[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: add logic to handle redirection
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: add logic to handle redirection with authentication failure status |
|
Date: |
Wed, 14 Feb 2024 15:27:25 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 303606b7 add logic to handle redirection with authentication failure
status
303606b7 is described below
commit 303606b7cebab524bd420859c985d4d3cc7ccd62
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Wed Feb 14 15:27:22 2024 +0100
add logic to handle redirection with authentication failure status
---
contrib/Makefile.am.in | 1 +
contrib/oauth2-authentication-failure.en.must | 16 ++++++
src/kyclogic/plugin_kyclogic_oauth2.c | 74 +++++++++++++++++++++++----
3 files changed, 81 insertions(+), 10 deletions(-)
diff --git a/contrib/Makefile.am.in b/contrib/Makefile.am.in
index 828e2913..268e423b 100644
--- a/contrib/Makefile.am.in
+++ b/contrib/Makefile.am.in
@@ -11,6 +11,7 @@ dist_tmplpkgdata_DATA = \
kyc-proof-internal-error.en.must \
kyc-proof-logic-failure.en.must \
kyc-proof-target-unknown.en.must \
+ oauth2-authentication-failure.en.must \
oauth2-authorization-failure.en.must \
oauth2-authorization-failure-malformed.en.must \
oauth2-bad-request.en.must \
diff --git a/contrib/oauth2-authentication-failure.en.must
b/contrib/oauth2-authentication-failure.en.must
new file mode 100644
index 00000000..53742326
--- /dev/null
+++ b/contrib/oauth2-authentication-failure.en.must
@@ -0,0 +1,16 @@
+<html>
+<head>
+<title>403: Authentication by KYC server failed</title>
+</head>
+<body>
+ You failed the authentication check.
+ The transaction remains blocked.
+ Please obtain proper credentials and try again to proceed.
+<pre>
+<!-- as provided by OAuth2.0 server --> {{ error }}:
+<!-- optional, as provided by OAuth2.0 server --> {{ error_description }}
+
+<!-- optional link (render as link if present!), as provided by OAuth2.0
server --> {{ error_uri }}
+</pre>
+</body>
+</html>
diff --git a/src/kyclogic/plugin_kyclogic_oauth2.c
b/src/kyclogic/plugin_kyclogic_oauth2.c
index 250875cd..6ffa55d5 100644
--- a/src/kyclogic/plugin_kyclogic_oauth2.c
+++ b/src/kyclogic/plugin_kyclogic_oauth2.c
@@ -1426,23 +1426,76 @@ oauth2_proof (void *cls,
"code");
if (NULL == code)
{
+ const char *err;
+ const char *desc;
+ const char *euri;
json_t *body;
- GNUNET_break_op (0);
- ph->status = TALER_KYCLOGIC_STATUS_USER_PENDING;
- ph->http_status = MHD_HTTP_BAD_REQUEST;
+ err = MHD_lookup_connection_value (connection,
+ MHD_GET_ARGUMENT_KIND,
+ "error");
+ if (NULL == err)
+ {
+ GNUNET_break_op (0);
+ ph->status = TALER_KYCLOGIC_STATUS_USER_PENDING;
+ ph->http_status = MHD_HTTP_BAD_REQUEST;
+ body = GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_bool ("debug",
+ ph->pd->debug_mode),
+ GNUNET_JSON_pack_string ("message",
+ "'code' parameter malformed"),
+ TALER_JSON_pack_ec (
+ TALER_EC_GENERIC_PARAMETER_MALFORMED));
+ GNUNET_break (
+ GNUNET_SYSERR !=
+ TALER_TEMPLATING_build (ph->connection,
+ &ph->http_status,
+ "oauth2-bad-request",
+ NULL,
+ NULL,
+ body,
+ &ph->response));
+ json_decref (body);
+ ph->task = GNUNET_SCHEDULER_add_now (&return_proof_response,
+ ph);
+ return ph;
+ }
+ desc = MHD_lookup_connection_value (connection,
+ MHD_GET_ARGUMENT_KIND,
+ "error_description");
+ euri = MHD_lookup_connection_value (connection,
+ MHD_GET_ARGUMENT_KIND,
+ "error_uri");
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "OAuth2 process %llu failed with error `%s'\n",
+ (unsigned long long) process_row,
+ err);
+ if (0 == strcmp (err,
+ "server_error"))
+ ph->status = TALER_KYCLOGIC_STATUS_PROVIDER_FAILED;
+ else if (0 == strcmp (err,
+ "unauthorized_client"))
+ ph->status = TALER_KYCLOGIC_STATUS_FAILED;
+ else if (0 == strcmp (err,
+ "temporarily_unavailable"))
+ ph->status = TALER_KYCLOGIC_STATUS_PENDING;
+ else
+ ph->status = TALER_KYCLOGIC_STATUS_INTERNAL_ERROR;
+ ph->http_status = MHD_HTTP_FORBIDDEN;
body = GNUNET_JSON_PACK (
- GNUNET_JSON_pack_bool ("debug",
- ph->pd->debug_mode),
- GNUNET_JSON_pack_string ("message",
- "'code' parameter malformed"),
- TALER_JSON_pack_ec (
- TALER_EC_GENERIC_PARAMETER_MALFORMED));
+ GNUNET_JSON_pack_string ("error",
+ err),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_string ("error_details",
+ desc)),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_string ("error_uri",
+ euri)));
GNUNET_break (
GNUNET_SYSERR !=
TALER_TEMPLATING_build (ph->connection,
&ph->http_status,
- "oauth2-bad-request",
+ "oauth2-authentication-failure",
NULL,
NULL,
body,
@@ -1451,6 +1504,7 @@ oauth2_proof (void *cls,
ph->task = GNUNET_SCHEDULER_add_now (&return_proof_response,
ph);
return ph;
+
}
ph->eh = curl_easy_init ();
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: add logic to handle redirection with authentication failure status,
gnunet <=