changeset 608:7fd9350eacf9 openid

Add client side openID authentication handling If the client is not authenticated it will be redirected to the identity provider provided by the lada-server in the error message. The lada-server keeps track of the association and verifies the openID parameters sent by the client in the X-OPENID-PARAMS header
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 12 Mar 2015 17:39:16 +0100
parents 80077aeaa9ed
children ab48824713e2
files app.js app/override/RestProxy.js
diffstat 2 files changed, 82 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/app.js	Thu Mar 12 15:53:22 2015 +0100
+++ b/app.js	Thu Mar 12 17:39:16 2015 +0100
@@ -27,6 +27,7 @@
     // found on https://github.com/elmasse/Ext.i18n.Bundle
     requires: [
         'Lada.override.Table',
+        'Lada.override.RestProxy',
         'Lada.override.RowEditor',
         'Ext.i18n.Bundle',
         'Ext.layout.container.Column',
@@ -57,6 +58,53 @@
 
     // Start the application.
     launch: function() {
+        var queryString = document.location.href.split('?')[1];
+        if (queryString) {
+            Lada.openIDParams = queryString;
+        }
+        Ext.Ajax.request({
+            url: 'lada-server/login?return_to=' + window.location.href,
+            method: 'GET',
+            headers: {
+                'X-OPENID-PARAMS': Lada.openIDParams
+            },
+            scope: this,
+            success: this.onLoginSuccess,
+            failure: this.onLoginFailure
+        });
+    },
+
+    onLoginFailure : function(response, opts) {
+        try {
+            var json = Ext.decode(response.responseText);
+            if (json) {
+                if (json.message == "699") {
+                    /* This is the unauthorized message with the authentication
+                     * redirect in the data */
+                    var authUrl = json.data;
+                    location.href = authUrl;
+                    return;
+                }
+                if (json.message == "698") {
+                    /* This is general authentication error */
+                    Ext.MessageBox.alert('Kommunikation mit dem Login Server fehlgeschlagen',
+                            json.data);
+                    return;
+                }
+            }
+        } catch (e) {
+            // This is likely a 404 or some unknown error. Show general error then.
+        }
+        Ext.MessageBox.alert('Kommunikation mit dem Lada Server fehlgeschlagen',
+                'Es konnte keine erfolgreiche Verbindung zum lada server aufgebaut werden.');
+
+    },
+
+    onLoginSuccess: function(response, opts) {
+        /* Strip out the openid query params to look nicers. */
+        window.history.pushState(this.name, this.name, window.location.pathname);
+
+        /* Todo maybe parse username and such from login service response */
         Ext.create('Lada.store.Datenbasis', {
             storeId: 'datenbasis'
         });
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/app/override/RestProxy.js	Thu Mar 12 17:39:16 2015 +0100
@@ -0,0 +1,34 @@
+/* Copyright (C) 2015 by Bundesamt fuer Strahlenschutz
+ * Software engineering by Intevation GmbH
+ *
+ * This file is Free Software under the GNU GPL (v>=3)
+ * and comes with ABSOLUTELY NO WARRANTY! Check out
+ * the documentation coming with IMIS-Labordaten-Application for details.
+ */
+
+Ext.define('Lada.override.RestProxy', {
+    override: 'Ext.data.proxy.Rest',
+
+    buildRequest: function (operation) {
+        this.headers = { 'X-OPENID-PARAMS': Lada.openIDParams };
+        return this.callParent(arguments);
+    },
+
+    processResponse: function (success, operation, request, response, callback, scope) {
+        if (!success && response.status == 401) {
+            var json = Ext.decode(response.responseText);
+            if (json) {
+                if (json.message == "699") {
+                    /* This is the unauthorized message with the authentication
+                     * redirect in the data */
+
+                    /* We decided to handle this with a redirect to the identity
+                     * provider. In which case we have no other option then to
+                     * handle it here with relaunch. */
+                    Lada.launch(); // Data loss!
+                }
+            }
+        }
+        this.callParent(arguments);
+    }
+});

http://lada.wald.intevation.org