- REST:

  Fixed "GanttEditor: Error saving data on the server side: No authentication found ('')" bug.
  Apparently Chrome sometimes sends out PUT XHTTP calls without cookies.
  So ]po[ then correctly identifies a non-authenticated session.
  As a workaround, I have added auth_token authentication in the SenchaPreference store,
  so that the calls are authenticated, even if the cookies should disappear for some
  reason.

tcl/intranet-rest-authentication-procs.tcl

@@ -27,7 +27,7 @@ ad_proc -private im_rest_cookie_auth_user_id {
 	if {[regexp {([^ =]+)\=(.+)} $l match key value]} {
 	    set key [ns_urldecode [string trim $key]]
 	    set value [ns_urldecode [string trim $value]]
-	    ns_log Notice "im_rest_cookie_auth_user_id: key=$key, value=$value"
+	    if {$debug} { ns_log Notice "im_rest_cookie_auth_user_id: key=$key, value=$value" }
 	    set cookie_hash($key) $value
 	}
     }
@@ -36,19 +36,19 @@ ad_proc -private im_rest_cookie_auth_user_id {
     if {[info exists cookie_hash(ad_session_id)]} { 
 
 	set ad_session_id $cookie_hash(ad_session_id)
-        ns_log Notice "im_rest_cookie_auth_user_id: ad_session_id=$ad_session_id"
+        if {$debug} { ns_log Notice "im_rest_cookie_auth_user_id: ad_session_id=$ad_session_id" }
 
 	set rest_user_id ""
 	catch { set rest_user_id [ad_conn user_id] }
 
 	if {"" ne $rest_user_id && 0 != $rest_user_id} {
-	    ns_log Notice "im_rest_cookie_auth_user_id: found authenthicated rest_user_id=$rest_user_id from ad_session_id cookie: storing into cache"
+	    if {$debug} { ns_log Notice "im_rest_cookie_auth_user_id: found authenthicated rest_user_id=$rest_user_id from ad_session_id cookie: storing into cache" }
 	    ns_cache set im_rest $ad_session_id $rest_user_id    
 	    return $rest_user_id
 	}
 	
 	if {[ns_cache get im_rest $ad_session_id value]} { 
-	    ns_log Notice "im_rest_cookie_auth_user_id: Didn't find authenticated rest_user_id: returning cached value"
+	    if {$debug} { ns_log Notice "im_rest_cookie_auth_user_id: Didn't find authenticated rest_user_id: returning cached value" }
 	    return $value 
 	}
     }
@@ -56,22 +56,22 @@ ad_proc -private im_rest_cookie_auth_user_id {
     if {[info exists cookie_hash(ad_user_login)]} { 
 
 	set ad_user_login $cookie_hash(ad_user_login)
-        ns_log Notice "im_rest_cookie_auth_user_id: ad_user_login=$ad_user_login"
+        if {$debug} { ns_log Notice "im_rest_cookie_auth_user_id: ad_user_login=$ad_user_login" }
 
 	set rest_user_id ""
 	catch { set rest_user_id [ad_conn user_id] }
 	if {"" ne $rest_user_id && 0 != $rest_user_id} {
-	    ns_log Notice "im_rest_cookie_auth_user_id: found authenticated rest_user_id=$rest_user_id from ad_user_login cookie: storing into cache"
+	    if {$debug} { ns_log Notice "im_rest_cookie_auth_user_id: found authenticated rest_user_id=$rest_user_id from ad_user_login cookie: storing into cache" }
 	    ns_cache set im_rest $ad_user_login $rest_user_id    
 	    return $rest_user_id
 	}
 	
 	if {[ns_cache get im_rest $ad_user_login value]} { 
-	    ns_log Notice "im_rest_cookie_auth_user_id: Didn't find authenticated rest_user_id: returning cached value"
+	    if {$debug} { ns_log Notice "im_rest_cookie_auth_user_id: Didn't find authenticated rest_user_id: returning cached value" }
 	    return $value 
 	}
     }
-    ns_log Notice "im_rest_cookie_auth_user_id: Didn't find any information, returning {}"
+    if {$debug} { ns_log Notice "im_rest_cookie_auth_user_id: Didn't find any information, returning {}" }
     return ""
 }
 
@@ -83,6 +83,7 @@ ad_proc -private im_rest_authenticate {
 } {
     Determine the authenticated user
 } {
+    if {$debug} { ns_log Notice "im_rest_authenticate: Starting: query_hash_pairs=$query_hash_pairs" }
     array set query_hash $query_hash_pairs
     set header_vars [ns_conn headers]
 
@@ -95,11 +96,19 @@ ad_proc -private im_rest_authenticate {
     if {[info exists query_hash(auto_login)]} { set token_token $query_hash(auto_login)}
 
     # Check if the token fits the user
-    if {"" != $token_user_id && "" != $token_token} {
-	if {![im_valid_auto_login_p -user_id $token_user_id -auto_login $token_token -check_user_requires_manual_login_p 0]} {
+    if {"" ne $token_user_id && "" ne $token_token} {
+	if {$debug} { ns_log Notice "im_rest_authenticate: Found auth_token=$token_token with user_id=$token_user_id" }
+	set valid_p [im_valid_auto_login_p -user_id $token_user_id -auto_login $token_token -check_user_requires_manual_login_p 0]
+	if {$debug} { ns_log Notice "im_rest_authenticate: valid_p=$valid_p" }
+	if {$valid_p} {
+	    if {$debug} { ns_log Notice "im_rest_authenticate: auth_token was valid, user_id=$token_user_id" }
+	    return [list "user_id" $token_user_id "method" "token"]
+	} else {
+	    if {$debug} { ns_log Notice "im_rest_authenticate: auth_token was invalid, ignoring" }
 	    set token_user_id ""
 	}
     }
+    if {$debug} { ns_log Notice "im_rest_authenticate: Did not find valid auth_token" }
 
     # --------------------------------------------------------
     # Check for HTTP "basic" authorization
@@ -113,7 +122,7 @@ ad_proc -private im_rest_authenticate {
 	regexp {^([^\:]+)\:(.*)$} $basic_auth_userpass match basic_auth_username basic_auth_password
 	if {$debug} { ns_log Notice "im_rest_authenticate: basic_auth: basic_auth_username=$basic_auth_username, basic_auth_password=$basic_auth_password" }
     } else {
-	ns_log Notice "im_rest_authenticate: basic_auth: basic_auth=$basic_auth does not match with regexp"
+	if {$debug} { ns_log Notice "im_rest_authenticate: basic_auth: basic_auth=$basic_auth does not match with regexp" }
     }
     set basic_auth_user_id [db_string userid "select user_id from users where lower(username) = lower(:basic_auth_username)" -default ""]
     if {"" == $basic_auth_user_id} {
@@ -158,10 +167,11 @@ ad_proc -private im_rest_authenticate {
         }
     }
 
-    ns_log Notice "im_rest_authenticate: format=$format, auth_method=$auth_method, auth_user_id=$auth_user_id"
+    if {$debug} { ns_log Notice "im_rest_authenticate: format=$format, auth_method=$auth_method, auth_user_id=$auth_user_id" }
     return [list user_id $auth_user_id method $auth_method]
 }
 
 
 
 
+

tcl/intranet-rest-procs.tcl

@@ -64,6 +64,8 @@ ad_proc -private im_rest_call_get {
 } {
     Handler for GET rest calls
 } {
+    ns_log Notice "im_rest_call_get: Starting"
+
     # Get the entire URL and decompose into the "rest_otype" 
     # and the "rest_oid" pieces. Splitting the URL on "/"
     # will result in "{} intranet-rest rest_otype rest_oid":
@@ -71,6 +73,7 @@ ad_proc -private im_rest_call_get {
     set url_pieces [split $url "/"]
     set rest_otype [lindex $url_pieces 2]
     set rest_oid [lindex $url_pieces 3]
+    ns_log Notice "im_rest_call_get: oid=$rest_oid, otype=$rest_otype"
 
     # Get the information about the URL parameters, parse
     # them and store them into a hash array.
@@ -92,7 +95,11 @@ ad_proc -private im_rest_call_get {
     if {[info exists query_hash(format)]} { set format $query_hash(format) }
 
     # Determine the authenticated user_id. 0 means not authenticated.
-    array set auth_hash [im_rest_authenticate -format $format -query_hash_pairs [array get query_hash]]
+    ns_log Notice "im_rest_call_get: before im_rest_authenticate:  format=$format, query_hash_pairs=[array get query_hash]"
+    set auth_hash_list [im_rest_authenticate -format $format -query_hash_pairs [array get query_hash]]
+    ns_log Notice "im_rest_call_get: after im_rest_authenticate: auth_hash=$auth_hash_list"
+    array set auth_hash $auth_hash_list
+
     if {0 == [llength [array get auth_hash]]} { return [im_rest_error -format $format -http_status 401 -message "Not authenticated"] }
     set auth_user_id $auth_hash(user_id)
     set auth_method $auth_hash(method)