commit d812c69168d886829a6002fa0ada23c4d8252941
parent 24a7246f86dc84d1a75d8ce36184cd1a171cf4af
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 8 May 2023 22:44:42 +0200
use uri instead of url consistently, remark on schema restriction as per #7838
Diffstat:
8 files changed, 30 insertions(+), 25 deletions(-)
diff --git a/src/challenger/challenger-admin.c b/src/challenger/challenger-admin.c
@@ -55,15 +55,15 @@ run (void *cls,
const char *cfgfile,
const struct GNUNET_CONFIGURATION_Handle *cfg)
{
- const char *url = args[0];
+ const char *redirect_uri = args[0];
struct CHALLENGER_DatabasePlugin *plugin;
(void) cls;
(void) cfgfile;
- if (NULL == url)
+ if (NULL == redirect_uri)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "challenger-admin must be invoked with the client URL as first argument\n");
+ "challenger-admin must be invoked with the client REDIRECT URI as first argument\n");
return;
}
if (NULL ==
@@ -79,7 +79,7 @@ run (void *cls,
enum GNUNET_DB_QueryStatus qs;
qs = plugin->client_delete (plugin->cls,
- url);
+ redirect_uri);
switch (qs)
{
case GNUNET_DB_STATUS_SOFT_ERROR:
@@ -89,7 +89,7 @@ run (void *cls,
goto cleanup;
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Client with this URL is not known.\n");
+ "Client with this REDIRECT_URI is not known.\n");
global_ret = EXIT_FAILURE;
goto cleanup;
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
@@ -104,7 +104,7 @@ run (void *cls,
uint64_t row_id;
qs = plugin->client_add (plugin->cls,
- url,
+ redirect_uri,
client_secret,
&row_id);
switch (qs)
@@ -116,7 +116,7 @@ run (void *cls,
goto cleanup;
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Client with this URL already exists.\n");
+ "Client with this REDIRECT_URI already exists.\n");
global_ret = EXIT_FAILURE;
goto cleanup;
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
@@ -164,7 +164,7 @@ main (int argc,
(void) TALER_project_data_default ();
GNUNET_OS_init (CHALLENGER_project_data_default ());
ret = GNUNET_PROGRAM_run (argc, argv,
- "challenger-admin CLIENT_URL",
+ "challenger-admin CLIENT_REDIRECT_URI",
"Tool to add or remove clients from challenger",
options,
&run, NULL);
diff --git a/src/challenger/challenger-httpd_authorize.c b/src/challenger/challenger-httpd_authorize.c
@@ -105,6 +105,11 @@ CH_handler_authorize (struct CH_HandlerContext *hc,
= MHD_lookup_connection_value (hc->connection,
MHD_GET_ARGUMENT_KIND,
"redirect_uri");
+ /* Note: this is a somewhat arbitrary restriction, as the rest of
+ this code would support other schemas just fine. However, #7838
+ (RFC 7636) should be implemented before lifting this restriction,
+ as otherwise the service might be accidentally used with public
+ clients which would then be insecure. */
if ( (NULL != redirect_uri) &&
(0 != strncmp (redirect_uri,
"http://",
diff --git a/src/challengerdb/challenger-0001.sql b/src/challengerdb/challenger-0001.sql
@@ -28,7 +28,7 @@ SET search_path TO challenger;
CREATE TABLE IF NOT EXISTS clients
(client_serial_id BIGINT UNIQUE GENERATED BY DEFAULT AS IDENTITY
- ,url VARCHAR NOT NULL
+ ,uri VARCHAR NOT NULL
,validation_counter INT8 NOT NULL DEFAULT(0)
,client_secret VARCHAR NOT NULL
);
@@ -36,8 +36,8 @@ COMMENT ON TABLE clients
IS 'Which clients are eligible to access the OAuth 2.0 client';
COMMENT ON COLUMN clients.client_serial_id
IS 'Unique ID for the client';
-COMMENT ON COLUMN clients.url
- IS 'URL of the clients where we would redirect to for authorization';
+COMMENT ON COLUMN clients.uri
+ IS 'Client redirection URI of the clients, where we would redirect to for authorization';
COMMENT ON COLUMN clients.validation_counter
IS 'How many validations were initiated on behalf of this client (for accounting)';
COMMENT ON COLUMN clients.client_secret
diff --git a/src/challengerdb/pg_client_add.c b/src/challengerdb/pg_client_add.c
@@ -27,13 +27,13 @@
enum GNUNET_DB_QueryStatus
CH_PG_client_add (void *cls,
- const char *client_url,
+ const char *client_redirect_uri,
const char *client_secret,
uint64_t *client_id)
{
struct PostgresClosure *pg = cls;
struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_string (client_url),
+ GNUNET_PQ_query_param_string (client_redirect_uri),
GNUNET_PQ_query_param_string (client_secret),
GNUNET_PQ_query_param_end
};
@@ -46,11 +46,11 @@ CH_PG_client_add (void *cls,
PREPARE (pg,
"client_add",
"INSERT INTO clients"
- " (url"
+ " (uri"
" ,client_secret"
") VALUES "
"($1, $2)"
- " ON CONFLICT DO NOTHING" /* CONFLICT on (url) */
+ " ON CONFLICT DO NOTHING" /* CONFLICT on (uri) */
" RETURNING client_serial_id");
return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
"client_add",
diff --git a/src/challengerdb/pg_client_check.c b/src/challengerdb/pg_client_check.c
@@ -31,7 +31,7 @@ CH_PG_client_check (void *cls,
uint64_t client_id,
const char *client_secret,
uint32_t counter_increment,
- char **client_url)
+ char **client_redirect_uri)
{
struct PostgresClosure *pg = cls;
struct GNUNET_PQ_QueryParam params[] = {
@@ -42,20 +42,20 @@ CH_PG_client_check (void *cls,
};
struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_allow_null (
- GNUNET_PQ_result_spec_string ("url",
- client_url),
+ GNUNET_PQ_result_spec_string ("uri",
+ client_redirect_uri),
NULL),
GNUNET_PQ_result_spec_end
};
- *client_url = NULL;
+ *client_redirect_uri = NULL;
PREPARE (pg,
"client_check",
"UPDATE clients SET"
" validation_counter=validation_counter+CAST($3::INT4 AS INT8)"
" WHERE client_serial_id=$1"
" AND client_secret=$2"
- " RETURNING url;");
+ " RETURNING uri;");
return GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
"client_check",
params,
diff --git a/src/challengerdb/pg_client_delete.c b/src/challengerdb/pg_client_delete.c
@@ -28,18 +28,18 @@
enum GNUNET_DB_QueryStatus
CH_PG_client_delete (void *cls,
- const char *client_url)
+ const char *client_redirect_uri)
{
struct PostgresClosure *pg = cls;
struct GNUNET_PQ_QueryParam params[] = {
- GNUNET_PQ_query_param_string (client_url),
+ GNUNET_PQ_query_param_string (client_redirect_uri),
GNUNET_PQ_query_param_end
};
PREPARE (pg,
"client_delete",
"DELETE FROM clients"
- " WHERE url=$1;");
+ " WHERE uri=$1;");
return GNUNET_PQ_eval_prepared_non_select (pg->conn,
"client_delete",
params);
diff --git a/src/challengerdb/pg_setup_nonce.c b/src/challengerdb/pg_setup_nonce.c
@@ -47,7 +47,7 @@ CH_PG_setup_nonce (void *cls,
" ,nonce"
" ,expiration_time"
" ,client_redirect_uri"
- ") SELECT $1, $2, $3, url"
+ ") SELECT $1, $2, $3, uri"
" FROM CLIENTS"
" WHERE client_serial_id=$1;");
return GNUNET_PQ_eval_prepared_non_select (pg->conn,
diff --git a/src/challengerdb/pg_validation_get.c b/src/challengerdb/pg_validation_get.c
@@ -69,7 +69,7 @@ CH_PG_validation_get (void *cls,
" ,address"
" ,client_scope"
" ,client_state"
- " ,COALESCE(client_redirect_uri,url) AS redirect_uri"
+ " ,COALESCE(client_redirect_uri,uri) AS redirect_uri"
" FROM validations"
" JOIN clients "
" USING (client_serial_id)"
