diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-02-20 17:04:46 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2019-02-20 17:04:46 +0100 |
commit | 997c001089392ed4be9b2bce22f042e109db3f25 (patch) | |
tree | 85453c1af3d149c2be353e066595fb4fe32e9c3b /src/rest-plugins | |
parent | 609e4becfe496ed62c2007db18d04fbc8d523476 (diff) | |
download | gnunet-997c001089392ed4be9b2bce22f042e109db3f25.tar.gz gnunet-997c001089392ed4be9b2bce22f042e109db3f25.zip |
support non GNS redirect URIs
Diffstat (limited to 'src/rest-plugins')
-rw-r--r-- | src/rest-plugins/plugin_rest_openid_connect.c | 96 |
1 files changed, 65 insertions, 31 deletions
diff --git a/src/rest-plugins/plugin_rest_openid_connect.c b/src/rest-plugins/plugin_rest_openid_connect.c index 20feaec6a..47af75bcc 100644 --- a/src/rest-plugins/plugin_rest_openid_connect.c +++ b/src/rest-plugins/plugin_rest_openid_connect.c | |||
@@ -935,12 +935,24 @@ oidc_ticket_issue_cb (void* cls, | |||
935 | &handle->ticket, | 935 | &handle->ticket, |
936 | handle->oidc->nonce); | 936 | handle->oidc->nonce); |
937 | code_base64_final_string = base64_encode (code_json_string); | 937 | code_base64_final_string = base64_encode (code_json_string); |
938 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", | 938 | if ( (NULL != handle->redirect_prefix) && |
939 | handle->redirect_prefix, | 939 | (NULL != handle->redirect_suffix) && |
940 | handle->tld, | 940 | (NULL != handle->tls) ) |
941 | handle->redirect_suffix, | 941 | { |
942 | handle->oidc->response_type, | 942 | |
943 | code_base64_final_string, handle->oidc->state); | 943 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s", |
944 | handle->redirect_prefix, | ||
945 | handle->tld, | ||
946 | handle->redirect_suffix, | ||
947 | handle->oidc->response_type, | ||
948 | code_base64_final_string, handle->oidc->state); | ||
949 | } else { | ||
950 | GNUNET_asprintf (&redirect_uri, "%s?%s=%s&state=%s", | ||
951 | handle->oidc->redirect_uri, | ||
952 | handle->oidc->response_type, | ||
953 | code_base64_final_string, handle->oidc->state); | ||
954 | |||
955 | } | ||
944 | resp = GNUNET_REST_create_response (""); | 956 | resp = GNUNET_REST_create_response (""); |
945 | MHD_add_response_header (resp, "Location", redirect_uri); | 957 | MHD_add_response_header (resp, "Location", redirect_uri); |
946 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 958 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
@@ -1095,13 +1107,25 @@ build_redirect (void *cls) | |||
1095 | 1107 | ||
1096 | if (GNUNET_YES == handle->oidc->user_cancelled) | 1108 | if (GNUNET_YES == handle->oidc->user_cancelled) |
1097 | { | 1109 | { |
1098 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", | 1110 | if ( (NULL != handle->redirect_prefix) && |
1099 | handle->redirect_prefix, | 1111 | (NULL != handle->redirect_suffix) && |
1100 | handle->tld, | 1112 | (NULL != handle->tls) ) |
1101 | handle->redirect_suffix, | 1113 | { |
1102 | "access_denied", | 1114 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", |
1103 | "User denied access", | 1115 | handle->redirect_prefix, |
1104 | handle->oidc->state); | 1116 | handle->tld, |
1117 | handle->redirect_suffix, | ||
1118 | "access_denied", | ||
1119 | "User denied access", | ||
1120 | handle->oidc->state); | ||
1121 | } else { | ||
1122 | GNUNET_asprintf (&redirect_uri, "%s?error=%s&error_description=%s&state=%s", | ||
1123 | handle->oidc->redirect_uri, | ||
1124 | "access_denied", | ||
1125 | "User denied access", | ||
1126 | handle->oidc->state); | ||
1127 | |||
1128 | } | ||
1105 | resp = GNUNET_REST_create_response (""); | 1129 | resp = GNUNET_REST_create_response (""); |
1106 | MHD_add_response_header (resp, "Location", redirect_uri); | 1130 | MHD_add_response_header (resp, "Location", redirect_uri); |
1107 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1131 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
@@ -1137,25 +1161,35 @@ lookup_redirect_uri_result (void *cls, | |||
1137 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) | 1161 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) |
1138 | continue; | 1162 | continue; |
1139 | if (0 != strncmp (rd[i].data, | 1163 | if (0 != strncmp (rd[i].data, |
1140 | handle->oidc->redirect_uri, | 1164 | handle->oidc->redirect_uri, |
1141 | rd[i].data_size)) | 1165 | rd[i].data_size)) |
1142 | continue; | 1166 | continue; |
1143 | tmp = GNUNET_strndup (rd[i].data, | 1167 | tmp = GNUNET_strndup (rd[i].data, |
1144 | rd[i].data_size); | 1168 | rd[i].data_size); |
1145 | pos = strrchr (tmp, | 1169 | if (NULL == strstr (tmp, |
1146 | (unsigned char) '.'); | 1170 | handle->oidc->client_id)) |
1147 | *pos = '\0'; | 1171 | { |
1148 | handle->redirect_prefix = GNUNET_strdup (tmp); | 1172 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
1149 | tmp_key_str = pos + 1; | 1173 | "Redirect uri %s does not contain client_id %s", |
1150 | pos = strchr (tmp_key_str, | 1174 | tmp, |
1151 | (unsigned char) '/'); | 1175 | handle->oidc->client_id); |
1152 | *pos = '\0'; | 1176 | } else { |
1153 | handle->redirect_suffix = GNUNET_strdup (pos + 1); | 1177 | |
1154 | 1178 | pos = strrchr (tmp, | |
1155 | GNUNET_STRINGS_string_to_data (tmp_key_str, | 1179 | (unsigned char) '.'); |
1156 | strlen (tmp_key_str), | 1180 | *pos = '\0'; |
1157 | &redirect_zone, | 1181 | handle->redirect_prefix = GNUNET_strdup (tmp); |
1158 | sizeof (redirect_zone)); | 1182 | tmp_key_str = pos + 1; |
1183 | pos = strchr (tmp_key_str, | ||
1184 | (unsigned char) '/'); | ||
1185 | *pos = '\0'; | ||
1186 | handle->redirect_suffix = GNUNET_strdup (pos + 1); | ||
1187 | |||
1188 | GNUNET_STRINGS_string_to_data (tmp_key_str, | ||
1189 | strlen (tmp_key_str), | ||
1190 | &redirect_zone, | ||
1191 | sizeof (redirect_zone)); | ||
1192 | } | ||
1159 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); | 1193 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); |
1160 | GNUNET_free (tmp); | 1194 | GNUNET_free (tmp); |
1161 | return; | 1195 | return; |
@@ -1300,7 +1334,7 @@ build_authz_response (void *cls) | |||
1300 | { | 1334 | { |
1301 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); | 1335 | handle->emsg = GNUNET_strdup (OIDC_ERROR_KEY_INVALID_SCOPE); |
1302 | handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or " | 1336 | handle->edesc=GNUNET_strdup ("The requested scope is invalid, unknown, or " |
1303 | "malformed."); | 1337 | "malformed."); |
1304 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1338 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1305 | GNUNET_free (expected_scope); | 1339 | GNUNET_free (expected_scope); |
1306 | return; | 1340 | return; |
@@ -1337,7 +1371,7 @@ tld_iter (void *cls, | |||
1337 | return; | 1371 | return; |
1338 | } | 1372 | } |
1339 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, | 1373 | if (0 == memcmp (&pkey, &handle->oidc->client_pkey, |
1340 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | 1374 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) |
1341 | handle->tld = GNUNET_strdup (option+1); | 1375 | handle->tld = GNUNET_strdup (option+1); |
1342 | } | 1376 | } |
1343 | 1377 | ||