Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement OAuth2 password flow #2397

Merged
merged 3 commits into from
Dec 6, 2016
Merged

Implement OAuth2 password flow #2397

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7cdf83a
Implement OAuth2 password flow
MugeSo Sep 10, 2016
f2a1caa
Add validation for oauth password flow
MugeSo Nov 12, 2016
3494d44
Implement OAuth2 client authentication for password and application flow
MugeSo Nov 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 37 additions & 9 deletions src/main/javascript/view/AuthView.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,13 @@ SwaggerUi.Views.AuthView = Backbone.View.extend({
else if(auth.get('type') === 'oauth2' && flow && (flow === 'application')) {
dets = auth.attributes;
container.tokenName = dets.tokenName || 'access_token';
this.clientCredentialsFlow(scopes, dets.tokenUrl, container.OAuthSchemeKey);
this.clientCredentialsFlow(scopes, dets, container.OAuthSchemeKey);
return;
}
else if(auth.get('type') === 'oauth2' && flow && (flow === 'password')) {
dets = auth.attributes;
container.tokenName = dets.tokenName || 'access_token';
this.passwordFlow(scopes, dets, container.OAuthSchemeKey);
return;
}
else if(auth.get('grantTypes')) {
Expand Down Expand Up @@ -156,17 +162,40 @@ SwaggerUi.Views.AuthView = Backbone.View.extend({
},

// taken from lib/swagger-oauth.js
clientCredentialsFlow: function (scopes, tokenUrl, OAuthSchemeKey) {
var params = {
'client_id': clientId,
'client_secret': clientSecret,
clientCredentialsFlow: function (scopes, oauth, OAuthSchemeKey) {
this.accessTokenRequest(scopes, oauth, OAuthSchemeKey, 'client_credentials');
},

passwordFlow: function (scopes, oauth, OAuthSchemeKey) {
this.accessTokenRequest(scopes, oauth, OAuthSchemeKey, 'password', {
'username': oauth.username,
'password': oauth.password
});
},

accessTokenRequest: function (scopes, oauth, OAuthSchemeKey, grantType, params) {
params = $.extend({}, {
'scope': scopes.join(' '),
'grant_type': 'client_credentials'
};
'grant_type': grantType
}, params);

var headers= {};

switch (oauth.clientAuthenticationType) {
case 'basic':
headers.Authorization = 'Basic ' + btoa(oauth.clientId + ':' + oauth.clientSecret);
break;
case 'request-body':
params.client_id = oauth.clientId;
params.client_secret = oauth.clientSecret;
break;
}

$.ajax({
url : tokenUrl,
url : oauth.tokenUrl,
type: 'POST',
data: params,
headers: headers,
success: function (data)
{
onOAuthComplete(data, OAuthSchemeKey);
Expand All @@ -177,5 +206,4 @@ SwaggerUi.Views.AuthView = Backbone.View.extend({
}
});
}

});
21 changes: 20 additions & 1 deletion src/main/javascript/view/Oauth2Model.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@

SwaggerUi.Models.Oauth2Model = Backbone.Model.extend({
defaults: {
scopes: {}
scopes: {},
isPasswordFlow: false,
clientAuthenticationType: 'none'
Copy link

@frol frol Nov 24, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this default be configurable? In fact, I would love to have it configured to be Basic by default as it is what the RFC describes.

},

initialize: function () {
Expand All @@ -19,6 +21,13 @@ SwaggerUi.Models.Oauth2Model = Backbone.Model.extend({
attributes.scopes = scopes;
this.attributes = attributes;
}

if (this.attributes && this.attributes.flow) {
var flow = this.attributes.flow;
this.set('isPasswordFlow', flow === 'password');
this.set('requireClientAuthentication', flow === 'application');
this.set('clientAuthentication', flow === 'password' || flow === 'application');
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems to me that clientAuthentication should be available in every OAuth2 Flow.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's advisable what you say.
But, this PR does not support client authentication for other flows.
I add client authentication just to make password flow usable.
I just want to merge password-flow implementation quickly!!

}
this.on('change', this.validate);
},

Expand All @@ -35,6 +44,16 @@ SwaggerUi.Models.Oauth2Model = Backbone.Model.extend({

validate: function () {
var valid = false;
if (this.get('isPasswordFlow') &&
(!this.get('username'))) {
return false;
}

if (this.get('clientAuthenticationType') in ['basic', 'request-body'] &&
(!this.get('clientId'))) {
return false;
}

var scp = this.get('scopes');
var idx = _.findIndex(scp, function (o) {
return o.checked === true;
Expand Down
63 changes: 62 additions & 1 deletion src/main/javascript/view/Oauth2View.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,20 @@

SwaggerUi.Views.Oauth2View = Backbone.View.extend({
events: {
'change .oauth-scope': 'scopeChange'
'change .oauth-scope': 'scopeChange',
'change .oauth-username': 'setUsername',
'change .oauth-password': 'setPassword',
'change .oauth-client-authentication-type': 'setClientAuthenticationType',
'change .oauth-client-id': 'setClientId',
'change .oauth-client-secret': 'setClientSecret'
},

template: Handlebars.templates.oauth2,

cls: {
error: 'error'
},

render: function () {
this.$el.html(this.template(this.model.toJSON()));

Expand All @@ -18,5 +27,57 @@ SwaggerUi.Views.Oauth2View = Backbone.View.extend({
var scope = $(e.target).data('scope');

this.model.setScopes(scope, val);
},

setUsername: function (e) {
var val= $(e.target).val();
this.model.set('username', val);
if (val) {
$(e.target).removeClass(this.cls.error);
}
},

setPassword: function (e) {
this.model.set('password', $(e.target).val());
},

setClientAuthenticationType: function (e) {
var type = $(e.target).val();
var $el = this.$el;
this.model.set('clientAuthenticationType', type);

switch(type) {
case 'none':
$el.find('.oauth-client-authentication').hide();
break;
case 'basic':
case 'request-body':
$el.find('.oauth-client-id').removeClass(this.cls.error);
$el.find('.oauth-client-authentication').show();
break;
}
},

setClientId: function (e) {
var val = $(e.target).val();
this.model.set('clientId', val);
if (val) {
$(e.target).removeClass(this.cls.error);
}
},

setClientSecret: function (e) {
this.model.set('clientSecret', $(e.target).val());
$(e.target).removeClass('error');
},

highlightInvalid: function () {
if (!this.model.get('username')) {
this.$el.find('.oauth-username').addClass(this.cls.error);
}

if (!this.model.get('clientId')) {
this.$el.find('.oauth-client-id').addClass(this.cls.error);
}
}
});
5 changes: 5 additions & 0 deletions src/main/less/auth.less
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,4 +201,9 @@
}

.api-popup-actions { padding-top: 10px; }

fieldset {
padding-bottom: 10px;
padding-left: 20px;
}
}
32 changes: 28 additions & 4 deletions src/main/template/oauth2.handlebars
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,36 @@
<div>
<h3 class="auth__title">Select OAuth2.0 Scopes</h3>
<h3 class="auth__title">OAuth2.0</h3>
<p>{{{sanitize description}}}</p>
{{#if authorizationUrl}}<p>Authorization URL: {{{sanitize authorizationUrl}}}</p>{{/if}}
{{#if tokenUrl}}<p>Token URL: {{{sanitize tokenUrl}}}</p>{{/if}}
<p>flow: {{{escape flow}}}</p>
{{#if isPasswordFlow}}
<p>Please input username and password for password flow authorization</p>
<fieldset>
<div><label>Username: <input class="oauth-username" type="text" name="username"></label></div>
<div><label>Password: <input class="oauth-password" type="password" name="password"></label></div>
</fieldset>
{{/if}}
{{#if clientAuthentication}}
<p>Setup client authentication.{{#if requireClientAuthenticaiton}}(Required){{/if}}</p>
<fieldset>
<div><label>Type:
<select class="oauth-client-authentication-type" name="client-authentication-type">
<option value="none" selected>None or other</option>
<option value="basic">Basic auth</option>
<option value="request-body">Request body</option>
</select>
</label></div>
<div class="oauth-client-authentication" hidden>
<div><label>ClientId: <input class="oauth-client-id" type="text" name="client-id"></label></div>
<div><label>Secret: <input class="oauth-client-secret" type="text" name="client-secret"></label></div>
</div>
</fieldset>
{{/if}}
<p><strong> {{{escape appName}}} </strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>
<p>Scopes are used to grant an application different levels of access to data on behalf of the end user. Each API may declare one or more scopes.
<a href="#">Learn how to use</a>
</p>
<p><strong> {{{escape appName}}} </strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>
<p>Authorization URL: {{{sanitize authorizationUrl}}}</p>
<p>flow: {{{escape flow}}}</p>
<ul class="api-popup-scopes">
{{#each scopes}}
<li>
Expand Down