Mercurial > gemma
comparison api/server/ui/oauth2-redirect.html @ 169:9fcfccb18b16
feat: Added draft version of API specification for server
Open API specification available under /api/server
UI version served with yarn swagger from client folder - port 5000
| author | Thomas Junk <thomas.junk@intevation.de> |
|---|---|
| date | Tue, 10 Jul 2018 10:36:50 +0200 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 168:e4e4a0e6338e | 169:9fcfccb18b16 |
|---|---|
| 1 <!doctype html> | |
| 2 <html lang="en-US"> | |
| 3 <body onload="run()"> | |
| 4 </body> | |
| 5 </html> | |
| 6 <script> | |
| 7 'use strict'; | |
| 8 function run () { | |
| 9 var oauth2 = window.opener.swaggerUIRedirectOauth2; | |
| 10 var sentState = oauth2.state; | |
| 11 var redirectUrl = oauth2.redirectUrl; | |
| 12 var isValid, qp, arr; | |
| 13 | |
| 14 if (/code|token|error/.test(window.location.hash)) { | |
| 15 qp = window.location.hash.substring(1); | |
| 16 } else { | |
| 17 qp = location.search.substring(1); | |
| 18 } | |
| 19 | |
| 20 arr = qp.split("&") | |
| 21 arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';}) | |
| 22 qp = qp ? JSON.parse('{' + arr.join() + '}', | |
| 23 function (key, value) { | |
| 24 return key === "" ? value : decodeURIComponent(value) | |
| 25 } | |
| 26 ) : {} | |
| 27 | |
| 28 isValid = qp.state === sentState | |
| 29 | |
| 30 if (( | |
| 31 oauth2.auth.schema.get("flow") === "accessCode"|| | |
| 32 oauth2.auth.schema.get("flow") === "authorizationCode" | |
| 33 ) && !oauth2.auth.code) { | |
| 34 if (!isValid) { | |
| 35 oauth2.errCb({ | |
| 36 authId: oauth2.auth.name, | |
| 37 source: "auth", | |
| 38 level: "warning", | |
| 39 message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server" | |
| 40 }); | |
| 41 } | |
| 42 | |
| 43 if (qp.code) { | |
| 44 delete oauth2.state; | |
| 45 oauth2.auth.code = qp.code; | |
| 46 oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl}); | |
| 47 } else { | |
| 48 let oauthErrorMsg | |
| 49 if (qp.error) { | |
| 50 oauthErrorMsg = "["+qp.error+"]: " + | |
| 51 (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") + | |
| 52 (qp.error_uri ? "More info: "+qp.error_uri : ""); | |
| 53 } | |
| 54 | |
| 55 oauth2.errCb({ | |
| 56 authId: oauth2.auth.name, | |
| 57 source: "auth", | |
| 58 level: "error", | |
| 59 message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server" | |
| 60 }); | |
| 61 } | |
| 62 } else { | |
| 63 oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl}); | |
| 64 } | |
| 65 window.close(); | |
| 66 } | |
| 67 </script> |