From 2d2af4466b914d9e2b7ddf3cd2b50d02504fdc23 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 28 Jul 2015 14:52:04 +0200 Subject: moved authtoken.json to rh-bin/ and change it to use Json Library for correct escaping diff --git a/README b/README index 0ec53aa..30c0845 100644 --- a/README +++ b/README @@ -30,7 +30,7 @@ LICENSE Installation ============ -# sudo aptitude install apache2 libapache2-mod-perl2 libconfig-inifiles-perl libdbd-mysql-perl librhrd-perl libjs-jquery rivendell-server +# sudo aptitude install apache2 libapache2-mod-perl2 libconfig-inifiles-perl libdbd-mysql-perl libjson-pp-perl librhrd-perl libjs-jquery rivendell-server # sudo a2enmod ssl authnz_ldap perl proxy_wstunnel # sudo /etc/init.d/apache2 restart @@ -69,8 +69,7 @@ add the following to the virtualhost config: Require all granted - Alias /authtoken.json /var/www/rhwebimport/authtoken.json - + SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders diff --git a/authtoken.json b/authtoken.json deleted file mode 100755 index 12e390f..0000000 --- a/authtoken.json +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/perl -# -# rhwebimport -# -# Copyright (C) 2014-2015 Christian Pointner -# -# This file is part of rhwebimport. -# -# rhwebimport is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# any later version. -# -# rhwebimport is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with rhwebimport. If not, see . -# - -use strict; -use RHRD::rddb; - -my $status = 'ERROR'; -my $errorstring = 'unknown'; -my $username = ''; -my $token = ''; -if(defined $ENV{REMOTE_USER}) { - my $dbh; - ($dbh, $status, $errorstring) = RHRD::rddb::opendb(); - if(defined $dbh) { - ($token, $status, $errorstring) = RHRD::rddb::get_token($dbh, $ENV{REMOTE_USER}); - $token = '' unless($token); - $username = $ENV{REMOTE_USER}; - RHRD::rddb::closedb($dbh); - } -} else { - $errorstring = 'no username defined - are you logged in?'; -} - -print "Content-type: application/json; charset=UTF-8\n\n"; - -print "{\n"; -print ' "status": "' . $status . '"'. ",\n"; -print ' "errorstring": "' . $errorstring . '"'. ",\n"; -print ' "username": "' . $username . '"' . ",\n"; -print ' "token": "' . $token . '"' . "\n"; -print "}\n"; diff --git a/rh-bin/authtoken.json b/rh-bin/authtoken.json new file mode 100755 index 0000000..f746518 --- /dev/null +++ b/rh-bin/authtoken.json @@ -0,0 +1,51 @@ +#!/usr/bin/perl +# +# rhwebimport +# +# Copyright (C) 2014-2015 Christian Pointner +# +# This file is part of rhwebimport. +# +# rhwebimport is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# any later version. +# +# rhwebimport is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with rhwebimport. If not, see . +# + +use strict; +use RHRD::rddb; +use JSON; + +my $status = 'ERROR'; +my $errorstring = 'unknown'; +my $username = ''; +my $token = ''; +if(defined $ENV{REMOTE_USER}) { + my $dbh; + ($dbh, $status, $errorstring) = RHRD::rddb::opendb(); + if(defined $dbh) { + ($token, $status, $errorstring) = RHRD::rddb::get_token($dbh, $ENV{REMOTE_USER}); + $token = '' unless($token); + $username = $ENV{REMOTE_USER}; + RHRD::rddb::closedb($dbh); + } +} else { + $errorstring = 'no username defined - are you logged in?'; +} + +my %answer; +$answer{'status'} = $status; +$answer{'errorstring'} = $errorstring; +$answer{'username'} = $username; +$answer{'token'} = $token; + +print "Content-type: application/json; charset=UTF-8\n\n"; +print encode_json \%answer; diff --git a/www/js/auth.js b/www/js/auth.js index 44adc6f..8da85c8 100644 --- a/www/js/auth.js +++ b/www/js/auth.js @@ -51,7 +51,7 @@ function auth_loginError(req, status, error) { } function auth_login() { - $.ajax("/authtoken.json", + $.ajax("/rh-bin/authtoken.json", { cache: false, username: $("#username").val(), password: $("#password").val(), -- cgit v0.10.2