Mirrors/overte-thingvellir
3
0
Fork 0
mirror of https://thingvellir.net/git/overte synced 2025-03-27 23:52:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Get OAuth2 URL from server settings

Browse source
This commit is contained in:
David Rowe 2020-07-31 20:48:27 +12:00
parent c3d248a404
commit 56ba137ee3
10 changed files with 38 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
domain-server/resources/describe-settings.json
View file

@ -85,7 +85,7 @@
"backup": false
},
{
"name": "authentication_oauth2_url_base",
"name": "oauth2_url_base",
"label": "Authentication URL Base",
"help": "The URL base that the Interface and domain-server will use to make API requests.",
"advanced": true

18
domain-server/src/DomainGatekeeper.cpp
View file

@ -444,6 +444,7 @@ SharedNodePointer DomainGatekeeper::processAssignmentConnectRequest(const NodeCo
return newNode;
}
const QString AUTHENTICATION_OAUTH2_URL_BASE = "authentication.oauth2_url_base";
const QString MAXIMUM_USER_CAPACITY = "security.maximum_user_capacity";
const QString MAXIMUM_USER_CAPACITY_REDIRECT_LOCATION = "security.maximum_user_capacity_redirect_location";
@ -533,8 +534,14 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
if (!userPerms.can(NodePermissions::Permission::canConnectToDomain)) {
if (domainHasLogin()) {
QString domainAuthURL;
auto domainAuthURLVariant = _server->_settingsManager.valueForKeyPath(AUTHENTICATION_OAUTH2_URL_BASE);
if (domainAuthURLVariant.canConvert<QString>()) {
domainAuthURL = domainAuthURLVariant.toString();
qDebug() << "Domain authorization URL:" << domainAuthURL;
}
sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.",
nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::NotAuthorizedDomain);
nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::NotAuthorizedDomain, domainAuthURL);
} else {
sendConnectionDeniedPacket("You lack the required permissions to connect to this domain.",
nodeConnection.senderSockAddr, DomainHandler::ConnectionRefusedReason::NotAuthorizedMetaverse);
@ -1164,13 +1171,8 @@ void DomainGatekeeper::refreshGroupsCache() {
}
bool DomainGatekeeper::domainHasLogin() {
// The domain may have its own users and groups. This is enabled in the server settings by ...
// ####### TODO: Use a particular string in the server name or set a particular tag in the server's settings?
// Or add a new server setting?
// ####### TODO: Also configure URL for getting user's group memberships, in the server's settings?
// ####### TODO
// The domain may have its own users and groups. This is enabled in the server settings by ... #######
// ####### TODO: Base on server settings.
return true;
}

3
interface/resources/qml/LoginDialog/LinkAccountBody.qml
View file

@ -46,7 +46,6 @@ Item {
readonly property bool loginDialogPoppedUp: loginDialog.getLoginDialogPoppedUp()
readonly property bool isLoggingInToDomain: loginDialog.getDomainLoginRequested()
readonly property string domainAuthProvider: loginDialog.getDomainLoginAuthProvider()
QtObject {
id: d
@ -76,7 +75,7 @@ Item {
if (!isLoggingInToDomain) {
loginDialog.login(emailField.text, passwordField.text);
} else {
loginDialog.loginDomain(emailField.text, passwordField.text, domainAuthProvider);
loginDialog.loginDomain(emailField.text, passwordField.text);
}
if (linkAccountBody.loginDialogPoppedUp) {

10
interface/src/ui/DialogsManager.cpp
View file

@ -29,7 +29,6 @@
#include "OctreeStatsDialog.h"
#include "PreferencesDialog.h"
#include "UpdateDialog.h"
#include "DomainHandler.h"
#include "scripting/HMDScriptingInterface.h"
@ -131,15 +130,6 @@ void DialogsManager::hideLoginDialog() {
void DialogsManager::showDomainLoginDialog() {
const QJsonObject& settingsObject = DependencyManager::get<NodeList>()->getDomainHandler().getSettingsObject();
static const QString WP_OAUTH2_SERVER_URL = "authentication_oauth2_url_base";
if (!settingsObject.contains(WP_OAUTH2_SERVER_URL)) {
qDebug() << "Cannot log in to domain because an OAuth2 authorization was required but no authorization server was specified.";
return;
}
_domainLoginAuthProvider = settingsObject[WP_OAUTH2_SERVER_URL].toString();
_isDomainLogin = true;
LoginDialog::showWithSelection();
}

2
interface/src/ui/DialogsManager.h
View file

@ -42,7 +42,6 @@ public:
void emitAddressBarShown(bool visible) { emit addressBarShown(visible); }
void setAddressBarVisible(bool addressBarVisible);
bool getIsDomainLogin() { return _isDomainLogin; }
QString getDomainLoginAuthProvider() { return _domainLoginAuthProvider; }
public slots:
void showAddressBar();
@ -88,7 +87,6 @@ private:
bool _addressBarVisible { false };
bool _isDomainLogin { false };
QString _domainLoginAuthProvider { "" };
};
#endif // hifi_DialogsManager_h

13
interface/src/ui/LoginDialog.cpp
View file

@ -143,12 +143,9 @@ void LoginDialog::login(const QString& username, const QString& password) const
DependencyManager::get<AccountManager>()->requestAccessToken(username, password);
}
void LoginDialog::loginDomain(const QString& username, const QString& password, const QString& domainAuthProvider) const {
qDebug() << "Attempting to login" << username << "into a domain through" << domainAuthProvider;
DependencyManager::get<DomainAccountManager>()->requestAccessToken(username, password, domainAuthProvider);
// ####### TODO: It may not be necessary to pass domainAuthProvider to the login dialog and through to here because it was
// originally provided to the QML from C++.
void LoginDialog::loginDomain(const QString& username, const QString& password) const {
qDebug() << "Attempting to login" << username << "into a domain";
DependencyManager::get<DomainAccountManager>()->requestAccessToken(username, password);
}
void LoginDialog::loginThroughOculus() {
@ -430,7 +427,3 @@ void LoginDialog::signupFailed(QNetworkReply* reply) {
bool LoginDialog::getDomainLoginRequested() const {
return DependencyManager::get<DialogsManager>()->getIsDomainLogin();
}
QString LoginDialog::getDomainLoginAuthProvider() const {
return DependencyManager::get<DialogsManager>()->getDomainLoginAuthProvider();
}

3
interface/src/ui/LoginDialog.h
View file

@ -72,7 +72,7 @@ protected slots:
Q_INVOKABLE QString oculusUserID() const;
Q_INVOKABLE void login(const QString& username, const QString& password) const;
Q_INVOKABLE void loginDomain(const QString& username, const QString& password, const QString& domainAuthProvider) const;
Q_INVOKABLE void loginDomain(const QString& username, const QString& password) const;
Q_INVOKABLE void loginThroughSteam();
Q_INVOKABLE void linkSteam();
Q_INVOKABLE void createAccountFromSteam(QString username = QString());
@ -85,7 +85,6 @@ protected slots:
Q_INVOKABLE bool getLoginDialogPoppedUp() const;
Q_INVOKABLE bool getDomainLoginRequested() const;
Q_INVOKABLE QString getDomainLoginAuthProvider() const;
};

14
libraries/networking/src/DomainAccountManager.cpp
View file

@ -45,7 +45,17 @@ DomainAccountManager::DomainAccountManager() {
connect(this, &DomainAccountManager::loginComplete, this, &DomainAccountManager::sendInterfaceAccessTokenToServer);
}
void DomainAccountManager::requestAccessToken(const QString& login, const QString& password, const QString& domainAuthProvider) {
void DomainAccountManager::setAuthURL(const QUrl& authURL) {
if (_authURL != authURL) {
_authURL = authURL;
qCDebug(networking) << "AccountManager URL for authenticated requests has been changed to" << qPrintable(_authURL.toString());
// ####### TODO: See AccountManager::setAuthURL().
}
}
void DomainAccountManager::requestAccessToken(const QString& login, const QString& password) {
QNetworkAccessManager& networkAccessManager = NetworkAccessManager::getInstance();
@ -53,7 +63,7 @@ void DomainAccountManager::requestAccessToken(const QString& login, const QStrin
request.setAttribute(QNetworkRequest::FollowRedirectsAttribute, true);
request.setHeader(QNetworkRequest::UserAgentHeader, NetworkingConstants::VIRCADIA_USER_AGENT);
_domainAuthProviderURL = domainAuthProvider;
_domainAuthProviderURL = _authURL;
_domainAuthProviderURL.setPath("/oauth/token");
QByteArray postData;

7
libraries/networking/src/DomainAccountManager.h
View file

@ -13,6 +13,7 @@
#define hifi_DomainAccountManager_h
#include <QtCore/QObject>
#include <QtCore/QUrl>
#include <DependencyManager.h>
@ -22,10 +23,12 @@ class DomainAccountManager : public QObject, public Dependency {
public:
DomainAccountManager();
void setAuthURL(const QUrl& authURL);
Q_INVOKABLE bool checkAndSignalForAccessToken();
public slots:
void requestAccessToken(const QString& login, const QString& password, const QString& domainAuthProvider);
void requestAccessToken(const QString& login, const QString& password);
void requestAccessTokenFinished();
signals:
@ -41,6 +44,8 @@ private:
bool accessTokenIsExpired();
void setAccessTokenFromJSON(const QJsonObject&);
void sendInterfaceAccessTokenToServer();
QUrl _authURL;
};
#endif // hifi_DomainAccountManager_h

5
libraries/networking/src/DomainHandler.cpp
View file

@ -584,8 +584,11 @@ void DomainHandler::processDomainServerConnectionDeniedPacket(QSharedPointer<Rec
}
} else if (reasonSuggestsDomainLogin(reasonCode)) {
qCWarning(networking) << "Make sure you are logged in to the domain.";
auto accountManager = DependencyManager::get<DomainAccountManager>();
if (!extraInfo.isEmpty()) {
accountManager->setAuthURL(extraInfo);
}
if (!_hasCheckedForDomainAccessToken) {
accountManager->checkAndSignalForAccessToken();