add WAMP-CRA JS example, improve some things

2012-06-06 16:15:02 +02:00
parent 6cbfe135b1
commit bc42e60f8f
4 changed files with 139 additions and 13 deletions
--- a/autobahn/autobahn/wamp.py
+++ b/autobahn/autobahn/wamp.py
@@ -1365,6 +1365,11 @@ class WampCraProtocol:
   """
   Base class for WAMP Challenge-Response Authentication protocols (client and server).

+   WAMP-CRA is a cryptographically strong challenge response authentication
+   protocol based on HMAC-SHA256.
+
+   The protocol performs in-band authentication of WAMP clients to WAMP servers.
+
   WAMP-CRA does not introduce any new WAMP protocol level message types, but
   implements the authentication handshake via standard WAMP RPCs with well-known
   procedure URIs and signatures.
@@ -1639,7 +1644,10 @@ class WampCraServerProtocol(WampServerProtocol, WampCraProtocol):
      info['extra'] = extra

      try:
-         info['permissions'] = self.getAuthPermissions(appkey, extra)
+         pp = self.getAuthPermissions(appkey, extra)
+         if pp is None:
+            pp = {'pubsub': [], 'rpc': []}
+         info['permissions'] = pp
      except Exception, e:
         raise Exception(self.shrink(WampCraProtocol.URI_WAMP_ERROR + "auth-permissions-error"), str(e))

@@ -1703,7 +1711,7 @@ class WampCraServerProtocol(WampServerProtocol, WampCraProtocol):

      ## fire authentication callback
      ##
-      self.onAuthenticated(perms)
+      self.onAuthenticated(self.clientAppkey, perms)

      ## return permissions to client
      ##
--- a/examples/authentication/client.py
+++ b/examples/authentication/client.py
@@ -1,6 +1,6 @@
 ###############################################################################
 ##
-##  Copyright 2011 Tavendo GmbH
+##  Copyright 2012 Tavendo GmbH
 ##
 ##  Licensed under the Apache License, Version 2.0 (the "License");
 ##  you may not use this file except in compliance with the License.
@@ -31,14 +31,9 @@ class MyClientProtocol(WampCraClientProtocol):
   """

   def onSessionOpen(self):
-      reactor.callLater(2, self.doAuthenticate)
-
-
-   def doAuthenticate(self):
      ## "authenticate" as anonymous
      ##
      #self.authenticate(self.onAuthSuccess, self.onAuthError)
-      #return

      ## authenticate as "foobar" with password "secret"
      ##
--- a/examples/authentication/index.html
+++ b/examples/authentication/index.html
@@ -0,0 +1,117 @@
+<!DOCTYPE html>
+<html>
+   <head>
+      <meta charset="UTF-8">
+      <title>WAMP Challenge Response Authentication</title>
+
+      <!-- include AutobahnJS .. that's all you need -->
+      <script type="text/javascript" src="http://autobahn.ws/public/autobahn.min.js"></script>
+
+      <!-- optionally, you can use AutobahnJS with jQuery Deferreds ..
+      <script type="text/javascript" src="http://code.jquery.com/jquery-1.7.2.min.js"></script>
+      -->
+
+      <script>
+
+         var session = null;
+
+         window.onload = function() {
+
+            // use jQuery Deferreds instead of the AutobahnJS included when.js Deferreds
+            //ab._Deferred = jQuery.Deferred;
+
+            connect();
+         };
+
+         // connect to Autobahn.ws
+         function connect() {
+
+            var wsuri = "ws://localhost:9000";
+
+            ab.connect(wsuri,
+
+               function (sess) {
+                  session = sess;
+                  ab.log("connected to " + wsuri);
+
+                  //onConnect0();
+                  onConnect1();
+                  //onConnect2();
+               },
+
+               function (code, reason, detail) {
+
+                  session = null;
+                  switch (code) {
+                     case ab.CONNECTION_UNSUPPORTED:
+                        window.location = "http://autobahn.ws/unsupportedbrowser";
+                        break;
+                     case ab.CONNECTION_CLOSED:
+                        window.location.reload();
+                        break;
+                     default:
+                        ab.log(code, reason, detail);
+                        break;
+                  }
+               },
+
+               {'maxRetries': 60, 'retryDelay': 2000}
+            );
+         }
+
+         // authenticate as "anonymous"
+         //
+         function onConnect0() {
+            session.authreq().then(function () {
+               session.auth().then(onAuth, ab.log);
+            }, ab.log);
+         }
+
+         // authenticate as "foobar"
+         //
+         function onConnect1() {
+            session.authreq("foobar").then(function (challenge) {
+
+               // direct sign or AJAX to 3rd party
+               var signature = session.authsign(challenge, "secret");
+
+               session.auth(signature).then(onAuth, ab.log);
+            }, ab.log);
+         }
+
+         // authenticate as "foobar", providing extra data
+         //
+         function onConnect2() {
+
+            var extra = {user: 'otto', role: 'author', age: 24};
+            session.authreq("foobar", extra).then(function (challenge) {
+
+               // direct sign or AJAX to 3rd party
+               var signature = session.authsign(challenge, "secret");
+
+               session.auth(signature).then(onAuth, ab.log);
+            }, ab.log);
+         }
+
+         var myTopic = "http://example.com/topics/mytopic1";
+
+         function onAuth(permissions) {
+            ab.log("authenticated!", JSON.stringify(permissions));
+            session.subscribe(myTopic, onMyEvent);
+         };
+
+         function onMyEvent(topic, event) {
+            ab.log("MyEvent", topic, event);
+         };
+
+         function publishToMyTopic() {
+            //ab.log("clicked");
+            session.publish(myTopic, "Hello, world!");
+         };
+      </script>
+   </head>
+   <body>
+      <h1>WAMP Challenge Response Authentication</h1>
+      <button onclick="publishToMyTopic();">Publish!</button>
+   </body>
+</html>
--- a/examples/authentication/server.py
+++ b/examples/authentication/server.py
@@ -43,7 +43,12 @@ class MyServerProtocol(WampCraServerProtocol):
                                         'pub': True,
                                         'sub': True}],
                             'rpc': [{'uri': 'http://example.com/procedures/hello',
-                                      'call': True}]}}
+                                      'call': True}]},
+                  None: {'pubsub': [{'uri': 'http://example.com/topics/mytopic1',
+                                     'prefix': False,
+                                     'pub': False,
+                                     'sub': True}],
+                         'rpc': []}}

   def onSessionOpen(self):

@@ -58,7 +63,7 @@ class MyServerProtocol(WampCraServerProtocol):
   def getAuthPermissions(self, authKey, authExtra):
      ## return permissions which will be granted for the auth key
      ## when the authentication succeeds
-      return self.PERMISSIONS.get(authKey, [])
+      return self.PERMISSIONS.get(authKey, None)


   def getAuthSecret(self, authKey):
@@ -67,15 +72,16 @@ class MyServerProtocol(WampCraServerProtocol):
      return self.SECRETS.get(authKey, None)


-   def onAuthenticated(self, permissions):
+   def onAuthenticated(self, authKey, permissions):
      ## fired when authentication succeeds

      ## register PubSub topics from the auth permissions
      self.registerForPubSubFromPermissions(permissions)

      ## register RPC endpoints (for now do that manually, keep in sync with perms)
-      self.registerForRpc(self, 'http://example.com/procedures/',
-                          [MyServerProtocol.hello])
+      if authKey is not None:
+         self.registerForRpc(self, 'http://example.com/procedures/',
+                             [MyServerProtocol.hello])


   @exportRpc("hello")