aboutsummaryrefslogtreecommitdiff
path: root/src/reclaim/plugin_rest_openid_connect.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/reclaim/plugin_rest_openid_connect.c')
-rw-r--r--src/reclaim/plugin_rest_openid_connect.c50
1 files changed, 38 insertions, 12 deletions
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c
index 0ee61755b..c6259d745 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -686,7 +686,10 @@ do_userinfo_error (void *cls)
686 handle->emsg, 686 handle->emsg,
687 (NULL != handle->edesc) ? handle->edesc : ""); 687 (NULL != handle->edesc) ? handle->edesc : "");
688 resp = GNUNET_REST_create_response (""); 688 resp = GNUNET_REST_create_response ("");
689 MHD_add_response_header (resp, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "Bearer"); 689 GNUNET_assert (MHD_NO !=
690 MHD_add_response_header (resp,
691 MHD_HTTP_HEADER_WWW_AUTHENTICATE,
692 "Bearer"));
690 handle->proc (handle->proc_cls, resp, handle->response_code); 693 handle->proc (handle->proc_cls, resp, handle->response_code);
691 cleanup_handle (handle); 694 cleanup_handle (handle);
692 GNUNET_free (error); 695 GNUNET_free (error);
@@ -713,7 +716,8 @@ do_redirect_error (void *cls)
713 (NULL != handle->oidc->state) ? "&state=" : "", 716 (NULL != handle->oidc->state) ? "&state=" : "",
714 (NULL != handle->oidc->state) ? handle->oidc->state : ""); 717 (NULL != handle->oidc->state) ? handle->oidc->state : "");
715 resp = GNUNET_REST_create_response (""); 718 resp = GNUNET_REST_create_response ("");
716 MHD_add_response_header (resp, "Location", redirect); 719 GNUNET_assert (MHD_NO != MHD_add_response_header (resp,
720 "Location", redirect));
717 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); 721 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
718 cleanup_handle (handle); 722 cleanup_handle (handle);
719 GNUNET_free (redirect); 723 GNUNET_free (redirect);
@@ -1022,7 +1026,8 @@ oidc_ticket_issue_cb (void *cls,
1022 handle->oidc->state); 1026 handle->oidc->state);
1023 } 1027 }
1024 resp = GNUNET_REST_create_response (""); 1028 resp = GNUNET_REST_create_response ("");
1025 MHD_add_response_header (resp, "Location", redirect_uri); 1029 GNUNET_assert (MHD_NO != MHD_add_response_header (resp,
1030 "Location", redirect_uri));
1026 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); 1031 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1027 cleanup_handle (handle); 1032 cleanup_handle (handle);
1028 GNUNET_free (redirect_uri); 1033 GNUNET_free (redirect_uri);
@@ -1381,7 +1386,8 @@ build_redirect (void *cls)
1381 handle->oidc->state); 1386 handle->oidc->state);
1382 } 1387 }
1383 resp = GNUNET_REST_create_response (""); 1388 resp = GNUNET_REST_create_response ("");
1384 MHD_add_response_header (resp, "Location", redirect_uri); 1389 GNUNET_assert (MHD_NO != MHD_add_response_header (resp,
1390 "Location", redirect_uri));
1385 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND); 1391 handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
1386 cleanup_handle (handle); 1392 cleanup_handle (handle);
1387 GNUNET_free (redirect_uri); 1393 GNUNET_free (redirect_uri);
@@ -1764,8 +1770,12 @@ login_cont (struct GNUNET_REST_RequestHandle *con_handle,
1764 "%s;Max-Age=%d", 1770 "%s;Max-Age=%d",
1765 cookie, 1771 cookie,
1766 OIDC_COOKIE_EXPIRATION); 1772 OIDC_COOKIE_EXPIRATION);
1767 MHD_add_response_header (resp, "Set-Cookie", header_val); 1773 GNUNET_assert (MHD_NO != MHD_add_response_header (resp,
1768 MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST"); 1774 "Set-Cookie", header_val));
1775 GNUNET_assert (MHD_NO !=
1776 MHD_add_response_header (resp,
1777 "Access-Control-Allow-Methods",
1778 "POST"));
1769 GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key); 1779 GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
1770 1780
1771 if (0 != strcmp (json_string_value (identity), "Denied")) 1781 if (0 != strcmp (json_string_value (identity), "Denied"))
@@ -1880,7 +1890,8 @@ parse_credentials_post_body (struct RequestHandle *handle,
1880 } 1890 }
1881 pass = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map, 1891 pass = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
1882 &cache_key); 1892 &cache_key);
1883 if (NULL == pass) { 1893 if (NULL == pass)
1894 {
1884 GNUNET_free (*client_id); 1895 GNUNET_free (*client_id);
1885 *client_id = NULL; 1896 *client_id = NULL;
1886 return GNUNET_SYSERR; 1897 return GNUNET_SYSERR;
@@ -2134,6 +2145,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2134 GNUNET_free (code); 2145 GNUNET_free (code);
2135 if (NULL != nonce) 2146 if (NULL != nonce)
2136 GNUNET_free (nonce); 2147 GNUNET_free (nonce);
2148 GNUNET_RECLAIM_attribute_list_destroy (cl);
2149 GNUNET_RECLAIM_presentation_list_destroy (pl);
2137 GNUNET_SCHEDULER_add_now (&do_error, handle); 2150 GNUNET_SCHEDULER_add_now (&do_error, handle);
2138 return; 2151 return;
2139 } 2152 }
@@ -2149,6 +2162,8 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2149 handle->edesc = GNUNET_strdup ("No signing secret configured!"); 2162 handle->edesc = GNUNET_strdup ("No signing secret configured!");
2150 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR; 2163 handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
2151 GNUNET_free (code); 2164 GNUNET_free (code);
2165 GNUNET_RECLAIM_attribute_list_destroy (cl);
2166 GNUNET_RECLAIM_presentation_list_destroy (pl);
2152 if (NULL != nonce) 2167 if (NULL != nonce)
2153 GNUNET_free (nonce); 2168 GNUNET_free (nonce);
2154 GNUNET_SCHEDULER_add_now (&do_error, handle); 2169 GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -2191,9 +2206,14 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
2191 &json_response); 2206 &json_response);
2192 2207
2193 resp = GNUNET_REST_create_response (json_response); 2208 resp = GNUNET_REST_create_response (json_response);
2194 MHD_add_response_header (resp, "Cache-Control", "no-store"); 2209 GNUNET_assert (MHD_NO != MHD_add_response_header (resp,
2195 MHD_add_response_header (resp, "Pragma", "no-cache"); 2210 "Cache-Control",
2196 MHD_add_response_header (resp, "Content-Type", "application/json"); 2211 "no-store"));
2212 GNUNET_assert (MHD_NO != MHD_add_response_header (resp,
2213 "Pragma", "no-cache"));
2214 GNUNET_assert (MHD_NO != MHD_add_response_header (resp,
2215 "Content-Type",
2216 "application/json"));
2197 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 2217 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2198 GNUNET_RECLAIM_attribute_list_destroy (cl); 2218 GNUNET_RECLAIM_attribute_list_destroy (cl);
2199 GNUNET_RECLAIM_presentation_list_destroy (pl); 2219 GNUNET_RECLAIM_presentation_list_destroy (pl);
@@ -2665,8 +2685,14 @@ oidc_config_cors (struct GNUNET_REST_RequestHandle *con_handle,
2665 2685
2666 // For now, independent of path return all options 2686 // For now, independent of path return all options
2667 resp = GNUNET_REST_create_response (NULL); 2687 resp = GNUNET_REST_create_response (NULL);
2668 MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); 2688 GNUNET_assert (MHD_NO !=
2669 MHD_add_response_header (resp, "Access-Control-Allow-Origin", "*"); 2689 MHD_add_response_header (resp,
2690 "Access-Control-Allow-Methods",
2691 allow_methods));
2692 GNUNET_assert (MHD_NO !=
2693 MHD_add_response_header (resp,
2694 "Access-Control-Allow-Origin",
2695 "*"));
2670 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); 2696 handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
2671 cleanup_handle (handle); 2697 cleanup_handle (handle);
2672 return; 2698 return;