Changeset 8045

Timestamp:

Jun 3, 2022, 8:59:50 AM (8 months ago)

Author:

Nicklas Nordborg

Message:

Merge BASE 3.19.3 to the trunk

Location:

trunk

Files:

• . (modified) (1 prop)
• doc/src/docbook/developer/extensions.xml (modified) (3 diffs)
• src/clients/web/net/sf/basedb/clients/web/extensions/JspContext.java (modified) (7 diffs)
• src/clients/web/net/sf/basedb/clients/web/extensions/login/FieldInfo.java (modified) (2 diffs)
• src/clients/web/net/sf/basedb/clients/web/extensions/login/LoginFormBean.java (modified) (2 diffs)
• src/clients/web/net/sf/basedb/clients/web/taglib/extensions/Scripts.java (modified) (3 diffs)
• src/clients/web/net/sf/basedb/clients/web/taglib/extensions/Stylesheets.java (modified) (3 diffs)
• src/core/net/sf/basedb/core/SessionControl.java (modified) (10 diffs)
• src/core/net/sf/basedb/core/authentication/LoginRequest.java (modified) (3 diffs)
• src/core/net/sf/basedb/util/extensions/ClientContext.java (modified) (2 diffs)
• src/core/net/sf/basedb/util/extensions/Registry.java (modified) (2 diffs)
• www/WEB-INF/extensions.tld (modified) (2 diffs)
• www/login.js (modified) (2 diffs)
• www/main.jsp (modified) (8 diffs)
• www/switch.jsp (modified) (9 diffs)

trunk/doc/src/docbook/developer/extensions.xml

@@ -2686 +2686 @@
       </sect3>
       
-      <sect3 id="pextensions_developer.login-manager.settings">
+      <sect3 id="extensions_developer.login-manager.settings">
         <title>Configuration settings</title>
       
@@ -2747 +2747 @@
         <para>
           All installed and enabled login forms are available in a selection list
-          from which the user can select to switch to another login form. For technical reasons 
-          custom scripts and stylesheets are loaded for all installed login forms even
-          though only one is displayed at a time. Developers must ensure that CSS rules
-          and scripts are not affecting other login forms than the intended one.
+          from which the user can select to switch to another login form. Since BASE 3.19.3
+          custom scripts and stylesheets are only loaded for the currently active form.
+          In earlier BASE versions, custom scripts and stylesheets were loaded for all installed 
+          login forms.
         </para>
         <para>
-          To help with this, BASE is setting two data-attributes on the 
+          It is possible for both style sheets and scripts to verify that they are only used on
+          the intended login form. BASE is setting two data-attributes on the 
           <sgmltag class="starttag">body</sgmltag> tag:
         </para>
@@ -2816 +2817 @@
       </note>
       
+      <sect3 id="extensions_developer.login-form.before-login">
+        <title>The before-login event</title>
+      
+        <para>
+          In BASE 3.19.3 the <code>before-login</code> was introduced. It is a custom event
+          that is sent to the <sgmltag class="starttag">form</sgmltag> tag just before the
+          login form is submitted to the server. Extensions may add event listeners for this
+          event if they need to take some action and they have the possibility to cancel
+          the submission by calling the <code>event.preventDefault()</code> method.
+        </para>
+        
+        <para>
+          This functionality is, for example, used by the <ulink 
+          url="https://baseplugins.thep.lu.se/wiki/net.sf.basedb.webauthn">WebAuthn</ulink> extension,
+          which need to contact the server to get a <emphasis>challenge</emphasis>, ask the user
+          to insert and click on the security key, and then return the signed challenge in the
+          <code>extraField</code> before the login form is actually submitted. Since all of this
+          is handled asynchronously the <code>before-login</code> event need to be cancelled. The login
+          form can be submitted by calling <code>Login.submitLoginForm()</code>.
+        </para>
+      </sect3>
     </sect2>
     

trunk/src/clients/web/net/sf/basedb/clients/web/extensions/JspContext.java

@@ -23 +23 @@
 
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
 
@@ -89 +91 @@
   private final GuiContext guiContext;
   
-  private Set<String> scripts;
-  private Set<String> stylesheets;
+  private boolean needResourcesPerExtension;
+  private Map<String, Set<String>> scripts;
+  private Map<String, Set<String>> stylesheets;
   
   JspContext(SessionControl sc, DbControl dc, 
@@ -100 +103 @@
   }
 
+  /**
+    Set a flag indicating that resources (eg. scripts and stylesheets)
+    should be tracked per extension. If this is set, it is possible to
+    use {@link #getScripts(String)} and {@link #getStylesheets(String)}
+    to get the resources that was added by the given extension.
+    @since 3.19.3
+  */
+  public void setNeedResourcesPerExtension(boolean nrpe)
+  {
+    this.needResourcesPerExtension = nrpe;
+  }
+  
   /**
     Get the JSP Page context object for the current request.
@@ -176 +191 @@
   public void addScript(String absolutePath)
   {
-    if (scripts == null) scripts = new HashSet<String>();
-    scripts.add(absolutePath);
+    if (scripts == null) scripts = new HashMap<>();
+    getSet(scripts, null).add(absolutePath);
+    if (needResourcesPerExtension)
+    {
+      getSet(scripts, getCurrentExtension().getId()).add(absolutePath);
+    }
+  }
+  
+  /**
+    Get the Set that is stored under the given key. If
+    no Set exists it is created and stored in the map.
+  */
+  private Set<String> getSet(Map<String, Set<String>> map, String key)
+  {
+    Set<String> set = map.get(key);
+    if (set == null)
+    {
+      set = new HashSet<>();
+      map.put(key, set);
+    }
+    return set;
   }
   
@@ -200 +234 @@
   public void addStylesheet(String absolutePath)
   {
-    if (stylesheets == null) stylesheets = new HashSet<String>();
-    stylesheets.add(absolutePath);
+    if (stylesheets == null) stylesheets = new HashMap<>();
+    getSet(stylesheets, null).add(absolutePath);
+    if (needResourcesPerExtension)
+    {
+      getSet(stylesheets, getCurrentExtension().getId()).add(absolutePath);
+    }
   }
 
@@ -210 +248 @@
   public Collection<String> getScripts()
   {
-    return scripts;
+    return scripts == null ? null : scripts.get(null);
+  }
+  
+  /**
+    Get all scripts that has been added to this context
+    by the given extension
+    @return A collection of scripts
+    @since 3.19.3
+  */
+  public Collection<String> getScripts(String xtId)
+  {
+    return scripts == null ? null : scripts.get(xtId);
   }
   
@@ -219 +268 @@
   public Collection<String> getStylesheets()
   {
-    return stylesheets;
+    return stylesheets == null ? null : stylesheets.get(null);
+  }
+  
+  /**
+    Get all stylesheets that has been added to this context
+    by the given extension.
+    @return A collection of stylesheets
+    @since 3.19.3
+  */
+  public Collection<String> getStylesheets(String xtId)
+  {
+    return stylesheets == null ? null : stylesheets.get(xtId);
   }
   

trunk/src/clients/web/net/sf/basedb/clients/web/extensions/login/FieldInfo.java

@@ -22 +22 @@
 package net.sf.basedb.clients.web.extensions.login;
 
+import net.sf.basedb.clients.web.extensions.DynamicActionAttributeSupport;
+
 /**
   Information about a the login/password fields on the login form.
@@ -29 +31 @@
 */
 public class FieldInfo 
+  extends DynamicActionAttributeSupport
 {
 

trunk/src/clients/web/net/sf/basedb/clients/web/extensions/login/LoginFormBean.java

@@ -22 +22 @@
 package net.sf.basedb.clients.web.extensions.login;
 
+import net.sf.basedb.clients.web.extensions.DynamicActionAttributeSupport;
+
 /**
   A simple implementation of the {@link LoginFormAction} interface.
@@ -29 +31 @@
 */
 public class LoginFormBean 
+  extends DynamicActionAttributeSupport
   implements LoginFormAction
 {

trunk/src/clients/web/net/sf/basedb/clients/web/taglib/extensions/Scripts.java

@@ -63 +63 @@
     </td>
   </tr>
+  <tr>
+    <td>extension</td>
+    <td>-</td>
+    <td>no</td>
+    <td>
+      If set, only scripts defined by the given extension are 
+      included in the output.
+    </td>
+  </tr>
   </table>
 
@@ -76 +85 @@
   // The JSP context
   private JspContext context = null;
+  // If set, only output scripts defined by the given extension
+  private String extensionId;
 
   public void setContext(JspContext context)
   {
     this.context = context;
+  }
+  
+  /**
+    @since 3.19.3
+  */
+  public void setExtension(String extensionId)
+  {
+    this.extensionId = extensionId;
   }
 
@@ -88 +107 @@
     if (context == null) return SKIP_BODY;
 
-    Collection<String> scripts = context.getScripts();
+    Collection<String> scripts = context.getScripts(extensionId);
     if (scripts == null) return SKIP_BODY;
     

trunk/src/clients/web/net/sf/basedb/clients/web/taglib/extensions/Stylesheets.java

@@ -64 +64 @@
     </td>
   </tr>
+  <tr>
+    <td>extension</td>
+    <td>-</td>
+    <td>no</td>
+    <td>
+      If set, only scripts defined by the given extension are 
+      included in the output.
+    </td>
+  </tr>
   </table>
 
@@ -77 +86 @@
   // The JSP context
   private JspContext context = null;
+  // If set, only output scripts defined by the given extension
+  private String extensionId;
 
   public void setContext(JspContext context)
   {
     this.context = context;
+  }
+  
+  /**
+    @since 3.19.3
+  */
+  public void setExtension(String extensionId)
+  {
+    this.extensionId = extensionId;
   }
 
@@ -89 +108 @@
     if (context == null) return SKIP_BODY;
 
-    Collection<String> stylesheets = context.getStylesheets();
+    Collection<String> stylesheets = context.getStylesheets(extensionId);
     if (stylesheets == null) return SKIP_BODY;
     

trunk/src/core/net/sf/basedb/core/SessionControl.java

@@ -143 +143 @@
   */
   private boolean closed;
+
+  /**
+    Stores name and value of session settings.
+    @since 3.19.3
+  */
+  private Map<String,Object> sessionSettings;
   
   /**
@@ -188 +194 @@
     this.currentClient = parent.currentClient;
     this.remoteId = parent.remoteId;
+    this.sessionSettings = parent.sessionSettings;
     this.dbControlCache = Collections.synchronizedMap(new WeakHashMap<DbControl,String>());
     this.currentContexts = parent.currentContexts;
@@ -219 +226 @@
     this.id = id;
     this.remoteId = remoteId;
+    this.sessionSettings = Collections.synchronizedMap(new HashMap<String,Object>());
     this.dbControlCache = Collections.synchronizedMap(new WeakHashMap<DbControl,String>());
     this.currentContexts = Collections.synchronizedMap(new HashMap<ContextKey, ItemContext>());
@@ -568 +576 @@
     updateLastAccess();
     // Are we already logged in?
-    if (isLoggedIn())
-    {
-      throw new AlreadyLoggedInException(loginInfo.userLogin);
-    }
     if (loginRequest == null) throw new InvalidUseOfNullException("loginRequest");
     if (loginRequest.getLogin() == null) throw new InvalidUseOfNullException("loginRequest.login");
+    if (isLoggedIn() && !loginRequest.isVerifyOnly())
+    {
+      throw new AlreadyLoggedInException(loginInfo.userLogin);
+    }
 
     org.hibernate.Session session = null;
@@ -609 +617 @@
         throw new LoginException(ex.getMessage(), ex);
       }
+      
+      // Return now if the login request is for verification only
+      if (loginRequest.isVerifyOnly()) return;
       
       // The login was ok so far... check device verification
@@ -1237 +1248 @@
     li.userName = userData.getName();
     li.authenticationMethod = authenticationMethod;
-    li.sessionSettings = Collections.synchronizedMap(new HashMap<String,Object>());
     return li;
   }
@@ -2593 +2603 @@
   public <T> T getSessionSetting(String name)
   {
-    return loginInfo == null ? null : (T)loginInfo.sessionSettings.get(name);
+    return (T)sessionSettings.get(name);
   }
 
@@ -2607 +2617 @@
   public <T> T setSessionSetting(String name, Object value)
   {
-    if (loginInfo == null || loginInfo.sessionSettings == null) return null;
     if (value == null)
     {
-      return (T)loginInfo.sessionSettings.remove(name);
+      return (T)sessionSettings.remove(name);
     }
     else
     {
-      return (T)loginInfo.sessionSettings.put(name, value);
+      return (T)sessionSettings.put(name, value);
     }
   }
@@ -2938 +2947 @@
     private Map<String,SettingInfo> userDefaultSettings;
 
-    /**
-      Stores name and value of session settings.
-    */
-    private Map<String,Object> sessionSettings;
-
     private LoginInfo()
     {}
@@ -2961 +2965 @@
       this.userClientSettings = parent.userClientSettings;
       this.userDefaultSettings = parent.userDefaultSettings;
-      this.sessionSettings = parent.sessionSettings;
     }
     

trunk/src/core/net/sf/basedb/core/authentication/LoginRequest.java

@@ -24 +24 @@
 import java.util.HashMap;
 import java.util.Map;
+
+import net.sf.basedb.core.SessionControl;
 
 /**
@@ -34 +36 @@
 public class LoginRequest
 {
-
+  private boolean verifyOnly;
   private int userId;
   private String login;
@@ -86 +88 @@
   }
 
+  /**
+    Set a flag to indicate if the login request should only verify
+    the login parameters and not do a full login.
+    @since 3.19.3
+  */
+  public void setVerifyOnly(boolean verifyOnly)
+  {
+    this.verifyOnly = verifyOnly;
+  }
+  
+  /**
+    If this flag is set, the login parameters are only verified and
+    the actual login is aborted. If the verification is successful, the
+    {@link SessionControl#login(LoginRequest)} returns normally, otherwise
+    an exception is thrown.
+    @since 3.19.3
+  */
+  public boolean isVerifyOnly()
+  {
+    return verifyOnly;
+  }
   
   /**

trunk/src/core/net/sf/basedb/util/extensions/ClientContext.java

@@ -69 +69 @@
   private final SessionControl sc;
   private final DbControl dc;
+  private ExtensionPoint<?> currentXtPoint;
+  private Extension<?> currentXt;
   private Object item;
   private Map<String, Object> attributes;
@@ -173 +175 @@
   {
     this.item = item;
+  }
+  
+  /**
+    Get the currently active extension point.
+    @since 3.19.3
+  */
+  public ExtensionPoint<?> getCurrentExtensionPoint()
+  {
+    return currentXtPoint;
+  }
+  protected void setCurrentExtensionPoint(ExtensionPoint<?> xtPoint)
+  {
+    this.currentXtPoint = xtPoint;
+  }
+  
+  /**
+    Get the currently active extension point.
+    @since 3.19.3
+  */
+  public Extension<?> getCurrentExtension()
+  {
+    return currentXt;
+  }
+  protected void setCurrentExtension(Extension<?> xt)
+  {
+    this.currentXt = xt;
   }
   

trunk/src/core/net/sf/basedb/util/extensions/Registry.java

@@ -673 +673 @@
 
       // YES! ...
+      if (clientContext != null) clientContext.setCurrentExtensionPoint(rep);
       ErrorHandlerFactory ehf = rep.getErrorHandlerFactory();
       ExtensionPointContext<Action> mainContext = new ExtensionPointContext<Action>(this, 
@@ -690 +691 @@
 
         // Create invokation context for the extension
+        if (clientContext != null) clientContext.setCurrentExtension(ext);
         ExtensionContext<A> context = 
           new ExtensionContext(mainContext, ext);

trunk/www/WEB-INF/extensions.tld

@@ -41 +41 @@
       <rtexprvalue>true</rtexprvalue>
     </attribute>
+    <attribute>
+      <name>extension</name>
+      <required>false</required>
+      <rtexprvalue>true</rtexprvalue>
+    </attribute>
   </tag>
 
@@ -50 +55 @@
       <name>context</name>
       <required>true</required>
+      <rtexprvalue>true</rtexprvalue>
+    </attribute>
+    <attribute>
+      <name>extension</name>
+      <required>false</required>
       <rtexprvalue>true</rtexprvalue>
     </attribute>

trunk/www/login.js

@@ -305 +305 @@
       }
     }
+    
+    // Send custom event to let extensions do stuff before submitting
+    Doc.hide('login-error');
+    var evt = new CustomEvent('before-login', { cancelable: true, bubbles: true });
+    if (frm.dispatchEvent(evt)) 
+    {
+      login.submitLoginForm();
+    }
+  }
+  
+  /**
+    Submit the login form with no questions asked.
+  */
+  login.submitLoginForm = function()
+  {
+    var frm = document.forms['login'];
     if (!pUseLastLogin)
     {
@@ -317 +333 @@
       frm.submit();
     }
-    
   }
   

trunk/www/main.jsp

@@ -52 +52 @@
   import="net.sf.basedb.clients.web.extensions.login.FieldInfo"
   import="net.sf.basedb.clients.web.extensions.login.PasswordLoginFormFactory"
+  import="net.sf.basedb.clients.web.extensions.DynamicActionAttributeSupport"
   import="net.sf.basedb.util.Values"
   import="java.util.Date"
@@ -87 +88 @@
   ItemResultIterator<News> news = null;
   JspContext jspContext = ExtensionsControl.createContext(dc, pageContext);
+  jspContext.setNeedResourcesPerExtension(true);
   ExtensionsInvoker<LoginFormAction> invoker = ExtensionsControl.useExtensions(jspContext, "net.sf.basedb.clients.web.login-form");
 
   LoginFormAction loginAction = null;
   String selectedLoginForm = null;
+  String selectedExtension = null;
   Map<String, String> allForms = new TreeMap<String, String>();
   
@@ -109 +112 @@
         loginAction = action;
         selectedLoginForm = formId;
+        selectedExtension = it.getExtension().getId();
       }
     }
@@ -124 +128 @@
   <base:page type="default">
   <base:head styles="login.css" scripts="~login.js">
-    <ext:scripts context="<%=jspContext%>" />
-    <ext:stylesheets context="<%=jspContext%>" />
+    <ext:scripts context="<%=jspContext%>" extension="<%=selectedExtension%>" />
+    <ext:stylesheets context="<%=jspContext%>" extension="<%=selectedExtension%>" />
   </base:head>
   <base:body style="padding-top: 5em;" data-login-form="<%=HTML.encodeTags(selectedLoginForm)%>" data-requested-form="<%=HTML.encodeTags(requestedLoginForm) %>">
-    <form name="login" action="login.jsp" method="post">
+    <form name="login" action="login.jsp" method="post"
+      <%=DynamicActionAttributeSupport.getAttributesString(loginAction)%>
+    >
     <input type="hidden" name="ID" value="<%=ID%>">
     <input type="hidden" name="again" value="<%=again?1:0%>">
@@ -171 +177 @@
         <%
       }
-      if (error != null) 
-      {
-        %>
-        <div class="messagecontainer error" style="margin-top: 1em; margin-bottom: 1em;"><%=error%></div>
-        <%
-      }
       %>
+      <div id="login-error" class="messagecontainer error" 
+        style="margin-top: 1em; margin-bottom: 1em;<%=error==null?"display:none;":""%>">
+        <%=error==null?"":error%>
+      </div>
       <table style="width: 100%; border-collapse: separate;">
       <tr>
@@ -195 +199 @@
                 <%=loginAction.rememberLastLogin() ? "" : "autocomplete=\"off\" data-use-last-login=\"0\""%>
                 maxlength="100" 
-                tabindex="1">
+                tabindex="1"
+                <%=DynamicActionAttributeSupport.getAttributesString(loginField)%>
+                >
               </td>
             </tr>
@@ -207 +213 @@
                 <%=valueIfNotNull("placeholder=\"", passwordField.getPlaceHolder(), "\"") %>
                 maxlength="80"
-                tabindex="2">
+                tabindex="2"
+                <%=DynamicActionAttributeSupport.getAttributesString(passwordField)%>
+                >
               </td>
               <td <%=extraField != null?"rowspan=\"2\"" : "" %> style="vertical-align: bottom;">
@@ -237 +245 @@
                   <%=valueIfNotNull("placeholder=\"", extraField.getPlaceHolder(), "\"") %>
                   maxlength="80"
-                  tabindex="3">
+                  tabindex="3"
+                  <%=DynamicActionAttributeSupport.getAttributesString(extraField)%>
+                  >
                 </td>
               </tr>

trunk/www/switch.jsp

@@ -38 +38 @@
   import="net.sf.basedb.clients.web.extensions.ExtensionsControl"
   import="net.sf.basedb.clients.web.extensions.JspContext"
+  import="net.sf.basedb.clients.web.extensions.DynamicActionAttributeSupport"
   import="net.sf.basedb.clients.web.extensions.login.LoginFormAction"
   import="net.sf.basedb.clients.web.extensions.login.PasswordLoginFormFactory"
@@ -64 +65 @@
 {
   JspContext jspContext = ExtensionsControl.createContext(dc, pageContext);
+  jspContext.setNeedResourcesPerExtension(true);
   ExtensionsInvoker<LoginFormAction> invoker = ExtensionsControl.useExtensions(jspContext, "net.sf.basedb.clients.web.login-form");
 
   LoginFormAction loginAction = null;
   String selectedLoginForm = null;
+  String selectedExtension = null;
   Map<String, String> allForms = new TreeMap<String, String>();
 
@@ -86 +89 @@
         loginAction = action;
         selectedLoginForm = formId;
+        selectedExtension = it.getExtension().getId();
       }
     }
@@ -100 +104 @@
   <base:page type="popup" title="Switch user">
   <base:head styles="login.css" scripts="~login.js">
-    <ext:scripts context="<%=jspContext%>" />
-    <ext:stylesheets context="<%=jspContext%>" />
+    <ext:scripts context="<%=jspContext%>" extension="<%=selectedExtension%>" />
+    <ext:stylesheets context="<%=jspContext%>" extension="<%=selectedExtension%>" />
   </base:head>
   <base:body data-login-form="<%=HTML.encodeTags(selectedLoginForm)%>" data-requested-form="<%=HTML.encodeTags(requestedLoginForm) %>">
     <h1>Switch user <base:help helpid="switchuser" /></h1>
-    <form name="login" action="login.jsp" method="post">
+    <form name="login" action="login.jsp" method="post"
+      <%=DynamicActionAttributeSupport.getAttributesString(loginAction)%>
+    >
     <input type="hidden" name="ID" value="<%=ID%>">
     <input type="hidden" name="again" value="1">
@@ -148 +154 @@
           data-use-last-login="0"
           maxlength="100" 
-          tabindex="0">
+          tabindex="0"
+          <%=DynamicActionAttributeSupport.getAttributesString(loginField)%>
+          >
         </td>
       </tr>
@@ -159 +167 @@
           <%=valueIfNotNull("placeholder=\"", passwordField.getPlaceHolder(), "\"") %>
           maxlength="80"
-          tabindex="0">
+          tabindex="0"
+          <%=DynamicActionAttributeSupport.getAttributesString(passwordField)%>
+          >
         </td>
       </tr>
@@ -174 +184 @@
             <%=valueIfNotNull("placeholder=\"", extraField.getPlaceHolder(), "\"") %>
             maxlength="80"
-            tabindex="0">
+            tabindex="0"
+            <%=DynamicActionAttributeSupport.getAttributesString(extraField)%>
+            >
           </td>
         </tr>
@@ -194 +206 @@
             <%=loginAction.getHelp() %>
             </div>
+            <div id="login-error" class="messagecontainer error" 
+              style="margin-top: 1em; margin-bottom: 1em; display:none;">
+            </div>
           </div>
           </td>
@@ -204 +219 @@
         <tr class="dynamic">
           <th></th>
-          <td></td>
+          <td>
+            <div id="login-error" class="messagecontainer error" 
+              style="margin-top: 1em; margin-bottom: 1em; display:none;">
+            </div>
+          </td>
         </tr>
         <%