admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#39750 Authenticatie 'Apps', savepoint

Browse Source 
svn path=/Website/trunk/; revision=33262
This commit is contained in:
Jos Groot Lipman
2017-03-26 15:46:37 +00:00
parent fb09cec038
commit 7fc5d9058e
6 changed files with 85 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
APPL/API/shorturl.asp
View File

@@ -47,9 +47,9 @@ __Log("== Entering shorturl.asp ==");
}
var keyparam = getQParamInt("k", -1);
var locked_user_key = getQParamInt("locked_user_key", -1);
/* // TODO: beschermen met hmac
// Daarom nog niet geactiveerd
var locked_user_key = getQParamInt("locked_user_key", -1);
if (locked_user_key > 0)
{
Session("locked_user_key") = locked_user_key;

45
APPL/API2/model_aut_client_perslid.inc
View File

@@ -3,7 +3,7 @@
$Id$
File: model_aut_client_perslid.inc
Description: Persoonlijke instellingen per SP
Description: Persoonlijke instellingen per Client/app
Notes:
*/
@@ -31,6 +31,11 @@ function model_aut_client_perslid()
"hidden_fld": true,
"required": true
},
"device": {
"dbs": "aut_client_perslid_device_id",
"label": L("aut_client_perslid_device"),
"typ": "varchar"
},
"scope": {
"dbs": "aut_client_perslid_scope",
"label": L("aut_client_perslid_scope"),
@@ -39,17 +44,35 @@ function model_aut_client_perslid()
"pushtoken": {
"dbs": "aut_client_perslid_pushtoken",
"label": L("aut_client_perslid_pushtoken"),
"typ": "varchar"
"typ": "varchar",
"filter": "exact"
},
"refreshtoken": {
"dbs": "aut_client_perslid_refreshtkn",
"label": L("aut_client_perslid_refreshtoken"),
"typ": "varchar"
"typ": "varchar",
"filter": "exact"
},
"refreshdate": {
"dbs": "aut_client_perslid_refreshdate",
"label": L("aut_client_perslid_refreshdate"),
"typ": "datetime"
},
"accesstoken": {
"dbs": "aut_client_perslid_accesstoken",
"label": L("aut_client_perslid_accesstoken"),
"typ": "varchar"
"typ": "varchar",
"filter": "exact"
},
"accessdate": {
"dbs": "aut_client_perslid_accessdate",
"label": L("aut_client_perslid_accessdate"),
"typ": "datetime"
},
"login": {
"dbs": "aut_client_perslid_login",
"label": L("aut_client_perslid_login"),
"typ": "datetime"
},
"person": {
"dbs": "prs_perslid_key",
@@ -64,12 +87,20 @@ function model_aut_client_perslid()
};
this.list = {
"columns": ["person", "scope"]
"columns": ["person", "scope", "device"]
};
this.REST_GET = generic_REST_GET(this);
this.REST_GET = function (params, jsondata)
{
if (user_key > 0 && "filter" in params && params.filter.id == user_key)
this.autfunction = false;
else if ("filter" in params && "accesstoken" in params.filter)
this.autfunction = false;
return generic_REST_GET(this)(params, jsondata);
}
this.REST_POST = generic_REST_POST(this);
//this.REST_PUT = generic_REST_PUT(this);
this.REST_PUT = generic_REST_PUT(this);
this.REST_DELETE = generic_REST_DELETE(this);
}
%>

32
APPL/AUT/getapptoken.asp
View File

@@ -11,6 +11,7 @@
noodzakelijkerwijs compatible mee.
*/
var JSON_Result = true;
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="./login.inc" -->
@@ -18,6 +19,7 @@
<!-- #include file="../api2/model_aut_client.inc" -->
<%
var client_id = getQParam("client_id");
var device_id = getQParam("device_id", ""); // optional device identification
var model_client = new model_aut_client();
var client_data = api2.GET(model_client, { filter: { "code": client_id } }); // sp moet er dan zijn voor Service Provider
if (!client_data && client_id == "NWNX") // Voor NWNX ondersteunen we auto-create
@@ -43,28 +45,34 @@
INTERNAL_ERROR_MISSING_SP;
var model_client_perslid = new model_aut_client_perslid();
var cp_data = api2.GET(model_client_perslid, { filter: { "autclient": client_data.id, "person": user_key } });
if (!cp_data)
//altijd nieuwe cp_data maken. Het kan zijn dat je een ander device aan het registreren bent
//var cp_data = api2.GET(model_client_perslid, { filter: { "autclient": client_data.id, "person": user_key, "device_id": device_id } });
//if (!cp_data)
{
var cp_data = { "autclient": client_data.id,
"scope": "*",
"refreshtoken": customerId + "_" + shared.random(32), // unused yet
"accesstoken": customerId + "_" + shared.random(32), // Does not expire yet?
"person": user_key,
"pushtoken": customerId + "_" + shared.random(32)
var cp_data = { "autclient" : client_data.id,
"scope" : "*",
"device_id" : device_id,
"refreshtoken": '1$' + customerId + "_" + shared.random(32), // unused yet
"refreshdate" : new Date(),
"accesstoken" : '1$' + customerId + "_" + shared.random(32), // Does not expire yet?
"accessdate" : new Date(),
"person" : user_key,
"pushtoken" : customerId + "_" + shared.random(32)
}
var result = model_client_perslid.REST_POST({}, cp_data);
cp_data = api2.GET(model_client_perslid, result.key );
}
var result =
{
weburl: HTTP.urlzelf() + "?mobile=1",
push_token: cp_data.pushtoken,
access_token: cp_data.accesstoken // JWT met SP 'NWNX'? Of JWT met IDP 'FACILITOR'?
"fcltversion": FCLTVersion,
"instance_url": HTTP.urlzelf() + "?mobile=1",
"push_token": cp_data.pushtoken,
"access_token": cp_data.accesstoken, // JWT met SP 'NWNX'? Of JWT met IDP 'FACILITOR'?
// Wel bij elke klant aan te maken dan? Of automatisch?
// bearer is stateless/ single request dus geen redirect
// maar via url &jwt= zou wel kunnen?
// refresh_url: HTTP.urlzelf() + "/appl/aut/getapptoken.asp?client_id={0}&auth={1}".format(sp, spp_data.refreshtoken)
"issued_at": Math.floor(cp_data.accessdate.getTime() / 1000)
// "refresh_url": HTTP.urlzelf() + "/appl/aut/getapptoken.asp?client_id={0}&auth={1}".format(sp, spp_data.refreshtoken)
}
Response.Write(JSON.stringify(result));
Response.End;

17
APPL/AUT/loginTry.asp
View File

@@ -26,6 +26,7 @@ if (Response.Expires > 0)
<!-- #include file="../api/api.inc" -->
<!-- #include file="../api2/api2.inc" -->
<!-- #include file="../api2/model_prs_perslid.inc" -->
<!-- #include file="../api2/model_aut_client.inc" -->
<%
__Log("== Entering loginTry.asp ==");
@@ -77,6 +78,22 @@ if (user_key < 0)
}
}
if (user_key < 0)
{
var auth = String(Request.ServerVariables("HTTP_X_FACILITOR_ACCESS_TOKEN"));
if (auth.match(/^1\$/)) // Mode 1$xxxxxxx
{
__Log("Found HTTP_X_FACILITOR_ACCESS_TOKEN");
var model_client_perslid = new model_aut_client_perslid();
var cp_data = api2.GET(model_client_perslid, { filter: { "accesstoken": auth } });
if (cp_data)
{
doLogin(cp_data.person.id);
model_client_perslid.REST_PUT({}, { login: new Date() }, cp_data.id);
}
}
}
if (user_key < 0)
{
// Deeplink met &userauth=27399&userhmac=1387370160%3AECQXKFpi8RU5WTK2pfJ0zRnc7QY

1
APPL/PRS/prs_perslid_qr_confirm.asp
View File

@@ -35,6 +35,7 @@ doLogin(user_key);
var getToken = getQParamInt("gettoken", 0) == 1;
if (getToken)
{
Response.Clear(); // DOCTYPE weghalen
Server.Transfer("../aut/getapptoken.asp"); // Die doet dat verder
}
else

5
APPL/Shared/locale.inc
View File

@@ -266,7 +266,10 @@ lcl = {
if (!lclcode) // moet een FAC_LOCALE.FAC_LOCALE_KOLOMNAAM waarde zijn
lclcode = alias;
// Als de user-taal de db-taal (nu nog hard NL) is gewoon pkolomnaam opleveren
if (S("multi_language_option") == 0 || S("language_toggles").length <= 1 || user.lang() == S("db_lang"))
if (S("multi_language_option") == 0 ||
S("language_toggles").length <= 1 ||
typeof user == "undefined" || // nog niet ingelogd
user.lang() == S("db_lang"))
llocaleclause = pkolomnaam+" "+(pwithalias ? alias+" " : "");
else
llocaleclause = " lcl.x('"+lclcode+"', "+pkey+", "+pkolomnaam+", " + (noautolcl?0:1) + ")"+(pwithalias ? alias+" " : "");