[Libreoffice-commits] online.git: loleaflet/debug loleaflet/src loolwsd/Auth.hpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp
Ashod Nakashian
ashod.nakashian at collabora.co.uk
Fri Feb 19 21:45:15 UTC 2016
loleaflet/debug/document/document_simple_example.html | 2
loleaflet/src/core/Socket.js | 2
loolwsd/Auth.hpp | 110 ++++++++++++++++++
loolwsd/LOOLWSD.cpp | 34 +++++
loolwsd/LOOLWSD.hpp | 2
5 files changed, 148 insertions(+), 2 deletions(-)
New commits:
commit d8df19d0642b4cd7bbe514be25e0e9d8a65fd6f3
Author: Ashod Nakashian <ashod.nakashian at collabora.co.uk>
Date: Mon Feb 15 18:05:24 2016 -0500
loolwsd: Authentication and Authorization support
An abstract class to request an access token, given
an authorization grant. The class should be
specialized for each authentication/authorization
type we support.
Currently it's not enabled in the code as it's
an early stage in developing an general API.
Change-Id: I4f2efd376d575640bd3e17c7257994020b11bbe8
Reviewed-on: https://gerrit.libreoffice.org/22512
Reviewed-by: Ashod Nakashian <ashnakash at gmail.com>
Tested-by: Ashod Nakashian <ashnakash at gmail.com>
diff --git a/loleaflet/debug/document/document_simple_example.html b/loleaflet/debug/document/document_simple_example.html
index 2a222ea..001da3e 100644
--- a/loleaflet/debug/document/document_simple_example.html
+++ b/loleaflet/debug/document/document_simple_example.html
@@ -64,6 +64,7 @@
var filePath = getParameterByName('file_path');
var host = getParameterByName('host');
+ var token = getParameterByName('token');
var permission = getParameterByName('permission');
var timestamp = getParameterByName('timestamp');
if (filePath === '') {
@@ -88,6 +89,7 @@
doc: filePath,
renderingOptions: renderingOptions,
server: host,
+ token: token,
//webserver: ..., /* by default derived from 'server' */
permission: permission,
timestamp: timestamp,
diff --git a/loleaflet/src/core/Socket.js b/loleaflet/src/core/Socket.js
index d3ed85b..cf8a531 100644
--- a/loleaflet/src/core/Socket.js
+++ b/loleaflet/src/core/Socket.js
@@ -9,7 +9,7 @@ L.Socket = L.Class.extend({
initialize: function (map) {
this._map = map;
try {
- this.socket = new WebSocket(map.options.server);
+ this.socket = new WebSocket(map.options.server + '/?token=' + map.options.token);
} catch (e) {
this.fire('error', {msg: _('Socket connection error'), cmd: 'socket', kind: 'failed', id: 3});
return null;
diff --git a/loolwsd/Auth.hpp b/loolwsd/Auth.hpp
new file mode 100644
index 0000000..c234243
--- /dev/null
+++ b/loolwsd/Auth.hpp
@@ -0,0 +1,110 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+// Authentication and Authorization support.
+#ifndef INCLUDED_AUTH_HPP
+#define INCLUDED_AUTH_HPP
+
+#include <string>
+
+#include <Poco/Net/HTTPClientSession.h>
+#include <Poco/Net/HTTPRequest.h>
+#include <Poco/Net/HTTPResponse.h>
+
+#include "Util.hpp"
+
+/// Base class of all Authentication/Authorization implementations.
+class AuthBase
+{
+public:
+
+ /// Called after securing an authorization code to acquire an access token.
+ virtual bool getAccessToken(const std::string& authorizationCode) = 0;
+
+ /// Used to verify the validity of an access token.
+ virtual bool verify(const std::string& token) = 0;
+};
+
+class OAuth : public AuthBase
+{
+public:
+ OAuth(const std::string& clientId,
+ const std::string& clientSecret,
+ const std::string& tokenEndPoint,
+ const std::string& authVerifyUrl) :
+ _clientId(clientId),
+ _clientSecret(clientSecret),
+ _tokenEndPoint(tokenEndPoint),
+ _authVerifyUrl(authVerifyUrl)
+ {
+ }
+
+ //TODO: This MUST be done over TLS to protect the token.
+ bool getAccessToken(const std::string& authorizationCode) override
+ {
+ std::string url = _tokenEndPoint
+ + "?client_id=" + _clientId
+ + "&client_secret=" + _clientSecret
+ + "&grant_type=authorization_code"
+ + "&code=" + authorizationCode;
+ // + "&redirect_uri="
+
+ Poco::URI uri(url);
+ Poco::Net::HTTPClientSession session(uri.getHost(), uri.getPort());
+ Poco::Net::HTTPRequest request(Poco::Net::HTTPRequest::HTTP_POST, url, Poco::Net::HTTPMessage::HTTP_1_1);
+ Poco::Net::HTTPResponse response;
+ session.sendRequest(request);
+ std::istream& rs = session.receiveResponse(response);
+ Log::info() << "Status: " << response.getStatus() << " " << response.getReason() << Log::end;
+ std::string reply(std::istreambuf_iterator<char>(rs), {});
+ Log::info("Response: " + reply);
+ //TODO: Parse the token.
+
+ return true;
+ }
+
+ bool verify(const std::string& token) override
+ {
+ const std::string url = _authVerifyUrl + token;
+ Log::debug("Verifying authorization token from: " + url);
+ Poco::URI uri(url);
+ Poco::Net::HTTPClientSession session(uri.getHost(), uri.getPort());
+ Poco::Net::HTTPRequest request(Poco::Net::HTTPRequest::HTTP_GET, url, Poco::Net::HTTPMessage::HTTP_1_1);
+ Poco::Net::HTTPResponse response;
+ session.sendRequest(request);
+ std::istream& rs = session.receiveResponse(response);
+ Log::info() << "Status: " << response.getStatus() << " " << response.getReason() << Log::end;
+ std::string reply(std::istreambuf_iterator<char>(rs), {});
+ Log::info("Response: " + reply);
+
+ //TODO: Parse the response.
+ /*
+ // This is used for the demo site.
+ const auto lastLogTime = strtoul(reply.c_str(), nullptr, 0);
+ if (lastLogTime < 1)
+ {
+ //TODO: Redirect to login page.
+ return;
+ }
+ */
+
+ return true;
+ }
+
+private:
+ const std::string _clientId;
+ const std::string _clientSecret;
+ const std::string _tokenEndPoint;
+ const std::string _authVerifyUrl;
+};
+
+
+
+#endif
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index 03ca11e..75a83b2 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -101,6 +101,8 @@ DEALINGS IN THE SOFTWARE.
#include <Poco/URI.h>
#include <Poco/Environment.h>
+#include "Admin.hpp"
+#include "Auth.hpp"
#include "Common.hpp"
#include "Capabilities.hpp"
#include "LOOLProtocol.hpp"
@@ -110,7 +112,6 @@ DEALINGS IN THE SOFTWARE.
#include "LOOLWSD.hpp"
#include "QueueHandler.hpp"
#include "Util.hpp"
-#include "Admin.hpp"
using namespace LOOLProtocol;
@@ -476,9 +477,36 @@ private:
}
}
+ bool authenticate(HTTPServerRequest& request, HTTPServerResponse& response, const std::string& id)
+ {
+ (void)response;
+ Log::info("Authenticating Get request processor for session [" + id + "].");
+ std::string token;
+ for (auto& pair : Poco::URI(request.getURI()).getQueryParameters())
+ {
+ if (pair.first == "token")
+ {
+ token = pair.second;
+ break;
+ }
+ }
+
+ //TODO:
+ //AuthAgent.verify(token);
+ return true;
+ }
+
void handleGetRequest(HTTPServerRequest& request, HTTPServerResponse& response, const std::string& id)
{
Log::info("Starting Get request processor for session [" + id + "].");
+
+ //TODO: Authenticate the caller.
+ // authenticate(request, response);
+
+ Poco::Net::NameValueCollection cookies;
+ request.getCookies(cookies);
+ Log::info("Cookie: " + cookies.get("PHPSESSID", ""));
+
auto ws = std::make_shared<WebSocket>(request, response);
auto session = std::make_shared<MasterProcessSession>(id, LOOLSession::Kind::ToClient, ws);
@@ -537,6 +565,7 @@ public:
}
else
{
+ //authenticate(request, response, id);
handleGetRequest(request, response, id);
}
}
@@ -733,6 +762,9 @@ const std::string LOOLWSD::PIDLOG = "/tmp/loolwsd.pid";
const std::string LOOLWSD::FIFO_PATH = "pipe";
const std::string LOOLWSD::FIFO_LOOLWSD = "loolwsdfifo";
+// Demo Site Verification URL.
+static const std::string DemoAuthVerificationUrl = "http://ec2-54-216-97-44.eu-west-1.compute.amazonaws.com/cloudsuite-demo/verify.php?type&token=";
+
LOOLWSD::LOOLWSD()
{
}
diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp
index bcddcbb..279f201 100644
--- a/loolwsd/LOOLWSD.hpp
+++ b/loolwsd/LOOLWSD.hpp
@@ -22,6 +22,7 @@
#include <Poco/Util/ServerApplication.h>
#include <Poco/Process.h>
+#include "Auth.hpp"
#include "Common.hpp"
#include "Util.hpp"
@@ -160,6 +161,7 @@ public:
static std::string LoTemplate;
static std::string ChildRoot;
static std::string LoSubPath;
+ //static Auth AuthAgent;
static const std::string CHILD_URI;
static const std::string PIDLOG;
More information about the Libreoffice-commits
mailing list