Fix login redirect URLs

Kevin Richter · Kevin Richter · commit 527f4da2e302 · 2018-08-14T11:11:54.000+02:00
diff --git a/source/v1/api/index.html b/source/v1/api/index.html
@@ -35,9 +35,9 @@
       window.onload = function () {
         // Build a system
         const ui = SwaggerUIBundle({
-          url: "https://api.beta.maps4news.com/docs/assets/api-docs.json",
+          url: "https://api.beta.maps4news.com/docs/assets/api-docs.json", // TODO change to live
           dom_id: '#swagger-ui',
-          // oauth2RedirectUrl: "none", // TODO
+          oauth2RedirectUrl: `${document.location.origin}/v1/api/oauth2-redirect.html`,
           presets: [
             SwaggerUIBundle.presets.apis,
             SwaggerUIStandalonePreset
@@ -48,6 +48,8 @@
           layout: "StandaloneLayout"
         });
 
+        ui.initOAuth({ clientId: 1 });
+
         window.ui = ui
       }
     </script>
diff --git a/source/v1/api/oauth2-redirect.html b/source/v1/api/oauth2-redirect.html
@@ -0,0 +1,67 @@
+<!doctype html>
+<html lang="en-US">
+  <body onload="run()">
+  </body>
+</html>
+<script>
+  'use strict';
+  function run () {
+    var oauth2 = window.opener.swaggerUIRedirectOauth2;
+    var sentState = oauth2.state;
+    var redirectUrl = oauth2.redirectUrl;
+    var isValid, qp, arr;
+
+    if (/code|token|error/.test(window.location.hash)) {
+      qp = window.location.hash.substring(1);
+    } else {
+      qp = location.search.substring(1);
+    }
+
+    arr = qp.split("&")
+    arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';})
+    qp = qp ? JSON.parse('{' + arr.join() + '}',
+      function (key, value) {
+        return key === "" ? value : decodeURIComponent(value)
+      }
+    ) : {}
+
+    isValid = qp.state === sentState
+
+    if ((
+      oauth2.auth.schema.get("flow") === "accessCode"||
+      oauth2.auth.schema.get("flow") === "authorizationCode"
+    ) && !oauth2.auth.code) {
+      if (!isValid) {
+        oauth2.errCb({
+          authId: oauth2.auth.name,
+          source: "auth",
+          level: "warning",
+          message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
+        });
+      }
+
+      if (qp.code) {
+        delete oauth2.state;
+        oauth2.auth.code = qp.code;
+        oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
+      } else {
+        let oauthErrorMsg
+        if (qp.error) {
+          oauthErrorMsg = "["+qp.error+"]: " +
+            (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
+            (qp.error_uri ? "More info: "+qp.error_uri : "");
+        }
+
+        oauth2.errCb({
+          authId: oauth2.auth.name,
+          source: "auth",
+          level: "error",
+          message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
+        });
+      }
+    } else {
+      oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
+    }
+    window.close();
+  }
+</script>
