diff options
Diffstat (limited to 'mastoapi.c')
| -rw-r--r-- | mastoapi.c | 110 |
1 files changed, 62 insertions, 48 deletions
| @@ -293,47 +293,54 @@ int oauth_post_handler(const xs_dict *req, const char *q_path, | |||
| 293 | snac snac; | 293 | snac snac; |
| 294 | 294 | ||
| 295 | if (user_open(&snac, login)) { | 295 | if (user_open(&snac, login)) { |
| 296 | /* check the login + password */ | 296 | const char *addr = xs_or(xs_dict_get(req, "remote-addr"), |
| 297 | if (check_password(login, passwd, xs_dict_get(snac.config, "passwd"))) { | 297 | xs_dict_get(req, "x-forwarded-for")); |
| 298 | /* success! redirect to the desired uri */ | ||
| 299 | xs *code = random_str(); | ||
| 300 | 298 | ||
| 301 | xs_free(*body); | 299 | if (badlogin_check(login, addr)) { |
| 300 | /* check the login + password */ | ||
| 301 | if (check_password(login, passwd, xs_dict_get(snac.config, "passwd"))) { | ||
| 302 | /* success! redirect to the desired uri */ | ||
| 303 | xs *code = random_str(); | ||
| 302 | 304 | ||
| 303 | if (strcmp(redir, "urn:ietf:wg:oauth:2.0:oob") == 0) { | 305 | xs_free(*body); |
| 304 | *body = xs_dup(code); | ||
| 305 | } | ||
| 306 | else { | ||
| 307 | if (xs_str_in(redir, "?") != -1) | ||
| 308 | *body = xs_fmt("%s&code=%s", redir, code); | ||
| 309 | else | ||
| 310 | *body = xs_fmt("%s?code=%s", redir, code); | ||
| 311 | 306 | ||
| 312 | status = HTTP_STATUS_SEE_OTHER; | 307 | if (strcmp(redir, "urn:ietf:wg:oauth:2.0:oob") == 0) { |
| 313 | } | 308 | *body = xs_dup(code); |
| 309 | } | ||
| 310 | else { | ||
| 311 | if (xs_str_in(redir, "?") != -1) | ||
| 312 | *body = xs_fmt("%s&code=%s", redir, code); | ||
| 313 | else | ||
| 314 | *body = xs_fmt("%s?code=%s", redir, code); | ||
| 314 | 315 | ||
| 315 | /* if there is a state, add it */ | 316 | status = HTTP_STATUS_SEE_OTHER; |
| 316 | if (!xs_is_null(state) && *state) { | 317 | } |
| 317 | *body = xs_str_cat(*body, "&state="); | ||
| 318 | *body = xs_str_cat(*body, state); | ||
| 319 | } | ||
| 320 | 318 | ||
| 321 | srv_log(xs_fmt("oauth x-snac-login: '%s' success, redirect to %s", | 319 | /* if there is a state, add it */ |
| 320 | if (!xs_is_null(state) && *state) { | ||
| 321 | *body = xs_str_cat(*body, "&state="); | ||
| 322 | *body = xs_str_cat(*body, state); | ||
| 323 | } | ||
| 324 | |||
| 325 | srv_log(xs_fmt("oauth x-snac-login: '%s' success, redirect to %s", | ||
| 322 | login, *body)); | 326 | login, *body)); |
| 323 | 327 | ||
| 324 | /* assign the login to the app */ | 328 | /* assign the login to the app */ |
| 325 | xs *app = app_get(cid); | 329 | xs *app = app_get(cid); |
| 326 | 330 | ||
| 327 | if (app != NULL) { | 331 | if (app != NULL) { |
| 328 | app = xs_dict_set(app, "uid", login); | 332 | app = xs_dict_set(app, "uid", login); |
| 329 | app = xs_dict_set(app, "code", code); | 333 | app = xs_dict_set(app, "code", code); |
| 330 | app_add(cid, app); | 334 | app_add(cid, app); |
| 335 | } | ||
| 336 | else | ||
| 337 | srv_log(xs_fmt("oauth x-snac-login: error getting app %s", cid)); | ||
| 338 | } | ||
| 339 | else { | ||
| 340 | srv_debug(1, xs_fmt("oauth x-snac-login: login '%s' incorrect", login)); | ||
| 341 | badlogin_inc(login, addr); | ||
| 331 | } | 342 | } |
| 332 | else | ||
| 333 | srv_log(xs_fmt("oauth x-snac-login: error getting app %s", cid)); | ||
| 334 | } | 343 | } |
| 335 | else | ||
| 336 | srv_debug(1, xs_fmt("oauth x-snac-login: login '%s' incorrect", login)); | ||
| 337 | 344 | ||
| 338 | user_free(&snac); | 345 | user_free(&snac); |
| 339 | } | 346 | } |
| @@ -474,29 +481,36 @@ int oauth_post_handler(const xs_dict *req, const char *q_path, | |||
| 474 | snac user; | 481 | snac user; |
| 475 | 482 | ||
| 476 | if (user_open(&user, login)) { | 483 | if (user_open(&user, login)) { |
| 477 | /* check the login + password */ | 484 | const char *addr = xs_or(xs_dict_get(req, "remote-addr"), |
| 478 | if (check_password(login, passwd, xs_dict_get(user.config, "passwd"))) { | 485 | xs_dict_get(req, "x-forwarded-for")); |
| 479 | /* success! create a new token */ | 486 | |
| 480 | xs *tokid = random_str(); | 487 | if (badlogin_check(login, addr)) { |
| 488 | /* check the login + password */ | ||
| 489 | if (check_password(login, passwd, xs_dict_get(user.config, "passwd"))) { | ||
| 490 | /* success! create a new token */ | ||
| 491 | xs *tokid = random_str(); | ||
| 481 | 492 | ||
| 482 | srv_debug(1, xs_fmt("x-snac-new-token: " | 493 | srv_debug(1, xs_fmt("x-snac-new-token: " |
| 483 | "successful login for %s, new token %s", login, tokid)); | 494 | "successful login for %s, new token %s", login, tokid)); |
| 484 | 495 | ||
| 485 | xs *token = xs_dict_new(); | 496 | xs *token = xs_dict_new(); |
| 486 | token = xs_dict_append(token, "token", tokid); | 497 | token = xs_dict_append(token, "token", tokid); |
| 487 | token = xs_dict_append(token, "client_id", "snac-client"); | 498 | token = xs_dict_append(token, "client_id", "snac-client"); |
| 488 | token = xs_dict_append(token, "client_secret", ""); | 499 | token = xs_dict_append(token, "client_secret", ""); |
| 489 | token = xs_dict_append(token, "uid", login); | 500 | token = xs_dict_append(token, "uid", login); |
| 490 | token = xs_dict_append(token, "code", ""); | 501 | token = xs_dict_append(token, "code", ""); |
| 491 | 502 | ||
| 492 | token_add(tokid, token); | 503 | token_add(tokid, token); |
| 493 | 504 | ||
| 494 | *ctype = "text/plain"; | 505 | *ctype = "text/plain"; |
| 495 | xs_free(*body); | 506 | xs_free(*body); |
| 496 | *body = xs_dup(tokid); | 507 | *body = xs_dup(tokid); |
| 497 | } | 508 | } |
| 509 | else | ||
| 510 | badlogin_inc(login, addr); | ||
| 498 | 511 | ||
| 499 | user_free(&user); | 512 | user_free(&user); |
| 513 | } | ||
| 500 | } | 514 | } |
| 501 | } | 515 | } |
| 502 | } | 516 | } |