FSN#39750 Authenticatie 'Apps', savepoint

svn path=/Website/trunk/; revision=33273

APPL/API2/model_aut_client.inc

@@ -10,8 +10,9 @@
 %>
 <!-- #include file="./model_aut_client_perslid.inc" -->
 <%
-function model_aut_client()
+function model_aut_client(params)
 {
+    params = params || {};
     this.records_name = "autclients";
     this.record_name = "autclient";
     this.table = "aut_client";
@@ -73,8 +74,12 @@ function model_aut_client()
               };
 
     this.REST_GET    = generic_REST_GET(this);
-    this.REST_POST   = generic_REST_POST(this);
-    this.REST_PUT    = generic_REST_PUT(this);
-    this.REST_DELETE = generic_REST_DELETE(this);
+    if (params.internal) // Dan geloof ik het wel
+    {
+        this.autfunction = false;
+        this.REST_POST   = generic_REST_POST(this);
+        this.REST_PUT    = generic_REST_PUT(this);
+        this.REST_DELETE = generic_REST_DELETE(this);
+    }
 }
 %>

APPL/API2/model_aut_client_perslid.inc

@@ -7,12 +7,14 @@
     Notes:
 */
 
-function model_aut_client_perslid()
+function model_aut_client_perslid(params)
 {
+    params = params || {};
     this.records_name = "clientpersons";
     this.record_name = "clientperson";
     this.table = "aut_client_perslid";
     this.primary = "aut_client_perslid_key";
+    this.autSELF = "person";
     this.autfunction = "WEB_FACFAC";
     this.record_title = L("aut_client_perslid");
     this.records_title = L("aut_client_perslid_m");
@@ -90,17 +92,13 @@ function model_aut_client_perslid()
         "columns": ["person", "scope", "device"]
     };
 
-    this.REST_GET = function (params, jsondata)
+    this.REST_GET    = generic_REST_GET(this);
+    if (params.internal) // Dan geloof ik het wel
     {
-        if (user_key > 0 && "filter" in params && params.filter.id == user_key)
-            this.autfunction = false;
-        else if ("filter" in params && "accesstoken" in params.filter)
-            this.autfunction = false;
-
-        return generic_REST_GET(this)(params, jsondata);
+        this.autfunction = false;
+        this.REST_POST   = generic_REST_POST(this);
+        this.REST_PUT    = generic_REST_PUT(this);
+        this.REST_DELETE = generic_REST_DELETE(this);
     }
-    this.REST_POST   = generic_REST_POST(this);
-    this.REST_PUT    = generic_REST_PUT(this);
-    this.REST_DELETE = generic_REST_DELETE(this);
 }
 %>

APPL/AUT/getapptoken.asp

@@ -20,9 +20,9 @@ var JSON_Result = true;
 <%
     var client_id = getQParam("client_id");
     var device_id = getQParam("device_id", ""); // optional device identification
-    var model_client = new model_aut_client();
+    var model_client = new model_aut_client({ internal: true });
     var client_data = api2.GET(model_client, { filter: { "code": client_id } }); // sp moet er dan zijn voor Service Provider
-    if (!client_data && client_id == "NWNX") // Voor NWNX ondersteunen we auto-create
+    if (!client_data && client_id == "FCLTAPP1") // Voor FCLTAPP1 ondersteunen we auto-create
     {
         var client_data =
         {
@@ -35,7 +35,7 @@ var JSON_Result = true;
             "remark": "Automatisch aangemaakt voor New Nexus app",
             "secret": shared.random(32),
             "audience": "{0}.facilitor.nl".format(customerId.toLowerCase()),
-            "issuer": "FACILITOR NWNX",
+            "issuer": "FACILITOR FCLTAPP1",
             "algorithm": "HS256"
         }
         var result = model_client.REST_POST({}, client_data);
@@ -44,7 +44,7 @@ var JSON_Result = true;
     if (!client_data)
         INTERNAL_ERROR_MISSING_SP;
 
-    var model_client_perslid = new model_aut_client_perslid();
+    var model_client_perslid = new model_aut_client_perslid({ internal: true });
     //altijd nieuwe cp_data maken. Het kan zijn dat je een ander device aan het registreren bent
     //var cp_data = api2.GET(model_client_perslid, { filter: { "autclient": client_data.id, "person": user_key, "device_id": device_id } });
     //if (!cp_data)
@@ -65,9 +65,9 @@ var JSON_Result = true;
     var result =
     {
         "fcltversion": FCLTVersion,
-        "instance_url": HTTP.urlzelf() + "?mobile=1",
+        "instance_url": HTTP.urlzelf() + "/",
         "push_token": cp_data.pushtoken,
-        "access_token": cp_data.accesstoken, // JWT met SP 'NWNX'? Of JWT met IDP 'FACILITOR'?
+        "access_token": cp_data.accesstoken, // JWT met SP 'FCLTAPP1'? Of JWT met IDP 'FACILITOR'?
                                              // Wel bij elke klant aan te maken dan? Of automatisch?
                                              // bearer is stateless/ single request dus geen redirect
                                              // maar via url &jwt= zou wel kunnen?

APPL/Shared/default.inc

@@ -9,8 +9,8 @@
     Note:        Sinds 5.2.2 zitten de settings in de database
 */
 
-var FCLTVersion="2016.3c";
-var FCLTMinDatabaseSchema="30";
+var FCLTVersion="2017.1alfa";
+var FCLTMinDatabaseSchema="31";
 
 var custpath = rooturl + "/cust/" + customerId;  // path to customer files