bubblev
/
swagger-ui
4
0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1171 Commits
2 Branches
306 MiB
 
 
 
 
Tree: 29854dc2ff
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van '29854dc2ff'
${ noResults }
swagger-ui/lib/swagger-oauth.js

295 regels
9.0 KiB
Ruw Blame Geschiedenis 

  1. var appName;

  2. var popupMask;

  3. var popupDialog;

  4. var clientId;

  5. var realm;

  6. var oauth2KeyName;

  7. var redirect_uri;

  8. var clientSecret;

  9. var scopeSeparator;

  10. 

  11. function handleLogin() {

  12.   var scopes = [];

  13. 

  14.   var auths = window.swaggerUi.api.authSchemes || window.swaggerUi.api.securityDefinitions;

  15.   if(auths) {

  16.     var key;

  17.     var defs = auths;

  18.     for(key in defs) {

  19.       var auth = defs[key];

  20.       if(auth.type === 'oauth2' && auth.scopes) {

  21.         oauth2KeyName = key;

  22.         var scope;

  23.         if(Array.isArray(auth.scopes)) {

  24.           // 1.2 support

  25.           var i;

  26.           for(i = 0; i < auth.scopes.length; i++) {

  27.             scopes.push(auth.scopes[i]);

  28.           }

  29.         }

  30.         else {

  31.           // 2.0 support

  32.           for(scope in auth.scopes) {

  33.             scopes.push({scope: scope, description: auth.scopes[scope]});

  34.           }

  35.         }

  36.       }

  37.     }

  38.   }

  39. 

  40.   if(window.swaggerUi.api

  41.     && window.swaggerUi.api.info) {

  42.     appName = window.swaggerUi.api.info.title;

  43.   }

  44. 

  45.   $('.api-popup-dialog').remove(); 

  46.   popupDialog = $(

  47.     [

  48.       '<div class="api-popup-dialog">',

  49.       '<div class="api-popup-title">Select OAuth2.0 Scopes</div>',

  50.       '<div class="api-popup-content">',

  51.         '<p>Scopes are used to grant an application different levels of access to data on behalf of the end user. Each API may declare one or more scopes.',

  52.           '<a href="#">Learn how to use</a>',

  53.         '</p>',

  54.         '<p><strong>' + appName + '</strong> API requires the following scopes. Select which ones you want to grant to Swagger UI.</p>',

  55.         '<ul class="api-popup-scopes">',

  56.         '</ul>',

  57.         '<p class="error-msg"></p>',

  58.         '<div class="api-popup-actions"><button class="api-popup-authbtn api-button green" type="button">Authorize</button><button class="api-popup-cancel api-button gray" type="button">Cancel</button></div>',

  59.       '</div>',

  60.       '</div>'].join(''));

  61.   $(document.body).append(popupDialog);

  62. 

  63.   popup = popupDialog.find('ul.api-popup-scopes').empty();

  64.   for (i = 0; i < scopes.length; i ++) {

  65.     scope = scopes[i];

  66.     str = '<li><input type="checkbox" id="scope_' + i + '" scope="' + scope.scope + '"/>' + '<label for="scope_' + i + '">' + scope.scope;

  67.     if (scope.description) {

  68.       str += '<br/><span class="api-scope-desc">' + scope.description + '</span>';

  69.     }

  70.     str += '</label></li>';

  71.     popup.append(str);

  72.   }

  73. 

  74.   var $win = $(window),

  75.     dw = $win.width(),

  76.     dh = $win.height(),

  77.     st = $win.scrollTop(),

  78.     dlgWd = popupDialog.outerWidth(),

  79.     dlgHt = popupDialog.outerHeight(),

  80.     top = (dh -dlgHt)/2 + st,

  81.     left = (dw - dlgWd)/2;

  82. 

  83.   popupDialog.css({

  84.     top: (top < 0? 0 : top) + 'px',

  85.     left: (left < 0? 0 : left) + 'px'

  86.   });

  87. 

  88.   popupDialog.find('button.api-popup-cancel').click(function() {

  89.     popupMask.hide();

  90.     popupDialog.hide();

  91.     popupDialog.empty();

  92.     popupDialog = [];

  93.   });

  94. 

  95.   $('button.api-popup-authbtn').unbind();

  96.   popupDialog.find('button.api-popup-authbtn').click(function() {

  97.     popupMask.hide();

  98.     popupDialog.hide();

  99. 

  100.     var authSchemes = window.swaggerUi.api.authSchemes;

  101.     var host = window.location;

  102.     var pathname = location.pathname.substring(0, location.pathname.lastIndexOf("/"));

  103.     var defaultRedirectUrl = host.protocol + '//' + host.host + pathname + '/o2c.html';

  104.     var redirectUrl = window.oAuthRedirectUrl || defaultRedirectUrl;

  105.     var url = null;

  106. 

  107.     for (var key in authSchemes) {

  108.       if (authSchemes.hasOwnProperty(key)) {

  109.         var flow = authSchemes[key].flow;

  110. 

  111.         if(authSchemes[key].type === 'oauth2' && flow && (flow === 'implicit' || flow === 'accessCode')) {

  112.           var dets = authSchemes[key];

  113.           url = dets.authorizationUrl + '?response_type=' + (flow === 'implicit' ? 'token' : 'code');

  114.           window.swaggerUi.tokenName = dets.tokenName || 'access_token';

  115.           window.swaggerUi.tokenUrl = (flow === 'accessCode' ? dets.tokenUrl : null);

  116.         }

  117.         else if(authSchemes[key].grantTypes) {

  118.           // 1.2 support

  119.           var o = authSchemes[key].grantTypes;

  120.           for(var t in o) {

  121.             if(o.hasOwnProperty(t) && t === 'implicit') {

  122.               var dets = o[t];

  123.               var ep = dets.loginEndpoint.url;

  124.               url = dets.loginEndpoint.url + '?response_type=token';

  125.               window.swaggerUi.tokenName = dets.tokenName;

  126.             }

  127.             else if (o.hasOwnProperty(t) && t === 'accessCode') {

  128.               var dets = o[t];

  129.               var ep = dets.tokenRequestEndpoint.url;

  130.               url = dets.tokenRequestEndpoint.url + '?response_type=code';

  131.               window.swaggerUi.tokenName = dets.tokenName;

  132.             }

  133.           }

  134.         }

  135.       }

  136.     }

  137.     var scopes = []

  138.     var o = $('.api-popup-scopes').find('input:checked');

  139. 

  140.     for(k =0; k < o.length; k++) {

  141.       var scope = $(o[k]).attr('scope');

  142. 

  143.       if (scopes.indexOf(scope) === -1)

  144.         scopes.push(scope);

  145.     }

  146. 

  147.     // Implicit auth recommends a state parameter.

  148.     var state = Math.random ();

  149. 

  150.     window.enabledScopes=scopes;

  151. 

  152.     redirect_uri = redirectUrl;

  153. 

  154.     url += '&redirect_uri=' + encodeURIComponent(redirectUrl);

  155.     url += '&realm=' + encodeURIComponent(realm);

  156.     url += '&client_id=' + encodeURIComponent(clientId);

  157.     url += '&scope=' + encodeURIComponent(scopes.join(scopeSeparator));

  158.     url += '&state=' + encodeURIComponent(state);

  159. 

  160.     window.open(url);

  161.   });

  162. 

  163.   popupMask.show();

  164.   popupDialog.show();

  165.   return;

  166. }

  167. 

  168. 

  169. function handleLogout() {

  170.   for(key in window.swaggerUi.api.clientAuthorizations.authz){

  171.     window.swaggerUi.api.clientAuthorizations.remove(key)

  172.   }

  173.   window.enabledScopes = null;

  174.   $('.api-ic.ic-on').addClass('ic-off');

  175.   $('.api-ic.ic-on').removeClass('ic-on');

  176. 

  177.   // set the info box

  178.   $('.api-ic.ic-warning').addClass('ic-error');

  179.   $('.api-ic.ic-warning').removeClass('ic-warning');

  180. }

  181. 

  182. function initOAuth(opts) {

  183.   var o = (opts||{});

  184.   var errors = [];

  185. 

  186.   appName = (o.appName||errors.push('missing appName'));

  187.   popupMask = (o.popupMask||$('#api-common-mask'));

  188.   popupDialog = (o.popupDialog||$('.api-popup-dialog'));

  189.   clientId = (o.clientId||errors.push('missing client id'));

  190.   clientSecret = (o.clientSecret||null);

  191.   realm = (o.realm||errors.push('missing realm'));

  192.   scopeSeparator = (o.scopeSeparator||' ');

  193. 

  194.   if(errors.length > 0){

  195.     log('auth unable initialize oauth: ' + errors);

  196.     return;

  197.   }

  198. 

  199.   $('pre code').each(function(i, e) {hljs.highlightBlock(e)});

  200.   $('.api-ic').unbind();

  201.   $('.api-ic').click(function(s) {

  202.     if($(s.target).hasClass('ic-off'))

  203.       handleLogin();

  204.     else {

  205.       handleLogout();

  206.     }

  207.     false;

  208.   });

  209. }

  210. 

  211. window.processOAuthCode = function processOAuthCode(data) {

  212.   var params = {

  213.     'client_id': clientId,

  214.     'code': data.code,

  215.     'grant_type': 'authorization_code',

  216.     'redirect_uri': redirect_uri

  217.   };

  218. 

  219.   if (clientSecret) {

  220.     params.client_secret = clientSecret;

  221.   }

  222. 

  223.   $.ajax(

  224.   {

  225.     url : window.swaggerUi.tokenUrl,

  226.     type: "POST",

  227.     data: params,

  228.     success:function(data, textStatus, jqXHR)

  229.     {

  230.       onOAuthComplete(data);

  231.     },

  232.     error: function(jqXHR, textStatus, errorThrown)

  233.     {

  234.       onOAuthComplete("");

  235.     }

  236.   });

  237. };

  238. 

  239. window.onOAuthComplete = function onOAuthComplete(token) {

  240.   if(token) {

  241.     if(token.error) {

  242.       var checkbox = $('input[type=checkbox],.secured')

  243.       checkbox.each(function(pos){

  244.         checkbox[pos].checked = false;

  245.       });

  246.       alert(token.error);

  247.     }

  248.     else {

  249.       var b = token[window.swaggerUi.tokenName];

  250.       if(b){

  251.         // if all roles are satisfied

  252.         var o = null;

  253.         $.each($('.auth .api-ic .api_information_panel'), function(k, v) {

  254.           var children = v;

  255.           if(children && children.childNodes) {

  256.             var requiredScopes = [];

  257.             $.each((children.childNodes), function (k1, v1){

  258.               var inner = v1.innerHTML;

  259.               if(inner)

  260.                 requiredScopes.push(inner);

  261.             });

  262.             var diff = [];

  263.             for(var i=0; i < requiredScopes.length; i++) {

  264.               var s = requiredScopes[i];

  265.               if(window.enabledScopes && window.enabledScopes.indexOf(s) == -1) {

  266.                 diff.push(s);

  267.               }

  268.             }

  269.             if(diff.length > 0){

  270.               o = v.parentNode.parentNode;

  271.               $(o.parentNode).find('.api-ic.ic-on').addClass('ic-off');

  272.               $(o.parentNode).find('.api-ic.ic-on').removeClass('ic-on');

  273. 

  274.               // sorry, not all scopes are satisfied

  275.               $(o).find('.api-ic').addClass('ic-warning');

  276.               $(o).find('.api-ic').removeClass('ic-error');

  277.             }

  278.             else {

  279.               o = v.parentNode.parentNode;

  280.               $(o.parentNode).find('.api-ic.ic-off').addClass('ic-on');

  281.               $(o.parentNode).find('.api-ic.ic-off').removeClass('ic-off');

  282. 

  283.               // all scopes are satisfied

  284.               $(o).find('.api-ic').addClass('ic-info');

  285.               $(o).find('.api-ic').removeClass('ic-warning');

  286.               $(o).find('.api-ic').removeClass('ic-error');

  287.             }

  288.           }

  289.         });

  290.         window.swaggerUi.api.clientAuthorizations.add(oauth2KeyName, new SwaggerClient.ApiKeyAuthorization('Authorization', 'Bearer ' + b, 'header'));

  291.       }

  292.     }

  293.   }

  294. };