diff options
author | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2017-12-14 17:59:16 +0100 |
---|---|---|
committer | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2017-12-14 17:59:16 +0100 |
commit | 3428214e4513e1539256b19502ffb085539e01b3 (patch) | |
tree | 901c76ec821c884c5b096f3150a9a2d0abf6925a /src/identity-provider/plugin_rest_identity_provider.c | |
parent | 2e810e7d86eae7fce73f72d1b83a01e7607a357d (diff) | |
download | gnunet-3428214e4513e1539256b19502ffb085539e01b3.tar.gz gnunet-3428214e4513e1539256b19502ffb085539e01b3.zip |
-add todos; cleanup
Diffstat (limited to 'src/identity-provider/plugin_rest_identity_provider.c')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 123 |
1 files changed, 65 insertions, 58 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index bf0ce9053..30847ed3f 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -1133,8 +1133,13 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1133 | { | 1133 | { |
1134 | struct MHD_Response *resp; | 1134 | struct MHD_Response *resp; |
1135 | struct RequestHandle *handle = cls; | 1135 | struct RequestHandle *handle = cls; |
1136 | char *response_type, *client_id, *scope, *redirect_uri, *state = 0, | 1136 | char *response_type; |
1137 | *nonce = 0; | 1137 | char *client_id; |
1138 | char *scope; | ||
1139 | char *redirect_uri; | ||
1140 | char *state = NULL; | ||
1141 | char *nonce = NULL; | ||
1142 | //TODO use gnunet_time_lib | ||
1138 | struct timeval now, login_time; | 1143 | struct timeval now, login_time; |
1139 | OIDC_authorized_identities = GNUNET_CONTAINER_multihashmap_create( 10, GNUNET_NO ); | 1144 | OIDC_authorized_identities = GNUNET_CONTAINER_multihashmap_create( 10, GNUNET_NO ); |
1140 | char *login_base_url, *new_redirect; | 1145 | char *login_base_url, *new_redirect; |
@@ -1175,6 +1180,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1175 | &cache_key); | 1180 | &cache_key); |
1176 | 1181 | ||
1177 | // Checks if client_id is valid: | 1182 | // Checks if client_id is valid: |
1183 | // TODO use GNUNET_NAMESTORE_zone_to_name() function to verify that a delegation to the client_id exists | ||
1178 | // TODO change check (lookup trusted public_key?) | 1184 | // TODO change check (lookup trusted public_key?) |
1179 | // if( strcmp( client_id, "localhost" ) != 0 ) | 1185 | // if( strcmp( client_id, "localhost" ) != 0 ) |
1180 | // { | 1186 | // { |
@@ -1185,6 +1191,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1185 | // } | 1191 | // } |
1186 | 1192 | ||
1187 | // REQUIRED value: redirect_uri | 1193 | // REQUIRED value: redirect_uri |
1194 | // TODO verify the redirect uri matches https://<client_id>.zkey[/xyz] | ||
1188 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1195 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
1189 | &cache_key); | 1196 | &cache_key); |
1190 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1197 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
@@ -1308,26 +1315,26 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1308 | &cache_key); | 1315 | &cache_key); |
1309 | //No Authorization Parameter -> redirect to login | 1316 | //No Authorization Parameter -> redirect to login |
1310 | if(GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(con_handle->header_param_map, | 1317 | if(GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(con_handle->header_param_map, |
1311 | &cache_key)) | 1318 | &cache_key)) |
1312 | { | 1319 | { |
1313 | if ( GNUNET_OK | 1320 | if ( GNUNET_OK |
1314 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | 1321 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
1315 | "address", &login_base_url) ) | 1322 | "address", &login_base_url) ) |
1316 | { | 1323 | { |
1317 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 1324 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
1318 | login_base_url, | 1325 | login_base_url, |
1319 | OIDC_RESPONSE_TYPE_KEY, | 1326 | OIDC_RESPONSE_TYPE_KEY, |
1320 | response_type, | 1327 | response_type, |
1321 | OIDC_CLIENT_ID_KEY, | 1328 | OIDC_CLIENT_ID_KEY, |
1322 | client_id, | 1329 | client_id, |
1323 | OIDC_REDIRECT_URI_KEY, | 1330 | OIDC_REDIRECT_URI_KEY, |
1324 | redirect_uri, | 1331 | redirect_uri, |
1325 | OIDC_SCOPE_KEY, | 1332 | OIDC_SCOPE_KEY, |
1326 | scope, | 1333 | scope, |
1327 | OIDC_STATE_KEY, | 1334 | OIDC_STATE_KEY, |
1328 | (state) ? state : "", | 1335 | (NULL == state) ? state : "", |
1329 | OIDC_NONCE_KEY, | 1336 | OIDC_NONCE_KEY, |
1330 | (nonce) ? nonce : ""); | 1337 | (NULL == nonce) ? nonce : ""); |
1331 | resp = GNUNET_REST_create_response (""); | 1338 | resp = GNUNET_REST_create_response (""); |
1332 | MHD_add_response_header (resp, "Location", new_redirect); | 1339 | MHD_add_response_header (resp, "Location", new_redirect); |
1333 | } | 1340 | } |
@@ -1346,60 +1353,60 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1346 | else | 1353 | else |
1347 | { | 1354 | { |
1348 | char* identity = GNUNET_CONTAINER_multihashmap_get ( con_handle->header_param_map, | 1355 | char* identity = GNUNET_CONTAINER_multihashmap_get ( con_handle->header_param_map, |
1349 | &cache_key); | 1356 | &cache_key); |
1350 | GNUNET_CRYPTO_hash (identity, strlen (identity), &cache_key); | 1357 | GNUNET_CRYPTO_hash (identity, strlen (identity), &cache_key); |
1351 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_authorized_identities, | 1358 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_authorized_identities, |
1352 | &cache_key)) | 1359 | &cache_key)) |
1353 | { | 1360 | { |
1354 | login_time = *(struct timeval *)GNUNET_CONTAINER_multihashmap_get(OIDC_authorized_identities, | 1361 | login_time = *(struct timeval *)GNUNET_CONTAINER_multihashmap_get(OIDC_authorized_identities, |
1355 | &cache_key); | 1362 | &cache_key); |
1356 | gettimeofday(&now, NULL); | 1363 | gettimeofday(&now, NULL); |
1357 | //After 30 minutes redirect to login | 1364 | //After 30 minutes redirect to login |
1358 | if( now.tv_sec - login_time.tv_sec >= 1800) | 1365 | if( now.tv_sec - login_time.tv_sec >= 1800) |
1359 | { | 1366 | { |
1360 | //TODO remove redundancy [redirect to login] | 1367 | //TODO remove redundancy [redirect to login] |
1361 | if ( GNUNET_OK | 1368 | if ( GNUNET_OK |
1362 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | 1369 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
1363 | "address", &login_base_url) ) | 1370 | "address", &login_base_url) ) |
1364 | { | 1371 | { |
1365 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 1372 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
1366 | login_base_url, | 1373 | login_base_url, |
1367 | OIDC_RESPONSE_TYPE_KEY, | 1374 | OIDC_RESPONSE_TYPE_KEY, |
1368 | response_type, | 1375 | response_type, |
1369 | OIDC_CLIENT_ID_KEY, | 1376 | OIDC_CLIENT_ID_KEY, |
1370 | client_id, | 1377 | client_id, |
1371 | OIDC_REDIRECT_URI_KEY, | 1378 | OIDC_REDIRECT_URI_KEY, |
1372 | redirect_uri, | 1379 | redirect_uri, |
1373 | OIDC_SCOPE_KEY, | 1380 | OIDC_SCOPE_KEY, |
1374 | scope, | 1381 | scope, |
1375 | OIDC_STATE_KEY, | 1382 | OIDC_STATE_KEY, |
1376 | (state) ? state : "", | 1383 | (state) ? state : "", |
1377 | OIDC_NONCE_KEY, | 1384 | OIDC_NONCE_KEY, |
1378 | (nonce) ? nonce : ""); | 1385 | (nonce) ? nonce : ""); |
1379 | resp = GNUNET_REST_create_response (""); | 1386 | resp = GNUNET_REST_create_response (""); |
1380 | MHD_add_response_header (resp, "Location", new_redirect); | 1387 | MHD_add_response_header (resp, "Location", new_redirect); |
1381 | } | 1388 | } |
1382 | else | 1389 | else |
1383 | { | 1390 | { |
1384 | handle->emsg = GNUNET_strdup("No server configuration"); | 1391 | handle->emsg = GNUNET_strdup("No server configuration"); |
1385 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1392 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1386 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1393 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1387 | return; | 1394 | return; |
1388 | } | 1395 | } |
1389 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1396 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1390 | cleanup_handle (handle); | 1397 | cleanup_handle (handle); |
1391 | GNUNET_free(new_redirect); | 1398 | GNUNET_free(new_redirect); |
1392 | return; | 1399 | return; |
1393 | } | 1400 | } |
1394 | } | 1401 | } |
1395 | else | 1402 | else |
1396 | { | 1403 | { |
1397 | gettimeofday( &now, NULL ); | 1404 | gettimeofday( &now, NULL ); |
1398 | GNUNET_CONTAINER_multihashmap_put( OIDC_authorized_identities, &cache_key, &now, | 1405 | GNUNET_CONTAINER_multihashmap_put( OIDC_authorized_identities, &cache_key, &now, |
1399 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); | 1406 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); |
1400 | } | 1407 | } |
1401 | resp = GNUNET_REST_create_response (""); | 1408 | resp = GNUNET_REST_create_response (""); |
1402 | // MHD_add_response_header (resp, "Access-Control-Allow-Origin", "*"); | 1409 | // MHD_add_response_header (resp, "Access-Control-Allow-Origin", "*"); |
1403 | MHD_add_response_header (resp, "Location", redirect_uri); | 1410 | MHD_add_response_header (resp, "Location", redirect_uri); |
1404 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1411 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1405 | cleanup_handle (handle); | 1412 | cleanup_handle (handle); |
@@ -1417,8 +1424,8 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1417 | */ | 1424 | */ |
1418 | static void | 1425 | static void |
1419 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, | 1426 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, |
1420 | const char* url, | 1427 | const char* url, |
1421 | void *cls) | 1428 | void *cls) |
1422 | { | 1429 | { |
1423 | struct MHD_Response *resp = GNUNET_REST_create_response (""); | 1430 | struct MHD_Response *resp = GNUNET_REST_create_response (""); |
1424 | struct RequestHandle *handle = cls; | 1431 | struct RequestHandle *handle = cls; |