From ac8ac340aff281445cc4dacfa03cf902c4e197ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Wed, 5 Apr 2017 15:53:26 +0200 Subject: [PATCH 1/8] add posdt for application and get token --- src/core/components/auth/oauth2.jsx | 6 +- src/core/components/auth/oauth2.jsx.orig | 218 +++++++++++++++++++++++ src/core/oauth2-authorize.js | 43 +++-- 3 files changed, 254 insertions(+), 13 deletions(-) create mode 100644 src/core/components/auth/oauth2.jsx.orig diff --git a/src/core/components/auth/oauth2.jsx b/src/core/components/auth/oauth2.jsx index 48fe946e..ec24eb01 100644 --- a/src/core/components/auth/oauth2.jsx +++ b/src/core/components/auth/oauth2.jsx @@ -145,7 +145,7 @@ export default class Oauth2 extends React.Component { } { - ( flow === IMPLICIT || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && + ( flow === APPLICATION || flow === IMPLICIT || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && ( !isAuthorized || isAuthorized && this.state.clientId) && @@ -159,7 +159,7 @@ export default class Oauth2 extends React.Component { } { - ( flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && + ( flow === APPLICATION || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && { @@ -205,7 +205,7 @@ export default class Oauth2 extends React.Component { } ) }
- { isValid && flow !== APPLICATION && + { isValid && ( isAuthorized ? : ) diff --git a/src/core/components/auth/oauth2.jsx.orig b/src/core/components/auth/oauth2.jsx.orig new file mode 100644 index 00000000..48fe946e --- /dev/null +++ b/src/core/components/auth/oauth2.jsx.orig @@ -0,0 +1,218 @@ +import React, { PropTypes } from "react" +import oauth2Authorize from "core/oauth2-authorize" + +const IMPLICIT = "implicit" +const ACCESS_CODE = "accessCode" +const PASSWORD = "password" +const APPLICATION = "application" + +export default class Oauth2 extends React.Component { + static propTypes = { + name: PropTypes.string, + authorized: PropTypes.object, + getComponent: PropTypes.func.isRequired, + schema: PropTypes.object.isRequired, + authSelectors: PropTypes.object.isRequired, + authActions: PropTypes.object.isRequired, + errSelectors: PropTypes.object.isRequired, + errActions: PropTypes.object.isRequired, + getConfigs: PropTypes.any + } + + constructor(props, context) { + super(props, context) + let { name, schema, authorized } = this.props + let auth = authorized && authorized.get(name) + let username = auth && auth.get("username") || "" + let clientId = auth && auth.get("clientId") || "" + let clientSecret = auth && auth.get("clientSecret") || "" + let passwordType = auth && auth.get("passwordType") || "none" + + this.state = { + name: name, + schema: schema, + scopes: [], + clientId: clientId, + clientSecret: clientSecret, + username: username, + password: "", + passwordType: passwordType + } + } + + authorize =() => { + let { authActions, errActions, getConfigs } = this.props + let configs = getConfigs() + + errActions.clear({authId: name,type: "auth", source: "auth"}) + oauth2Authorize(this.state, authActions, errActions, configs) + } + + onScopeChange =(e) => { + let { target } = e + let { checked } = target + let scope = target.dataset.value + + if ( checked && this.state.scopes.indexOf(scope) === -1 ) { + let newScopes = this.state.scopes.concat([scope]) + this.setState({ scopes: newScopes }) + } else if ( !checked && this.state.scopes.indexOf(scope) > -1) { + this.setState({ scopes: this.state.scopes.filter((val) => val !== scope) }) + } + } + + onInputChange =(e) => { + let { target : { dataset : { name }, value } } = e + let state = { + [name]: value + } + + this.setState(state) + } + + logout =(e) => { + e.preventDefault() + let { authActions, errActions, name } = this.props + + errActions.clear({authId: name, type: "auth", source: "auth"}) + authActions.logout([ name ]) + } + + render() { + let { schema, getComponent, authSelectors, errSelectors, name } = this.props + const Input = getComponent("Input") + const Row = getComponent("Row") + const Col = getComponent("Col") + const Button = getComponent("Button") + const AuthError = getComponent("authError") + const JumpToPath = getComponent("JumpToPath", true) + const Markdown = getComponent( "Markdown" ) + + let flow = schema.get("flow") + let scopes = schema.get("allowedScopes") || schema.get("scopes") + let authorizedAuth = authSelectors.authorized().get(name) + let isAuthorized = !!authorizedAuth + let errors = errSelectors.allErrors().filter( err => err.get("authId") === name) + let isValid = !errors.filter( err => err.get("source") === "validation").size + + return ( +
+

OAuth2.0

+ + + { isAuthorized &&
Authorized
} + + { ( flow === IMPLICIT || flow === ACCESS_CODE ) &&

Authorization URL: { schema.get("authorizationUrl") }

} + { ( flow === PASSWORD || flow === ACCESS_CODE || flow === APPLICATION ) &&

Token URL: { schema.get("tokenUrl") }

} +

Flow: { schema.get("flow") }

+ + { + flow === PASSWORD && ( !isAuthorized || isAuthorized && this.state.username) && + username: + + { + isAuthorized ? { this.state.username } + : + } + + + } + + { + flow === PASSWORD && !isAuthorized && + password: + + + + + } + + { + flow === PASSWORD && + type: + + { + isAuthorized ? { this.state.passwordType } + : + } + + + } + + { + ( flow === IMPLICIT || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && + ( !isAuthorized || isAuthorized && this.state.clientId) && + + + { + isAuthorized ? { this.state.clientId } + : + } + + + } + + { + ( flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && + + + { + isAuthorized ? { this.state.clientSecret } + : + } + + + } + + { + !isAuthorized && scopes && scopes.size ?
+

Scopes:

+ { scopes.map((description, name) => { + return ( + +
+ + +
+ + ) + }).toArray() + } +
: null + } + + { + errors.valueSeq().map( (error, key) => { + return + } ) + } +
+ { isValid && flow !== APPLICATION && + ( isAuthorized ? + : + ) + } +
+ +
+ ) + } +} diff --git a/src/core/oauth2-authorize.js b/src/core/oauth2-authorize.js index d02b8122..7e58143c 100644 --- a/src/core/oauth2-authorize.js +++ b/src/core/oauth2-authorize.js @@ -1,7 +1,7 @@ import win from "core/window" export default function authorize ( auth, authActions, errActions, configs ) { - let { schema, scopes, name, clientId } = auth + let { schema, scopes, name, clientId, clientSecret } = auth let redirectUrl = configs.oauth2RedirectUrl let scopeSeparator = " " @@ -34,14 +34,37 @@ export default function authorize ( auth, authActions, errActions, configs ) { + "&state=" + encodeURIComponent(state) + "&client_id=" + encodeURIComponent(clientId) - // pass action authorizeOauth2 and authentication data through window - // to authorize with oauth2 - win.swaggerUIRedirectOauth2 = { - auth: auth, - state: state, - callback: authActions.preAuthorizeOauth2, - errCb: errActions.newAuthErr - } + console.log(flow); + if (flow === "application") { + fetch(schema.get("tokenUrl"), { + method: 'post', headers: { + 'Accept':'application/json, text/plain, */*', + 'Content-Type': 'application/x-www-form-urlencoded' + }, + body: "grant_type=client_credentials" + + "&client_id=" + encodeURIComponent(clientId) + + "&client_secret=" + encodeURIComponent(clientSecret) + + "&scope=" + encodeURIComponent(scopes.join(scopeSeparator)) + }) + .then(function (response) { + response.json() + .then(function (json){ + console.log(json.access_token); + }); + }) + .catch (function (error) { + console.log('POST Request failed', error); + }); + } else { + // pass action authorizeOauth2 and authentication data through window + // to authorize with oauth2 + win.swaggerUIRedirectOauth2 = { + auth: auth, + state: state, + callback: authActions.preAuthorizeOauth2, + errCb: errActions.newAuthErr + } - win.open(url) + win.open(url) + } } From 823dcf0fd75b7f0225f6cf0c96a73a923a1ed030 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Wed, 5 Apr 2017 20:16:34 +0200 Subject: [PATCH 2/8] Authenticate Application/client_credentials flow --- src/core/oauth2-authorize.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/oauth2-authorize.js b/src/core/oauth2-authorize.js index 7e58143c..18f92985 100644 --- a/src/core/oauth2-authorize.js +++ b/src/core/oauth2-authorize.js @@ -49,7 +49,7 @@ export default function authorize ( auth, authActions, errActions, configs ) { .then(function (response) { response.json() .then(function (json){ - console.log(json.access_token); + authActions.authorizeOauth2( { auth, token: json } ); }); }) .catch (function (error) { From ae33b7f46a3fb89a7b702e7735db84c0754fb6ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Wed, 5 Apr 2017 15:53:26 +0200 Subject: [PATCH 3/8] Implement application/client_credentials flow --- src/core/components/auth/oauth2.jsx | 6 +- src/core/components/auth/oauth2.jsx.orig | 218 +++++++++++++++++++++++ src/core/oauth2-authorize.js | 43 +++-- 3 files changed, 254 insertions(+), 13 deletions(-) create mode 100644 src/core/components/auth/oauth2.jsx.orig diff --git a/src/core/components/auth/oauth2.jsx b/src/core/components/auth/oauth2.jsx index 48fe946e..ec24eb01 100644 --- a/src/core/components/auth/oauth2.jsx +++ b/src/core/components/auth/oauth2.jsx @@ -145,7 +145,7 @@ export default class Oauth2 extends React.Component { } { - ( flow === IMPLICIT || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && + ( flow === APPLICATION || flow === IMPLICIT || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && ( !isAuthorized || isAuthorized && this.state.clientId) && @@ -159,7 +159,7 @@ export default class Oauth2 extends React.Component { } { - ( flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && + ( flow === APPLICATION || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && { @@ -205,7 +205,7 @@ export default class Oauth2 extends React.Component { } ) }
- { isValid && flow !== APPLICATION && + { isValid && ( isAuthorized ? : ) diff --git a/src/core/components/auth/oauth2.jsx.orig b/src/core/components/auth/oauth2.jsx.orig new file mode 100644 index 00000000..48fe946e --- /dev/null +++ b/src/core/components/auth/oauth2.jsx.orig @@ -0,0 +1,218 @@ +import React, { PropTypes } from "react" +import oauth2Authorize from "core/oauth2-authorize" + +const IMPLICIT = "implicit" +const ACCESS_CODE = "accessCode" +const PASSWORD = "password" +const APPLICATION = "application" + +export default class Oauth2 extends React.Component { + static propTypes = { + name: PropTypes.string, + authorized: PropTypes.object, + getComponent: PropTypes.func.isRequired, + schema: PropTypes.object.isRequired, + authSelectors: PropTypes.object.isRequired, + authActions: PropTypes.object.isRequired, + errSelectors: PropTypes.object.isRequired, + errActions: PropTypes.object.isRequired, + getConfigs: PropTypes.any + } + + constructor(props, context) { + super(props, context) + let { name, schema, authorized } = this.props + let auth = authorized && authorized.get(name) + let username = auth && auth.get("username") || "" + let clientId = auth && auth.get("clientId") || "" + let clientSecret = auth && auth.get("clientSecret") || "" + let passwordType = auth && auth.get("passwordType") || "none" + + this.state = { + name: name, + schema: schema, + scopes: [], + clientId: clientId, + clientSecret: clientSecret, + username: username, + password: "", + passwordType: passwordType + } + } + + authorize =() => { + let { authActions, errActions, getConfigs } = this.props + let configs = getConfigs() + + errActions.clear({authId: name,type: "auth", source: "auth"}) + oauth2Authorize(this.state, authActions, errActions, configs) + } + + onScopeChange =(e) => { + let { target } = e + let { checked } = target + let scope = target.dataset.value + + if ( checked && this.state.scopes.indexOf(scope) === -1 ) { + let newScopes = this.state.scopes.concat([scope]) + this.setState({ scopes: newScopes }) + } else if ( !checked && this.state.scopes.indexOf(scope) > -1) { + this.setState({ scopes: this.state.scopes.filter((val) => val !== scope) }) + } + } + + onInputChange =(e) => { + let { target : { dataset : { name }, value } } = e + let state = { + [name]: value + } + + this.setState(state) + } + + logout =(e) => { + e.preventDefault() + let { authActions, errActions, name } = this.props + + errActions.clear({authId: name, type: "auth", source: "auth"}) + authActions.logout([ name ]) + } + + render() { + let { schema, getComponent, authSelectors, errSelectors, name } = this.props + const Input = getComponent("Input") + const Row = getComponent("Row") + const Col = getComponent("Col") + const Button = getComponent("Button") + const AuthError = getComponent("authError") + const JumpToPath = getComponent("JumpToPath", true) + const Markdown = getComponent( "Markdown" ) + + let flow = schema.get("flow") + let scopes = schema.get("allowedScopes") || schema.get("scopes") + let authorizedAuth = authSelectors.authorized().get(name) + let isAuthorized = !!authorizedAuth + let errors = errSelectors.allErrors().filter( err => err.get("authId") === name) + let isValid = !errors.filter( err => err.get("source") === "validation").size + + return ( +
+

OAuth2.0

+ + + { isAuthorized &&
Authorized
} + + { ( flow === IMPLICIT || flow === ACCESS_CODE ) &&

Authorization URL: { schema.get("authorizationUrl") }

} + { ( flow === PASSWORD || flow === ACCESS_CODE || flow === APPLICATION ) &&

Token URL: { schema.get("tokenUrl") }

} +

Flow: { schema.get("flow") }

+ + { + flow === PASSWORD && ( !isAuthorized || isAuthorized && this.state.username) && + username: + + { + isAuthorized ? { this.state.username } + : + } + + + } + + { + flow === PASSWORD && !isAuthorized && + password: + + + + + } + + { + flow === PASSWORD && + type: + + { + isAuthorized ? { this.state.passwordType } + : + } + + + } + + { + ( flow === IMPLICIT || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && + ( !isAuthorized || isAuthorized && this.state.clientId) && + + + { + isAuthorized ? { this.state.clientId } + : + } + + + } + + { + ( flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && + + + { + isAuthorized ? { this.state.clientSecret } + : + } + + + } + + { + !isAuthorized && scopes && scopes.size ?
+

Scopes:

+ { scopes.map((description, name) => { + return ( + +
+ + +
+ + ) + }).toArray() + } +
: null + } + + { + errors.valueSeq().map( (error, key) => { + return + } ) + } +
+ { isValid && flow !== APPLICATION && + ( isAuthorized ? + : + ) + } +
+ +
+ ) + } +} diff --git a/src/core/oauth2-authorize.js b/src/core/oauth2-authorize.js index d02b8122..18f92985 100644 --- a/src/core/oauth2-authorize.js +++ b/src/core/oauth2-authorize.js @@ -1,7 +1,7 @@ import win from "core/window" export default function authorize ( auth, authActions, errActions, configs ) { - let { schema, scopes, name, clientId } = auth + let { schema, scopes, name, clientId, clientSecret } = auth let redirectUrl = configs.oauth2RedirectUrl let scopeSeparator = " " @@ -34,14 +34,37 @@ export default function authorize ( auth, authActions, errActions, configs ) { + "&state=" + encodeURIComponent(state) + "&client_id=" + encodeURIComponent(clientId) - // pass action authorizeOauth2 and authentication data through window - // to authorize with oauth2 - win.swaggerUIRedirectOauth2 = { - auth: auth, - state: state, - callback: authActions.preAuthorizeOauth2, - errCb: errActions.newAuthErr - } + console.log(flow); + if (flow === "application") { + fetch(schema.get("tokenUrl"), { + method: 'post', headers: { + 'Accept':'application/json, text/plain, */*', + 'Content-Type': 'application/x-www-form-urlencoded' + }, + body: "grant_type=client_credentials" + + "&client_id=" + encodeURIComponent(clientId) + + "&client_secret=" + encodeURIComponent(clientSecret) + + "&scope=" + encodeURIComponent(scopes.join(scopeSeparator)) + }) + .then(function (response) { + response.json() + .then(function (json){ + authActions.authorizeOauth2( { auth, token: json } ); + }); + }) + .catch (function (error) { + console.log('POST Request failed', error); + }); + } else { + // pass action authorizeOauth2 and authentication data through window + // to authorize with oauth2 + win.swaggerUIRedirectOauth2 = { + auth: auth, + state: state, + callback: authActions.preAuthorizeOauth2, + errCb: errActions.newAuthErr + } - win.open(url) + win.open(url) + } } From ec1ba7a124f69ec221d7562a338c37f3248f4ef5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Thu, 6 Apr 2017 06:08:52 +0200 Subject: [PATCH 4/8] fix most lint errors --- src/core/oauth2-authorize.js | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/src/core/oauth2-authorize.js b/src/core/oauth2-authorize.js index 18f92985..d905de4e 100644 --- a/src/core/oauth2-authorize.js +++ b/src/core/oauth2-authorize.js @@ -34,12 +34,11 @@ export default function authorize ( auth, authActions, errActions, configs ) { + "&state=" + encodeURIComponent(state) + "&client_id=" + encodeURIComponent(clientId) - console.log(flow); if (flow === "application") { fetch(schema.get("tokenUrl"), { - method: 'post', headers: { - 'Accept':'application/json, text/plain, */*', - 'Content-Type': 'application/x-www-form-urlencoded' + method: "post", headers: { + "Accept":"application/json, text/plain, */*", + "Content-Type": "application/x-www-form-urlencoded" }, body: "grant_type=client_credentials" + "&client_id=" + encodeURIComponent(clientId) + @@ -49,12 +48,12 @@ export default function authorize ( auth, authActions, errActions, configs ) { .then(function (response) { response.json() .then(function (json){ - authActions.authorizeOauth2( { auth, token: json } ); - }); + authActions.authorizeOauth2({ auth, token: json }) + }) }) .catch (function (error) { - console.log('POST Request failed', error); - }); + console.log("POST Request failed", error) + }) } else { // pass action authorizeOauth2 and authentication data through window // to authorize with oauth2 From a4500d1763730148f05426141daf0801f3e1a282 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Thu, 6 Apr 2017 08:03:36 +0200 Subject: [PATCH 5/8] fix error handling --- src/core/oauth2-authorize.js | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/core/oauth2-authorize.js b/src/core/oauth2-authorize.js index d905de4e..790fa2ef 100644 --- a/src/core/oauth2-authorize.js +++ b/src/core/oauth2-authorize.js @@ -46,14 +46,22 @@ export default function authorize ( auth, authActions, errActions, configs ) { "&scope=" + encodeURIComponent(scopes.join(scopeSeparator)) }) .then(function (response) { - response.json() - .then(function (json){ - authActions.authorizeOauth2({ auth, token: json }) - }) - }) - .catch (function (error) { - console.log("POST Request failed", error) + if ( !response.ok ) { + errActions.newAuthErr( { + authId: name, + level: "error", + source: "auth", + message: response.statusText + } ) + return + } else { + response.json() + .then(function (json){ + authActions.authorizeOauth2({ auth, token: json}) + }) + } }) + .catch(err => { errActions.newAuthErr( err ) }) } else { // pass action authorizeOauth2 and authentication data through window // to authorize with oauth2 From 593e8de4c8e15d61fbe19611d34195fc1b6ccefc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Thu, 6 Apr 2017 08:17:39 +0200 Subject: [PATCH 6/8] fix rm unintentieonaly staged file --- src/core/components/auth/oauth2.jsx.orig | 218 ----------------------- 1 file changed, 218 deletions(-) delete mode 100644 src/core/components/auth/oauth2.jsx.orig diff --git a/src/core/components/auth/oauth2.jsx.orig b/src/core/components/auth/oauth2.jsx.orig deleted file mode 100644 index 48fe946e..00000000 --- a/src/core/components/auth/oauth2.jsx.orig +++ /dev/null @@ -1,218 +0,0 @@ -import React, { PropTypes } from "react" -import oauth2Authorize from "core/oauth2-authorize" - -const IMPLICIT = "implicit" -const ACCESS_CODE = "accessCode" -const PASSWORD = "password" -const APPLICATION = "application" - -export default class Oauth2 extends React.Component { - static propTypes = { - name: PropTypes.string, - authorized: PropTypes.object, - getComponent: PropTypes.func.isRequired, - schema: PropTypes.object.isRequired, - authSelectors: PropTypes.object.isRequired, - authActions: PropTypes.object.isRequired, - errSelectors: PropTypes.object.isRequired, - errActions: PropTypes.object.isRequired, - getConfigs: PropTypes.any - } - - constructor(props, context) { - super(props, context) - let { name, schema, authorized } = this.props - let auth = authorized && authorized.get(name) - let username = auth && auth.get("username") || "" - let clientId = auth && auth.get("clientId") || "" - let clientSecret = auth && auth.get("clientSecret") || "" - let passwordType = auth && auth.get("passwordType") || "none" - - this.state = { - name: name, - schema: schema, - scopes: [], - clientId: clientId, - clientSecret: clientSecret, - username: username, - password: "", - passwordType: passwordType - } - } - - authorize =() => { - let { authActions, errActions, getConfigs } = this.props - let configs = getConfigs() - - errActions.clear({authId: name,type: "auth", source: "auth"}) - oauth2Authorize(this.state, authActions, errActions, configs) - } - - onScopeChange =(e) => { - let { target } = e - let { checked } = target - let scope = target.dataset.value - - if ( checked && this.state.scopes.indexOf(scope) === -1 ) { - let newScopes = this.state.scopes.concat([scope]) - this.setState({ scopes: newScopes }) - } else if ( !checked && this.state.scopes.indexOf(scope) > -1) { - this.setState({ scopes: this.state.scopes.filter((val) => val !== scope) }) - } - } - - onInputChange =(e) => { - let { target : { dataset : { name }, value } } = e - let state = { - [name]: value - } - - this.setState(state) - } - - logout =(e) => { - e.preventDefault() - let { authActions, errActions, name } = this.props - - errActions.clear({authId: name, type: "auth", source: "auth"}) - authActions.logout([ name ]) - } - - render() { - let { schema, getComponent, authSelectors, errSelectors, name } = this.props - const Input = getComponent("Input") - const Row = getComponent("Row") - const Col = getComponent("Col") - const Button = getComponent("Button") - const AuthError = getComponent("authError") - const JumpToPath = getComponent("JumpToPath", true) - const Markdown = getComponent( "Markdown" ) - - let flow = schema.get("flow") - let scopes = schema.get("allowedScopes") || schema.get("scopes") - let authorizedAuth = authSelectors.authorized().get(name) - let isAuthorized = !!authorizedAuth - let errors = errSelectors.allErrors().filter( err => err.get("authId") === name) - let isValid = !errors.filter( err => err.get("source") === "validation").size - - return ( -
-

OAuth2.0

- - - { isAuthorized &&
Authorized
} - - { ( flow === IMPLICIT || flow === ACCESS_CODE ) &&

Authorization URL: { schema.get("authorizationUrl") }

} - { ( flow === PASSWORD || flow === ACCESS_CODE || flow === APPLICATION ) &&

Token URL: { schema.get("tokenUrl") }

} -

Flow: { schema.get("flow") }

- - { - flow === PASSWORD && ( !isAuthorized || isAuthorized && this.state.username) && - username: - - { - isAuthorized ? { this.state.username } - : - } - - - } - - { - flow === PASSWORD && !isAuthorized && - password: - - - - - } - - { - flow === PASSWORD && - type: - - { - isAuthorized ? { this.state.passwordType } - : - } - - - } - - { - ( flow === IMPLICIT || flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && - ( !isAuthorized || isAuthorized && this.state.clientId) && - - - { - isAuthorized ? { this.state.clientId } - : - } - - - } - - { - ( flow === ACCESS_CODE || ( flow === PASSWORD && this.state.passwordType!== "none") ) && - - - { - isAuthorized ? { this.state.clientSecret } - : - } - - - } - - { - !isAuthorized && scopes && scopes.size ?
-

Scopes:

- { scopes.map((description, name) => { - return ( - -
- - -
- - ) - }).toArray() - } -
: null - } - - { - errors.valueSeq().map( (error, key) => { - return - } ) - } -
- { isValid && flow !== APPLICATION && - ( isAuthorized ? - : - ) - } -
- -
- ) - } -} From 4066d1920ee48cccd0eaa10e112901ba766de25f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Thu, 6 Apr 2017 13:08:23 +0200 Subject: [PATCH 7/8] move out the code according @bodnia guide --- src/core/oauth2-authorize.js | 55 +++++++++----------------------- src/core/plugins/auth/actions.js | 32 +++++++++++++++++++ 2 files changed, 47 insertions(+), 40 deletions(-) diff --git a/src/core/oauth2-authorize.js b/src/core/oauth2-authorize.js index 790fa2ef..d8babd95 100644 --- a/src/core/oauth2-authorize.js +++ b/src/core/oauth2-authorize.js @@ -1,7 +1,7 @@ import win from "core/window" export default function authorize ( auth, authActions, errActions, configs ) { - let { schema, scopes, name, clientId, clientSecret } = auth + let { schema, scopes, name, clientId } = auth let redirectUrl = configs.oauth2RedirectUrl let scopeSeparator = " " @@ -14,6 +14,11 @@ export default function authorize ( auth, authActions, errActions, configs ) { return } + if (flow === "application") { + authActions.authorizeOauth2Application(auth) + return + } + // todo move to parser if ( !redirectUrl ) { errActions.newAuthErr( { @@ -34,44 +39,14 @@ export default function authorize ( auth, authActions, errActions, configs ) { + "&state=" + encodeURIComponent(state) + "&client_id=" + encodeURIComponent(clientId) - if (flow === "application") { - fetch(schema.get("tokenUrl"), { - method: "post", headers: { - "Accept":"application/json, text/plain, */*", - "Content-Type": "application/x-www-form-urlencoded" - }, - body: "grant_type=client_credentials" + - "&client_id=" + encodeURIComponent(clientId) + - "&client_secret=" + encodeURIComponent(clientSecret) + - "&scope=" + encodeURIComponent(scopes.join(scopeSeparator)) - }) - .then(function (response) { - if ( !response.ok ) { - errActions.newAuthErr( { - authId: name, - level: "error", - source: "auth", - message: response.statusText - } ) - return - } else { - response.json() - .then(function (json){ - authActions.authorizeOauth2({ auth, token: json}) - }) - } - }) - .catch(err => { errActions.newAuthErr( err ) }) - } else { - // pass action authorizeOauth2 and authentication data through window - // to authorize with oauth2 - win.swaggerUIRedirectOauth2 = { - auth: auth, - state: state, - callback: authActions.preAuthorizeOauth2, - errCb: errActions.newAuthErr - } - - win.open(url) + // pass action authorizeOauth2 and authentication data through window + // to authorize with oauth2 + win.swaggerUIRedirectOauth2 = { + auth: auth, + state: state, + callback: authActions.preAuthorizeOauth2, + errCb: errActions.newAuthErr } + + win.open(url) } diff --git a/src/core/plugins/auth/actions.js b/src/core/plugins/auth/actions.js index 79cd2a40..57d84550 100644 --- a/src/core/plugins/auth/actions.js +++ b/src/core/plugins/auth/actions.js @@ -119,3 +119,35 @@ export const authorizePassword = ( auth ) => ( { fn, authActions, errActions } ) }) .catch(err => { errActions.newAuthErr( err ) }) } + +export const authorizeOauth2Application = ( auth ) => ( { authActions, errActions } ) => { + let { schema, scopes, name, clientId, clientSecret } = auth + + fetch(schema.get("tokenUrl"), { + method: "post", headers: { + "Accept":"application/json, text/plain, */*", + "Content-Type": "application/x-www-form-urlencoded" + }, + body: "grant_type=client_credentials" + + "&client_id=" + encodeURIComponent(clientId) + + "&client_secret=" + encodeURIComponent(clientSecret) + + "&scope=" + encodeURIComponent(scopes.join(scopeSeparator)) + }) + .then(function (response) { + if ( !response.ok ) { + errActions.newAuthErr( { + authId: name, + level: "error", + source: "auth", + message: response.statusText + } ) + return + } else { + response.json() + .then(function (json){ + authActions.authorizeOauth2({ auth, token: json}) + }) + } + }) + .catch(err => { errActions.newAuthErr( err ) }) +} From 81abe37a3115beeed1d155cfba3b237cc1d82d2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Thu, 6 Apr 2017 14:46:04 +0200 Subject: [PATCH 8/8] add fn.fetch instead of native fetch --- src/core/plugins/auth/actions.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/plugins/auth/actions.js b/src/core/plugins/auth/actions.js index 57d84550..8e00d392 100644 --- a/src/core/plugins/auth/actions.js +++ b/src/core/plugins/auth/actions.js @@ -120,10 +120,10 @@ export const authorizePassword = ( auth ) => ( { fn, authActions, errActions } ) .catch(err => { errActions.newAuthErr( err ) }) } -export const authorizeOauth2Application = ( auth ) => ( { authActions, errActions } ) => { +export const authorizeOauth2Application = ( auth ) => ( { fn, authActions, errActions } ) => { let { schema, scopes, name, clientId, clientSecret } = auth - fetch(schema.get("tokenUrl"), { + fn.fetch(schema.get("tokenUrl"), { method: "post", headers: { "Accept":"application/json, text/plain, */*", "Content-Type": "application/x-www-form-urlencoded"