From d9cd237995229efa41df33a529c7e9876dd1a980 Mon Sep 17 00:00:00 2001 From: Derrell Lipman Date: Fri, 6 Oct 2006 15:36:07 +0000 Subject: r19138: add authentication capability; fix typos (This used to be commit d8f0701feb85b7ca70edd5e8a9581661eb6c52e2) --- jsonrpc/json.esp | 6 ++++++ jsonrpc/json_auth.esp | 13 +++++++++++++ jsonrpc/jsondate.esp | 10 +++++++++- jsonrpc/qooxdoo/test.esp | 6 ++++++ jsonrpc/request.esp | 34 +++++++++++++++++++++++++++++----- 5 files changed, 63 insertions(+), 6 deletions(-) create mode 100644 jsonrpc/json_auth.esp (limited to 'jsonrpc') diff --git a/jsonrpc/json.esp b/jsonrpc/json.esp index 8234ad7be3..6c59db0fca 100644 --- a/jsonrpc/json.esp +++ b/jsonrpc/json.esp @@ -260,4 +260,10 @@ function testParse() } testParse(); */ + +/* + * Local Variables: + * mode: c + * End: + */ %> diff --git a/jsonrpc/json_auth.esp b/jsonrpc/json_auth.esp new file mode 100644 index 0000000000..2d58b6e2af --- /dev/null +++ b/jsonrpc/json_auth.esp @@ -0,0 +1,13 @@ +<% +/* Return true to allow access; false otherwise */ +function json_authenticate(serviceComponents, method) +{ + return true; +} + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/jsonrpc/jsondate.esp b/jsonrpc/jsondate.esp index 42418eaef2..3467228df6 100644 --- a/jsonrpc/jsondate.esp +++ b/jsonrpc/jsondate.esp @@ -1,4 +1,4 @@ - +<% /* * Copyright: * (C) 2006 by Derrell Lipman @@ -190,3 +190,11 @@ function _JSON_Date_create(secondsSinceEpoch) JSON_Date = new Object(); JSON_Date.create = _JSON_Date_create; _JSON_Date_create = null; + + +/* + * Local Variables: + * mode: c + * End: + */ +%> diff --git a/jsonrpc/qooxdoo/test.esp b/jsonrpc/qooxdoo/test.esp index 03c2d824ba..e8686dcc25 100644 --- a/jsonrpc/qooxdoo/test.esp +++ b/jsonrpc/qooxdoo/test.esp @@ -227,4 +227,10 @@ function _getError(params, error) } jsonrpc.method.getError = _getError; + +/* + * Local Variables: + * mode: c + * End: + */ %> diff --git a/jsonrpc/request.esp b/jsonrpc/request.esp index 5a1408df62..1cd22a71a8 100644 --- a/jsonrpc/request.esp +++ b/jsonrpc/request.esp @@ -19,6 +19,10 @@ jsonrpc_include("json.esp"); /* Bring in the date class */ jsonrpc_include("jsondate.esp"); +/* Load the authentication script */ +jsonrpc_include("json_auth.esp"); + + /* bring the string functions into the global frame */ string_init(global); @@ -165,22 +169,27 @@ function _jsonValidRequest(req) return false; } - if (req.id == undefined) + if (typeof(req) != "object") { return false; } - if (req.service == undefined) + if (req["id"] == undefined) { return false; } - if (req.method == undefined) + if (req["service"] == undefined) { return false; } - if (req.params == undefined) + if (req["method"] == undefined) + { + return false; + } + + if (req["params"] == undefined) { return false; } @@ -411,7 +420,7 @@ if (jsonrpc_include(servicePath)) * The following completely unreasonable sequence of commands is because: * * (a) ejs evaluates all OR'ed expressions even if an early one is false, and - * bars on the typeof(method) call if method is undefined + * barfs on the typeof(method) call if method is undefined * * (b) ejs does not allow comparing against the string "function"!!! What * the hell is special about that particular string??? @@ -437,6 +446,15 @@ if (! valid) return; } +/* Ensure the logged-in user is allowed to issue the requested method */ +if (! json_authenticate(serviceComponents, method)) +{ + error.setError(jsonrpc.Constant.ErrorCode.PermissionDenied, + "Permission denied"); + error.Send(); + return; +} + /* Most errors from here on out will be Application-generated */ error.setOrigin(jsonrpc.Constant.ErrorOrigin.Application); @@ -456,4 +474,10 @@ var ret = new Object(); ret.result = retval; ret.id = jsonInput.id; sendReply(Json.encode(ret), scriptTransportId); + +/* + * Local Variables: + * mode: c + * End: + */ %> -- cgit