From e6908a2ee7b645517c062f2fd0419fcb3f4f976e Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 21 Nov 2019 15:31:32 +0100 Subject: afb-hreq: Handle access_token query parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As specified by OAuth2 protocols, the access token can be passed as a POST/GET parameter of name 'access_token'. Bug-AGL: SPEC-2968 Signed-off-by: José Bollo Change-Id: I0e02e6fd0d53dad6de994d4482350fe42ecfce48 --- src/afb-hreq.c | 19 ++++++++++++------- test/AFB.js | 5 ++++- test/monitoring/AFB.js | 13 ++++++++----- 3 files changed, 24 insertions(+), 13 deletions(-) diff --git a/src/afb-hreq.c b/src/afb-hreq.c index 462f7ad5..6440a8cd 100644 --- a/src/afb-hreq.c +++ b/src/afb-hreq.c @@ -61,6 +61,9 @@ static const char short_key_for_token[] = "token"; static const char long_key_for_reqid[] = "x-afb-reqid"; static const char short_key_for_reqid[] = "reqid"; +static const char key_for_bearer[] = "Bearer"; +static const char key_for_access_token[] = "access_token"; + static char *cookie_name = NULL; static char *cookie_setter = NULL; static char *tmp_pattern = NULL; @@ -738,11 +741,10 @@ const char *afb_hreq_get_header(struct afb_hreq *hreq, const char *name) const char *afb_hreq_get_authorization_bearer(struct afb_hreq *hreq) { - static const char bearer[] = "Bearer"; const char *value = afb_hreq_get_header(hreq, MHD_HTTP_HEADER_AUTHORIZATION); if (value) { - if (strncasecmp(value, bearer, sizeof bearer - 1) == 0) { - value += sizeof bearer - 1; + if (strncasecmp(value, key_for_bearer, sizeof key_for_bearer - 1) == 0) { + value += sizeof key_for_bearer - 1; if (isblank(*value++)) { while (isblank(*value)) value++; @@ -981,11 +983,14 @@ int afb_hreq_init_context(struct afb_hreq *hreq) /* get the authorisation token */ token = afb_hreq_get_authorization_bearer(hreq); if (token == NULL) { - token = afb_hreq_get_header(hreq, long_key_for_token); + token = afb_hreq_get_argument(hreq, key_for_access_token); if (token == NULL) { - token = afb_hreq_get_argument(hreq, long_key_for_token); - if (token == NULL) - token = afb_hreq_get_argument(hreq, short_key_for_token); + token = afb_hreq_get_header(hreq, long_key_for_token); + if (token == NULL) { + token = afb_hreq_get_argument(hreq, long_key_for_token); + if (token == NULL) + token = afb_hreq_get_argument(hreq, short_key_for_token); + } } } diff --git a/test/AFB.js b/test/AFB.js index 4c500b99..953fe96a 100644 --- a/test/AFB.js +++ b/test/AFB.js @@ -21,7 +21,10 @@ if (typeof base != "object") var initial = { base: base.base || "api", - token: initialtoken || base.token || URLSearchParams(window.location.search).get('token') || "HELLO", + token: initialtoken || base.token + || URLSearchParams(window.location.search).get('access_token') + || URLSearchParams(window.location.search).get('token') + || "HELLO", host: base.host || window.location.host, url: base.url || undefined }; diff --git a/test/monitoring/AFB.js b/test/monitoring/AFB.js index c80f6517..953fe96a 100644 --- a/test/monitoring/AFB.js +++ b/test/monitoring/AFB.js @@ -21,7 +21,10 @@ if (typeof base != "object") var initial = { base: base.base || "api", - token: base.token || initialtoken || "HELLO", + token: initialtoken || base.token + || URLSearchParams(window.location.search).get('access_token') + || URLSearchParams(window.location.search).get('token') + || "HELLO", host: base.host || window.location.host, url: base.url || undefined }; @@ -92,7 +95,7 @@ var AFB_websocket; if (f) { delete this.onopen; delete this.onabort; - f && f(this); + f(this); } this.onerror && this.onerror(this); } @@ -151,14 +154,14 @@ var AFB_websocket; switch (code) { case RETOK: reply(this.pendings, id, ans, 0); - break; + break; case RETERR: reply(this.pendings, id, ans, 1); - break; + break; case EVENT: default: fire(this.awaitens, id, ans); - break; + break; } } -- cgit 1.2.3-korg