[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: keep using Bearer prefix
|
From: |
gnunet |
|
Subject: |
[taler-merchant] branch master updated: keep using Bearer prefix |
|
Date: |
Wed, 06 Sep 2023 22:59:02 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new c68a0b30 keep using Bearer prefix
c68a0b30 is described below
commit c68a0b309f570454423efb9eb6404208e0cae3d9
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Wed Sep 6 22:58:57 2023 +0200
keep using Bearer prefix
---
src/backend/taler-merchant-httpd.c | 44 +++++++++++-----------
...chant-httpd_private-delete-instances-ID-token.c | 26 +++++++++++++
...erchant-httpd_private-post-instances-ID-token.c | 37 ++++++++++++------
src/testing/test_merchant_instance_auth.sh | 8 ++--
4 files changed, 77 insertions(+), 38 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c
b/src/backend/taler-merchant-httpd.c
index b714ac8c..dfffa36d 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -199,17 +199,23 @@ TMH_check_token (const char *token,
enum GNUNET_DB_QueryStatus qs;
struct TALER_MERCHANTDB_LoginTokenP btoken;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "checking token %s\n",
- token);
if (NULL == token)
return TMH_AS_NONE;
+ /* This was presumably checked before... */
+ GNUNET_assert (0 == strncasecmp (token,
+ RFC_8959_PREFIX,
+ strlen (RFC_8959_PREFIX)));
+ token += strlen (RFC_8959_PREFIX);
+
if (GNUNET_OK !=
GNUNET_STRINGS_string_to_data (token,
strlen (token),
&btoken,
sizeof (btoken)))
{
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to convert %s\n",
+ token);
GNUNET_break_op (0);
return TMH_AS_NONE;
}
@@ -227,24 +233,18 @@ TMH_check_token (const char *token,
}
if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Token %s unknown\n",
- token);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Token unknown\n");
return TMH_AS_NONE;
}
if (GNUNET_TIME_absolute_is_past (expiration.abs_time))
{
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Token %s expired\n",
- token);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Token expired\n");
/* FIXME: may want to return special EC to indicate
(recently) expired token in the future */
return TMH_AS_NONE;
}
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Token %s has scope %d\n",
- token,
- scope);
return scope;
}
@@ -622,12 +622,14 @@ extract_token (const char **auth)
const char *bearer = "Bearer ";
const char *tok = *auth;
- if (0 != strncmp (tok, bearer, strlen (bearer)))
+ if (0 != strncmp (tok,
+ bearer,
+ strlen (bearer)))
{
*auth = NULL;
return;
}
- tok = tok + strlen (bearer);
+ tok += strlen (bearer);
while (' ' == *tok)
tok++;
if (0 != strncasecmp (tok,
@@ -1771,16 +1773,14 @@ url_handler (void *cls,
if (public_handlers != handlers)
{
const char *auth;
- const char *tok;
bool auth_ok;
bool auth_malformed = false;
/* PATCHing an instance can alternatively be checked against
the default instance */
- tok = MHD_lookup_connection_value (connection,
- MHD_HEADER_KIND,
- MHD_HTTP_HEADER_AUTHORIZATION);
- auth = tok;
+ auth = MHD_lookup_connection_value (connection,
+ MHD_HEADER_KIND,
+ MHD_HTTP_HEADER_AUTHORIZATION);
if (NULL != auth)
{
/* We _only_ complain about malformed auth headers if
@@ -1816,10 +1816,8 @@ url_handler (void *cls,
TMH_default_auth)) );
hc->auth_scope = auth_ok
? TMH_AS_ALL
- : TMH_check_token (tok,
+ : TMH_check_token (auth,
hc->instance->settings.id);
- if (TMH_AS_NONE != hc->auth_scope)
- auth_malformed = false;
/* We grant access if:
- scope is 'all'
- rh has an explicit non-NONE scope that matches
diff --git
a/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
index 242b583a..28690433 100644
--- a/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
+++ b/src/backend/taler-merchant-httpd_private-delete-instances-ID-token.c
@@ -33,6 +33,7 @@ TMH_private_delete_instances_ID_token (const struct
TMH_RequestHandler *rh,
struct MHD_Connection *connection,
struct TMH_HandlerContext *hc)
{
+ const char *bearer = "Bearer ";
struct TMH_MerchantInstance *mi = hc->instance;
const char *tok;
struct TALER_MERCHANTDB_LoginTokenP btoken;
@@ -41,6 +42,31 @@ TMH_private_delete_instances_ID_token (const struct
TMH_RequestHandler *rh,
tok = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_AUTHORIZATION);
+ /* This was presumably checked before... */
+ if (0 !=
+ strncmp (tok,
+ bearer,
+ strlen (bearer)))
+ {
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_ec (connection,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "login token (in 'Authorization' header)");
+ }
+ tok += strlen (bearer);
+ while (' ' == *tok)
+ tok++;
+ if (0 != strncasecmp (tok,
+ RFC_8959_PREFIX,
+ strlen (RFC_8959_PREFIX)))
+ {
+ GNUNET_break_op (0);
+ return TALER_MHD_reply_with_ec (connection,
+ TALER_EC_GENERIC_PARAMETER_MALFORMED,
+ "login token (in 'Authorization' header)");
+ }
+ tok += strlen (RFC_8959_PREFIX);
+
if (GNUNET_OK !=
GNUNET_STRINGS_string_to_data (tok,
strlen (tok),
diff --git a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
index 839c68d1..a223a882 100644
--- a/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
+++ b/src/backend/taler-merchant-httpd_private-post-instances-ID-token.c
@@ -117,17 +117,32 @@ TMH_private_post_instances_ID_token (const struct
TMH_RequestHandler *rh,
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
break;
}
- return TALER_MHD_REPLY_JSON_PACK (
- connection,
- MHD_HTTP_OK,
- GNUNET_JSON_pack_data_auto ("token",
- &btoken),
- GNUNET_JSON_pack_string ("scope",
- scope),
- GNUNET_JSON_pack_bool ("refreshable",
- refreshable),
- GNUNET_JSON_pack_timestamp ("expiration",
- expiration_time));
+
+ {
+ char *tok;
+ MHD_RESULT ret;
+ char *val;
+
+ val = GNUNET_STRINGS_data_to_string_alloc (&btoken,
+ sizeof (btoken));
+ GNUNET_asprintf (&tok,
+ RFC_8959_PREFIX "%s",
+ val);
+ GNUNET_free (val);
+ ret = TALER_MHD_REPLY_JSON_PACK (
+ connection,
+ MHD_HTTP_OK,
+ GNUNET_JSON_pack_string ("token",
+ tok),
+ GNUNET_JSON_pack_string ("scope",
+ scope),
+ GNUNET_JSON_pack_bool ("refreshable",
+ refreshable),
+ GNUNET_JSON_pack_timestamp ("expiration",
+ expiration_time));
+ GNUNET_free (tok);
+ return ret;
+ }
}
diff --git a/src/testing/test_merchant_instance_auth.sh
b/src/testing/test_merchant_instance_auth.sh
index d1315b73..58cee79d 100755
--- a/src/testing/test_merchant_instance_auth.sh
+++ b/src/testing/test_merchant_instance_auth.sh
@@ -175,7 +175,7 @@ echo " OK" >&2
echo -n "Using login token..." >&2
STATUS=$(curl "http://localhost:9966/instances/second/private/orders"; \
- -H 'Authorization: '"$TOKEN" \
+ -H 'Authorization: Bearer '"$TOKEN" \
-w "%{http_code}" -s -o "$LAST_RESPONSE")
if [ "$STATUS" != "200" ]
@@ -189,7 +189,7 @@ echo " OK" >&2
echo -n "Refreshing login token..." >&2
STATUS=$(curl -H "Content-Type: application/json" -X POST \
- -H 'Authorization: '"$TOKEN" \
+ -H 'Authorization: Bearer '"$TOKEN" \
http://localhost:9966/instances/second/private/token \
-d '{"scope":"write","refreshable":true}' \
-w "%{http_code}" -s -o "$LAST_RESPONSE")
@@ -206,7 +206,7 @@ echo " OK" >&2
echo -n "Deleting login token..." >&2
STATUS=$(curl -H "Content-Type: application/json" -X DELETE \
- -H 'Authorization: '"$TOKEN" \
+ -H 'Authorization: Bearer '"$TOKEN" \
http://localhost:9966/instances/second/private/token \
-w "%{http_code}" -s -o "$LAST_RESPONSE")
@@ -220,7 +220,7 @@ echo " OK" >&2
echo -n "Using deleted login token..." >&2
STATUS=$(curl "http://localhost:9966/instances/second/private/orders"; \
- -H 'Authorization: '"$TOKEN" \
+ -H 'Authorization: Bearer '"$TOKEN" \
-w "%{http_code}" -s -o "$LAST_RESPONSE")
if [ "$STATUS" != "401" ]
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: keep using Bearer prefix,
gnunet <=