diff options
| author | Phil <phil.buschmann@tum.de> | 2018-02-26 17:01:24 +0100 |
|---|---|---|
| committer | Phil <phil.buschmann@tum.de> | 2018-02-26 17:01:24 +0100 |
| commit | 2363773d8a81d253614fa3892cead6ebab69c246 (patch) | |
| tree | 9008c0907e1bcb04ad80e85e86d467d8b920af82 /src | |
| parent | bbe8e9a4e5bc9b60a5cc5f54385e6252a0487aea (diff) | |
| download | gnunet-2363773d8a81d253614fa3892cead6ebab69c246.tar.gz gnunet-2363773d8a81d253614fa3892cead6ebab69c246.zip | |
-token endpoint fix wip
Diffstat (limited to 'src')
| -rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 50 | ||||
| -rw-r--r-- | src/rest/gnunet-rest-server.c | 25 | ||||
| -rw-r--r-- | src/rest/rest.conf | 1 |
3 files changed, 60 insertions, 16 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 033c6e4ba..9ba73ff1c 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
| @@ -1530,6 +1530,7 @@ oidc_attr_collect (void *cls, | |||
| 1530 | if ( NULL == scope_variable ) | 1530 | if ( NULL == scope_variable ) |
| 1531 | { | 1531 | { |
| 1532 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); | 1532 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); |
| 1533 | GNUNET_free(scope_variables); | ||
| 1533 | return; | 1534 | return; |
| 1534 | } | 1535 | } |
| 1535 | GNUNET_free(scope_variables); | 1536 | GNUNET_free(scope_variables); |
| @@ -1717,6 +1718,7 @@ static void namestore_iteration_finished (void *cls) | |||
| 1717 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 1718 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] |
| 1718 | if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri, strlen(expected_redirect_uri)) ) | 1719 | if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri, strlen(expected_redirect_uri)) ) |
| 1719 | { | 1720 | { |
| 1721 | handle->oidc->redirect_uri = NULL; | ||
| 1720 | handle->emsg=GNUNET_strdup("invalid_request"); | 1722 | handle->emsg=GNUNET_strdup("invalid_request"); |
| 1721 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | 1723 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); |
| 1722 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1724 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| @@ -1795,21 +1797,23 @@ static void namestore_iteration_finished (void *cls) | |||
| 1795 | 1797 | ||
| 1796 | // Checks if scope contains 'openid' | 1798 | // Checks if scope contains 'openid' |
| 1797 | expected_scope = GNUNET_strdup(handle->oidc->scope); | 1799 | expected_scope = GNUNET_strdup(handle->oidc->scope); |
| 1798 | expected_scope = strtok (expected_scope, delimiter); | 1800 | char* test; |
| 1799 | while (NULL != expected_scope) | 1801 | test = strtok (expected_scope, delimiter); |
| 1802 | while (NULL != test) | ||
| 1800 | { | 1803 | { |
| 1801 | if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) | 1804 | if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) |
| 1802 | { | 1805 | { |
| 1803 | break; | 1806 | break; |
| 1804 | } | 1807 | } |
| 1805 | expected_scope = strtok (NULL, delimiter); | 1808 | test = strtok (NULL, delimiter); |
| 1806 | } | 1809 | } |
| 1807 | if (NULL == expected_scope) | 1810 | if (NULL == test) |
| 1808 | { | 1811 | { |
| 1809 | handle->emsg = GNUNET_strdup("invalid_scope"); | 1812 | handle->emsg = GNUNET_strdup("invalid_scope"); |
| 1810 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " | 1813 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " |
| 1811 | "malformed."); | 1814 | "malformed."); |
| 1812 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1815 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
| 1816 | GNUNET_free(expected_scope); | ||
| 1813 | return; | 1817 | return; |
| 1814 | } | 1818 | } |
| 1815 | 1819 | ||
| @@ -1927,7 +1931,8 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1927 | if ( json_is_string(identity) ) | 1931 | if ( json_is_string(identity) ) |
| 1928 | { | 1932 | { |
| 1929 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); | 1933 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); |
| 1930 | 1934 | MHD_add_response_header (resp, "Set-Cookie", cookie); | |
| 1935 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); | ||
| 1931 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); | 1936 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); |
| 1932 | 1937 | ||
| 1933 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); | 1938 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); |
| @@ -1944,12 +1949,12 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1944 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 1949 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
| 1945 | 1950 | ||
| 1946 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 1951 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
| 1952 | GNUNET_free(cookie); | ||
| 1947 | } | 1953 | } |
| 1948 | else | 1954 | else |
| 1949 | { | 1955 | { |
| 1950 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 1956 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
| 1951 | } | 1957 | } |
| 1952 | GNUNET_free(cookie); | ||
| 1953 | json_decref (root); | 1958 | json_decref (root); |
| 1954 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1959 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
| 1955 | return; | 1960 | return; |
| @@ -1962,6 +1967,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1962 | { | 1967 | { |
| 1963 | //TODO static strings | 1968 | //TODO static strings |
| 1964 | 1969 | ||
| 1970 | //TODO WWW-Authenticate 401 | ||
| 1965 | struct RequestHandle *handle = cls; | 1971 | struct RequestHandle *handle = cls; |
| 1966 | struct GNUNET_HashCode cache_key; | 1972 | struct GNUNET_HashCode cache_key; |
| 1967 | char *authorization, *credentials; | 1973 | char *authorization, *credentials; |
| @@ -1994,7 +2000,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1994 | } | 2000 | } |
| 1995 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | 2001 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); |
| 1996 | 2002 | ||
| 1997 | //TODO authorization pointer will be moved as well | ||
| 1998 | //split header in "Basic" and [content] | 2003 | //split header in "Basic" and [content] |
| 1999 | credentials = strtok (authorization, delimiter); | 2004 | credentials = strtok (authorization, delimiter); |
| 2000 | if (0 != strcmp ("Basic",credentials)) | 2005 | if (0 != strcmp ("Basic",credentials)) |
| @@ -2039,6 +2044,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2039 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2044 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| 2040 | return; | 2045 | return; |
| 2041 | } | 2046 | } |
| 2047 | |||
| 2042 | //check client password | 2048 | //check client password |
| 2043 | if ( GNUNET_OK | 2049 | if ( GNUNET_OK |
| 2044 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | 2050 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
| @@ -2046,6 +2052,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2046 | { | 2052 | { |
| 2047 | if (0 != strcmp (expected_psw, psw)) | 2053 | if (0 != strcmp (expected_psw, psw)) |
| 2048 | { | 2054 | { |
| 2055 | GNUNET_free_non_null(user_psw); | ||
| 2056 | GNUNET_free(expected_psw); | ||
| 2049 | handle->emsg=GNUNET_strdup("invalid_client"); | 2057 | handle->emsg=GNUNET_strdup("invalid_client"); |
| 2050 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2058 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
| 2051 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2059 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| @@ -2055,12 +2063,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2055 | } | 2063 | } |
| 2056 | else | 2064 | else |
| 2057 | { | 2065 | { |
| 2066 | GNUNET_free_non_null(user_psw); | ||
| 2058 | handle->emsg = GNUNET_strdup("server_error"); | 2067 | handle->emsg = GNUNET_strdup("server_error"); |
| 2059 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 2068 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
| 2060 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 2069 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
| 2061 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2070 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| 2062 | return; | 2071 | return; |
| 2063 | } | 2072 | } |
| 2073 | |||
| 2064 | //check client_id | 2074 | //check client_id |
| 2065 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) | 2075 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) |
| 2066 | { | 2076 | { |
| @@ -2073,6 +2083,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2073 | } | 2083 | } |
| 2074 | if (GNUNET_NO == client_exists) | 2084 | if (GNUNET_NO == client_exists) |
| 2075 | { | 2085 | { |
| 2086 | GNUNET_free_non_null(user_psw); | ||
| 2076 | handle->emsg=GNUNET_strdup("invalid_client"); | 2087 | handle->emsg=GNUNET_strdup("invalid_client"); |
| 2077 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2088 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
| 2078 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2089 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| @@ -2090,6 +2101,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2090 | == GNUNET_CONTAINER_multihashmap_contains ( | 2101 | == GNUNET_CONTAINER_multihashmap_contains ( |
| 2091 | handle->rest_handle->url_param_map, &cache_key) ) | 2102 | handle->rest_handle->url_param_map, &cache_key) ) |
| 2092 | { | 2103 | { |
| 2104 | GNUNET_free_non_null(user_psw); | ||
| 2093 | handle->emsg = GNUNET_strdup("invalid_request"); | 2105 | handle->emsg = GNUNET_strdup("invalid_request"); |
| 2094 | handle->edesc = GNUNET_strdup("missing parameter grant_type"); | 2106 | handle->edesc = GNUNET_strdup("missing parameter grant_type"); |
| 2095 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2107 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -2105,6 +2117,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2105 | == GNUNET_CONTAINER_multihashmap_contains ( | 2117 | == GNUNET_CONTAINER_multihashmap_contains ( |
| 2106 | handle->rest_handle->url_param_map, &cache_key) ) | 2118 | handle->rest_handle->url_param_map, &cache_key) ) |
| 2107 | { | 2119 | { |
| 2120 | GNUNET_free_non_null(user_psw); | ||
| 2108 | handle->emsg = GNUNET_strdup("invalid_request"); | 2121 | handle->emsg = GNUNET_strdup("invalid_request"); |
| 2109 | handle->edesc = GNUNET_strdup("missing parameter code"); | 2122 | handle->edesc = GNUNET_strdup("missing parameter code"); |
| 2110 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2123 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -2121,6 +2134,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2121 | == GNUNET_CONTAINER_multihashmap_contains ( | 2134 | == GNUNET_CONTAINER_multihashmap_contains ( |
| 2122 | handle->rest_handle->url_param_map, &cache_key) ) | 2135 | handle->rest_handle->url_param_map, &cache_key) ) |
| 2123 | { | 2136 | { |
| 2137 | GNUNET_free_non_null(user_psw); | ||
| 2124 | handle->emsg = GNUNET_strdup("invalid_request"); | 2138 | handle->emsg = GNUNET_strdup("invalid_request"); |
| 2125 | handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); | 2139 | handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); |
| 2126 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2140 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -2134,6 +2148,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2134 | //Check parameter grant_type == "authorization_code" | 2148 | //Check parameter grant_type == "authorization_code" |
| 2135 | if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) | 2149 | if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) |
| 2136 | { | 2150 | { |
| 2151 | GNUNET_free_non_null(user_psw); | ||
| 2137 | handle->emsg=GNUNET_strdup("unsupported_grant_type"); | 2152 | handle->emsg=GNUNET_strdup("unsupported_grant_type"); |
| 2138 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2153 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| 2139 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2154 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| @@ -2144,6 +2159,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2144 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 2159 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] |
| 2145 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) | 2160 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) |
| 2146 | { | 2161 | { |
| 2162 | GNUNET_free_non_null(user_psw); | ||
| 2147 | handle->emsg=GNUNET_strdup("invalid_request"); | 2163 | handle->emsg=GNUNET_strdup("invalid_request"); |
| 2148 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | 2164 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); |
| 2149 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2165 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -2152,17 +2168,21 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2152 | return; | 2168 | return; |
| 2153 | } | 2169 | } |
| 2154 | GNUNET_free(expected_redirect_uri); | 2170 | GNUNET_free(expected_redirect_uri); |
| 2155 | GNUNET_CRYPTO_hash(code, strlen(code), &cache_key); | 2171 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); |
| 2156 | if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_ticket_once,&cache_key)) | 2172 | int i = 1; |
| 2173 | if ( GNUNET_SYSERR | ||
| 2174 | == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, | ||
| 2175 | &cache_key, | ||
| 2176 | &i, | ||
| 2177 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) | ||
| 2157 | { | 2178 | { |
| 2179 | GNUNET_free_non_null(user_psw); | ||
| 2158 | handle->emsg = GNUNET_strdup("invalid_request"); | 2180 | handle->emsg = GNUNET_strdup("invalid_request"); |
| 2159 | handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); | 2181 | handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); |
| 2160 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2182 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| 2161 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2183 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| 2162 | return; | 2184 | return; |
| 2163 | } | 2185 | } |
| 2164 | int i=1; | ||
| 2165 | GNUNET_CONTAINER_multihashmap_put(OIDC_ticket_once,&cache_key,&i,GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | ||
| 2166 | 2186 | ||
| 2167 | //decode code | 2187 | //decode code |
| 2168 | GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output); | 2188 | GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output); |
| @@ -2174,6 +2194,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2174 | 2194 | ||
| 2175 | if(ticket_string == NULL && !json_is_string(ticket_string)) | 2195 | if(ticket_string == NULL && !json_is_string(ticket_string)) |
| 2176 | { | 2196 | { |
| 2197 | GNUNET_free_non_null(user_psw); | ||
| 2177 | handle->emsg = GNUNET_strdup("invalid_request"); | 2198 | handle->emsg = GNUNET_strdup("invalid_request"); |
| 2178 | handle->edesc = GNUNET_strdup("invalid code"); | 2199 | handle->edesc = GNUNET_strdup("invalid code"); |
| 2179 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2200 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -2188,6 +2209,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2188 | ticket, | 2209 | ticket, |
| 2189 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) | 2210 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) |
| 2190 | { | 2211 | { |
| 2212 | GNUNET_free_non_null(user_psw); | ||
| 2191 | handle->emsg = GNUNET_strdup("invalid_request"); | 2213 | handle->emsg = GNUNET_strdup("invalid_request"); |
| 2192 | handle->edesc = GNUNET_strdup("invalid code"); | 2214 | handle->edesc = GNUNET_strdup("invalid code"); |
| 2193 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2215 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -2200,6 +2222,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2200 | GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); | 2222 | GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); |
| 2201 | if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) | 2223 | if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) |
| 2202 | { | 2224 | { |
| 2225 | GNUNET_free_non_null(user_psw); | ||
| 2203 | handle->emsg = GNUNET_strdup("invalid_request"); | 2226 | handle->emsg = GNUNET_strdup("invalid_request"); |
| 2204 | handle->edesc = GNUNET_strdup("invalid code"); | 2227 | handle->edesc = GNUNET_strdup("invalid code"); |
| 2205 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2228 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -2214,6 +2237,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2214 | != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", | 2237 | != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", |
| 2215 | "expiration_time", &expiration_time) ) | 2238 | "expiration_time", &expiration_time) ) |
| 2216 | { | 2239 | { |
| 2240 | GNUNET_free_non_null(user_psw); | ||
| 2217 | handle->emsg = GNUNET_strdup("server_error"); | 2241 | handle->emsg = GNUNET_strdup("server_error"); |
| 2218 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 2242 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
| 2219 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 2243 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
| @@ -2230,7 +2254,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2230 | client_id, | 2254 | client_id, |
| 2231 | strlen(client_id)); | 2255 | strlen(client_id)); |
| 2232 | //exp REQUIRED time expired from config | 2256 | //exp REQUIRED time expired from config |
| 2233 | //TODO time as seconds | ||
| 2234 | struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( | 2257 | struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( |
| 2235 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | 2258 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), |
| 2236 | expiration_time)); | 2259 | expiration_time)); |
| @@ -2241,7 +2264,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2241 | exp_time_string, | 2264 | exp_time_string, |
| 2242 | strlen(exp_time_string)); | 2265 | strlen(exp_time_string)); |
| 2243 | //iat REQUIRED time now | 2266 | //iat REQUIRED time now |
| 2244 | //TODO time as seconds | ||
| 2245 | struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); | 2267 | struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); |
| 2246 | const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); | 2268 | const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); |
| 2247 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, | 2269 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, |
| @@ -2281,6 +2303,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2281 | } | 2303 | } |
| 2282 | if ( NULL == ego_entry ) | 2304 | if ( NULL == ego_entry ) |
| 2283 | { | 2305 | { |
| 2306 | GNUNET_free_non_null(user_psw); | ||
| 2284 | handle->emsg = GNUNET_strdup("invalid_request"); | 2307 | handle->emsg = GNUNET_strdup("invalid_request"); |
| 2285 | handle->edesc = GNUNET_strdup("invalid code...."); | 2308 | handle->edesc = GNUNET_strdup("invalid code...."); |
| 2286 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2309 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
| @@ -2389,7 +2412,6 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 2389 | authorization = GNUNET_CONTAINER_multihashmap_get ( | 2412 | authorization = GNUNET_CONTAINER_multihashmap_get ( |
| 2390 | handle->rest_handle->header_param_map, &cache_key); | 2413 | handle->rest_handle->header_param_map, &cache_key); |
| 2391 | 2414 | ||
| 2392 | //TODO authorization pointer will be moved as well | ||
| 2393 | //split header in "Bearer" and access_token | 2415 | //split header in "Bearer" and access_token |
| 2394 | authorization_type = strtok (authorization, delimiter); | 2416 | authorization_type = strtok (authorization, delimiter); |
| 2395 | if ( 0 != strcmp ("Bearer", authorization_type) ) | 2417 | if ( 0 != strcmp ("Bearer", authorization_type) ) |
diff --git a/src/rest/gnunet-rest-server.c b/src/rest/gnunet-rest-server.c index fdcd4f9c5..2f840be8b 100644 --- a/src/rest/gnunet-rest-server.c +++ b/src/rest/gnunet-rest-server.c | |||
| @@ -119,6 +119,11 @@ static char* allow_origin; | |||
| 119 | static char* allow_headers; | 119 | static char* allow_headers; |
| 120 | 120 | ||
| 121 | /** | 121 | /** |
| 122 | * Allowed Credentials (CORS) | ||
| 123 | */ | ||
| 124 | static char* allow_credentials; | ||
| 125 | |||
| 126 | /** | ||
| 122 | * MHD Connection handle | 127 | * MHD Connection handle |
| 123 | */ | 128 | */ |
| 124 | struct MhdConnectionHandle | 129 | struct MhdConnectionHandle |
| @@ -301,7 +306,7 @@ post_data_iter (void *cls, | |||
| 301 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) | 306 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) |
| 302 | { | 307 | { |
| 303 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 308 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
| 304 | "Could not load add url param `%s'=%s\n", | 309 | "Could not load add url param '%s'=%s\n", |
| 305 | key, data); | 310 | key, data); |
| 306 | GNUNET_free(val); | 311 | GNUNET_free(val); |
| 307 | } | 312 | } |
| @@ -404,7 +409,7 @@ create_response (void *cls, | |||
| 404 | &header_iterator, | 409 | &header_iterator, |
| 405 | rest_conndata_handle); | 410 | rest_conndata_handle); |
| 406 | con_handle->pp = MHD_create_post_processor(con, | 411 | con_handle->pp = MHD_create_post_processor(con, |
| 407 | 4000, | 412 | 65536, |
| 408 | post_data_iter, | 413 | post_data_iter, |
| 409 | rest_conndata_handle); | 414 | rest_conndata_handle); |
| 410 | if (*upload_data_size) | 415 | if (*upload_data_size) |
| @@ -430,6 +435,12 @@ create_response (void *cls, | |||
| 430 | MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, | 435 | MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, |
| 431 | allow_origin); | 436 | allow_origin); |
| 432 | } | 437 | } |
| 438 | if (NULL != allow_credentials) | ||
| 439 | { | ||
| 440 | MHD_add_response_header (con_handle->response, | ||
| 441 | "Access-Control-Allow-Credentials", | ||
| 442 | allow_credentials); | ||
| 443 | } | ||
| 433 | if (NULL != allow_headers) | 444 | if (NULL != allow_headers) |
| 434 | { | 445 | { |
| 435 | MHD_add_response_header (con_handle->response, | 446 | MHD_add_response_header (con_handle->response, |
| @@ -660,6 +671,7 @@ do_shutdown (void *cls) | |||
| 660 | "Shutting down...\n"); | 671 | "Shutting down...\n"); |
| 661 | kill_httpd (); | 672 | kill_httpd (); |
| 662 | GNUNET_free_non_null (allow_origin); | 673 | GNUNET_free_non_null (allow_origin); |
| 674 | GNUNET_free_non_null (allow_credentials); | ||
| 663 | GNUNET_free_non_null (allow_headers); | 675 | GNUNET_free_non_null (allow_headers); |
| 664 | } | 676 | } |
| 665 | 677 | ||
| @@ -804,6 +816,15 @@ run (void *cls, | |||
| 804 | } | 816 | } |
| 805 | 817 | ||
| 806 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "rest", | 818 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "rest", |
| 819 | "REST_ALLOW_CREDENTIALS", | ||
| 820 | &allow_credentials)) | ||
| 821 | { | ||
| 822 | //No origin specified | ||
| 823 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
| 824 | "No CORS Access-Control-Allow-Origin Header will be sent...\n"); | ||
| 825 | } | ||
| 826 | |||
| 827 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "rest", | ||
| 807 | "REST_ALLOW_HEADERS", | 828 | "REST_ALLOW_HEADERS", |
| 808 | &allow_headers)) | 829 | &allow_headers)) |
| 809 | { | 830 | { |
diff --git a/src/rest/rest.conf b/src/rest/rest.conf index f74d772e8..0a919df20 100644 --- a/src/rest/rest.conf +++ b/src/rest/rest.conf | |||
| @@ -4,3 +4,4 @@ BINARY=gnunet-rest-server | |||
| 4 | REST_PORT=7776 | 4 | REST_PORT=7776 |
| 5 | REST_ALLOW_HEADERS=Authorization,Accept,Content-Type | 5 | REST_ALLOW_HEADERS=Authorization,Accept,Content-Type |
| 6 | REST_ALLOW_ORIGIN=http://localhost:8000 | 6 | REST_ALLOW_ORIGIN=http://localhost:8000 |
| 7 | REST_ALLOW_CREDENTIALS=true \ No newline at end of file | ||