admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#33722 API1 ook basic authenticatie

Browse Source 
svn path=/Website/trunk/; revision=26418
This commit is contained in:
Jos Groot Lipman
2015-09-21 14:04:28 +00:00
parent 969a934a7a
commit b2393b2a65
28 changed files with 80 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
APPL/API/api.asp
View File

@@ -20,9 +20,7 @@ var EXPIRED_PASSWORD_OK = true; // performance
<!-- #include file="../Shared/common.inc"-->
<!-- #include file="../api/api.inc" -->
<%
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY); // controleert vanzelf
var API = new API_func(); // controleert vanzelf
__Log("Transferring to: " + API.apidata.file);
Server.Transfer(API.apidata.file);

54
APPL/API/api.inc
View File

@@ -8,41 +8,54 @@
*/
function API_func(APIname, APIKEY)
function API_func()
{
this.APIname = APIname;
this.APIKEY = APIKEY;
this.APIname = getQParam("API");
var sql = "SELECT *"
+ " FROM fac_api"
+ " WHERE fac_api_name = " + safe.quoted_sql(APIname);
+ " WHERE fac_api_name = " + safe.quoted_sql(this.APIname);
var oRs = Oracle.Execute(sql);
if (oRs.Eof)
{
this.error("Invalid API: " + APIname);
this.error("Invalid API: " + this.APIname);
oRs.Close();
Response.End;
}
var sql2 = "SELECT prs_perslid_key, prs_perslid_naam"
+ " FROM prs_perslid"
+ " WHERE prs_perslid_apikey = " + safe.quoted_sql(APIKEY)
+ " AND prs_perslid_verwijder IS NULL"; // Eigenlijk zou de trigger APIKEY moeten wissen bij verwijderen
var oRs2 = Oracle.Execute(sql2);
if (oRs2.Eof)
if (user_key < 0)
{
this.error("Invalid APIKEY: " + APIKEY);
oRs2.Close();
Response.End;
};
__Log("API User is: " + oRs2("prs_perslid_naam"));
this.APIKEY = getQParam("APIKEY", "");
if (!this.APIKEY && S("basic_auth_realm"))
{
Response.Status = "401 Unauthorized";
Response.AddHeader("WWW-Authenticate", "Basic realm=\"" + S("basic_auth_realm") + "\"");
Response.End;
}
else
{
var sql2 = "SELECT prs_perslid_key, prs_perslid_naam"
+ " FROM prs_perslid"
+ " WHERE prs_perslid_apikey = " + safe.quoted_sql(this.APIKEY)
+ " AND prs_perslid_verwijder IS NULL"; // Eigenlijk zou de trigger APIKEY moeten wissen bij verwijderen
var oRs2 = Oracle.Execute(sql2);
if (oRs2.Eof)
{
this.error("Invalid APIKEY: " + this.APIKEY);
oRs2.Close();
Response.End;
};
__Log("API User is: " + oRs2("prs_perslid_naam"));
user_key = oRs2("prs_perslid_key").Value;
oRs2.Close();
}
}
this.apidata =
{
APIname: APIname,
APIKEY: APIKEY,
APIname: this.APIname,
APIKEY: this.APIKEY,
file: oRs("fac_api_filepath").Value,
prs_perslid_key: oRs2("prs_perslid_key").Value,
prs_perslid_key: user_key,
loglevel: oRs("fac_api_loglevel").Value,
usrrap_key: oRs("fac_usrrap_key").Value,
stylesheet: oRs("fac_api_stylesheet").Value,
@@ -67,7 +80,6 @@ function API_func(APIname, APIKEY)
this.error("Invalid api 'viewmapping': " + e.description);
}
oRs2.Close();
oRs.Close();
// Wij doen niets met eventuele prs_perslid_key; dat doet loginTry.asp maar voor ons
}

12
APPL/API/api_SOAP.asp
View File

@@ -49,16 +49,14 @@
try
{
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY); // Valideert ook
var API = new API_func(); // Valideert ook
var asJSON = getQParam("json","0")!="0";
var xmlReq = Server.CreateObject("MSXML2.DOMDocument.6.0");
xmlReq.load(Request);
if (API.apidata.loglevel) __Log2File(xmlReq.xml, APIname + "_IN");
if (API.apidata.loglevel) __Log2File(xmlReq.xml, API.APIname + "_IN");
if (xmlReq.documentElement.firstChild.prefix)
var soapns = xmlReq.documentElement.firstChild.prefix + ":";
@@ -307,7 +305,7 @@ try
var xml_content = get_fac_xml('$AspSession$');
}
if (API.apidata.loglevel) __Log2File(xml_content, APIname + "_DATA");
if (API.apidata.loglevel) __Log2File(xml_content, API.APIname + "_DATA");
if (asJSON)
Response.ContentType = "application/json";
@@ -349,7 +347,7 @@ try
Response.Status = "304 Not modified";
Response.End;
}
if (API.apidata.loglevel) __Log2File(antwoord, APIname + "_OUT");
if (API.apidata.loglevel) __Log2File(antwoord, API.APIname + "_OUT");
Response.write(antwoord);
}
}
@@ -359,7 +357,7 @@ try
// die req-parameter is waarschijnlijk vrij zinloos
var params = { mode: req };
if (API.apidata.loglevel)
params.log_postfix = APIname + "_OUT";
params.log_postfix = API.APIname + "_OUT";
STR2Stream(xml_content, stylesheet, Response, params);
}
}

7
APPL/API/api_XMLNode.asp
View File

@@ -19,6 +19,8 @@
<!-- #include file="../api/api.inc" -->
<%
var API = new API_func();
Session.Codepage = 65001;
Response.Charset = 'utf-8';
@@ -26,7 +28,7 @@
function XML2TEMP(xml, postfix)
{
if (!API.apidata.loglevel) return;
var in_file = Server.MapPath("./temp") + "/" + customerId + "_" + APIname + "_" + postfix + "_";
var in_file = Server.MapPath("./temp") + "/" + customerId + "_" + API.APIname + "_" + postfix + "_";
var jsDate = new Date();
var s = String(jsDate.getFullYear()) + padout(jsDate.getMonth() + 1) + padout(jsDate.getDate())
+ padout(jsDate.getHours()) + padout(jsDate.getMinutes()) + padout(jsDate.getSeconds())
@@ -39,9 +41,6 @@
ts.Close();
}
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
Session("logging") = API.apidata.loglevel||0;
var xmlReq = Server.CreateObject("MSXML2.DOMDocument.6.0");

4
APPL/API/api_algsoap.asp
View File

@@ -23,7 +23,5 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
%>

6
APPL/API/api_besordsoap.asp
View File

@@ -28,9 +28,7 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var tsql = "-"; // Voor tijdelijke statement(s)
var sql = "-"; // De uiteindelijke update-sql
var resultcode = -1; /* Zolang deze -1 is, is het nog goed. Uiteindelijk eindigt het met 0 (als goed). */
@@ -50,7 +48,7 @@
else
xmlReq.load(Request);
if (API.apidata.loglevel) __Log2File(xmlReq.xml, APIname + "_TUSSEN");
if (API.apidata.loglevel) __Log2File(xmlReq.xml, API.APIname + "_TUSSEN");
var xmlResp = new ActiveXObject("MSXML2.DOMDocument.6.0");
xmlResp.appendChild(xmlResp.createProcessingInstruction("xml", "version=\"1.0\" encoding=\"utf-8\""))

4
APPL/API/api_bessoap.asp
View File

@@ -28,9 +28,7 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var tsql = "-"; // Voor tijdelijke statement(s)
var sql = "-"; // De uiteindelijke insert/update-sql
var xmlReq = Server.CreateObject("MSXML2.DOMDocument.6.0");

4
APPL/API/api_bezsoap.asp
View File

@@ -70,9 +70,7 @@ THIS_FILE = "appl/api/api_bezsoap.asp";
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
// XML Omzetten naar equivalente JSON
// var xmlReq = Server.CreateObject("MSXML2.DOMDocument.6.0");

4
APPL/API/api_cntsoap.asp
View File

@@ -25,9 +25,7 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var tsql = "-"; // Voor tijdelijke statement(s)
var sql = "-"; // De uiteindelijke insert/update-sql
var resultcode = -1; /* Zolang deze -1 is, is het nog goed. Uiteindelijk eindigt het met 0 (als goed). */

4
APPL/API/api_fetchXML.asp
View File

@@ -21,9 +21,7 @@
<!-- #include file="../api/api.inc" -->
<%
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var usrrap_key = API.apidata.usrrap_key;
//var viewname = API.apidata.viewname;

4
APPL/API/api_finsoap.asp
View File

@@ -23,7 +23,5 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
%>

8
APPL/API/api_gen_import.asp
View File

@@ -23,9 +23,7 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var import_app_key = API.apidata.options['import_app_key'];
var bytes = Request.TotalBytes;
@@ -42,11 +40,11 @@
fileStream.Write(Request.BinaryRead(bytes));
if (API.apidata.loglevel & 1)
fileStream.SaveToFile(Server.MapPath(rooturl + "/temp/") + "/" + customerId + "_" + APIname + ".tmp", 2); // 2=create
fileStream.SaveToFile(Server.MapPath(rooturl + "/temp/") + "/" + customerId + "_" + API.APIname + ".tmp", 2); // 2=create
var res = impReadStream(fileStream, import_app_key,
{ fac_home: Server.MapPath(rooturl + "/") + "/",
filepathname: "API " + APIname,
filepathname: "API " + API.APIname,
customerId: customerId,
keep_old: 300, // Parallelle import 300 seconden ondersteunen
user_key: user_key,

7
APPL/API/api_hmail.asp
View File

@@ -22,9 +22,8 @@
<!-- #include file="../Shared/upload.inc" -->
<!-- #include file="../api/api.inc" -->
<%
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
function abortRejectMail(tekst)
{
@@ -58,7 +57,7 @@ if (xmlReq.parseError.errorCode != 0)
}
if (API.apidata.loglevel)
__Log2File(xmlReq.xml, APIname + "_IN");
__Log2File(xmlReq.xml, API.APIname + "_IN");
var Subject = XMLval(xmlReq, "subject");
var fromAddr = XMLval(xmlReq, "from");

8
APPL/API/api_inssoap.asp
View File

@@ -36,9 +36,7 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var asJSON = getQParam("json","0")!="0";
@@ -59,7 +57,7 @@
else
xmlReq.load(Request);
if (API.apidata.loglevel) __Log2File(xmlReq.xml, APIname + "_TUSSEN");
if (API.apidata.loglevel) __Log2File(xmlReq.xml, API.APIname + "_TUSSEN");
var xmlResp = new ActiveXObject("MSXML2.DOMDocument.6.0");
xmlResp.appendChild(xmlResp.createProcessingInstruction("xml", "version=\"1.0\" encoding=\"utf-8\""))
@@ -255,7 +253,7 @@
xmlResp.appendChild(FCLTElement);
if (API.apidata.loglevel) __Log2File(xmlResp.xml, APIname + "_TUSSEN_OUT");
if (API.apidata.loglevel) __Log2File(xmlResp.xml, API.APIname + "_TUSSEN_OUT");
if (API.apidata.stylesheet)
{
// Niet super efficient dat we eerst naar tekstuele xml gaan maar ach...

6
APPL/API/api_mldsoap.asp
View File

@@ -28,9 +28,7 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var tsql = "-"; // Voor tijdelijke statement(s)
var sql = "-"; // De uiteindelijke insert/update-sql
var resultcode = -1; /* Zolang deze -1 is, is het nog goed. Uiteindelijk eindigt het met 0 (als goed). */
@@ -51,7 +49,7 @@ if (API.apidata.stylesheet)
else
xmlReq.load(Request);
if (API.apidata.loglevel) __Log2File(xmlReq.xml, APIname + "_IN");
if (API.apidata.loglevel) __Log2File(xmlReq.xml, API.APIname + "_IN");
var xmlResp = new ActiveXObject("MSXML2.DOMDocument.6.0");
xmlResp.appendChild(xmlResp.createProcessingInstruction("xml", "version=\"1.0\" encoding=\"utf-8\""))

8
APPL/API/api_opdrsoap.asp
View File

@@ -30,9 +30,7 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var MLDremark = 0; // 0= negeer, 1=append bij autoorder, 2=overwrite bij autoorder, 5=append altijd, 6=overwrite altijd
var ORDremark = 2; //
@@ -78,14 +76,14 @@ if (API.apidata.stylesheet)
+ "(" + inputXML.parseError.linepos + ")"
, "#ff0000");
}
if (API.apidata.loglevel) __Log2File(inputXML.xml, APIname + "_IN");
if (API.apidata.loglevel) __Log2File(inputXML.xml, API.APIname + "_IN");
inputXML.transformNodeToObject(iXsl, xmlReq);
}
else
xmlReq.load(Request);
if (API.apidata.loglevel) __Log2File(xmlReq.xml, APIname + "_TUSSEN");
if (API.apidata.loglevel) __Log2File(xmlReq.xml, API.APIname + "_TUSSEN");
var xmlResp = new ActiveXObject("MSXML2.DOMDocument.6.0");
xmlResp.appendChild(xmlResp.createProcessingInstruction("xml", "version=\"1.0\" encoding=\"utf-8\""))

6
APPL/API/api_perslid.asp
View File

@@ -28,9 +28,7 @@
try
{
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY); // Valideert ook
var API = new API_func(); // Valideert ook
var asJSON = getQParam("json","0")!="0";
@@ -162,7 +160,7 @@ try
Response.Status = "304 Not modified";
Response.End;
}
if (API.apidata.loglevel) __Log2File(antwoord, APIname + "_OUT");
if (API.apidata.loglevel) __Log2File(antwoord, API.APIname + "_OUT");
Response.write(antwoord);
}
catch (e)

4
APPL/API/api_prssoap.asp
View File

@@ -23,7 +23,5 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
%>

4
APPL/API/api_report.asp
View File

@@ -17,9 +17,7 @@
<!-- #include file="../api/api.inc" -->
<%
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var BOOKMARK = getQParam("BOOKMARK", "");

6
APPL/API/api_ressoap.asp
View File

@@ -29,9 +29,7 @@
Session.Codepage = 65001;
Response.Charset = 'utf-8';
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var tsql = "-"; // Voor tijdelijke statement(s)
var sql = "-"; // De uiteindelijke insert/update-sql
var xmlReq = Server.CreateObject("MSXML2.DOMDocument.6.0");
@@ -49,7 +47,7 @@
else
xmlReq.load(Request);
if (API.apidata.loglevel) __Log2File(xmlReq.xml, APIname + "_IN");
if (API.apidata.loglevel) __Log2File(xmlReq.xml, API.APIname + "_IN");
var xmlResp = new ActiveXObject("MSXML2.DOMDocument.6.0");
xmlResp.appendChild(xmlResp.createProcessingInstruction("xml", "version=\"1.0\" encoding=\"utf-8\""))

6
APPL/API/api_ressoap_info.asp
View File

@@ -31,9 +31,7 @@
try
{
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY); // Valideert ook
var API = new API_func(); // Valideert ook
var asJSON = getQParam("json","0")!="0";
@@ -146,7 +144,7 @@ var result = { header: headerinfo,
Response.Status = "304 Not modified";
Response.End;
}
if (API.apidata.loglevel) __Log2File(antwoord, APIname + "_OUT");
if (API.apidata.loglevel) __Log2File(antwoord, API.APIname + "_OUT");
Response.write(antwoord);
}
catch (e)

4
APPL/API/get_phonebook_info.asp
View File

@@ -19,9 +19,7 @@
<!-- #include file="../api/api.inc" -->
<%
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var callback = getQParam("callback", null);

4
APPL/API/phonebook_js.asp
View File

@@ -21,9 +21,7 @@ var EXPIRED_PASSWORD_OK = true; // performance
<!-- #include file="../api/api.inc" -->
<%
var APIname = getQParam("API");
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
var nojQuery = getQParam("nojQuery", 0)==1;

2
APPL/FAC/facilitor.inc
View File

@@ -19,7 +19,7 @@ if (Request.QueryString("u").Count>0)
}
// Deze overruled veel:
if (Request.QueryString("API").Count>0 && Request.QueryString("APIKEY").Count>0
if (Request.QueryString("API").Count>0
&& Request.QueryString("Jumpto").Count == 0 ) // Niet bij Jumpto's
{
Server.Transfer("appl/api/api.asp");

10
APPL/Shared/Common.inc
View File

@@ -220,16 +220,6 @@ if (user_key < 0 && typeof LOGIN_try == "undefined")
if (user_key < 0 && typeof ANONYMOUS_Allowed == "undefined")
{
if (0 && Request.QueryString("apikey").Count>0)
{
Response.Status = "401 Unauthorized";
// Response.AddHeader("WWW-Authenticate", "Basic realm=\"FACILITOR API2\"");
// Bovenstaande zou alleen logisch zijn als we *zelf* usernaam/wachtwoord
// uit Basic Authentication kunnen plukken en tegen PRS_PERSLID kunnen matchen
// We ondersteunen echter alleen dat IIS dat voor ons doet tegen
// Windows-username/wachtwoord. Dus die geeft ook maar de realm op.
Response.End;
}
if (JSON_Result) // Login scherm werkt toch niet
{
Response.Clear();

4
APPL/Shared/Shared.inc
View File

@@ -1229,7 +1229,7 @@ function determineCustomerId()
var trycust = "";
if ( typeof Session("customerId") == "undefined" ) // ASP-Sessie verlopen of nieuw binnen.
{
if (Request.QueryString("api").Count>0 && Request.QueryString("apikey").Count>0)
if (Request.QueryString("api").Count>0)
{
Session.Abandon(); // Voorkom dat een session ontstaat doordat we een API-call doen.
// When the Abandon method is called, the current Session object is queued for deletion
@@ -1356,7 +1356,7 @@ myJSON =
}
HTTP =
{ // params: type, data, headers, APIKEY
{ // params: type, data, headers, APIKEY (voor API2)
getJSON: function _getJSON(url, params) // Serverside variant van jQuery $.getJSON
{
params = params || {};

5
APPL/Shared/loginTry.asp
View File

@@ -109,10 +109,9 @@ if (user_key < 0)
// bestaande sessie ongeldig wordt (Vinder/ telefoongids)
// JGL (later) maar volgens mij komt je dan hier helemaal niet dus is het niet echt relevant
var APIname = getQParam("API", "");
var APIKEY = getQParam("APIKEY", "");
if (user_key < 0 && APIname && APIKEY)
if (user_key < 0 && APIname)
{
var API = new API_func(APIname, APIKEY); // controleert vanzelf
var API = new API_func(); // controleert vanzelf
if (API.apidata.prs_perslid_key)
user_key = API.apidata.prs_perslid_key;

3
APPL/Shared/resultset_table_v2.inc
View File

@@ -21,8 +21,7 @@ var APIname = getQParam("API","");
var book_id = null;
if (APIname == "REPORT")
{
var APIKEY = getQParam("APIKEY");
var API = new API_func(APIname, APIKEY);
var API = new API_func();
book_id = getQParam("BOOKMARK");
var sql = "SELECT fac_bookmark_path, "
+ " fac_bookmark_query"