void logout(){}
bool relogin(){return false;}
+
+QMap<QString,QString> MSInterface::headers(QString s)const
+{
+ QMap<QString,QString> ret=WInterface::headers(s);
+ ret.insert("Wob-SessionId",m_sessid);
+ return ret;
+}
static MSInterface* instance(){return qobject_cast<MSInterface*>(MInterface::instance());}
- bool login(QString username,QString passwd,QString hostname,QString hostkey);
- void logout(){}
- bool relogin(){return false;}
QString currentUser()const{return "";}
bool hasRole(QString)const{return false;}
QString dataDir()const{return "/tmp/blah";}
QString settingsGroup()const{return "nosuchgroup";}
+ /**returns the current session ID*/
+ QString sessionId()const{return m_sessid;}
+
+ virtual QMap<QString,QString> headers(QString)const;
+
+ public slots:
+ bool login(QString username,QString passwd,QString hostname,QString hostkey);
+ void logout(){}
+ bool relogin(){return false;}
+ /**sets the session id to be transmitted*/
+ void setSessionId(QString sid){m_sessid=sid;}
+
private:
- QString profileid;
+ QString profileid,m_sessid;
};
/**returns the current log level*/
LogLevel logLevel()const{return loglvl;}
- /**returns the current session ID*/
- QString sessionId()const{return m_sessid;}
-
public slots:
/**set log level*/
void setLogLevel(WInterface::LogLevel l){loglvl=l;}
/**sets the URL of the interface*/
void setUrl(QUrl u){m_url=u;}
- /**sets the session id to be transmitted*/
- void setSessionId(QString sid){m_sessid=sid;}
-
private:
static QMap<QString,WInterface*>inst;
QUrl m_url;
- QString m_proxyhost,m_proxyuser,m_proxypass,m_sessid;
+ QString m_proxyhost,m_proxyuser,m_proxypass;
unsigned short m_proxyport;
int m_wtimeout;
LogLevel loglvl;
QString hostspec=url.host();
if(url.port()>0)hostspec+=":"+QString::number(port);
hrh.setValue("Host",hostspec);
+ QMap<QString,QString>hdrs=iface->headers(hreq);
+ QStringList hdrn=hdrs.keys();
+ for(int i=0;i<hdrn.size();i++)
+ hrh.setValue("X-"+hdrn[i],hdrs[hdrn[i]]);
hrh.setValue("X-WobRequest",hreq);
- //TODO: hrh.setValue("X-MagicSmoke-Session",sessionid);
hrh.setContentLength(data.size());
hrh.setContentType("application/x-webobject; charset=UTF-8");
m_httpid=req.request(hrh,data);
<QtClientOutput sourceDir="src" subDir="wob" priInclude="wob.pri" classPrefix="M" clean="yes"/>
<PHPServerOutput sourceDir="www" subDir="inc/wob" extension=".php" clean="yes">
<Authenticator
- isAuthenticated="$::session->isAuthenticated()"
- hasRole="$::session->canExecute(%)"
- userName="$::session->getUser()"
- init="new Session(%)"/>
+ isAuthenticated="Session::instance()->isAuthenticated()"
+ hasRole="Session::instance()->canExecute(%)"
+ userName="Session::instance()->getUser()"
+ init="new Session($this)"/>
</PHPServerOutput>
<!-- HtmlOutput sourceDir="doc" subDir="wob"/ -->
//request handler:
code="public function handleRequest(){\n";
- //parse low level XML
- code+="\tglobal $HTTP_RAW_POST_DATA;\n\tif(isset($HTTP_RAW_POST_DATA))$txt=$HTTP_RAW_POST_DATA;else $txt=\"\";\n";
- code+="\t$xml=new DOMDocument;\n\tif(!$xml->loadXML($txt))xmlParserError();\n";
- code+="\t$root=$xml->documentElement;\n";
-
//security handling
switch(trn.authMode()){
case WocTransaction::Checked:
code+="\t/*security check: authenticated and authorized*/\n";
- code+="\t$sid=$root->getAttribute(\"sessionid\");\n";
- code+="\t"+QString(m_authinit).replace("%","$sid")+";\n";
+ code+="\t"+m_authinit+";\n";
code+="\tif(!"+m_isauth+"||!"+QString(m_hasrole).replace("%","\""+trn.name()+"\"")+")notAuthenticated();\n";
break;
case WocTransaction::Auth:
code+="\t/*security check: authenticated*/\n";
- code+="\t$sid=$root->getAttribute(\"sessionid\");\n";
- code+="\t"+QString(m_authinit).replace("%","$sid")+";\n";
+ code+="\t"+m_authinit+";\n";
code+="\tif(!"+m_isauth+")notAuthenticated();\n";
break;
default:
break;//none
}
+ //parse low level XML
+ code+="\t/*low level XML parsing*/\n";
+ code+="\tglobal $HTTP_RAW_POST_DATA;\n\tif(isset($HTTP_RAW_POST_DATA))$txt=$HTTP_RAW_POST_DATA;else $txt=\"\";\n";
+ code+="\t$xml=new DOMDocument;\n\tif(!$xml->loadXML($txt))xmlParserError();\n";
+ code+="\t$root=$xml->documentElement;\n";
+
//parse inputs
code+=trnInput(trn);
code+="\t\t$this->aoutput[\""+sl[i]+"\"][]=\"\".$vv;\n";
add+="\t$this->aoutput[\""+sl[i]+"\"][]=\"\".$vv;\n";
}
- code+="\t}\n};";
+ code+="\t}\n";
add+="}\n";
}else{
if(trn.isIntType(t)){
scd+="\tQDomElement tmp;\n";
scd+="\tWInterface *iface=WInterface::instance(m_iface);\n";
scd+="\tif(iface==0){m_errtype=\"_iface\";m_errstr=\"interface not found\";m_stage=Error;return;}\n";
- if(trn.authMode()!=trn.Open)
- scd+="\troot.setAttribute(\"sessionid\",iface->sessionId());\n";
//encode input
scd+=trnInput(trn);
scd+="\tdoc.appendChild(root);\n";
private $rights;
/**construct the session object, check validity*/
- public function __construct($sid)
+ public function __construct($trans)
{
global $db,$session;
$this->roles=array();
$this->rights=array();
+ $sid=$trans->getHeader("Wob-SessionId");
$res=$db->select("session","sessionid,user","sessionid=".$db->escapeString($sid));
if(count($res)>0){
$this->sessid=$sid;
$session=$this;
}
+ /**return the session instance*/
+ public static function instance()
+ {
+ global $session;
+ if(!isset($session))return null;
+ return $session;
+ }
+
/**internal: retrieve and remember the rights of this user*/
- public function initRights()
+ protected function initRights()
{
global $db;
$res=$db->select("userrole","role","uname=".$db->escapeString($this->user));
}
return $_SERVER["HTTP_X_WOBREQUEST"];
}
+ /**called to determine the session id*/
+ static public function getHeader($hd)
+ {
+ $hd="HTTP_X_".strtoupper(str_replace("-","_",$hd));
+ if(isset($_SERVER[$hd]))return $_SERVER[$hd];
+ else return "";
+ }
/**called if the transaction is not known. aborts the script.*/
static public function noSuchTransaction()
{