if ( NULL == scope_variable )
{
GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
+ GNUNET_free(scope_variables);
return;
}
GNUNET_free(scope_variables);
// verify the redirect uri matches https://<client_id>.zkey[/xyz]
if( 0 != strncmp( expected_redirect_uri, handle->oidc->redirect_uri, strlen(expected_redirect_uri)) )
{
+ handle->oidc->redirect_uri = NULL;
handle->emsg=GNUNET_strdup("invalid_request");
handle->edesc=GNUNET_strdup("Invalid redirect_uri");
GNUNET_SCHEDULER_add_now (&do_error, handle);
// Checks if scope contains 'openid'
expected_scope = GNUNET_strdup(handle->oidc->scope);
- expected_scope = strtok (expected_scope, delimiter);
- while (NULL != expected_scope)
+ char* test;
+ test = strtok (expected_scope, delimiter);
+ while (NULL != test)
{
if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) )
{
break;
}
- expected_scope = strtok (NULL, delimiter);
+ test = strtok (NULL, delimiter);
}
- if (NULL == expected_scope)
+ if (NULL == test)
{
handle->emsg = GNUNET_strdup("invalid_scope");
handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or "
"malformed.");
GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ GNUNET_free(expected_scope);
return;
}
if ( json_is_string(identity) )
{
GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
-
+ MHD_add_response_header (resp, "Set-Cookie", cookie);
+ MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_free(cookie);
}
else
{
handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
}
- GNUNET_free(cookie);
json_decref (root);
GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
return;
{
//TODO static strings
+ //TODO WWW-Authenticate 401
struct RequestHandle *handle = cls;
struct GNUNET_HashCode cache_key;
char *authorization, *credentials;
}
authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
- //TODO authorization pointer will be moved as well
//split header in "Basic" and [content]
credentials = strtok (authorization, delimiter);
if (0 != strcmp ("Basic",credentials))
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
+
//check client password
if ( GNUNET_OK
== GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
{
if (0 != strcmp (expected_psw, psw))
{
+ GNUNET_free_non_null(user_psw);
+ GNUNET_free(expected_psw);
handle->emsg=GNUNET_strdup("invalid_client");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_error, handle);
}
else
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("server_error");
handle->edesc = GNUNET_strdup ("gnunet configuration failed");
handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
+
//check client_id
for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; )
{
}
if (GNUNET_NO == client_exists)
{
+ GNUNET_free_non_null(user_psw);
handle->emsg=GNUNET_strdup("invalid_client");
handle->response_code = MHD_HTTP_UNAUTHORIZED;
GNUNET_SCHEDULER_add_now (&do_error, handle);
== GNUNET_CONTAINER_multihashmap_contains (
handle->rest_handle->url_param_map, &cache_key) )
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
handle->edesc = GNUNET_strdup("missing parameter grant_type");
handle->response_code = MHD_HTTP_BAD_REQUEST;
== GNUNET_CONTAINER_multihashmap_contains (
handle->rest_handle->url_param_map, &cache_key) )
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
handle->edesc = GNUNET_strdup("missing parameter code");
handle->response_code = MHD_HTTP_BAD_REQUEST;
== GNUNET_CONTAINER_multihashmap_contains (
handle->rest_handle->url_param_map, &cache_key) )
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
handle->edesc = GNUNET_strdup("missing parameter redirect_uri");
handle->response_code = MHD_HTTP_BAD_REQUEST;
//Check parameter grant_type == "authorization_code"
if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type))
{
+ GNUNET_free_non_null(user_psw);
handle->emsg=GNUNET_strdup("unsupported_grant_type");
handle->response_code = MHD_HTTP_BAD_REQUEST;
GNUNET_SCHEDULER_add_now (&do_error, handle);
// verify the redirect uri matches https://<client_id>.zkey[/xyz]
if( 0 != strncmp( expected_redirect_uri, redirect_uri, strlen(expected_redirect_uri)) )
{
+ GNUNET_free_non_null(user_psw);
handle->emsg=GNUNET_strdup("invalid_request");
handle->edesc=GNUNET_strdup("Invalid redirect_uri");
handle->response_code = MHD_HTTP_BAD_REQUEST;
return;
}
GNUNET_free(expected_redirect_uri);
- GNUNET_CRYPTO_hash(code, strlen(code), &cache_key);
- if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(OIDC_ticket_once,&cache_key))
+ GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
+ int i = 1;
+ if ( GNUNET_SYSERR
+ == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
+ &cache_key,
+ &i,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
handle->edesc = GNUNET_strdup("Cannot use the same code more than once");
handle->response_code = MHD_HTTP_BAD_REQUEST;
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- int i=1;
- GNUNET_CONTAINER_multihashmap_put(OIDC_ticket_once,&cache_key,&i,GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
//decode code
GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output);
if(ticket_string == NULL && !json_is_string(ticket_string))
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
handle->edesc = GNUNET_strdup("invalid code");
handle->response_code = MHD_HTTP_BAD_REQUEST;
ticket,
sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
handle->edesc = GNUNET_strdup("invalid code");
handle->response_code = MHD_HTTP_BAD_REQUEST;
GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key);
if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
handle->edesc = GNUNET_strdup("invalid code");
handle->response_code = MHD_HTTP_BAD_REQUEST;
!= GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin",
"expiration_time", &expiration_time) )
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("server_error");
handle->edesc = GNUNET_strdup ("gnunet configuration failed");
handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
client_id,
strlen(client_id));
//exp REQUIRED time expired from config
- //TODO time as seconds
struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
expiration_time));
exp_time_string,
strlen(exp_time_string));
//iat REQUIRED time now
- //TODO time as seconds
struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
}
if ( NULL == ego_entry )
{
+ GNUNET_free_non_null(user_psw);
handle->emsg = GNUNET_strdup("invalid_request");
handle->edesc = GNUNET_strdup("invalid code....");
handle->response_code = MHD_HTTP_BAD_REQUEST;
authorization = GNUNET_CONTAINER_multihashmap_get (
handle->rest_handle->header_param_map, &cache_key);
- //TODO authorization pointer will be moved as well
//split header in "Bearer" and access_token
authorization_type = strtok (authorization, delimiter);
if ( 0 != strcmp ("Bearer", authorization_type) )
projects / oweals / gnunet.git / commitdiff