From 18b3a48e842d1e13b5a8505f8fd18069836d8fa5 Mon Sep 17 00:00:00 2001 From: jsdelfino Date: Mon, 26 Aug 2013 03:04:28 +0000 Subject: Fix handling of login session expiration and incorrect caching of login redirect responses. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1517413 13f79535-47bb-0310-9956-ffa450edef68 --- sca-cpp/trunk/modules/oauth/mod-oauth1.cpp | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'sca-cpp/trunk/modules/oauth/mod-oauth1.cpp') diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp index b1786d1098..e34c0c2359 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth1.cpp @@ -139,7 +139,7 @@ const failable userInfo(const value& sid, const memcache::MemCached& mc) /** * Handle an authenticated request. */ -const failable authenticated(const list& userinfo, const bool check, request_rec* const r, const list& scopeattrs, const list& apcs) { +const failable authenticated(const list& userinfo, request_rec* const r, const list& scopeattrs, const list& apcs) { debug(userinfo, "modoauth2::authenticated::userinfo"); if (isNull(scopeattrs)) { @@ -156,8 +156,15 @@ const failable authenticated(const list& userinfo, const bool check, r->user = apr_pstrdup(r->pool, c_str(cadr(id))); // Run the authnz hooks to check the authenticated user - if (check) - return checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs); + const failable arc = checkAuthnz(r->user == NULL? emptyString : r->user, r, apcs); + if (!hasContent(arc)) + return arc; + + // Update the request user field with the authorized user id returned by the authnz hooks + const char* auser = apr_table_get(r->subprocess_env, "AUTHZ_USER"); + if (auser != NULL) + r->user = apr_pstrdup(r->pool, auser); + return OK; } @@ -172,7 +179,7 @@ const failable authenticated(const list& userinfo, const bool check, else apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, c_str(car(a))), apr_pstrdup(r->pool, c_str(cadr(v)))); } - return authenticated(userinfo, check, r, cdr(scopeattrs), apcs); + return authenticated(userinfo, r, cdr(scopeattrs), apcs); } /** @@ -293,8 +300,7 @@ const failable authorize(const list& args, request_rec* const r, con /** * Extract user info from a profile/info response. - * TODO This currently only works for Twitter, Foursquare and LinkedIn. - * User profile parsing needs to be made configurable. + * TODO Make this configurable */ const failable > profileUserInfo(const value& cid, const string& info) { const string b = substr(info, 0, 1); @@ -424,7 +430,7 @@ const failable accessToken(const list& args, request_rec* r, const l return mkfailure(userinfo); // Validate the authenticated user - const failable authrc = authenticated(content(userinfo), true, r, scopeattrs, apcs); + const failable authrc = authenticated(content(userinfo), r, scopeattrs, apcs); if (!hasContent(authrc)) return authrc; @@ -471,7 +477,7 @@ static int checkAuthn(request_rec *r) { if (!hasContent(userinfo)) return openauth::reportStatus(mkfailure(reason(userinfo), HTTP_UNAUTHORIZED), dc.login, nilValue, r); r->ap_auth_type = const_cast(atype); - return openauth::reportStatus(authenticated(content(userinfo), false, r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r); + return openauth::reportStatus(authenticated(content(userinfo), r, dc.scopeattrs, dc.apcs), dc.login, nilValue, r); } // Get the request args -- cgit v1.2.3