aboutsummaryrefslogtreecommitdiffstats
path: root/www/swagger/lib/swagger-oauth.js
diff options
context:
space:
mode:
Diffstat (limited to 'www/swagger/lib/swagger-oauth.js')
-rw-r--r--www/swagger/lib/swagger-oauth.js339
1 files changed, 339 insertions, 0 deletions
diff --git a/www/swagger/lib/swagger-oauth.js b/www/swagger/lib/swagger-oauth.js
new file mode 100644
index 0000000..2bb6be1
--- /dev/null
+++ b/www/swagger/lib/swagger-oauth.js
@@ -0,0 +1,339 @@
+var appName;
+var popupMask;
+var popupDialog;
+var clientId;
+var realm;
+var redirect_uri;
+var clientSecret;
+var scopeSeparator;
+var additionalQueryStringParams;
+
+function handleLogin() {
+ var scopes = [];
+
+ var auths = window.swaggerUi.api.authSchemes || window.swaggerUi.api.securityDefinitions;
+ if(auths) {
+ var key;
+ var defs = auths;
+ for(key in defs) {
+ var auth = defs[key];
+ if(auth.type === 'oauth2' && auth.scopes) {
+ var scope;
+ if(Array.isArray(auth.scopes)) {
+ // 1.2 support
+ var i;
+ for(i = 0; i < auth.scopes.length; i++) {
+ scopes.push(auth.scopes[i]);
+ }
+ }
+ else {
+ // 2.0 support
+ for(scope in auth.scopes) {
+ scopes.push({scope: scope, description: auth.scopes[scope], OAuthSchemeKey: key});
+ }
+ }
+ }
+ }
+ }
+
+ if(window.swaggerUi.api
+ && window.swaggerUi.api.info) {
+ appName = window.swaggerUi.api.info.title;
+ }
+
+ $('.api-popup-dialog').remove();
+ popupDialog = $(
+ [
+ '<div class="api-popup-dialog">',
+ '<div class="api-popup-title">Select OAuth2.0 Scopes</div>',
+ '<div class="api-popup-content">',
+ '<p>Scopes are used to grant an application different levels of access to data on behalf of the end user. Each API may declare one or more scopes.',
+ '<a href="#">Learn how to use</a>',
+ '</p>',
+ '<p><strong>' + appName + '</strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>',
+ '<ul class="api-popup-scopes">',
+ '</ul>',
+ '<p class="error-msg"></p>',
+ '<div class="api-popup-actions"><button class="api-popup-authbtn api-button green" type="button">Authorize</button><button class="api-popup-cancel api-button gray" type="button">Cancel</button></div>',
+ '</div>',
+ '</div>'].join(''));
+ $(document.body).append(popupDialog);
+
+ //TODO: only display applicable scopes (will need to pass them into handleLogin)
+ popup = popupDialog.find('ul.api-popup-scopes').empty();
+ for (i = 0; i < scopes.length; i ++) {
+ scope = scopes[i];
+ str = '<li><input type="checkbox" id="scope_' + i + '" scope="' + scope.scope + '"' +'" oauthtype="' + scope.OAuthSchemeKey +'"/>' + '<label for="scope_' + i + '">' + scope.scope ;
+ if (scope.description) {
+ if ($.map(auths, function(n, i) { return i; }).length > 1) //if we have more than one scheme, display schemes
+ str += '<br/><span class="api-scope-desc">' + scope.description + ' ('+ scope.OAuthSchemeKey+')' +'</span>';
+ else
+ str += '<br/><span class="api-scope-desc">' + scope.description + '</span>';
+ }
+ str += '</label></li>';
+ popup.append(str);
+ }
+
+ var $win = $(window),
+ dw = $win.width(),
+ dh = $win.height(),
+ st = $win.scrollTop(),
+ dlgWd = popupDialog.outerWidth(),
+ dlgHt = popupDialog.outerHeight(),
+ top = (dh -dlgHt)/2 + st,
+ left = (dw - dlgWd)/2;
+
+ popupDialog.css({
+ top: (top < 0? 0 : top) + 'px',
+ left: (left < 0? 0 : left) + 'px'
+ });
+
+ popupDialog.find('button.api-popup-cancel').click(function() {
+ popupMask.hide();
+ popupDialog.hide();
+ popupDialog.empty();
+ popupDialog = [];
+ });
+
+ $('button.api-popup-authbtn').unbind();
+ popupDialog.find('button.api-popup-authbtn').click(function() {
+ popupMask.hide();
+ popupDialog.hide();
+
+ var authSchemes = window.swaggerUi.api.authSchemes;
+ var host = window.location;
+ var pathname = location.pathname.substring(0, location.pathname.lastIndexOf("/"));
+ var defaultRedirectUrl = host.protocol + '//' + host.host + pathname + '/o2c.html';
+ var redirectUrl = window.oAuthRedirectUrl || defaultRedirectUrl;
+ var url = null;
+ var scopes = []
+ var o = popup.find('input:checked');
+ var OAuthSchemeKeys = [];
+ var state;
+ for(k =0; k < o.length; k++) {
+ var scope = $(o[k]).attr('scope');
+ if (scopes.indexOf(scope) === -1)
+ scopes.push(scope);
+ var OAuthSchemeKey = $(o[k]).attr('oauthtype');
+ if (OAuthSchemeKeys.indexOf(OAuthSchemeKey) === -1)
+ OAuthSchemeKeys.push(OAuthSchemeKey);
+ }
+
+ //TODO: merge not replace if scheme is different from any existing
+ //(needs to be aware of schemes to do so correctly)
+ window.enabledScopes=scopes;
+
+ for (var key in authSchemes) {
+ if (authSchemes.hasOwnProperty(key) && OAuthSchemeKeys.indexOf(key) != -1) { //only look at keys that match this scope.
+ var flow = authSchemes[key].flow;
+
+ if(authSchemes[key].type === 'oauth2' && flow && (flow === 'implicit' || flow === 'accessCode')) {
+ var dets = authSchemes[key];
+ url = dets.authorizationUrl + '?response_type=' + (flow === 'implicit' ? 'token' : 'code');
+ window.swaggerUi.tokenName = dets.tokenName || 'access_token';
+ window.swaggerUi.tokenUrl = (flow === 'accessCode' ? dets.tokenUrl : null);
+ state = key;
+ }
+ else if(authSchemes[key].type === 'oauth2' && flow && (flow === 'application')) {
+ var dets = authSchemes[key];
+ window.swaggerUi.tokenName = dets.tokenName || 'access_token';
+ clientCredentialsFlow(scopes, dets.tokenUrl, key);
+ return;
+ }
+ else if(authSchemes[key].grantTypes) {
+ // 1.2 support
+ var o = authSchemes[key].grantTypes;
+ for(var t in o) {
+ if(o.hasOwnProperty(t) && t === 'implicit') {
+ var dets = o[t];
+ var ep = dets.loginEndpoint.url;
+ url = dets.loginEndpoint.url + '?response_type=token';
+ window.swaggerUi.tokenName = dets.tokenName;
+ }
+ else if (o.hasOwnProperty(t) && t === 'accessCode') {
+ var dets = o[t];
+ var ep = dets.tokenRequestEndpoint.url;
+ url = dets.tokenRequestEndpoint.url + '?response_type=code';
+ window.swaggerUi.tokenName = dets.tokenName;
+ }
+ }
+ }
+ }
+ }
+
+ redirect_uri = redirectUrl;
+
+ url += '&redirect_uri=' + encodeURIComponent(redirectUrl);
+ url += '&realm=' + encodeURIComponent(realm);
+ url += '&client_id=' + encodeURIComponent(clientId);
+ url += '&scope=' + encodeURIComponent(scopes.join(scopeSeparator));
+ url += '&state=' + encodeURIComponent(state);
+ for (var key in additionalQueryStringParams) {
+ url += '&' + key + '=' + encodeURIComponent(additionalQueryStringParams[key]);
+ }
+
+ window.open(url);
+ });
+
+ popupMask.show();
+ popupDialog.show();
+ return;
+}
+
+
+function handleLogout() {
+ for(key in window.swaggerUi.api.clientAuthorizations.authz){
+ window.swaggerUi.api.clientAuthorizations.remove(key)
+ }
+ window.enabledScopes = null;
+ $('.api-ic.ic-on').addClass('ic-off');
+ $('.api-ic.ic-on').removeClass('ic-on');
+
+ // set the info box
+ $('.api-ic.ic-warning').addClass('ic-error');
+ $('.api-ic.ic-warning').removeClass('ic-warning');
+}
+
+function initOAuth(opts) {
+ var o = (opts||{});
+ var errors = [];
+
+ appName = (o.appName||errors.push('missing appName'));
+ popupMask = (o.popupMask||$('#api-common-mask'));
+ popupDialog = (o.popupDialog||$('.api-popup-dialog'));
+ clientId = (o.clientId||errors.push('missing client id'));
+ clientSecret = (o.clientSecret||null);
+ realm = (o.realm||errors.push('missing realm'));
+ scopeSeparator = (o.scopeSeparator||' ');
+ additionalQueryStringParams = (o.additionalQueryStringParams||{});
+
+ if(errors.length > 0){
+ log('auth unable initialize oauth: ' + errors);
+ return;
+ }
+
+ $('pre code').each(function(i, e) {hljs.highlightBlock(e)});
+ $('.api-ic').unbind();
+ $('.api-ic').click(function(s) {
+ if($(s.target).hasClass('ic-off'))
+ handleLogin();
+ else {
+ handleLogout();
+ }
+ false;
+ });
+}
+
+function clientCredentialsFlow(scopes, tokenUrl, OAuthSchemeKey) {
+ var params = {
+ 'client_id': clientId,
+ 'client_secret': clientSecret,
+ 'scope': scopes.join(' '),
+ 'grant_type': 'client_credentials'
+ }
+ $.ajax(
+ {
+ url : tokenUrl,
+ type: "POST",
+ data: params,
+ success:function(data, textStatus, jqXHR)
+ {
+ onOAuthComplete(data,OAuthSchemeKey);
+ },
+ error: function(jqXHR, textStatus, errorThrown)
+ {
+ onOAuthComplete("");
+ }
+ });
+
+ }
+
+window.processOAuthCode = function processOAuthCode(data) {
+ var OAuthSchemeKey = data.state;
+ var params = {
+ 'client_id': clientId,
+ 'code': data.code,
+ 'grant_type': 'authorization_code',
+ 'redirect_uri': redirect_uri
+ };
+
+ if (clientSecret) {
+ params.client_secret = clientSecret;
+ }
+
+ $.ajax(
+ {
+ url : window.swaggerUi.tokenUrl,
+ type: "POST",
+ data: params,
+ success:function(data, textStatus, jqXHR)
+ {
+ onOAuthComplete(data, OAuthSchemeKey);
+ },
+ error: function(jqXHR, textStatus, errorThrown)
+ {
+ onOAuthComplete("");
+ }
+ });
+};
+
+window.onOAuthComplete = function onOAuthComplete(token,OAuthSchemeKey) {
+ if(token) {
+ if(token.error) {
+ var checkbox = $('input[type=checkbox],.secured')
+ checkbox.each(function(pos){
+ checkbox[pos].checked = false;
+ });
+ alert(token.error);
+ }
+ else {
+ var b = token[window.swaggerUi.tokenName];
+ if (!OAuthSchemeKey){
+ OAuthSchemeKey = token.state;
+ }
+ if(b){
+ // if all roles are satisfied
+ var o = null;
+ $.each($('.auth .api-ic .api_information_panel'), function(k, v) {
+ var children = v;
+ if(children && children.childNodes) {
+ var requiredScopes = [];
+ $.each((children.childNodes), function (k1, v1){
+ var inner = v1.innerHTML;
+ if(inner)
+ requiredScopes.push(inner);
+ });
+ var diff = [];
+ for(var i=0; i < requiredScopes.length; i++) {
+ var s = requiredScopes[i];
+ if(window.enabledScopes && window.enabledScopes.indexOf(s) == -1) {
+ diff.push(s);
+ }
+ }
+ if(diff.length > 0){
+ o = v.parentNode.parentNode;
+ $(o.parentNode).find('.api-ic.ic-on').addClass('ic-off');
+ $(o.parentNode).find('.api-ic.ic-on').removeClass('ic-on');
+
+ // sorry, not all scopes are satisfied
+ $(o).find('.api-ic').addClass('ic-warning');
+ $(o).find('.api-ic').removeClass('ic-error');
+ }
+ else {
+ o = v.parentNode.parentNode;
+ $(o.parentNode).find('.api-ic.ic-off').addClass('ic-on');
+ $(o.parentNode).find('.api-ic.ic-off').removeClass('ic-off');
+
+ // all scopes are satisfied
+ $(o).find('.api-ic').addClass('ic-info');
+ $(o).find('.api-ic').removeClass('ic-warning');
+ $(o).find('.api-ic').removeClass('ic-error');
+ }
+ }
+ });
+ window.swaggerUi.api.clientAuthorizations.add(window.OAuthSchemeKey, new SwaggerClient.ApiKeyAuthorization('Authorization', 'Bearer ' + b, 'header'));
+ window.swaggerUi.load();
+ }
+ }
+ }
+};