[Lada-commits] [PATCH] Add client side openID authentication handling
Wald Commits
scm-commit at wald.intevation.org
Thu Mar 12 17:40:57 CET 2015
# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1426178356 -3600
# Branch openid
# Node ID 7fd9350eacf9d8a900e03522272b4b60cd917777
# Parent 80077aeaa9ed553508ddbcf6d18da2926f6ae8eb
Add client side openID authentication handling
If the client is not authenticated it will be redirected
to the identity provider provided by the lada-server in the
error message. The lada-server keeps track of the association
and verifies the openID parameters sent by the client
in the X-OPENID-PARAMS header
diff -r 80077aeaa9ed -r 7fd9350eacf9 app.js
--- a/app.js Thu Mar 12 15:53:22 2015 +0100
+++ b/app.js Thu Mar 12 17:39:16 2015 +0100
@@ -27,6 +27,7 @@
// found on https://github.com/elmasse/Ext.i18n.Bundle
requires: [
'Lada.override.Table',
+ 'Lada.override.RestProxy',
'Lada.override.RowEditor',
'Ext.i18n.Bundle',
'Ext.layout.container.Column',
@@ -57,6 +58,53 @@
// Start the application.
launch: function() {
+ var queryString = document.location.href.split('?')[1];
+ if (queryString) {
+ Lada.openIDParams = queryString;
+ }
+ Ext.Ajax.request({
+ url: 'lada-server/login?return_to=' + window.location.href,
+ method: 'GET',
+ headers: {
+ 'X-OPENID-PARAMS': Lada.openIDParams
+ },
+ scope: this,
+ success: this.onLoginSuccess,
+ failure: this.onLoginFailure
+ });
+ },
+
+ onLoginFailure : function(response, opts) {
+ try {
+ var json = Ext.decode(response.responseText);
+ if (json) {
+ if (json.message == "699") {
+ /* This is the unauthorized message with the authentication
+ * redirect in the data */
+ var authUrl = json.data;
+ location.href = authUrl;
+ return;
+ }
+ if (json.message == "698") {
+ /* This is general authentication error */
+ Ext.MessageBox.alert('Kommunikation mit dem Login Server fehlgeschlagen',
+ json.data);
+ return;
+ }
+ }
+ } catch (e) {
+ // This is likely a 404 or some unknown error. Show general error then.
+ }
+ Ext.MessageBox.alert('Kommunikation mit dem Lada Server fehlgeschlagen',
+ 'Es konnte keine erfolgreiche Verbindung zum lada server aufgebaut werden.');
+
+ },
+
+ onLoginSuccess: function(response, opts) {
+ /* Strip out the openid query params to look nicers. */
+ window.history.pushState(this.name, this.name, window.location.pathname);
+
+ /* Todo maybe parse username and such from login service response */
Ext.create('Lada.store.Datenbasis', {
storeId: 'datenbasis'
});
diff -r 80077aeaa9ed -r 7fd9350eacf9 app/override/RestProxy.js
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/app/override/RestProxy.js Thu Mar 12 17:39:16 2015 +0100
@@ -0,0 +1,34 @@
+/* Copyright (C) 2015 by Bundesamt fuer Strahlenschutz
+ * Software engineering by Intevation GmbH
+ *
+ * This file is Free Software under the GNU GPL (v>=3)
+ * and comes with ABSOLUTELY NO WARRANTY! Check out
+ * the documentation coming with IMIS-Labordaten-Application for details.
+ */
+
+Ext.define('Lada.override.RestProxy', {
+ override: 'Ext.data.proxy.Rest',
+
+ buildRequest: function (operation) {
+ this.headers = { 'X-OPENID-PARAMS': Lada.openIDParams };
+ return this.callParent(arguments);
+ },
+
+ processResponse: function (success, operation, request, response, callback, scope) {
+ if (!success && response.status == 401) {
+ var json = Ext.decode(response.responseText);
+ if (json) {
+ if (json.message == "699") {
+ /* This is the unauthorized message with the authentication
+ * redirect in the data */
+
+ /* We decided to handle this with a redirect to the identity
+ * provider. In which case we have no other option then to
+ * handle it here with relaunch. */
+ Lada.launch(); // Data loss!
+ }
+ }
+ }
+ this.callParent(arguments);
+ }
+});
More information about the Lada-commits
mailing list