challenger

OAuth 2.0-based authentication service that validates user can receive messages at a certain address
Log | Files | Refs | Submodules | README | LICENSE

commit b7c30ba978454a5aca87b004acb764db8d0d5707
parent 377fd24c32156f49700ddc90662197fcfba82b02
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Thu,  9 Jul 2026 22:26:23 +0200

DCE

Diffstat:
Msrc/challenger/challenger-httpd_authorize.c | 16+---------------
Msrc/challenger/challenger-httpd_challenge.c | 15+--------------
2 files changed, 2 insertions(+), 29 deletions(-)

diff --git a/src/challenger/challenger-httpd_authorize.c b/src/challenger/challenger-httpd_authorize.c @@ -35,18 +35,15 @@ #define MAX_RETRIES 3 /** - * Generate error reply in the format requested by - * the client. + * Generate error reply. * * @param hc our context - * @param template error template to use * @param http_status HTTP status to return * @param ec error code to return * @param hint human-readable hint to give */ static enum MHD_Result reply_error (struct CH_HandlerContext *hc, - const char *template, unsigned int http_status, enum TALER_ErrorCode ec, const char *hint) @@ -84,7 +81,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break_op (0); return reply_error ( hc, - "invalid-request", MHD_HTTP_NOT_FOUND, TALER_EC_GENERIC_PARAMETER_MISSING, hc->path); @@ -98,7 +94,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break_op (0); return reply_error ( hc, - "invalid-request", MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MISSING, "response_type"); @@ -109,7 +104,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break_op (0); return reply_error ( hc, - "invalid-request", MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, "response_type (must be 'code')"); @@ -128,7 +122,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break_op (0); return reply_error ( hc, - "invalid_request", MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MISSING, "client_id"); @@ -141,7 +134,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break_op (0); return reply_error ( hc, - "invalid-request", MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, "client_id"); @@ -167,7 +159,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, { GNUNET_break_op (0); return reply_error (hc, - "invalid-request", MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, "Unsupported code_challenge_method, supported only \"plain\", \"S256\"."); @@ -183,7 +174,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break_op (0); return reply_error ( hc, - "invalid-request", MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MISSING, "code_challenge"); @@ -203,7 +193,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break_op (0); return reply_error ( hc, - "invalid-request", MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, "redirect_uri (has to start with 'http://' or 'https://' or not use 'plain'/NULL as code_challenge)"); @@ -253,7 +242,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break (0); return reply_error ( hc, - "internal-error", MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_STORE_FAILED, "authorize_start"); @@ -263,7 +251,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, GNUNET_break (0); return reply_error ( hc, - "internal-error", MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_STORE_FAILED, "authorize_start"); @@ -275,7 +262,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, hc->path); return reply_error ( hc, - "validation-unknown", MHD_HTTP_NOT_FOUND, TALER_EC_CHALLENGER_GENERIC_VALIDATION_UNKNOWN, NULL); diff --git a/src/challenger/challenger-httpd_challenge.c b/src/challenger/challenger-httpd_challenge.c @@ -256,18 +256,15 @@ cleanup_ctx (void *cls) /** - * Generate error reply in the format requested by - * the client. + * Generate error reply. * * @param bc our context - * @param template error template to use * @param http_status HTTP status to return * @param ec error code to return * @param hint human-readable hint to give */ static enum MHD_Result reply_error (struct ChallengeContext *bc, - const char *template, unsigned int http_status, enum TALER_ErrorCode ec, const char *hint) @@ -769,7 +766,6 @@ CH_handler_challenge (struct CH_HandlerContext *hc, { GNUNET_break_op (0); return reply_error (bc, - "invalid-request", MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, bad_field); @@ -792,7 +788,6 @@ CH_handler_challenge (struct CH_HandlerContext *hc, case GNUNET_DB_STATUS_HARD_ERROR: GNUNET_break (0); return reply_error (bc, - "internal-error", MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, "validation-get"); @@ -801,14 +796,12 @@ CH_handler_challenge (struct CH_HandlerContext *hc, continue; GNUNET_break (0); return reply_error (bc, - "internal-error", MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, "validation-get"); case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: GNUNET_break_op (0); return reply_error (bc, - "validation-unknown", MHD_HTTP_NOT_FOUND, TALER_EC_CHALLENGER_GENERIC_VALIDATION_UNKNOWN, NULL); @@ -825,7 +818,6 @@ CH_handler_challenge (struct CH_HandlerContext *hc, GNUNET_break_op (0); json_decref (old_address); return reply_error (bc, - "address-read-only", MHD_HTTP_FORBIDDEN, TALER_EC_CHALLENGER_CLIENT_FORBIDDEN_READ_ONLY, NULL); @@ -849,7 +841,6 @@ CH_handler_challenge (struct CH_HandlerContext *hc, case GNUNET_DB_STATUS_HARD_ERROR: GNUNET_break (0); return reply_error (bc, - "internal-error", MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_STORE_FAILED, "set-address-and-pin"); @@ -858,14 +849,12 @@ CH_handler_challenge (struct CH_HandlerContext *hc, continue; GNUNET_break (0); return reply_error (bc, - "internal-error", MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_STORE_FAILED, "set-address-and-pin"); case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: GNUNET_break_op (0); return reply_error (bc, - "validation-unknown", MHD_HTTP_NOT_FOUND, TALER_EC_CHALLENGER_GENERIC_VALIDATION_UNKNOWN, NULL); @@ -909,7 +898,6 @@ CH_handler_challenge (struct CH_HandlerContext *hc, GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Address changes exhausted address change limit for this process\n"); return reply_error (bc, - "unauthorized_client", MHD_HTTP_TOO_MANY_REQUESTS, TALER_EC_CHALLENGER_TOO_MANY_ATTEMPTS, "client exceeded authorization attempts limit (too many addresses attempted)"); @@ -920,7 +908,6 @@ CH_handler_challenge (struct CH_HandlerContext *hc, GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Address changes exhausted PIN limit for this address\n"); return reply_error (bc, - "unauthorized_client", MHD_HTTP_TOO_MANY_REQUESTS, TALER_EC_CHALLENGER_TOO_MANY_ATTEMPTS, "client exceeded authorization attempts limit (too many PINs)");