diff options
author | Phil <phil.buschmann@tum.de> | 2018-02-26 17:01:24 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-02-26 17:01:24 +0100 |
commit | 2363773d8a81d253614fa3892cead6ebab69c246 (patch) | |
tree | 9008c0907e1bcb04ad80e85e86d467d8b920af82 /src | |
parent | bbe8e9a4e5bc9b60a5cc5f54385e6252a0487aea (diff) | |
download | gnunet-2363773d8a81d253614fa3892cead6ebab69c246.tar.gz gnunet-2363773d8a81d253614fa3892cead6ebab69c246.zip |
-token endpoint fix wip
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 50 | ||||
-rw-r--r-- | src/rest/gnunet-rest-server.c | 25 | ||||
-rw-r--r-- | src/rest/rest.conf | 1 |
3 files changed, 60 insertions, 16 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 033c6e4ba..9ba73ff1c 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -1530,6 +1530,7 @@ oidc_attr_collect (void *cls, | |||
1530 | if ( NULL == scope_variable ) | 1530 | if ( NULL == scope_variable ) |
1531 | { | 1531 | { |
1532 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); | 1532 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it); |
1533 | GNUNET_free(scope_variables); | ||
1533 | return; | 1534 | return; |
1534 | } | 1535 | } |
1535 | GNUNET_free(scope_variables); | 1536 | GNUNET_free(scope_variables); |
@@ -1717,6 +1718,7 @@ static void namestore_iteration_finished (void *cls) | |||
1717 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 1718 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] |
1718 | if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri, strlen(expected_redirect_uri)) ) | 1719 | if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri, strlen(expected_redirect_uri)) ) |
1719 | { | 1720 | { |
1721 | handle->oidc->redirect_uri = NULL; | ||
1720 | handle->emsg=GNUNET_strdup("invalid_request"); | 1722 | handle->emsg=GNUNET_strdup("invalid_request"); |
1721 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | 1723 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); |
1722 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1724 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -1795,21 +1797,23 @@ static void namestore_iteration_finished (void *cls) | |||
1795 | 1797 | ||
1796 | // Checks if scope contains 'openid' | 1798 | // Checks if scope contains 'openid' |
1797 | expected_scope = GNUNET_strdup(handle->oidc->scope); | 1799 | expected_scope = GNUNET_strdup(handle->oidc->scope); |
1798 | expected_scope = strtok (expected_scope, delimiter); | 1800 | char* test; |
1799 | while (NULL != expected_scope) | 1801 | test = strtok (expected_scope, delimiter); |
1802 | while (NULL != test) | ||
1800 | { | 1803 | { |
1801 | if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) | 1804 | if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) ) |
1802 | { | 1805 | { |
1803 | break; | 1806 | break; |
1804 | } | 1807 | } |
1805 | expected_scope = strtok (NULL, delimiter); | 1808 | test = strtok (NULL, delimiter); |
1806 | } | 1809 | } |
1807 | if (NULL == expected_scope) | 1810 | if (NULL == test) |
1808 | { | 1811 | { |
1809 | handle->emsg = GNUNET_strdup("invalid_scope"); | 1812 | handle->emsg = GNUNET_strdup("invalid_scope"); |
1810 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " | 1813 | handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or " |
1811 | "malformed."); | 1814 | "malformed."); |
1812 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | 1815 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); |
1816 | GNUNET_free(expected_scope); | ||
1813 | return; | 1817 | return; |
1814 | } | 1818 | } |
1815 | 1819 | ||
@@ -1927,7 +1931,8 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1927 | if ( json_is_string(identity) ) | 1931 | if ( json_is_string(identity) ) |
1928 | { | 1932 | { |
1929 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); | 1933 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); |
1930 | 1934 | MHD_add_response_header (resp, "Set-Cookie", cookie); | |
1935 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); | ||
1931 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); | 1936 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); |
1932 | 1937 | ||
1933 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); | 1938 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); |
@@ -1944,12 +1949,12 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1944 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 1949 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1945 | 1950 | ||
1946 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | 1951 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); |
1952 | GNUNET_free(cookie); | ||
1947 | } | 1953 | } |
1948 | else | 1954 | else |
1949 | { | 1955 | { |
1950 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | 1956 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
1951 | } | 1957 | } |
1952 | GNUNET_free(cookie); | ||
1953 | json_decref (root); | 1958 | json_decref (root); |
1954 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1959 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1955 | return; | 1960 | return; |
@@ -1962,6 +1967,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1962 | { | 1967 | { |
1963 | //TODO static strings | 1968 | //TODO static strings |
1964 | 1969 | ||
1970 | //TODO WWW-Authenticate 401 | ||
1965 | struct RequestHandle *handle = cls; | 1971 | struct RequestHandle *handle = cls; |
1966 | struct GNUNET_HashCode cache_key; | 1972 | struct GNUNET_HashCode cache_key; |
1967 | char *authorization, *credentials; | 1973 | char *authorization, *credentials; |
@@ -1994,7 +2000,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1994 | } | 2000 | } |
1995 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | 2001 | authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); |
1996 | 2002 | ||
1997 | //TODO authorization pointer will be moved as well | ||
1998 | //split header in "Basic" and [content] | 2003 | //split header in "Basic" and [content] |
1999 | credentials = strtok (authorization, delimiter); | 2004 | credentials = strtok (authorization, delimiter); |
2000 | if (0 != strcmp ("Basic",credentials)) | 2005 | if (0 != strcmp ("Basic",credentials)) |
@@ -2039,6 +2044,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2039 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2044 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2040 | return; | 2045 | return; |
2041 | } | 2046 | } |
2047 | |||
2042 | //check client password | 2048 | //check client password |
2043 | if ( GNUNET_OK | 2049 | if ( GNUNET_OK |
2044 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | 2050 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
@@ -2046,6 +2052,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2046 | { | 2052 | { |
2047 | if (0 != strcmp (expected_psw, psw)) | 2053 | if (0 != strcmp (expected_psw, psw)) |
2048 | { | 2054 | { |
2055 | GNUNET_free_non_null(user_psw); | ||
2056 | GNUNET_free(expected_psw); | ||
2049 | handle->emsg=GNUNET_strdup("invalid_client"); | 2057 | handle->emsg=GNUNET_strdup("invalid_client"); |
2050 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2058 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2051 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2059 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -2055,12 +2063,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2055 | } | 2063 | } |
2056 | else | 2064 | else |
2057 | { | 2065 | { |
2066 | GNUNET_free_non_null(user_psw); | ||
2058 | handle->emsg = GNUNET_strdup("server_error"); | 2067 | handle->emsg = GNUNET_strdup("server_error"); |
2059 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 2068 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
2060 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 2069 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
2061 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2070 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2062 | return; | 2071 | return; |
2063 | } | 2072 | } |
2073 | |||
2064 | //check client_id | 2074 | //check client_id |
2065 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) | 2075 | for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; ) |
2066 | { | 2076 | { |
@@ -2073,6 +2083,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2073 | } | 2083 | } |
2074 | if (GNUNET_NO == client_exists) | 2084 | if (GNUNET_NO == client_exists) |
2075 | { | 2085 | { |
2086 | GNUNET_free_non_null(user_psw); | ||
2076 | handle->emsg=GNUNET_strdup("invalid_client"); | 2087 | handle->emsg=GNUNET_strdup("invalid_client"); |
2077 | handle->response_code = MHD_HTTP_UNAUTHORIZED; | 2088 | handle->response_code = MHD_HTTP_UNAUTHORIZED; |
2078 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2089 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -2090,6 +2101,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2090 | == GNUNET_CONTAINER_multihashmap_contains ( | 2101 | == GNUNET_CONTAINER_multihashmap_contains ( |
2091 | handle->rest_handle->url_param_map, &cache_key) ) | 2102 | handle->rest_handle->url_param_map, &cache_key) ) |
2092 | { | 2103 | { |
2104 | GNUNET_free_non_null(user_psw); | ||
2093 | handle->emsg = GNUNET_strdup("invalid_request"); | 2105 | handle->emsg = GNUNET_strdup("invalid_request"); |
2094 | handle->edesc = GNUNET_strdup("missing parameter grant_type"); | 2106 | handle->edesc = GNUNET_strdup("missing parameter grant_type"); |
2095 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2107 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2105,6 +2117,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2105 | == GNUNET_CONTAINER_multihashmap_contains ( | 2117 | == GNUNET_CONTAINER_multihashmap_contains ( |
2106 | handle->rest_handle->url_param_map, &cache_key) ) | 2118 | handle->rest_handle->url_param_map, &cache_key) ) |
2107 | { | 2119 | { |
2120 | GNUNET_free_non_null(user_psw); | ||
2108 | handle->emsg = GNUNET_strdup("invalid_request"); | 2121 | handle->emsg = GNUNET_strdup("invalid_request"); |
2109 | handle->edesc = GNUNET_strdup("missing parameter code"); | 2122 | handle->edesc = GNUNET_strdup("missing parameter code"); |
2110 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2123 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2121,6 +2134,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2121 | == GNUNET_CONTAINER_multihashmap_contains ( | 2134 | == GNUNET_CONTAINER_multihashmap_contains ( |
2122 | handle->rest_handle->url_param_map, &cache_key) ) | 2135 | handle->rest_handle->url_param_map, &cache_key) ) |
2123 | { | 2136 | { |
2137 | GNUNET_free_non_null(user_psw); | ||
2124 | handle->emsg = GNUNET_strdup("invalid_request"); | 2138 | handle->emsg = GNUNET_strdup("invalid_request"); |
2125 | handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); | 2139 | handle->edesc = GNUNET_strdup("missing parameter redirect_uri"); |
2126 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2140 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2134,6 +2148,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2134 | //Check parameter grant_type == "authorization_code" | 2148 | //Check parameter grant_type == "authorization_code" |
2135 | if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) | 2149 | if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type)) |
2136 | { | 2150 | { |
2151 | GNUNET_free_non_null(user_psw); | ||
2137 | handle->emsg=GNUNET_strdup("unsupported_grant_type"); | 2152 | handle->emsg=GNUNET_strdup("unsupported_grant_type"); |
2138 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2153 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
2139 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2154 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
@@ -2144,6 +2159,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2144 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] | 2159 | // verify the redirect uri matches https://<client_id>.zkey[/xyz] |
2145 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) | 2160 | if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) ) |
2146 | { | 2161 | { |
2162 | GNUNET_free_non_null(user_psw); | ||
2147 | handle->emsg=GNUNET_strdup("invalid_request"); | 2163 | handle->emsg=GNUNET_strdup("invalid_request"); |
2148 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); | 2164 | handle->edesc=GNUNET_strdup("Invalid redirect_uri"); |
2149 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2165 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2152,17 +2168,21 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2152 | return; | 2168 | return; |
2153 | } | 2169 | } |
2154 | GNUNET_free(expected_redirect_uri); | 2170 | GNUNET_free(expected_redirect_uri); |
2155 | GNUNET_CRYPTO_hash(code, strlen(code), &cache_key); | 2171 | GNUNET_CRYPTO_hash (code, strlen (code), &cache_key); |
2156 | if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_ticket_once,&cache_key)) | 2172 | int i = 1; |
2173 | if ( GNUNET_SYSERR | ||
2174 | == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once, | ||
2175 | &cache_key, | ||
2176 | &i, | ||
2177 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) ) | ||
2157 | { | 2178 | { |
2179 | GNUNET_free_non_null(user_psw); | ||
2158 | handle->emsg = GNUNET_strdup("invalid_request"); | 2180 | handle->emsg = GNUNET_strdup("invalid_request"); |
2159 | handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); | 2181 | handle->edesc = GNUNET_strdup("Cannot use the same code more than once"); |
2160 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2182 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
2161 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 2183 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
2162 | return; | 2184 | return; |
2163 | } | 2185 | } |
2164 | int i=1; | ||
2165 | GNUNET_CONTAINER_multihashmap_put(OIDC_ticket_once,&cache_key,&i,GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | ||
2166 | 2186 | ||
2167 | //decode code | 2187 | //decode code |
2168 | GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output); | 2188 | GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output); |
@@ -2174,6 +2194,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2174 | 2194 | ||
2175 | if(ticket_string == NULL && !json_is_string(ticket_string)) | 2195 | if(ticket_string == NULL && !json_is_string(ticket_string)) |
2176 | { | 2196 | { |
2197 | GNUNET_free_non_null(user_psw); | ||
2177 | handle->emsg = GNUNET_strdup("invalid_request"); | 2198 | handle->emsg = GNUNET_strdup("invalid_request"); |
2178 | handle->edesc = GNUNET_strdup("invalid code"); | 2199 | handle->edesc = GNUNET_strdup("invalid code"); |
2179 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2200 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2188,6 +2209,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2188 | ticket, | 2209 | ticket, |
2189 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) | 2210 | sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket))) |
2190 | { | 2211 | { |
2212 | GNUNET_free_non_null(user_psw); | ||
2191 | handle->emsg = GNUNET_strdup("invalid_request"); | 2213 | handle->emsg = GNUNET_strdup("invalid_request"); |
2192 | handle->edesc = GNUNET_strdup("invalid code"); | 2214 | handle->edesc = GNUNET_strdup("invalid code"); |
2193 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2215 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2200,6 +2222,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2200 | GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); | 2222 | GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key); |
2201 | if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) | 2223 | if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) |
2202 | { | 2224 | { |
2225 | GNUNET_free_non_null(user_psw); | ||
2203 | handle->emsg = GNUNET_strdup("invalid_request"); | 2226 | handle->emsg = GNUNET_strdup("invalid_request"); |
2204 | handle->edesc = GNUNET_strdup("invalid code"); | 2227 | handle->edesc = GNUNET_strdup("invalid code"); |
2205 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2228 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2214,6 +2237,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2214 | != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", | 2237 | != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin", |
2215 | "expiration_time", &expiration_time) ) | 2238 | "expiration_time", &expiration_time) ) |
2216 | { | 2239 | { |
2240 | GNUNET_free_non_null(user_psw); | ||
2217 | handle->emsg = GNUNET_strdup("server_error"); | 2241 | handle->emsg = GNUNET_strdup("server_error"); |
2218 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); | 2242 | handle->edesc = GNUNET_strdup ("gnunet configuration failed"); |
2219 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 2243 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
@@ -2230,7 +2254,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2230 | client_id, | 2254 | client_id, |
2231 | strlen(client_id)); | 2255 | strlen(client_id)); |
2232 | //exp REQUIRED time expired from config | 2256 | //exp REQUIRED time expired from config |
2233 | //TODO time as seconds | ||
2234 | struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( | 2257 | struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute ( |
2235 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | 2258 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), |
2236 | expiration_time)); | 2259 | expiration_time)); |
@@ -2241,7 +2264,6 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2241 | exp_time_string, | 2264 | exp_time_string, |
2242 | strlen(exp_time_string)); | 2265 | strlen(exp_time_string)); |
2243 | //iat REQUIRED time now | 2266 | //iat REQUIRED time now |
2244 | //TODO time as seconds | ||
2245 | struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); | 2267 | struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get(); |
2246 | const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); | 2268 | const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now); |
2247 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, | 2269 | GNUNET_IDENTITY_ATTRIBUTE_list_add (cl, |
@@ -2281,6 +2303,7 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2281 | } | 2303 | } |
2282 | if ( NULL == ego_entry ) | 2304 | if ( NULL == ego_entry ) |
2283 | { | 2305 | { |
2306 | GNUNET_free_non_null(user_psw); | ||
2284 | handle->emsg = GNUNET_strdup("invalid_request"); | 2307 | handle->emsg = GNUNET_strdup("invalid_request"); |
2285 | handle->edesc = GNUNET_strdup("invalid code...."); | 2308 | handle->edesc = GNUNET_strdup("invalid code...."); |
2286 | handle->response_code = MHD_HTTP_BAD_REQUEST; | 2309 | handle->response_code = MHD_HTTP_BAD_REQUEST; |
@@ -2389,7 +2412,6 @@ userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
2389 | authorization = GNUNET_CONTAINER_multihashmap_get ( | 2412 | authorization = GNUNET_CONTAINER_multihashmap_get ( |
2390 | handle->rest_handle->header_param_map, &cache_key); | 2413 | handle->rest_handle->header_param_map, &cache_key); |
2391 | 2414 | ||
2392 | //TODO authorization pointer will be moved as well | ||
2393 | //split header in "Bearer" and access_token | 2415 | //split header in "Bearer" and access_token |
2394 | authorization_type = strtok (authorization, delimiter); | 2416 | authorization_type = strtok (authorization, delimiter); |
2395 | if ( 0 != strcmp ("Bearer", authorization_type) ) | 2417 | if ( 0 != strcmp ("Bearer", authorization_type) ) |
diff --git a/src/rest/gnunet-rest-server.c b/src/rest/gnunet-rest-server.c index fdcd4f9c5..2f840be8b 100644 --- a/src/rest/gnunet-rest-server.c +++ b/src/rest/gnunet-rest-server.c | |||
@@ -119,6 +119,11 @@ static char* allow_origin; | |||
119 | static char* allow_headers; | 119 | static char* allow_headers; |
120 | 120 | ||
121 | /** | 121 | /** |
122 | * Allowed Credentials (CORS) | ||
123 | */ | ||
124 | static char* allow_credentials; | ||
125 | |||
126 | /** | ||
122 | * MHD Connection handle | 127 | * MHD Connection handle |
123 | */ | 128 | */ |
124 | struct MhdConnectionHandle | 129 | struct MhdConnectionHandle |
@@ -301,7 +306,7 @@ post_data_iter (void *cls, | |||
301 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) | 306 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) |
302 | { | 307 | { |
303 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 308 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
304 | "Could not load add url param `%s'=%s\n", | 309 | "Could not load add url param '%s'=%s\n", |
305 | key, data); | 310 | key, data); |
306 | GNUNET_free(val); | 311 | GNUNET_free(val); |
307 | } | 312 | } |
@@ -404,7 +409,7 @@ create_response (void *cls, | |||
404 | &header_iterator, | 409 | &header_iterator, |
405 | rest_conndata_handle); | 410 | rest_conndata_handle); |
406 | con_handle->pp = MHD_create_post_processor(con, | 411 | con_handle->pp = MHD_create_post_processor(con, |
407 | 4000, | 412 | 65536, |
408 | post_data_iter, | 413 | post_data_iter, |
409 | rest_conndata_handle); | 414 | rest_conndata_handle); |
410 | if (*upload_data_size) | 415 | if (*upload_data_size) |
@@ -430,6 +435,12 @@ create_response (void *cls, | |||
430 | MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, | 435 | MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, |
431 | allow_origin); | 436 | allow_origin); |
432 | } | 437 | } |
438 | if (NULL != allow_credentials) | ||
439 | { | ||
440 | MHD_add_response_header (con_handle->response, | ||
441 | "Access-Control-Allow-Credentials", | ||
442 | allow_credentials); | ||
443 | } | ||
433 | if (NULL != allow_headers) | 444 | if (NULL != allow_headers) |
434 | { | 445 | { |
435 | MHD_add_response_header (con_handle->response, | 446 | MHD_add_response_header (con_handle->response, |
@@ -660,6 +671,7 @@ do_shutdown (void *cls) | |||
660 | "Shutting down...\n"); | 671 | "Shutting down...\n"); |
661 | kill_httpd (); | 672 | kill_httpd (); |
662 | GNUNET_free_non_null (allow_origin); | 673 | GNUNET_free_non_null (allow_origin); |
674 | GNUNET_free_non_null (allow_credentials); | ||
663 | GNUNET_free_non_null (allow_headers); | 675 | GNUNET_free_non_null (allow_headers); |
664 | } | 676 | } |
665 | 677 | ||
@@ -804,6 +816,15 @@ run (void *cls, | |||
804 | } | 816 | } |
805 | 817 | ||
806 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "rest", | 818 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "rest", |
819 | "REST_ALLOW_CREDENTIALS", | ||
820 | &allow_credentials)) | ||
821 | { | ||
822 | //No origin specified | ||
823 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
824 | "No CORS Access-Control-Allow-Origin Header will be sent...\n"); | ||
825 | } | ||
826 | |||
827 | if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "rest", | ||
807 | "REST_ALLOW_HEADERS", | 828 | "REST_ALLOW_HEADERS", |
808 | &allow_headers)) | 829 | &allow_headers)) |
809 | { | 830 | { |
diff --git a/src/rest/rest.conf b/src/rest/rest.conf index f74d772e8..0a919df20 100644 --- a/src/rest/rest.conf +++ b/src/rest/rest.conf | |||
@@ -4,3 +4,4 @@ BINARY=gnunet-rest-server | |||
4 | REST_PORT=7776 | 4 | REST_PORT=7776 |
5 | REST_ALLOW_HEADERS=Authorization,Accept,Content-Type | 5 | REST_ALLOW_HEADERS=Authorization,Accept,Content-Type |
6 | REST_ALLOW_ORIGIN=http://localhost:8000 | 6 | REST_ALLOW_ORIGIN=http://localhost:8000 |
7 | REST_ALLOW_CREDENTIALS=true \ No newline at end of file | ||