author | Michael Krelin <hacker@klever.net> | 2008-05-18 17:19:49 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-05-18 17:19:49 (UTC) |
commit | 575d19f96c275d8b77642f20a8975e1cf0100eb5 (patch) (unidiff) | |
tree | d67837d29c7cd09f2774c294e462ef9535ed544d /lib | |
parent | 2123686e53a99cd32af754d861d71ff61c026732 (diff) | |
download | libopkele-575d19f96c275d8b77642f20a8975e1cf0100eb5.zip libopkele-575d19f96c275d8b77642f20a8975e1cf0100eb5.tar.gz libopkele-575d19f96c275d8b77642f20a8975e1cf0100eb5.tar.bz2 |
more checks on response validity during token acquisition
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | lib/oauth-consumer.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/oauth-consumer.cc b/lib/oauth-consumer.cc index bb4e89b..0d31ec7 100644 --- a/lib/oauth-consumer.cc +++ b/lib/oauth-consumer.cc | |||
@@ -109,71 +109,78 @@ namespace opkele { | |||
109 | noquerize_url(hr.url,sep.url,uq); | 109 | noquerize_url(hr.url,sep.url,uq); |
110 | prepare_request(hr,uq,fields_t(),sep,rt); | 110 | prepare_request(hr,uq,fields_t(),sep,rt); |
111 | switch(sep.oauth_method) { | 111 | switch(sep.oauth_method) { |
112 | case oauth_auth_header: | 112 | case oauth_auth_header: |
113 | throw opkele::not_implemented(OPKELE_CP_ | 113 | throw opkele::not_implemented(OPKELE_CP_ |
114 | "auth header for token acquisition isn't (yet?) supported"); | 114 | "auth header for token acquisition isn't (yet?) supported"); |
115 | break; | 115 | break; |
116 | case oauth_post_body: | 116 | case oauth_post_body: |
117 | (r=curl.easy_setopt(CURLOPT_POST,1)) | 117 | (r=curl.easy_setopt(CURLOPT_POST,1)) |
118 | || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,hr.body.c_str())) | 118 | || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,hr.body.c_str())) |
119 | || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,hr.body.size())); | 119 | || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,hr.body.size())); |
120 | break; | 120 | break; |
121 | case oauth_url_query: | 121 | case oauth_url_query: |
122 | break; | 122 | break; |
123 | default: | 123 | default: |
124 | throw opkele::exception(OPKELE_CP_ /* TODO: specialize */ | 124 | throw opkele::exception(OPKELE_CP_ /* TODO: specialize */ |
125 | "invalid oauth_method for request_token endpoint"); | 125 | "invalid oauth_method for request_token endpoint"); |
126 | }; | 126 | }; |
127 | if(r) | 127 | if(r) |
128 | throw exception_curl(OPKELE_CP_ "failed to set curly options",r); | 128 | throw exception_curl(OPKELE_CP_ "failed to set curly options",r); |
129 | if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) ) | 129 | if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) ) |
130 | throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r); | 130 | throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r); |
131 | if( (r=curl.easy_perform()) ) | 131 | if( (r=curl.easy_perform()) ) |
132 | throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); | 132 | throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); |
133 | long response_code; | ||
134 | if( (r=curl.easy_getinfo(CURLINFO_RESPONSE_CODE,&response_code)) ) | ||
135 | throw exception_curl(OPKELE_CP_ "failed to retrieve curl response code",r); | ||
136 | if(response_code!=200) /* TODO: specialize exception */ | ||
137 | throw exception(OPKELE_CP_ "invalid response from the OAuth provider"); | ||
133 | token_t rv; | 138 | token_t rv; |
134 | string::size_type p=0; | 139 | string::size_type p=0; |
135 | while(p!=string::npos) { | 140 | while(p!=string::npos) { |
136 | string::size_type np = curl.response.find('&',p); | 141 | string::size_type np = curl.response.find('&',p); |
137 | string part; | 142 | string part; |
138 | if(np==string::npos) { | 143 | if(np==string::npos) { |
139 | part.assign(curl.response.c_str()+p); p = string::npos; | 144 | part.assign(curl.response.c_str()+p); p = string::npos; |
140 | }else{ | 145 | }else{ |
141 | part.assign(curl.response,p,np-p); p = np+1; | 146 | part.assign(curl.response,p,np-p); p = np+1; |
142 | } | 147 | } |
143 | string::size_type eq = part.find('='); | 148 | string::size_type eq = part.find('='); |
144 | if(eq==string::npos) continue; | 149 | if(eq==string::npos) continue; |
145 | string n(part,0,eq); | 150 | string n(part,0,eq); |
146 | if(n=="oauth_token") { | 151 | if(n=="oauth_token") { |
147 | if(!rv.key.empty()) /* TODO: specialize */ | 152 | if(!rv.key.empty()) /* TODO: specialize */ |
148 | throw opkele::exception(OPKELE_CP_ "found oauth_token twice"); | 153 | throw opkele::exception(OPKELE_CP_ "found oauth_token twice"); |
149 | rv.key = util::url_decode(part.substr(eq+1)); | 154 | rv.key = util::url_decode(part.substr(eq+1)); |
150 | }else if(n=="oauth_token_secret") { | 155 | }else if(n=="oauth_token_secret") { |
151 | if(!rv.secret.empty()) /* TODO: specialize */ | 156 | if(!rv.secret.empty()) /* TODO: specialize */ |
152 | throw opkele::exception(OPKELE_CP_ "found oauth_secret twice"); | 157 | throw opkele::exception(OPKELE_CP_ "found oauth_secret twice"); |
153 | rv.secret = util::url_decode(part.substr(eq+1)); | 158 | rv.secret = util::url_decode(part.substr(eq+1)); |
154 | } | 159 | } |
155 | } | 160 | } |
161 | if(rv.empty()) /* TODO: specialize */ | ||
162 | throw exception(OPKELE_CP_ "failed to retrieve token from OAuth provider response"); | ||
156 | return rv; | 163 | return rv; |
157 | } | 164 | } |
158 | 165 | ||
159 | http_request_t& basic_consumer::prepare_request( | 166 | http_request_t& basic_consumer::prepare_request( |
160 | http_request_t& req, | 167 | http_request_t& req, |
161 | const basic_fields& qf,const basic_fields& pf, | 168 | const basic_fields& qf,const basic_fields& pf, |
162 | oauth_method_t om,const string& sm, | 169 | oauth_method_t om,const string& sm, |
163 | const token_t *t,const string& realm) { | 170 | const token_t *t,const string& realm) { |
164 | fields_t op; | 171 | fields_t op; |
165 | op.set_field("oauth_consumer_key",consumer_token.key); | 172 | op.set_field("oauth_consumer_key",consumer_token.key); |
166 | if(t) op.set_field("oauth_token",t->key); | 173 | if(t) op.set_field("oauth_token",t->key); |
167 | op.set_field("oauth_signature_method",sm); | 174 | op.set_field("oauth_signature_method",sm); |
168 | time_t now; | 175 | time_t now; |
169 | op.set_field("oauth_timestamp", | 176 | op.set_field("oauth_timestamp", |
170 | util::long_to_string(time(&now))); | 177 | util::long_to_string(time(&now))); |
171 | op.set_field("oauth_nonce",allocate_nonce(now)); | 178 | op.set_field("oauth_nonce",allocate_nonce(now)); |
172 | op.set_field("oauth_version","1.0"); | 179 | op.set_field("oauth_version","1.0"); |
173 | /* TODO: normalize and strip down url */ | 180 | /* TODO: normalize and strip down url */ |
174 | { | 181 | { |
175 | fields_t af; /* TODO: optimize, I don't want it to be copied */ | 182 | fields_t af; /* TODO: optimize, I don't want it to be copied */ |
176 | qf.copy_to(af); pf.append_to(af); op.append_to(af); | 183 | qf.copy_to(af); pf.append_to(af); op.append_to(af); |
177 | op.set_field("oauth_signature", signature( | 184 | op.set_field("oauth_signature", signature( |
178 | req.method,req.url,af,t) ); | 185 | req.method,req.url,af,t) ); |
179 | } | 186 | } |