r19138: add authentication capability; fix typos

(This used to be commit d8f0701feb85b7ca70edd5e8a9581661eb6c52e2)

diff --git a/jsonrpc/json.esp b/jsonrpc/json.esp
index 8234ad7be323045e2e4c90b56149759cab5efe08..6c59db0fca85394c2332c96620c9884a666cd48a 100644 (file)
--- a/jsonrpc/json.esp
+++ b/jsonrpc/json.esp
@@ -260,4 +260,10 @@ function testParse()
 }
 testParse();
 */
+
+/*
+ * Local Variables:
+ * mode: c
+ * End:
+ */
 %>

diff --git a/jsonrpc/json_auth.esp b/jsonrpc/json_auth.esp
new file mode 100644 (file)
index 0000000..2d58b6e
--- /dev/null
+++ b/jsonrpc/json_auth.esp
@@ -0,0 +1,13 @@
+<%
+/* Return true to allow access; false otherwise */
+function json_authenticate(serviceComponents, method)
+{
+    return true;
+}
+
+/*
+ * Local Variables:
+ * mode: c
+ * End:
+ */
+%>

diff --git a/jsonrpc/jsondate.esp b/jsonrpc/jsondate.esp
index 42418eaef204d44bfed7c8cb0ba30faa8d412f1a..3467228df6d6a91a224c6e36d8acb3225020bfeb 100644 (file)
--- a/jsonrpc/jsondate.esp
+++ b/jsonrpc/jsondate.esp
@@ -1,4 +1,4 @@
-
+<%
 /*
  * Copyright:
  *   (C) 2006 by Derrell Lipman
@@ -190,3 +190,11 @@ function _JSON_Date_create(secondsSinceEpoch)
 JSON_Date = new Object();
 JSON_Date.create = _JSON_Date_create;
 _JSON_Date_create = null;
+
+
+/*
+ * Local Variables:
+ * mode: c
+ * End:
+ */
+%>

diff --git a/jsonrpc/qooxdoo/test.esp b/jsonrpc/qooxdoo/test.esp
index 03c2d824ba180a326a95c46589a31fd6bdbbed92..e8686dcc255129b1a0cab49468fead7c7c91ca1c 100644 (file)
--- a/jsonrpc/qooxdoo/test.esp
+++ b/jsonrpc/qooxdoo/test.esp
@@ -227,4 +227,10 @@ function _getError(params, error)
 }      
 jsonrpc.method.getError = _getError;
 
+
+/*
+ * Local Variables:
+ * mode: c
+ * End:
+ */
 %>

diff --git a/jsonrpc/request.esp b/jsonrpc/request.esp
index 5a1408df62280e7d6cacf9889c14658380c64e73..1cd22a71a84af06bd456be4e8d728bee6ca190e8 100644 (file)
--- a/jsonrpc/request.esp
+++ b/jsonrpc/request.esp
@@ -19,6 +19,10 @@ jsonrpc_include("json.esp");
 /* Bring in the date class */
 jsonrpc_include("jsondate.esp");
 
+/* Load the authentication script */
+jsonrpc_include("json_auth.esp");
+
+
 /* bring the string functions into the global frame */
 string_init(global);
 
@@ -165,22 +169,27 @@ function _jsonValidRequest(req)
         return false;
     }
 
-    if (req.id == undefined)
+    if (typeof(req) != "object")
     {
         return false;
     }
 
-    if (req.service == undefined)
+    if (req["id"] == undefined)
     {
         return false;
     }
 
-    if (req.method == undefined)
+    if (req["service"] == undefined)
     {
         return false;
     }
 
-    if (req.params == undefined)
+    if (req["method"] == undefined)
+    {
+        return false;
+    }
+
+    if (req["params"] == undefined)
     {
         return false;
     }
@@ -411,7 +420,7 @@ if (jsonrpc_include(servicePath))
  * The following completely unreasonable sequence of commands is because:
  *
  *  (a) ejs evaluates all OR'ed expressions even if an early one is false, and
- *      bars on the typeof(method) call if method is undefined
+ *      barfs on the typeof(method) call if method is undefined
  *
  *  (b) ejs does not allow comparing against the string "function"!!!  What
  *      the hell is special about that particular string???
@@ -437,6 +446,15 @@ if (! valid)
     return;
 }
 
+/* Ensure the logged-in user is allowed to issue the requested method */
+if (! json_authenticate(serviceComponents, method))
+{
+    error.setError(jsonrpc.Constant.ErrorCode.PermissionDenied,
+                   "Permission denied");
+    error.Send();
+    return;
+}
+
 /* Most errors from here on out will be Application-generated */
 error.setOrigin(jsonrpc.Constant.ErrorOrigin.Application);
 
@@ -456,4 +474,10 @@ var ret = new Object();
 ret.result = retval;
 ret.id = jsonInput.id;
 sendReply(Json.encode(ret), scriptTransportId);
+
+/*
+ * Local Variables:
+ * mode: c
+ * End:
+ */
 %>