commit 56385d9aa0eb242be47c1239883804167fccedf9
parent 93ac72e94426e17a0c0786caec7460b8f44505ae
Author: Sebastian <sebasjm@gmail.com>
Date: Tue, 25 Jun 2024 17:49:50 -0300
reply with json in /solve and oauth error
Diffstat:
4 files changed, 105 insertions(+), 65 deletions(-)
diff --git a/src/challenger/challenger-httpd_authorize.c b/src/challenger/challenger-httpd_authorize.c
@@ -234,13 +234,12 @@ CH_handler_authorize (struct CH_HandlerContext *hc,
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Refusing authorization: zero attempts left\n");
json_decref (last_address);
- return TALER_MHD_redirect_with_oauth_status (
- hc->connection,
- redirect_uri,
- state,
- "unauthorized_client",
- "client exceeded authorization attempts limit (too many addresses)",
- NULL);
+ return reply_error (hc,
+ "unauthorized_client",
+ MHD_HTTP_FORBIDDEN,
+ 1, // TALER_EC_CHALLENGER_EXHAUSTED
+ "client exceeded authorization attempts limit (too many addresses)");
+
}
{
enum GNUNET_GenericReturnValue ret;
diff --git a/src/challenger/challenger-httpd_challenge.c b/src/challenger/challenger-httpd_challenge.c
@@ -681,25 +681,22 @@ CH_handler_challenge (struct CH_HandlerContext *hc,
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Address changes exhausted address change limit for this process\n");
- return TALER_MHD_redirect_with_oauth_status (
- hc->connection,
- bc->client_redirect_uri,
- bc->state,
- "unauthorized_client",
- "client exceeded authorization attempts limit (too many addresses attempted)",
- NULL);
+ return reply_error (bc,
+ "unauthorized_client",
+ MHD_HTTP_FORBIDDEN,
+ 1, // TALER_EC_CHALLENGER_TOO_MANY_ADDRESSES_ATTEMPTED
+ "client exceeded authorization attempts limit (too many addresses attempted)");
+
}
if (0 == bc->pin_attempts_left)
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Address changes exhausted PIN limit for this address\n");
- return TALER_MHD_redirect_with_oauth_status (
- hc->connection,
- bc->client_redirect_uri,
- bc->state,
- "unauthorized_client",
- "client exceeded authorization attempts limit (too many PINs)",
- NULL);
+ return reply_error (bc,
+ "unauthorized_client",
+ MHD_HTTP_FORBIDDEN,
+ 1, // TALER_EC_CHALLENGER_TOO_MANY_PIN_ATTEMPTED
+ "client exceeded authorization attempts limit (too many PINs)");
}
if (bc->retransmit)
@@ -730,6 +727,8 @@ CH_handler_challenge (struct CH_HandlerContext *hc,
bc->pin_attempts_left),
GNUNET_JSON_pack_string ("nonce",
hc->path),
+ GNUNET_JSON_pack_string ("type",
+ "created"),
GNUNET_JSON_pack_object_incref ("address",
bc->address),
GNUNET_JSON_pack_bool ("transmitted",
diff --git a/src/challenger/challenger-httpd_common.c b/src/challenger/challenger-httpd_common.c
@@ -188,21 +188,23 @@ TALER_MHD_redirect_with_oauth_status (
const char *oauth_error_uri)
{
struct MHD_Response *response;
+ unsigned int http_status;
- response = MHD_create_response_from_buffer (strlen (oauth_error),
- (void *) oauth_error,
- MHD_RESPMEM_PERSISTENT);
- if (NULL == response)
- {
- GNUNET_break (0);
- return MHD_NO;
- }
- TALER_MHD_add_global_headers (response);
- GNUNET_break (MHD_YES ==
- MHD_add_response_header (response,
- MHD_HTTP_HEADER_CONTENT_TYPE,
- "text/plain"));
+ if (0 == CH_get_output_type (connection))
{
+ response = MHD_create_response_from_buffer (strlen (oauth_error),
+ (void *) oauth_error,
+ MHD_RESPMEM_PERSISTENT);
+ if (NULL == response)
+ {
+ GNUNET_break (0);
+ return MHD_NO;
+ }
+ TALER_MHD_add_global_headers (response);
+ GNUNET_break (MHD_YES ==
+ MHD_add_response_header (response,
+ MHD_HTTP_HEADER_CONTENT_TYPE,
+ "text/plain"));
char *url;
char *enc_err;
char *enc_state;
@@ -237,14 +239,34 @@ TALER_MHD_redirect_with_oauth_status (
GNUNET_free (url);
return MHD_NO;
}
+ http_status = MHD_HTTP_FOUND;
GNUNET_free (url);
}
+ else
+ {
+ json_t *args;
+ args = GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_string ("state",
+ state),
+ GNUNET_JSON_pack_string ("error",
+ oauth_error),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_string ("description",
+ oauth_error_description)),
+ GNUNET_JSON_pack_allow_null (
+ GNUNET_JSON_pack_string ("uri",
+ oauth_error_uri)));
+
+ response = TALER_MHD_make_json (args);
+ TALER_MHD_add_global_headers (response);
+ http_status = MHD_HTTP_TOO_MANY_REQUESTS;
+ }
{
MHD_RESULT ret;
ret = MHD_queue_response (connection,
- MHD_HTTP_FOUND,
+ http_status,
response);
MHD_destroy_response (response);
return ret;
diff --git a/src/challenger/challenger-httpd_solve.c b/src/challenger/challenger-httpd_solve.c
@@ -317,13 +317,11 @@ CH_handler_solve (struct CH_HandlerContext *hc,
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Client exhausted all chances to satisfy challenge\n");
- return TALER_MHD_redirect_with_oauth_status (
- hc->connection,
- bc->client_redirect_uri,
- bc->state,
- "access_denied",
- "users exhausted all possibilities of passing the check",
- NULL);
+ return reply_error (bc,
+ "access_denied",
+ MHD_HTTP_FORBIDDEN,
+ 1, // TALER_EC_CHALLENGER_EXHAUSTED
+ "users exhausted all possibilities of passing the check");
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@@ -332,6 +330,8 @@ CH_handler_solve (struct CH_HandlerContext *hc,
TALER_JSON_pack_ec (TALER_EC_CHALLENGER_INVALID_PIN),
GNUNET_JSON_pack_uint64 ("addresses_left",
bc->addr_left),
+ GNUNET_JSON_pack_string ("type",
+ "pending"),
GNUNET_JSON_pack_uint64 ("pin_transmissions_left",
bc->pin_transmissions_left),
GNUNET_JSON_pack_uint64 ("auth_attempts_left",
@@ -360,6 +360,7 @@ CH_handler_solve (struct CH_HandlerContext *hc,
{
struct MHD_Response *response;
char *url;
+ unsigned int http_status;
{
char *client_secret;
@@ -422,41 +423,60 @@ CH_handler_solve (struct CH_HandlerContext *hc,
GNUNET_free (client_state);
}
+ if (0 == CH_get_output_type (hc->connection))
{
- const char *ok = "Ok!";
+ {
+ const char *ok = "Ok!";
- response = MHD_create_response_from_buffer (strlen (ok),
- (void *) ok,
- MHD_RESPMEM_PERSISTENT);
- }
- if (NULL == response)
- {
- GNUNET_break (0);
+ response = MHD_create_response_from_buffer (strlen (ok),
+ (void *) ok,
+ MHD_RESPMEM_PERSISTENT);
+ }
+ if (NULL == response)
+ {
+ GNUNET_break (0);
+ GNUNET_free (url);
+ return MHD_NO;
+ }
+ TALER_MHD_add_global_headers (response);
+ GNUNET_break (MHD_YES ==
+ MHD_add_response_header (response,
+ MHD_HTTP_HEADER_CONTENT_TYPE,
+ "text/plain"));
+ if (MHD_NO ==
+ MHD_add_response_header (response,
+ MHD_HTTP_HEADER_LOCATION,
+ url))
+ {
+ GNUNET_break (0);
+ MHD_destroy_response (response);
+ GNUNET_free (url);
+ return MHD_NO;
+ }
+ http_status = MHD_HTTP_FOUND;
GNUNET_free (url);
- return MHD_NO;
}
- TALER_MHD_add_global_headers (response);
- GNUNET_break (MHD_YES ==
- MHD_add_response_header (response,
- MHD_HTTP_HEADER_CONTENT_TYPE,
- "text/plain"));
- if (MHD_NO ==
- MHD_add_response_header (response,
- MHD_HTTP_HEADER_LOCATION,
- url))
+ else
{
- GNUNET_break (0);
- MHD_destroy_response (response);
+ json_t *args;
+ args = GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_string ("type",
+ "completed"),
+ GNUNET_JSON_pack_string ("redirect_url",
+ url)
+ );
GNUNET_free (url);
- return MHD_NO;
+
+ response = TALER_MHD_make_json (args);
+
+ http_status = MHD_HTTP_OK;
}
- GNUNET_free (url);
{
MHD_RESULT ret;
ret = MHD_queue_response (hc->connection,
- MHD_HTTP_FOUND,
+ http_status,
response);
MHD_destroy_response (response);
return ret;
