diff options
Diffstat (limited to 'src/include/anastasis_authorization_plugin.h')
-rw-r--r-- | src/include/anastasis_authorization_plugin.h | 82 |
1 files changed, 67 insertions, 15 deletions
diff --git a/src/include/anastasis_authorization_plugin.h b/src/include/anastasis_authorization_plugin.h index 91a88f8..a9d993d 100644 --- a/src/include/anastasis_authorization_plugin.h +++ b/src/include/anastasis_authorization_plugin.h @@ -3,7 +3,7 @@ Copyright (C) 2019 Anastasis SARL Anastasis is free software; you can redistribute it and/or modify it under the - terms of the GNU Lesser General Public License as published by the Free Software + terms of the GNU Affero General Public License as published by the Free Software Foundation; either version 3, or (at your option) any later version. Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY @@ -33,21 +33,21 @@ struct ANASTASIS_AUTHORIZATION_State; /** * Enumeration values indicating the various possible - * outcomes of the plugin's `process` function. + * outcomes of the plugin's `challenge` function. */ -enum ANASTASIS_AUTHORIZATION_Result +enum ANASTASIS_AUTHORIZATION_ChallengeResult { /** * We successfully sent the authorization challenge * and queued a reply to MHD. */ - ANASTASIS_AUTHORIZATION_RES_SUCCESS = 0, + ANASTASIS_AUTHORIZATION_CRES_SUCCESS = 0, /** * We failed to transmit the authorization challenge, * but successfully queued a failure response to MHD. */ - ANASTASIS_AUTHORIZATION_RES_FAILED = 1, + ANASTASIS_AUTHORIZATION_CRES_FAILED = 1, /** * The plugin suspended the MHD connection as it needs some more @@ -55,7 +55,7 @@ enum ANASTASIS_AUTHORIZATION_Result * plugin will resume the MHD connection when its work is done, and * then the `process` function should be called again. */ - ANASTASIS_AUTHORIZATION_RES_SUSPENDED = 2, + ANASTASIS_AUTHORIZATION_CRES_SUSPENDED = 2, /** * The plugin tried to queue a reply on the MHD connection and @@ -65,7 +65,7 @@ enum ANASTASIS_AUTHORIZATION_Result * However, we were successful at transmitting the challenge, * so the challenge should be marked as sent. */ - ANASTASIS_AUTHORIZATION_RES_SUCCESS_REPLY_FAILED = 4, + ANASTASIS_AUTHORIZATION_CRES_SUCCESS_REPLY_FAILED = 4, /** * The plugin tried to queue a reply on the MHD connection and @@ -74,14 +74,45 @@ enum ANASTASIS_AUTHORIZATION_Result * * Additionally, we failed to transmit the challenge. */ - ANASTASIS_AUTHORIZATION_RES_FAILED_REPLY_FAILED = 5, + ANASTASIS_AUTHORIZATION_CRES_FAILED_REPLY_FAILED = 5 +}; + + +/** + * Enumeration values indicating the various possible + * outcomes of the plugin's `solve` function. + */ +enum ANASTASIS_AUTHORIZATION_SolveResult +{ + /** + * We failed to transmit the authorization challenge, + * but successfully queued a failure response to MHD. + */ + ANASTASIS_AUTHORIZATION_SRES_FAILED = 0, + + /** + * The plugin suspended the MHD connection as it needs some more + * time to do its (asynchronous) work before we can proceed. The + * plugin will resume the MHD connection when its work is done, and + * then the `process` function should be called again. + */ + ANASTASIS_AUTHORIZATION_SRES_SUSPENDED = 1, + + /** + * The plugin tried to queue a reply on the MHD connection and + * failed to do so. We should return #MHD_NO to MHD to cause the + * HTTP connection to be closed without any reply. + * + * Additionally, we failed to transmit the challenge. + */ + ANASTASIS_AUTHORIZATION_SRES_FAILED_REPLY_FAILED = 2, /** * The authentication process completed successfully * and we should signal success to the client by * returning the truth. */ - ANASTASIS_AUTHORIZATION_RES_FINISHED = 6 + ANASTASIS_AUTHORIZATION_SRES_FINISHED = 3 }; @@ -127,6 +158,14 @@ struct ANASTASIS_AuthorizationPlugin bool payment_plugin_managed; /** + * The plugin expects the "code" in the "start" function to be + * provided by the user and not generated by the Anastasis + * backend. The plugin will then validate the code using its own + * means. Used by TOTP. + */ + bool user_provided_code; + + /** * How often are retries allowed for challenges created * by this plugin? */ @@ -202,18 +241,31 @@ struct ANASTASIS_AuthorizationPlugin /** * Continue issuing authentication challenge to user based on @a data. * I.e. check if the transmission of the challenge via SMS or e-mail - * has completed and/or manipulate @a connection to redirect the client - * to a video identification site. + * has completed and/or manipulate @a connection to direct the client towards solving the challenge. + * + * @param as authorization state + * @param connection HTTP client request (for queuing response, such as redirection to video portal) + * @return state of the request + */ + enum ANASTASIS_AUTHORIZATION_ChallengeResult + (*challenge)(struct ANASTASIS_AUTHORIZATION_State *as, + struct MHD_Connection *connection); + + + /** + * Check if the client has solved the challenge. * * @param as authorization state * @param timeout how long do we have to produce a reply + * @param challenge_response hash of the challenge response, or NULL * @param connection HTTP client request (for queuing response, such as redirection to video portal) * @return state of the request */ - enum ANASTASIS_AUTHORIZATION_Result - (*process)(struct ANASTASIS_AUTHORIZATION_State *as, - struct GNUNET_TIME_Absolute timeout, - struct MHD_Connection *connection); + enum ANASTASIS_AUTHORIZATION_SolveResult + (*solve)(struct ANASTASIS_AUTHORIZATION_State *as, + struct GNUNET_TIME_Absolute timeout, + const struct GNUNET_HashCode *challenge_response, + struct MHD_Connection *connection); /** |