From 52db742a10151f1df5e553d9147604fa1725e076 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Adler?= Date: Thu, 3 Apr 2014 12:31:02 +0200 Subject: [PATCH] The list of scopes now RFC6749 Sec.3.3 compliant See http://tools.ietf.org/html/rfc6749#section-3.3 for details. The callback url is now determined correctly if the swagger index.html file and therefore the o2c.html is not in root directory of the host. Also the popup opens more than one authorization-request-tab in firefox (seems to append the on-click js method instead of replacing it) --- lib/swagger-oauth.js | 113 +++++++++++++++++++++++-------------------- 1 file changed, 60 insertions(+), 53 deletions(-) diff --git a/lib/swagger-oauth.js b/lib/swagger-oauth.js index 6895968e..19777eb9 100644 --- a/lib/swagger-oauth.js +++ b/lib/swagger-oauth.js @@ -48,65 +48,72 @@ function handleLogin() { str += ''; popup.append(str); } - } - - var $win = $(window), - dw = $win.width(), - dh = $win.height(), - st = $win.scrollTop(), - dlgWd = popupDialog.outerWidth(), - dlgHt = popupDialog.outerHeight(), - top = (dh -dlgHt)/2 + st, - left = (dw - dlgWd)/2; - - popupDialog.css({ - top: (top < 0? 0 : top) + 'px', - left: (left < 0? 0 : left) + 'px' - }); - - popupDialog.find('button.api-popup-cancel').click(function() { - popupMask.hide(); - popupDialog.hide(); - }); - popupDialog.find('button.api-popup-authbtn').click(function() { - popupMask.hide(); - popupDialog.hide(); - - var authSchemes = window.swaggerUi.api.authSchemes; - var host = window.location; - var redirectUrl = host.protocol + '//' + host.host + "/o2c.html"; - var url = null; - - var p = window.swaggerUi.api.authSchemes; - for (var key in p) { - if (p.hasOwnProperty(key)) { - var o = p[key].grantTypes; - for(var t in o) { - if(o.hasOwnProperty(t) && t === 'implicit') { - var dets = o[t]; - url = dets.loginEndpoint.url + "?response_type=token"; - window.swaggerUi.tokenName = dets.tokenName; + + + var $win = $(window), + dw = $win.width(), + dh = $win.height(), + st = $win.scrollTop(), + dlgWd = popupDialog.outerWidth(), + dlgHt = popupDialog.outerHeight(), + top = (dh -dlgHt)/2 + st, + left = (dw - dlgWd)/2; + + popupDialog.css({ + top: (top < 0? 0 : top) + 'px', + left: (left < 0? 0 : left) + 'px' + }); + + popupDialog.find('button.api-popup-cancel').click(function() { + popupMask.hide(); + popupDialog.hide(); + }); + popupDialog.find('button.api-popup-authbtn').click(function() { + popupMask.hide(); + popupDialog.hide(); + + var authSchemes = window.swaggerUi.api.authSchemes; + var location = window.location; + var locationUrl = location.protocol + '//' + location.host + location.pathname; + var redirectUrl = locationUrl.replace("index.html","").concat("/o2c.html").replace("//o2c.html","/o2c.html"); + var url = null; + + var p = window.swaggerUi.api.authSchemes; + for (var key in p) { + if (p.hasOwnProperty(key)) { + var o = p[key].grantTypes; + for(var t in o) { + if(o.hasOwnProperty(t) && t === 'implicit') { + var dets = o[t]; + url = dets.loginEndpoint.url + "?response_type=token"; + window.swaggerUi.tokenName = dets.tokenName; + } } } } - } - var scopes = [] - var o = $('.api-popup-scopes').find('input:checked'); - - for(k =0; k < o.length; k++) { - scopes.push($(o[k]).attr("scope")); - } - - window.enabledScopes=scopes; + var scopes = []; + var scopeForUrl=''; + var o = $('.api-popup-scopes').find('input:checked'); + + for(var k =0; k < o.length; k++) { + scopes.push($(o[k]).attr("scope")); + if(k > 0){ + scopeForUrl+=' '; + } + scopeForUrl+=$(o[k]).attr("scope"); + } - url += '&redirect_uri=' + encodeURIComponent(redirectUrl); - url += '&realm=' + encodeURIComponent(realm); - url += '&client_id=' + encodeURIComponent(clientId); - url += '&scope=' + encodeURIComponent(scopes); + window.enabledScopes=scopes; + - window.open(url); - }); + url += '&redirect_uri=' + encodeURIComponent(redirectUrl); + url += '&realm=' + encodeURIComponent(realm); + url += '&client_id=' + encodeURIComponent(clientId); + url += '&scope=' + encodeURIComponent(scopeForUrl); + window.open(url); + }); + } popupMask.show(); popupDialog.show(); return;