Zsolt Haraszti | 9ceb1b8 | 2016-10-01 15:15:18 -0700 | [diff] [blame] | 1 | var appName; |
| 2 | var popupMask; |
| 3 | var popupDialog; |
| 4 | var clientId; |
| 5 | var realm; |
| 6 | var redirect_uri; |
| 7 | var clientSecret; |
| 8 | var scopeSeparator; |
| 9 | var additionalQueryStringParams; |
| 10 | |
| 11 | function handleLogin() { |
| 12 | var scopes = []; |
| 13 | |
| 14 | var auths = window.swaggerUi.api.authSchemes || window.swaggerUi.api.securityDefinitions; |
| 15 | if(auths) { |
| 16 | var key; |
| 17 | var defs = auths; |
| 18 | for(key in defs) { |
| 19 | var auth = defs[key]; |
| 20 | if(auth.type === 'oauth2' && auth.scopes) { |
| 21 | var scope; |
| 22 | if(Array.isArray(auth.scopes)) { |
| 23 | // 1.2 support |
| 24 | var i; |
| 25 | for(i = 0; i < auth.scopes.length; i++) { |
| 26 | scopes.push(auth.scopes[i]); |
| 27 | } |
| 28 | } |
| 29 | else { |
| 30 | // 2.0 support |
| 31 | for(scope in auth.scopes) { |
| 32 | scopes.push({scope: scope, description: auth.scopes[scope], OAuthSchemeKey: key}); |
| 33 | } |
| 34 | } |
| 35 | } |
| 36 | } |
| 37 | } |
| 38 | |
| 39 | if(window.swaggerUi.api |
| 40 | && window.swaggerUi.api.info) { |
| 41 | appName = window.swaggerUi.api.info.title; |
| 42 | } |
| 43 | |
| 44 | $('.api-popup-dialog').remove(); |
| 45 | popupDialog = $( |
| 46 | [ |
| 47 | '<div class="api-popup-dialog">', |
| 48 | '<div class="api-popup-title">Select OAuth2.0 Scopes</div>', |
| 49 | '<div class="api-popup-content">', |
| 50 | '<p>Scopes are used to grant an application different levels of access to data on behalf of the end user. Each API may declare one or more scopes.', |
| 51 | '<a href="#">Learn how to use</a>', |
| 52 | '</p>', |
| 53 | '<p><strong>' + appName + '</strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>', |
| 54 | '<ul class="api-popup-scopes">', |
| 55 | '</ul>', |
| 56 | '<p class="error-msg"></p>', |
| 57 | '<div class="api-popup-actions"><button class="api-popup-authbtn api-button green" type="button">Authorize</button><button class="api-popup-cancel api-button gray" type="button">Cancel</button></div>', |
| 58 | '</div>', |
| 59 | '</div>'].join('')); |
| 60 | $(document.body).append(popupDialog); |
| 61 | |
| 62 | //TODO: only display applicable scopes (will need to pass them into handleLogin) |
| 63 | popup = popupDialog.find('ul.api-popup-scopes').empty(); |
| 64 | for (i = 0; i < scopes.length; i ++) { |
| 65 | scope = scopes[i]; |
| 66 | str = '<li><input type="checkbox" id="scope_' + i + '" scope="' + scope.scope + '"' +'" oauthtype="' + scope.OAuthSchemeKey +'"/>' + '<label for="scope_' + i + '">' + scope.scope ; |
| 67 | if (scope.description) { |
| 68 | if ($.map(auths, function(n, i) { return i; }).length > 1) //if we have more than one scheme, display schemes |
| 69 | str += '<br/><span class="api-scope-desc">' + scope.description + ' ('+ scope.OAuthSchemeKey+')' +'</span>'; |
| 70 | else |
| 71 | str += '<br/><span class="api-scope-desc">' + scope.description + '</span>'; |
| 72 | } |
| 73 | str += '</label></li>'; |
| 74 | popup.append(str); |
| 75 | } |
| 76 | |
| 77 | var $win = $(window), |
| 78 | dw = $win.width(), |
| 79 | dh = $win.height(), |
| 80 | st = $win.scrollTop(), |
| 81 | dlgWd = popupDialog.outerWidth(), |
| 82 | dlgHt = popupDialog.outerHeight(), |
| 83 | top = (dh -dlgHt)/2 + st, |
| 84 | left = (dw - dlgWd)/2; |
| 85 | |
| 86 | popupDialog.css({ |
| 87 | top: (top < 0? 0 : top) + 'px', |
| 88 | left: (left < 0? 0 : left) + 'px' |
| 89 | }); |
| 90 | |
| 91 | popupDialog.find('button.api-popup-cancel').click(function() { |
| 92 | popupMask.hide(); |
| 93 | popupDialog.hide(); |
| 94 | popupDialog.empty(); |
| 95 | popupDialog = []; |
| 96 | }); |
| 97 | |
| 98 | $('button.api-popup-authbtn').unbind(); |
| 99 | popupDialog.find('button.api-popup-authbtn').click(function() { |
| 100 | popupMask.hide(); |
| 101 | popupDialog.hide(); |
| 102 | |
| 103 | var authSchemes = window.swaggerUi.api.authSchemes; |
| 104 | var host = window.location; |
| 105 | var pathname = location.pathname.substring(0, location.pathname.lastIndexOf("/")); |
| 106 | var defaultRedirectUrl = host.protocol + '//' + host.host + pathname + '/o2c.html'; |
| 107 | var redirectUrl = window.oAuthRedirectUrl || defaultRedirectUrl; |
| 108 | var url = null; |
| 109 | var scopes = [] |
| 110 | var o = popup.find('input:checked'); |
| 111 | var OAuthSchemeKeys = []; |
| 112 | var state; |
| 113 | for(k =0; k < o.length; k++) { |
| 114 | var scope = $(o[k]).attr('scope'); |
| 115 | if (scopes.indexOf(scope) === -1) |
| 116 | scopes.push(scope); |
| 117 | var OAuthSchemeKey = $(o[k]).attr('oauthtype'); |
| 118 | if (OAuthSchemeKeys.indexOf(OAuthSchemeKey) === -1) |
| 119 | OAuthSchemeKeys.push(OAuthSchemeKey); |
| 120 | } |
| 121 | |
| 122 | //TODO: merge not replace if scheme is different from any existing |
| 123 | //(needs to be aware of schemes to do so correctly) |
| 124 | window.enabledScopes=scopes; |
| 125 | |
| 126 | for (var key in authSchemes) { |
| 127 | if (authSchemes.hasOwnProperty(key) && OAuthSchemeKeys.indexOf(key) != -1) { //only look at keys that match this scope. |
| 128 | var flow = authSchemes[key].flow; |
| 129 | |
| 130 | if(authSchemes[key].type === 'oauth2' && flow && (flow === 'implicit' || flow === 'accessCode')) { |
| 131 | var dets = authSchemes[key]; |
| 132 | url = dets.authorizationUrl + '?response_type=' + (flow === 'implicit' ? 'token' : 'code'); |
| 133 | window.swaggerUi.tokenName = dets.tokenName || 'access_token'; |
| 134 | window.swaggerUi.tokenUrl = (flow === 'accessCode' ? dets.tokenUrl : null); |
| 135 | state = key; |
| 136 | } |
| 137 | else if(authSchemes[key].type === 'oauth2' && flow && (flow === 'application')) { |
| 138 | var dets = authSchemes[key]; |
| 139 | window.swaggerUi.tokenName = dets.tokenName || 'access_token'; |
| 140 | clientCredentialsFlow(scopes, dets.tokenUrl, key); |
| 141 | return; |
| 142 | } |
| 143 | else if(authSchemes[key].grantTypes) { |
| 144 | // 1.2 support |
| 145 | var o = authSchemes[key].grantTypes; |
| 146 | for(var t in o) { |
| 147 | if(o.hasOwnProperty(t) && t === 'implicit') { |
| 148 | var dets = o[t]; |
| 149 | var ep = dets.loginEndpoint.url; |
| 150 | url = dets.loginEndpoint.url + '?response_type=token'; |
| 151 | window.swaggerUi.tokenName = dets.tokenName; |
| 152 | } |
| 153 | else if (o.hasOwnProperty(t) && t === 'accessCode') { |
| 154 | var dets = o[t]; |
| 155 | var ep = dets.tokenRequestEndpoint.url; |
| 156 | url = dets.tokenRequestEndpoint.url + '?response_type=code'; |
| 157 | window.swaggerUi.tokenName = dets.tokenName; |
| 158 | } |
| 159 | } |
| 160 | } |
| 161 | } |
| 162 | } |
| 163 | |
| 164 | redirect_uri = redirectUrl; |
| 165 | |
| 166 | url += '&redirect_uri=' + encodeURIComponent(redirectUrl); |
| 167 | url += '&realm=' + encodeURIComponent(realm); |
| 168 | url += '&client_id=' + encodeURIComponent(clientId); |
| 169 | url += '&scope=' + encodeURIComponent(scopes.join(scopeSeparator)); |
| 170 | url += '&state=' + encodeURIComponent(state); |
| 171 | for (var key in additionalQueryStringParams) { |
| 172 | url += '&' + key + '=' + encodeURIComponent(additionalQueryStringParams[key]); |
| 173 | } |
| 174 | |
| 175 | window.open(url); |
| 176 | }); |
| 177 | |
| 178 | popupMask.show(); |
| 179 | popupDialog.show(); |
| 180 | return; |
| 181 | } |
| 182 | |
| 183 | |
| 184 | function handleLogout() { |
| 185 | for(key in window.swaggerUi.api.clientAuthorizations.authz){ |
| 186 | window.swaggerUi.api.clientAuthorizations.remove(key) |
| 187 | } |
| 188 | window.enabledScopes = null; |
| 189 | $('.api-ic.ic-on').addClass('ic-off'); |
| 190 | $('.api-ic.ic-on').removeClass('ic-on'); |
| 191 | |
| 192 | // set the info box |
| 193 | $('.api-ic.ic-warning').addClass('ic-error'); |
| 194 | $('.api-ic.ic-warning').removeClass('ic-warning'); |
| 195 | } |
| 196 | |
| 197 | function initOAuth(opts) { |
| 198 | var o = (opts||{}); |
| 199 | var errors = []; |
| 200 | |
| 201 | appName = (o.appName||errors.push('missing appName')); |
| 202 | popupMask = (o.popupMask||$('#api-common-mask')); |
| 203 | popupDialog = (o.popupDialog||$('.api-popup-dialog')); |
| 204 | clientId = (o.clientId||errors.push('missing client id')); |
| 205 | clientSecret = (o.clientSecret||null); |
| 206 | realm = (o.realm||errors.push('missing realm')); |
| 207 | scopeSeparator = (o.scopeSeparator||' '); |
| 208 | additionalQueryStringParams = (o.additionalQueryStringParams||{}); |
| 209 | |
| 210 | if(errors.length > 0){ |
| 211 | log('auth unable initialize oauth: ' + errors); |
| 212 | return; |
| 213 | } |
| 214 | |
| 215 | $('pre code').each(function(i, e) {hljs.highlightBlock(e)}); |
| 216 | $('.api-ic').unbind(); |
| 217 | $('.api-ic').click(function(s) { |
| 218 | if($(s.target).hasClass('ic-off')) |
| 219 | handleLogin(); |
| 220 | else { |
| 221 | handleLogout(); |
| 222 | } |
| 223 | false; |
| 224 | }); |
| 225 | } |
| 226 | |
| 227 | function clientCredentialsFlow(scopes, tokenUrl, OAuthSchemeKey) { |
| 228 | var params = { |
| 229 | 'client_id': clientId, |
| 230 | 'client_secret': clientSecret, |
| 231 | 'scope': scopes.join(' '), |
| 232 | 'grant_type': 'client_credentials' |
| 233 | } |
| 234 | $.ajax( |
| 235 | { |
| 236 | url : tokenUrl, |
| 237 | type: "POST", |
| 238 | data: params, |
| 239 | success:function(data, textStatus, jqXHR) |
| 240 | { |
| 241 | onOAuthComplete(data,OAuthSchemeKey); |
| 242 | }, |
| 243 | error: function(jqXHR, textStatus, errorThrown) |
| 244 | { |
| 245 | onOAuthComplete(""); |
| 246 | } |
| 247 | }); |
| 248 | |
| 249 | } |
| 250 | |
| 251 | window.processOAuthCode = function processOAuthCode(data) { |
| 252 | var OAuthSchemeKey = data.state; |
| 253 | |
| 254 | // redirect_uri is required in auth code flow |
| 255 | // see https://tools.ietf.org/html/draft-ietf-oauth-v2-31#section-4.1.3 |
| 256 | var host = window.location; |
| 257 | var pathname = location.pathname.substring(0, location.pathname.lastIndexOf("/")); |
| 258 | var defaultRedirectUrl = host.protocol + '//' + host.host + pathname + '/o2c.html'; |
| 259 | var redirectUrl = window.oAuthRedirectUrl || defaultRedirectUrl; |
| 260 | |
| 261 | var params = { |
| 262 | 'client_id': clientId, |
| 263 | 'code': data.code, |
| 264 | 'grant_type': 'authorization_code', |
| 265 | 'redirect_uri': redirectUrl |
| 266 | }; |
| 267 | |
| 268 | if (clientSecret) { |
| 269 | params.client_secret = clientSecret; |
| 270 | } |
| 271 | |
| 272 | $.ajax( |
| 273 | { |
| 274 | url : window.swaggerUi.tokenUrl, |
| 275 | type: "POST", |
| 276 | data: params, |
| 277 | success:function(data, textStatus, jqXHR) |
| 278 | { |
| 279 | onOAuthComplete(data, OAuthSchemeKey); |
| 280 | }, |
| 281 | error: function(jqXHR, textStatus, errorThrown) |
| 282 | { |
| 283 | onOAuthComplete(""); |
| 284 | } |
| 285 | }); |
| 286 | }; |
| 287 | |
| 288 | window.onOAuthComplete = function onOAuthComplete(token,OAuthSchemeKey) { |
| 289 | if(token) { |
| 290 | if(token.error) { |
| 291 | var checkbox = $('input[type=checkbox],.secured') |
| 292 | checkbox.each(function(pos){ |
| 293 | checkbox[pos].checked = false; |
| 294 | }); |
| 295 | alert(token.error); |
| 296 | } |
| 297 | else { |
| 298 | var b = token[window.swaggerUi.tokenName]; |
| 299 | if (!OAuthSchemeKey){ |
| 300 | OAuthSchemeKey = token.state; |
| 301 | } |
| 302 | if(b){ |
| 303 | // if all roles are satisfied |
| 304 | var o = null; |
| 305 | $.each($('.auth .api-ic .api_information_panel'), function(k, v) { |
| 306 | var children = v; |
| 307 | if(children && children.childNodes) { |
| 308 | var requiredScopes = []; |
| 309 | $.each((children.childNodes), function (k1, v1){ |
| 310 | var inner = v1.innerHTML; |
| 311 | if(inner) |
| 312 | requiredScopes.push(inner); |
| 313 | }); |
| 314 | var diff = []; |
| 315 | for(var i=0; i < requiredScopes.length; i++) { |
| 316 | var s = requiredScopes[i]; |
| 317 | if(window.enabledScopes && window.enabledScopes.indexOf(s) == -1) { |
| 318 | diff.push(s); |
| 319 | } |
| 320 | } |
| 321 | if(diff.length > 0){ |
| 322 | o = v.parentNode.parentNode; |
| 323 | $(o.parentNode).find('.api-ic.ic-on').addClass('ic-off'); |
| 324 | $(o.parentNode).find('.api-ic.ic-on').removeClass('ic-on'); |
| 325 | |
| 326 | // sorry, not all scopes are satisfied |
| 327 | $(o).find('.api-ic').addClass('ic-warning'); |
| 328 | $(o).find('.api-ic').removeClass('ic-error'); |
| 329 | } |
| 330 | else { |
| 331 | o = v.parentNode.parentNode; |
| 332 | $(o.parentNode).find('.api-ic.ic-off').addClass('ic-on'); |
| 333 | $(o.parentNode).find('.api-ic.ic-off').removeClass('ic-off'); |
| 334 | |
| 335 | // all scopes are satisfied |
| 336 | $(o).find('.api-ic').addClass('ic-info'); |
| 337 | $(o).find('.api-ic').removeClass('ic-warning'); |
| 338 | $(o).find('.api-ic').removeClass('ic-error'); |
| 339 | } |
| 340 | } |
| 341 | }); |
| 342 | window.swaggerUi.api.clientAuthorizations.add(window.OAuthSchemeKey, new SwaggerClient.ApiKeyAuthorization('Authorization', 'Bearer ' + b, 'header')); |
| 343 | window.swaggerUi.load(); |
| 344 | } |
| 345 | } |
| 346 | } |
| 347 | }; |