challenger

OAuth 2.0-based authentication service that validates user can receive messages at a certain address
Log | Files | Refs | Submodules | README | LICENSE
commit eeffb7a69caa1bf34800fd8d1ca8bc8893bbc2c5
parent 57c388a9f1c37fa4bfae6cfced33c684c22eabb3
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sat, 24 Aug 2024 16:10:48 +0200

fix #9112

Diffstat:

Msrc/challenger/challenger-admin.c | 38++++++++++++++++++++++++++++----------


Msrc/challenger/challenger-httpd_common.c | 3+++


Asrc/challengerdb/pg_client_modify.c | 53+++++++++++++++++++++++++++++++++++++++++++++++++++++


Asrc/challengerdb/pg_client_modify.h | 45+++++++++++++++++++++++++++++++++++++++++++++


4 files changed, 129 insertions(+), 10 deletions(-)

diff --git a/src/challenger/challenger-admin.c b/src/challenger/challenger-admin.c
@@ -26,6 +26,12 @@
 
 
 /**
+ * Prefix required for all Bearer tokens.
+ */
+#define RFC_8959_PREFIX "secret-token:"
+
+
+/**
  * Return value from main().
  */
 static int global_ret;
@@ -72,15 +78,27 @@ run (void *cls,
   (void) cfgfile;
   if (NULL == redirect_uri)
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "challenger-admin must be invoked with the client REDIRECT URI as first argument\n");
+    fprintf (stderr,
+             "challenger-admin must be invoked with the client REDIRECT URI as first argument\n");
+    global_ret = EXIT_INVALIDARGUMENT;
+    return;
+  }
+  if ( (NULL != client_secret) &&
+       (0 != strncasecmp (client_secret,
+                          RFC_8959_PREFIX,
+                          strlen (RFC_8959_PREFIX))) )
+  {
+    fprintf (stderr,
+             "CLIENT_SECRET must begin with `%s'\n",
+             RFC_8959_PREFIX);
+    global_ret = EXIT_INVALIDARGUMENT;
     return;
   }
   if (NULL ==
       (plugin = CHALLENGER_DB_plugin_load (cfg)))
   {
-    fprintf (stderr,
-             "Failed to initialize database plugin.\n");
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Failed to initialize database plugin.\n");
     global_ret = EXIT_NOTINSTALLED;
     return;
   }
@@ -90,8 +108,8 @@ run (void *cls,
 
     if (NULL != client_id)
     {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "'-m' and '-d' options cannot be used at the same time\n");
+      fprintf (stderr,
+               "'-m' and '-d' options cannot be used at the same time\n");
       global_ret = EXIT_INVALIDARGUMENT;
       goto cleanup;
     }
@@ -106,7 +124,7 @@ run (void *cls,
       goto cleanup;
     case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
       GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                  "Client with this REDIRECT_URI is not known.\n");
+                  "Client with this CLIENT_REDIRECT_URI is not known.\n");
       global_ret = EXIT_FAILURE;
       goto cleanup;
     case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
@@ -128,8 +146,8 @@ run (void *cls,
                 &row_id,
                 &dummy))
     {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "CLIENT_ID must be a positive number\n");
+      fprintf (stderr,
+               "CLIENT_ID must be a positive number\n");
       global_ret = EXIT_INVALIDARGUMENT;
       goto cleanup;
     }
@@ -177,7 +195,7 @@ run (void *cls,
       goto cleanup;
     case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
       GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                  "Client with this REDIRECT_URI already exists.\n");
+                  "Client with this CLIENT_REDIRECT_URI already exists.\n");
       global_ret = EXIT_FAILURE;
       goto cleanup;
     case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
diff --git a/src/challenger/challenger-httpd_common.c b/src/challenger/challenger-httpd_common.c
@@ -22,6 +22,9 @@
 #include "challenger-httpd_common.h"
 
 
+/**
+ * Prefix required for all Bearer tokens.
+ */
 #define RFC_8959_PREFIX "secret-token:"
 
 
diff --git a/src/challengerdb/pg_client_modify.c b/src/challengerdb/pg_client_modify.c
@@ -0,0 +1,53 @@
+/*
+   This file is part of Challenger
+   Copyright (C) 2024 Taler Systems SA
+
+   Challenger is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   Challenger; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file challengerdb/pg_client_modify.c
+ * @brief Implementation of the client_modify function for Postgres
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <taler/taler_error_codes.h>
+#include <taler/taler_dbevents.h>
+#include <taler/taler_pq_lib.h>
+#include "pg_client_modify.h"
+#include "pg_helper.h"
+
+enum GNUNET_DB_QueryStatus
+CH_PG_client_modify (void *cls,
+                     uint64_t client_id,
+                     const char *client_redirect_uri,
+                     const char *client_secret)
+{
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_uint64 (&client_id),
+    GNUNET_PQ_query_param_string (client_redirect_uri),
+    NULL == client_secret
+    ? GNUNET_PQ_query_param_null ()
+    : GNUNET_PQ_query_param_string (client_secret),
+    GNUNET_PQ_query_param_end
+  };
+
+  PREPARE (pg,
+           "client_modify",
+           "UPDATE clients"
+           " SET uri=$2"
+           "    ,client_secret=COALESCE($3,client_secret)"
+           " WHERE client_serial_id=$1");
+  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+                                             "client_modify",
+                                             params);
+}
diff --git a/src/challengerdb/pg_client_modify.h b/src/challengerdb/pg_client_modify.h
@@ -0,0 +1,45 @@
+/*
+   This file is part of Challenger
+   Copyright (C) 2024 Taler Systems SA
+
+   Challenger is free software; you can redistribute it and/or modify it under the
+   terms of the GNU General Public License as published by the Free Software
+   Foundation; either version 3, or (at your option) any later version.
+
+   Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
+   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License along with
+   Challenger; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+/**
+ * @file challengerdb/pg_client_modify.h
+ * @brief implementation of the client_modify function for Postgres
+ * @author Christian Grothoff
+ */
+#ifndef PG_CLIENT_MODIFY_H
+#define PG_CLIENT_MODIFY_H
+
+#include <taler/taler_util.h>
+#include <taler/taler_json_lib.h>
+#include "challenger_database_plugin.h"
+
+
+/**
+ * Modify client to the list of authorized clients.
+ *
+ * @param cls
+ * @param client_id the client ID on success
+ * @param client_url URL of the client
+ * @param client_secret authorization secret for the client, NULL to not modify the secret
+ * @return transaction status
+ */
+enum GNUNET_DB_QueryStatus
+CH_PG_client_modify (void *cls,
+                     uint64_t client_id,
+                     const char *client_url,
+                     const char *client_secret);
+
+
+#endif