diff options
| author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-02-20 17:04:46 +0100 |
|---|---|---|
| committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-02-20 17:04:46 +0100 |
| commit | 997c001089392ed4be9b2bce22f042e109db3f25 (patch) | |
| tree | 85453c1af3d149c2be353e066595fb4fe32e9c3b /src/rest-plugins | |
| parent | 609e4becfe496ed62c2007db18d04fbc8d523476 (diff) | |
| download | gnunet-997c001089392ed4be9b2bce22f042e109db3f25.tar.gz gnunet-997c001089392ed4be9b2bce22f042e109db3f25.zip | |
support non GNS redirect URIs
Diffstat (limited to 'src/rest-plugins')
| -rw-r--r-- | src/rest-plugins/plugin_rest_openid_connect.c | 96 |
1 files changed, 65 insertions, 31 deletions
diff --git a/src/rest-plugins/plugin_rest_openid_connect.c b/src/rest-plugins/plugin_rest_openid_connect.c index 20feaec6a..47af75bcc 100644 --- a/src/rest-plugins/plugin_rest_openid_connect.c +++ b/src/rest-plugins/plugin_rest_openid_connect.c | |||
| @@ -935,12 +935,24 @@ oidc_ticket_issue_cb (void* cls, | |||
| 935 | &handle->ticket, | 935 | &handle->ticket, |
| 936 | handle->oidc->nonce); | 936 | handle->oidc->nonce); |
| 937 | code_base64_final_string = base64_encode (code_json_string); | 937 | code_base64_final_string = base64_encode (code_json_string); |
| 938 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", | 938 | if ( (NULL != handle->redirect_prefix) && |
| 939 | handle->redirect_prefix, | 939 | (NULL != handle->redirect_suffix) && |
| 940 | handle->tld, | 940 | (NULL != handle->tls) ) |
| 941 | handle->redirect_suffix, | 941 | { |
| 942 | handle->oidc->response_type, | 942 | |
| 943 | code_base64_final_string, handle->oidc->state); | 943 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", |
| 944 | handle->redirect_prefix, | ||
| 945 | handle->tld, | ||
| 946 | handle->redirect_suffix, | ||
| 947 | handle->oidc->response_type, | ||
| 948 | code_base64_final_string, handle->oidc->state); | ||
| 949 | } else { | ||
| 950 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", | ||
| 951 | handle->oidc->redirect_uri, | ||
| 952 | handle->oidc->response_type, | ||
| 953 | code_base64_final_string, handle->oidc->state); | ||
| 954 | |||
| 955 | } | ||
| 944 | resp = GNUNET_REST_create_response (""); | 956 | resp = GNUNET_REST_create_response (""); |
| 945 | MHD_add_response_header (resp, "Location", redirect_uri); | 957 | MHD_add_response_header (resp, "Location", redirect_uri); |
| 946 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 958 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
| @@ -1095,13 +1107,25 @@ build_redirect (void *cls) | |||
| 1095 | 1107 | ||
| 1096 | if (GNUNET_YES == handle->oidc->user_cancelled) | 1108 | if (GNUNET_YES == handle->oidc->user_cancelled) |
| 1097 | { | 1109 | { |
| 1098 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", | 1110 | if ( (NULL != handle->redirect_prefix) && |
| 1099 | handle->redirect_prefix, | 1111 | (NULL != handle->redirect_suffix) && |
| 1100 | handle->tld, | 1112 | (NULL != handle->tls) ) |
| 1101 | handle->redirect_suffix, | 1113 | { |
| 1102 | "access_denied", | 1114 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", |
| 1103 | "User denied access", | 1115 | handle->redirect_prefix, |
| 1104 | handle->oidc->state); | 1116 | handle->tld, |
| 1117 | handle->redirect_suffix, | ||
| 1118 | "access_denied", | ||
| 1119 | "User denied access", | ||
| 1120 | handle->oidc->state); | ||
| 1121 | } else { | ||
| 1122 | GNUNET_asprintf (&redirect_uri, "%s?error=%s&error_description=%s&state=%s", | ||
| 1123 | handle->oidc->redirect_uri, | ||
| 1124 | "access_denied", | ||
| 1125 | "User denied access", | ||
| 1126 | handle->oidc->state); | ||
| 1127 | |||
| 1128 | } | ||
| 1105 | resp = GNUNET_REST_create_response (""); | 1129 | resp = GNUNET_REST_create_response (""); |
| 1106 | MHD_add_response_header (resp, "Location", redirect_uri); | 1130 | MHD_add_response_header (resp, "Location", redirect_uri); |
| 1107 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1131 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
| @@ -1137,25 +1161,35 @@ lookup_redirect_uri_result (void *cls, | |||
| 1137 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) | 1161 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) |
| 1138 | continue; | 1162 | continue; |
| 1139 | if (0 != strncmp (rd[i].data, | 1163 | if (0 != strncmp (rd[i].data, |
| 1140 | handle->oidc->redirect_uri, | 1164 | handle->oidc->redirect_uri, |
| 1141 | rd[i].data_size)) | 1165 | rd[i].data_size)) |
| 1142 | continue; | 1166 | continue; |
| 1143 | tmp = GNUNET_strndup (rd[i].data, | 1167 | tmp = GNUNET_strndup (rd[i].data, |
| 1144 | rd[i].data_size); | 1168 | rd[i].data_size); |
| 1145 | pos = strrchr (tmp, | 1169 | if (NULL == strstr (tmp, |
| 1146 | (unsigned char) '.'); | 1170 | handle->oidc->client_id)) |
| 1147 | *pos = '\0'; | 1171 | { |
| 1148 | handle->redirect_prefix = GNUNET_strdup (tmp); | 1172 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 1149 | tmp_key_str = pos + 1; | 1173 | "Redirect uri %s does not contain client_id %s", |
| 1150 | pos = strchr (tmp_key_str, | 1174 | tmp, |
| 1151 | (unsigned char) '/'); | 1175 | handle->oidc->client_id); |
| 1152 | *pos = '\0'; | 1176 | } else { |
| 1153 | handle->redirect_suffix = GNUNET_strdup (pos + 1); | 1177 | |
| 1154 | 1178 | pos = strrchr (tmp, | |
| 1155 | GNUNET_STRINGS_string_to_data (tmp_key_str, | 1179 | (unsigned char) '.'); |
| 1156 | strlen (tmp_key_str), | 1180 | *pos = '\0'; |
| 1157 | &redirect_zone, | 1181 | handle->redirect_prefix = GNUNET_strdup (tmp); |
| 1158 | sizeof (redirect_zone)); | 1182 | tmp_key_str = pos + 1; |
| 1183 | pos = strchr (tmp_key_str, | ||
| 1184 | (unsigned char) '/'); | ||
| 1185 | *pos = '\0'; | ||
| 1186 | handle->redirect_suffix = GNUNET_strdup (pos + 1); | ||
| 1187 | |||
| 1188 | GNUNET_STRINGS_string_to_data (tmp_key_str, | ||
| 1189 | strlen (tmp_key_str), | ||
| 1190 | &redirect_zone, | ||
| 1191 | sizeof (redirect_zone)); | ||
| 1192 | } | ||
| 1159 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); | 1193 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); |
| 1160 | GNUNET_free (tmp); | 1194 | GNUNET_free (tmp); |
| 1161 | return; | 1195 | return; |
| @@ -1300,7 +1334,7 @@ build_authz_response (void *cls) | |||
| 1300 | { | 1334 | { |
| 1301 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); | 1335 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
| 1302 | handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or " | 1336 | handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or " |
| 1303 | "malformed."); | 1337 | "malformed."); |
| 1304 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1338 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
| 1305 | GNUNET_free (expected_scope); | 1339 | GNUNET_free (expected_scope); |
| 1306 | return; | 1340 | return; |
| @@ -1337,7 +1371,7 @@ tld_iter (void *cls, | |||
| 1337 | return; | 1371 | return; |
| 1338 | } | 1372 | } |
| 1339 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, | 1373 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, |
| 1340 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | 1374 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) |
| 1341 | handle->tld = GNUNET_strdup (option+1); | 1375 | handle->tld = GNUNET_strdup (option+1); |
| 1342 | } | 1376 | } |
| 1343 | 1377 | ||