diff options
| -rw-r--r-- | jsonrpc/json.esp | 6 | ||||
| -rw-r--r-- | jsonrpc/json_auth.esp | 13 | ||||
| -rw-r--r-- | jsonrpc/jsondate.esp | 10 | ||||
| -rw-r--r-- | jsonrpc/qooxdoo/test.esp | 6 | ||||
| -rw-r--r-- | jsonrpc/request.esp | 34 |
5 files changed, 63 insertions, 6 deletions
diff --git a/jsonrpc/json.esp b/jsonrpc/json.esp index 8234ad7be3..6c59db0fca 100644 --- a/jsonrpc/json.esp +++ b/jsonrpc/json.esp @@ -260,4 +260,10 @@ function testParse() } testParse(); */ + +/* + * Local Variables: + * mode: c + * End: + */ %> diff --git a/jsonrpc/json_auth.esp b/jsonrpc/json_auth.esp new file mode 100644 index 0000000000..2d58b6e2af --- /dev/null +++ b/jsonrpc/json_auth.esp @@ -0,0 +1,13 @@ +<% +/* Return true to allow access; false otherwise */ +function json_authenticate(serviceComponents, method) +{ + return true; +} + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/jsonrpc/jsondate.esp b/jsonrpc/jsondate.esp index 42418eaef2..3467228df6 100644 --- a/jsonrpc/jsondate.esp +++ b/jsonrpc/jsondate.esp @@ -1,4 +1,4 @@ - +<% /* * Copyright: * (C) 2006 by Derrell Lipman @@ -190,3 +190,11 @@ function _JSON_Date_create(secondsSinceEpoch) JSON_Date = new Object(); JSON_Date.create = _JSON_Date_create; _JSON_Date_create = null; + + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/jsonrpc/qooxdoo/test.esp b/jsonrpc/qooxdoo/test.esp index 03c2d824ba..e8686dcc25 100644 --- a/jsonrpc/qooxdoo/test.esp +++ b/jsonrpc/qooxdoo/test.esp @@ -227,4 +227,10 @@ function _getError(params, error) } jsonrpc.method.getError = _getError; + +/* + * Local Variables: + * mode: c + * End: + */ %> diff --git a/jsonrpc/request.esp b/jsonrpc/request.esp index 5a1408df62..1cd22a71a8 100644 --- a/jsonrpc/request.esp +++ b/jsonrpc/request.esp @@ -19,6 +19,10 @@ jsonrpc_include("json.esp"); /* Bring in the date class */ jsonrpc_include("jsondate.esp"); +/* Load the authentication script */ +jsonrpc_include("json_auth.esp"); + + /* bring the string functions into the global frame */ string_init(global); @@ -165,22 +169,27 @@ function _jsonValidRequest(req) return false; } - if (req.id == undefined) + if (typeof(req) != "object") { return false; } - if (req.service == undefined) + if (req["id"] == undefined) { return false; } - if (req.method == undefined) + if (req["service"] == undefined) { return false; } - if (req.params == undefined) + if (req["method"] == undefined) + { + return false; + } + + if (req["params"] == undefined) { return false; } @@ -411,7 +420,7 @@ if (jsonrpc_include(servicePath)) * The following completely unreasonable sequence of commands is because: * * (a) ejs evaluates all OR'ed expressions even if an early one is false, and - * bars on the typeof(method) call if method is undefined + * barfs on the typeof(method) call if method is undefined * * (b) ejs does not allow comparing against the string "function"!!! What * the hell is special about that particular string??? @@ -437,6 +446,15 @@ if (! valid) return; } +/* Ensure the logged-in user is allowed to issue the requested method */ +if (! json_authenticate(serviceComponents, method)) +{ + error.setError(jsonrpc.Constant.ErrorCode.PermissionDenied, + "Permission denied"); + error.Send(); + return; +} + /* Most errors from here on out will be Application-generated */ error.setOrigin(jsonrpc.Constant.ErrorOrigin.Application); @@ -456,4 +474,10 @@ var ret = new Object(); ret.result = retval; ret.id = jsonInput.id; sendReply(Json.encode(ret), scriptTransportId); + +/* + * Local Variables: + * mode: c + * End: + */ %> |