static apr_status_t oidc_session_load_cookie(request_rec *r, session_rec *z) {
oidc_dir_cfg *d = ap_get_module_config(r->per_dir_config,
&auth_openidc_module);
char *cookieValue = oidc_util_get_cookie(r, d->cookie);
if (cookieValue != NULL) {
if (oidc_base64url_decode_decrypt_string(r, (char **) &z->encoded,
cookieValue) <= 0) {
//oidc_util_set_cookie(r, d->cookie, "");
oidc_warn(r, "cookie value possibly corrupted");
return APR_EGENERAL;
}
}
return APR_SUCCESS;
}
/* load the session from the cache using the cookie as the index */
static apr_status_t oidc_session_load_cache(request_rec *r, session_rec *z) {
oidc_cfg *c = ap_get_module_config(r->server->module_config,
&auth_openidc_module);
oidc_dir_cfg *d = ap_get_module_config(r->per_dir_config,
&auth_openidc_module);
/* get the cookie that should be our uuid/key */
char *uuid = oidc_util_get_cookie(r, d->cookie);
/* get the string-encoded session from the cache based on the key */
if (uuid != NULL) {
c->cache->get(r, OIDC_CACHE_SECTION_SESSION, uuid, &z->encoded);
//oidc_util_set_cookie(r, d->cookie, "");
}
return (z->encoded != NULL) ? APR_SUCCESS : APR_EGENERAL;
}
/*
* load the session from the cache using the cookie as the index
*/
static apr_byte_t oidc_session_load_cache(request_rec *r, oidc_session_t *z) {
oidc_cfg *c = ap_get_module_config(r->server->module_config,
&auth_openidc_module);
const char *stored_uuid = NULL;
apr_byte_t rc = FALSE;
/* get the cookie that should be our uuid/key */
char *uuid = oidc_util_get_cookie(r, oidc_cfg_dir_cookie(r));
/* get the string-encoded session from the cache based on the key; decryption is based on the cache backend config */
if (uuid != NULL) {
char *s_json = NULL;
rc = oidc_cache_get_session(r, uuid, &s_json);
if ((rc == TRUE) && (s_json != NULL)) {
rc = oidc_session_decode(r, c, z, s_json, FALSE);
if (rc == TRUE) {
strncpy(z->uuid, uuid, strlen(uuid));
/* compare the session id in the cache value so it allows us to detect cache corruption */
oidc_session_get(r, z, OIDC_SESSION_SESSION_ID, &stored_uuid);
if ((stored_uuid == NULL)
|| (apr_strnatcmp(stored_uuid, uuid) != 0)) {
oidc_error(r,
"cache corruption detected: stored session id (%s) is not equal to requested session id (%s)",
stored_uuid, uuid);
/* delete the session cookie */
oidc_util_set_cookie(r, oidc_cfg_dir_cookie(r), "", 0,
NULL);
/* delete the cache entry */
rc = oidc_cache_set_session(r, z->uuid, NULL, 0);
/* clear the session */
oidc_session_clear(r, z);
rc = FALSE;
}
}
}
}
return rc;
}
/*
* get the authorization header that should contain a bearer token
*/
static apr_byte_t oidc_oauth_get_bearer_token(request_rec *r,
const char **access_token) {
/* get a handle to the directory config */
oidc_dir_cfg *dir_cfg = ap_get_module_config(r->per_dir_config,
&auth_openidc_module);
*access_token = NULL;
if ((dir_cfg->oauth_accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_HEADER)
|| (dir_cfg->oauth_accept_token_in
== OIDC_OAUTH_ACCEPT_TOKEN_IN_DEFAULT)) {
/* get the authorization header */
const char *auth_line;
auth_line = apr_table_get(r->headers_in, "Authorization");
if (auth_line) {
oidc_debug(r, "authorization header found");
/* look for the Bearer keyword */
if (apr_strnatcasecmp(ap_getword(r->pool, &auth_line, ' '),
"Bearer") == 0) {
/* skip any spaces after the Bearer keyword */
while (apr_isspace(*auth_line)) {
auth_line++;
}
/* copy the result in to the access_token */
*access_token = apr_pstrdup(r->pool, auth_line);
} else {
oidc_warn(r,
"client used unsupported authentication scheme: %s",
r->uri);
}
}
}
if ((*access_token == NULL) && (r->method_number == M_POST)
&& (dir_cfg->oauth_accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_POST)) {
apr_table_t *params = apr_table_make(r->pool, 8);
if (oidc_util_read_post_params(r, params) == TRUE) {
*access_token = apr_table_get(params, "access_token");
}
}
if ((*access_token == NULL)
&& (dir_cfg->oauth_accept_token_in
& OIDC_OAUTH_ACCEPT_TOKEN_IN_QUERY)) {
apr_table_t *params = apr_table_make(r->pool, 8);
oidc_util_read_form_encoded_params(r, params, r->args);
*access_token = apr_table_get(params, "access_token");
}
if ((*access_token == NULL)
&& (dir_cfg->oauth_accept_token_in
& OIDC_OAUTH_ACCEPT_TOKEN_IN_COOKIE)) {
const char *cookie_name = apr_hash_get(
dir_cfg->oauth_accept_token_options, "cookie-name",
APR_HASH_KEY_STRING);
const char *auth_line = oidc_util_get_cookie(r, cookie_name);
if (auth_line != NULL) {
/* copy the result in to the access_token */
*access_token = apr_pstrdup(r->pool, auth_line);
} else {
oidc_warn(r, "no cookie found with name: %s", cookie_name);
}
}
if (*access_token == NULL) {
oidc_debug(r,
"no bearer token found in the allowed methods (authorization header, post, query parameter or cookie)");
return FALSE;
}
/* log some stuff */
oidc_debug(r, "bearer token: %s", *access_token);
return TRUE;
}
