diff options
-rw-r--r-- | src/afb-context.c | 66 | ||||
-rw-r--r-- | src/afb-permission-text.c | 1 | ||||
-rw-r--r-- | src/afb-permission-text.h | 1 | ||||
-rw-r--r-- | src/afb-token.c | 12 | ||||
-rw-r--r-- | src/afb-token.h | 1 |
5 files changed, 39 insertions, 42 deletions
diff --git a/src/afb-context.c b/src/afb-context.c index 5235707f..3d6dee06 100644 --- a/src/afb-context.c +++ b/src/afb-context.c @@ -41,25 +41,6 @@ static void init_context(struct afb_context *context, struct afb_session *sessio context->api_key = NULL; context->token = afb_token_addref(token); context->credentials = afb_cred_addref(cred); - - /* check the token */ - if (token != NULL) { - if (afb_token_check(token)) - context->validated = 1; - else - context->invalidated = 1; - } -} - -void afb_context_init(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred) -{ - init_context(context, afb_session_addref(session), token, cred); -} - -void afb_context_init_validated(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred) -{ - afb_context_init(context, session, token, cred); - context->validated = 1; } void afb_context_subinit(struct afb_context *context, struct afb_context *super) @@ -72,6 +53,11 @@ void afb_context_subinit(struct afb_context *context, struct afb_context *super) context->credentials = afb_cred_addref(super->credentials); } +void afb_context_init(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred) +{ + init_context(context, afb_session_addref(session), token, cred); +} + int afb_context_connect(struct afb_context *context, const char *uuid, struct afb_token *token, struct afb_cred *cred) { int created; @@ -95,6 +81,12 @@ int afb_context_connect_validated(struct afb_context *context, const char *uuid, return rc; } +void afb_context_init_validated(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred) +{ + afb_context_init(context, session, token, cred); + context->validated = 1; +} + void afb_context_disconnect(struct afb_context *context) { if (context->session && !context->super && context->closing && !context->closed) { @@ -123,8 +115,6 @@ void afb_context_change_token(struct afb_context *context, struct afb_token *tok { struct afb_token *otoken = context->token; if (otoken != token) { - context->validated = 0; - context->invalidated = 0; context->token = afb_token_addref(token); afb_token_unref(otoken); } @@ -203,14 +193,23 @@ void afb_context_close(struct afb_context *context) int afb_context_check(struct afb_context *context) { - if (context->super) - return afb_context_check(context); - return context->validated; -} + int r; -int afb_context_check_loa(struct afb_context *context, unsigned loa) -{ - return afb_context_get_loa(context) >= loa; + if (context->validated) + r = 1; + else if (context->invalidated) + r = 0; + else { + if (context->super) + r = afb_context_check(context->super); + else + r = afb_context_has_permission(context, afb_permission_token_valid); + if (r) + context->validated = 1; + else + context->invalidated = 1; + } + return r; } static inline const void *loa_key(struct afb_context *context) @@ -230,10 +229,14 @@ static inline unsigned ptr2loa(void *ptr) int afb_context_change_loa(struct afb_context *context, unsigned loa) { - if (!context->validated || loa > 7) { + if (loa > 7) { errno = EINVAL; return -1; } + if (!afb_context_check(context)) { + errno = EPERM; + return -1; + } return afb_session_set_cookie(context->session, loa_key(context), loa2ptr(loa), NULL); } @@ -243,3 +246,8 @@ unsigned afb_context_get_loa(struct afb_context *context) assert(context->session != NULL); return ptr2loa(afb_session_get_cookie(context->session, loa_key(context))); } + +int afb_context_check_loa(struct afb_context *context, unsigned loa) +{ + return afb_context_get_loa(context) >= loa; +} diff --git a/src/afb-permission-text.c b/src/afb-permission-text.c index 21069df8..43ce530a 100644 --- a/src/afb-permission-text.c +++ b/src/afb-permission-text.c @@ -18,3 +18,4 @@ #include "afb-permission-text.h" const char afb_permission_on_behalf_credential[] = "urn:AGL:permission:*:partner:on-behalf-credentials"; +const char afb_permission_token_valid[] = "urn:AGL:token:valid"; diff --git a/src/afb-permission-text.h b/src/afb-permission-text.h index 1340f717..3037e402 100644 --- a/src/afb-permission-text.h +++ b/src/afb-permission-text.h @@ -18,3 +18,4 @@ #pragma once extern const char afb_permission_on_behalf_credential[]; +extern const char afb_permission_token_valid[]; diff --git a/src/afb-token.c b/src/afb-token.c index b81a87df..f6f5eb73 100644 --- a/src/afb-token.c +++ b/src/afb-token.c @@ -148,18 +148,6 @@ void afb_token_unref(struct afb_token *token) } /** - * Check whether the token is valid or not - * - * @param token the token to check - * @return a boolean value: 0 if not valid, 1 if valid - */ -int afb_token_check(struct afb_token *token) -{ - /* TODO */ - return 1; -} - -/** * Get the string value of the token * * @param token the token whose string value is queried diff --git a/src/afb-token.h b/src/afb-token.h index 69b0fa05..5dd1d33c 100644 --- a/src/afb-token.h +++ b/src/afb-token.h @@ -23,6 +23,5 @@ extern int afb_token_get(struct afb_token **token, const char *tokenstring); extern struct afb_token *afb_token_addref(struct afb_token *token); extern void afb_token_unref(struct afb_token *token); -extern int afb_token_check(struct afb_token *token); extern const char *afb_token_string(const struct afb_token *token); extern uint16_t afb_token_id(const struct afb_token *token); |