mirror of
https://github.com/inverse-inc/sogo.git
synced 2026-02-17 07:33:57 +00:00
add openid auth bearer
This commit is contained in:
@@ -31,48 +31,21 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|||||||
#include "SOGoAPIDispatcher.h"
|
#include "SOGoAPIDispatcher.h"
|
||||||
|
|
||||||
#import <Foundation/NSAutoreleasePool.h>
|
#import <Foundation/NSAutoreleasePool.h>
|
||||||
#import <Foundation/NSProcessInfo.h>
|
|
||||||
#import <Foundation/NSTimeZone.h>
|
|
||||||
#import <Foundation/NSURL.h>
|
|
||||||
#import <Foundation/NSValue.h>
|
|
||||||
|
|
||||||
#import <NGObjWeb/NSException+HTTP.h>
|
#import <NGObjWeb/NSException+HTTP.h>
|
||||||
#import <NGObjWeb/SoPermissions.h>
|
|
||||||
#import <NGObjWeb/SoSecurityManager.h>
|
|
||||||
#import <NGObjWeb/WOContext+SoObjects.h>
|
#import <NGObjWeb/WOContext+SoObjects.h>
|
||||||
#import <NGObjWeb/WOCoreApplication.h>
|
#import <NGObjWeb/WOCoreApplication.h>
|
||||||
#import <NGObjWeb/SoHTTPAuthenticator.h>
|
|
||||||
|
|
||||||
#import <NGCards/iCalCalendar.h>
|
|
||||||
#import <NGCards/iCalEvent.h>
|
|
||||||
#import <NGCards/iCalAlarm.h>
|
|
||||||
#import <NGCards/iCalPerson.h>
|
|
||||||
|
|
||||||
#import <NGExtensions/NGBase64Coding.h>
|
|
||||||
|
|
||||||
#import <NGExtensions/NSCalendarDate+misc.h>
|
|
||||||
#import <NGExtensions/NGCalendarDateRange.h>
|
|
||||||
#import <NGExtensions/NGHashMap.h>
|
|
||||||
#import <NGExtensions/NSObject+Logs.h>
|
#import <NGExtensions/NSObject+Logs.h>
|
||||||
#import <NGExtensions/NSString+misc.h>
|
#import <NGExtensions/NSString+misc.h>
|
||||||
#import <NGExtensions/NSString+Encoding.h>
|
#import <NGExtensions/NSString+Encoding.h>
|
||||||
|
|
||||||
#import <SOGo/NSArray+DAV.h>
|
|
||||||
#import <SOGo/NSDictionary+DAV.h>
|
|
||||||
#import <SOGo/SOGoCache.h>
|
|
||||||
#import <SOGo/SOGoCacheGCSObject.h>
|
|
||||||
#import <SOGo/SOGoMailer.h>
|
|
||||||
#import <SOGo/SOGoSystemDefaults.h>
|
#import <SOGo/SOGoSystemDefaults.h>
|
||||||
#import <SOGo/SOGoUser.h>
|
#import <SOGo/SOGoUser.h>
|
||||||
#import <SOGo/SOGoUserFolder.h>
|
|
||||||
#import <SOGo/SOGoUserManager.h>
|
#import <SOGo/SOGoUserManager.h>
|
||||||
#import <SOGo/GCSSpecialQueries+SOGoCacheObject.h>
|
|
||||||
#import <SOGo/NSString+Utilities.h>
|
#import <SOGo/NSString+Utilities.h>
|
||||||
#import <SOGo/WORequest+SOGo.h>
|
#import <SOGo/WORequest+SOGo.h>
|
||||||
#import <SOGo/WOResponse+SOGo.h>
|
#import <SOGo/WOResponse+SOGo.h>
|
||||||
#import <SOGo/NSArray+Utilities.h>
|
#import <SOGo/NSArray+Utilities.h>
|
||||||
#import <SOGo/NSString+Utilities.h>
|
#import <SOGo/NSString+Utilities.h>
|
||||||
#import <SOGo/SOGoPermissions.h>
|
#import <SOGo/SOGoOpenIdSession.h>
|
||||||
|
|
||||||
|
|
||||||
void handle_api_terminate(int signum)
|
void handle_api_terminate(int signum)
|
||||||
@@ -206,6 +179,39 @@ void handle_api_terminate(int signum)
|
|||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
- (NSDictionary *) _authOpenId: (NSString *) auth withDomain: (NSString *) domain
|
||||||
|
{
|
||||||
|
NSDictionary *user;
|
||||||
|
NSString *token, *login;
|
||||||
|
SOGoOpenIdSession *openIdSession;
|
||||||
|
SOGoUserManager *lm;
|
||||||
|
|
||||||
|
user = nil;
|
||||||
|
token = [[auth substringFromIndex:6] stringByTrimmingLeadWhiteSpaces];
|
||||||
|
|
||||||
|
openIdSession = [SOGoOpenIdSession OpenIdSession: domain];
|
||||||
|
if(![openIdSession sessionIsOk])
|
||||||
|
{
|
||||||
|
[self errorWithFormat: @"API - OpenId server not found or has unexpected behavior, contact your admin."];
|
||||||
|
return nil;
|
||||||
|
}
|
||||||
|
|
||||||
|
[openIdSession setAccessToken: token];
|
||||||
|
login = [openIdSession login: @""];
|
||||||
|
|
||||||
|
if(login && ![login isEqualToString: @"anonymous"])
|
||||||
|
{
|
||||||
|
//Fecth user info
|
||||||
|
lm = [SOGoUserManager sharedUserManager];
|
||||||
|
user = [lm contactInfosForUserWithUIDorEmail: login];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
user = nil;
|
||||||
|
|
||||||
|
return user;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
- (NSException *) dispatchRequest: (WORequest*) theRequest
|
- (NSException *) dispatchRequest: (WORequest*) theRequest
|
||||||
inResponse: (WOResponse*) theResponse
|
inResponse: (WOResponse*) theResponse
|
||||||
context: (id) theContext
|
context: (id) theContext
|
||||||
@@ -323,8 +329,9 @@ void handle_api_terminate(int signum)
|
|||||||
}
|
}
|
||||||
else if([[auth lowercaseString] hasPrefix: @"bearer"])
|
else if([[auth lowercaseString] hasPrefix: @"bearer"])
|
||||||
{
|
{
|
||||||
//openid auth
|
//openid auth, we may need to know the user-domain to know which openid server to fetch
|
||||||
|
NSString *domain = [theRequest headerForKey: @"user-domain"];
|
||||||
|
user = [self _authOpenId: auth withDomain: domain];
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -23,54 +23,51 @@
|
|||||||
|
|
||||||
- (NSDictionary *) action: (WOContext*) ctx withParam: (NSDictionary *) param
|
- (NSDictionary *) action: (WOContext*) ctx withParam: (NSDictionary *) param
|
||||||
{
|
{
|
||||||
/*
|
NSDictionary* result;
|
||||||
Coté sogo, il faudrait un endpoint API qui retourne tous les liens caldav/cardav + leur nom lisible de l’utilisateur.
|
NSArray *folders;
|
||||||
*/
|
NSMutableArray *cardavLinks, *caldavLinks;
|
||||||
NSDictionary* result;
|
NSString *serverUrl, *basePath, *c_uid, *url;
|
||||||
NSArray *folders;
|
GCSFolderManager *fm;
|
||||||
NSMutableArray *cardavLinks, *caldavLinks;
|
int max, i;
|
||||||
NSString *serverUrl, *basePath, *c_uid, *url;
|
|
||||||
GCSFolderManager *fm;
|
|
||||||
int max, i;
|
|
||||||
|
|
||||||
//Should be a user
|
//Should be a user
|
||||||
c_uid = [[[param objectForKey: @"user"] objectForKey: @"emails"] objectAtIndex: 0];
|
c_uid = [[[param objectForKey: @"user"] objectForKey: @"emails"] objectAtIndex: 0];
|
||||||
|
|
||||||
//fetch folders
|
//fetch folders
|
||||||
fm = [GCSFolderManager defaultFolderManager];
|
fm = [GCSFolderManager defaultFolderManager];
|
||||||
basePath = [NSString stringWithFormat: @"/Users/%@", c_uid];
|
basePath = [NSString stringWithFormat: @"/Users/%@", c_uid];
|
||||||
folders = [fm listSubFoldersAtPath: basePath recursive: YES];
|
folders = [fm listSubFoldersAtPath: basePath recursive: YES];
|
||||||
|
|
||||||
//Generate dav link
|
//Generate dav link
|
||||||
max = [folders count];
|
max = [folders count];
|
||||||
serverUrl = [[ctx serverURL] absoluteString];
|
serverUrl = [[ctx serverURL] absoluteString];
|
||||||
|
|
||||||
cardavLinks = [NSMutableArray array];
|
cardavLinks = [NSMutableArray array];
|
||||||
caldavLinks = [NSMutableArray array];
|
caldavLinks = [NSMutableArray array];
|
||||||
serverUrl = [[ctx serverURL] absoluteString];
|
serverUrl = [[ctx serverURL] absoluteString];
|
||||||
for (i = 0; i < max; i++)
|
for (i = 0; i < max; i++)
|
||||||
{
|
|
||||||
url = [NSString stringWithFormat: @"%@/SOGo/dav/%@/%@", serverUrl, c_uid, [folders objectAtIndex: i]];
|
|
||||||
if([url rangeOfString:@"/Calendar/"].location == NSNotFound)
|
|
||||||
{
|
{
|
||||||
//Contacts
|
url = [NSString stringWithFormat: @"%@/SOGo/dav/%@/%@", serverUrl, c_uid, [folders objectAtIndex: i]];
|
||||||
[cardavLinks addObject: url];
|
if([url rangeOfString:@"/Calendar/"].location == NSNotFound)
|
||||||
|
{
|
||||||
|
//Contacts
|
||||||
|
[cardavLinks addObject: url];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
//Calendar
|
||||||
|
[caldavLinks addObject: url];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
//Calendar
|
|
||||||
[caldavLinks addObject: url];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
result = [[NSDictionary alloc] initWithObjectsAndKeys:
|
result = [[NSDictionary alloc] initWithObjectsAndKeys:
|
||||||
c_uid, @"username",
|
c_uid, @"username",
|
||||||
cardavLinks, @"contact",
|
cardavLinks, @"contact",
|
||||||
caldavLinks, @"calendar",
|
caldavLinks, @"calendar",
|
||||||
nil];
|
nil];
|
||||||
|
|
||||||
[result autorelease];
|
[result autorelease];
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -54,6 +54,13 @@ static BOOL SOGoOpenIDDebugEnabled = YES;
|
|||||||
return NO;
|
return NO;
|
||||||
}
|
}
|
||||||
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
sd = [SOGoSystemDefaults sharedSystemDefaults];
|
||||||
|
|
||||||
|
if(![[sd authenticationType] isEqualToString: @"openid"])
|
||||||
|
{
|
||||||
|
[self errorWithFormat: @"Sogo SOGoAuthenticationType is not openid"];
|
||||||
|
return NO;
|
||||||
|
}
|
||||||
|
|
||||||
return ([sd openIdConfigUrl] && [sd openIdScope] && [sd openIdClient] && [sd openIdClientSecret]);
|
return ([sd openIdConfigUrl] && [sd openIdScope] && [sd openIdClient] && [sd openIdClientSecret]);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -120,7 +127,7 @@ static BOOL SOGoOpenIDDebugEnabled = YES;
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
[self errorWithFormat: @"Missing parameters from sogo.conf"];
|
[self errorWithFormat: @"LoginTypebyDOmain - Openid not found or missing parameters for domain", _domain];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if ([[self class] checkUserConfig])
|
else if ([[self class] checkUserConfig])
|
||||||
|
|||||||
Reference in New Issue
Block a user