToken', 'https://www.linkedin.com/uas/oauth/authorize', 'https://api.linkedin.com/uas/oauth/accessToken', 'testlinkedinapp', 'https://api.linkedin.com/v1/people/~:(id,first-name,last-name,public-profile-url)']; + var parms = ['https://api.linkedin.com/uas/oauth/requestToken', 'https://www.linkedin.com/uas/oauth/authorize', 'https://api.linkedin.com/uas/oauth/accessToken', 'linkedin.com', 'https://api.linkedin.com/v1/people/~:(id,first-name,last-name,public-profile-url)']; return parms; } function withTwitter() { - var parms = ['https://api.twitter.com/oauth/request_token', 'https://api.twitter.com/oauth/authorize', 'https://api.twitter.com/oauth/access_token', 'testtwitterapp', 'https://api.twitter.com/1/statuses/user_timeline.json']; + var parms = ['https://api.twitter.com/oauth/request_token', 'https://api.twitter.com/oauth/authorize', 'https://api.twitter.com/oauth/access_token', 'twitter.com', 'https://api.twitter.com/1/statuses/user_timeline.json']; return parms; } </script> diff --git a/sca-cpp/trunk/modules/oauth/htdocs/unprotected/index.html b/sca-cpp/trunk/modules/oauth/htdocs/public/index.html index af2cd7ca19..af2cd7ca19 100644 --- a/sca-cpp/trunk/modules/oauth/htdocs/unprotected/index.html +++ b/sca-cpp/trunk/modules/oauth/htdocs/public/index.html diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp index 23ef90b0dd..22fdd0cce3 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp @@ -105,6 +105,12 @@ static int checkUserID(request_rec *r) { const failable<int> authenticated(const list<list<value> >& info, request_rec* r) { debug(info, "modoauth1::authenticated::info"); + // Store user info in the request + const list<value> realm = assoc<value>("realm", info); + if (isNil(realm) || isNil(cdr(realm))) + return mkfailure<int>("Couldn't retrieve realm"); + apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "REALM"), apr_pstrdup(r->pool, c_str(cadr(realm)))); + const list<value> id = assoc<value>("id", info); if (isNil(id) || isNil(cdr(id))) return mkfailure<int>("Couldn't retrieve user id"); @@ -250,35 +256,53 @@ const failable<int> authorize(const list<list<value> >& args, request_rec* r, co /** * Extract user info from a profile/info response. - * TODO This currently only works for twitter and linkedin profiles and - * needs to be made configurable. + * TODO This currently only works for Twitter, Foursquare and LinkedIn. + * User profile parsing needs to be made configurable. */ -const failable<list<value> > profileUserInfo(const string& info) { - if (substr(info, 0, 1) == "[") { - // JSON profile +const failable<list<value> > profileUserInfo(const value& cid, const string& info) { + string b = substr(info, 0, 1); + if (b == "[") { + // Twitter JSON profile json::JSONContext cx; const list<value> infov(json::jsonValues(content(json::readJSON(mklist<string>(info), cx)))); if (isNil(infov)) return mkfailure<list<value> >("Couldn't retrieve user info"); debug(infov, "modoauth1::access_token::info"); const list<value> uv = assoc<value>("user", car(infov)); + debug(uv, "modoauth1::access_token::userInfo"); if (isNil(uv) || isNil(cdr(uv))) return mkfailure<list<value> >("Couldn't retrieve user info"); const list<value> iv = cdr(uv); - return iv; - - } else { + return cons<value>(mklist<value>("realm", cid), iv); + } + if (b == "{") { + // Foursquare JSON profile + json::JSONContext cx; + const list<value> infov(json::jsonValues(content(json::readJSON(mklist<string>(info), cx)))); + if (isNil(infov)) + return mkfailure<list<value> >("Couldn't retrieve user info"); + debug(infov, "modoauth1::access_token::info"); + const list<value> uv = assoc<value>("user", infov); + debug(uv, "modoauth1::access_token::userInfo"); + if (isNil(uv) || isNil(cdr(uv))) + return mkfailure<list<value> >("Couldn't retrieve user info"); + const list<value> iv = cdr(uv); + return cons<value>(mklist<value>("realm", cid), iv); + } + if (b == "<") { // XML profile const list<value> infov = elementsToValues(readXML(mklist<string>(info))); if (isNil(infov)) return mkfailure<list<value> >("Couldn't retrieve user info"); debug(infov, "modoauth1::access_token::info"); const list<value> pv = car(infov); + debug(pv, "modoauth1::access_token::userInfo"); if (isNil(pv) || isNil(cdr(pv))) return mkfailure<list<value> >("Couldn't retrieve user info"); const list<value> iv = cdr(pv); - return iv; + return cons<value>(mklist<value>("realm", cid), iv); } + return mkfailure<list<value> >("Couldn't retrieve user info"); } /** @@ -356,7 +380,7 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r, debug(profres, "modoauth1::access_token::profres"); // Retrieve the user info from the profile - const failable<list<value> > iv = profileUserInfo(profres); + const failable<list<value> > iv = profileUserInfo(cadr(cid), profres); if (!hasContent(iv)) return mkfailure<int>(reason(iv)); diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp index 60eadc282c..bb96fcb916 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth2.cpp @@ -164,6 +164,15 @@ const failable<int> authorize(const list<list<value> >& args, request_rec* r, co } /** + * Extract user info from a profile/info response. + * TODO This currently only works for Facebook and Gowalla. + * User profile parsing needs to be made configurable. + */ +const failable<list<value> > profileUserInfo(const value& cid, const list<value>& info) { + return cons<value>(mklist<value>("realm", cid), info); +} + +/** * Handle an access_token request. */ const failable<int> access_token(const list<list<value> >& args, request_rec* r, const ServerConf& sc) { @@ -210,10 +219,15 @@ const failable<int> access_token(const list<list<value> >& args, request_rec* r, const list<list<value> > iargs = mklist<list<value> >(tv); const string iuri = httpd::unescape(cadr(info)) + string("?") + httpd::queryString(iargs); debug(iuri, "modoauth2::access_token::infouri"); - const failable<value> iv = http::get(iuri, sc.cs); - if (!hasContent(iv)) + const failable<value> profres = http::get(iuri, sc.cs); + if (!hasContent(profres)) return mkfailure<int>("Couldn't retrieve user info"); - debug(content(iv), "modoauth2::access_token::info"); + debug(content(profres), "modoauth2::access_token::info"); + + // Retrieve the user info from the profile + const failable<list<value> > iv = profileUserInfo(cadr(cid), content(profres)); + if (!hasContent(iv)) + return mkfailure<int>(reason(iv)); // Store user info in memcached keyed by session ID const value sid = string("OAuth2_") + mkrand(); diff --git a/sca-cpp/trunk/modules/oauth/oauth-conf b/sca-cpp/trunk/modules/oauth/oauth-conf index 5c3fde2ccc..91ae1916c7 100755 --- a/sca-cpp/trunk/modules/oauth/oauth-conf +++ b/sca-cpp/trunk/modules/oauth/oauth-conf @@ -39,14 +39,17 @@ AuthOAuth On AuthOAuthLoginPage /login </Location> -# Enable unauthenticated access to unprotected areas +# Enable unauthenticated access to public areas <Location /login> AuthOAuth Off </Location> <Location /logout> AuthOAuth Off </Location> -<Location /unprotected> +<Location /public> +AuthOAuth Off +</Location> +<Location /ui> AuthOAuth Off </Location> diff --git a/sca-cpp/trunk/modules/oauth/oauth.composite b/sca-cpp/trunk/modules/oauth/oauth.composite index 0119db22c9..c2025493c8 100644 --- a/sca-cpp/trunk/modules/oauth/oauth.composite +++ b/sca-cpp/trunk/modules/oauth/oauth.composite @@ -38,6 +38,7 @@ <property name="fullname">?</property> <property name="firstname">?</property> <property name="lastname">?</property> + <property name="realm">?</property> </component> </composite> diff --git a/sca-cpp/trunk/modules/oauth/oauth.hpp b/sca-cpp/trunk/modules/oauth/oauth.hpp index ab92cbd381..cea16e035f 100644 --- a/sca-cpp/trunk/modules/oauth/oauth.hpp +++ b/sca-cpp/trunk/modules/oauth/oauth.hpp @@ -43,10 +43,15 @@ namespace oauth { /** * Return the session id from a request. */ +const char* cookieName(const char* cs) { + if (*cs != ' ') + return cs; + return cookieName(cs + 1); +} const maybe<string> sessionID(const list<string> c) { if (isNil(c)) return maybe<string>(); - const list<string> kv = tokenize("=", car(c)); + const list<string> kv = tokenize("=", cookieName(c_str(car(c)))); if (!isNil(kv) && !isNil(cdr(kv))) { if (car(kv) == "TuscanyOpenAuth") return cadr(kv); diff --git a/sca-cpp/trunk/modules/oauth/start-mixed-test b/sca-cpp/trunk/modules/oauth/start-mixed-test index 468e6861d8..e838e9bb83 100755 --- a/sca-cpp/trunk/modules/oauth/start-mixed-test +++ b/sca-cpp/trunk/modules/oauth/start-mixed-test @@ -34,10 +34,10 @@ here=`readlink -f $0`; here=`dirname $here` ./oauth-memcached-conf tmp localhost 11213 # Configure your app keys here -./oauth1-appkey-conf tmp testtwitterapp app2345 secret7890 -./oauth1-appkey-conf tmp testlinkedinapp app3456 secret4567 -./oauth2-appkey-conf tmp testfacebookapp app1234 secret6789 -./oauth2-appkey-conf tmp testgithubapp app5678 secret8901 +./oauth1-appkey-conf tmp twitter.com app2345 secret7890 +./oauth1-appkey-conf tmp linkedin.com app3456 secret4567 +./oauth2-appkey-conf tmp facebook.com app1234 secret6789 +./oauth2-appkey-conf tmp github.com app5678 secret8901 ../openid/openid-conf tmp ../openid/openid-step2-conf tmp diff --git a/sca-cpp/trunk/modules/oauth/start-test b/sca-cpp/trunk/modules/oauth/start-test index 47171a91ae..8c59009102 100755 --- a/sca-cpp/trunk/modules/oauth/start-test +++ b/sca-cpp/trunk/modules/oauth/start-test @@ -21,20 +21,20 @@ ../../components/cache/memcached-start 11212 ../../components/cache/memcached-start 11213 -../../modules/http/ssl-ca-conf tmp localhost -../../modules/http/ssl-cert-conf tmp localhost -../../modules/http/httpd-conf tmp localhost 8090 htdocs -../../modules/http/httpd-ssl-conf tmp 8453 +../../modules/http/ssl-ca-conf tmp jsdelfino.com +../../modules/http/ssl-cert-conf tmp jsdelfino.com +../../modules/http/httpd-conf tmp jsdelfino.com 8090/80 htdocs +../../modules/http/httpd-ssl-conf tmp 8453/443 ./oauth-conf tmp -./oauth-memcached-conf tmp localhost 11212 -./oauth-memcached-conf tmp localhost 11213 +./oauth-memcached-conf tmp jsdelfino.com 11212 +./oauth-memcached-conf tmp jsdelfino.com 11213 # Configure your app keys here -./oauth1-appkey-conf tmp testtwitterapp app2345 secret7890 -./oauth1-appkey-conf tmp testlinkedinapp app3456 secret4567 -./oauth2-appkey-conf tmp testfacebookapp app1234 secret6789 -./oauth2-appkey-conf tmp testgithubapp app5678 secret8901 +./oauth1-appkey-conf tmp twitter.com app2345 secret7890 +./oauth1-appkey-conf tmp linkedin.com app3456 secret4567 +./oauth2-appkey-conf tmp facebook.com app1234 secret6789 +./oauth2-appkey-conf tmp github.com app5678 secret8901 ../../modules/server/server-conf tmp ../../modules/server/scheme-conf tmp diff --git a/sca-cpp/trunk/modules/oauth/user-info.scm b/sca-cpp/trunk/modules/oauth/user-info.scm index 58a84f86b0..4960a0a455 100644 --- a/sca-cpp/trunk/modules/oauth/user-info.scm +++ b/sca-cpp/trunk/modules/oauth/user-info.scm @@ -17,18 +17,20 @@ ; OAuth support test case -(define (get id user email nickname fullname firstname lastname) (list "text/html" (list - "<html><body><p>The following info is generated on the server:</p><div>User: " (user) "</div><div>Email: " (email) "</div><div>Nickname: " (nickname) "</div><div>Fullname: " (fullname) "</div><div>Firstname: " (firstname) "</div><div>Lastname: " (lastname) "</div></body></html>"))) +(define (get id user email nickname fullname firstname lastname realm) (list "text/html" (list + "<html><body><p>The following info is generated on the server:</p><div>User: " (user) "</div><div>Email: " (email) "</div><div>Nickname: " (nickname) "</div><div>Fullname: " (fullname) "</div><div>Firstname: " (firstname) "</div><div>Lastname: " (lastname) "</div><div>Realm: " (realm) "</div></body></html>"))) -(define (getuser user email nickname fullname firstname lastname) (user)) +(define (getuser user email nickname fullname firstname lastname realm) (user)) -(define (getemail user email nickname fullname firstname lastname) (email)) +(define (getemail user email nickname fullname firstname lastname realm) (email)) -(define (getnickname user email nickname fullname firstname lastname) (nickname)) +(define (getnickname user email nickname fullname firstname lastname realm) (nickname)) -(define (getfullname user email nickname fullname firstname lastname) (fullname)) +(define (getfullname user email nickname fullname firstname lastname realm) (fullname)) -(define (getfirstname user email nickname fullname firstname lastname) (firstname)) +(define (getfirstname user email nickname fullname firstname lastname realm) (firstname)) -(define (getlastname user email nickname fullname firstname lastname) (lastname)) +(define (getlastname user email nickname fullname firstname lastname realm) (lastname)) + +(define (getrealm user email nickname fullname firstname lastname realm) (realm)) diff --git a/sca-cpp/trunk/modules/openid/Makefile.am b/sca-cpp/trunk/modules/openid/Makefile.am index ba6e523ad2..a46dd56743 100644 --- a/sca-cpp/trunk/modules/openid/Makefile.am +++ b/sca-cpp/trunk/modules/openid/Makefile.am @@ -25,7 +25,7 @@ mod_DATA = openid.prefix openid.prefix: $(top_builddir)/config.status echo ${MODAUTHOPENID_PREFIX} >openid.prefix -EXTRA_DIST = openid.composite user-info.scm htdocs/index.html htdocs/login/index.html htdocs/logout/index.html htdocs/unprotected/index.html +EXTRA_DIST = openid.composite user-info.scm htdocs/index.html htdocs/login/index.html htdocs/logout/index.html htdocs/public/index.html dist_noinst_SCRIPTS = start-test stop-test diff --git a/sca-cpp/trunk/modules/openid/htdocs/index.html b/sca-cpp/trunk/modules/openid/htdocs/index.html index c2dfc791e6..cdc65a4e37 100644 --- a/sca-cpp/trunk/modules/openid/htdocs/index.html +++ b/sca-cpp/trunk/modules/openid/htdocs/index.html @@ -22,9 +22,10 @@ <script type="text/javascript" src="/js/ref.js"></script> <script type="text/javascript"> var protected = component("Protected"); -var userInfo = reference(protected, "userInfo"); -var user = userInfo.apply("getuser"); -var email = userInfo.apply("getemail"); +var userInfo = defun(reference(protected, "userInfo"), "getuser", "getemail", "getrealm"); +var user = userInfo.getuser(); +var email = userInfo.getemail(); +var realm = userInfo.getrealm(); </script> </head> <body> @@ -32,12 +33,14 @@ var email = userInfo.apply("getemail"); <p>The following info is returned by a JSONRPC service:</p> <div id="user"></div> <div id="email"></div> +<div id="realm"></div> <script type="text/javascript"> document.getElementById('user').innerHTML="User: " + user; document.getElementById('email').innerHTML="Email: " + email; +document.getElementById('realm').innerHTML="Realm: " + realm; </script> <p><a href="info">User info</a></p> <p><a href="login">Sign in</a></p> <p><a href="logout">Sign out</a></p> -<p><a href="unprotected">Unprotected area</a></p> +<p><a href="public">Public area</a></p> </body></html> diff --git a/sca-cpp/trunk/modules/openid/htdocs/unprotected/index.html b/sca-cpp/trunk/modules/openid/htdocs/public/index.html index af2cd7ca19..af2cd7ca19 100644 --- a/sca-cpp/trunk/modules/openid/htdocs/unprotected/index.html +++ b/sca-cpp/trunk/modules/openid/htdocs/public/index.html diff --git a/sca-cpp/trunk/modules/openid/openid-conf b/sca-cpp/trunk/modules/openid/openid-conf index 95cdb1945c..839b58b554 100755 --- a/sca-cpp/trunk/modules/openid/openid-conf +++ b/sca-cpp/trunk/modules/openid/openid-conf @@ -47,14 +47,17 @@ AuthOpenIDAXAdd FIRSTNAME http://axschema.org/namePerson/first AuthOpenIDAXAdd LASTNAME http://axschema.org/namePerson/last </Location> -# Enable unauthenticated access to unprotected areas +# Enable unauthenticated access to public areas <Location /login> AuthOpenIDEnabled Off </Location> <Location /logout> AuthOpenIDEnabled Off </Location> -<Location /unprotected> +<Location /public> +AuthOpenIDEnabled Off +</Location> +<Location /ui> AuthOpenIDEnabled Off </Location> diff --git a/sca-cpp/trunk/modules/openid/openid.composite b/sca-cpp/trunk/modules/openid/openid.composite index 016139a9a7..08bb74b7c7 100644 --- a/sca-cpp/trunk/modules/openid/openid.composite +++ b/sca-cpp/trunk/modules/openid/openid.composite @@ -34,6 +34,7 @@ </service> <property name="user">anonymous</property> <property name="email">anonymous@example.com</property> + <property name="realm">example.com</property> </component> </composite> diff --git a/sca-cpp/trunk/modules/openid/user-info.scm b/sca-cpp/trunk/modules/openid/user-info.scm index 69eb207be9..b1ef74c6bd 100644 --- a/sca-cpp/trunk/modules/openid/user-info.scm +++ b/sca-cpp/trunk/modules/openid/user-info.scm @@ -17,10 +17,12 @@ ; OpenID support test case -(define (get id user email) (list "text/html" (list - "<html><body><p>The following info is generated on the server:</p><div>User: " (user) "</div><div>Email: " (email) "</div></body></html>"))) +(define (get id user email realm) (list "text/html" (list + "<html><body><p>The following info is generated on the server:</p><div>User: " (user) "</div><div>Email: " (email) "</div><div>Realm: " (realm) "</div></body></html>"))) -(define (getuser user email) (user)) +(define (getuser user email realm) (user)) -(define (getemail user email) (email)) +(define (getemail user email realm) (email)) + +(define (getrealm user email realm) (realm)) diff --git a/sca-cpp/trunk/modules/server/mod-eval.hpp b/sca-cpp/trunk/modules/server/mod-eval.hpp index 2fe4bd76e0..c2705b0538 100644 --- a/sca-cpp/trunk/modules/server/mod-eval.hpp +++ b/sca-cpp/trunk/modules/server/mod-eval.hpp @@ -395,6 +395,8 @@ const value mkpropProxy(const value& prop) { return lambda<value(const list<value>&)>(hostPropProxy(elementValue(prop))); if (scdl::name(prop) == "user") return lambda<value(const list<value>&)>(userPropProxy(elementValue(prop))); + if (scdl::name(prop) == "realm") + return lambda<value(const list<value>&)>(envPropProxy("REALM", elementValue(prop))); if (scdl::name(prop) == "email") return lambda<value(const list<value>&)>(envPropProxy("EMAIL", elementValue(prop))); if (scdl::name(prop) == "nickname") diff --git a/sca-cpp/trunk/modules/wsgi/scdl.py b/sca-cpp/trunk/modules/wsgi/scdl.py index 447dd985c2..97c2f7dd69 100644 --- a/sca-cpp/trunk/modules/wsgi/scdl.py +++ b/sca-cpp/trunk/modules/wsgi/scdl.py @@ -216,13 +216,15 @@ def mkproperty(name, l): return property(name, l) # Evaluate a property, return a lambda function returning the property -# value. The host, user and email properties are configured with the -# values from the HTTP request, if any +# value. The host, user, realm, nickname and email properties are configured +# with the values from the HTTP request, if any. def evalProperty(p): if car(p) == "host": return mkproperty(car(p), lambda: hostProperty(cadr(p), environ)) if car(p) == "user": return mkproperty(car(p), lambda: userProperty(cadr(p))) + if car(p) == "realm": + return mkproperty(car(p), lambda: hostProperty(cadr(p), environ)) if car(p) == "nickname": return mkproperty(car(p), lambda: nicknameProperty(cadr(p))) if car(p) == "email": |