challenger

OAuth 2.0-based authentication service that validates user can receive messages at a certain address
Log | Files | Refs | Submodules | README | LICENSE

commit d55e060c6131f135478f62daee643b473c47054e
parent 9f66bf52f2a367ff6ab6be019229ba03dace5c9f
Author: Christian Grothoff <grothoff@gnunet.org>
Date:   Tue, 14 Jul 2026 19:26:35 +0200

store missing client state as NULL as it should be, do not coerce to '' to distinguish properly between no state and empty state

Diffstat:
Msrc/challenger/challenger-httpd_authorize.c | 3---
Msrc/challenger/challenger-httpd_challenge.c | 21+++++++++++++++------
Msrc/challenger/challenger-httpd_solve.c | 28++++++++++++++--------------
Msrc/challengerdb/authorize_start.c | 33++++++++++++++++++---------------
4 files changed, 47 insertions(+), 38 deletions(-)

diff --git a/src/challenger/challenger-httpd_authorize.c b/src/challenger/challenger-httpd_authorize.c @@ -202,9 +202,6 @@ CH_handler_authorize (struct CH_HandlerContext *hc, = MHD_lookup_connection_value (hc->connection, MHD_GET_ARGUMENT_KIND, "state"); - if (NULL == state) - state = ""; - scope = MHD_lookup_connection_value (hc->connection, MHD_GET_ARGUMENT_KIND, diff --git a/src/challenger/challenger-httpd_challenge.c b/src/challenger/challenger-httpd_challenge.c @@ -637,10 +637,6 @@ CH_handler_challenge (struct CH_HandlerContext *hc, bc->pst = GNUNET_OS_PROCESS_UNKNOWN; bc->tan = GNUNET_CRYPTO_random_u32 (100000000); - bc->pp = MHD_create_post_processor (hc->connection, - 1024, - &post_iter, - bc); if (GNUNET_OK != GNUNET_STRINGS_string_to_data (hc->path, strlen (hc->path), @@ -654,6 +650,8 @@ CH_handler_challenge (struct CH_HandlerContext *hc, TALER_EC_GENERIC_PARAMETER_MISSING, hc->path); } + TALER_MHD_check_content_length (hc->connection, + 1024); { const char *ct; @@ -669,8 +667,19 @@ CH_handler_challenge (struct CH_HandlerContext *hc, "Processing /challenge upload with %s encoding...\n", ct); } - TALER_MHD_check_content_length (hc->connection, - 1024); + bc->pp = MHD_create_post_processor (hc->connection, + 1024, + &post_iter, + bc); + if (NULL == bc->pp) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + hc->connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_PARAMETER_MALFORMED, + "Content-Type"); + } GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Awaiting /challenge upload (%u)...\n", (unsigned int) *upload_data_size); diff --git a/src/challenger/challenger-httpd_solve.c b/src/challenger/challenger-httpd_solve.c @@ -182,34 +182,34 @@ CH_handler_solve (struct CH_HandlerContext *hc, hc->cc = &cleanup_ctx; hc->ctx = bc; bc->hc = hc; - bc->pp = MHD_create_post_processor (hc->connection, - 1024, - &post_iter, - bc); - if (NULL == bc->pp) + TALER_MHD_check_content_length (hc->connection, + 1024); + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data (hc->path, + strlen (hc->path), + &bc->nonce, + sizeof (bc->nonce))) { GNUNET_break_op (0); return TALER_MHD_reply_with_error ( hc->connection, MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, - "Content-Type"); + "nonce"); } - if (GNUNET_OK != - GNUNET_STRINGS_string_to_data (hc->path, - strlen (hc->path), - &bc->nonce, - sizeof (bc->nonce))) + bc->pp = MHD_create_post_processor (hc->connection, + 1024, + &post_iter, + bc); + if (NULL == bc->pp) { GNUNET_break_op (0); return TALER_MHD_reply_with_error ( hc->connection, MHD_HTTP_BAD_REQUEST, TALER_EC_GENERIC_PARAMETER_MALFORMED, - "nonce"); + "Content-Type"); } - TALER_MHD_check_content_length (hc->connection, - 1024); return MHD_YES; } /* handle upload */ diff --git a/src/challengerdb/authorize_start.c b/src/challengerdb/authorize_start.c @@ -29,20 +29,21 @@ enum GNUNET_DB_QueryStatus -CHALLENGERDB_authorize_start (struct CHALLENGERDB_PostgresContext *ctx, - const struct CHALLENGER_ValidationNonceP *nonce, - uint64_t client_id, - const char *client_scope, - const char *client_state, - const char *client_redirect_uri, - const char *code_challenge, - uint32_t code_challenge_method, - json_t **last_address, - uint32_t *address_attempts_left, - uint32_t *pin_transmissions_left, - uint32_t *auth_attempts_left, - bool *solved, - struct GNUNET_TIME_Absolute *last_tx_time) +CHALLENGERDB_authorize_start ( + struct CHALLENGERDB_PostgresContext *ctx, + const struct CHALLENGER_ValidationNonceP *nonce, + uint64_t client_id, + const char *client_scope, + const char *client_state, + const char *client_redirect_uri, + const char *code_challenge, + uint32_t code_challenge_method, + json_t **last_address, + uint32_t *address_attempts_left, + uint32_t *pin_transmissions_left, + uint32_t *auth_attempts_left, + bool *solved, + struct GNUNET_TIME_Absolute *last_tx_time) { struct GNUNET_PQ_QueryParam params[] = { GNUNET_PQ_query_param_auto_from_type (nonce), @@ -50,7 +51,9 @@ CHALLENGERDB_authorize_start (struct CHALLENGERDB_PostgresContext *ctx, NULL != client_scope ? GNUNET_PQ_query_param_string (client_scope) : GNUNET_PQ_query_param_null (), - GNUNET_PQ_query_param_string (client_state), + NULL != client_state + ? GNUNET_PQ_query_param_string (client_state) + : GNUNET_PQ_query_param_null (), NULL != client_redirect_uri ? GNUNET_PQ_query_param_string (client_redirect_uri) : GNUNET_PQ_query_param_null (),