diff options
| author |  default | 2023-04-10 12:55:03 +0200 |
|---|---|---|
| committer | default | 2023-04-10 12:55:03 +0200 |
| commit | 3fb651b7b124dbe398e4099a233074a145ea482d (patch) | |
| tree | 79ce496833e2a5de1a1ab811508a326a3769ccb0 /mastoapi.c | |
| parent | New function mastoapi_id(), that creates mostly-compatible Ids. (diff) | |
| download | snac2-3fb651b7b124dbe398e4099a233074a145ea482d.tar.gz snac2-3fb651b7b124dbe398e4099a233074a145ea482d.tar.xz snac2-3fb651b7b124dbe398e4099a233074a145ea482d.zip | |
Added some tweaks for AndStatus, that does some things different (still non-working).
AndStatus expects a 'state' field to be propagated and doesn't send
the 'client_secret' as a GET argument, but in a Basic authorization header.
Diffstat (limited to 'mastoapi.c')
| -rw-r--r-- | mastoapi.c | 38 |
1 files changed, 36 insertions, 2 deletions
| @@ -158,6 +158,7 @@ const char *login_page = "" | |||
| 158 | "<p>Password: <input type=\"password\" name=\"passwd\"></p>\n" | 158 | "<p>Password: <input type=\"password\" name=\"passwd\"></p>\n" |
| 159 | "<input type=\"hidden\" name=\"redir\" value=\"%s\">\n" | 159 | "<input type=\"hidden\" name=\"redir\" value=\"%s\">\n" |
| 160 | "<input type=\"hidden\" name=\"cid\" value=\"%s\">\n" | 160 | "<input type=\"hidden\" name=\"cid\" value=\"%s\">\n" |
| 161 | "<input type=\"hidden\" name=\"state\" value=\"%s\">\n" | ||
| 161 | "<input type=\"submit\" value=\"OK\">\n" | 162 | "<input type=\"submit\" value=\"OK\">\n" |
| 162 | "</form><p>%s</p></body>\n" | 163 | "</form><p>%s</p></body>\n" |
| 163 | ""; | 164 | ""; |
| @@ -183,6 +184,7 @@ int oauth_get_handler(const xs_dict *req, const char *q_path, | |||
| 183 | const char *cid = xs_dict_get(msg, "client_id"); | 184 | const char *cid = xs_dict_get(msg, "client_id"); |
| 184 | const char *ruri = xs_dict_get(msg, "redirect_uri"); | 185 | const char *ruri = xs_dict_get(msg, "redirect_uri"); |
| 185 | const char *rtype = xs_dict_get(msg, "response_type"); | 186 | const char *rtype = xs_dict_get(msg, "response_type"); |
| 187 | const char *state = xs_dict_get(msg, "state"); | ||
| 186 | 188 | ||
| 187 | status = 400; | 189 | status = 400; |
| 188 | 190 | ||
| @@ -192,7 +194,10 @@ int oauth_get_handler(const xs_dict *req, const char *q_path, | |||
| 192 | if (app != NULL) { | 194 | if (app != NULL) { |
| 193 | const char *host = xs_dict_get(srv_config, "host"); | 195 | const char *host = xs_dict_get(srv_config, "host"); |
| 194 | 196 | ||
| 195 | *body = xs_fmt(login_page, host, "", host, ruri, cid, USER_AGENT); | 197 | if (xs_is_null(state)) |
| 198 | state = ""; | ||
| 199 | |||
| 200 | *body = xs_fmt(login_page, host, "", host, ruri, cid, state, USER_AGENT); | ||
| 196 | *ctype = "text/html"; | 201 | *ctype = "text/html"; |
| 197 | status = 200; | 202 | status = 200; |
| 198 | 203 | ||
| @@ -232,11 +237,12 @@ int oauth_post_handler(const xs_dict *req, const char *q_path, | |||
| 232 | const char *passwd = xs_dict_get(msg, "passwd"); | 237 | const char *passwd = xs_dict_get(msg, "passwd"); |
| 233 | const char *redir = xs_dict_get(msg, "redir"); | 238 | const char *redir = xs_dict_get(msg, "redir"); |
| 234 | const char *cid = xs_dict_get(msg, "cid"); | 239 | const char *cid = xs_dict_get(msg, "cid"); |
| 240 | const char *state = xs_dict_get(msg, "state"); | ||
| 235 | 241 | ||
| 236 | const char *host = xs_dict_get(srv_config, "host"); | 242 | const char *host = xs_dict_get(srv_config, "host"); |
| 237 | 243 | ||
| 238 | /* by default, generate another login form with an error */ | 244 | /* by default, generate another login form with an error */ |
| 239 | *body = xs_fmt(login_page, host, "LOGIN INCORRECT", host, redir, cid, USER_AGENT); | 245 | *body = xs_fmt(login_page, host, "LOGIN INCORRECT", host, redir, cid, state, USER_AGENT); |
| 240 | *ctype = "text/html"; | 246 | *ctype = "text/html"; |
| 241 | status = 200; | 247 | status = 200; |
| 242 | 248 | ||
| @@ -254,6 +260,12 @@ int oauth_post_handler(const xs_dict *req, const char *q_path, | |||
| 254 | *body = xs_fmt("%s?code=%s", redir, code); | 260 | *body = xs_fmt("%s?code=%s", redir, code); |
| 255 | status = 303; | 261 | status = 303; |
| 256 | 262 | ||
| 263 | /* if there is a state, add it */ | ||
| 264 | if (!xs_is_null(state) && *state) { | ||
| 265 | *body = xs_str_cat(*body, "&state="); | ||
| 266 | *body = xs_str_cat(*body, state); | ||
| 267 | } | ||
| 268 | |||
| 257 | srv_debug(0, xs_fmt("oauth x-snac-login: success, redirect to %s", *body)); | 269 | srv_debug(0, xs_fmt("oauth x-snac-login: success, redirect to %s", *body)); |
| 258 | 270 | ||
| 259 | /* assign the login to the app */ | 271 | /* assign the login to the app */ |
| @@ -285,6 +297,28 @@ int oauth_post_handler(const xs_dict *req, const char *q_path, | |||
| 285 | const char *cid = xs_dict_get(msg, "client_id"); | 297 | const char *cid = xs_dict_get(msg, "client_id"); |
| 286 | const char *csec = xs_dict_get(msg, "client_secret"); | 298 | const char *csec = xs_dict_get(msg, "client_secret"); |
| 287 | const char *ruri = xs_dict_get(msg, "redirect_uri"); | 299 | const char *ruri = xs_dict_get(msg, "redirect_uri"); |
| 300 | xs *wrk = NULL; | ||
| 301 | |||
| 302 | /* no client_secret? check if it's inside an authorization header | ||
| 303 | (AndStatus does it this way) */ | ||
| 304 | if (xs_is_null(csec)) { | ||
| 305 | const char *auhdr = xs_dict_get(req, "authorization"); | ||
| 306 | |||
| 307 | if (!xs_is_null(auhdr) && xs_startswith(auhdr, "Basic ")) { | ||
| 308 | xs *s1 = xs_replace(auhdr, "Basic ", ""); | ||
| 309 | int size; | ||
| 310 | xs *s2 = xs_base64_dec(s1, &size); | ||
| 311 | |||
| 312 | if (!xs_is_null(s2)) { | ||
| 313 | xs *l1 = xs_split(s2, ":"); | ||
| 314 | |||
| 315 | if (xs_list_len(l1) == 2) { | ||
| 316 | wrk = xs_dup(xs_list_get(l1, 1)); | ||
| 317 | csec = wrk; | ||
| 318 | } | ||
| 319 | } | ||
| 320 | } | ||
| 321 | } | ||
| 288 | 322 | ||
| 289 | if (gtype && code && cid && csec && ruri) { | 323 | if (gtype && code && cid && csec && ruri) { |
| 290 | xs *app = app_get(cid); | 324 | xs *app = app_get(cid); |