From 2961853322aecdac415f3a479a2b8856c2b3b6c9 Mon Sep 17 00:00:00 2001 From: Tom Van Oppens Date: Tue, 17 Jan 2017 13:22:21 +0000 Subject: [PATCH 1/2] added 3rd party auth failing flag --- swagger/oauth-custom/utility/utility.yaml | 448 +++++++++++----------- 1 file changed, 227 insertions(+), 221 deletions(-) diff --git a/swagger/oauth-custom/utility/utility.yaml b/swagger/oauth-custom/utility/utility.yaml index 05e0b9b..04bc412 100644 --- a/swagger/oauth-custom/utility/utility.yaml +++ b/swagger/oauth-custom/utility/utility.yaml @@ -12,28 +12,30 @@ # 5. authenticate-url which provides resource owner credential + metadata for both access_token & access token payload # curl -k -v https://datapower/spoon/sb/utility/basic-auth-metadata/spoon/spoon --user spoon:spoon # 6. Add the 'identity extraction' -> 'redirect' support -# 1/2 : curl -k -v 'https://datapower/spoon/sb/utility/third-party-authenticate?original-url=https://abc.com&app-name=testing' +# 1/2 : curl -k -v 'https://datapower/spoon/sb/utility/third-party-authenticate?original-url=https://abc.com&app-name=testing' <- for a succesful auth +# 1/2 : curl -k -v 'https://datapower/spoon/sb/utility/third-party-authenticate?original-url=https://abc.com&app-name=testing&failed=0' <- for a succesful auth +# 1/2 : curl -k -v 'https://datapower/spoon/sb/utility/third-party-authenticate?original-url=https://abc.com&app-name=testing&failed=1' <- for a failed auth # 2/2 : curl -k -v 'https://datapower/spoon/sb/utility/third-party-authenticate/authenticate' --user 'spoon-testing:b88jaq56OKs49D3u4+jQzs5FeMm8OWSLSD5HXknYXE' - -swagger: '2.0' +--- +swagger: "2.0" info: - x-ibm-name: utility - title: utility - version: 1.0.0 + x-ibm-name: "utility" + title: "utility" + version: "1.0.0" schemes: - - https -host: $(catalog.host) -basePath: /utility +- "https" +host: "$(catalog.host)" +basePath: "/utility" consumes: - - application/json +- "application/json" produces: - - application/json +- "application/json" securityDefinitions: basic-1: - type: basic - description: For End User authentication + type: "basic" + description: "For End User authentication" security: - - {} +- {} x-ibm-configuration: testable: true enforced: true @@ -41,244 +43,248 @@ x-ibm-configuration: enabled: true assembly: execute: - - switch: - title: switch - case: - - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth/{username}/{password}'))" - execute: - - gatewayscript: - title: Authenticate - version: 1.0.0 - description: Create Authentication URL - source: | - // author : @spoon or @shiup - var apic = require('./apim.custom.js'); - apic.output('application/json'); - var reqauth = apic.getvariable('request.authorization').split(' '); - var splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':'); - var username = splitval[0] || ''; - var password = splitval[1] || ''; - apic.console.debug('user credential : [' + username + ':' + password + ']'); - if (username === apic.getvariable('request.parameters.username') && password === apic.getvariable('request.parameters.password')) { - session.output.write({"authenticatedUser":username}); - apic.setvariable('message.headers.api-authenticated-credential', 'cn=' + username + ',email=' + username + '@poon.com'); - apic.setvariable('message.status.code', 200) - } - else { - apic.setvariable('message.status.code', 401); - } - - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth-metadata/{username}/{password}'))" - execute: - - gatewayscript: - title: Authenticate - version: 1.0.0 - description: Create Authentication URL - source: | - // author : @spoon or @shiup - var apic = require('./apim.custom.js'); - apic.output('application/json'); - var reqauth = apic.getvariable('request.authorization').split(' '); - var splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':'); - var username = splitval[0] || ''; - var password = splitval[1] || ''; - apic.console.debug('user credential : [' + username + ':' + password + ']'); - if (username === apic.getvariable('request.parameters.username') && password === apic.getvariable('request.parameters.password')) { - session.output.write({"authenticatedUser":username}); - apic.setvariable('message.headers.api-authenticated-credential', 'cn=' + username + ',email=' + username + '@poon.com'); - apic.setvariable('message.status.code', 200) - } - else { - apic.setvariable('message.status.code', 401); - } - - gatewayscript: - title: SetMetaData - version: 1.0.0 - source: |- - var apic = require('./apim.custom.js'); - var payload = {}; - payload.for = 'http header'; - payload.username = apic.getvariable('request.parameters.username'); - payload.data = 'custom data whatever you want to add here'; - apic.setvariable('message.headers.api-oauth-metadata-for-accesstoken', JSON.stringify(payload)); - payload.for = 'access token payload'; - payload['id-for-oidc'] = 'cn=' + apic.getvariable('request.parameters.username') + ',o=spoonOrg'; - apic.setvariable('message.headers.api-oauth-metadata-for-payload', JSON.stringify(payload)); - - condition: "((request.verb==='GET')&&(api.operation.path==='/custom-login-form'))" - execute: - - gatewayscript: - title: create-custom-login-form - version: 1.0.0 - source: "// @spoon\nvar form = '' +\n 'Spoon Company' +\n '' +\n '
' + \n '

Please sign in

' +\n '

Username

' +\n '

' +\n '

Password

' +\n '

' +\n '' +\n '

' +\n '

If you have forgotten your user name or password, contact your system administrator.

' +\n '

At least one of your entries does not match our records. ' +\n 'If you have forgotten your user name or password, contact your system administrator.

' +\n '' +\n '';\n session.output.write(form);\n apim.output('text/html');\n apim.setvariable('message.status.code', 200);" - - condition: "((request.verb==='GET')&&(api.operation.path==='/custom-consent-form'))" - execute: - - gatewayscript: - title: create-custom-consent-form - version: 1.0.0 - source: | - var formPost5060 = '' + - 'Request for permission' + - '
' + - '
' + - '' + - '

Greeting..

' + - '

This app

would like to access your data.

' + - '
' + - '' + - '' + - '
' + - '' + - '
'; - session.output.write(formPost5060); - /* - ************************** - however there is a known issue with this support, that will be fixed in future, post 5060 release. So for now, use the following instead - *************************** - */ - var formUpTo5060 = '' + - 'Request for permission' + - '
' + - '
' + - '' + - '' + - '' + - '

Greeting..

' + - '

This app

would like to access your data.

' + - '
' + - '' + - '' + - '
' + - '' + - '
'; - session.output.write(formUpTo5060); - apim.output('text/html'); - apim.setvariable('message.status.code', 200); - - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth-generic/{username}/{password}'))" - execute: - - gatewayscript: - title: Generice authenticate-url response - version: 1.0.0 - source: | - // author : @spoon or @shiup - var apic = require('./apim.custom.js'); - apic.output('application/json'); - var reqauth = apic.getvariable('request.authorization').split(' '); - var splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':'); - var username = splitval[0] || ''; - var password = splitval[1] || ''; - apic.console.debug('user credential : [' + username + ':' + password + ']'); - if (username === apic.getvariable('request.parameters.username') && password === apic.getvariable('request.parameters.password')) { - session.output.write({"authenticatedUser":username}); - apic.setvariable('message.status.code', 200) - } - else { - apic.setvariable('message.status.code', 401); - } - - condition: "((request.verb==='GET')&&(api.operation.path==='/third-party-authenticate/authenticate'))" - execute: - - gatewayscript: - title: Third Party Authenticator (2/2) - version: 1.0.0 - source: "var hash = require('crypto').createHash('sha256');\n\nvar reqauth = apim.getvariable('request.authorization').split(' ');\nvar splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\nvar username = splitval[0] || '';\nvar password = splitval[1] || '';\n\nif (hash.update(username).digest('base64') === password)\n apim.setvariable('message.status.code', 200);\nelse\n apim.setvariable('message.status.code', 401); \n" - - condition: "((request.verb==='GET')&&(api.operation.path==='/third-party-authenticate'))" - execute: - - gatewayscript: - title: Third Party Authenticator (1/2) - version: 1.0.0 - source: | - var hash = require('crypto').createHash('sha256'); - var params = apim.getvariable('request.parameters'); - var username = 'spoon-' + params['app-name']; - var confirmationCode = hash.update(username).digest('base64'); - var origUrl = decodeURIComponent(params['original-url'] || ''); - var location = origUrl + '&username=' + username + '&confirmation=' + confirmationCode; - apim.setvariable('message.status.code', 302); - apim.setvariable('message.headers.location', location); - - otherwise: - - gatewayscript: - title: gatewayscript - version: 1.0.0 - source: "require('./apim.custom.js').setvariable('message.status.code', 500);" - version: 1.0.0 - phase: realized + - switch: + title: "switch" + case: + - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth/{username}/{password}'))" + execute: + - gatewayscript: + title: "Authenticate" + version: "1.0.0" + description: "Create Authentication URL" + source: "// author : @spoon or @shiup\nvar apic = require('./apim.custom.js');\n\ + apic.output('application/json');\nvar reqauth = apic.getvariable('request.authorization').split('\ + \ ');\nvar splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\n\ + var username = splitval[0] || '';\nvar password = splitval[1] || '';\n\ + apic.console.debug('user credential : [' + username + ':' + password\ + \ + ']');\nif (username === apic.getvariable('request.parameters.username')\ + \ && password === apic.getvariable('request.parameters.password'))\ + \ {\n session.output.write({\"authenticatedUser\":username});\n\ + \ apic.setvariable('message.headers.api-authenticated-credential',\ + \ 'cn=' + username + ',email=' + username + '@poon.com');\n apic.setvariable('message.status.code',\ + \ 200)\n}\nelse {\n apic.setvariable('message.status.code', 401);\n\ + }\n" + - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth-metadata/{username}/{password}'))" + execute: + - gatewayscript: + title: "Authenticate" + version: "1.0.0" + description: "Create Authentication URL" + source: "// author : @spoon or @shiup\nvar apic = require('./apim.custom.js');\n\ + apic.output('application/json');\nvar reqauth = apic.getvariable('request.authorization').split('\ + \ ');\nvar splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\n\ + var username = splitval[0] || '';\nvar password = splitval[1] || '';\n\ + apic.console.debug('user credential : [' + username + ':' + password\ + \ + ']');\nif (username === apic.getvariable('request.parameters.username')\ + \ && password === apic.getvariable('request.parameters.password'))\ + \ {\n session.output.write({\"authenticatedUser\":username});\n\ + \ apic.setvariable('message.headers.api-authenticated-credential',\ + \ 'cn=' + username + ',email=' + username + '@poon.com');\n apic.setvariable('message.status.code',\ + \ 200)\n}\nelse {\n apic.setvariable('message.status.code', 401);\n\ + }\n" + - gatewayscript: + title: "SetMetaData" + version: "1.0.0" + source: "var apic = require('./apim.custom.js');\nvar payload = {};\n\ + payload.for = 'http header';\npayload.username = apic.getvariable('request.parameters.username');\n\ + payload.data = 'custom data whatever you want to add here';\napic.setvariable('message.headers.api-oauth-metadata-for-accesstoken',\ + \ JSON.stringify(payload));\npayload.for = 'access token payload';\n\ + payload['id-for-oidc'] = 'cn=' + apic.getvariable('request.parameters.username')\ + \ + ',o=spoonOrg';\napic.setvariable('message.headers.api-oauth-metadata-for-payload',\ + \ JSON.stringify(payload));" + - condition: "((request.verb==='GET')&&(api.operation.path==='/custom-login-form'))" + execute: + - gatewayscript: + title: "create-custom-login-form" + version: "1.0.0" + source: "// @spoon\nvar form = ''\ + \ +\n 'Spoon Company' +\n '' +\n '' + \n '

Please sign in

' +\n '

Username

'\ + \ +\n '

' +\n '

Password

' +\n\ + \ '

' +\n ''\ + \ +\n '

'\ + \ +\n '

If you have forgotten your user name\ + \ or password, contact your system administrator.

'\ + \ +\n '

At least one of your\ + \ entries does not match our records. ' +\n 'If you have forgotten\ + \ your user name or password, contact your system administrator.

'\ + \ +\n '' +\n '';\n\ + \ session.output.write(form);\n apim.output('text/html');\n apim.setvariable('message.status.code',\ + \ 200);" + - condition: "((request.verb==='GET')&&(api.operation.path==='/custom-consent-form'))" + execute: + - gatewayscript: + title: "create-custom-consent-form" + version: "1.0.0" + source: "var formPost5060 = '' +\n\ + \ 'Request for permission' +\n '
' +\n '
' +\n '' +\n '

Greeting..

'\ + \ +\n '

This app

would like to\ + \ access your data.

' +\n '
' +\n ''\ + \ +\n '' +\n '
'\ + \ +\n '' +\n '
';\n\ + session.output.write(formPost5060);\n/*\n**************************\n\ + however there is a known issue with this support, that will be fixed\ + \ in future, post 5060 release. So for now, use the following instead\n\ + ***************************\n*/\nvar formUpTo5060 = '' +\n 'Request for permission'\ + \ +\n '
' +\n '
' +\n '' +\n ''\ + \ +\n '' +\n '

Greeting..

'\ + \ +\n '

This app

would like to\ + \ access your data.

' +\n '
' +\n ''\ + \ +\n '' +\n '
'\ + \ +\n '' +\n '
';\n\ + session.output.write(formUpTo5060);\napim.output('text/html');\napim.setvariable('message.status.code',\ + \ 200);\n" + - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth-generic/{username}/{password}'))" + execute: + - gatewayscript: + title: "Generice authenticate-url response" + version: "1.0.0" + source: "// author : @spoon or @shiup\nvar apic = require('./apim.custom.js');\n\ + apic.output('application/json');\nvar reqauth = apic.getvariable('request.authorization').split('\ + \ ');\nvar splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\n\ + var username = splitval[0] || '';\nvar password = splitval[1] || '';\n\ + apic.console.debug('user credential : [' + username + ':' + password\ + \ + ']');\nif (username === apic.getvariable('request.parameters.username')\ + \ && password === apic.getvariable('request.parameters.password'))\ + \ {\n session.output.write({\"authenticatedUser\":username});\n\ + \ apic.setvariable('message.status.code', 200)\n}\nelse {\n \ + \ apic.setvariable('message.status.code', 401);\n}\n" + - condition: "((request.verb==='GET')&&(api.operation.path==='/third-party-authenticate/authenticate'))" + execute: + - gatewayscript: + title: "Third Party Authenticator (2/2)" + version: "1.0.0" + source: "var hash = require('crypto').createHash('sha256');\n\nvar reqauth\ + \ = apim.getvariable('request.authorization').split(' ');\nvar splitval\ + \ = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\n\ + var username = splitval[0] || '';\nvar password = splitval[1] || '';\n\ + \nif (hash.update(username).digest('base64') === password)\n apim.setvariable('message.status.code',\ + \ 200);\nelse\n apim.setvariable('message.status.code', 401); \n" + - condition: "((request.verb==='GET')&&(api.operation.path==='/third-party-authenticate'))" + execute: + - gatewayscript: + title: "Third Party Authenticator (1/2)" + version: "1.0.0" + source: "var hash = require('crypto').createHash('sha256');\nvar params\ + \ = apim.getvariable('request.parameters');\nvar username = 'spoon-'\ + \ + params['app-name'];\nvar confirmationCode = hash.update(username).digest('base64');\n\ + var failed = params['failed']\nvar origUrl = decodeURIComponent(params['original-url']\ + \ || '');\nif (typeof failed !== 'undefined' && failed != 0)\n \ + \ var location = origUrl + '&username=' + username + '&error=error_flag_not_0';\n\ + else\n var location = origUrl + '&username=' + username + '&confirmation='\ + \ + confirmationCode;\napim.setvariable('message.status.code', 302);\n\ + \ apim.setvariable('message.headers.location', location);\n" + - otherwise: + - gatewayscript: + title: "gatewayscript" + version: "1.0.0" + source: "require('./apim.custom.js').setvariable('message.status.code',\ + \ 500);" + version: "1.0.0" + phase: "realized" paths: /third-party-authenticate/authenticate: get: responses: - '200': - description: 200 OK + 200: + description: "200 OK" security: - - basic-1: [] + - basic-1: [] /third-party-authenticate: get: responses: - '200': - description: 200 OK + 200: + description: "200 OK" parameters: - - name: original-url - type: string - required: true - in: query - - name: app-name - type: string - required: true - in: query - - name: rstate - type: string - required: true - in: query - '/basic-auth-generic/{username}/{password}': + - name: "original-url" + type: "string" + required: true + in: "query" + - name: "app-name" + type: "string" + required: true + in: "query" + - name: "rstate" + type: "string" + required: true + in: "query" + - name: "failed" + type: "integer" + required: false + in: "query" + format: "int32" + /basic-auth-generic/{username}/{password}: get: responses: - '200': - description: 200 OK + 200: + description: "200 OK" security: - - basic-1: [] + - basic-1: [] parameters: - - $ref: '#/parameters/username' - - $ref: '#/parameters/password' + - $ref: "#/parameters/username" + - $ref: "#/parameters/password" + - name: "" + type: "string" + required: false + in: "query" /custom-consent-form: get: responses: - '200': - description: 200 OK + 200: + description: "200 OK" /custom-login-form: get: responses: - '200': - description: 200 OK - '/basic-auth-metadata/{username}/{password}': + 200: + description: "200 OK" + /basic-auth-metadata/{username}/{password}: get: responses: - '200': - description: 200 OK + 200: + description: "200 OK" security: - - basic-1: [] + - basic-1: [] parameters: - - $ref: '#/parameters/username' - - $ref: '#/parameters/password' - '/basic-auth/{username}/{password}': + - $ref: "#/parameters/username" + - $ref: "#/parameters/password" + /basic-auth/{username}/{password}: get: responses: - '200': - description: 200 OK + 200: + description: "200 OK" security: - - basic-1: [] + - basic-1: [] parameters: - - $ref: '#/parameters/username' - - $ref: '#/parameters/password' + - $ref: "#/parameters/username" + - $ref: "#/parameters/password" definitions: {} tags: [] parameters: username: - name: username - type: string + name: "username" + type: "string" required: true - in: path - description: User Name + in: "path" + description: "User Name" password: - name: password - type: string + name: "password" + type: "string" required: true - in: path - description: Password - + in: "path" + description: "Password" From 45b831e6c19e6e278159ff0810a2bfc5efdd4dfc Mon Sep 17 00:00:00 2001 From: Tom Van Oppens Date: Mon, 13 Feb 2017 16:53:32 +0100 Subject: [PATCH 2/2] rebased --- swagger/oauth-custom/utility/utility.yaml | 461 +++++++++++----------- 1 file changed, 233 insertions(+), 228 deletions(-) diff --git a/swagger/oauth-custom/utility/utility.yaml b/swagger/oauth-custom/utility/utility.yaml index 04bc412..dc2bd15 100644 --- a/swagger/oauth-custom/utility/utility.yaml +++ b/swagger/oauth-custom/utility/utility.yaml @@ -16,26 +16,25 @@ # 1/2 : curl -k -v 'https://datapower/spoon/sb/utility/third-party-authenticate?original-url=https://abc.com&app-name=testing&failed=0' <- for a succesful auth # 1/2 : curl -k -v 'https://datapower/spoon/sb/utility/third-party-authenticate?original-url=https://abc.com&app-name=testing&failed=1' <- for a failed auth # 2/2 : curl -k -v 'https://datapower/spoon/sb/utility/third-party-authenticate/authenticate' --user 'spoon-testing:b88jaq56OKs49D3u4+jQzs5FeMm8OWSLSD5HXknYXE' ---- -swagger: "2.0" +# 7. curl -k -v 'https://datapower/spoon/sb/utility/responsecode/404 +# 8. curl -k -v https://datapower/spoon/sb/utility/ping +swagger: '2.0' info: - x-ibm-name: "utility" - title: "utility" - version: "1.0.0" + x-ibm-name: utility + title: utility + version: 1.0.2 schemes: -- "https" -host: "$(catalog.host)" -basePath: "/utility" + - https +host: $(catalog.host) +basePath: /utility consumes: -- "application/json" + - application/json produces: -- "application/json" + - application/json securityDefinitions: basic-1: - type: "basic" - description: "For End User authentication" -security: -- {} + type: basic + description: '' x-ibm-configuration: testable: true enforced: true @@ -43,248 +42,254 @@ x-ibm-configuration: enabled: true assembly: execute: - - switch: - title: "switch" - case: - - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth/{username}/{password}'))" - execute: - - gatewayscript: - title: "Authenticate" - version: "1.0.0" - description: "Create Authentication URL" - source: "// author : @spoon or @shiup\nvar apic = require('./apim.custom.js');\n\ - apic.output('application/json');\nvar reqauth = apic.getvariable('request.authorization').split('\ - \ ');\nvar splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\n\ - var username = splitval[0] || '';\nvar password = splitval[1] || '';\n\ - apic.console.debug('user credential : [' + username + ':' + password\ - \ + ']');\nif (username === apic.getvariable('request.parameters.username')\ - \ && password === apic.getvariable('request.parameters.password'))\ - \ {\n session.output.write({\"authenticatedUser\":username});\n\ - \ apic.setvariable('message.headers.api-authenticated-credential',\ - \ 'cn=' + username + ',email=' + username + '@poon.com');\n apic.setvariable('message.status.code',\ - \ 200)\n}\nelse {\n apic.setvariable('message.status.code', 401);\n\ - }\n" - - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth-metadata/{username}/{password}'))" - execute: - - gatewayscript: - title: "Authenticate" - version: "1.0.0" - description: "Create Authentication URL" - source: "// author : @spoon or @shiup\nvar apic = require('./apim.custom.js');\n\ - apic.output('application/json');\nvar reqauth = apic.getvariable('request.authorization').split('\ - \ ');\nvar splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\n\ - var username = splitval[0] || '';\nvar password = splitval[1] || '';\n\ - apic.console.debug('user credential : [' + username + ':' + password\ - \ + ']');\nif (username === apic.getvariable('request.parameters.username')\ - \ && password === apic.getvariable('request.parameters.password'))\ - \ {\n session.output.write({\"authenticatedUser\":username});\n\ - \ apic.setvariable('message.headers.api-authenticated-credential',\ - \ 'cn=' + username + ',email=' + username + '@poon.com');\n apic.setvariable('message.status.code',\ - \ 200)\n}\nelse {\n apic.setvariable('message.status.code', 401);\n\ - }\n" - - gatewayscript: - title: "SetMetaData" - version: "1.0.0" - source: "var apic = require('./apim.custom.js');\nvar payload = {};\n\ - payload.for = 'http header';\npayload.username = apic.getvariable('request.parameters.username');\n\ - payload.data = 'custom data whatever you want to add here';\napic.setvariable('message.headers.api-oauth-metadata-for-accesstoken',\ - \ JSON.stringify(payload));\npayload.for = 'access token payload';\n\ - payload['id-for-oidc'] = 'cn=' + apic.getvariable('request.parameters.username')\ - \ + ',o=spoonOrg';\napic.setvariable('message.headers.api-oauth-metadata-for-payload',\ - \ JSON.stringify(payload));" - - condition: "((request.verb==='GET')&&(api.operation.path==='/custom-login-form'))" - execute: - - gatewayscript: - title: "create-custom-login-form" - version: "1.0.0" - source: "// @spoon\nvar form = ''\ - \ +\n 'Spoon Company' +\n '' +\n '' + \n '

Please sign in

' +\n '

Username

'\ - \ +\n '

' +\n '

Password

' +\n\ - \ '

' +\n ''\ - \ +\n '

'\ - \ +\n '

If you have forgotten your user name\ - \ or password, contact your system administrator.

'\ - \ +\n '

At least one of your\ - \ entries does not match our records. ' +\n 'If you have forgotten\ - \ your user name or password, contact your system administrator.

'\ - \ +\n '' +\n '';\n\ - \ session.output.write(form);\n apim.output('text/html');\n apim.setvariable('message.status.code',\ - \ 200);" - - condition: "((request.verb==='GET')&&(api.operation.path==='/custom-consent-form'))" - execute: - - gatewayscript: - title: "create-custom-consent-form" - version: "1.0.0" - source: "var formPost5060 = '' +\n\ - \ 'Request for permission' +\n '
' +\n '
' +\n '' +\n '

Greeting..

'\ - \ +\n '

This app

would like to\ - \ access your data.

' +\n '
' +\n ''\ - \ +\n '' +\n '
'\ - \ +\n '' +\n '
';\n\ - session.output.write(formPost5060);\n/*\n**************************\n\ - however there is a known issue with this support, that will be fixed\ - \ in future, post 5060 release. So for now, use the following instead\n\ - ***************************\n*/\nvar formUpTo5060 = '' +\n 'Request for permission'\ - \ +\n '
' +\n '
' +\n '' +\n ''\ - \ +\n '' +\n '

Greeting..

'\ - \ +\n '

This app

would like to\ - \ access your data.

' +\n '
' +\n ''\ - \ +\n '' +\n '
'\ - \ +\n '' +\n '
';\n\ - session.output.write(formUpTo5060);\napim.output('text/html');\napim.setvariable('message.status.code',\ - \ 200);\n" - - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth-generic/{username}/{password}'))" - execute: - - gatewayscript: - title: "Generice authenticate-url response" - version: "1.0.0" - source: "// author : @spoon or @shiup\nvar apic = require('./apim.custom.js');\n\ - apic.output('application/json');\nvar reqauth = apic.getvariable('request.authorization').split('\ - \ ');\nvar splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\n\ - var username = splitval[0] || '';\nvar password = splitval[1] || '';\n\ - apic.console.debug('user credential : [' + username + ':' + password\ - \ + ']');\nif (username === apic.getvariable('request.parameters.username')\ - \ && password === apic.getvariable('request.parameters.password'))\ - \ {\n session.output.write({\"authenticatedUser\":username});\n\ - \ apic.setvariable('message.status.code', 200)\n}\nelse {\n \ - \ apic.setvariable('message.status.code', 401);\n}\n" - - condition: "((request.verb==='GET')&&(api.operation.path==='/third-party-authenticate/authenticate'))" - execute: - - gatewayscript: - title: "Third Party Authenticator (2/2)" - version: "1.0.0" - source: "var hash = require('crypto').createHash('sha256');\n\nvar reqauth\ - \ = apim.getvariable('request.authorization').split(' ');\nvar splitval\ - \ = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\n\ - var username = splitval[0] || '';\nvar password = splitval[1] || '';\n\ - \nif (hash.update(username).digest('base64') === password)\n apim.setvariable('message.status.code',\ - \ 200);\nelse\n apim.setvariable('message.status.code', 401); \n" - - condition: "((request.verb==='GET')&&(api.operation.path==='/third-party-authenticate'))" - execute: - - gatewayscript: - title: "Third Party Authenticator (1/2)" - version: "1.0.0" - source: "var hash = require('crypto').createHash('sha256');\nvar params\ - \ = apim.getvariable('request.parameters');\nvar username = 'spoon-'\ - \ + params['app-name'];\nvar confirmationCode = hash.update(username).digest('base64');\n\ - var failed = params['failed']\nvar origUrl = decodeURIComponent(params['original-url']\ - \ || '');\nif (typeof failed !== 'undefined' && failed != 0)\n \ - \ var location = origUrl + '&username=' + username + '&error=error_flag_not_0';\n\ - else\n var location = origUrl + '&username=' + username + '&confirmation='\ - \ + confirmationCode;\napim.setvariable('message.status.code', 302);\n\ - \ apim.setvariable('message.headers.location', location);\n" - - otherwise: - - gatewayscript: - title: "gatewayscript" - version: "1.0.0" - source: "require('./apim.custom.js').setvariable('message.status.code',\ - \ 500);" - version: "1.0.0" - phase: "realized" + - switch: + title: switch + case: + - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth/{username}/{password}'))" + execute: + - gatewayscript: + title: Authenticate + version: 1.0.0 + description: Create Authentication URL + source: | + // author : @spoon or @shiup + var apic = require('./apim.custom.js'); + apic.output('application/json'); + var reqauth = apic.getvariable('request.authorization').split(' '); + var splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':'); + var username = splitval[0] || ''; + var password = splitval[1] || ''; + apic.console.debug('user credential : [' + username + ':' + password + ']'); + if (username === apic.getvariable('request.parameters.username') && password === apic.getvariable('request.parameters.password')) { + session.output.write({"authenticatedUser":username}); + apic.setvariable('message.headers.api-authenticated-credential', 'cn=' + username + ',email=' + username + '@poon.com'); + apic.setvariable('message.status.code', 200) + } + else { + apic.setvariable('message.status.code', 401); + } + - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth-metadata/{username}/{password}'))" + execute: + - gatewayscript: + title: Authenticate + version: 1.0.0 + description: Create Authentication URL + source: | + // author : @spoon or @shiup + var apic = require('./apim.custom.js'); + apic.output('application/json'); + var reqauth = apic.getvariable('request.authorization').split(' '); + var splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':'); + var username = splitval[0] || ''; + var password = splitval[1] || ''; + apic.console.debug('user credential : [' + username + ':' + password + ']'); + if (username === apic.getvariable('request.parameters.username') && password === apic.getvariable('request.parameters.password')) { + session.output.write({"authenticatedUser":username}); + apic.setvariable('message.headers.api-authenticated-credential', 'cn=' + username + ',email=' + username + '@poon.com'); + apic.setvariable('message.status.code', 200) + } + else { + apic.setvariable('message.status.code', 401); + } + - gatewayscript: + title: SetMetaData + version: 1.0.0 + source: |- + var apic = require('./apim.custom.js'); + apic.setvariable('message.headers.api-oauth-metadata-for-accesstoken', 'custom metadata for the accesstoken for user ' + apic.getvariable('request.parameters.username')); + apic.setvariable('message.headers.api-oauth-metadata-for-payload', 'custom payload data for the accesstoken for user ' + apic.getvariable('request.parameters.username')); + - condition: "((request.verb==='GET')&&(api.operation.path==='/custom-login-form'))" + execute: + - gatewayscript: + title: create-custom-login-form + version: 1.0.0 + source: "// @spoon\nvar form = '' +\n 'Spoon Company' +\n '' +\n '
' + \n '

Please sign in

' +\n '

Username

' +\n '

' +\n '

Password

' +\n '

' +\n '' +\n '

' +\n '

If you have forgotten your user name or password, contact your system administrator.

' +\n '

At least one of your entries does not match our records. ' +\n 'If you have forgotten your user name or password, contact your system administrator.

' +\n '' +\n '';\n session.output.write(form);\n apim.output('text/html');\n apim.setvariable('message.status.code', 200);" + - condition: "((request.verb==='GET')&&(api.operation.path==='/custom-consent-form'))" + execute: + - gatewayscript: + title: create-custom-consent-form + version: 1.0.0 + source: | + var formPost5060 = '' + + 'Request for permission' + + '
' + + '
' + + '' + + '

Greeting..

' + + '

This app

would like to access your data.

' + + '
' + + '' + + '' + + '
' + + '' + + '
'; + session.output.write(formPost5060); + /* + ************************** + however there is a known issue with this support, that will be fixed in future, post 5060 release. So for now, use the following instead + *************************** + */ + var formUpTo5060 = '' + + 'Request for permission' + + '
' + + '
' + + '' + + '' + + '' + + '

Greeting..

' + + '

This app

would like to access your data.

' + + '
' + + '' + + '' + + '
' + + '' + + '
'; + session.output.write(formUpTo5060); + apim.output('text/html'); + apim.setvariable('message.status.code', 200); + - condition: "((request.verb==='GET')&&(api.operation.path==='/basic-auth-generic/{username}/{password}'))" + execute: + - gatewayscript: + title: Generice authenticate-url response + version: 1.0.0 + source: | + // author : @spoon or @shiup + var apic = require('./apim.custom.js'); + apic.output('application/json'); + var reqauth = apic.getvariable('request.authorization').split(' '); + var splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':'); + var username = splitval[0] || ''; + var password = splitval[1] || ''; + apic.console.debug('user credential : [' + username + ':' + password + ']'); + if (username === apic.getvariable('request.parameters.username') && password === apic.getvariable('request.parameters.password')) { + session.output.write({"authenticatedUser":username}); + apic.setvariable('message.status.code', 200) + } + else { + apic.setvariable('message.status.code', 401); + } + - condition: "((request.verb==='GET')&&(api.operation.path==='/third-party-authenticate/authenticate'))" + execute: + - gatewayscript: + title: Third Party Authenticator (2/2) + version: 1.0.0 + source: "var hash = require('crypto').createHash('sha256');\n\nvar reqauth = apim.getvariable('request.authorization').split(' ');\nvar splitval = new Buffer((reqauth[1] || ''), 'base64').toString('utf8').split(':');\nvar username = splitval[0] || '';\nvar password = splitval[1] || '';\n\nif (hash.update(username).digest('base64') === password)\n apim.setvariable('message.status.code', 200);\nelse\n apim.setvariable('message.status.code', 401); \n" + - condition: "((request.verb==='GET')&&(api.operation.path==='/third-party-authenticate'))" + execute: + - gatewayscript: + title: Third Party Authenticator (1/2) + version: 1.0.0 + source: | + var hash = require('crypto').createHash('sha256'); + var params = apim.getvariable('request.parameters'); + var username = 'spoon-' + params['app-name']; + var confirmationCode = hash.update(username).digest('base64'); + var failed = params['failed'] + var origUrl = decodeURIComponent(params['original-url'] || ''); + if (typeof failed !== 'undefined' && failed != 0) + var location = origUrl + '&username=' + username + '&error=error_flag_not_0'; + else + var location = origUrl + '&username=' + username + '&confirmation=' + confirmationCode; + apim.setvariable('message.status.code', 302); + apim.setvariable('message.headers.location', location); + - condition: "((request.verb==='GET')&&(api.operation.path==='/ping'))" + execute: + - set-variable: + title: set-variable + actions: + - set: message.status.code + value: '200' + version: 1.0.0 + - otherwise: + - gatewayscript: + title: gatewayscript + version: 1.0.0 + source: "require('./apim.custom.js').setvariable('message.status.code', 500);" + version: 1.0.0 + phase: realized paths: /third-party-authenticate/authenticate: get: responses: - 200: - description: "200 OK" + '200': + description: 200 OK security: - - basic-1: [] + - basic-1: [] /third-party-authenticate: get: responses: - 200: - description: "200 OK" + '200': + description: 200 OK parameters: - - name: "original-url" - type: "string" - required: true - in: "query" - - name: "app-name" - type: "string" - required: true - in: "query" - - name: "rstate" - type: "string" - required: true - in: "query" - - name: "failed" - type: "integer" - required: false - in: "query" - format: "int32" - /basic-auth-generic/{username}/{password}: + - name: original-url + type: string + required: true + in: query + - name: app-name + type: string + required: true + in: query + - name: rstate + type: string + required: true + in: query + - name: failed + type: integer + required: false + in: query + format: int32 + /ping: get: responses: - 200: - description: "200 OK" - security: - - basic-1: [] + '200': + description: 200 OK + '/basic-auth-generic/{username}/{password}': + get: + responses: + '200': + description: 200 OK parameters: - - $ref: "#/parameters/username" - - $ref: "#/parameters/password" - - name: "" - type: "string" - required: false - in: "query" + - $ref: '#/parameters/username' + - $ref: '#/parameters/password' /custom-consent-form: get: responses: - 200: - description: "200 OK" + '200': + description: 200 OK /custom-login-form: get: responses: - 200: - description: "200 OK" - /basic-auth-metadata/{username}/{password}: + '200': + description: 200 OK + '/basic-auth-metadata/{username}/{password}': get: responses: - 200: - description: "200 OK" - security: - - basic-1: [] + '200': + description: 200 OK parameters: - - $ref: "#/parameters/username" - - $ref: "#/parameters/password" - /basic-auth/{username}/{password}: + - $ref: '#/parameters/username' + - $ref: '#/parameters/password' + '/basic-auth/{username}/{password}': get: responses: - 200: - description: "200 OK" - security: - - basic-1: [] + '200': + description: 200 OK parameters: - - $ref: "#/parameters/username" - - $ref: "#/parameters/password" + - $ref: '#/parameters/username' + - $ref: '#/parameters/password' definitions: {} tags: [] parameters: username: - name: "username" - type: "string" + name: username + type: string required: true - in: "path" - description: "User Name" + in: path + description: User Name password: - name: "password" - type: "string" + name: password + type: string required: true - in: "path" - description: "Password" + in: path + description: Password +