Mercurial > lada > lada-client
changeset 608:7fd9350eacf9 openid
Add client side openID authentication handling
If the client is not authenticated it will be redirected
to the identity provider provided by the lada-server in the
error message. The lada-server keeps track of the association
and verifies the openID parameters sent by the client
in the X-OPENID-PARAMS header
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Thu, 12 Mar 2015 17:39:16 +0100 |
| parents | 80077aeaa9ed |
| children | ab48824713e2 |
| files | app.js app/override/RestProxy.js |
| diffstat | 2 files changed, 82 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/app.js Thu Mar 12 15:53:22 2015 +0100 +++ b/app.js Thu Mar 12 17:39:16 2015 +0100 @@ -27,6 +27,7 @@ // found on https://github.com/elmasse/Ext.i18n.Bundle requires: [ 'Lada.override.Table', + 'Lada.override.RestProxy', 'Lada.override.RowEditor', 'Ext.i18n.Bundle', 'Ext.layout.container.Column', @@ -57,6 +58,53 @@ // Start the application. launch: function() { + var queryString = document.location.href.split('?')[1]; + if (queryString) { + Lada.openIDParams = queryString; + } + Ext.Ajax.request({ + url: 'lada-server/login?return_to=' + window.location.href, + method: 'GET', + headers: { + 'X-OPENID-PARAMS': Lada.openIDParams + }, + scope: this, + success: this.onLoginSuccess, + failure: this.onLoginFailure + }); + }, + + onLoginFailure : function(response, opts) { + try { + var json = Ext.decode(response.responseText); + if (json) { + if (json.message == "699") { + /* This is the unauthorized message with the authentication + * redirect in the data */ + var authUrl = json.data; + location.href = authUrl; + return; + } + if (json.message == "698") { + /* This is general authentication error */ + Ext.MessageBox.alert('Kommunikation mit dem Login Server fehlgeschlagen', + json.data); + return; + } + } + } catch (e) { + // This is likely a 404 or some unknown error. Show general error then. + } + Ext.MessageBox.alert('Kommunikation mit dem Lada Server fehlgeschlagen', + 'Es konnte keine erfolgreiche Verbindung zum lada server aufgebaut werden.'); + + }, + + onLoginSuccess: function(response, opts) { + /* Strip out the openid query params to look nicers. */ + window.history.pushState(this.name, this.name, window.location.pathname); + + /* Todo maybe parse username and such from login service response */ Ext.create('Lada.store.Datenbasis', { storeId: 'datenbasis' });
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/app/override/RestProxy.js Thu Mar 12 17:39:16 2015 +0100 @@ -0,0 +1,34 @@ +/* Copyright (C) 2015 by Bundesamt fuer Strahlenschutz + * Software engineering by Intevation GmbH + * + * This file is Free Software under the GNU GPL (v>=3) + * and comes with ABSOLUTELY NO WARRANTY! Check out + * the documentation coming with IMIS-Labordaten-Application for details. + */ + +Ext.define('Lada.override.RestProxy', { + override: 'Ext.data.proxy.Rest', + + buildRequest: function (operation) { + this.headers = { 'X-OPENID-PARAMS': Lada.openIDParams }; + return this.callParent(arguments); + }, + + processResponse: function (success, operation, request, response, callback, scope) { + if (!success && response.status == 401) { + var json = Ext.decode(response.responseText); + if (json) { + if (json.message == "699") { + /* This is the unauthorized message with the authentication + * redirect in the data */ + + /* We decided to handle this with a redirect to the identity + * provider. In which case we have no other option then to + * handle it here with relaunch. */ + Lada.launch(); // Data loss! + } + } + } + this.callParent(arguments); + } +});