Mastoapi: added badlogin support.

author: default 2024-12-20 08:33:02 +0100
committer: default 2024-12-20 08:33:02 +0100
commit: 664f9cbeefa5af10d37b3f9f7a987e484d0ab885 (patch)
tree: 06d9a0bc86b7f8c57af125197d5565dbcc7348e0 /mastoapi.c
parent: Updated documentation. (diff)
download: penes-snac2-664f9cbeefa5af10d37b3f9f7a987e484d0ab885.tar.gz
penes-snac2-664f9cbeefa5af10d37b3f9f7a987e484d0ab885.tar.xz
penes-snac2-664f9cbeefa5af10d37b3f9f7a987e484d0ab885.zip
1 files changed, 62 insertions, 48 deletions
diff --git a/mastoapi.c b/mastoapi.c
index 2c8c04d..ea550d6 100644
--- a/mastoapi.c
+++ b/mastoapi.c
@@ -293,47 +293,54 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
            snac snac;
            if (user_open(&snac, login)) {
-                /* check the login + password */
+                const char *addr = xs_or(xs_dict_get(req, "remote-addr"),
-                if (check_password(login, passwd, xs_dict_get(snac.config, "passwd"))) {
+                                         xs_dict_get(req, "x-forwarded-for"));
-                    /* success! redirect to the desired uri */
-                    xs *code = random_str();
-                    xs_free(*body);
+                if (badlogin_check(login, addr)) {
+                    /* check the login + password */
+                    if (check_password(login, passwd, xs_dict_get(snac.config, "passwd"))) {
+                        /* success! redirect to the desired uri */
+                        xs *code = random_str();
-                    if (strcmp(redir, "urn:ietf:wg:oauth:2.0:oob") == 0) {
+                        xs_free(*body);
-                        *body = xs_dup(code);
-                    }
-                    else {
-                        if (xs_str_in(redir, "?") != -1)
-                            *body = xs_fmt("%s&code=%s", redir, code);
-                        else
-                            *body = xs_fmt("%s?code=%s", redir, code);
-                        status = HTTP_STATUS_SEE_OTHER;
+                        if (strcmp(redir, "urn:ietf:wg:oauth:2.0:oob") == 0) {
-                    }
+                            *body = xs_dup(code);
+                        }
+                        else {
+                            if (xs_str_in(redir, "?") != -1)
+                                *body = xs_fmt("%s&code=%s", redir, code);
+                            else
+                                *body = xs_fmt("%s?code=%s", redir, code);
-                    /* if there is a state, add it */
+                            status = HTTP_STATUS_SEE_OTHER;
-                    if (!xs_is_null(state) && *state) {
+                        }
-                        *body = xs_str_cat(*body, "&state=");
-                        *body = xs_str_cat(*body, state);
-                    }
-                    srv_log(xs_fmt("oauth x-snac-login: '%s' success, redirect to %s",
+                        /* if there is a state, add it */
+                        if (!xs_is_null(state) && *state) {
+                            *body = xs_str_cat(*body, "&state=");
+                            *body = xs_str_cat(*body, state);
+                        }
+                        srv_log(xs_fmt("oauth x-snac-login: '%s' success, redirect to %s",
                                   login, *body));
-                    /* assign the login to the app */
+                        /* assign the login to the app */
-                    xs *app = app_get(cid);
+                        xs *app = app_get(cid);
-                    if (app != NULL) {
+                        if (app != NULL) {
-                        app = xs_dict_set(app, "uid",  login);
+                            app = xs_dict_set(app, "uid",  login);
-                        app = xs_dict_set(app, "code", code);
+                            app = xs_dict_set(app, "code", code);
-                        app_add(cid, app);
+                            app_add(cid, app);
+                        }
+                        else
+                            srv_log(xs_fmt("oauth x-snac-login: error getting app %s", cid));
+                    }
+                    else {
+                        srv_debug(1, xs_fmt("oauth x-snac-login: login '%s' incorrect", login));
+                        badlogin_inc(login, addr);
                    }
-                    else
-                        srv_log(xs_fmt("oauth x-snac-login: error getting app %s", cid));
                }
-                else
-                    srv_debug(1, xs_fmt("oauth x-snac-login: login '%s' incorrect", login));
                user_free(&snac);
            }
@@ -474,29 +481,36 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
            snac user;
            if (user_open(&user, login)) {
-                /* check the login + password */
+                const char *addr = xs_or(xs_dict_get(req, "remote-addr"),
-                if (check_password(login, passwd, xs_dict_get(user.config, "passwd"))) {
+                                         xs_dict_get(req, "x-forwarded-for"));
-                    /* success! create a new token */
-                    xs *tokid = random_str();
+                if (badlogin_check(login, addr)) {
+                    /* check the login + password */
+                    if (check_password(login, passwd, xs_dict_get(user.config, "passwd"))) {
+                        /* success! create a new token */
+                        xs *tokid = random_str();
-                    srv_debug(1, xs_fmt("x-snac-new-token: "
+                        srv_debug(1, xs_fmt("x-snac-new-token: "
                                    "successful login for %s, new token %s", login, tokid));
-                    xs *token = xs_dict_new();
+                        xs *token = xs_dict_new();
-                    token = xs_dict_append(token, "token",         tokid);
+                        token = xs_dict_append(token, "token",         tokid);
-                    token = xs_dict_append(token, "client_id",     "snac-client");
+                        token = xs_dict_append(token, "client_id",     "snac-client");
-                    token = xs_dict_append(token, "client_secret", "");
+                        token = xs_dict_append(token, "client_secret", "");
-                    token = xs_dict_append(token, "uid",           login);
+                        token = xs_dict_append(token, "uid",           login);
-                    token = xs_dict_append(token, "code",          "");
+                        token = xs_dict_append(token, "code",          "");
-                    token_add(tokid, token);
+                        token_add(tokid, token);
-                    *ctype = "text/plain";
+                        *ctype = "text/plain";
-                    xs_free(*body);
+                        xs_free(*body);
-                    *body = xs_dup(tokid);
+                        *body = xs_dup(tokid);
-                }
+                    }
+                    else
+                        badlogin_inc(login, addr);
-                user_free(&user);
+                    user_free(&user);
+                }
            }
        }
    }
author	default	2024-12-20 08:33:02 +0100
committer	default	2024-12-20 08:33:02 +0100
commit	664f9cbeefa5af10d37b3f9f7a987e484d0ab885 (patch)
tree	06d9a0bc86b7f8c57af125197d5565dbcc7348e0 /mastoapi.c
parent	Updated documentation. (diff)
download	penes-snac2-664f9cbeefa5af10d37b3f9f7a987e484d0ab885.tar.gz penes-snac2-664f9cbeefa5af10d37b3f9f7a987e484d0ab885.tar.xz penes-snac2-664f9cbeefa5af10d37b3f9f7a987e484d0ab885.zip

diff --git a/mastoapi.c b/mastoapi.c index 2c8c04d..ea550d6 100644 --- a/mastoapi.c +++ b/mastoapi.c
@@ -293,47 +293,54 @@ int oauth_post_handler(const xs_dict req, const char q_path,
293	snac snac;	293	snac snac;
294		294
295	if (user_open(&snac, login)) {	295	if (user_open(&snac, login)) {
296	/* check the login + password */	296	const char *addr = xs_or(xs_dict_get(req, "remote-addr"),
297	if (check_password(login, passwd, xs_dict_get(snac.config, "passwd"))) {	297	xs_dict_get(req, "x-forwarded-for"));
298	/* success! redirect to the desired uri */
299	xs *code = random_str();
300		298
301	xs_free(*body);	299	if (badlogin_check(login, addr)) {
		300	/* check the login + password */
		301	if (check_password(login, passwd, xs_dict_get(snac.config, "passwd"))) {
		302	/* success! redirect to the desired uri */
		303	xs *code = random_str();
302		304
303	if (strcmp(redir, "urn:ietf:wg:oauth:2.0:oob") == 0) {	305	xs_free(*body);
304	*body = xs_dup(code);
305	}
306	else {
307	if (xs_str_in(redir, "?") != -1)
308	*body = xs_fmt("%s&code=%s", redir, code);
309	else
310	*body = xs_fmt("%s?code=%s", redir, code);
311		306
312	status = HTTP_STATUS_SEE_OTHER;	307	if (strcmp(redir, "urn:ietf:wg:oauth:2.0:oob") == 0) {
313	}	308	*body = xs_dup(code);
		309	}
		310	else {
		311	if (xs_str_in(redir, "?") != -1)
		312	*body = xs_fmt("%s&code=%s", redir, code);
		313	else
		314	*body = xs_fmt("%s?code=%s", redir, code);
314		315
315	/* if there is a state, add it */	316	status = HTTP_STATUS_SEE_OTHER;
316	if (!xs_is_null(state) && *state) {	317	}
317	body = xs_str_cat(body, "&state=");
318	body = xs_str_cat(body, state);
319	}
320		318
321	srv_log(xs_fmt("oauth x-snac-login: '%s' success, redirect to %s",	319	/* if there is a state, add it */
		320	if (!xs_is_null(state) && *state) {
		321	body = xs_str_cat(body, "&state=");
		322	body = xs_str_cat(body, state);
		323	}
		324
		325	srv_log(xs_fmt("oauth x-snac-login: '%s' success, redirect to %s",
322	login, *body));	326	login, *body));
323		327
324	/* assign the login to the app */	328	/* assign the login to the app */
325	xs *app = app_get(cid);	329	xs *app = app_get(cid);
326		330
327	if (app != NULL) {	331	if (app != NULL) {
328	app = xs_dict_set(app, "uid", login);	332	app = xs_dict_set(app, "uid", login);
329	app = xs_dict_set(app, "code", code);	333	app = xs_dict_set(app, "code", code);
330	app_add(cid, app);	334	app_add(cid, app);
		335	}
		336	else
		337	srv_log(xs_fmt("oauth x-snac-login: error getting app %s", cid));
		338	}
		339	else {
		340	srv_debug(1, xs_fmt("oauth x-snac-login: login '%s' incorrect", login));
		341	badlogin_inc(login, addr);
331	}	342	}
332	else
333	srv_log(xs_fmt("oauth x-snac-login: error getting app %s", cid));
334	}	343	}
335	else
336	srv_debug(1, xs_fmt("oauth x-snac-login: login '%s' incorrect", login));
337		344
338	user_free(&snac);	345	user_free(&snac);
339	}	346	}
@@ -474,29 +481,36 @@ int oauth_post_handler(const xs_dict req, const char q_path,
474	snac user;	481	snac user;
475		482
476	if (user_open(&user, login)) {	483	if (user_open(&user, login)) {
477	/* check the login + password */	484	const char *addr = xs_or(xs_dict_get(req, "remote-addr"),
478	if (check_password(login, passwd, xs_dict_get(user.config, "passwd"))) {	485	xs_dict_get(req, "x-forwarded-for"));
479	/* success! create a new token */	486
480	xs *tokid = random_str();	487	if (badlogin_check(login, addr)) {
		488	/* check the login + password */
		489	if (check_password(login, passwd, xs_dict_get(user.config, "passwd"))) {
		490	/* success! create a new token */
		491	xs *tokid = random_str();
481		492
482	srv_debug(1, xs_fmt("x-snac-new-token: "	493	srv_debug(1, xs_fmt("x-snac-new-token: "
483	"successful login for %s, new token %s", login, tokid));	494	"successful login for %s, new token %s", login, tokid));
484		495
485	xs *token = xs_dict_new();	496	xs *token = xs_dict_new();
486	token = xs_dict_append(token, "token", tokid);	497	token = xs_dict_append(token, "token", tokid);
487	token = xs_dict_append(token, "client_id", "snac-client");	498	token = xs_dict_append(token, "client_id", "snac-client");
488	token = xs_dict_append(token, "client_secret", "");	499	token = xs_dict_append(token, "client_secret", "");
489	token = xs_dict_append(token, "uid", login);	500	token = xs_dict_append(token, "uid", login);
490	token = xs_dict_append(token, "code", "");	501	token = xs_dict_append(token, "code", "");
491		502
492	token_add(tokid, token);	503	token_add(tokid, token);
493		504
494	*ctype = "text/plain";	505	*ctype = "text/plain";
495	xs_free(*body);	506	xs_free(*body);
496	*body = xs_dup(tokid);	507	*body = xs_dup(tokid);
497	}	508	}
		509	else
		510	badlogin_inc(login, addr);
498		511
499	user_free(&user);	512	user_free(&user);
		513	}
500	}	514	}
501	}	515	}
502	}	516	}