Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-rest
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-rest
Commits
f453e02e
Commit
f453e02e
authored
May 05, 2016
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Fixed REST issues with authentication due to a missing close brace(?)
parent
d6bdd45f
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
161 additions
and
144 deletions
+161
-144
intranet-rest-authentication-procs.tcl
tcl/intranet-rest-authentication-procs.tcl
+159
-0
intranet-rest-procs.tcl
tcl/intranet-rest-procs.tcl
+2
-144
No files found.
tcl/intranet-rest-authentication-procs.tcl
0 → 100644
View file @
f453e02e
# /packages/intranet-rest/tcl/intranet-rest-procs.tcl
#
# Copyright (C
)
2009
]
project-open
[
#
# All rights reserved. Please check
# http://www.project-open.com/license/ for details.
ad_library
{
REST Web Service Component Library - Authentication
@author frank.bergmann@project-open.com
}
ad_proc -private im_rest_cookie_auth_user_id
{
{
-debug 1
}
}
{
Determine the user_id even if ns_conn doesn't work
in a HTTP PUT call
}
{
# Get the user_id from the ad_user_login cookie
set header_vars
[
ns_conn headers
]
set cookie_string
[
ns_set get
$header
_vars Cookie
]
set cookie_list
[
split
$cookie
_string
";"
]
array set cookie_hash
{}
foreach l
$cookie
_list
{
if
{[
regexp
{([
^ =
]
+
)
\=
(
.+
)}
$l
match key value
]}
{
set key
[
ns_urldecode
[
string
trim
$key
]]
set value
[
ns_urldecode
[
string
trim
$value
]]
ns_log Notice
"im_rest_cookie_auth_user_id: key=
$key
, value=
$value
"
set cookie_hash
(
$key
)
$value
}
}
set rest_user_id
""
if
{[
info
exists cookie_hash
(
ad_session_id
)]}
{
set ad_session_id
$cookie
_hash
(
ad_session_id
)
ns_log Notice
"im_rest_cookie_auth_user_id: ad_session_id=
$ad
_session_id"
set rest_user_id
""
catch
{
set rest_user_id
[
ad_conn user_id
]
}
if
{
""
ne
$rest
_user_id && 0 !=
$rest
_user_id
}
{
ns_log Notice
"im_rest_cookie_auth_user_id: found authenthicated rest_user_id=
$rest
_user_id from ad_session_id cookie: storing into cache"
ns_cache set im_rest
$ad
_session_id
$rest
_user_id
return
$rest
_user_id
}
if
{[
ns_cache get im_rest
$ad
_session_id value
]}
{
ns_log Notice
"im_rest_cookie_auth_user_id: Didn't find authenticated rest_user_id: returning cached value"
return
$value
}
}
if
{[
info
exists cookie_hash
(
ad_user_login
)]}
{
set ad_user_login
$cookie
_hash
(
ad_user_login
)
ns_log Notice
"im_rest_cookie_auth_user_id: ad_user_login=
$ad
_user_login"
set rest_user_id
""
catch
{
set rest_user_id
[
ad_conn user_id
]
}
if
{
""
ne
$rest
_user_id && 0 !=
$rest
_user_id
}
{
ns_log Notice
"im_rest_cookie_auth_user_id: found authenticated rest_user_id=
$rest
_user_id from ad_user_login cookie: storing into cache"
ns_cache set im_rest
$ad
_user_login
$rest
_user_id
return
$rest
_user_id
}
if
{[
ns_cache get im_rest
$ad
_user_login value
]}
{
ns_log Notice
"im_rest_cookie_auth_user_id: Didn't find authenticated rest_user_id: returning cached value"
return
$value
}
}
ns_log Notice
"im_rest_cookie_auth_user_id: Didn't find any information, returning {}"
return
""
}
ad_proc -private im_rest_authenticate
{
{
-debug 1
}
{
-format
"json"
}
-query_hash_pairs:required
}
{
Determine the authenticated user
}
{
array set query_hash
$query
_hash_pairs
set header_vars
[
ns_conn headers
]
# --------------------------------------------------------
# Check for token authentication
set token_user_id
""
set token_token
""
if
{[
info
exists query_hash
(
user_id
)]}
{
set token_user_id
$query
_hash
(
user_id
)}
if
{[
info
exists query_hash
(
auth_token
)]}
{
set token_token
$query
_hash
(
auth_token
)}
if
{[
info
exists query_hash
(
auto_login
)]}
{
set token_token
$query
_hash
(
auto_login
)}
# Check if the token fits the user
if
{
""
!=
$token
_user_id &&
""
!=
$token
_token
}
{
if
{
!
[
im_valid_auto_login_p -user_id
$token
_user_id -auto_login
$token
_token -check_user_requires_manual_login_p 0
]}
{
set token_user_id
""
}
}
# --------------------------------------------------------
# Check for HTTP
"basic"
authorization
# Example: Authorization=Basic cHJvam9wOi5mcmFiZXI=
set basic_auth
[
ns_set get
$header
_vars
"Authorization"
]
set basic_auth_userpass
""
set basic_auth_username
""
set basic_auth_password
""
if
{[
regexp
{
^
([
a-zA-Z_
]
+
)
\
(
.*
)
$
}
$basic
_auth match method userpass_base64
]}
{
set basic_auth_userpass
[
base64::decode
$userpass
_base64
]
regexp
{
^
([
^
\:
]
+
)
\:
(
.*
)
$
}
$basic
_auth_userpass match basic_auth_username basic_auth_password
if
{
$debug
}
{
ns_log Notice
"im_rest_authenticate: basic_auth: basic_auth_username=
$basic
_auth_username, basic_auth_password=
$basic
_auth_password"
}
}
else
{
ns_log Notice
"im_rest_authenticate: basic_auth: basic_auth=
$basic
_auth does not match with regexp"
}
set basic_auth_user_id
[
db_string userid
"select user_id from users where lower(username) = lower(:basic_auth_username)"
-default
""
]
if
{
""
==
$basic
_auth_user_id
}
{
set basic_auth_user_id
[
db_string userid
"select party_id from parties where lower(email) = lower(:basic_auth_username)"
-default
""
]
}
set basic_auth_password_ok_p undefined
if
{
""
!=
$basic
_auth_user_id
}
{
set basic_auth_password_ok_p
[
ad_check_password
$basic
_auth_user_id
$basic
_auth_password
]
if
{
!$basic_auth_password_ok_p
}
{
set basic_auth_user_id
""
}
}
if
{
$debug
}
{
ns_log Notice
"im_rest_authenticate: format=
$format
, basic_auth=
$basic
_auth, basic_auth_username=
$basic
_auth_username, basic_auth_password=
$basic
_auth_password, basic_auth_user_id=
$basic
_auth_user_id, basic_auth_password_ok_p=
$basic
_auth_password_ok_p"
}
# --------------------------------------------------------
# Determine the user_id from cookie.
# Work around missing ns_conn user_id values in PUT and DELETE calls
set cookie_auth_user_id
[
im_rest_cookie_auth_user_id
]
if
{
$debug
}
{
ns_log Notice
"im_rest_authenticate: cookie_auth_user_id=
$cookie
_auth_user_id"
}
# Determine authentication method used
set auth_method
""
if
{
""
!=
$cookie
_auth_user_id && 0 !=
$cookie
_auth_user_id
}
{
set auth_method
"cookie"
}
if
{
""
!=
$token
_token
}
{
set auth_method
"token"
}
if
{
""
!=
$basic
_auth_user_id
}
{
set auth_method
"basic"
}
# --------------------------------------------------------
# Check if one of the methods was successful...
switch
$auth
_method
{
cookie
{
set auth_user_id
$cookie
_auth_user_id
}
token
{
set auth_user_id
$token
_user_id
}
basic
{
set auth_user_id
$basic
_auth_user_id
}
default
{
return
[
im_rest_error -format
$format
-http_status 401 -message
"No authentication found ('
$auth
_method')."
]
}
}
ns_log Notice
"im_rest_authenticate: format=
$format
, auth_method=
$auth
_method, auth_user_id=
$auth
_user_id"
return
[
list
user_id
$auth
_user_id method
$auth
_method
]
}
tcl/intranet-rest-procs.tcl
View file @
f453e02e
...
...
@@ -58,150 +58,6 @@ ad_proc -private im_rest_call_delete {} {
}
ad_proc -private im_rest_cookie_auth_user_id
{
{
-debug 1
}
}
{
Determine the user_id even if ns_conn doesn't work
in a HTTP PUT call
}
{
# Get the user_id from the ad_user_login cookie
set header_vars
[
ns_conn headers
]
set cookie_string
[
ns_set get
$header
_vars Cookie
]
set cookie_list
[
split
$cookie
_string
";"
]
array set cookie_hash
{}
foreach l
$cookie
_list
{
if
{[
regexp
{([
^ =
]
+
)
\=
(
.+
)}
$l
match key value
]}
{
set key
[
ns_urldecode
[
string
trim
$key
]]
set value
[
ns_urldecode
[
string
trim
$value
]]
ns_log Notice
"im_rest_cookie_auth_user_id: key=
$key
, value=
$value
"
set cookie_hash
(
$key
)
$value
}
}
set rest_user_id
""
if
{[
info
exists cookie_hash
(
ad_session_id
)]}
{
set ad_session_id
$cookie
_hash
(
ad_session_id
)
ns_log Notice
"im_rest_cookie_auth_user_id: ad_session_id=
$ad
_session_id"
set rest_user_id
""
catch
{
set rest_user_id
[
ad_conn user_id
]
}
if
{
""
!=
$rest
_user_id
}
{
ns_log Notice
"im_rest_cookie_auth_user_id: found authenthicated rest_user_id: storing into cache"
ns_cache set im_rest
$ad
_session_id
$rest
_user_id
return
$rest
_user_id
}
if
{[
ns_cache get im_rest
$ad
_session_id value
]}
{
ns_log Notice
"im_rest_cookie_auth_user_id: Didn't find authenticated rest_user_id: returning cached value"
return
$value
}
}
if
{[
info
exists cookie_hash
(
ad_user_login
)]}
{
set ad_user_login
$cookie
_hash
(
ad_user_login
)
ns_log Notice
"im_rest_cookie_auth_user_id: ad_user_login=
$ad
_user_login"
set rest_user_id
""
catch
{
set rest_user_id
[
ad_conn user_id
]
}
if
{
""
!=
$rest
_user_id
}
{
ns_log Notice
"im_rest_cookie_auth_user_id: found authenticated rest_user_id: storing into cache"
ns_cache set im_rest
$ad
_user_login
$rest
_user_id
return
$rest
_user_id
}
if
{[
ns_cache get im_rest
$ad
_user_login value
]}
{
ns_log Notice
"im_rest_cookie_auth_user_id: Didn't find authenticated rest_user_id: returning cached value"
return
$value
}
}
ns_log Notice
"im_rest_cookie_auth_user_id: Didn't find any information, returning {}"
return
""
}
ad_proc -private im_rest_authenticate
{
{
-debug 1
}
{
-format
"json"
}
-query_hash_pairs:required
}
{
Determine the authenticated user
}
{
array set query_hash
$query
_hash_pairs
set header_vars
[
ns_conn headers
]
# --------------------------------------------------------
# Check for token authentication
set token_user_id
""
set token_token
""
if
{[
info
exists query_hash
(
user_id
)]}
{
set token_user_id
$query
_hash
(
user_id
)}
if
{[
info
exists query_hash
(
auth_token
)]}
{
set token_token
$query
_hash
(
auth_token
)}
if
{[
info
exists query_hash
(
auto_login
)]}
{
set token_token
$query
_hash
(
auto_login
)}
# Check if the token fits the user
if
{
""
!=
$token
_user_id &&
""
!=
$token
_token
}
{
if
{
!
[
im_valid_auto_login_p -user_id
$token
_user_id -auto_login
$token
_token -check_user_requires_manual_login_p 0
]}
{
set token_user_id
""
}
}
# --------------------------------------------------------
# Check for HTTP
"basic"
authorization
# Example: Authorization=Basic cHJvam9wOi5mcmFiZXI=
set basic_auth
[
ns_set get
$header
_vars
"Authorization"
]
set basic_auth_userpass
""
set basic_auth_username
""
set basic_auth_password
""
if
{[
regexp
{
^
([
a-zA-Z_
]
+
)
\
(
.*
)
$
}
$basic
_auth match method userpass_base64
]}
{
set basic_auth_userpass
[
base64::decode
$userpass
_base64
]
regexp
{
^
([
^
\:
]
+
)
\:
(
.*
)
$
}
$basic
_auth_userpass match basic_auth_username basic_auth_password
if
{
$debug
}
{
ns_log Notice
"im_rest_authenticate: basic_auth: basic_auth_username=
$basic
_auth_username, basic_auth_password=
$basic
_auth_password"
}
}
else
{
ns_log Notice
"im_rest_authenticate: basic_auth: basic_auth=
$basic
_auth does not match with regexp"
}
set basic_auth_user_id
[
db_string userid
"select user_id from users where lower(username) = lower(:basic_auth_username)"
-default
""
]
if
{
""
==
$basic
_auth_user_id
}
{
set basic_auth_user_id
[
db_string userid
"select party_id from parties where lower(email) = lower(:basic_auth_username)"
-default
""
]
}
set basic_auth_password_ok_p undefined
if
{
""
!=
$basic
_auth_user_id
}
{
set basic_auth_password_ok_p
[
ad_check_password
$basic
_auth_user_id
$basic
_auth_password
]
if
{
!$basic_auth_password_ok_p
}
{
set basic_auth_user_id
""
}
}
if
{
$debug
}
{
ns_log Notice
"im_rest_authenticate: format=
$format
, basic_auth=
$basic
_auth, basic_auth_username=
$basic
_auth_username, basic_auth_password=
$basic
_auth_password, basic_auth_user_id=
$basic
_auth_user_id, basic_auth_password_ok_p=
$basic
_auth_password_ok_p"
}
# --------------------------------------------------------
# Determine the user_id from cookie.
# Work around missing ns_conn user_id values in PUT and DELETE calls
set cookie_auth_user_id
[
im_rest_cookie_auth_user_id
]
# Determine authentication method used
set auth_method
""
if
{
""
!=
$cookie
_auth_user_id && 0 !=
$cookie
_auth_user_id
}
{
set auth_method
"cookie"
}
if
{
""
!=
$token
_token
}
{
set auth_method
"token"
}
if
{
""
!=
$basic
_auth_user_id
}
{
set auth_method
"basic"
}
# --------------------------------------------------------
# Check if one of the methods was successful...
switch
$auth
_method
{
cookie
{
set auth_user_id
$cookie
_auth_user_id
}
token
{
set auth_user_id
$token
_user_id
}
basic
{
set auth_user_id
$basic
_auth_user_id
}
default
{
return
[
im_rest_error -format
$format
-http_status 401 -message
"No authentication found ('
$auth
_method')."
]
}
}
ns_log Notice
"im_rest_authenticate: format=
$format
, auth_method=
$auth
_method, auth_user_id=
$auth
_user_id"
return
[
list
user_id
$auth
_user_id method
$auth
_method
]
}
ad_proc -private im_rest_call_get
{
{
-http_method GET
}
{
-format
"json"
}
...
...
@@ -240,6 +96,8 @@ ad_proc -private im_rest_call_get {
if
{
0 ==
[
llength
[
array
get auth_hash
]]}
{
return
[
im_rest_error -format
$format
-http_status 401 -message
"Not authenticated"
]
}
set auth_user_id
$auth
_hash
(
user_id
)
set auth_method
$auth
_hash
(
method
)
ns_log Notice
"im_rest_call_get: method=
$http
_method, format=
$format
, user_id=
$auth
_user_id, query_hash=
[
array
get query_hash
]
"
if
{
""
==
$auth
_user_id
}
{
return
[
im_rest_error -format
$format
-http_status 401 -message
"Not authenticated"
]
}
# Default format are:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment