Permalink
Browse files

Issue #19299 simi working code push.

  • Loading branch information...
bendiy committed Mar 2, 2013
1 parent c1e6364 commit 22a6f03e9508c38c5a5cb08238f8a2e9e41ef598
View
@@ -1,7 +1,8 @@
-create or replace function xt.add_column(table_name text, column_name text, type_name text, constraint_text text default null, schema_name text default 'xt') returns boolean volatile as $$
+create or replace function xt.add_column(table_name text, column_name text, type_name text, constraint_text text default null, schema_name text default 'xt', column_comment text default null) returns boolean volatile as $$
declare
count integer;
query text;
+ comment_query text;
begin
perform *
@@ -13,9 +14,9 @@ begin
and a.attnum > 0
and a.attrelid = c.oid
and a.atttypid = t.oid;
-
+
get diagnostics count = row_count;
-
+
if (count > 0) then
return false;
end if;
@@ -24,7 +25,12 @@ begin
execute query;
+ if (column_comment is not null) then
+ comment_query = 'comment on column ' || schema_name || '.' || table_name || '.' || column_name || ' is ' || quote_literal(column_comment);
+ execute comment_query;
+ end if;
+
return true;
-
+
end;
$$ language 'plpgsql';
@@ -0,0 +1,271 @@
+[
+ {
+ "context": "xtuple",
+ "nameSpace": "XM",
+ "type": "Oauth2client",
+ "table": "xt.oauth2client",
+ "idSequenceName": "oauth2client_oauth2client_id_seq",
+ "comment": "Defines global OAuth 2.0 server registered client storage.",
+ "properties": [
+ {
+ "name": "id",
+ "attr": {
+ "type": "Number",
+ "column": "oauth2client_id",
+ "isPrimaryKey": true
+ }
+ },
+ {
+ "name": "clientID",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_client_id"
+ }
+ },
+ {
+ "name": "clientSecret",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_client_secret"
+ }
+ },
+ {
+ "name": "clientName",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_client_name"
+ }
+ },
+ {
+ "name": "clientEmail",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_client_email"
+ }
+ },
+ {
+ "name": "clientWebSite",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_client_web_site"
+ }
+ },
+ {
+ "name": "clientLogo",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_client_logo"
+ }
+ },
+ {
+ "name": "clientType",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_client_type"
+ }
+ },
+ {
+ "name": "isActive",
+ "attr": {
+ "type": "Boolean",
+ "column": "oauth2client_active"
+ }
+ },
+ {
+ "name": "issued",
+ "attr": {
+ "type": "Date",
+ "column": "oauth2client_issued"
+ }
+ },
+ {
+ "name": "authURI",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_auth_uri"
+ }
+ },
+ {
+ "name": "tokenURI",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_token_uri"
+ }
+ },
+ {
+ "name": "redirectURIs",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_redirect_uris"
+ }
+ },
+ {
+ "name": "delegatedAccess",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_delegated_access"
+ }
+ },
+ {
+ "name": "clientX509CertURL",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_client_x509_cert_url"
+ }
+ },
+ {
+ "name": "authProviderX509CertURL",
+ "attr": {
+ "type": "String",
+ "column": "oauth2client_auth_provider_x509_cert_url"
+ }
+ }
+ ],
+ "isSystem": true
+ },
+ {
+ "context": "xtuple",
+ "nameSpace": "XM",
+ "type": "Oauth2token",
+ "table": "xt.oauth2token",
+ "idSequenceName": "oauth2token_oauth2token_id_seq",
+ "comment": "Defines global OAuth 2.0 server token storage.",
+ "properties": [
+ {
+ "name": "id",
+ "attr": {
+ "type": "Number",
+ "column": "oauth2token_id",
+ "isPrimaryKey": true
+ }
+ },
+ {
+ "name": "user",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_usr_id"
+ }
+ },
+ {
+ "name": "clientID",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_client_id"
+ }
+ },
+ {
+ "name": "redirectURI",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_redirect_uri"
+ }
+ },
+ {
+ "name": "scope",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_scope"
+ }
+ },
+ {
+ "name": "state",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_state"
+ }
+ },
+ {
+ "name": "approvalPrompt",
+ "attr": {
+ "type": "Boolean",
+ "column": "oauth2token_approval_prompt"
+ }
+ },
+ {
+ "name": "authCode",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_auth_code"
+ }
+ },
+ {
+ "name": "authCodeIssued",
+ "attr": {
+ "type": "Date",
+ "column": "oauth2token_auth_code_issued"
+ }
+ },
+ {
+ "name": "authCodeExpires",
+ "attr": {
+ "type": "Date",
+ "column": "oauth2token_auth_code_expires"
+ }
+ },
+ {
+ "name": "refreshToken",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_refresh_token"
+ }
+ },
+ {
+ "name": "refreshIssued",
+ "attr": {
+ "type": "Date",
+ "column": "oauth2token_refresh_issued"
+ }
+ },
+ {
+ "name": "refreshExpires",
+ "attr": {
+ "type": "Date",
+ "column": "oauth2token_refresh_expires"
+ }
+ },
+ {
+ "name": "accessToken",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_access_token"
+ }
+ },
+ {
+ "name": "accessIssued",
+ "attr": {
+ "type": "Date",
+ "column": "oauth2token_access_issued"
+ }
+ },
+ {
+ "name": "accessExpires",
+ "attr": {
+ "type": "Date",
+ "column": "oauth2token_access_expires"
+ }
+ },
+ {
+ "name": "tokenType",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_token_type"
+ }
+ },
+ {
+ "name": "accessType",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_access_type"
+ }
+ },
+ {
+ "name": "delegate",
+ "attr": {
+ "type": "String",
+ "column": "oauth2token_delegate"
+ }
+ }
+ ],
+ "isSystem": true
+ }
+]
View
@@ -10,18 +10,19 @@
-- [ START ] xt
-- xt tables
+\i xt/tables/bicache.sql
\i xt/tables/datasource.sql
\i xt/tables/dbserver.sql
\i xt/tables/ext.sql
+\i xt/tables/oauth2client.sql
+\i xt/tables/oauth2token.sql
\i xt/tables/org.sql
\i xt/tables/orgext.sql
\i xt/tables/session.sql
\i xt/tables/sessionorg.sql
\i xt/tables/sessionstore.sql
\i xt/tables/usr.sql
\i xt/tables/usrorg.sql
-\i xt/tables/sessionorg.sql
-\i xt/tables/bicache.sql
-- xt functions
\i xt/functions/add_priv.sql
@@ -0,0 +1,21 @@
+-- table definition
+
+select xt.create_table('oauth2client');
+select xt.add_column('oauth2client','oauth2client_id', 'serial', 'primary key', 'xt', 'oauth2client table primary key.');
+select xt.add_column('oauth2client','oauth2client_client_id', 'text', 'not null unique', 'xt', 'Generated client_id obtained during application registration.');
+select xt.add_column('oauth2client','oauth2client_client_secret', 'text', 'unique', 'xt', 'The client secret obtained during application registration.');
+select xt.add_column('oauth2client','oauth2client_client_name', 'text', '', 'xt', 'Name of the client or application.');
+select xt.add_column('oauth2client','oauth2client_client_email', 'text', '', 'xt', 'Email address of the client.');
+select xt.add_column('oauth2client','oauth2client_client_web_site', 'text', '', 'xt', 'Web site of the client.');
+select xt.add_column('oauth2client','oauth2client_client_logo', 'text', '', 'xt', 'URL to client logo image file displayed during auth grant.');
+select xt.add_column('oauth2client','oauth2client_client_type', 'text', '', 'xt', 'The OAuth 2.0 client type: "web_server", "installed_app", "service_account"');
+select xt.add_column('oauth2client','oauth2client_active', 'boolean', '', 'xt', 'Flag to make a client active or not.');
+select xt.add_column('oauth2client','oauth2client_issued', 'timestamp', '', 'xt', 'The datetime that the client was registered');
+select xt.add_column('oauth2client','oauth2client_auth_uri', 'text', '', 'xt', 'The Authorization Endpoint URI.');
+select xt.add_column('oauth2client','oauth2client_token_uri', 'text', '', 'xt', 'The Token Endpoint URI.');
+select xt.add_column('oauth2client','oauth2client_redirect_uris', 'text', 'not null', 'xt', 'A list of valid Redirection Endpoint URIs.');
+select xt.add_column('oauth2client','oauth2client_delegated_access', 'boolean', '', 'xt', 'Flag to allow "service_account" client to use delegated access as another user.');
+select xt.add_column('oauth2client','oauth2client_client_x509_cert_url', '', 'text', 'xt', 'The URL of the public x509 certificate, used to verify JWTs signed by the client.');
+select xt.add_column('oauth2client','oauth2client_auth_provider_x509_cert_url', 'text', '', 'xt', 'The URL of the public x509 certificate, used to verify the signature on JWTs, such as ID tokens, signed by the authentication provider.');
+
+comment on table xt.oauth2client is 'Defines global OAuth 2.0 server registered client storage.';
@@ -0,0 +1,24 @@
+-- table definition
+
+select xt.create_table('oauth2token');
+select xt.add_column('oauth2token','oauth2token_id', 'serial', 'primary key', 'xt', 'oauth2token table primary key.');
+select xt.add_column('oauth2token','oauth2token_usr_id', 'text', 'references xt.usr (usr_id) on delete cascade', 'xt', 'Indicates the usr_id this token exchange is for.');
+select xt.add_column('oauth2token','oauth2token_client_id', 'text', 'not null references xt.oauth2client (oauth2client_client_id) on delete cascade', 'xt', 'Indicates the client that is making the request.');
+select xt.add_column('oauth2token','oauth2token_redirect_uri', 'text', '', 'xt', 'Determines where the response is sent.');
+select xt.add_column('oauth2token','oauth2token_scope', 'text', 'not null', 'xt', 'Indicates the xTuple org access your application is requesting.');
+select xt.add_column('oauth2token','oauth2token_state', 'text', '', 'xt', 'Indicates any state which may be useful to your application upon receipt of the response.');
+select xt.add_column('oauth2token','oauth2token_approval_prompt', 'boolean', '', 'xt', 'Indicates if the user should be re-prompted for consent.');
+select xt.add_column('oauth2token','oauth2token_auth_code', 'text', 'unique', 'xt', 'The auth code returned from the initial authorization request.');
+select xt.add_column('oauth2token','oauth2token_auth_code_issued', 'timestamp', '', 'xt', 'The datetime the auth code was issued.');
+select xt.add_column('oauth2token','oauth2token_auth_code_expires', 'timestamp', '', 'xt', 'The datetime that the auth code expires.');
+select xt.add_column('oauth2token','oauth2token_refresh_token', 'text', 'unique', 'xt', 'The refresh token used to get a new access token when an old one expires.');
+select xt.add_column('oauth2token','oauth2token_refresh_issued', 'timestamp', '', 'xt', 'The datetime the refresh token was issued.');
+select xt.add_column('oauth2token','oauth2token_refresh_expires', 'timestamp', '', 'xt', 'The datetime that the refresh token expires.');
+select xt.add_column('oauth2token','oauth2token_access_token', 'text', 'unique', 'xt', 'The current access token to be included with every API call.');
+select xt.add_column('oauth2token','oauth2token_access_issued', 'timestamp', '', 'xt', 'The datetime the access token was issued.');
+select xt.add_column('oauth2token','oauth2token_access_expires', 'timestamp', '', 'xt', 'The datetime that the access token expires.');
+select xt.add_column('oauth2token','oauth2token_token_type', 'text', 'not null', 'xt', 'Indicates the type of token returned. At this time, this field will always have the value Bearer.');
+select xt.add_column('oauth2token','oauth2token_access_type', 'text', '', 'xt', 'Indicates if a web_server needs to access an API when the user is not present.');
+select xt.add_column('oauth2token','oauth2token_delegate', 'text', 'references xt.usr (usr_id) on delete cascade', 'xt', 'usr_id for which a service_account is requesting delegated access as.');
+
+comment on table xt.oauth2token is 'Defines global OAuth 2.0 server token storage.';
View
@@ -126,7 +126,9 @@ require('http').IncomingMessage.prototype.isAuthenticated = function () {
var creds = this.session.passport.user;
+// TODO - This needs to support OAuth 2.0 logins which will not have an org set yet.
if (creds && creds.id && creds.username && creds.organization) {
+ //if (creds && creds.id) {
return true;
} else {
destroySession(this.sessionID, this.session);
@@ -1,5 +1,9 @@
+// TODO - Need to store and check against:
+// -- approved callback URLs
+// -- client type, e.g. "installed applicaion", "web server", "service account"
+// OAuth 2.0 server should respond differently based on the cleint type.
var clients = [
- //{ id: '1', name: 'Samplr', clientId: 'abc123', clientSecret: 'ssh-secret' }
+ { id: '1', name: 'xTuple', clientId: '766398752140.apps.googleusercontent.com', clientSecret: 'sXZdl3_RJgykttfoT_BOyJuK' }
];
Oops, something went wrong.

0 comments on commit 22a6f03

Please sign in to comment.