author | Michael Krelin <hacker@klever.net> | 2008-05-18 17:19:49 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2008-05-18 17:19:49 (UTC) |
commit | 575d19f96c275d8b77642f20a8975e1cf0100eb5 (patch) (side-by-side diff) | |
tree | d67837d29c7cd09f2774c294e462ef9535ed544d | |
parent | 2123686e53a99cd32af754d861d71ff61c026732 (diff) | |
download | libopkele-575d19f96c275d8b77642f20a8975e1cf0100eb5.zip libopkele-575d19f96c275d8b77642f20a8975e1cf0100eb5.tar.gz libopkele-575d19f96c275d8b77642f20a8975e1cf0100eb5.tar.bz2 |
more checks on response validity during token acquisition
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | include/opkele/oauth.h | 2 | ||||
-rw-r--r-- | lib/oauth-consumer.cc | 7 |
2 files changed, 9 insertions, 0 deletions
diff --git a/include/opkele/oauth.h b/include/opkele/oauth.h index 14d0586..bc6c2fa 100644 --- a/include/opkele/oauth.h +++ b/include/opkele/oauth.h @@ -1,22 +1,24 @@ #ifndef __OPKELE_OAUTH_H #define __OPKELE_OAUTH_H #include <string> namespace opkele { namespace oauth { using std::string; struct token_t { string key; string secret; token_t() { } token_t(const string& k,const string& s) : key(k), secret(s) { } + + bool empty() const { return key.empty() && secret.empty(); } }; } } #endif /* __OPKELE_OAUTH_H */ diff --git a/lib/oauth-consumer.cc b/lib/oauth-consumer.cc index bb4e89b..0d31ec7 100644 --- a/lib/oauth-consumer.cc +++ b/lib/oauth-consumer.cc @@ -85,119 +85,126 @@ namespace opkele { url = sepurl.substr(0,p); }else{ fields_t tmp; tmp.from_query(sepurl.substr( q+1, (p==string::npos)?string::npos:(p-q-q))); tmp.append_to(f); url = sepurl.substr(0,(p==string::npos)?q:min(p,q)); } } token_t basic_consumer::acquire_token( const service_endpoint_t& sep, const token_t* rt) { util::curl_pick_t curl = util::curl_t::easy_init(); CURLcode r; (r=curl.misc_sets()) || (r=curl.set_write()); if(r) throw exception_curl(OPKELE_CP_ "failed to set basic curly options",r); http_request_t hr( (sep.oauth_method==oauth_post_body)?"POST":"GET", ""); fields_t uq; noquerize_url(hr.url,sep.url,uq); prepare_request(hr,uq,fields_t(),sep,rt); switch(sep.oauth_method) { case oauth_auth_header: throw opkele::not_implemented(OPKELE_CP_ "auth header for token acquisition isn't (yet?) supported"); break; case oauth_post_body: (r=curl.easy_setopt(CURLOPT_POST,1)) || (r=curl.easy_setopt(CURLOPT_POSTFIELDS,hr.body.c_str())) || (r=curl.easy_setopt(CURLOPT_POSTFIELDSIZE,hr.body.size())); break; case oauth_url_query: break; default: throw opkele::exception(OPKELE_CP_ /* TODO: specialize */ "invalid oauth_method for request_token endpoint"); }; if(r) throw exception_curl(OPKELE_CP_ "failed to set curly options",r); if( (r=curl.easy_setopt(CURLOPT_URL,hr.url.c_str())) ) throw exception_curl(OPKELE_CP_ "failed to set curly urlie",r); if( (r=curl.easy_perform()) ) throw exception_curl(OPKELE_CP_ "failed to perform curly request",r); + long response_code; + if( (r=curl.easy_getinfo(CURLINFO_RESPONSE_CODE,&response_code)) ) + throw exception_curl(OPKELE_CP_ "failed to retrieve curl response code",r); + if(response_code!=200) /* TODO: specialize exception */ + throw exception(OPKELE_CP_ "invalid response from the OAuth provider"); token_t rv; string::size_type p=0; while(p!=string::npos) { string::size_type np = curl.response.find('&',p); string part; if(np==string::npos) { part.assign(curl.response.c_str()+p); p = string::npos; }else{ part.assign(curl.response,p,np-p); p = np+1; } string::size_type eq = part.find('='); if(eq==string::npos) continue; string n(part,0,eq); if(n=="oauth_token") { if(!rv.key.empty()) /* TODO: specialize */ throw opkele::exception(OPKELE_CP_ "found oauth_token twice"); rv.key = util::url_decode(part.substr(eq+1)); }else if(n=="oauth_token_secret") { if(!rv.secret.empty()) /* TODO: specialize */ throw opkele::exception(OPKELE_CP_ "found oauth_secret twice"); rv.secret = util::url_decode(part.substr(eq+1)); } } + if(rv.empty()) /* TODO: specialize */ + throw exception(OPKELE_CP_ "failed to retrieve token from OAuth provider response"); return rv; } http_request_t& basic_consumer::prepare_request( http_request_t& req, const basic_fields& qf,const basic_fields& pf, oauth_method_t om,const string& sm, const token_t *t,const string& realm) { fields_t op; op.set_field("oauth_consumer_key",consumer_token.key); if(t) op.set_field("oauth_token",t->key); op.set_field("oauth_signature_method",sm); time_t now; op.set_field("oauth_timestamp", util::long_to_string(time(&now))); op.set_field("oauth_nonce",allocate_nonce(now)); op.set_field("oauth_version","1.0"); /* TODO: normalize and strip down url */ { fields_t af; /* TODO: optimize, I don't want it to be copied */ qf.copy_to(af); pf.append_to(af); op.append_to(af); op.set_field("oauth_signature", signature( req.method,req.url,af,t) ); } req.authorize_header.clear(); if(om==oauth_auth_header) { req.authorize_header = "OAuth "; req.authorize_header += "realm=\""; req.authorize_header += util::url_encode(realm); req.authorize_header += '\"'; for(basic_fields::fields_iterator i=op.fields_begin(),ie=op.fields_end(); i!=ie;++i) { req.authorize_header += ", "; req.authorize_header += *i; req.authorize_header += "=\""; req.authorize_header += util::url_encode(op.get_field(*i)); req.authorize_header += "\""; } req.url = qf.append_query(req.url); req.body = pf.query_string(); }else if(om==oauth_post_body) { assert(req.method=="POST"); /* TODO: optimize, don't copy it over and over */ fields_t p; pf.append_to(p); op.append_to(p); req.url = qf.append_query(req.url); req.body = p.query_string(); |