diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2018-11-28 08:46:36 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2018-11-28 08:46:36 +0100 |
commit | 6af0c6d7c6b7f915b832df2bbb907e688deaa452 (patch) | |
tree | 5abe642047628b6b021a1638245a2bd73d9be447 /src | |
parent | 1eaf5ebe2fd89dfeaad71f9f511e919b72a715f0 (diff) | |
download | gnunet-6af0c6d7c6b7f915b832df2bbb907e688deaa452.tar.gz gnunet-6af0c6d7c6b7f915b832df2bbb907e688deaa452.zip |
REST: refactor OIDC plugin, towards cancel logic
Diffstat (limited to 'src')
-rw-r--r-- | src/rest-plugins/plugin_rest_openid_connect.c | 385 |
1 files changed, 215 insertions, 170 deletions
diff --git a/src/rest-plugins/plugin_rest_openid_connect.c b/src/rest-plugins/plugin_rest_openid_connect.c index 3a0106c10..9325d5825 100644 --- a/src/rest-plugins/plugin_rest_openid_connect.c +++ b/src/rest-plugins/plugin_rest_openid_connect.c | |||
@@ -136,6 +136,11 @@ | |||
136 | #define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" | 136 | #define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity=" |
137 | 137 | ||
138 | /** | 138 | /** |
139 | * OIDC cookie header if user cancelled | ||
140 | */ | ||
141 | #define OIDC_COOKIE_HEADER_ACCESS_DENIED "Identity=Denied" | ||
142 | |||
143 | /** | ||
139 | * OIDC expected response_type while authorizing | 144 | * OIDC expected response_type while authorizing |
140 | */ | 145 | */ |
141 | #define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" | 146 | #define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code" |
@@ -243,6 +248,11 @@ struct OIDC_Variables | |||
243 | char *login_identity; | 248 | char *login_identity; |
244 | 249 | ||
245 | /** | 250 | /** |
251 | * User cancelled authorization/login | ||
252 | */ | ||
253 | int user_cancelled; | ||
254 | |||
255 | /** | ||
246 | * The response JSON | 256 | * The response JSON |
247 | */ | 257 | */ |
248 | json_t *response; | 258 | json_t *response; |
@@ -705,6 +715,7 @@ options_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
705 | return; | 715 | return; |
706 | } | 716 | } |
707 | 717 | ||
718 | |||
708 | /** | 719 | /** |
709 | * Interprets cookie header and pass its identity keystring to handle | 720 | * Interprets cookie header and pass its identity keystring to handle |
710 | */ | 721 | */ |
@@ -719,49 +730,70 @@ cookie_identity_interpretation (struct RequestHandle *handle) | |||
719 | //gets identity of login try with cookie | 730 | //gets identity of login try with cookie |
720 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | 731 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), |
721 | &cache_key); | 732 | &cache_key); |
722 | if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | 733 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, |
723 | &cache_key) ) | 734 | &cache_key) ) |
724 | { | 735 | { |
725 | //splits cookies and find 'Identity' cookie | 736 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
726 | cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | 737 | "No cookie found\n"); |
727 | handle->oidc->login_identity = strtok(cookies, delimiter); | 738 | return; |
739 | } | ||
740 | //splits cookies and find 'Identity' cookie | ||
741 | cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key); | ||
742 | handle->oidc->login_identity = strtok (cookies, delimiter); | ||
743 | handle->oidc->user_cancelled = GNUNET_NO; | ||
728 | 744 | ||
729 | while ( NULL != handle->oidc->login_identity ) | 745 | if (NULL == handle->oidc->login_identity) |
730 | { | 746 | { |
731 | if ( NULL != strstr (handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY) ) | 747 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
732 | { | 748 | "Unable to parse cookie: %s\n", |
733 | break; | 749 | cookies); |
734 | } | 750 | return; |
735 | handle->oidc->login_identity = strtok (NULL, delimiter); | 751 | } |
736 | } | 752 | |
737 | GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity), | 753 | while ( NULL != handle->oidc->login_identity ) |
738 | &cache_key); | 754 | { |
739 | if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) ) | 755 | if ( 0 == strcmp (handle->oidc->login_identity, |
740 | { | 756 | OIDC_COOKIE_HEADER_ACCESS_DENIED)) |
741 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, | ||
742 | &cache_key); | ||
743 | current_time = GNUNET_TIME_absolute_get (); | ||
744 | // 30 min after old login -> redirect to login | ||
745 | if ( current_time.abs_value_us <= relog_time->abs_value_us ) | ||
746 | { | ||
747 | handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY); | ||
748 | handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity); | ||
749 | } else { | ||
750 | handle->oidc->login_identity = NULL; | ||
751 | } | ||
752 | } | ||
753 | else | ||
754 | { | 757 | { |
758 | handle->oidc->user_cancelled = GNUNET_YES; | ||
755 | handle->oidc->login_identity = NULL; | 759 | handle->oidc->login_identity = NULL; |
760 | return; | ||
756 | } | 761 | } |
762 | if ( NULL != strstr (handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY) ) | ||
763 | break; | ||
764 | handle->oidc->login_identity = strtok (NULL, delimiter); | ||
757 | } | 765 | } |
766 | GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity), | ||
767 | &cache_key); | ||
768 | if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) ) | ||
769 | { | ||
770 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
771 | "Found cookie `%s', but no corresponding expiration entry present...\n", | ||
772 | handle->oidc->login_identity); | ||
773 | handle->oidc->login_identity = NULL; | ||
774 | return; | ||
775 | } | ||
776 | relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time, | ||
777 | &cache_key); | ||
778 | current_time = GNUNET_TIME_absolute_get (); | ||
779 | // 30 min after old login -> redirect to login | ||
780 | if ( current_time.abs_value_us > relog_time->abs_value_us ) | ||
781 | { | ||
782 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
783 | "Found cookie `%s', but it is expired.\n", | ||
784 | handle->oidc->login_identity); | ||
785 | handle->oidc->login_identity = NULL; | ||
786 | return; | ||
787 | } | ||
788 | handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY); | ||
789 | handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity); | ||
758 | } | 790 | } |
759 | 791 | ||
760 | /** | 792 | /** |
761 | * Redirects to login page stored in configuration file | 793 | * Redirects to login page stored in configuration file |
762 | */ | 794 | */ |
763 | static void | 795 | static void |
764 | login_redirection(void *cls) | 796 | login_redirect (void *cls) |
765 | { | 797 | { |
766 | char *login_base_url; | 798 | char *login_base_url; |
767 | char *new_redirect; | 799 | char *new_redirect; |
@@ -815,12 +847,14 @@ oidc_iteration_error (void *cls) | |||
815 | GNUNET_SCHEDULER_add_now (&do_error, handle); | 847 | GNUNET_SCHEDULER_add_now (&do_error, handle); |
816 | } | 848 | } |
817 | 849 | ||
850 | |||
851 | /** | ||
852 | * Issues ticket and redirects to relying party with the authorization code as | ||
853 | * parameter. Otherwise redirects with error | ||
854 | */ | ||
818 | static void | 855 | static void |
819 | get_client_name_result (void *cls, | 856 | oidc_ticket_issue_cb (void* cls, |
820 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | 857 | const struct GNUNET_RECLAIM_Ticket *ticket) |
821 | const char *label, | ||
822 | unsigned int rd_count, | ||
823 | const struct GNUNET_GNSRECORD_Data *rd) | ||
824 | { | 858 | { |
825 | struct RequestHandle *handle = cls; | 859 | struct RequestHandle *handle = cls; |
826 | struct MHD_Response *resp; | 860 | struct MHD_Response *resp; |
@@ -829,6 +863,15 @@ get_client_name_result (void *cls, | |||
829 | char *code_json_string; | 863 | char *code_json_string; |
830 | char *code_base64_final_string; | 864 | char *code_base64_final_string; |
831 | 865 | ||
866 | handle->idp_op = NULL; | ||
867 | handle->ticket = *ticket; | ||
868 | if (NULL == ticket) | ||
869 | { | ||
870 | handle->emsg = GNUNET_strdup("server_error"); | ||
871 | handle->edesc = GNUNET_strdup("Server cannot generate ticket."); | ||
872 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
873 | return; | ||
874 | } | ||
832 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, | 875 | ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket, |
833 | sizeof (struct GNUNET_RECLAIM_Ticket)); | 876 | sizeof (struct GNUNET_RECLAIM_Ticket)); |
834 | //TODO change if more attributes are needed (see max_age) | 877 | //TODO change if more attributes are needed (see max_age) |
@@ -850,106 +893,6 @@ get_client_name_result (void *cls, | |||
850 | GNUNET_free (ticket_str); | 893 | GNUNET_free (ticket_str); |
851 | GNUNET_free (code_json_string); | 894 | GNUNET_free (code_json_string); |
852 | GNUNET_free (code_base64_final_string); | 895 | GNUNET_free (code_base64_final_string); |
853 | return; | ||
854 | |||
855 | } | ||
856 | |||
857 | |||
858 | static void | ||
859 | get_client_name_error (void *cls) | ||
860 | { | ||
861 | struct RequestHandle *handle = cls; | ||
862 | |||
863 | handle->emsg = GNUNET_strdup("server_error"); | ||
864 | handle->edesc = GNUNET_strdup("Server cannot generate ticket, no name found for client."); | ||
865 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
866 | } | ||
867 | |||
868 | |||
869 | static void | ||
870 | lookup_redirect_uri_result (void *cls, | ||
871 | uint32_t rd_count, | ||
872 | const struct GNUNET_GNSRECORD_Data *rd) | ||
873 | { | ||
874 | struct RequestHandle *handle = cls; | ||
875 | char *tmp; | ||
876 | char *tmp_key_str; | ||
877 | char *pos; | ||
878 | struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone; | ||
879 | |||
880 | handle->gns_op = NULL; | ||
881 | if (0 == rd_count) | ||
882 | { | ||
883 | handle->emsg = GNUNET_strdup("server_error"); | ||
884 | handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | ||
885 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
886 | return; | ||
887 | } | ||
888 | for (int i = 0; i < rd_count; i++) | ||
889 | { | ||
890 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) | ||
891 | continue; | ||
892 | if (0 != strcmp (rd[i].data, | ||
893 | handle->oidc->redirect_uri)) | ||
894 | continue; | ||
895 | tmp = GNUNET_strdup (rd[i].data); | ||
896 | pos = strrchr (tmp, | ||
897 | (unsigned char) '.'); | ||
898 | *pos = '\0'; | ||
899 | handle->redirect_prefix = GNUNET_strdup (tmp); | ||
900 | tmp_key_str = pos + 1; | ||
901 | pos = strchr (tmp_key_str, | ||
902 | (unsigned char) '/'); | ||
903 | *pos = '\0'; | ||
904 | handle->redirect_suffix = GNUNET_strdup (pos + 1); | ||
905 | |||
906 | GNUNET_STRINGS_string_to_data (tmp_key_str, | ||
907 | strlen (tmp_key_str), | ||
908 | &redirect_zone, | ||
909 | sizeof (redirect_zone)); | ||
910 | |||
911 | GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle, | ||
912 | &handle->priv_key, | ||
913 | &redirect_zone, | ||
914 | &get_client_name_error, | ||
915 | handle, | ||
916 | &get_client_name_result, | ||
917 | handle); | ||
918 | GNUNET_free (tmp); | ||
919 | return; | ||
920 | } | ||
921 | handle->emsg = GNUNET_strdup("server_error"); | ||
922 | handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | ||
923 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
924 | } | ||
925 | |||
926 | /** | ||
927 | * Issues ticket and redirects to relying party with the authorization code as | ||
928 | * parameter. Otherwise redirects with error | ||
929 | */ | ||
930 | static void | ||
931 | oidc_ticket_issue_cb (void* cls, | ||
932 | const struct GNUNET_RECLAIM_Ticket *ticket) | ||
933 | { | ||
934 | struct RequestHandle *handle = cls; | ||
935 | |||
936 | handle->idp_op = NULL; | ||
937 | handle->ticket = *ticket; | ||
938 | if (NULL == ticket) | ||
939 | { | ||
940 | handle->emsg = GNUNET_strdup("server_error"); | ||
941 | handle->edesc = GNUNET_strdup("Server cannot generate ticket."); | ||
942 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
943 | return; | ||
944 | } | ||
945 | handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle, | ||
946 | "+", | ||
947 | &handle->oidc->client_pkey, | ||
948 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, | ||
949 | GNUNET_GNS_LO_DEFAULT, | ||
950 | &lookup_redirect_uri_result, | ||
951 | handle); | ||
952 | |||
953 | } | 896 | } |
954 | 897 | ||
955 | static void | 898 | static void |
@@ -1025,7 +968,7 @@ oidc_attr_collect (void *cls, | |||
1025 | * Checks time and cookie and redirects accordingly | 968 | * Checks time and cookie and redirects accordingly |
1026 | */ | 969 | */ |
1027 | static void | 970 | static void |
1028 | login_check (void *cls) | 971 | code_redirect (void *cls) |
1029 | { | 972 | { |
1030 | struct RequestHandle *handle = cls; | 973 | struct RequestHandle *handle = cls; |
1031 | struct GNUNET_TIME_Absolute current_time, *relog_time; | 974 | struct GNUNET_TIME_Absolute current_time, *relog_time; |
@@ -1067,27 +1010,126 @@ login_check (void *cls) | |||
1067 | == memcmp (&ego_pkey, &pubkey, | 1010 | == memcmp (&ego_pkey, &pubkey, |
1068 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1011 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) |
1069 | { | 1012 | { |
1070 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key ( | 1013 | handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego); |
1071 | handle->ego_entry->ego); | ||
1072 | handle->idp = GNUNET_RECLAIM_connect (cfg); | 1014 | handle->idp = GNUNET_RECLAIM_connect (cfg); |
1073 | handle->attr_list = GNUNET_new( | 1015 | handle->attr_list = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); |
1074 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList); | 1016 | handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp, |
1075 | handle->attr_it = GNUNET_RECLAIM_get_attributes_start ( | 1017 | &handle->priv_key, |
1076 | handle->idp, &handle->priv_key, &oidc_iteration_error, handle, | 1018 | &oidc_iteration_error, |
1077 | &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle); | 1019 | handle, |
1020 | &oidc_attr_collect, | ||
1021 | handle, | ||
1022 | &oidc_collect_finished_cb, | ||
1023 | handle); | ||
1078 | return; | 1024 | return; |
1079 | } | 1025 | } |
1080 | } | 1026 | } |
1081 | //handle->emsg = GNUNET_strdup("invalid_cookie"); | 1027 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); |
1082 | //handle->edesc = GNUNET_strdup( | ||
1083 | // "The cookie of the login identity is not valid"); | ||
1084 | //GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1085 | GNUNET_SCHEDULER_add_now (&login_redirection,handle); | ||
1086 | return; | 1028 | return; |
1087 | } | 1029 | } |
1088 | } | 1030 | } |
1089 | } | 1031 | } |
1090 | 1032 | ||
1033 | |||
1034 | static void | ||
1035 | build_redirect (void *cls) | ||
1036 | { | ||
1037 | struct RequestHandle *handle = cls; | ||
1038 | struct MHD_Response *resp; | ||
1039 | char* redirect_uri; | ||
1040 | |||
1041 | if (GNUNET_YES == handle->oidc->user_cancelled) | ||
1042 | { | ||
1043 | GNUNET_asprintf (&redirect_uri, "%s.%s/%s?error=%s&error_description=%s&state=%s", | ||
1044 | handle->redirect_prefix, | ||
1045 | handle->tld, | ||
1046 | handle->redirect_suffix, | ||
1047 | "access_denied", | ||
1048 | "User denied access", | ||
1049 | handle->oidc->state); | ||
1050 | resp = GNUNET_REST_create_response (""); | ||
1051 | MHD_add_response_header (resp, "Location", redirect_uri); | ||
1052 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | ||
1053 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | ||
1054 | GNUNET_free (redirect_uri); | ||
1055 | return; | ||
1056 | } | ||
1057 | GNUNET_SCHEDULER_add_now (&code_redirect, handle); | ||
1058 | } | ||
1059 | |||
1060 | |||
1061 | static void | ||
1062 | lookup_redirect_uri_result (void *cls, | ||
1063 | uint32_t rd_count, | ||
1064 | const struct GNUNET_GNSRECORD_Data *rd) | ||
1065 | { | ||
1066 | struct RequestHandle *handle = cls; | ||
1067 | char *tmp; | ||
1068 | char *tmp_key_str; | ||
1069 | char *pos; | ||
1070 | struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone; | ||
1071 | |||
1072 | handle->gns_op = NULL; | ||
1073 | if (0 == rd_count) | ||
1074 | { | ||
1075 | handle->emsg = GNUNET_strdup("server_error"); | ||
1076 | handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | ||
1077 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1078 | return; | ||
1079 | } | ||
1080 | for (int i = 0; i < rd_count; i++) | ||
1081 | { | ||
1082 | if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type) | ||
1083 | continue; | ||
1084 | if (0 != strcmp (rd[i].data, | ||
1085 | handle->oidc->redirect_uri)) | ||
1086 | continue; | ||
1087 | tmp = GNUNET_strdup (rd[i].data); | ||
1088 | pos = strrchr (tmp, | ||
1089 | (unsigned char) '.'); | ||
1090 | *pos = '\0'; | ||
1091 | handle->redirect_prefix = GNUNET_strdup (tmp); | ||
1092 | tmp_key_str = pos + 1; | ||
1093 | pos = strchr (tmp_key_str, | ||
1094 | (unsigned char) '/'); | ||
1095 | *pos = '\0'; | ||
1096 | handle->redirect_suffix = GNUNET_strdup (pos + 1); | ||
1097 | |||
1098 | GNUNET_STRINGS_string_to_data (tmp_key_str, | ||
1099 | strlen (tmp_key_str), | ||
1100 | &redirect_zone, | ||
1101 | sizeof (redirect_zone)); | ||
1102 | GNUNET_SCHEDULER_add_now (&build_redirect, handle); | ||
1103 | GNUNET_free (tmp); | ||
1104 | return; | ||
1105 | } | ||
1106 | handle->emsg = GNUNET_strdup("server_error"); | ||
1107 | handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found."); | ||
1108 | GNUNET_SCHEDULER_add_now (&do_redirect_error, handle); | ||
1109 | } | ||
1110 | |||
1111 | |||
1112 | |||
1113 | /** | ||
1114 | * Initiate redirect back to client. | ||
1115 | */ | ||
1116 | static void | ||
1117 | client_redirect (void *cls) | ||
1118 | { | ||
1119 | struct RequestHandle *handle = cls; | ||
1120 | |||
1121 | /* Lookup client redirect uri to verify request */ | ||
1122 | handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle, | ||
1123 | "+", | ||
1124 | &handle->oidc->client_pkey, | ||
1125 | GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT, | ||
1126 | GNUNET_GNS_LO_DEFAULT, | ||
1127 | &lookup_redirect_uri_result, | ||
1128 | handle); | ||
1129 | |||
1130 | } | ||
1131 | |||
1132 | |||
1091 | /** | 1133 | /** |
1092 | * Iteration over all results finished, build final | 1134 | * Iteration over all results finished, build final |
1093 | * response. | 1135 | * response. |
@@ -1210,13 +1252,11 @@ build_authz_response (void *cls) | |||
1210 | 1252 | ||
1211 | GNUNET_free(expected_scope); | 1253 | GNUNET_free(expected_scope); |
1212 | 1254 | ||
1213 | if( NULL != handle->oidc->login_identity ) | 1255 | if ( (NULL == handle->oidc->login_identity) && |
1214 | { | 1256 | (GNUNET_NO == handle->oidc->user_cancelled)) |
1215 | GNUNET_SCHEDULER_add_now(&login_check,handle); | 1257 | GNUNET_SCHEDULER_add_now (&login_redirect, handle); |
1216 | return; | 1258 | else |
1217 | } | 1259 | GNUNET_SCHEDULER_add_now (&client_redirect, handle); |
1218 | |||
1219 | GNUNET_SCHEDULER_add_now(&login_redirection,handle); | ||
1220 | } | 1260 | } |
1221 | 1261 | ||
1222 | /** | 1262 | /** |
@@ -1264,7 +1304,7 @@ authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1264 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; | 1304 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; |
1265 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 1305 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; |
1266 | 1306 | ||
1267 | cookie_identity_interpretation(handle); | 1307 | cookie_identity_interpretation (handle); |
1268 | 1308 | ||
1269 | //RECOMMENDED value: state - REQUIRED for answers | 1309 | //RECOMMENDED value: state - REQUIRED for answers |
1270 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); | 1310 | GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key); |
@@ -1366,13 +1406,24 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1366 | GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); | 1406 | GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size); |
1367 | root = json_loads (term_data, JSON_DECODE_ANY, &error); | 1407 | root = json_loads (term_data, JSON_DECODE_ANY, &error); |
1368 | identity = json_object_get (root, "identity"); | 1408 | identity = json_object_get (root, "identity"); |
1369 | if ( json_is_string(identity) ) | 1409 | if ( !json_is_string(identity) ) |
1370 | { | 1410 | { |
1371 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); | 1411 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1372 | MHD_add_response_header (resp, "Set-Cookie", cookie); | 1412 | "Error parsing json string from %s\n", |
1373 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); | 1413 | term_data); |
1374 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); | 1414 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); |
1415 | json_decref (root); | ||
1416 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | ||
1417 | return; | ||
1418 | } | ||
1419 | GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity)); | ||
1420 | MHD_add_response_header (resp, "Set-Cookie", cookie); | ||
1421 | MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); | ||
1422 | GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); | ||
1375 | 1423 | ||
1424 | if (0 != strcmp (json_string_value (identity), | ||
1425 | "Denied")) | ||
1426 | { | ||
1376 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); | 1427 | current_time = GNUNET_new(struct GNUNET_TIME_Absolute); |
1377 | *current_time = GNUNET_TIME_relative_to_absolute ( | 1428 | *current_time = GNUNET_TIME_relative_to_absolute ( |
1378 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), | 1429 | GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (), |
@@ -1385,20 +1436,14 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1385 | GNUNET_CONTAINER_multihashmap_put ( | 1436 | GNUNET_CONTAINER_multihashmap_put ( |
1386 | OIDC_identity_login_time, &cache_key, current_time, | 1437 | OIDC_identity_login_time, &cache_key, current_time, |
1387 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); | 1438 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE); |
1388 | |||
1389 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
1390 | GNUNET_free(cookie); | ||
1391 | } | ||
1392 | else | ||
1393 | { | ||
1394 | handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST); | ||
1395 | } | 1439 | } |
1440 | handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); | ||
1441 | GNUNET_free(cookie); | ||
1396 | json_decref (root); | 1442 | json_decref (root); |
1397 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); | 1443 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1398 | return; | ||
1399 | } | 1444 | } |
1400 | 1445 | ||
1401 | static int | 1446 | static int |
1402 | check_authorization (struct RequestHandle *handle, | 1447 | check_authorization (struct RequestHandle *handle, |
1403 | struct GNUNET_CRYPTO_EcdsaPublicKey *cid) | 1448 | struct GNUNET_CRYPTO_EcdsaPublicKey *cid) |
1404 | { | 1449 | { |