diff options
author | Phil <phil.buschmann@tum.de> | 2018-01-12 15:35:47 +0100 |
---|---|---|
committer | Phil <phil.buschmann@tum.de> | 2018-01-12 15:35:47 +0100 |
commit | cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5 (patch) | |
tree | 4c78cb6bb8058d070e8982df5b4a3fa99403606c /src | |
parent | 595319b96647f03737ffd8a552c06fd1f8af4be7 (diff) | |
download | gnunet-cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5.tar.gz gnunet-cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5.zip |
-fix get request without authorization code
Diffstat (limited to 'src')
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 91 |
1 files changed, 65 insertions, 26 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index de54ecf16..515020e1b 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -288,6 +288,11 @@ struct RequestHandle | |||
288 | char *client_pkey_string; | 288 | char *client_pkey_string; |
289 | 289 | ||
290 | /** | 290 | /** |
291 | * OIDC login identity | ||
292 | */ | ||
293 | char *identity_cookie; | ||
294 | |||
295 | /** | ||
291 | * IDENTITY Operation | 296 | * IDENTITY Operation |
292 | */ | 297 | */ |
293 | struct GNUNET_IDENTITY_Operation *op; | 298 | struct GNUNET_IDENTITY_Operation *op; |
@@ -1184,6 +1189,8 @@ namestore_iteration_callback ( | |||
1184 | const struct GNUNET_GNSRECORD_Data *rd) | 1189 | const struct GNUNET_GNSRECORD_Data *rd) |
1185 | { | 1190 | { |
1186 | struct RequestHandle *handle = cls; | 1191 | struct RequestHandle *handle = cls; |
1192 | struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey; | ||
1193 | struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey; | ||
1187 | int i; | 1194 | int i; |
1188 | 1195 | ||
1189 | for (i = 0; i < rd_len; i++) | 1196 | for (i = 0; i < rd_len; i++) |
@@ -1191,9 +1198,32 @@ namestore_iteration_callback ( | |||
1191 | if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type ) | 1198 | if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type ) |
1192 | continue; | 1199 | continue; |
1193 | 1200 | ||
1194 | if ( 0 == memcmp (rd[i].data,&handle->client_pkey, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | 1201 | if( NULL != handle->identity_cookie) |
1202 | { | ||
1203 | GNUNET_CRYPTO_ecdsa_public_key_from_string ( | ||
1204 | handle->identity_cookie, strlen (handle->identity_cookie), | ||
1205 | &login_identity_pkey); | ||
1206 | GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, | ||
1207 | ¤t_zone_pkey); | ||
1208 | |||
1209 | if ( 0 | ||
1210 | == memcmp (rd[i].data, &handle->client_pkey, | ||
1211 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | ||
1212 | { | ||
1213 | if( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
1214 | { | ||
1215 | handle->client_exists = GNUNET_YES; | ||
1216 | } | ||
1217 | } | ||
1218 | } | ||
1219 | else | ||
1195 | { | 1220 | { |
1196 | handle->client_exists = GNUNET_YES; | 1221 | if ( 0 |
1222 | == memcmp (rd[i].data, &handle->client_pkey, | ||
1223 | sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) ) | ||
1224 | { | ||
1225 | handle->client_exists = GNUNET_YES; | ||
1226 | } | ||
1197 | } | 1227 | } |
1198 | } | 1228 | } |
1199 | 1229 | ||
@@ -1216,8 +1246,8 @@ namestore_iteration_finished (void *cls) | |||
1216 | char *scope; | 1246 | char *scope; |
1217 | char *redirect_uri; | 1247 | char *redirect_uri; |
1218 | char *expected_redirect_uri; | 1248 | char *expected_redirect_uri; |
1219 | char *state; | 1249 | char *state = NULL; |
1220 | char *nonce; | 1250 | char *nonce = NULL; |
1221 | struct GNUNET_TIME_Absolute current_time, *relog_time; | 1251 | struct GNUNET_TIME_Absolute current_time, *relog_time; |
1222 | char *login_base_url, *new_redirect; | 1252 | char *login_base_url, *new_redirect; |
1223 | struct GNUNET_HashCode cache_key; | 1253 | struct GNUNET_HashCode cache_key; |
@@ -1352,29 +1382,10 @@ namestore_iteration_finished (void *cls) | |||
1352 | return; | 1382 | return; |
1353 | } | 1383 | } |
1354 | 1384 | ||
1355 | 1385 | if( NULL != handle->identity_cookie ) | |
1356 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | ||
1357 | &cache_key); | ||
1358 | //No identity-cookie -> redirect to login | ||
1359 | if ( GNUNET_YES | ||
1360 | == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | ||
1361 | &cache_key) ) | ||
1362 | { | 1386 | { |
1363 | //split cookies and find 'Identity' cookie | ||
1364 | char* cookies = GNUNET_CONTAINER_multihashmap_get ( | ||
1365 | handle->rest_handle->header_param_map, &cache_key); | ||
1366 | char delimiter[] = "; "; | ||
1367 | char *identity_cookie; | 1387 | char *identity_cookie; |
1368 | identity_cookie = strtok(cookies, delimiter); | 1388 | GNUNET_asprintf(&identity_cookie,"Identity=%s",handle->identity_cookie); |
1369 | |||
1370 | while ( NULL != identity_cookie ) | ||
1371 | { | ||
1372 | if ( NULL != strstr (identity_cookie, OIDC_COOKIE_HEADER_INFORMATION_KEY) ) | ||
1373 | { | ||
1374 | break; | ||
1375 | } | ||
1376 | identity_cookie = strtok (NULL, delimiter); | ||
1377 | } | ||
1378 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); | 1389 | GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key); |
1379 | 1390 | ||
1380 | //No login time for identity -> redirect to login | 1391 | //No login time for identity -> redirect to login |
@@ -1418,7 +1429,7 @@ namestore_iteration_finished (void *cls) | |||
1418 | 1429 | ||
1419 | MHD_add_response_header (resp, "Location", redirect_uri); | 1430 | MHD_add_response_header (resp, "Location", redirect_uri); |
1420 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); | 1431 | handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); |
1421 | cleanup_handle (handle); | 1432 | GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle); |
1422 | GNUNET_free(relog_time); | 1433 | GNUNET_free(relog_time); |
1423 | return; | 1434 | return; |
1424 | } | 1435 | } |
@@ -1494,6 +1505,34 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle, | |||
1494 | struct RequestHandle *handle = cls; | 1505 | struct RequestHandle *handle = cls; |
1495 | struct GNUNET_HashCode cache_key; | 1506 | struct GNUNET_HashCode cache_key; |
1496 | char *client_id; | 1507 | char *client_id; |
1508 | char *identity_cookie; | ||
1509 | |||
1510 | // identity cookie | ||
1511 | GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY), | ||
1512 | &cache_key); | ||
1513 | if ( GNUNET_YES | ||
1514 | == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map, | ||
1515 | &cache_key) ) | ||
1516 | { | ||
1517 | //split cookies and find 'Identity' cookie | ||
1518 | char* cookies = GNUNET_CONTAINER_multihashmap_get ( | ||
1519 | handle->rest_handle->header_param_map, &cache_key); | ||
1520 | char delimiter[] = "; "; | ||
1521 | identity_cookie = strtok(cookies, delimiter); | ||
1522 | |||
1523 | while ( NULL != identity_cookie ) | ||
1524 | { | ||
1525 | if ( NULL != strstr (identity_cookie, OIDC_COOKIE_HEADER_INFORMATION_KEY) ) | ||
1526 | { | ||
1527 | break; | ||
1528 | } | ||
1529 | identity_cookie = strtok (NULL, delimiter); | ||
1530 | } | ||
1531 | identity_cookie = strtok(cookies, OIDC_COOKIE_HEADER_INFORMATION_KEY); | ||
1532 | handle->identity_cookie = GNUNET_strdup(identity_cookie); | ||
1533 | GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Cookie: %s\n", handle->identity_cookie); | ||
1534 | } | ||
1535 | |||
1497 | 1536 | ||
1498 | handle->response_code = 0; | 1537 | handle->response_code = 0; |
1499 | 1538 | ||