[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] 36/45: -wip token request
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnunet] 36/45: -wip token request |
Date: |
Sun, 25 Feb 2018 16:25:40 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit 963b0f5a783004823a14f65c697cd83dbfb60463
Author: Phil <address@hidden>
AuthorDate: Mon Jan 22 17:35:58 2018 +0100
-wip token request
---
.../plugin_rest_identity_provider.c | 121 ++++++++++++++-------
src/identity-provider/test_idp.conf | 3 +-
2 files changed, 85 insertions(+), 39 deletions(-)
diff --git a/src/identity-provider/plugin_rest_identity_provider.c
b/src/identity-provider/plugin_rest_identity_provider.c
index ca42cc50c..230191a3f 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -1516,7 +1516,6 @@ login_check (void *cls)
GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
return;
}
- //GNUNET_free(relog_time);
}
}
@@ -1672,7 +1671,7 @@ static void namestore_iteration_finished_GET (void *cls)
{
handle->oidc->nonce =
GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
&cache_key);
- //TODO: what do we do with the nonce?
+ //TODO: what do we do with the nonce? => token
handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce);
}
@@ -1794,7 +1793,6 @@ authorize_GET_cont (struct GNUNET_REST_RequestHandle
*con_handle,
if ( NULL == handle->ego_head )
{
- //TODO throw error or ignore if egos are missing?
handle->emsg = GNUNET_strdup("server_error");
handle->edesc = GNUNET_strdup ("Egos are missing");
handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -2099,11 +2097,15 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
//TODO static strings
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
- char *authorization, *cache_authorization, *jwt;
+ char *authorization, *cache_authorization, *credentials;
char delimiter[]=" ";
+ char delimiter_user_psw[]=":";
json_t *cache_object;
json_error_t error;
char *grant_type, *code, *expected_jwt, *redirect_uri,
*expected_redirect_uri;
+ char *user_psw, *user, *psw;
+ char *expected_psw;
+ int client_exists = GNUNET_NO;
handle->oidc->post_object = json_loads (handle->rest_handle->data, 0,
&error);
//Check Authorization Header
@@ -2115,13 +2117,69 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
//error
}
authorization = GNUNET_CONTAINER_multihashmap_get (
handle->rest_handle->header_param_map, &cache_key);
- //split JWT in "Base" and [content]
+ //split JWT in "Basic" and [content]
cache_authorization = GNUNET_strdup (authorization);
- jwt = strtok(cache_authorization,delimiter);
- if( NULL != jwt)
+ credentials = strtok(cache_authorization,delimiter);
+ if( NULL != credentials)
+ {
+ credentials = strtok(credentials, delimiter);
+ GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test:%s\n", credentials);
+ }
+ if (NULL == credentials)
+ {
+ //error
+ }
+ GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw);
+
+ if ( NULL == user_psw )
+ {
+ //error
+ }
+ user = strtok (user_psw, delimiter_user_psw);
+ if ( NULL == user )
+ {
+ //error
+ }
+
+ psw = strtok (user, delimiter_user_psw);
+ if (NULL == psw)
{
- jwt = strtok(jwt, delimiter);
- GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Test:%s\n", jwt);
+ //error
+ }
+
+ //check psw
+ if ( GNUNET_OK
+ == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
+ "psw", &expected_psw) )
+ {
+ if (0 != strcmp (expected_psw, psw))
+ {
+ //error
+ }
+ GNUNET_free(expected_psw);
+ }
+ else
+ {
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup ("gnunet configuration failed");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ //check client_id
+ for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; )
+ {
+ if (handle->ego_entry->keystring == user)
+ {
+ client_exists = GNUNET_YES;
+ break;
+ }
+ handle->ego_entry = handle->ego_entry->next;
+ }
+ if (GNUNET_NO == client_exists)
+ {
+ //error
}
cache_object = json_object_get (handle->oidc->post_object, "grant_type");
@@ -2151,17 +2209,6 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
code = json_string_value (cache_object);
// lookup code in grants_hashmap and check if [content] is same
- GNUNET_CRYPTO_hash(code, strlen(code), &cache_key);
- if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains
(OIDC_identity_grants, &cache_key) )
- {
- //error
- }
- expected_jwt = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_grants,
&cache_key);
-
- if (0 != strcmp(expected_jwt,jwt))
- {
- //error
- }
cache_object = json_object_get (handle->oidc->post_object, "redirect_uri");
if ( NULL == cache_object || !json_is_string(cache_object) )
@@ -2174,26 +2221,23 @@ token_cont(struct GNUNET_REST_RequestHandle *con_handle,
redirect_uri = json_string_value (cache_object);
// check redirect_uri
- // jwt breakdown to iss or sub
-
-// GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", iss);
-// // verify the redirect uri matches https://<client_id>.zkey[/xyz]
-// if( 0 != strncmp( expected_redirect_uri, redirect_uri,
strlen(expected_redirect_uri)) )
-// {
-// handle->emsg=GNUNET_strdup("invalid_request");
-// handle->edesc=GNUNET_strdup("Invalid redirect_uri");
-// GNUNET_SCHEDULER_add_now (&do_error, handle);
-// GNUNET_free(expected_redirect_uri);
-// return;
-// }
-// handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri);
-// GNUNET_free(expected_redirect_uri);
-
+ GNUNET_asprintf (&expected_redirect_uri, "https://%s.zkey", user);
+ // verify the redirect uri matches https://<client_id>.zkey[/xyz]
+ if( 0 != strncmp( expected_redirect_uri, redirect_uri,
strlen(expected_redirect_uri)) )
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->edesc=GNUNET_strdup("Invalid redirect_uri");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_free(expected_redirect_uri);
+ return;
+ }
+ handle->oidc->redirect_uri = GNUNET_strdup(handle->oidc->redirect_uri);
+ GNUNET_free(expected_redirect_uri);
- //do we need the client_id?
+ //return something
GNUNET_free(cache_authorization);
- decref(handle->oidc->post_object);
+ json_decref(handle->oidc->post_object);
}
/**
@@ -2210,7 +2254,7 @@ init_cont (struct RequestHandle *handle)
{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES,
&add_attribute_cont},
{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS,
&list_tickets_cont},
{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_GET_cont},
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_POST_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_GET_cont},
{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont},
{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_cont},
{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE,
&revoke_ticket_cont},
@@ -2393,6 +2437,7 @@ libgnunet_plugin_rest_identity_provider_done (void *cls)
GNUNET_free(value);
}
GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants);
+ GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it);
GNUNET_free_non_null (allow_methods);
GNUNET_free (api);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
diff --git a/src/identity-provider/test_idp.conf
b/src/identity-provider/test_idp.conf
index 95111df3e..b4bb448df 100644
--- a/src/identity-provider/test_idp.conf
+++ b/src/identity-provider/test_idp.conf
@@ -28,4 +28,5 @@ ZONE_PUBLISH_TIME_WINDOW = 1 h
DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0
[identity-rest-plugin]
-address = http://localhost:8000/#/identities
\ No newline at end of file
+address = http://localhost:8000/#/identities
+psw = mysupersecretpassword
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] 15/45: -commit header parse work in progress, (continued)
- [GNUnet-SVN] [gnunet] 15/45: -commit header parse work in progress, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 35/45: -merge branch 'master' into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 19/45: -add login and login timeout, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 28/45: -wip client_id check, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 37/45: Merge branch 'master' into identity_oidc, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 45/45: -fix, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 23/45: -fix login time, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 30/45: -fix get request without authorization code, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 26/45: -wip post request testing required and namestore handle fix required, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 42/45: -wip token endpoint fix, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 36/45: -wip token request,
gnunet <=
- [GNUnet-SVN] [gnunet] 43/45: -wip token endpoint refactor, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 34/45: -wip token request, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 25/45: -wip post authentication, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 29/45: -wip attribute collection, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 41/45: -changes for using token endpoint & added token endpoint, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 32/45: -fix GET request, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 40/45: -wip token endpoint, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 44/45: -wip UserInfo Endpoint, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 33/45: -fix get and post authorization request, gnunet, 2018/02/25
- [GNUnet-SVN] [gnunet] 31/45: -fix GET login finished, gnunet, 2018/02/25