diff options
author | Phil <phil.buschmann@tum.de> | 2017-12-07 13:03:56 +0000 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2017-12-07 13:03:56 +0000 |
commit | 089a4f09b10e80dc5443f7be66eb07a6b8f76b3a (patch) | |
tree | b9d926c7c3aed3f1cf8cac460dd035af4d758742 /src/identity-provider | |
parent | cd0ff18525770f9f3578c90a2dc6938911c910df (diff) | |
download | gnunet-089a4f09b10e80dc5443f7be66eb07a6b8f76b3a.tar.gz gnunet-089a4f09b10e80dc5443f7be66eb07a6b8f76b3a.zip |
--commit still broken
Diffstat (limited to 'src/identity-provider')
-rw-r--r-- | src/identity-provider/logfile.txt | 73 | ||||
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 278 | ||||
-rw-r--r-- | src/identity-provider/vgcore.2692 | bin | 0 -> 72450048 bytes |
3 files changed, 233 insertions, 118 deletions
diff --git a/src/identity-provider/logfile.txt b/src/identity-provider/logfile.txt new file mode 100644 index 000000000..a59f2478a --- /dev/null +++ b/src/identity-provider/logfile.txt | |||
@@ -0,0 +1,73 @@ | |||
1 | *** Error in `/usr/local/lib//gnunet/libexec/gnunet-rest-server': free(): invalid pointer: 0x00007f9c415c9275 *** | ||
2 | *** Error in `/usr/local/lib//gnunet/libexec/gnunet-rest-server': free(): invalid pointer: 0x00007f0888c25275 *** | ||
3 | *** Error in `/usr/local/lib//gnunet/libexec/gnunet-rest-server': free(): invalid pointer: 0x00007f7dee65b275 *** | ||
4 | Nov 23 13:58:28-246065 gnunet-rest-server-26879 ERROR Error: (null) | ||
5 | Nov 23 13:58:46-677968 gnunet-rest-server-26879 ERROR Error: Missing openid scope | ||
6 | Nov 23 13:59:34-165447 gnunet-rest-server-26901 ERROR Error: Missing openid scope | ||
7 | Nov 23 14:04:07-545573 gnunet-rest-server-28097 ERROR Error: Response type is not code | ||
8 | Nov 23 14:53:06-102430 gnunet-rest-server-30299 ERROR Error: Missing openid scope | ||
9 | Nov 23 14:54:04-248567 gnunet-rest-server-30798 ERROR Error: Missing openid scope | ||
10 | Nov 23 14:56:12-809322 gnunet-rest-server-31914 ERROR Error: Missing openid scope | ||
11 | Nov 23 14:56:39-819194 gnunet-rest-server-31914 ERROR Error: Missing openid scope | ||
12 | Nov 23 14:58:38-889573 gnunet-rest-server-601 ERROR Error: Missing openid scope | ||
13 | Nov 30 11:59:42-727619 gnunet-rest-server-9307 ERROR (null)Nov 30 12:00:28-889186 gnunet-rest-server-9307 ERROR (null)Nov 30 12:01:56-950658 gnunet-rest-server-10445 ERROR con_handle: /idp/authorize | ||
14 | Nov 30 12:01:56-982304 gnunet-rest-server-10445 ERROR url: /idp/authorize | ||
15 | Nov 30 12:08:22-749785 gnunet-rest-server-11652 ERROR con_handle: /idp/authorize | ||
16 | Nov 30 12:08:22-782042 gnunet-rest-server-11652 ERROR url: /idp/authorize | ||
17 | Nov 30 12:39:51-816632 gnunet-rest-server-14500 ERROR url: /idp/authorize | ||
18 | Dec 04 09:51:02-313753 gnunet-rest-server-1974 ERROR No default ego configured in identity service | ||
19 | Dec 04 09:51:09-311601 gnunet-rest-server-1974 ERROR No default ego configured in identity service | ||
20 | Failed to send data in request for `/idp/attributes/testego'. | ||
21 | Dec 04 11:58:11-490711 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
22 | Failed to send data in request for `/idp/tickets/testego'. | ||
23 | Dec 04 11:58:11-508689 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
24 | Failed to send data in request for `/names/'. | ||
25 | Dec 04 11:58:11-511015 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
26 | Failed to send data in request for `/idp/tickets/testego'. | ||
27 | Dec 04 12:38:15-960444 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
28 | Failed to send data in request for `/names/'. | ||
29 | Dec 04 12:38:16-003695 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
30 | Failed to send data in request for `/idp/attributes/testego'. | ||
31 | Dec 04 12:38:16-021887 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
32 | Failed to send data in request for `/idp/tickets/testego'. | ||
33 | Dec 04 12:38:29-977580 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
34 | Failed to send data in request for `/names/'. | ||
35 | Dec 04 12:38:30-008002 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
36 | Failed to send data in request for `/idp/attributes/testego'. | ||
37 | Dec 04 12:38:30-036167 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
38 | Failed to send data in request for `/idp/attributes/testego'. | ||
39 | Dec 04 12:43:23-654462 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
40 | Failed to send data in request for `/idp/tickets/testego'. | ||
41 | Dec 04 12:43:23-655070 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
42 | Failed to send data in request for `/names/'. | ||
43 | Dec 04 12:43:23-665165 gnunet-rest-server-6760 ERROR MHD encountered error handling request: 1 | ||
44 | Failed to send data in request for `/idp/tickets/testego'. | ||
45 | Dec 04 13:06:56-306701 gnunet-rest-server-9599 ERROR MHD encountered error handling request: 1 | ||
46 | Failed to send data in request for `/idp/attributes/testego'. | ||
47 | Dec 04 13:06:56-326200 gnunet-rest-server-9599 ERROR MHD encountered error handling request: 1 | ||
48 | Failed to send data in request for `/names/'. | ||
49 | Dec 04 13:06:56-331741 gnunet-rest-server-9599 ERROR MHD encountered error handling request: 1 | ||
50 | Dec 04 13:09:56-080335 gnunet-rest-server-10794 ERROR URL (response_type=code) | ||
51 | Dec 04 13:12:49-565164 gnunet-rest-server-11931 ERROR URL (response_type=code) | ||
52 | Failed to send data in request for `/idp/tickets/testego'. | ||
53 | Dec 04 13:12:49-586734 gnunet-rest-server-11931 ERROR MHD encountered error handling request: 1 | ||
54 | Failed to send data in request for `/idp/attributes/testego'. | ||
55 | Dec 04 13:12:49-592627 gnunet-rest-server-11931 ERROR MHD encountered error handling request: 1 | ||
56 | Failed to send data in request for `/names/'. | ||
57 | Dec 04 13:12:49-601007 gnunet-rest-server-11931 ERROR MHD encountered error handling request: 1 | ||
58 | Dec 04 13:15:25-370395 gnunet-rest-server-13261 ERROR URL (acr_values=true) | ||
59 | Failed to send data in request for `/idp/tickets/testego'. | ||
60 | Dec 04 13:15:25-395382 gnunet-rest-server-13261 ERROR MHD encountered error handling request: 1 | ||
61 | Failed to send data in request for `/idp/attributes/testego'. | ||
62 | Dec 04 13:15:25-399622 gnunet-rest-server-13261 ERROR MHD encountered error handling request: 1 | ||
63 | Failed to send data in request for `/names/'. | ||
64 | Dec 04 13:15:25-408151 gnunet-rest-server-13261 ERROR MHD encountered error handling request: 1 | ||
65 | Dec 04 13:36:24-427812 gnunet-rest-server-15336 ERROR URL (?response_type=code&client_id=test&scope=openid email&redirect_uri=https://google.com&nonce=11111&ui_locales=test&) | ||
66 | Failed to send data in request for `/idp/tickets/testego'. | ||
67 | Dec 04 13:36:24-450636 gnunet-rest-server-15336 ERROR MHD encountered error handling request: 1 | ||
68 | Failed to send data in request for `/idp/attributes/testego'. | ||
69 | Dec 04 13:36:24-456164 gnunet-rest-server-15336 ERROR MHD encountered error handling request: 1 | ||
70 | Failed to send data in request for `/names/'. | ||
71 | Dec 04 13:36:24-461431 gnunet-rest-server-15336 ERROR MHD encountered error handling request: 1 | ||
72 | Dec 04 13:39:02-052691 gnunet-rest-server-16482 ERROR URL (?response_type=code&client_id=test&scope=openid email&redirect_uri=https://google.com&nonce=1111&ui_locales=test&acr_values=true) | ||
73 | Dec 04 15:27:43-226881 gnunet-rest-server-16482 ERROR URL (?response_type=code&client_id=test&scope=openid email&redirect_uri=https://google.com&nonce=11111&ui_locales=test&acr_values=true) | ||
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 1bef87ace..1ad0aef42 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -70,7 +70,6 @@ | |||
70 | */ | 70 | */ |
71 | #define GNUNET_REST_API_NS_AUTHORIZE "/idp/authorize" | 71 | #define GNUNET_REST_API_NS_AUTHORIZE "/idp/authorize" |
72 | 72 | ||
73 | |||
74 | /** | 73 | /** |
75 | * Attribute key | 74 | * Attribute key |
76 | */ | 75 | */ |
@@ -97,6 +96,55 @@ | |||
97 | */ | 96 | */ |
98 | #define ID_REST_STATE_POST_INIT 1 | 97 | #define ID_REST_STATE_POST_INIT 1 |
99 | 98 | ||
99 | /** | ||
100 | * OIDC response_type key | ||
101 | */ | ||
102 | #define OIDC_RESPONSE_TYPE_KEY "response_type" | ||
103 | |||
104 | /** | ||
105 | * OIDC client_id key | ||
106 | */ | ||
107 | #define OIDC_CLIENT_ID_KEY "client_id" | ||
108 | |||
109 | /** | ||
110 | * OIDC scope key | ||
111 | */ | ||
112 | #define OIDC_SCOPE_KEY "scope" | ||
113 | |||
114 | /** | ||
115 | * OIDC redirect_uri key | ||
116 | */ | ||
117 | #define OIDC_REDIRECT_URI_KEY "redirect_uri" | ||
118 | |||
119 | /** | ||
120 | * OIDC state key | ||
121 | */ | ||
122 | #define OIDC_STATE_KEY "state" | ||
123 | |||
124 | /** | ||
125 | * OIDC nonce key | ||
126 | */ | ||
127 | #define OIDC_NONCE_KEY "nonce" | ||
128 | |||
129 | /** | ||
130 | * OIDC expected response_type while authorizing | ||
131 | */ | ||
132 | #define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" | ||
133 | |||
134 | /** | ||
135 | * OIDC expected scope part while authorizing | ||
136 | */ | ||
137 | #define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid" | ||
138 | |||
139 | |||
140 | /** | ||
141 | * OIDC ignored parameter array | ||
142 | */ | ||
143 | char* OIDC_ignored_parameter_array [] = | ||
144 | { | ||
145 | "display", "prompt", "max_age", "ui_locales", "response_mode", | ||
146 | "id_token_hint", "login_hint", "acr_values" | ||
147 | }; | ||
100 | 148 | ||
101 | /** | 149 | /** |
102 | * The configuration handle | 150 | * The configuration handle |
@@ -799,10 +847,10 @@ revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
799 | strlen (rnd_str), | 847 | strlen (rnd_str), |
800 | &ticket.rnd, | 848 | &ticket.rnd, |
801 | sizeof (uint64_t)); | 849 | sizeof (uint64_t)); |
802 | GNUNET_STRINGS_string_to_data (identity_str, | 850 | // GNUNET_STRINGS_string_to_data (identity_str, |
803 | strlen (identity_str), | 851 | // strlen (identity_str), |
804 | &ticket.identity, | 852 | // &ticket.identity,type filter text |
805 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 853 | // sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
806 | GNUNET_STRINGS_string_to_data (audience_str, | 854 | GNUNET_STRINGS_string_to_data (audience_str, |
807 | strlen (audience_str), | 855 | strlen (audience_str), |
808 | &ticket.audience, | 856 | &ticket.audience, |
@@ -1030,88 +1078,120 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1030 | const char* url, | 1078 | const char* url, |
1031 | void *cls) | 1079 | void *cls) |
1032 | { | 1080 | { |
1081 | struct MHD_Response *resp; | ||
1082 | struct RequestHandle *handle = cls; | ||
1083 | char *response_type, *client_id, *scope, *redirect_uri, *state, *nonce; | ||
1033 | 1084 | ||
1034 | //TODO clean up method | 1085 | //TODO clean up method |
1035 | 1086 | ||
1087 | /** The Authorization Server MUST validate all the OAuth 2.0 parameters | ||
1088 | * according to the OAuth 2.0 specification. | ||
1089 | */ | ||
1090 | /** The Authorization Server MUST verify that all the REQUIRED parameters | ||
1091 | * are present and their usage conforms to this specification. | ||
1092 | */ | ||
1093 | /** | ||
1094 | * If the sub (subject) Claim is requested with a specific value for the | ||
1095 | * ID Token, the Authorization Server MUST only send a positive response | ||
1096 | * if the End-User identified by that sub value has an active session with | ||
1097 | * the Authorization Server or has been Authenticated as a result of the | ||
1098 | * request. The Authorization Server MUST NOT reply with an ID Token or | ||
1099 | * Access Token for a different user, even if they have an active session | ||
1100 | * with the Authorization Server. Such a request can be made either using | ||
1101 | * an id_token_hint parameter or by requesting a specific Claim Value as | ||
1102 | * described in Section 5.5.1, if the claims parameter is supported by | ||
1103 | * the implementation. | ||
1104 | */ | ||
1036 | 1105 | ||
1037 | // The Authorization Server MUST validate all the OAuth 2.0 parameters according to the OAuth 2.0 specification. | ||
1038 | // The Authorization Server MUST verify that all the REQUIRED parameters are present and their usage conforms to this specification. | ||
1039 | // If the sub (subject) Claim is requested with a specific value for the ID Token, the Authorization Server MUST only send a positive response if the End-User identified by that sub value has an active session with the Authorization Server or has been Authenticated as a result of the request. The Authorization Server MUST NOT reply with an ID Token or Access Token for a different user, even if they have an active session with the Authorization Server. Such a request can be made either using an id_token_hint parameter or by requesting a specific Claim Value as described in Section 5.5.1, if the claims parameter is supported by the implementation. | ||
1040 | 1106 | ||
1107 | int size=sizeof(OIDC_ignored_parameter_array)/sizeof(char *); | ||
1041 | 1108 | ||
1109 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Size %i = 8\n", size); | ||
1042 | 1110 | ||
1043 | struct MHD_Response *resp; | 1111 | struct GNUNET_HashCode cache_key; |
1044 | struct RequestHandle *handle = cls; | ||
1045 | 1112 | ||
1046 | /* | 1113 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY), |
1047 | * response_type 0 | 1114 | &cache_key); |
1048 | * client_id 1 | 1115 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1049 | * scope 2 | 1116 | &cache_key)) |
1050 | * redirect_uri 3 | 1117 | { |
1051 | * state 4 | 1118 | //TODO error |
1052 | * nonce 5 | ||
1053 | * display 6 | ||
1054 | * prompt 7 | ||
1055 | * max_age 8 | ||
1056 | * ui_locales 9 | ||
1057 | * response_mode 10 | ||
1058 | * id_token_hint 11 | ||
1059 | * login_hint 12 | ||
1060 | * acr_values 13 | ||
1061 | */ | ||
1062 | char* array[] = { "response_type", "client_id", "scope", "redirect_uri", | ||
1063 | "state", "nonce", "display", "prompt", "max_age", "ui_locales", | ||
1064 | "response_mode", "id_token_hint","login_hint", "acr_values" }; | ||
1065 | int array_size=14; | ||
1066 | int bool_array[array_size]; | ||
1067 | 1119 | ||
1068 | struct GNUNET_HashCode cache_key; | 1120 | } |
1121 | response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1122 | &cache_key); | ||
1069 | 1123 | ||
1070 | //iterates over each parameter and store used values in array array[] | 1124 | |
1071 | int iterator; | 1125 | GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY), |
1072 | for( iterator = 0; iterator<array_size; iterator++){ | 1126 | &cache_key); |
1073 | GNUNET_CRYPTO_hash (array[iterator], strlen (array[iterator]), &cache_key); | 1127 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1074 | char* cache=GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, &cache_key); | 1128 | &cache_key)) |
1075 | bool_array[iterator]=0; | 1129 | { |
1076 | if(cache!=0){ | 1130 | //TODO error |
1077 | size_t size=strlen(cache)+1; | ||
1078 | array[iterator]=(char*)malloc(size*sizeof(char)); | ||
1079 | strncpy(array[iterator],cache,size); | ||
1080 | bool_array[iterator]=1; | ||
1081 | } | ||
1082 | } | 1131 | } |
1132 | client_id = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1133 | &cache_key); | ||
1083 | 1134 | ||
1084 | /* MUST validate all the OAuth 2.0 parameters & that all the | 1135 | |
1085 | * REQUIRED parameters are present and their usage conforms to this specification | 1136 | GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key); |
1086 | */ | ||
1087 | GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (array[iterator]), &cache_key); | ||
1088 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1137 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1089 | &key)) | 1138 | &cache_key)) |
1090 | { | 1139 | { |
1091 | handle->emsg=GNUNET_strdup("invalid_request"); | 1140 | //TODO error |
1092 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | ||
1093 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1094 | return; | ||
1095 | } | 1141 | } |
1096 | response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | 1142 | scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, |
1097 | &key); | 1143 | &cache_key); |
1098 | 1144 | ||
1099 | //required values: response_type, client_id, scope, redirect_uri | 1145 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
1100 | if(!bool_array[0] || !bool_array[1] || !bool_array[2] || !bool_array[3]){ | 1146 | &cache_key); |
1101 | handle->emsg=GNUNET_strdup("invalid_request"); | 1147 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
1102 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1148 | &cache_key)) |
1103 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1149 | { |
1104 | return; | 1150 | //TODO error |
1151 | } | ||
1152 | redirect_uri = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1153 | &cache_key); | ||
1154 | |||
1155 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); | ||
1156 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
1157 | &cache_key)) | ||
1158 | { | ||
1159 | //TODO error | ||
1105 | } | 1160 | } |
1161 | state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1162 | &cache_key); | ||
1163 | |||
1164 | GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key); | ||
1165 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | ||
1166 | &cache_key)) | ||
1167 | { | ||
1168 | //TODO error | ||
1169 | } | ||
1170 | nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map, | ||
1171 | &cache_key); | ||
1172 | |||
1173 | int iterator; | ||
1174 | for( iterator = 0; iterator < size; iterator++ ) | ||
1175 | { | ||
1176 | GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator], | ||
1177 | strlen(OIDC_ignored_parameter_array[iterator]), | ||
1178 | &cache_key); | ||
1179 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map, | ||
1180 | &cache_key)) | ||
1181 | { | ||
1182 | //TODO error | ||
1183 | } | ||
1184 | } | ||
1185 | |||
1186 | |||
1106 | //response_type = code | 1187 | //response_type = code |
1107 | if(strcmp(array[0],"code")!=0){ | 1188 | if( strcmp( response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) != 0 ) |
1108 | handle->emsg=GNUNET_strdup("invalid_response_type"); | 1189 | { |
1109 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1190 | //TODO error |
1110 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
1111 | return; | ||
1112 | } | 1191 | } |
1113 | //scope contains openid | 1192 | //scope contains openid |
1114 | if(strstr(array[2],"openid")==NULL){ | 1193 | if( strstr( scope, OIDC_EXPECTED_AUTHORIZATION_SCOPE ) == NULL ) |
1194 | { | ||
1115 | handle->emsg=GNUNET_strdup("invalid_scope"); | 1195 | handle->emsg=GNUNET_strdup("invalid_scope"); |
1116 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1196 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1117 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1197 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -1121,7 +1201,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1121 | //TODO check other values and use them accordingly | 1201 | //TODO check other values and use them accordingly |
1122 | 1202 | ||
1123 | 1203 | ||
1124 | char* redirect_url_to_login; | 1204 | char* login_base_url; |
1125 | 1205 | ||
1126 | // if(){ | 1206 | // if(){ |
1127 | // | 1207 | // |
@@ -1131,67 +1211,29 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1131 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, | 1211 | if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg, |
1132 | "identity-rest-plugin", | 1212 | "identity-rest-plugin", |
1133 | "address", | 1213 | "address", |
1134 | &redirect_url_to_login)){ | 1214 | &login_base_url)) |
1135 | 1215 | { | |
1136 | char* build_array[] = { "response_type", "client_id", "scope", "redirect_uri", | 1216 | char* new_redirect; |
1137 | "state", "nonce", "display", "prompt", "max_age", "ui_locales", | 1217 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
1138 | "response_mode", "id_token_hint","login_hint", "acr_values" }; | 1218 | login_base_url, |
1139 | GNUNET_asprintf (new_redirect, "%s=%s&...", | 1219 | OIDC_RESPONSE_TYPE_KEY, response_type, |
1220 | OIDC_CLIENT_ID_KEY, client_id, | ||
1140 | OIDC_REDIRECT_URI_KEY, redirect_uri, | 1221 | OIDC_REDIRECT_URI_KEY, redirect_uri, |
1141 | OIDC_CLIENT_ID_KEY, client_id, | 1222 | OIDC_SCOPE_KEY, scope, |
1142 | ...); | 1223 | OIDC_STATE_KEY, state, |
1143 | size_t redirect_parameter_size= strlen("?"); | 1224 | OIDC_NONCE_KEY, nonce |
1144 | for(iterator=0;iterator<array_size;iterator++){ | 1225 | ); |
1145 | if(bool_array[iterator]){ | ||
1146 | redirect_parameter_size += strlen(array[iterator]); | ||
1147 | redirect_parameter_size += strlen(build_array[iterator]); | ||
1148 | if(iterator==array_size-1) | ||
1149 | { | ||
1150 | redirect_parameter_size += strlen("="); | ||
1151 | }else{ | ||
1152 | redirect_parameter_size += strlen("=&"); | ||
1153 | } | ||
1154 | } | ||
1155 | } | ||
1156 | |||
1157 | char redirect_parameter[redirect_parameter_size+1]; | ||
1158 | redirect_parameter_size = 0; | ||
1159 | redirect_parameter[redirect_parameter_size]='?'; | ||
1160 | for(iterator=0;iterator<array_size;iterator++){ | ||
1161 | if(bool_array[iterator]){ | ||
1162 | //If not last parameter | ||
1163 | if(iterator!=array_size-1) | ||
1164 | { | ||
1165 | char cache[strlen(array[iterator])+strlen(build_array[iterator])+2+1]; | ||
1166 | snprintf(cache,sizeof(cache),"%s=%s&", build_array[iterator], array[iterator]); | ||
1167 | strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+2 ); | ||
1168 | }else{ | ||
1169 | char cache[strlen(array[iterator])+strlen(build_array[iterator])+1+1]; | ||
1170 | snprintf(cache,sizeof(cache),"%s=%s", build_array[iterator], array[iterator]); | ||
1171 | strncat(redirect_parameter, cache, strlen(array[iterator])+strlen(build_array[iterator])+1 ); | ||
1172 | } | ||
1173 | } | ||
1174 | } | ||
1175 | char redirect_component[strlen(redirect_url_to_login)+strlen(redirect_parameter)+1]; | ||
1176 | snprintf(redirect_component, sizeof(redirect_component), "%s%s", redirect_url_to_login, redirect_parameter); | ||
1177 | resp = GNUNET_REST_create_response (""); | 1226 | resp = GNUNET_REST_create_response (""); |
1178 | MHD_add_response_header (resp, "Location", redirect_component); | 1227 | MHD_add_response_header (resp, "Location", new_redirect); |
1179 | }else{ | 1228 | }else{ |
1180 | handle->emsg=GNUNET_strdup("No server on localhost:8000"); | 1229 | handle->emsg=GNUNET_strdup("No server on localhost:8000"); |
1181 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1230 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
1182 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1231 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
1183 | return; | 1232 | return; |
1184 | // resp = GNUNET_REST_create_response (""); | ||
1185 | // MHD_add_response_header (resp, "Location", array[3]); | ||
1186 | } | 1233 | } |
1187 | 1234 | ||
1188 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1235 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1189 | cleanup_handle (handle); | 1236 | cleanup_handle (handle); |
1190 | for(iterator=0; iterator<array_size; iterator++){ | ||
1191 | if(bool_array[iterator]){ | ||
1192 | free(array[iterator]); | ||
1193 | } | ||
1194 | } | ||
1195 | return; | 1237 | return; |
1196 | } | 1238 | } |
1197 | 1239 | ||
diff --git a/src/identity-provider/vgcore.2692 b/src/identity-provider/vgcore.2692 new file mode 100644 index 000000000..d5691a6f6 --- /dev/null +++ b/src/identity-provider/vgcore.2692 | |||
Binary files differ | |||