diff options
| author | Derrell Lipman <derrell@samba.org> | 2007-01-07 23:06:50 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:37:13 -0500 |
| commit | 9639836022adcb62c72520f799a89d0f727f224d (patch) | |
| tree | 26f7331426c94f96f502a8bf8641fb88ffad74d4 /webapps/scripting | |
| parent | a04a3b8bc21101e6a11bad04c3d5c9655fa606b4 (diff) | |
| download | samba-9639836022adcb62c72520f799a89d0f727f224d.tar.gz samba-9639836022adcb62c72520f799a89d0f727f224d.tar.bz2 samba-9639836022adcb62c72520f799a89d0f727f224d.zip | |
r20600: Web Application Framework
- Add authentication. The Web Application Framework can now be called
directly and it will rqeuire authentication if required, and should re-query
the user to log in when the session expires.
- General clean-up
(This used to be commit 27c5d7dca6fa4e0811c1b8bb52d1db3d1824462c)
Diffstat (limited to 'webapps/scripting')
| -rw-r--r-- | webapps/scripting/common.js | 28 | ||||
| -rw-r--r-- | webapps/scripting/preauth.esp | 31 |
2 files changed, 31 insertions, 28 deletions
diff --git a/webapps/scripting/common.js b/webapps/scripting/common.js index fe25287a74..c111089bd8 100644 --- a/webapps/scripting/common.js +++ b/webapps/scripting/common.js @@ -69,34 +69,6 @@ function page_footer() { /* - check if a uri is one of the 'always allowed' pages, even when not logged in - This allows the login page to use the same style sheets and images -*/ -function always_allowed(uri) { - var str = string_init(); - - /* allow jsonrpc-based applications to do their own authentication */ - var s = str.split('/', uri); - if (s[0] == "" && s[1] == 'apps') { - return true; - } - - var s = str.split('.', uri); - if (s.length < 2) { - return false; - } - - var ext = s[s.length-1]; - var allowed = new Array("ico", "gif", "png","css", "js"); - for (i in allowed) { - if (allowed[i] == ext) { - return true; - } - } - return false; -} - -/* display a table element */ function table_element(i, o) { diff --git a/webapps/scripting/preauth.esp b/webapps/scripting/preauth.esp index 489f6b5004..e6d04faf8d 100644 --- a/webapps/scripting/preauth.esp +++ b/webapps/scripting/preauth.esp @@ -5,6 +5,36 @@ include("/scripting/common.js"); output at all then that output is returned and the requested page is not given or processed. */ + +/* + check if a uri is one of the 'always allowed' pages, even when not logged in + This allows the login page to use the same style sheets and images +*/ +function always_allowed(uri) { + var str = string_init(); + + /* allow jsonrpc-based applications to do their own authentication */ + var s = str.split('/', uri); + if (s[0] == "" && s[1] == 'index.html') { + return true; + } + + var s = str.split('.', uri); + if (s.length < 2) { + return false; + } + + var ext = s[s.length-1]; + var allowed = new Array("ico", "gif", "png","css", "js"); + for (i in allowed) { + if (allowed[i] == ext) { + return true; + } + } + return false; +} + + if (server['SERVER_PROTOCOL'] == "http" && server['TLS_SUPPORT'] == "True") { write("redirect to https"); @@ -14,4 +44,5 @@ if (server['SERVER_PROTOCOL'] == "http" && /* present the login page */ include("/login.esp"); } + %> |