http://git-wip-us.apache.org/repos/asf/atlas-website/blob/58bb55a6/api/v2/ui/lib/swagger-oauth.js ---------------------------------------------------------------------- diff --git a/api/v2/ui/lib/swagger-oauth.js b/api/v2/ui/lib/swagger-oauth.js index a35bda3..7160291 100644 --- a/api/v2/ui/lib/swagger-oauth.js +++ b/api/v2/ui/lib/swagger-oauth.js @@ -1,347 +1 @@ -var appName; -var popupMask; -var popupDialog; -var clientId; -var realm; -var redirect_uri; -var clientSecret; -var scopeSeparator; -var additionalQueryStringParams; - -function handleLogin() { - var scopes = []; - - var auths = window.swaggerUi.api.authSchemes || window.swaggerUi.api.securityDefinitions; - if(auths) { - var key; - var defs = auths; - for(key in defs) { - var auth = defs[key]; - if(auth.type === 'oauth2' && auth.scopes) { - var scope; - if(Array.isArray(auth.scopes)) { - // 1.2 support - var i; - for(i = 0; i < auth.scopes.length; i++) { - scopes.push(auth.scopes[i]); - } - } - else { - // 2.0 support - for(scope in auth.scopes) { - scopes.push({scope: scope, description: auth.scopes[scope], OAuthSchemeKey: key}); - } - } - } - } - } - - if(window.swaggerUi.api - && window.swaggerUi.api.info) { - appName = window.swaggerUi.api.info.title; - } - - $('.api-popup-dialog').remove(); - popupDialog = $( - [ - '<div class="api-popup-dialog">', - '<div class="api-popup-title">Select OAuth2.0 Scopes</div>', - '<div class="api-popup-content">', - '<p>Scopes are used to grant an application different levels of access to data on behalf of the end user. Each API may declare one or more scopes.', - '<a href="#">Learn how to use</a>', - '</p>', - '<p><strong>' + appName + '</strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>', - '<ul class="api-popup-scopes">', - '</ul>', - '<p class="error-msg"></p>', - '<div class="api-popup-actions"><button class="api-popup-authbtn api-button green" type="button">Authorize</button><button class="api-popup-cancel api-button gray" type="button">Cancel</button></div>', - '</div>', - '</div>'].join('')); - $(document.body).append(popupDialog); - - //TODO: only display applicable scopes (will need to pass them into handleLogin) - popup = popupDialog.find('ul.api-popup-scopes').empty(); - for (i = 0; i < scopes.length; i ++) { - scope = scopes[i]; - str = '<li><input type="checkbox" id="scope_' + i + '" scope="' + scope.scope + '"' +'" oauthtype="' + scope.OAuthSchemeKey +'"/>' + '<label for="scope_' + i + '">' + scope.scope ; - if (scope.description) { - if ($.map(auths, function(n, i) { return i; }).length > 1) //if we have more than one scheme, display schemes - str += '<br/><span class="api-scope-desc">' + scope.description + ' ('+ scope.OAuthSchemeKey+')' +'</span>'; - else - str += '<br/><span class="api-scope-desc">' + scope.description + '</span>'; - } - str += '</label></li>'; - popup.append(str); - } - - var $win = $(window), - dw = $win.width(), - dh = $win.height(), - st = $win.scrollTop(), - dlgWd = popupDialog.outerWidth(), - dlgHt = popupDialog.outerHeight(), - top = (dh -dlgHt)/2 + st, - left = (dw - dlgWd)/2; - - popupDialog.css({ - top: (top < 0? 0 : top) + 'px', - left: (left < 0? 0 : left) + 'px' - }); - - popupDialog.find('button.api-popup-cancel').click(function() { - popupMask.hide(); - popupDialog.hide(); - popupDialog.empty(); - popupDialog = []; - }); - - $('button.api-popup-authbtn').unbind(); - popupDialog.find('button.api-popup-authbtn').click(function() { - popupMask.hide(); - popupDialog.hide(); - - var authSchemes = window.swaggerUi.api.authSchemes; - var host = window.location; - var pathname = location.pathname.substring(0, location.pathname.lastIndexOf("/")); - var defaultRedirectUrl = host.protocol + '//' + host.host + pathname + '/o2c.html'; - var redirectUrl = window.oAuthRedirectUrl || defaultRedirectUrl; - var url = null; - var scopes = [] - var o = popup.find('input:checked'); - var OAuthSchemeKeys = []; - var state; - for(k =0; k < o.length; k++) { - var scope = $(o[k]).attr('scope'); - if (scopes.indexOf(scope) === -1) - scopes.push(scope); - var OAuthSchemeKey = $(o[k]).attr('oauthtype'); - if (OAuthSchemeKeys.indexOf(OAuthSchemeKey) === -1) - OAuthSchemeKeys.push(OAuthSchemeKey); - } - - //TODO: merge not replace if scheme is different from any existing - //(needs to be aware of schemes to do so correctly) - window.enabledScopes=scopes; - - for (var key in authSchemes) { - if (authSchemes.hasOwnProperty(key) && OAuthSchemeKeys.indexOf(key) != -1) { //only look at keys that match this scope. - var flow = authSchemes[key].flow; - - if(authSchemes[key].type === 'oauth2' && flow && (flow === 'implicit' || flow === 'accessCode')) { - var dets = authSchemes[key]; - url = dets.authorizationUrl + '?response_type=' + (flow === 'implicit' ? 'token' : 'code'); - window.swaggerUi.tokenName = dets.tokenName || 'access_token'; - window.swaggerUi.tokenUrl = (flow === 'accessCode' ? dets.tokenUrl : null); - state = key; - } - else if(authSchemes[key].type === 'oauth2' && flow && (flow === 'application')) { - var dets = authSchemes[key]; - window.swaggerUi.tokenName = dets.tokenName || 'access_token'; - clientCredentialsFlow(scopes, dets.tokenUrl, key); - return; - } - else if(authSchemes[key].grantTypes) { - // 1.2 support - var o = authSchemes[key].grantTypes; - for(var t in o) { - if(o.hasOwnProperty(t) && t === 'implicit') { - var dets = o[t]; - var ep = dets.loginEndpoint.url; - url = dets.loginEndpoint.url + '?response_type=token'; - window.swaggerUi.tokenName = dets.tokenName; - } - else if (o.hasOwnProperty(t) && t === 'accessCode') { - var dets = o[t]; - var ep = dets.tokenRequestEndpoint.url; - url = dets.tokenRequestEndpoint.url + '?response_type=code'; - window.swaggerUi.tokenName = dets.tokenName; - } - } - } - } - } - - redirect_uri = redirectUrl; - - url += '&redirect_uri=' + encodeURIComponent(redirectUrl); - url += '&realm=' + encodeURIComponent(realm); - url += '&client_id=' + encodeURIComponent(clientId); - url += '&scope=' + encodeURIComponent(scopes.join(scopeSeparator)); - url += '&state=' + encodeURIComponent(state); - for (var key in additionalQueryStringParams) { - url += '&' + key + '=' + encodeURIComponent(additionalQueryStringParams[key]); - } - - window.open(url); - }); - - popupMask.show(); - popupDialog.show(); - return; -} - - -function handleLogout() { - for(key in window.swaggerUi.api.clientAuthorizations.authz){ - window.swaggerUi.api.clientAuthorizations.remove(key) - } - window.enabledScopes = null; - $('.api-ic.ic-on').addClass('ic-off'); - $('.api-ic.ic-on').removeClass('ic-on'); - - // set the info box - $('.api-ic.ic-warning').addClass('ic-error'); - $('.api-ic.ic-warning').removeClass('ic-warning'); -} - -function initOAuth(opts) { - var o = (opts||{}); - var errors = []; - - appName = (o.appName||errors.push('missing appName')); - popupMask = (o.popupMask||$('#api-common-mask')); - popupDialog = (o.popupDialog||$('.api-popup-dialog')); - clientId = (o.clientId||errors.push('missing client id')); - clientSecret = (o.clientSecret||null); - realm = (o.realm||errors.push('missing realm')); - scopeSeparator = (o.scopeSeparator||' '); - additionalQueryStringParams = (o.additionalQueryStringParams||{}); - - if(errors.length > 0){ - log('auth unable initialize oauth: ' + errors); - return; - } - - $('pre code').each(function(i, e) {hljs.highlightBlock(e)}); - $('.api-ic').unbind(); - $('.api-ic').click(function(s) { - if($(s.target).hasClass('ic-off')) - handleLogin(); - else { - handleLogout(); - } - false; - }); -} - -function clientCredentialsFlow(scopes, tokenUrl, OAuthSchemeKey) { - var params = { - 'client_id': clientId, - 'client_secret': clientSecret, - 'scope': scopes.join(' '), - 'grant_type': 'client_credentials' - } - $.ajax( - { - url : tokenUrl, - type: "POST", - data: params, - success:function(data, textStatus, jqXHR) - { - onOAuthComplete(data,OAuthSchemeKey); - }, - error: function(jqXHR, textStatus, errorThrown) - { - onOAuthComplete(""); - } - }); - - } - -window.processOAuthCode = function processOAuthCode(data) { - var OAuthSchemeKey = data.state; - - // redirect_uri is required in auth code flow - // see https://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.3 - var host = window.location; - var pathname = location.pathname.substring(0, location.pathname.lastIndexOf("/")); - var defaultRedirectUrl = host.protocol + '//' + host.host + pathname + '/o2c.html'; - var redirectUrl = window.oAuthRedirectUrl || defaultRedirectUrl; - - var params = { - 'client_id': clientId, - 'code': data.code, - 'grant_type': 'authorization_code', - 'redirect_uri': redirectUrl - }; - - if (clientSecret) { - params.client_secret = clientSecret; - } - - $.ajax( - { - url : window.swaggerUi.tokenUrl, - type: "POST", - data: params, - success:function(data, textStatus, jqXHR) - { - onOAuthComplete(data, OAuthSchemeKey); - }, - error: function(jqXHR, textStatus, errorThrown) - { - onOAuthComplete(""); - } - }); -}; - -window.onOAuthComplete = function onOAuthComplete(token,OAuthSchemeKey) { - if(token) { - if(token.error) { - var checkbox = $('input[type=checkbox],.secured') - checkbox.each(function(pos){ - checkbox[pos].checked = false; - }); - alert(token.error); - } - else { - var b = token[window.swaggerUi.tokenName]; - if (!OAuthSchemeKey){ - OAuthSchemeKey = token.state; - } - if(b){ - // if all roles are satisfied - var o = null; - $.each($('.auth .api-ic .api_information_panel'), function(k, v) { - var children = v; - if(children && children.childNodes) { - var requiredScopes = []; - $.each((children.childNodes), function (k1, v1){ - var inner = v1.innerHTML; - if(inner) - requiredScopes.push(inner); - }); - var diff = []; - for(var i=0; i < requiredScopes.length; i++) { - var s = requiredScopes[i]; - if(window.enabledScopes && window.enabledScopes.indexOf(s) == -1) { - diff.push(s); - } - } - if(diff.length > 0){ - o = v.parentNode.parentNode; - $(o.parentNode).find('.api-ic.ic-on').addClass('ic-off'); - $(o.parentNode).find('.api-ic.ic-on').removeClass('ic-on'); - - // sorry, not all scopes are satisfied - $(o).find('.api-ic').addClass('ic-warning'); - $(o).find('.api-ic').removeClass('ic-error'); - } - else { - o = v.parentNode.parentNode; - $(o.parentNode).find('.api-ic.ic-off').addClass('ic-on'); - $(o.parentNode).find('.api-ic.ic-off').removeClass('ic-off'); - - // all scopes are satisfied - $(o).find('.api-ic').addClass('ic-info'); - $(o).find('.api-ic').removeClass('ic-warning'); - $(o).find('.api-ic').removeClass('ic-error'); - } - } - }); - window.swaggerUi.api.clientAuthorizations.add(window.OAuthSchemeKey, new SwaggerClient.ApiKeyAuthorization('Authorization', 'Bearer ' + b, 'header')); - window.swaggerUi.load(); - } - } - } -}; +function handleLogin(){var e=[],o=window.swaggerUiAuth.authSchemes||window.swaggerUiAuth.securityDefinitions;if(o){var i,n=o;for(i in n){var a=n[i];if("oauth2"===a.type&&a.scopes){var t;if(Array.isArray(a.scopes)){var p;for(p=0;p<a.scopes.length;p++)e.push(a.scopes[p])}else for(t in a.scopes)e.push({scope:t,description:a.scopes[t],OAuthSchemeKey:i})}}}for(window.swaggerUi.api&&window.swaggerUi.api.info&&(appName=window.swaggerUi.api.info.title),$(".api-popup-dialog").remove(),popupDialog=$(['<div class="api-popup-dialog">','<div class="api-popup-title">Select OAuth2.0 Scopes</div>','<div class="api-popup-content">',"<p>Scopes are used to grant an application different levels of access to data on behalf of the end user. Each API may declare one or more scopes.",'<a href="#">Learn how to use</a>',"</p>","<p><strong>"+appName+"</strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>",'<ul class="api-popup-scopes">',"</ul>",'<p class="error-msg "></p>','<div class="api-popup-actions"><button class="api-popup-authbtn api-button green" type="button">Authorize</button><button class="api-popup-cancel api-button gray" type="button">Cancel</button></div>',"</div>","</div>"].join("")),$(document.body).append(popupDialog),popup=popupDialog.find("ul.api-popup-scopes").empty(),p=0;p<e.length;p++)t=e[p],str='<li><input type="checkbox" id="scope_'+p+'" scope="'+t.scope+'"" oauthtype="'+t.OAuthSchemeKey+'"/><label for="scope_'+p+'">'+t.scope,t.description&&($.map(o,function(e,o){return o}).length>1?str+='<br/><span class="api-scope-desc">'+t.description+" ("+t.OAuthSchemeKey+")</span>":str+='<br/><span class="api-scope-desc">'+t.description+"</span>"),str+="</label></li>",popup.append(str);var r=$(window),s=r.width(),c=r.height(),l=r.scrollTop(),d=popupDialog.outerWidth(),u=popupDialog.outerHeight(),h=(c-u)/2+l,g=(s-d)/2;popupDialog.css({top:(h<0?0:h)+"px",left:(g<0?0:g)+"px"}),popupDialog.find("button.api-popup-cancel").click(function (){popupMask.hide(),popupDialog.hide(),popupDialog.empty(),popupDialog=[]}),$("button.api-popup-authbtn").unbind(),popupDialog.find("button.api-popup-authbtn").click(function(){function e(e){return e.vendorExtensions["x-tokenName"]||e.tokenName}popupMask.hide(),popupDialog.hide();var o,i=window.swaggerUi.api.authSchemes,n=window.location,a=location.pathname.substring(0,location.pathname.lastIndexOf("/")),t=n.protocol+"//"+n.host+a+"/o2c.html",p=window.oAuthRedirectUrl||t,r=null,s=[],c=popup.find("input:checked"),l=[];for(k=0;k<c.length;k++){var d=$(c[k]).attr("scope");s.indexOf(d)===-1&&s.push(d);var u=$(c[k]).attr("oauthtype");l.indexOf(u)===-1&&l.push(u)}window.enabledScopes=s;for(var h in i)if(i.hasOwnProperty(h)&&l.indexOf(h)!=-1){var g=i[h].flow;if("oauth2"!==i[h].type||!g||"implicit"!==g&&"accessCode"!==g){if("oauth2"===i[h].type&&g&&"application"===g){var w=i[h];return window.swaggerUi.tokenName=e(w)||"access_token",void clientCredentialsFlow(s,w.tokenUrl,h)}if(i[h].grantType s){var c=i[h].grantTypes;for(var f in c)if(c.hasOwnProperty(f)&&"implicit"===f){var w=c[f];w.loginEndpoint.url;r=w.loginEndpoint.url+"?response_type=token",window.swaggerUi.tokenName=e(w)}else if(c.hasOwnProperty(f)&&"accessCode"===f){var w=c[f];w.tokenRequestEndpoint.url;r=w.tokenRequestEndpoint.url+"?response_type=code",window.swaggerUi.tokenName=e(w)}}}else{var w=i[h];r=w.authorizationUrl+"?response_type="+("implicit"===g?"token":"code"),window.swaggerUi.tokenName=e(w)||"access_token",window.swaggerUi.tokenUrl="accessCode"===g?w.tokenUrl:null,o=h}}redirect_uri=p,r+="&redirect_uri="+encodeURIComponent(p),r+="&realm="+encodeURIComponent(realm),r+="&client_id="+encodeURIComponent(clientId),r+="&scope="+encodeURIComponent(s.join(scopeSeparator)),r+="&state="+encodeURIComponent(o);for(var h in additionalQueryStringParams)r+="&"+h+"="+encodeURIComponent(additionalQueryStringParams[h]);window.open(r)}),popupMask.show(),popupDialog.show()}function handleLogout(){for(key in window.swagger Ui.api.clientAuthorizations.authz)window.swaggerUi.api.clientAuthorizations.remove(key);window.enabledScopes=null,$(".api-ic.ic-on").addClass("ic-off"),$(".api-ic.ic-on").removeClass("ic-on"),$(".api-ic.ic-warning").addClass("ic-error"),$(".api-ic.ic-warning").removeClass("ic-warning")}function initOAuth(e){var o=e||{},i=[];return appName=o.appName||i.push("missing appName"),popupMask=o.popupMask||$("#api-common-mask"),popupDialog=o.popupDialog||$(".api-popup-dialog"),clientId=o.clientId||i.push("missing client id"),clientSecret=o.clientSecret||null,realm=o.realm||i.push("missing realm"),scopeSeparator=o.scopeSeparator||" ",additionalQueryStringParams=o.additionalQueryStringParams||{},i.length>0?void log("auth unable initialize oauth: "+i):($("pre code").each(function(e,o){hljs.highlightBlock(o)}),$(".api-ic").unbind(),void $(".api-ic").click(function(e){$(e.target).hasClass("ic-off")?handleLogin():handleLogout()}))}function clientCredentialsFlow(e,o,i){var n={client_id:clientId,cli ent_secret:clientSecret,scope:e.join(" "),grant_type:"client_credentials"};$.ajax({url:o,type:"POST",data:n,success:function(e,o,n){onOAuthComplete(e,i)},error:function(e,o,i){onOAuthComplete("")}})}var appName,popupMask,popupDialog,clientId,realm,redirect_uri,clientSecret,scopeSeparator,additionalQueryStringParams;window.processOAuthCode=function(e){var o=e.state,i=window.location,n=location.pathname.substring(0,location.pathname.lastIndexOf("/")),a=i.protocol+"//"+i.host+n+"/o2c.html",t=window.oAuthRedirectUrl||a,p={client_id:clientId,code:e.code,grant_type:"authorization_code",redirect_uri:t};clientSecret&&(p.client_secret=clientSecret),$.ajax({url:window.swaggerUiAuth.tokenUrl,type:"POST",data:p,success:function(e,i,n){onOAuthComplete(e,o)},error:function(e,o,i){onOAuthComplete("")}})},window.onOAuthComplete=function(e,o){if(e)if(e.error){var i=$("input[type=checkbox],.secured");i.each(function(e){i[e].checked=!1}),alert(e.error)}else{var n=e[window.swaggerUiAuth.tokenName];if(o ||(o=e.state),n){var a=null;$.each($(".auth .api-ic .api_information_panel"),function(e,o){var i=o;if(i&&i.childNodes){var n=[];$.each(i.childNodes,function(e,o){var i=o.innerHTML;i&&n.push(i)});for(var t=[],p=0;p<n.length;p++){var r=n[p];window.enabledScopes&&window.enabledScopes.indexOf(r)==-1&&t.push(r)}t.length>0?(a=o.parentNode.parentNode,$(a.parentNode).find(".api-ic.ic-on").addClass("ic-off"),$(a.parentNode).find(".api-ic.ic-on").removeClass("ic-on"),$(a).find(".api-ic").addClass("ic-warning"),$(a).find(".api-ic").removeClass("ic-error")):(a=o.parentNode.parentNode,$(a.parentNode).find(".api-ic.ic-off").addClass("ic-on"),$(a.parentNode).find(".api-ic.ic-off").removeClass("ic-off"),$(a).find(".api-ic").addClass("ic-info"),$(a).find(".api-ic").removeClass("ic-warning"),$(a).find(".api-ic").removeClass("ic-error"))}}),"undefined"!=typeof window.swaggerUi&&(window.swaggerUi.api.clientAuthorizations.add(window.swaggerUiAuth.OAuthSchemeKey,new SwaggerClient.ApiKeyAuthorization("Aut horization","Bearer "+n,"header")),window.swaggerUi.load())}}}; \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/atlas-website/blob/58bb55a6/api/v2/ui/o2c.html ---------------------------------------------------------------------- diff --git a/api/v2/ui/o2c.html b/api/v2/ui/o2c.html index 88e8bf1..0cde1d3 100644 --- a/api/v2/ui/o2c.html +++ b/api/v2/ui/o2c.html @@ -1,6 +1,6 @@ <script> var qp = null; -if(window.location.hash) { +if(/code|token|error/.test(window.location.hash)) { qp = location.hash.substring(1); } else { @@ -11,10 +11,10 @@ qp = qp ? JSON.parse('{"' + qp.replace(/&/g, '","').replace(/=/g,'":"') + '"}', return key===""?value:decodeURIComponent(value) } ):{} -if (window.opener.swaggerUi.tokenUrl) +if (window.opener.swaggerUiAuth.tokenUrl) window.opener.processOAuthCode(qp); else window.opener.onOAuthComplete(qp); window.close(); -</script> \ No newline at end of file +</script>