# HG changeset patch # User Andre Heinecke # Date 1426178356 -3600 # Node ID 7fd9350eacf9d8a900e03522272b4b60cd917777 # Parent 80077aeaa9ed553508ddbcf6d18da2926f6ae8eb Add client side openID authentication handling If the client is not authenticated it will be redirected to the identity provider provided by the lada-server in the error message. The lada-server keeps track of the association and verifies the openID parameters sent by the client in the X-OPENID-PARAMS header diff -r 80077aeaa9ed -r 7fd9350eacf9 app.js --- a/app.js Thu Mar 12 15:53:22 2015 +0100 +++ b/app.js Thu Mar 12 17:39:16 2015 +0100 @@ -27,6 +27,7 @@ // found on https://github.com/elmasse/Ext.i18n.Bundle requires: [ 'Lada.override.Table', + 'Lada.override.RestProxy', 'Lada.override.RowEditor', 'Ext.i18n.Bundle', 'Ext.layout.container.Column', @@ -57,6 +58,53 @@ // Start the application. launch: function() { + var queryString = document.location.href.split('?')[1]; + if (queryString) { + Lada.openIDParams = queryString; + } + Ext.Ajax.request({ + url: 'lada-server/login?return_to=' + window.location.href, + method: 'GET', + headers: { + 'X-OPENID-PARAMS': Lada.openIDParams + }, + scope: this, + success: this.onLoginSuccess, + failure: this.onLoginFailure + }); + }, + + onLoginFailure : function(response, opts) { + try { + var json = Ext.decode(response.responseText); + if (json) { + if (json.message == "699") { + /* This is the unauthorized message with the authentication + * redirect in the data */ + var authUrl = json.data; + location.href = authUrl; + return; + } + if (json.message == "698") { + /* This is general authentication error */ + Ext.MessageBox.alert('Kommunikation mit dem Login Server fehlgeschlagen', + json.data); + return; + } + } + } catch (e) { + // This is likely a 404 or some unknown error. Show general error then. + } + Ext.MessageBox.alert('Kommunikation mit dem Lada Server fehlgeschlagen', + 'Es konnte keine erfolgreiche Verbindung zum lada server aufgebaut werden.'); + + }, + + onLoginSuccess: function(response, opts) { + /* Strip out the openid query params to look nicers. */ + window.history.pushState(this.name, this.name, window.location.pathname); + + /* Todo maybe parse username and such from login service response */ Ext.create('Lada.store.Datenbasis', { storeId: 'datenbasis' }); diff -r 80077aeaa9ed -r 7fd9350eacf9 app/override/RestProxy.js --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/app/override/RestProxy.js Thu Mar 12 17:39:16 2015 +0100 @@ -0,0 +1,34 @@ +/* Copyright (C) 2015 by Bundesamt fuer Strahlenschutz + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=3) + * and comes with ABSOLUTELY NO WARRANTY! Check out + * the documentation coming with IMIS-Labordaten-Application for details. + */ + +Ext.define('Lada.override.RestProxy', { + override: 'Ext.data.proxy.Rest', + + buildRequest: function (operation) { + this.headers = { 'X-OPENID-PARAMS': Lada.openIDParams }; + return this.callParent(arguments); + }, + + processResponse: function (success, operation, request, response, callback, scope) { + if (!success && response.status == 401) { + var json = Ext.decode(response.responseText); + if (json) { + if (json.message == "699") { + /* This is the unauthorized message with the authentication + * redirect in the data */ + + /* We decided to handle this with a redirect to the identity + * provider. In which case we have no other option then to + * handle it here with relaunch. */ + Lada.launch(); // Data loss! + } + } + } + this.callParent(arguments); + } +});