Changeset 4959 for trunk


Ignore:
Timestamp:
Jan 28, 2015 6:08:52 PM (5 years ago)
Author:
mmc
Message:

Updated XAuth library to support authentication via the session_num
and session_token in the "resources" configuration file--without
having to supply a username and password. That way, all tools can
access web services without bothering the user.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/lang/tcl/scripts/xauth.tcl

    r4660 r4959  
    1111#    set clientSecret [XAuth::credentials get nanoHUB.org -secret]
    1212#
    13 #    XAuth::init $site $clientToken $clientSecret $username $password
     13#    XAuth::init $site $clientToken $clientSecret -user $username $password
    1414#    XAuth::call $site $method $params
    1515#
     
    2020# ======================================================================
    2121#  AUTHOR:  Michael McLennan, Purdue University
    22 #  Copyright (c) 2004-2013  HUBzero Foundation, LLC
     22#  Copyright (c) 2004-2015  HUBzero Foundation, LLC
    2323#
    2424#  See the file "license.terms" for information on usage and
     
    287287
    288288# ----------------------------------------------------------------------
    289 # USAGE: XAuth::init <site> <clientToken> <clientSecret> <username> <password>
    290 #
    291 # Should be called to initialize this library.  Sends the <username>
    292 # and <password> to the <site> for authentication.  The <client> ID
    293 # is registered with the OAuth provider to identify the application.
     289# USAGE: XAuth::init <site> <clientToken> <clientSecret> -user <u> <p>
     290# USAGE: XAuth::init <site> <clientToken> <clientSecret> -session <n> <t>
     291#
     292# Should be called to initialize this library.  Can be initialized
     293# one of two ways:
     294#
     295#   -user <u> <p> ...... sends username <u> and password <p>
     296#   -session <n> <t> ... sends tool session number <n> and token <t>
     297#
     298# Sends the credentials to the <site> for authentication.  The client
     299# token and secret are registered to identify the application.
    294300# If successful, this call stores an authenticated session token in
    295301# the tokens array for the <site> URL.  Subsequent calls to XAuth::call
    296302# use this token to identify the user.
    297303# ----------------------------------------------------------------------
    298 proc XAuth::init {site clientToken clientSecret uname passw} {
     304proc XAuth::init {site clientToken clientSecret args} {
    299305    variable clients
    300306    variable tokens
     307
     308    set option [lindex $args 0]
     309    switch -- $option {
     310        -user {
     311            if {[llength $args] != 3} {
     312                error "wrong # args: should be \"-user name password\""
     313            }
     314            set uname [lindex $args 1]
     315            set passw [lindex $args 2]
     316        }
     317        -session {
     318            if {[llength $args] != 3} {
     319                error "wrong # args: should be \"-session number token\""
     320            }
     321            set snum [lindex $args 1]
     322            set stok [lindex $args 2]
     323
     324            # store session info for later -- no need for oauth stuff
     325            set tokens($site) [list session $snum $stok]
     326            set clients($site) [list $clientToken $clientSecret]
     327            return
     328        }
     329        default {
     330            if {[llength $args] != 2} {
     331                error "wrong # args: should be \"XAuth::init site token secret ?-option? arg arg\""
     332            }
     333            set uname [lindex $args 0]
     334            set passw [lindex $args 1]
     335        }
     336    }
    301337
    302338    if {![regexp {^https://} $site]} {
     
    360396
    361397    # success! store the session token for later
    362     set tokens($site) [list $got(oauth_token) $got(oauth_token_secret)]
     398    set tokens($site) [list oauth $got(oauth_token) $got(oauth_token_secret)]
    363399    set clients($site) [list $clientToken $clientSecret]
    364400}
     
    385421    }
    386422    foreach {clientToken clientSecret} $clients($site) break
    387     foreach {userToken userSecret} $tokens($site) break
     423    foreach {scheme userToken userSecret} $tokens($site) break
    388424
    389425    set url $site/$method
    390     set nonce [XAuth::nonce]
    391     set tstamp [clock seconds]
    392 
    393     # BE CAREFUL -- put all query parameters in alphabetical order
    394     array set qparams [list \
    395         oauth_consumer_key $clientToken \
    396         oauth_nonce $nonce \
    397         oauth_signature_method "HMAC-SHA1" \
    398         oauth_timestamp $tstamp \
    399         oauth_token $userToken \
    400         oauth_version "1.0" \
    401         x_auth_mode "client_auth" \
    402     ]
    403     array set qparams $params
    404 
    405     set query ""
    406     foreach key [lsort [array names qparams]] {
    407         lappend query $key $qparams($key)
    408     }
    409     set query [eval http::formatQuery $query]
    410 
    411     set base "POST&[urlencode $url]&[urlencode $query]"
    412     set key "$clientSecret&$userSecret"
    413     set sig [urlencode [base64::encode [sha1::hmac -bin -key $key $base]]]
    414 
    415     # build the header and send the request
    416     set auth [format "OAuth oauth_consumer_key=\"%s\", oauth_token=\"%s\", oauth_nonce=\"%s\", oauth_signature_method=\"HMAC-SHA1\", oauth_signature=\"%s\", oauth_timestamp=\"%s\", oauth_version=\"1.0\"" $clientToken $userToken $nonce $sig $tstamp]
    417 
    418     return [XAuth::fetch $url -headers [list Authorization $auth] -query $query]
     426
     427    switch -- $scheme {
     428        oauth {
     429            set nonce [XAuth::nonce]
     430            set tstamp [clock seconds]
     431
     432            # BE CAREFUL -- put all query parameters in alphabetical order
     433            array set qparams [list \
     434                oauth_consumer_key $clientToken \
     435                oauth_nonce $nonce \
     436                oauth_signature_method "HMAC-SHA1" \
     437                oauth_timestamp $tstamp \
     438                oauth_token $userToken \
     439                oauth_version "1.0" \
     440                x_auth_mode "client_auth" \
     441            ]
     442            array set qparams $params
     443
     444            set query ""
     445            foreach key [lsort [array names qparams]] {
     446                lappend query $key $qparams($key)
     447            }
     448            set query [eval http::formatQuery $query]
     449
     450            set base "POST&[urlencode $url]&[urlencode $query]"
     451            set key "$clientSecret&$userSecret"
     452            set sig [urlencode [base64::encode [sha1::hmac -bin -key $key $base]]]
     453
     454            # build the header and send the request
     455            set auth [format "OAuth oauth_consumer_key=\"%s\", oauth_token=\"%s\", oauth_nonce=\"%s\", oauth_signature_method=\"HMAC-SHA1\", oauth_signature=\"%s\", oauth_timestamp=\"%s\", oauth_version=\"1.0\"" $clientToken $userToken $nonce $sig $tstamp]
     456            set hdr [list Authorization $auth]
     457        }
     458        session {
     459            set hdr [list sessionnum $userToken sessiontoken $userSecret]
     460            set query ""
     461            foreach {key val} $params {
     462                lappend query $key $val
     463            }
     464            set query [eval http::formatQuery $query]
     465        }
     466        default {
     467            error "internal error -- don't understand call scheme \"$scheme\""
     468        }
     469    }
     470    return [XAuth::fetch $url -headers $hdr -query $query]
    419471}
    420472
     
    596648    switch -- $option {
    597649        load {
    598             set fname "~/.xauth"
    599650            if {[llength $args] == 1} {
    600651                set fname [lindex $args 0]
    601             } elseif {[llength $args] > 1} {
     652            } elseif {[llength $args] == 0} {
     653                if {[file exists ~/.xauth]} {
     654                    set fname "~/.xauth"
     655                } else {
     656                    set fname ""
     657                }
     658            } else {
    602659                error "wrong # args: should be \"credentials load ?file?\""
    603660            }
    604661
    605             if {![file readable $fname]} {
    606                 error "file \"$fname\" not found"
    607             }
    608             set fid [open $fname r]
    609             set info [read $fid]
    610             close $fid
    611 
    612             if {[catch {$parser eval $info} result]} {
    613                 error "error in sites file \"$fname\": $result"
     662            if {$fname ne ""} {
     663                if {![file readable $fname]} {
     664                    error "file \"$fname\" not found"
     665                }
     666                set fid [open $fname r]
     667                set info [read $fid]
     668                close $fid
     669
     670                if {[catch {$parser eval $info} result]} {
     671                    error "error in sites file \"$fname\": $result"
     672                }
    614673            }
    615674        }
Note: See TracChangeset for help on using the changeset viewer.