summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2019-11-29 12:44:46 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2019-12-03 18:51:51 +0100
commitd8aff62647736c3f17ff15989ec9f90b48efe1c4 (patch)
tree879ed25e0c65a5cf1260314f17501a251dd36a5d
parentb70caad7da2eaea85db06dec8377b1cbebcec997 (diff)
afb-context & afb-token: rework token validation
Validation of token is now linked to backend permission database. Bug-AGL: SPEC-2968 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Change-Id: I30b049f92b8324740abecbb9539f7413ad55f7ec
-rw-r--r--src/afb-context.c66
-rw-r--r--src/afb-permission-text.c1
-rw-r--r--src/afb-permission-text.h1
-rw-r--r--src/afb-token.c12
-rw-r--r--src/afb-token.h1
5 files changed, 39 insertions, 42 deletions
diff --git a/src/afb-context.c b/src/afb-context.c
index 5235707f..3d6dee06 100644
--- a/src/afb-context.c
+++ b/src/afb-context.c
@@ -41,25 +41,6 @@ static void init_context(struct afb_context *context, struct afb_session *sessio
context->api_key = NULL;
context->token = afb_token_addref(token);
context->credentials = afb_cred_addref(cred);
-
- /* check the token */
- if (token != NULL) {
- if (afb_token_check(token))
- context->validated = 1;
- else
- context->invalidated = 1;
- }
-}
-
-void afb_context_init(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
-{
- init_context(context, afb_session_addref(session), token, cred);
-}
-
-void afb_context_init_validated(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
-{
- afb_context_init(context, session, token, cred);
- context->validated = 1;
}
void afb_context_subinit(struct afb_context *context, struct afb_context *super)
@@ -72,6 +53,11 @@ void afb_context_subinit(struct afb_context *context, struct afb_context *super)
context->credentials = afb_cred_addref(super->credentials);
}
+void afb_context_init(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
+{
+ init_context(context, afb_session_addref(session), token, cred);
+}
+
int afb_context_connect(struct afb_context *context, const char *uuid, struct afb_token *token, struct afb_cred *cred)
{
int created;
@@ -95,6 +81,12 @@ int afb_context_connect_validated(struct afb_context *context, const char *uuid,
return rc;
}
+void afb_context_init_validated(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
+{
+ afb_context_init(context, session, token, cred);
+ context->validated = 1;
+}
+
void afb_context_disconnect(struct afb_context *context)
{
if (context->session && !context->super && context->closing && !context->closed) {
@@ -123,8 +115,6 @@ void afb_context_change_token(struct afb_context *context, struct afb_token *tok
{
struct afb_token *otoken = context->token;
if (otoken != token) {
- context->validated = 0;
- context->invalidated = 0;
context->token = afb_token_addref(token);
afb_token_unref(otoken);
}
@@ -203,14 +193,23 @@ void afb_context_close(struct afb_context *context)
int afb_context_check(struct afb_context *context)
{
- if (context->super)
- return afb_context_check(context);
- return context->validated;
-}
+ int r;
-int afb_context_check_loa(struct afb_context *context, unsigned loa)
-{
- return afb_context_get_loa(context) >= loa;
+ if (context->validated)
+ r = 1;
+ else if (context->invalidated)
+ r = 0;
+ else {
+ if (context->super)
+ r = afb_context_check(context->super);
+ else
+ r = afb_context_has_permission(context, afb_permission_token_valid);
+ if (r)
+ context->validated = 1;
+ else
+ context->invalidated = 1;
+ }
+ return r;
}
static inline const void *loa_key(struct afb_context *context)
@@ -230,10 +229,14 @@ static inline unsigned ptr2loa(void *ptr)
int afb_context_change_loa(struct afb_context *context, unsigned loa)
{
- if (!context->validated || loa > 7) {
+ if (loa > 7) {
errno = EINVAL;
return -1;
}
+ if (!afb_context_check(context)) {
+ errno = EPERM;
+ return -1;
+ }
return afb_session_set_cookie(context->session, loa_key(context), loa2ptr(loa), NULL);
}
@@ -243,3 +246,8 @@ unsigned afb_context_get_loa(struct afb_context *context)
assert(context->session != NULL);
return ptr2loa(afb_session_get_cookie(context->session, loa_key(context)));
}
+
+int afb_context_check_loa(struct afb_context *context, unsigned loa)
+{
+ return afb_context_get_loa(context) >= loa;
+}
diff --git a/src/afb-permission-text.c b/src/afb-permission-text.c
index 21069df8..43ce530a 100644
--- a/src/afb-permission-text.c
+++ b/src/afb-permission-text.c
@@ -18,3 +18,4 @@
#include "afb-permission-text.h"
const char afb_permission_on_behalf_credential[] = "urn:AGL:permission:*:partner:on-behalf-credentials";
+const char afb_permission_token_valid[] = "urn:AGL:token:valid";
diff --git a/src/afb-permission-text.h b/src/afb-permission-text.h
index 1340f717..3037e402 100644
--- a/src/afb-permission-text.h
+++ b/src/afb-permission-text.h
@@ -18,3 +18,4 @@
#pragma once
extern const char afb_permission_on_behalf_credential[];
+extern const char afb_permission_token_valid[];
diff --git a/src/afb-token.c b/src/afb-token.c
index b81a87df..f6f5eb73 100644
--- a/src/afb-token.c
+++ b/src/afb-token.c
@@ -148,18 +148,6 @@ void afb_token_unref(struct afb_token *token)
}
/**
- * Check whether the token is valid or not
- *
- * @param token the token to check
- * @return a boolean value: 0 if not valid, 1 if valid
- */
-int afb_token_check(struct afb_token *token)
-{
- /* TODO */
- return 1;
-}
-
-/**
* Get the string value of the token
*
* @param token the token whose string value is queried
diff --git a/src/afb-token.h b/src/afb-token.h
index 69b0fa05..5dd1d33c 100644
--- a/src/afb-token.h
+++ b/src/afb-token.h
@@ -23,6 +23,5 @@ extern int afb_token_get(struct afb_token **token, const char *tokenstring);
extern struct afb_token *afb_token_addref(struct afb_token *token);
extern void afb_token_unref(struct afb_token *token);
-extern int afb_token_check(struct afb_token *token);
extern const char *afb_token_string(const struct afb_token *token);
extern uint16_t afb_token_id(const struct afb_token *token);