From fdc2b81893d01dd50de436c4238cc5d8c657a74a Mon Sep 17 00:00:00 2001 From: jsdelfino Date: Wed, 8 Sep 2010 07:27:06 +0000 Subject: Add some error checking to the OAuth support. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@993641 13f79535-47bb-0310-9956-ffa450edef68 --- sca-cpp/trunk/modules/oauth/mod-oauth.cpp | 47 ++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 7 deletions(-) diff --git a/sca-cpp/trunk/modules/oauth/mod-oauth.cpp b/sca-cpp/trunk/modules/oauth/mod-oauth.cpp index 9a93e6fb20..e7158c14b0 100644 --- a/sca-cpp/trunk/modules/oauth/mod-oauth.cpp +++ b/sca-cpp/trunk/modules/oauth/mod-oauth.cpp @@ -128,20 +128,27 @@ const failable authenticated(const list >& info, request_rec* r debug(info, "modoauth::authenticated::info"); const list id = assoc("id", info); + if (isNil(id) || isNil(cdr(id))) + return mkfailure("Couldn't retrieve user id"); r->user = apr_pstrdup(r->pool, c_str(cadr(id))); const list email = assoc("email", info); - apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "EMAIL"), apr_pstrdup(r->pool, c_str(cadr(email)))); + if (!isNil(email) && !isNil(cdr(email))) + apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "EMAIL"), apr_pstrdup(r->pool, c_str(cadr(email)))); const list fullname = assoc("name", info); - apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, c_str(cadr(fullname)))); - apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FULLNAME"), apr_pstrdup(r->pool, c_str(cadr(fullname)))); + if (!isNil(fullname) && !isNil(cdr(fullname))) { + apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "NICKNAME"), apr_pstrdup(r->pool, c_str(cadr(fullname)))); + apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FULLNAME"), apr_pstrdup(r->pool, c_str(cadr(fullname)))); + } const list firstname = assoc("first_name", info); - apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FIRSTNAME"), apr_pstrdup(r->pool, c_str(cadr(firstname)))); + if (!isNil(firstname) && !isNil(cdr(firstname))) + apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "FIRSTNAME"), apr_pstrdup(r->pool, c_str(cadr(firstname)))); const list lastname = assoc("last_name", info); - apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname)))); + if (!isNil(lastname) && !isNil(cdr(lastname))) + apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "LASTNAME"), apr_pstrdup(r->pool, c_str(cadr(lastname)))); if(r->ap_auth_type == NULL) r->ap_auth_type = const_cast("OAuth"); @@ -162,11 +169,19 @@ const failable login(const string& page, request_rec* r) { * Handle an authorize request. */ const failable authorize(const list >& args, request_rec* r) { - // Extract authorize URI, access_token URI and client ID + // Extract authorize, access_token, client ID and info URIs const list auth = assoc("mod_oauth_authorize", args); + if (isNil(auth) || isNil(cdr(auth))) + return mkfailure("Missing mod_oauth_authorize parameter"); const list tok = assoc("mod_oauth_access_token", args); + if (isNil(tok) || isNil(cdr(tok))) + return mkfailure("Missing mod_oauth_access_token parameter"); const list cid = assoc("mod_oauth_client_id", args); + if (isNil(cid) || isNil(cdr(cid))) + return mkfailure("Missing mod_oauth_client_id parameter"); const list info = assoc("mod_oauth_info", args); + if (isNil(info) || isNil(cdr(info))) + return mkfailure("Missing mod_oauth_info parameter"); // Build the redirect URI const list > rargs = mklist >(mklist("mod_oauth_step", "access_token"), tok, cid, info); @@ -198,12 +213,22 @@ const string cookie(const string& sid) { const failable access_token(const list >& args, request_rec* r, const ServerConf& sc) { // Extract access_token URI, client ID and authorization code const list tok = assoc("mod_oauth_access_token", args); + if (isNil(tok) || isNil(cdr(tok))) + return mkfailure("Missing mod_oauth_access_token parameter"); const list cid = assoc("mod_oauth_client_id", args); + if (isNil(cid) || isNil(cdr(cid))) + return mkfailure("Missing mod_oauth_client_id parameter"); const list info = assoc("mod_oauth_info", args); + if (isNil(info) || isNil(cdr(info))) + return mkfailure("Missing mod_oauth_info parameter"); const list code = assoc("code", args); + if (isNil(code) || isNil(cdr(code))) + return mkfailure("Missing code parameter"); // Lookup client app configuration const list app = assoc(cadr(cid), sc.apps); + if (isNil(app) || isNil(cdr(app))) + return mkfailure(string("client id not found: ") + cadr(cid)); // Build the redirect URI const list > rargs = mklist >(mklist("mod_oauth_step", "access_token"), tok, cid, info); @@ -215,8 +240,12 @@ const failable access_token(const list >& args, request_rec* r, const string turi = httpd::unescape(cadr(tok)) + string("?") + httpd::queryString(targs); debug(turi, "modoauth::access_token::tokenuri"); const failable tr = http::get(turi, sc.cs); + if (!hasContent(tr)) + return mkfailure(reason(tr)); debug(tr, "modoauth::access_token::response"); const list tv = assoc("access_token", httpd::queryArgs(join("", convertValues(content(tr))))); + if (isNil(app) || isNil(cdr(app))) + return mkfailure("Couldn't retrieve access_token"); debug(tv, "modoauth::access_token::token"); // Request user info @@ -225,11 +254,15 @@ const failable access_token(const list >& args, request_rec* r, const string iuri = httpd::unescape(cadr(info)) + string("?") + httpd::queryString(iargs); debug(iuri, "modoauth::access_token::infouri"); const failable iv = http::get(iuri, sc.cs); + if (isNil(app) || isNil(cdr(app))) + return mkfailure("Couldn't retrieve user info"); debug(iv, "modoauth::access_token::info"); // Store user info in memcached keyed by session ID const value sid = string("OAuth_") + mkrand(); - memcache::put(mklist("tuscanyOpenAuth", sid), content(iv), sc.mc); + const failable prc = memcache::put(mklist("tuscanyOpenAuth", sid), content(iv), sc.mc); + if (!hasContent(prc)) + return mkfailure(reason(prc)); // Send session ID to the client in a cookie apr_table_set(r->err_headers_out, "Set-Cookie", c_str(cookie(sid))); -- cgit v1.2.3