-fix get request without authorization code

author: Phil <phil.buschmann@tum.de> 2018-01-12 15:35:47 +0100
committer: Phil <phil.buschmann@tum.de> 2018-01-12 15:35:47 +0100
commit: cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5 (patch)
tree: 4c78cb6bb8058d070e8982df5b4a3fa99403606c /src
parent: 595319b96647f03737ffd8a552c06fd1f8af4be7 (diff)
download: gnunet-cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5.tar.gz
gnunet-cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5.zip
1 files changed, 65 insertions, 26 deletions
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index de54ecf16..515020e1b 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -288,6 +288,11 @@ struct RequestHandle
  char *client_pkey_string;
  /**
+   * OIDC login identity
+   */
+  char *identity_cookie;
+  /**
   * IDENTITY Operation
   */
  struct GNUNET_IDENTITY_Operation *op;
@@ -1184,6 +1189,8 @@ namestore_iteration_callback (
    const struct GNUNET_GNSRECORD_Data *rd)
 {
  struct RequestHandle *handle = cls;
+  struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey;
+  struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey;
  int i;
  for (i = 0; i < rd_len; i++)
@@ -1191,9 +1198,32 @@ namestore_iteration_callback (
    if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type )
      continue;
-    if ( 0 == memcmp (rd[i].data,&handle->client_pkey, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+    if( NULL != handle->identity_cookie)
+    {
+      GNUNET_CRYPTO_ecdsa_public_key_from_string (
+          handle->identity_cookie, strlen (handle->identity_cookie),
+          &login_identity_pkey);
+      GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego,
+                                          &current_zone_pkey);
+      if ( 0
+          == memcmp (rd[i].data, &handle->client_pkey,
+                     sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+      {
+        if( 0 == memcmp (&login_identity_pkey, &current_zone_pkey, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+        {
+          handle->client_exists = GNUNET_YES;
+        }
+      }
+    }
+    else
    {
-      handle->client_exists = GNUNET_YES;
+      if ( 0
+          == memcmp (rd[i].data, &handle->client_pkey,
+                     sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+      {
+        handle->client_exists = GNUNET_YES;
+      }
    }
  }
@@ -1216,8 +1246,8 @@ namestore_iteration_finished (void *cls)
  char *scope;
  char *redirect_uri;
  char *expected_redirect_uri;
-  char *state;
+  char *state = NULL;
-  char *nonce;
+  char *nonce = NULL;
  struct GNUNET_TIME_Absolute current_time, *relog_time;
  char *login_base_url, *new_redirect;
  struct GNUNET_HashCode cache_key;
@@ -1352,29 +1382,10 @@ namestore_iteration_finished (void *cls)
    return;
  }
+  if( NULL != handle->identity_cookie )
-  GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
-                      &cache_key);
-  //No identity-cookie -> redirect to login
-  if ( GNUNET_YES
-      == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
-                                                 &cache_key) )
  {
-    //split cookies and find 'Identity' cookie
-    char* cookies = GNUNET_CONTAINER_multihashmap_get (
-        handle->rest_handle->header_param_map, &cache_key);
-    char delimiter[] = "; ";
    char *identity_cookie;
-    identity_cookie = strtok(cookies, delimiter);
+    GNUNET_asprintf(&identity_cookie,"Identity=%s",handle->identity_cookie);
-    while ( NULL != identity_cookie )
-    {
-      if ( NULL != strstr (identity_cookie, OIDC_COOKIE_HEADER_INFORMATION_KEY) )
-      {
-        break;
-      }
-      identity_cookie = strtok (NULL, delimiter);
-    }
    GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
    //No login time for identity -> redirect to login
@@ -1418,7 +1429,7 @@ namestore_iteration_finished (void *cls)
        MHD_add_response_header (resp, "Location", redirect_uri);
        handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
-        cleanup_handle (handle);
+        GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
        GNUNET_free(relog_time);
        return;
      }
@@ -1494,6 +1505,34 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
  struct RequestHandle *handle = cls;
  struct GNUNET_HashCode cache_key;
  char *client_id;
+  char *identity_cookie;
+  // identity cookie
+  GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
+                      &cache_key);
+  if ( GNUNET_YES
+      == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
+                                                 &cache_key) )
+  {
+    //split cookies and find 'Identity' cookie
+    char* cookies = GNUNET_CONTAINER_multihashmap_get (
+        handle->rest_handle->header_param_map, &cache_key);
+    char delimiter[] = "; ";
+    identity_cookie = strtok(cookies, delimiter);
+    while ( NULL != identity_cookie )
+    {
+      if ( NULL != strstr (identity_cookie, OIDC_COOKIE_HEADER_INFORMATION_KEY) )
+      {
+        break;
+      }
+      identity_cookie = strtok (NULL, delimiter);
+    }
+    identity_cookie = strtok(cookies, OIDC_COOKIE_HEADER_INFORMATION_KEY);
+    handle->identity_cookie = GNUNET_strdup(identity_cookie);
+    GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Cookie: %s\n", handle->identity_cookie);
+  }
  handle->response_code = 0;
author	Phil <phil.buschmann@tum.de>	2018-01-12 15:35:47 +0100
committer	Phil <phil.buschmann@tum.de>	2018-01-12 15:35:47 +0100
commit	cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5 (patch)
tree	4c78cb6bb8058d070e8982df5b4a3fa99403606c /src
parent	595319b96647f03737ffd8a552c06fd1f8af4be7 (diff)
download	gnunet-cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5.tar.gz gnunet-cbe68f524b22246b1cf66a10c2ad6e28ccd7cdd5.zip

diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index de54ecf16..515020e1b 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -288,6 +288,11 @@ struct RequestHandle
288	char *client_pkey_string;	288	char *client_pkey_string;
289		289
290	/**	290	/**
		291	* OIDC login identity
		292	*/
		293	char *identity_cookie;
		294
		295	/**
291	* IDENTITY Operation	296	* IDENTITY Operation
292	*/	297	*/
293	struct GNUNET_IDENTITY_Operation *op;	298	struct GNUNET_IDENTITY_Operation *op;
@@ -1184,6 +1189,8 @@ namestore_iteration_callback (
1184	const struct GNUNET_GNSRECORD_Data *rd)	1189	const struct GNUNET_GNSRECORD_Data *rd)
1185	{	1190	{
1186	struct RequestHandle *handle = cls;	1191	struct RequestHandle *handle = cls;
		1192	struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey;
		1193	struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey;
1187	int i;	1194	int i;
1188		1195
1189	for (i = 0; i < rd_len; i++)	1196	for (i = 0; i < rd_len; i++)
@@ -1191,9 +1198,32 @@ namestore_iteration_callback (
1191	if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type )	1198	if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type )
1192	continue;	1199	continue;
1193		1200
1194	if ( 0 == memcmp (rd[i].data,&handle->client_pkey, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )	1201	if( NULL != handle->identity_cookie)
		1202	{
		1203	GNUNET_CRYPTO_ecdsa_public_key_from_string (
		1204	handle->identity_cookie, strlen (handle->identity_cookie),
		1205	&login_identity_pkey);
		1206	GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego,
		1207	&current_zone_pkey);
		1208
		1209	if ( 0
		1210	== memcmp (rd[i].data, &handle->client_pkey,
		1211	sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
		1212	{
		1213	if( 0 == memcmp (&login_identity_pkey, &current_zone_pkey, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
		1214	{
		1215	handle->client_exists = GNUNET_YES;
		1216	}
		1217	}
		1218	}
		1219	else
1195	{	1220	{
1196	handle->client_exists = GNUNET_YES;	1221	if ( 0
		1222	== memcmp (rd[i].data, &handle->client_pkey,
		1223	sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
		1224	{
		1225	handle->client_exists = GNUNET_YES;
		1226	}
1197	}	1227	}
1198	}	1228	}
1199		1229
@@ -1216,8 +1246,8 @@ namestore_iteration_finished (void *cls)
1216	char *scope;	1246	char *scope;
1217	char *redirect_uri;	1247	char *redirect_uri;
1218	char *expected_redirect_uri;	1248	char *expected_redirect_uri;
1219	char *state;	1249	char *state = NULL;
1220	char *nonce;	1250	char *nonce = NULL;
1221	struct GNUNET_TIME_Absolute current_time, *relog_time;	1251	struct GNUNET_TIME_Absolute current_time, *relog_time;
1222	char login_base_url, new_redirect;	1252	char login_base_url, new_redirect;
1223	struct GNUNET_HashCode cache_key;	1253	struct GNUNET_HashCode cache_key;
@@ -1352,29 +1382,10 @@ namestore_iteration_finished (void *cls)
1352	return;	1382	return;
1353	}	1383	}
1354		1384
1355		1385	if( NULL != handle->identity_cookie )
1356	GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
1357	&cache_key);
1358	//No identity-cookie -> redirect to login
1359	if ( GNUNET_YES
1360	== GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
1361	&cache_key) )
1362	{	1386	{
1363	//split cookies and find 'Identity' cookie
1364	char* cookies = GNUNET_CONTAINER_multihashmap_get (
1365	handle->rest_handle->header_param_map, &cache_key);
1366	char delimiter[] = "; ";
1367	char *identity_cookie;	1387	char *identity_cookie;
1368	identity_cookie = strtok(cookies, delimiter);	1388	GNUNET_asprintf(&identity_cookie,"Identity=%s",handle->identity_cookie);
1369
1370	while ( NULL != identity_cookie )
1371	{
1372	if ( NULL != strstr (identity_cookie, OIDC_COOKIE_HEADER_INFORMATION_KEY) )
1373	{
1374	break;
1375	}
1376	identity_cookie = strtok (NULL, delimiter);
1377	}
1378	GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);	1389	GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
1379		1390
1380	//No login time for identity -> redirect to login	1391	//No login time for identity -> redirect to login
@@ -1418,7 +1429,7 @@ namestore_iteration_finished (void *cls)
1418		1429
1419	MHD_add_response_header (resp, "Location", redirect_uri);	1430	MHD_add_response_header (resp, "Location", redirect_uri);
1420	handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);	1431	handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1421	cleanup_handle (handle);	1432	GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
1422	GNUNET_free(relog_time);	1433	GNUNET_free(relog_time);
1423	return;	1434	return;
1424	}	1435	}
@@ -1494,6 +1505,34 @@ authorize_get_cont (struct GNUNET_REST_RequestHandle *con_handle,
1494	struct RequestHandle *handle = cls;	1505	struct RequestHandle *handle = cls;
1495	struct GNUNET_HashCode cache_key;	1506	struct GNUNET_HashCode cache_key;
1496	char *client_id;	1507	char *client_id;
		1508	char *identity_cookie;
		1509
		1510	// identity cookie
		1511	GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
		1512	&cache_key);
		1513	if ( GNUNET_YES
		1514	== GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
		1515	&cache_key) )
		1516	{
		1517	//split cookies and find 'Identity' cookie
		1518	char* cookies = GNUNET_CONTAINER_multihashmap_get (
		1519	handle->rest_handle->header_param_map, &cache_key);
		1520	char delimiter[] = "; ";
		1521	identity_cookie = strtok(cookies, delimiter);
		1522
		1523	while ( NULL != identity_cookie )
		1524	{
		1525	if ( NULL != strstr (identity_cookie, OIDC_COOKIE_HEADER_INFORMATION_KEY) )
		1526	{
		1527	break;
		1528	}
		1529	identity_cookie = strtok (NULL, delimiter);
		1530	}
		1531	identity_cookie = strtok(cookies, OIDC_COOKIE_HEADER_INFORMATION_KEY);
		1532	handle->identity_cookie = GNUNET_strdup(identity_cookie);
		1533	GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Cookie: %s\n", handle->identity_cookie);
		1534	}
		1535
1497		1536
1498	handle->response_code = 0;	1537	handle->response_code = 0;
1499		1538