diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2018-11-28 09:23:03 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2018-11-28 09:23:03 +0100 |
commit | 3fc5340f4cc762d091904ee829c3bcadca452ece (patch) | |
tree | 67a739974f263dd449ff4c35f70ecd350bc94e6e /src/rest-plugins | |
parent | 6af0c6d7c6b7f915b832df2bbb907e688deaa452 (diff) | |
download | gnunet-3fc5340f4cc762d091904ee829c3bcadca452ece.tar.gz gnunet-3fc5340f4cc762d091904ee829c3bcadca452ece.zip |
REST: expire cookies
Diffstat (limited to 'src/rest-plugins')
-rw-r--r-- | src/rest-plugins/plugin_rest_openid_connect.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/rest-plugins/plugin_rest_openid_connect.c b/src/rest-plugins/plugin_rest_openid_connect.c index 9325d5825..ca988387c 100644 --- a/src/rest-plugins/plugin_rest_openid_connect.c +++ b/src/rest-plugins/plugin_rest_openid_connect.c | |||
@@ -121,6 +121,11 @@ | |||
121 | #define OIDC_NONCE_KEY "nonce" | 121 | #define OIDC_NONCE_KEY "nonce" |
122 | 122 | ||
123 | /** | 123 | /** |
124 | * OIDC cookie expiration (in seconds) | ||
125 | */ | ||
126 | #define OIDC_COOKIE_EXPIRATION 3 | ||
127 | |||
128 | /** | ||
124 | * OIDC cookie header key | 129 | * OIDC cookie header key |
125 | */ | 130 | */ |
126 | #define OIDC_COOKIE_HEADER_KEY "cookie" | 131 | #define OIDC_COOKIE_HEADER_KEY "cookie" |
@@ -1398,6 +1403,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1398 | struct GNUNET_TIME_Absolute *current_time; | 1403 | struct GNUNET_TIME_Absolute *current_time; |
1399 | struct GNUNET_TIME_Absolute *last_time; | 1404 | struct GNUNET_TIME_Absolute *last_time; |
1400 | char* cookie; | 1405 | char* cookie; |
1406 | char* header_val; | ||
1401 | json_t *root; | 1407 | json_t *root; |
1402 | json_error_t error; | 1408 | json_error_t error; |
1403 | json_t *identity; | 1409 | json_t *identity; |
@@ -1416,7 +1422,13 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1416 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1422 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1417 | return; | 1423 | return; |
1418 | } | 1424 | } |
1419 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); | 1425 | GNUNET_asprintf (&cookie, |
1426 | "Identity=%s", | ||
1427 | json_string_value (identity)); | ||
1428 | GNUNET_asprintf (&header_val, | ||
1429 | "%s;Max-Age=%d", | ||
1430 | cookie, | ||
1431 | OIDC_COOKIE_EXPIRATION); | ||
1420 | MHD_add_response_header (resp, "Set-Cookie", cookie); | 1432 | MHD_add_response_header (resp, "Set-Cookie", cookie); |
1421 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); | 1433 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); |
1422 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); | 1434 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); |
@@ -1427,7 +1439,7 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1427 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); | 1439 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); |
1428 | *current_time = GNUNET_TIME_relative_to_absolute ( | 1440 | *current_time = GNUNET_TIME_relative_to_absolute ( |
1429 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | 1441 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), |
1430 | 5)); | 1442 | OIDC_COOKIE_EXPIRATION)); |
1431 | last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); | 1443 | last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key); |
1432 | if (NULL != last_time) | 1444 | if (NULL != last_time) |
1433 | { | 1445 | { |