Added some tweaks for AndStatus, that does some things different (still non-working).

AndStatus expects a 'state' field to be propagated and doesn't send
the 'client_secret' as a GET argument, but in a Basic authorization header.
This commit is contained in:
default 2023-04-10 12:55:03 +02:00
parent 1cfa00eaaf
commit 3fb651b7b1

View file

@ -158,6 +158,7 @@ const char *login_page = ""
"<p>Password: <input type=\"password\" name=\"passwd\"></p>\n"
"<input type=\"hidden\" name=\"redir\" value=\"%s\">\n"
"<input type=\"hidden\" name=\"cid\" value=\"%s\">\n"
"<input type=\"hidden\" name=\"state\" value=\"%s\">\n"
"<input type=\"submit\" value=\"OK\">\n"
"</form><p>%s</p></body>\n"
"";
@ -183,6 +184,7 @@ int oauth_get_handler(const xs_dict *req, const char *q_path,
const char *cid = xs_dict_get(msg, "client_id");
const char *ruri = xs_dict_get(msg, "redirect_uri");
const char *rtype = xs_dict_get(msg, "response_type");
const char *state = xs_dict_get(msg, "state");
status = 400;
@ -192,7 +194,10 @@ int oauth_get_handler(const xs_dict *req, const char *q_path,
if (app != NULL) {
const char *host = xs_dict_get(srv_config, "host");
*body = xs_fmt(login_page, host, "", host, ruri, cid, USER_AGENT);
if (xs_is_null(state))
state = "";
*body = xs_fmt(login_page, host, "", host, ruri, cid, state, USER_AGENT);
*ctype = "text/html";
status = 200;
@ -232,11 +237,12 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
const char *passwd = xs_dict_get(msg, "passwd");
const char *redir = xs_dict_get(msg, "redir");
const char *cid = xs_dict_get(msg, "cid");
const char *state = xs_dict_get(msg, "state");
const char *host = xs_dict_get(srv_config, "host");
/* by default, generate another login form with an error */
*body = xs_fmt(login_page, host, "LOGIN INCORRECT", host, redir, cid, USER_AGENT);
*body = xs_fmt(login_page, host, "LOGIN INCORRECT", host, redir, cid, state, USER_AGENT);
*ctype = "text/html";
status = 200;
@ -254,6 +260,12 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
*body = xs_fmt("%s?code=%s", redir, code);
status = 303;
/* if there is a state, add it */
if (!xs_is_null(state) && *state) {
*body = xs_str_cat(*body, "&state=");
*body = xs_str_cat(*body, state);
}
srv_debug(0, xs_fmt("oauth x-snac-login: success, redirect to %s", *body));
/* assign the login to the app */
@ -285,6 +297,28 @@ int oauth_post_handler(const xs_dict *req, const char *q_path,
const char *cid = xs_dict_get(msg, "client_id");
const char *csec = xs_dict_get(msg, "client_secret");
const char *ruri = xs_dict_get(msg, "redirect_uri");
xs *wrk = NULL;
/* no client_secret? check if it's inside an authorization header
(AndStatus does it this way) */
if (xs_is_null(csec)) {
const char *auhdr = xs_dict_get(req, "authorization");
if (!xs_is_null(auhdr) && xs_startswith(auhdr, "Basic ")) {
xs *s1 = xs_replace(auhdr, "Basic ", "");
int size;
xs *s2 = xs_base64_dec(s1, &size);
if (!xs_is_null(s2)) {
xs *l1 = xs_split(s2, ":");
if (xs_list_len(l1) == 2) {
wrk = xs_dup(xs_list_get(l1, 1));
csec = wrk;
}
}
}
}
if (gtype && code && cid && csec && ruri) {
xs *app = app_get(cid);