[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] 05/45: -commit broken
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] 05/45: -commit broken |
|
Date: |
Sun, 25 Feb 2018 16:25:09 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit c68eae71c8474e27725acec4e6b2194e20626042
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Thu Dec 7 11:13:32 2017 +0100
-commit broken
---
.../plugin_rest_identity_provider.c | 316 +++++++++++----------
1 file changed, 166 insertions(+), 150 deletions(-)
diff --git a/src/identity-provider/plugin_rest_identity_provider.c
b/src/identity-provider/plugin_rest_identity_provider.c
index d5e453a0e..1bef87ace 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -1027,156 +1027,172 @@ options_cont (struct GNUNET_REST_RequestHandle
*con_handle,
*/
static void
authorize_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
+ const char* url,
+ void *cls)
{
- //TODO clean up method
-
-
-// The Authorization Server MUST validate all the OAuth 2.0 parameters
according to the OAuth 2.0 specification.
-// The Authorization Server MUST verify that all the REQUIRED parameters
are present and their usage conforms to this specification.
-// If the sub (subject) Claim is requested with a specific value for the ID
Token, the Authorization Server MUST only send a positive response if the
End-User identified by that sub value has an active session with the
Authorization Server or has been Authenticated as a result of the request. The
Authorization Server MUST NOT reply with an ID Token or Access Token for a
different user, even if they have an active session with the Authorization
Server. Such a request can be made either [...]
-
-
-
- struct MHD_Response *resp;
- struct RequestHandle *handle = cls;
-
- /*
- * response_type 0
- * client_id 1
- * scope 2
- * redirect_uri 3
- * state 4
- * nonce 5
- * display 6
- * prompt 7
- * max_age 8
- * ui_locales 9
- * response_mode 10
- * id_token_hint 11
- * login_hint 12
- * acr_values 13
- */
- char* array[] = { "response_type", "client_id", "scope", "redirect_uri",
- "state", "nonce", "display", "prompt", "max_age",
"ui_locales",
- "response_mode", "id_token_hint","login_hint",
"acr_values" };
- int array_size=14;
- int bool_array[array_size];
-
- struct GNUNET_HashCode cache_key;
-
- //iterates over each parameter and store used values in array array[]
- int iterator;
- for( iterator = 0; iterator<array_size; iterator++){
- GNUNET_CRYPTO_hash (array[iterator], strlen (array[iterator]),
&cache_key);
- char*
cache=GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
&cache_key);
- bool_array[iterator]=0;
- if(cache!=0){
- size_t size=strlen(cache)+1;
- array[iterator]=(char*)malloc(size*sizeof(char));
- strncpy(array[iterator],cache,size);
- bool_array[iterator]=1;
- }
- }
-
- //MUST validate all the OAuth 2.0 parameters & that all the REQUIRED
parameters are present and their usage conforms to this specification
-
- //required values: response_type, client_id, scope, redirect_uri
- if(!bool_array[0] || !bool_array[1] || !bool_array[2] ||
!bool_array[3]){
- handle->emsg=GNUNET_strdup("invalid_request");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- //response_type = code
- if(strcmp(array[0],"code")!=0){
- handle->emsg=GNUNET_strdup("invalid_response_type");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- //scope contains openid
- if(strstr(array[2],"openid")==NULL){
- handle->emsg=GNUNET_strdup("invalid_scope");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- //TODO check other values and use them accordingly
-
-
- char* redirect_url_to_login;
-
-// if(){
-//
-// }else{
-//
-// }
- if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
- "identity-rest-plugin",
- "address",
- &redirect_url_to_login)){
-
- char* build_array[] = { "response_type", "client_id", "scope",
"redirect_uri",
- "state", "nonce", "display", "prompt",
"max_age", "ui_locales",
- "response_mode",
"id_token_hint","login_hint", "acr_values" };
-
- size_t redirect_parameter_size= strlen("?");
- for(iterator=0;iterator<array_size;iterator++){
- if(bool_array[iterator]){
- redirect_parameter_size +=
strlen(array[iterator]);
- redirect_parameter_size +=
strlen(build_array[iterator]);
- if(iterator==array_size-1)
- {
- redirect_parameter_size += strlen("=");
- }else{
- redirect_parameter_size += strlen("=&");
- }
- }
- }
-
- char redirect_parameter[redirect_parameter_size+1];
- redirect_parameter_size = 0;
- redirect_parameter[redirect_parameter_size]='?';
- for(iterator=0;iterator<array_size;iterator++){
- if(bool_array[iterator]){
- //If not last parameter
- if(iterator!=array_size-1)
- {
- char
cache[strlen(array[iterator])+strlen(build_array[iterator])+2+1];
- snprintf(cache,sizeof(cache),"%s=%s&",
build_array[iterator], array[iterator]);
- strncat(redirect_parameter, cache,
strlen(array[iterator])+strlen(build_array[iterator])+2 );
- }else{
- char
cache[strlen(array[iterator])+strlen(build_array[iterator])+1+1];
- snprintf(cache,sizeof(cache),"%s=%s",
build_array[iterator], array[iterator]);
- strncat(redirect_parameter, cache,
strlen(array[iterator])+strlen(build_array[iterator])+1 );
- }
- }
- }
- char
redirect_component[strlen(redirect_url_to_login)+strlen(redirect_parameter)+1];
- snprintf(redirect_component, sizeof(redirect_component),
"%s%s", redirect_url_to_login, redirect_parameter);
- resp = GNUNET_REST_create_response ("");
- MHD_add_response_header (resp, "Location", redirect_component);
- }else{
- handle->emsg=GNUNET_strdup("No server on localhost:8000");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
-// resp = GNUNET_REST_create_response ("");
-// MHD_add_response_header (resp, "Location", array[3]);
- }
-
- handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
- cleanup_handle (handle);
- for(iterator=0; iterator<array_size; iterator++){
- if(bool_array[iterator]){
- free(array[iterator]);
- }
- }
- return;
+ //TODO clean up method
+
+
+ // The Authorization Server MUST validate all the OAuth 2.0 parameters
according to the OAuth 2.0 specification.
+ // The Authorization Server MUST verify that all the REQUIRED parameters
are present and their usage conforms to this specification.
+ // If the sub (subject) Claim is requested with a specific value for the
ID Token, the Authorization Server MUST only send a positive response if the
End-User identified by that sub value has an active session with the
Authorization Server or has been Authenticated as a result of the request. The
Authorization Server MUST NOT reply with an ID Token or Access Token for a
different user, even if they have an active session with the Authorization
Server. Such a request can be made eith [...]
+
+
+
+ struct MHD_Response *resp;
+ struct RequestHandle *handle = cls;
+
+ /*
+ * response_type 0
+ * client_id 1
+ * scope 2
+ * redirect_uri 3
+ * state 4
+ * nonce 5
+ * display 6
+ * prompt 7
+ * max_age 8
+ * ui_locales 9
+ * response_mode 10
+ * id_token_hint 11
+ * login_hint 12
+ * acr_values 13
+ */
+ char* array[] = { "response_type", "client_id", "scope", "redirect_uri",
+ "state", "nonce", "display", "prompt", "max_age", "ui_locales",
+ "response_mode", "id_token_hint","login_hint", "acr_values" };
+ int array_size=14;
+ int bool_array[array_size];
+
+ struct GNUNET_HashCode cache_key;
+
+ //iterates over each parameter and store used values in array array[]
+ int iterator;
+ for( iterator = 0; iterator<array_size; iterator++){
+ GNUNET_CRYPTO_hash (array[iterator], strlen (array[iterator]), &cache_key);
+ char*
cache=GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
&cache_key);
+ bool_array[iterator]=0;
+ if(cache!=0){
+ size_t size=strlen(cache)+1;
+ array[iterator]=(char*)malloc(size*sizeof(char));
+ strncpy(array[iterator],cache,size);
+ bool_array[iterator]=1;
+ }
+ }
+
+ /* MUST validate all the OAuth 2.0 parameters & that all the
+ * REQUIRED parameters are present and their usage conforms to this
specification
+ */
+ GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (array[iterator]),
&cache_key);
+ if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains
(handle->rest_handle->url_param_map,
+ &key))
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ response_type =
GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &key);
+
+ //required values: response_type, client_id, scope, redirect_uri
+ if(!bool_array[0] || !bool_array[1] || !bool_array[2] || !bool_array[3]){
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ //response_type = code
+ if(strcmp(array[0],"code")!=0){
+ handle->emsg=GNUNET_strdup("invalid_response_type");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ //scope contains openid
+ if(strstr(array[2],"openid")==NULL){
+ handle->emsg=GNUNET_strdup("invalid_scope");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ //TODO check other values and use them accordingly
+
+
+ char* redirect_url_to_login;
+
+ // if(){
+ //
+ // }else{
+ //
+ // }
+ if (GNUNET_OK == GNUNET_CONFIGURATION_get_value_string (cfg,
+
"identity-rest-plugin",
+ "address",
+
&redirect_url_to_login)){
+
+ char* build_array[] = { "response_type", "client_id", "scope",
"redirect_uri",
+ "state", "nonce", "display", "prompt", "max_age", "ui_locales",
+ "response_mode", "id_token_hint","login_hint", "acr_values" };
+ GNUNET_asprintf (new_redirect, "%s=%s&...",
+ OIDC_REDIRECT_URI_KEY, redirect_uri,
+ OIDC_CLIENT_ID_KEY, client_id,
+ ...);
+ size_t redirect_parameter_size= strlen("?");
+ for(iterator=0;iterator<array_size;iterator++){
+ if(bool_array[iterator]){
+ redirect_parameter_size += strlen(array[iterator]);
+ redirect_parameter_size += strlen(build_array[iterator]);
+ if(iterator==array_size-1)
+ {
+ redirect_parameter_size += strlen("=");
+ }else{
+ redirect_parameter_size += strlen("=&");
+ }
+ }
+ }
+
+ char redirect_parameter[redirect_parameter_size+1];
+ redirect_parameter_size = 0;
+ redirect_parameter[redirect_parameter_size]='?';
+ for(iterator=0;iterator<array_size;iterator++){
+ if(bool_array[iterator]){
+ //If not last parameter
+ if(iterator!=array_size-1)
+ {
+ char
cache[strlen(array[iterator])+strlen(build_array[iterator])+2+1];
+ snprintf(cache,sizeof(cache),"%s=%s&", build_array[iterator],
array[iterator]);
+ strncat(redirect_parameter, cache,
strlen(array[iterator])+strlen(build_array[iterator])+2 );
+ }else{
+ char
cache[strlen(array[iterator])+strlen(build_array[iterator])+1+1];
+ snprintf(cache,sizeof(cache),"%s=%s", build_array[iterator],
array[iterator]);
+ strncat(redirect_parameter, cache,
strlen(array[iterator])+strlen(build_array[iterator])+1 );
+ }
+ }
+ }
+ char
redirect_component[strlen(redirect_url_to_login)+strlen(redirect_parameter)+1];
+ snprintf(redirect_component, sizeof(redirect_component), "%s%s",
redirect_url_to_login, redirect_parameter);
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", redirect_component);
+ }else{
+ handle->emsg=GNUNET_strdup("No server on localhost:8000");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ // resp = GNUNET_REST_create_response ("");
+ // MHD_add_response_header (resp, "Location", array[3]);
+ }
+
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ cleanup_handle (handle);
+ for(iterator=0; iterator<array_size; iterator++){
+ if(bool_array[iterator]){
+ free(array[iterator]);
+ }
+ }
+ return;
}
/**
@@ -1192,8 +1208,8 @@ init_cont (struct RequestHandle *handle)
{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES,
&list_attribute_cont},
{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES,
&add_attribute_cont},
{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS,
&list_tickets_cont},
- {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_cont},
{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE,
&revoke_ticket_cont},
{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME,
&consume_ticket_cont},
{MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER,
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] branch master updated (d4ad64d79 -> 82e4a63b4), gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 04/45: Merge branch 'identity_abe' into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 01/45: -start oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 06/45: Merge branch 'identity_oidc' of git-int.aisec.fraunhofer.de:sas/gnunet-mirror into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 05/45: -commit broken,
gnunet <=
- [GNUnet-SVN] [gnunet] 07/45: Merge branch 'identity_abe' into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 03/45: Merge branch 'identity_abe' into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 02/45: Merge remote-tracking branch 'origin/identity_abe' into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 10/45: -merge, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 17/45: -fix, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 13/45: -merge, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 09/45: Merge branch 'identity_oidc' of git-int.aisec.fraunhofer.de:sas/gnunet-mirror into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 12/45: -fixed nonce=(null), gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 16/45: -merge branch 'identity_oidc' of git-int.aisec.fraunhofer.de:sas/gnunet-mirror into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 14/45: -add header map to rest handle, gnunet, 2018/02/25