afb-hreq: Handle access_token query parameter

As specified by OAuth2 protocols, the access token can be
passed as a POST/GET parameter of name 'access_token'.

Bug-AGL: SPEC-2968

Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Change-Id: I0e02e6fd0d53dad6de994d4482350fe42ecfce48

3 files changed, 24 insertions, 13 deletions

diff --git a/src/afb-hreq.c b/src/afb-hreq.c
index 462f7ad5..6440a8cd 100644
--- a/src/afb-hreq.c
+++ b/src/afb-hreq.c
@@ -61,6 +61,9 @@ static const char short_key_for_token[] = "token";
 static const char long_key_for_reqid[] = "x-afb-reqid";
 static const char short_key_for_reqid[] = "reqid";
 
+static const char key_for_bearer[] = "Bearer";
+static const char key_for_access_token[] = "access_token";
+
 static char *cookie_name = NULL;
 static char *cookie_setter = NULL;
 static char *tmp_pattern = NULL;
@@ -738,11 +741,10 @@ const char *afb_hreq_get_header(struct afb_hreq *hreq, const char *name)
 
 const char *afb_hreq_get_authorization_bearer(struct afb_hreq *hreq)
 {
-	static const char bearer[] = "Bearer";
 	const char *value = afb_hreq_get_header(hreq, MHD_HTTP_HEADER_AUTHORIZATION);
 	if (value) {
-		if (strncasecmp(value, bearer, sizeof bearer - 1) == 0) {
-			value += sizeof bearer - 1;
+		if (strncasecmp(value, key_for_bearer, sizeof key_for_bearer - 1) == 0) {
+			value += sizeof key_for_bearer - 1;
 			if (isblank(*value++)) {
 				while (isblank(*value))
 					value++;
@@ -981,11 +983,14 @@ int afb_hreq_init_context(struct afb_hreq *hreq)
 	/* get the authorisation token */
 	token = afb_hreq_get_authorization_bearer(hreq);
 	if (token == NULL) {
-		token = afb_hreq_get_header(hreq, long_key_for_token);
+		token = afb_hreq_get_argument(hreq, key_for_access_token);
 		if (token == NULL) {
-			token = afb_hreq_get_argument(hreq, long_key_for_token);
-			if (token == NULL)
-				token = afb_hreq_get_argument(hreq, short_key_for_token);
+			token = afb_hreq_get_header(hreq, long_key_for_token);
+			if (token == NULL) {
+				token = afb_hreq_get_argument(hreq, long_key_for_token);
+				if (token == NULL)
+					token = afb_hreq_get_argument(hreq, short_key_for_token);
+			}
 		}
 	}
 
diff --git a/test/AFB.js b/test/AFB.js
index 4c500b99..953fe96a 100644
--- a/test/AFB.js
+++ b/test/AFB.js
@@ -21,7 +21,10 @@ if (typeof base != "object")
 
 var initial = {
 	base: base.base || "api",
-	token: initialtoken || base.token || URLSearchParams(window.location.search).get('token') || "HELLO",
+	token: initialtoken || base.token 
+		|| URLSearchParams(window.location.search).get('access_token')
+		|| URLSearchParams(window.location.search).get('token')
+		|| "HELLO",
 	host: base.host || window.location.host,
 	url: base.url || undefined
 };
diff --git a/test/monitoring/AFB.js b/test/monitoring/AFB.js
index c80f6517..953fe96a 100644
--- a/test/monitoring/AFB.js
+++ b/test/monitoring/AFB.js
@@ -21,7 +21,10 @@ if (typeof base != "object")
 
 var initial = {
 	base: base.base || "api",
-	token: base.token || initialtoken || "HELLO",
+	token: initialtoken || base.token 
+		|| URLSearchParams(window.location.search).get('access_token')
+		|| URLSearchParams(window.location.search).get('token')
+		|| "HELLO",
 	host: base.host || window.location.host,
 	url: base.url || undefined
 };
@@ -92,7 +95,7 @@ var AFB_websocket;
 		if (f) {
 			delete this.onopen;
 			delete this.onabort;
-			f && f(this);
+			f(this);
 		}
 		this.onerror && this.onerror(this);
 	}
@@ -151,14 +154,14 @@ var AFB_websocket;
 		switch (code) {
 		case RETOK:
 			reply(this.pendings, id, ans, 0);
-			break; 
+			break;
 		case RETERR:
 			reply(this.pendings, id, ans, 1);
-			break; 
+			break;
 		case EVENT:
 		default:
 			fire(this.awaitens, id, ans);
-			break; 
+			break;
 		}
 	}