diff options
| author | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2017-12-14 17:59:16 +0100 |
|---|---|---|
| committer | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2017-12-14 17:59:16 +0100 |
| commit | 3428214e4513e1539256b19502ffb085539e01b3 (patch) | |
| tree | 901c76ec821c884c5b096f3150a9a2d0abf6925a /src | |
| parent | 2e810e7d86eae7fce73f72d1b83a01e7607a357d (diff) | |
| download | gnunet-3428214e4513e1539256b19502ffb085539e01b3.tar.gz gnunet-3428214e4513e1539256b19502ffb085539e01b3.zip | |
-add todos; cleanup
Diffstat (limited to 'src')
| -rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 123 |
1 files changed, 65 insertions, 58 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index bf0ce9053..30847ed3f 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
| @@ -1133,8 +1133,13 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1133 | { | 1133 | { |
| 1134 | struct MHD_Response *resp; | 1134 | struct MHD_Response *resp; |
| 1135 | struct RequestHandle *handle = cls; | 1135 | struct RequestHandle *handle = cls; |
| 1136 | char *response_type, *client_id, *scope, *redirect_uri, *state = 0, | 1136 | char *response_type; |
| 1137 | *nonce = 0; | 1137 | char *client_id; |
| 1138 | char *scope; | ||
| 1139 | char *redirect_uri; | ||
| 1140 | char *state = NULL; | ||
| 1141 | char *nonce = NULL; | ||
| 1142 | //TODO use gnunet_time_lib | ||
| 1138 | struct timeval now, login_time; | 1143 | struct timeval now, login_time; |
| 1139 | OIDC_authorized_identities = GNUNET_CONTAINER_multihashmap_create( 10, GNUNET_NO ); | 1144 | OIDC_authorized_identities = GNUNET_CONTAINER_multihashmap_create( 10, GNUNET_NO ); |
| 1140 | char *login_base_url, *new_redirect; | 1145 | char *login_base_url, *new_redirect; |
| @@ -1175,6 +1180,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1175 | &cache_key); | 1180 | &cache_key); |
| 1176 | 1181 | ||
| 1177 | // Checks if client_id is valid: | 1182 | // Checks if client_id is valid: |
| 1183 | // TODO use GNUNET_NAMESTORE_zone_to_name() function to verify that a delegation to the client_id exists | ||
| 1178 | // TODO change check (lookup trusted public_key?) | 1184 | // TODO change check (lookup trusted public_key?) |
| 1179 | // if( strcmp( client_id, "localhost" ) != 0 ) | 1185 | // if( strcmp( client_id, "localhost" ) != 0 ) |
| 1180 | // { | 1186 | // { |
| @@ -1185,6 +1191,7 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1185 | // } | 1191 | // } |
| 1186 | 1192 | ||
| 1187 | // REQUIRED value: redirect_uri | 1193 | // REQUIRED value: redirect_uri |
| 1194 | // TODO verify the redirect uri matches https://<client_id>.zkey[/xyz] | ||
| 1188 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), | 1195 | GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY), |
| 1189 | &cache_key); | 1196 | &cache_key); |
| 1190 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, | 1197 | if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map, |
| @@ -1308,26 +1315,26 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1308 | &cache_key); | 1315 | &cache_key); |
| 1309 | //No Authorization Parameter -> redirect to login | 1316 | //No Authorization Parameter -> redirect to login |
| 1310 | if(GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(con_handle->header_param_map, | 1317 | if(GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains(con_handle->header_param_map, |
| 1311 | &cache_key)) | 1318 | &cache_key)) |
| 1312 | { | 1319 | { |
| 1313 | if ( GNUNET_OK | 1320 | if ( GNUNET_OK |
| 1314 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | 1321 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
| 1315 | "address", &login_base_url) ) | 1322 | "address", &login_base_url) ) |
| 1316 | { | 1323 | { |
| 1317 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 1324 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
| 1318 | login_base_url, | 1325 | login_base_url, |
| 1319 | OIDC_RESPONSE_TYPE_KEY, | 1326 | OIDC_RESPONSE_TYPE_KEY, |
| 1320 | response_type, | 1327 | response_type, |
| 1321 | OIDC_CLIENT_ID_KEY, | 1328 | OIDC_CLIENT_ID_KEY, |
| 1322 | client_id, | 1329 | client_id, |
| 1323 | OIDC_REDIRECT_URI_KEY, | 1330 | OIDC_REDIRECT_URI_KEY, |
| 1324 | redirect_uri, | 1331 | redirect_uri, |
| 1325 | OIDC_SCOPE_KEY, | 1332 | OIDC_SCOPE_KEY, |
| 1326 | scope, | 1333 | scope, |
| 1327 | OIDC_STATE_KEY, | 1334 | OIDC_STATE_KEY, |
| 1328 | (state) ? state : "", | 1335 | (NULL == state) ? state : "", |
| 1329 | OIDC_NONCE_KEY, | 1336 | OIDC_NONCE_KEY, |
| 1330 | (nonce) ? nonce : ""); | 1337 | (NULL == nonce) ? nonce : ""); |
| 1331 | resp = GNUNET_REST_create_response (""); | 1338 | resp = GNUNET_REST_create_response (""); |
| 1332 | MHD_add_response_header (resp, "Location", new_redirect); | 1339 | MHD_add_response_header (resp, "Location", new_redirect); |
| 1333 | } | 1340 | } |
| @@ -1346,60 +1353,60 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1346 | else | 1353 | else |
| 1347 | { | 1354 | { |
| 1348 | char* identity = GNUNET_CONTAINER_multihashmap_get ( con_handle->header_param_map, | 1355 | char* identity = GNUNET_CONTAINER_multihashmap_get ( con_handle->header_param_map, |
| 1349 | &cache_key); | 1356 | &cache_key); |
| 1350 | GNUNET_CRYPTO_hash (identity, strlen (identity), &cache_key); | 1357 | GNUNET_CRYPTO_hash (identity, strlen (identity), &cache_key); |
| 1351 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_authorized_identities, | 1358 | if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_authorized_identities, |
| 1352 | &cache_key)) | 1359 | &cache_key)) |
| 1353 | { | 1360 | { |
| 1354 | login_time = *(struct timeval *)GNUNET_CONTAINER_multihashmap_get(OIDC_authorized_identities, | 1361 | login_time = *(struct timeval *)GNUNET_CONTAINER_multihashmap_get(OIDC_authorized_identities, |
| 1355 | &cache_key); | 1362 | &cache_key); |
| 1356 | gettimeofday(&now, NULL); | 1363 | gettimeofday(&now, NULL); |
| 1357 | //After 30 minutes redirect to login | 1364 | //After 30 minutes redirect to login |
| 1358 | if( now.tv_sec - login_time.tv_sec >= 1800) | 1365 | if( now.tv_sec - login_time.tv_sec >= 1800) |
| 1359 | { | 1366 | { |
| 1360 | //TODO remove redundancy [redirect to login] | 1367 | //TODO remove redundancy [redirect to login] |
| 1361 | if ( GNUNET_OK | 1368 | if ( GNUNET_OK |
| 1362 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", | 1369 | == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin", |
| 1363 | "address", &login_base_url) ) | 1370 | "address", &login_base_url) ) |
| 1364 | { | 1371 | { |
| 1365 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", | 1372 | GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", |
| 1366 | login_base_url, | 1373 | login_base_url, |
| 1367 | OIDC_RESPONSE_TYPE_KEY, | 1374 | OIDC_RESPONSE_TYPE_KEY, |
| 1368 | response_type, | 1375 | response_type, |
| 1369 | OIDC_CLIENT_ID_KEY, | 1376 | OIDC_CLIENT_ID_KEY, |
| 1370 | client_id, | 1377 | client_id, |
| 1371 | OIDC_REDIRECT_URI_KEY, | 1378 | OIDC_REDIRECT_URI_KEY, |
| 1372 | redirect_uri, | 1379 | redirect_uri, |
| 1373 | OIDC_SCOPE_KEY, | 1380 | OIDC_SCOPE_KEY, |
| 1374 | scope, | 1381 | scope, |
| 1375 | OIDC_STATE_KEY, | 1382 | OIDC_STATE_KEY, |
| 1376 | (state) ? state : "", | 1383 | (state) ? state : "", |
| 1377 | OIDC_NONCE_KEY, | 1384 | OIDC_NONCE_KEY, |
| 1378 | (nonce) ? nonce : ""); | 1385 | (nonce) ? nonce : ""); |
| 1379 | resp = GNUNET_REST_create_response (""); | 1386 | resp = GNUNET_REST_create_response (""); |
| 1380 | MHD_add_response_header (resp, "Location", new_redirect); | 1387 | MHD_add_response_header (resp, "Location", new_redirect); |
| 1381 | } | 1388 | } |
| 1382 | else | 1389 | else |
| 1383 | { | 1390 | { |
| 1384 | handle->emsg = GNUNET_strdup("No server configuration"); | 1391 | handle->emsg = GNUNET_strdup("No server configuration"); |
| 1385 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; | 1392 | handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; |
| 1386 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 1393 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
| 1387 | return; | 1394 | return; |
| 1388 | } | 1395 | } |
| 1389 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1396 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
| 1390 | cleanup_handle (handle); | 1397 | cleanup_handle (handle); |
| 1391 | GNUNET_free(new_redirect); | 1398 | GNUNET_free(new_redirect); |
| 1392 | return; | 1399 | return; |
| 1393 | } | 1400 | } |
| 1394 | } | 1401 | } |
| 1395 | else | 1402 | else |
| 1396 | { | 1403 | { |
| 1397 | gettimeofday( &now, NULL ); | 1404 | gettimeofday( &now, NULL ); |
| 1398 | GNUNET_CONTAINER_multihashmap_put( OIDC_authorized_identities, &cache_key, &now, | 1405 | GNUNET_CONTAINER_multihashmap_put( OIDC_authorized_identities, &cache_key, &now, |
| 1399 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); | 1406 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); |
| 1400 | } | 1407 | } |
| 1401 | resp = GNUNET_REST_create_response (""); | 1408 | resp = GNUNET_REST_create_response (""); |
| 1402 | // MHD_add_response_header (resp, "Access-Control-Allow-Origin", "*"); | 1409 | // MHD_add_response_header (resp, "Access-Control-Allow-Origin", "*"); |
| 1403 | MHD_add_response_header (resp, "Location", redirect_uri); | 1410 | MHD_add_response_header (resp, "Location", redirect_uri); |
| 1404 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1411 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
| 1405 | cleanup_handle (handle); | 1412 | cleanup_handle (handle); |
| @@ -1417,8 +1424,8 @@ authorize_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
| 1417 | */ | 1424 | */ |
| 1418 | static void | 1425 | static void |
| 1419 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, | 1426 | login_cont (struct GNUNET_REST_RequestHandle *con_handle, |
| 1420 | const char* url, | 1427 | const char* url, |
| 1421 | void *cls) | 1428 | void *cls) |
| 1422 | { | 1429 | { |
| 1423 | struct MHD_Response *resp = GNUNET_REST_create_response (""); | 1430 | struct MHD_Response *resp = GNUNET_REST_create_response (""); |
| 1424 | struct RequestHandle *handle = cls; | 1431 | struct RequestHandle *handle = cls; |