diff options
author | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2017-12-14 17:49:25 +0100 |
---|---|---|
committer | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2017-12-14 17:49:25 +0100 |
commit | 2e810e7d86eae7fce73f72d1b83a01e7607a357d (patch) | |
tree | ce2df07e436a118e6cf245246affef455a3146bf /src/identity-provider/plugin_rest_identity_provider.c | |
parent | c781756495ea853f3c9f78d7dad7002d0bdc4180 (diff) | |
parent | a38dbfc3c3b80214d2eb1a165c1d8c123c73c8ae (diff) | |
download | gnunet-2e810e7d86eae7fce73f72d1b83a01e7607a357d.tar.gz gnunet-2e810e7d86eae7fce73f72d1b83a01e7607a357d.zip |
-merge
Diffstat (limited to 'src/identity-provider/plugin_rest_identity_provider.c')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 349 |
1 files changed, 273 insertions, 76 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 4a03221a0..bf0ce9053 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -71,6 +71,11 @@ | |||
71 | #define GNUNET_REST_API_NS_AUTHORIZE "/idp/authorize" | 71 | #define GNUNET_REST_API_NS_AUTHORIZE "/idp/authorize" |
72 | 72 | ||
73 | /** | 73 | /** |
74 | * Login namespace | ||
75 | */ | ||
76 | #define GNUNET_REST_API_NS_LOGIN "/idp/login" | ||
77 | |||
78 | /** | ||
74 | * Attribute key | 79 | * Attribute key |
75 | */ | 80 | */ |
76 | #define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute" | 81 | #define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute" |
@@ -127,6 +132,11 @@ | |||
127 | #define OIDC_NONCE_KEY "nonce" | 132 | #define OIDC_NONCE_KEY "nonce" |
128 | 133 | ||
129 | /** | 134 | /** |
135 | * OIDC authorization header key | ||
136 | */ | ||
137 | #define OIDC_AUTHORIZATION_HEADER_KEY "Authorization" | ||
138 | |||
139 | /** | ||
130 | * OIDC expected response_type while authorizing | 140 | * OIDC expected response_type while authorizing |
131 | */ | 141 | */ |
132 | #define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" | 142 | #define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" |
@@ -153,6 +163,11 @@ char* OIDC_ignored_parameter_array [] = | |||
153 | }; | 163 | }; |
154 | 164 | ||
155 | /** | 165 | /** |
166 | * OIDC authorized identities and times hashmap | ||
167 | */ | ||
168 | struct GNUNET_CONTAINER_MultiHashMap *OIDC_authorized_identities; | ||
169 | |||
170 | /** | ||
156 | * The configuration handle | 171 | * The configuration handle |
157 | */ | 172 | */ |
158 | const struct GNUNET_CONFIGURATION_Handle *cfg; | 173 | const struct GNUNET_CONFIGURATION_Handle *cfg; |
@@ -296,6 +311,16 @@ struct RequestHandle | |||
296 | char *emsg; | 311 | char *emsg; |
297 | 312 | ||
298 | /** | 313 | /** |
314 | * Error response uri | ||
315 | */ | ||
316 | char *eredirect; | ||
317 | |||
318 | /** | ||
319 | * Error response description | ||
320 | */ | ||
321 | char *edesc; | ||
322 | |||
323 | /** | ||
299 | * Reponse code | 324 | * Reponse code |
300 | */ | 325 | */ |
301 | int response_code; | 326 | int response_code; |
@@ -377,6 +402,28 @@ do_error (void *cls) | |||
377 | } | 402 | } |
378 | 403 | ||
379 | /** | 404 | /** |
405 | * Task run on error, sends error message. Cleans up everything. | ||
406 | * | ||
407 | * @param cls the `struct RequestHandle` | ||
408 | */ | ||
409 | static void | ||
410 | do_redirect_error (void *cls) | ||
411 | { | ||
412 | struct RequestHandle *handle = cls; | ||
413 | struct MHD_Response *resp; | ||
414 | char* redirect; | ||
415 | //TODO handle->url is wrong | ||
416 | GNUNET_asprintf (&redirect, | ||
417 | "%s?error=%s&error_description=%s", | ||
418 | handle->eredirect, handle->emsg, handle->edesc ); | ||
419 | resp = GNUNET_REST_create_response (""); | ||
420 | MHD_add_response_header (resp, "Location", redirect); | ||
421 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
422 | cleanup_handle (handle); | ||
423 | GNUNET_free (redirect); | ||
424 | } | ||
425 | |||
426 | /** | ||
380 | * Task run on timeout, sends error message. Cleans up everything. | 427 | * Task run on timeout, sends error message. Cleans up everything. |
381 | * | 428 | * |
382 | * @param cls the `struct RequestHandle` | 429 | * @param cls the `struct RequestHandle` |
@@ -1086,21 +1133,18 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1086 | { | 1133 | { |
1087 | struct MHD_Response *resp; | 1134 | struct MHD_Response *resp; |
1088 | struct RequestHandle *handle = cls; | 1135 | struct RequestHandle *handle = cls; |
1089 | char *response_type; | 1136 | char *response_type, *client_id, *scope, *redirect_uri, *state = 0, |
1090 | char *client_id; | 1137 | *nonce = 0; |
1091 | char *scope; | 1138 | struct timeval now, login_time; |
1092 | char *redirect_uri; | 1139 | OIDC_authorized_identities = GNUNET_CONTAINER_multihashmap_create( 10, GNUNET_NO ); |
1093 | char *state; | 1140 | char *login_base_url, *new_redirect; |
1094 | char *nonce; | 1141 | struct GNUNET_HashCode cache_key; |
1095 | 1142 | ||
1096 | //TODO clean up method | 1143 | //TODO clean up method |
1097 | 1144 | ||
1098 | /** The Authorization Server MUST validate all the OAuth 2.0 parameters | 1145 | /** The Authorization Server MUST validate all the OAuth 2.0 parameters |
1099 | * according to the OAuth 2.0 specification. | 1146 | * according to the OAuth 2.0 specification. |
1100 | */ | 1147 | */ |
1101 | /** The Authorization Server MUST verify that all the REQUIRED parameters | ||
1102 | * are present and their usage conforms to this specification. | ||
1103 | */ | ||
1104 | /** | 1148 | /** |
1105 | * If the sub (subject) Claim is requested with a specific value for the | 1149 | * If the sub (subject) Claim is requested with a specific value for the |
1106 | * ID Token, the Authorization Server MUST only send a positive response | 1150 | * ID Token, the Authorization Server MUST only send a positive response |
@@ -1115,74 +1159,104 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1115 | */ | 1159 | */ |
1116 | 1160 | ||
1117 | 1161 | ||
1118 | int size=sizeof(OIDC_ignored_parameter_array)/sizeof(char *); | ||
1119 | 1162 | ||
1120 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Size %i = 8\n", size); | 1163 | // REQUIRED value: client_id |
1121 | 1164 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | |
1122 | struct GNUNET_HashCode cache_key; | 1165 | &cache_key); |
1123 | |||
1124 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | ||
1125 | &cache_key); | ||
1126 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1166 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1127 | &cache_key)) | 1167 | &cache_key)) |
1128 | { | 1168 | { |
1129 | //TODO error | 1169 | handle->emsg=GNUNET_strdup("invalid_request"); |
1130 | 1170 | handle->edesc=GNUNET_strdup("Missing parameter: client_id"); | |
1171 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1172 | return; | ||
1131 | } | 1173 | } |
1132 | response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1174 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1133 | &cache_key); | 1175 | &cache_key); |
1134 | |||
1135 | 1176 | ||
1136 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), | 1177 | // Checks if client_id is valid: |
1178 | // TODO change check (lookup trusted public_key?) | ||
1179 | // if( strcmp( client_id, "localhost" ) != 0 ) | ||
1180 | // { | ||
1181 | // handle->emsg=GNUNET_strdup("unauthorized_client"); | ||
1182 | // handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1183 | // GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1184 | // return; | ||
1185 | // } | ||
1186 | |||
1187 | // REQUIRED value: redirect_uri | ||
1188 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | ||
1137 | &cache_key); | 1189 | &cache_key); |
1138 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1190 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1139 | &cache_key)) | 1191 | &cache_key)) |
1140 | { | 1192 | { |
1141 | //TODO error | 1193 | handle->emsg=GNUNET_strdup("invalid_request"); |
1194 | handle->edesc=GNUNET_strdup("Missing parameter: redirect_uri"); | ||
1195 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1196 | return; | ||
1142 | } | 1197 | } |
1143 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1198 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1144 | &cache_key); | 1199 | &cache_key); |
1145 | 1200 | ||
1146 | //TODO verify if client_id is in delegation from selected identity, i.e. use GNUNET_NAMESTORE_zone_to_name() to verify | 1201 | // Checks if redirect_uri is valid: |
1147 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); | 1202 | // TODO change check (check client_id->public key == address) |
1203 | // if( strcmp( redirect_uri, "https://localhost:8000" ) != 0 ) | ||
1204 | // { | ||
1205 | // handle->emsg=GNUNET_strdup("invalid_request"); | ||
1206 | // handle->edesc=GNUNET_strdup("Invalid or mismatching redirect_uri"); | ||
1207 | // GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1208 | // return; | ||
1209 | // } | ||
1210 | handle->eredirect = GNUNET_strdup(redirect_uri); | ||
1211 | |||
1212 | // REQUIRED value: response_type | ||
1213 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), | ||
1214 | &cache_key); | ||
1148 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1215 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1149 | &cache_key)) | 1216 | &cache_key)) |
1150 | { | 1217 | { |
1151 | //TODO error | 1218 | handle->emsg=GNUNET_strdup("invalid_request"); |
1219 | handle->edesc=GNUNET_strdup("Missing parameter: response_type"); | ||
1220 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1221 | return; | ||
1152 | } | 1222 | } |
1153 | scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1223 | response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1154 | &cache_key); | 1224 | &cache_key); |
1155 | 1225 | ||
1156 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1226 | // REQUIRED value: scope |
1157 | &cache_key); | 1227 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); |
1158 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1228 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1159 | &cache_key)) | 1229 | &cache_key)) |
1160 | { | 1230 | { |
1161 | //TODO error | 1231 | handle->emsg=GNUNET_strdup("invalid_request"); |
1232 | handle->edesc=GNUNET_strdup("Missing parameter: scope"); | ||
1233 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1234 | return; | ||
1162 | } | 1235 | } |
1163 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1236 | scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1164 | &cache_key); | 1237 | &cache_key); |
1165 | 1238 | ||
1239 | //RECOMMENDED value: state | ||
1166 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); | 1240 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); |
1167 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1241 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1168 | &cache_key)) | 1242 | &cache_key)) |
1169 | { | 1243 | { |
1170 | //TODO error | 1244 | state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1245 | &cache_key); | ||
1171 | } | 1246 | } |
1172 | state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1173 | &cache_key); | ||
1174 | 1247 | ||
1248 | //OPTIONAL value: nonce | ||
1175 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); | 1249 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); |
1176 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1250 | if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1177 | &cache_key)) | 1251 | &cache_key)) |
1178 | { | 1252 | { |
1179 | //TODO error | 1253 | nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1254 | &cache_key); | ||
1180 | } | 1255 | } |
1181 | nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1182 | &cache_key); | ||
1183 | 1256 | ||
1257 | int number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *); | ||
1184 | int iterator; | 1258 | int iterator; |
1185 | for( iterator = 0; iterator < size; iterator++ ) | 1259 | for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ ) |
1186 | { | 1260 | { |
1187 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | 1261 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], |
1188 | strlen(OIDC_ignored_parameter_array[iterator]), | 1262 | strlen(OIDC_ignored_parameter_array[iterator]), |
@@ -1190,61 +1264,183 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1190 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, | 1264 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, |
1191 | &cache_key)) | 1265 | &cache_key)) |
1192 | { | 1266 | { |
1193 | //TODO error | 1267 | handle->emsg=GNUNET_strdup("access_denied"); |
1268 | //TODO rewrite error description | ||
1269 | handle->edesc=GNUNET_strdup("Server will not handle parameter"); | ||
1270 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1271 | return; | ||
1194 | } | 1272 | } |
1195 | } | 1273 | } |
1196 | 1274 | ||
1197 | 1275 | // Checks if response_type is 'code' | |
1198 | //response_type = code | ||
1199 | if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 ) | 1276 | if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 ) |
1200 | { | 1277 | { |
1201 | //TODO error | 1278 | handle->emsg=GNUNET_strdup("unsupported_response_type"); |
1279 | handle->edesc=GNUNET_strdup("The authorization server does not support " | ||
1280 | "obtaining this authorization code."); | ||
1281 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1282 | return; | ||
1202 | } | 1283 | } |
1203 | //scope contains openid | 1284 | // Checks if scope contains 'openid' |
1204 | if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL ) | 1285 | if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL ) |
1205 | { | 1286 | { |
1206 | handle->emsg=GNUNET_strdup("invalid_scope"); | 1287 | handle->emsg=GNUNET_strdup("invalid_scope"); |
1207 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1288 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " |
1208 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1289 | "malformed."); |
1290 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1209 | return; | 1291 | return; |
1210 | } | 1292 | } |
1211 | 1293 | ||
1294 | |||
1212 | //TODO check other values and use them accordingly | 1295 | //TODO check other values and use them accordingly |
1213 | 1296 | ||
1214 | 1297 | ||
1215 | char* login_base_url; | ||
1216 | 1298 | ||
1217 | // if(){ | 1299 | |
1218 | // | 1300 | //if header-authorization == ID |
1219 | // }else{ | 1301 | //if ID is still logged |
1220 | // | 1302 | // ego get Public Key of Identity |
1221 | // } | 1303 | // return token with public key? |
1222 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, | 1304 | // save request |
1223 | "identity-rest-plugin", | 1305 | |
1224 | "address", | 1306 | GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY, |
1225 | &login_base_url)) | 1307 | strlen (OIDC_AUTHORIZATION_HEADER_KEY), |
1308 | &cache_key); | ||
1309 | //No Authorization Parameter -> redirect to login | ||
1310 | if(GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(con_handle->header_param_map, | ||
1311 | &cache_key)) | ||
1226 | { | 1312 | { |
1227 | char* new_redirect; | 1313 | if ( GNUNET_OK |
1228 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 1314 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
1229 | login_base_url, | 1315 | "address", &login_base_url) ) |
1230 | OIDC_RESPONSE_TYPE_KEY, response_type, | 1316 | { |
1231 | OIDC_CLIENT_ID_KEY, client_id, | 1317 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
1232 | OIDC_REDIRECT_URI_KEY, redirect_uri, | 1318 | login_base_url, |
1233 | OIDC_SCOPE_KEY, scope, | 1319 | OIDC_RESPONSE_TYPE_KEY, |
1234 | OIDC_STATE_KEY, state, | 1320 | response_type, |
1235 | OIDC_NONCE_KEY, nonce | 1321 | OIDC_CLIENT_ID_KEY, |
1236 | ); | 1322 | client_id, |
1323 | OIDC_REDIRECT_URI_KEY, | ||
1324 | redirect_uri, | ||
1325 | OIDC_SCOPE_KEY, | ||
1326 | scope, | ||
1327 | OIDC_STATE_KEY, | ||
1328 | (state) ? state : "", | ||
1329 | OIDC_NONCE_KEY, | ||
1330 | (nonce) ? nonce : ""); | ||
1331 | resp = GNUNET_REST_create_response (""); | ||
1332 | MHD_add_response_header (resp, "Location", new_redirect); | ||
1333 | } | ||
1334 | else | ||
1335 | { | ||
1336 | handle->emsg = GNUNET_strdup("No server configuration"); | ||
1337 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1338 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1339 | return; | ||
1340 | } | ||
1341 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
1342 | cleanup_handle (handle); | ||
1343 | GNUNET_free(new_redirect); | ||
1344 | return; | ||
1345 | } | ||
1346 | else | ||
1347 | { | ||
1348 | char* identity = GNUNET_CONTAINER_multihashmap_get ( con_handle->header_param_map, | ||
1349 | &cache_key); | ||
1350 | GNUNET_CRYPTO_hash (identity, strlen (identity), &cache_key); | ||
1351 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_authorized_identities, | ||
1352 | &cache_key)) | ||
1353 | { | ||
1354 | login_time = *(struct timeval *)GNUNET_CONTAINER_multihashmap_get(OIDC_authorized_identities, | ||
1355 | &cache_key); | ||
1356 | gettimeofday(&now, NULL); | ||
1357 | //After 30 minutes redirect to login | ||
1358 | if( now.tv_sec - login_time.tv_sec >= 1800) | ||
1359 | { | ||
1360 | //TODO remove redundancy [redirect to login] | ||
1361 | if ( GNUNET_OK | ||
1362 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | ||
1363 | "address", &login_base_url) ) | ||
1364 | { | ||
1365 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | ||
1366 | login_base_url, | ||
1367 | OIDC_RESPONSE_TYPE_KEY, | ||
1368 | response_type, | ||
1369 | OIDC_CLIENT_ID_KEY, | ||
1370 | client_id, | ||
1371 | OIDC_REDIRECT_URI_KEY, | ||
1372 | redirect_uri, | ||
1373 | OIDC_SCOPE_KEY, | ||
1374 | scope, | ||
1375 | OIDC_STATE_KEY, | ||
1376 | (state) ? state : "", | ||
1377 | OIDC_NONCE_KEY, | ||
1378 | (nonce) ? nonce : ""); | ||
1379 | resp = GNUNET_REST_create_response (""); | ||
1380 | MHD_add_response_header (resp, "Location", new_redirect); | ||
1381 | } | ||
1382 | else | ||
1383 | { | ||
1384 | handle->emsg = GNUNET_strdup("No server configuration"); | ||
1385 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1386 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1387 | return; | ||
1388 | } | ||
1389 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
1390 | cleanup_handle (handle); | ||
1391 | GNUNET_free(new_redirect); | ||
1392 | return; | ||
1393 | } | ||
1394 | } | ||
1395 | else | ||
1396 | { | ||
1397 | gettimeofday( &now, NULL ); | ||
1398 | GNUNET_CONTAINER_multihashmap_put( OIDC_authorized_identities, &cache_key, &now, | ||
1399 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); | ||
1400 | } | ||
1237 | resp = GNUNET_REST_create_response (""); | 1401 | resp = GNUNET_REST_create_response (""); |
1238 | MHD_add_response_header (resp, "Location", new_redirect); | 1402 | // MHD_add_response_header (resp, "Access-Control-Allow-Origin", "*"); |
1239 | }else{ | 1403 | MHD_add_response_header (resp, "Location", redirect_uri); |
1240 | handle->emsg=GNUNET_strdup("No server on localhost:8000"); | 1404 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1241 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1405 | cleanup_handle (handle); |
1242 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1243 | return; | 1406 | return; |
1244 | } | 1407 | } |
1408 | } | ||
1245 | 1409 | ||
1246 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1410 | |
1411 | /** | ||
1412 | * Respond to LOGIN request | ||
1413 | * | ||
1414 | * @param con_handle the connection handle | ||
1415 | * @param url the url | ||
1416 | * @param cls the RequestHandle | ||
1417 | */ | ||
1418 | static void | ||
1419 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, | ||
1420 | const char* url, | ||
1421 | void *cls) | ||
1422 | { | ||
1423 | struct MHD_Response *resp = GNUNET_REST_create_response (""); | ||
1424 | struct RequestHandle *handle = cls; | ||
1425 | char* cookie; | ||
1426 | json_t *root; | ||
1427 | json_error_t error; | ||
1428 | json_t *identity; | ||
1429 | root = json_loads( handle->rest_handle->data, 0, &error ); | ||
1430 | identity = json_object_get(root, "identity"); | ||
1431 | if(json_is_string(identity)) | ||
1432 | { | ||
1433 | GNUNET_asprintf(&cookie,"Identity=%s",json_string_value(identity)); | ||
1434 | MHD_add_response_header (resp, "Set-Cookie", cookie); | ||
1435 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
1436 | } | ||
1437 | else | ||
1438 | { | ||
1439 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | ||
1440 | } | ||
1441 | json_decref(root); | ||
1247 | cleanup_handle (handle); | 1442 | cleanup_handle (handle); |
1443 | GNUNET_free(cookie); | ||
1248 | return; | 1444 | return; |
1249 | } | 1445 | } |
1250 | 1446 | ||
@@ -1262,6 +1458,7 @@ init_cont (struct RequestHandle *handle) | |||
1262 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, | 1458 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont}, |
1263 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, | 1459 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont}, |
1264 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont}, | 1460 | {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont}, |
1461 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont}, | ||
1265 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont}, | 1462 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont}, |
1266 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, | 1463 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont}, |
1267 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont}, | 1464 | {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont}, |