forked from langdev/langdev.org-old
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.html
128 lines (114 loc) · 4.12 KB
/
app.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
{% extends 'thirdparty/base.html' %}
{% from 'form.html' import render_raw_form %}
{% block body %}
<dl class="application">
<dt class="title">Title</dt>
<dd class="Title">{{ app }}</dd>
<dt class="url">Website</dt>
<dd class="url"><a href="{{ app.url }}">{{ app.url }}</a></dd>
<dt class="key">Key</dt>
<dd class="key"><code>{{ app.key }}</code></dd>
<dt class="secret-key">Secret Key</dt>
<dd class="secret-key"><code>{{ app.secret_key }}</code></dd>
<dt class="owner">Owner</dt>
<dd class="owner">
<a href="{{ url_for('user.profile', user_login=app.owner.login) }}">
{{- app.owner }}</a></dd>
<dt class="description">Description</dt>
<dd class="description">{{ app.description }}</dd>
</dl>
<h2>Hashing</h2>
<p>Use HMAC with SHA1. All strings have to be UTF-8-encoded before hashing.
See the following example table:</p>
<table>
<thead>
<tr>
<th>String</th>
<th>Hash</th>
</tr>
</thead>
<tbody>
{% for s in ('hello', app.title, current_user.name) %}
<tr>
<td><code>{{ s }}</code></td>
<td><code>{{ app.hmac(s) }}</code></td>
</tr>
{% endfor %}
</tbody>
</table>
<h2><abbr title="Single Sign-on">SSO</abbr></h2>
<h3><code>POST
{{ url_for('sso', app_key='yourappkey', user_login='userlogin')
| replace('yourappkey', '<var>YourAppKey</var>')
| replace('userlogin', '<var>UserLoginOrEmail</var>')
| safe}}</code></h3>
<dl class="parameters">
<dt><code>password</code></dt>
<dd>(Required.)
HMAC+SHA1 hased hexadecimal digest of (MD5 hashed hexadecimal digest
of input password).
<code>hmac-hexdigest(md5-hexdigest(input-password), app-secret-key,
sha1)</code>.</dd>
<dt><code>digestmod</code></dt>
<dd>(Optional.)
Hash algorithm. Currently supports <code>sha1</code> only.
Default is <code>sha1</code></dd>
</dl>
<h3>Request example</h3>
<p>Assume that user input password is: <code>hello</code>.</p>
<p>MD5-hashed hexadecimal digest of <code>hello</code> is:
<code>5d41402abc4b2a76b9719d911017c592</code>.</p>
<p>HMAC+SHA1 hashed (when secret key is <code>{{ app.secret_key }}</code>)
hexadecimal digest of <code>5d41402abc4b2a76b9719d911017c592</code> is:
<code>{{ app.hmac('5d41402abc4b2a76b9719d911017c592') }}</code>.</p>
<pre>POST {{ url_for('sso', app_key=app.key,
user_login=current_user.login) }} HTTP/1.1
Host: {{ request.host }}
Accept: application/json
Content-Type: application/x-www-form-urlencoded
password={{- app.hmac('5d41402abc4b2a76b9719d911017c592') -}}
</pre>
<h3>Response example: when password is correct</h3>
<pre>HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json
true</pre>
<h3>Response example: when password is incorrect</h3>
<pre>HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json
false</pre>
<h3>Response example: when user doesn't exist</h3>
<pre>HTTP/1.1 404 Not Found
Content-Type: text/html
{{ '''
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL was not found on the server.</p>
<p>If you entered the URL manually please check your spelling and try again.</p>
''' -}}
</pre>
<p>If you want to show just <code>false</code> instead of 404 Not Found
even if there is no given user, give <code>error=ignore</code> option into
request.</p>
<h3>Request the user information</h3>
<p>If you need the information of given user when the authentication has
succeed, give <code>with=userinfo</code> option into request.</p>
<h3>Response example: when <code>with=userinfo</code> option was given</h3>
<pre>HTTP/1.1 200 OK
Vary: Accept
Content-Type: application/json
{{ require('langdev.web.serializers').json(current_user) }}</pre>
<h2>Delete</h2>
{% call render_raw_form('delete_app', app_key=app.key) %}
<input type="submit" value="Delete" />
{% endcall %}
<script>
// <![CDATA[
$('form').submit(function() {
return window.confirm('This action is permanent. Continue?');
});
// ]]>
</script>
{% endblock %}