summaryrefslogtreecommitdiffstats
path: root/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'sca-cpp/trunk/modules/oauth/mod-oauth1.cpp')
-rw-r--r--sca-cpp/trunk/modules/oauth/mod-oauth1.cpp87
1 files changed, 43 insertions, 44 deletions
diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
index 1276ea4855..29fe756178 100644
--- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
+++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp
@@ -89,7 +89,7 @@ public:
* Return the user info for a session.
*/
const failable<value> userInfo(const value& sid, const memcache::MemCached& mc) {
- return memcache::get(mklist<value>("tuscanyOpenAuth", sid), mc);
+ return memcache::get(mklist<value>("tuscanyOAuth1", sid), mc);
}
/**
@@ -174,25 +174,28 @@ const list<string> sign(const string& verb, const string& uri, const list<value>
*/
const failable<int> authorize(const list<list<value> >& args, request_rec* r, const list<list<value> >& appkeys, const memcache::MemCached& mc) {
// Extract authorize, access_token, client ID and info URIs
- const list<value> req = assoc<value>("mod_oauth1_request_token", args);
+ const list<value> ref = assoc<value>("openauth_referrer", args);
+ if (isNil(ref) || isNil(cdr(ref)))
+ return mkfailure<int>("Missing openauth_referrer parameter");
+ const list<value> req = assoc<value>("oauth1_request_token", args);
if (isNil(req) || isNil(cdr(req)))
- return mkfailure<int>("Missing mod_oauth1_request_token parameter");
- const list<value> auth = assoc<value>("mod_oauth1_authorize", args);
+ return mkfailure<int>("Missing oauth1_request_token parameter");
+ const list<value> auth = assoc<value>("oauth1_authorize", args);
if (isNil(auth) || isNil(cdr(auth)))
- return mkfailure<int>("Missing mod_oauth1_authorize parameter");
- const list<value> tok = assoc<value>("mod_oauth1_access_token", args);
+ return mkfailure<int>("Missing oauth1_authorize parameter");
+ const list<value> tok = assoc<value>("oauth1_access_token", args);
if (isNil(tok) || isNil(cdr(tok)))
- return mkfailure<int>("Missing mod_oauth1_access_token parameter");
- const list<value> cid = assoc<value>("mod_oauth1_client_id", args);
+ return mkfailure<int>("Missing oauth1_access_token parameter");
+ const list<value> cid = assoc<value>("oauth1_client_id", args);
if (isNil(cid) || isNil(cdr(cid)))
- return mkfailure<int>("Missing mod_oauth1_client_id parameter");
- const list<value> info = assoc<value>("mod_oauth1_info", args);
+ return mkfailure<int>("Missing oauth1_client_id parameter");
+ const list<value> info = assoc<value>("oauth1_info", args);
if (isNil(info) || isNil(cdr(info)))
- return mkfailure<int>("Missing mod_oauth1_info parameter");
+ return mkfailure<int>("Missing oauth1_info parameter");
// Build the redirect URI
- const list<list<value> > redirargs = mklist<list<value> >(mklist<value>("mod_oauth1_step", "access_token"), tok, cid, info);
- const string redir = httpd::url(r->uri, r) + string("?") + http::queryString(redirargs);
+ const list<list<value> > redirargs = mklist<list<value> >(tok, cid, info, ref);
+ const string redir = httpd::url("/oauth1/access_token/", r) + string("?") + http::queryString(redirargs);
debug(redir, "modoauth1::authorize::redir");
// Lookup client app configuration
@@ -296,15 +299,18 @@ const failable<list<value> > profileUserInfo(const value& cid, const string& inf
*/
const failable<int> accessToken(const list<list<value> >& args, request_rec* r, const list<list<value> >& appkeys, const memcache::MemCached& mc) {
// Extract access_token URI, client ID and verification code
- const list<value> tok = assoc<value>("mod_oauth1_access_token", args);
+ const list<value> ref = assoc<value>("openauth_referrer", args);
+ if (isNil(ref) || isNil(cdr(ref)))
+ return mkfailure<int>("Missing openauth_referrer parameter");
+ const list<value> tok = assoc<value>("oauth1_access_token", args);
if (isNil(tok) || isNil(cdr(tok)))
- return mkfailure<int>("Missing mod_oauth1_access_token parameter");
- const list<value> cid = assoc<value>("mod_oauth1_client_id", args);
+ return mkfailure<int>("Missing oauth1_access_token parameter");
+ const list<value> cid = assoc<value>("oauth1_client_id", args);
if (isNil(cid) || isNil(cdr(cid)))
- return mkfailure<int>("Missing mod_oauth1_client_id parameter");
- const list<value> info = assoc<value>("mod_oauth1_info", args);
+ return mkfailure<int>("Missing oauth1_client_id parameter");
+ const list<value> info = assoc<value>("oauth1_info", args);
if (isNil(info) || isNil(cdr(info)))
- return mkfailure<int>("Missing mod_oauth1_info parameter");
+ return mkfailure<int>("Missing oauth1_info parameter");
const list<value> tv = assoc<value>("oauth_token", args);
if (isNil(tv) || isNil(cdr(tv)))
return mkfailure<int>("Missing oauth_token parameter");
@@ -372,14 +378,14 @@ const failable<int> accessToken(const list<list<value> >& args, request_rec* r,
// Store user info in memcached keyed by session ID
const value sid = string("OAuth1_") + mkrand();
- const failable<bool> prc = memcache::put(mklist<value>("tuscanyOpenAuth", sid), content(iv), mc);
+ const failable<bool> prc = memcache::put(mklist<value>("tuscanyOAuth1", sid), content(iv), mc);
if (!hasContent(prc))
return mkfailure<int>(reason(prc));
// Send session ID to the client in a cookie
- debug(c_str(openauth::cookie(sid, httpd::hostName(r))), "modoauth1::access_token::setcookie");
- apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie(sid, httpd::hostName(r))));
- return httpd::externalRedirect(httpd::url(r->uri, r), r);
+ debug(c_str(openauth::cookie("TuscanyOAuth1", sid, httpd::hostName(r))), "modoauth1::access_token::setcookie");
+ apr_table_set(r->err_headers_out, "Set-Cookie", c_str(openauth::cookie("TuscanyOAuth1", sid, httpd::hostName(r))));
+ return httpd::externalRedirect(httpd::url(httpd::unescape(cadr(ref)), r), r);
}
/**
@@ -391,6 +397,7 @@ static int checkAuthn(request_rec *r) {
if (!dc.enabled)
return DECLINED;
const char* atype = ap_auth_type(r);
+ debug(atype, "modopenauth::checkAuthn::auth_type");
if (atype == NULL || strcasecmp(atype, "Open"))
return DECLINED;
@@ -398,11 +405,11 @@ static int checkAuthn(request_rec *r) {
gc_scoped_pool pool(r->pool);
// Get the server configuration
- httpdDebugRequest(r, "modoauth1::checkAuthn::input");
+ debug_httpdRequest(r, "modoauth1::checkAuthn::input");
const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_oauth1);
// Get session id from the request
- const maybe<string> sid = openauth::sessionID(r);
+ const maybe<string> sid = openauth::sessionID(r, "TuscanyOAuth1");
if (hasContent(sid)) {
// Decline if the session id was not created by this module
if (substr(content(sid), 0, 7) != "OAuth1_")
@@ -416,33 +423,25 @@ static int checkAuthn(request_rec *r) {
}
}
- // Get the request args
- const list<list<value> > args = httpd::queryArgs(r);
-
- // Decline if the request is for another authentication provider
- if (!isNil(assoc<value>("openid_identifier", args)))
- return DECLINED;
- if (!isNil(assoc<value>("mod_oauth2_step", args)))
- return DECLINED;
-
- // Determine the OAuth protocol flow step, conveniently passed
- // around in a request arg
- const list<value> sl = assoc<value>("mod_oauth1_step", args);
- const value step = !isNil(sl) && !isNil(cdr(sl))? cadr(sl) : "";
-
// Handle OAuth authorize request step
- if (step == "authorize") {
+ if (string(r->uri) == "/oauth1/authorize/") {
r->ap_auth_type = const_cast<char*>(atype);
- return httpd::reportStatus(authorize(args, r, sc.appkeys, sc.mc));
+ return httpd::reportStatus(authorize(httpd::queryArgs(r), r, sc.appkeys, sc.mc));
}
// Handle OAuth access_token request step
- if (step == "access_token") {
+ if (string(r->uri) == "/oauth1/access_token/") {
r->ap_auth_type = const_cast<char*>(atype);
- return httpd::reportStatus(accessToken(args, r, sc.appkeys, sc.mc));
+ return httpd::reportStatus(accessToken(httpd::queryArgs(r), r, sc.appkeys, sc.mc));
}
- // Redirect to the login page
+ // Redirect to the login page, unless we have a session id from another module
+ if (hasContent(openauth::sessionID(r, "TuscanyOpenIDAuth")) ||
+ hasContent(openauth::sessionID(r, "TuscanyOpenAuth")) ||
+ hasContent(openauth::sessionID(r, "TuscanyOAuth2")))
+ return DECLINED;
+ if ((substr(string(r->uri), 0, 8) == "/oauth2/") || !isNil(assoc<value>("openid_identifier", httpd::queryArgs(r))))
+ return DECLINED;
r->ap_auth_type = const_cast<char*>(atype);
return httpd::reportStatus(openauth::login(dc.login, r));
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-14 21:49:04 +0000