void OAuthTokenEndpoint::handleRequest(const Http::Request &request, Http::Response &response)
{
#ifdef WT_TARGET_JAVA
try {
#endif // WT_TARGET_JAVA
response.setMimeType("application/json");
response.addHeader("Cache-Control", "no-store");
response.addHeader("Pragma", "no-cache");
const std::string *grantType = request.getParameter("grant_type");
const std::string *redirectUri = request.getParameter("redirect_uri");
const std::string *code = request.getParameter("code");
std::string clientId;
std::string clientSecret;
ClientSecretMethod authMethod = HttpAuthorizationBasic;
// Preferred method: get authorization information from
// Http Basic authentication
std::string headerSecret;
std::string authHeader = request.headerValue("Authorization");
if (authHeader.length() > AUTH_TYPE.length() + 1) {
#ifndef WT_TARGET_JAVA
headerSecret = Utils::base64Decode(authHeader.substr(AUTH_TYPE.length() + 1));
#else
headerSecret = Utils::base64DecodeS(authHeader.substr(AUTH_TYPE.length() + 1));
#endif // WT_TARGET_JAVA
std::vector<std::string> tokens;
boost::split(tokens, headerSecret, boost::is_any_of(":"));
if (tokens.size() == 2) {
clientId = Utils::urlDecode(tokens[0]);
clientSecret = Utils::urlDecode(tokens[1]);
authMethod = HttpAuthorizationBasic;
}
}
// Alternative method: pass authorization information as parameters
// (only allowed for post methods)
if (clientId.empty() && clientSecret.empty()) {
const std::string *clientIdParam = request.getParameter("client_id");
const std::string *clientSecretParam = request.getParameter("client_secret");
if (clientIdParam && clientSecretParam) {
clientId = *clientIdParam;
clientSecret = *clientSecretParam;
authMethod = RequestBodyParameter;
}
}
if (!code || clientId.empty() || clientSecret.empty() || !grantType || !redirectUri) {
response.setStatus(400);
response.out() << "{\"error\": \"invalid_request\"}" << std::endl;
return;
}
OAuthClient client = db_->idpClientFindWithId(clientId);
if (!client.checkValid() || !client.verifySecret(clientSecret)
|| client.authMethod() != authMethod) {
response.setStatus(401);
if (!authHeader.empty()) {
if (client.authMethod() == HttpAuthorizationBasic)
response.addHeader("WWW-Authenticate", AUTH_TYPE);
else
response.addHeader("WWW-Authenticate",
methodToString(client.authMethod()));
}
response.out() << "{\n\"error\": \"invalid_client\"\n}" << std::endl;
return;
}
if (*grantType != GRANT_TYPE) {
response.setStatus(400);
response.out() << "{\n\"error\": \"unsupported_grant_type\"\n}" << std::endl;
return;
}
IssuedToken authCode = db_->idpTokenFindWithValue(GRANT_TYPE, *code);
if (!authCode.checkValid() || authCode.redirectUri() != *redirectUri
|| WDateTime::currentDateTime() > authCode.expirationTime()) {
response.setStatus(400);
response.out() << "{\n\"error\": \"invalid_grant\"\n}" << std::endl;
return;
}
std::string accessTokenValue = WRandom::generateId();
WDateTime expirationTime = WDateTime::currentDateTime().addSecs(accessExpSecs_);
const User &user = authCode.user();
const OAuthClient &authClient = authCode.authClient();
const std::string scope = authCode.scope();
db_->idpTokenAdd(accessTokenValue, expirationTime, "access_token", scope,
authCode.redirectUri(), user, authClient);
db_->idpTokenRemove(authCode);
response.setStatus(200);
Json::Object root;
root["access_token"] = Json::Value(accessTokenValue);
root["token_type"] = Json::Value("Bearer");
root["expires_in"] = Json::Value(accessExpSecs_);
if (authCode.scope().find("openid") != std::string::npos) {
std::string header;
std::string signature;
std::string payload = Utils::base64Encode(idTokenPayload(authClient.clientId(), scope, user), false);
#ifndef WT_TARGET_JAVA
#ifdef WT_WITH_SSL
if (privateKey) {
header = Utils::base64Encode("{\n\"typ\": \"JWT\",\n\"alg\": \"RS256\"\n}", false);
signature = Utils::base64Encode(rs256(header + "." + payload), false);
} else {
#endif // WT_WITH_SSL
#endif // WT_TARGET_JAVA
header = Utils::base64Encode("{\n\"typ\": \"JWT\",\n\"alg\": \"none\"\n}", false);
signature = Utils::base64Encode("", false);
#ifndef WT_TARGET_JAVA
#ifdef WT_WITH_SSL
}
#endif // WT_WITH_SSL
#endif // WT_TARGET_JAVA
root["id_token"] = Json::Value(header + "." + payload + "." + signature);
}
response.out() << Json::serialize(root);
#ifdef WT_TARGET_JAVA
} catch (std::io_exception ioe) {
LOG_ERROR(ioe.message());
}
#endif
}
static void
showClass(const Smoke::ModuleIndex& classId, int indent)
{
if (showClassNamesOnly) {
QString className = QString::fromLatin1(classId.smoke->classes[classId.index].className);
className.replace("::", ".");
if (!matchPattern || targetPattern.indexIn(className) != -1) {
while (indent > 0) {
qOut << " ";
indent--;
}
qOut << className << "\n";
}
return;
}
Smoke * smoke = classId.smoke;
Smoke::Index imax = smoke->numMethodMaps;
Smoke::Index imin = 0, icur = -1, methmin, methmax;
methmin = -1; methmax = -1; // kill warnings
int icmp = -1;
while (imax >= imin) {
icur = (imin + imax) / 2;
icmp = smoke->leg(smoke->methodMaps[icur].classId, classId.index);
if (icmp == 0) {
Smoke::Index pos = icur;
while (icur != 0 && smoke->methodMaps[icur-1].classId == classId.index) {
icur --;
}
methmin = icur;
icur = pos;
while (icur < imax && smoke->methodMaps[icur+1].classId == classId.index) {
icur ++;
}
methmax = icur;
break;
}
if (icmp > 0) {
imax = icur - 1;
} else {
imin = icur + 1;
}
}
if (icmp == 0) {
for (Smoke::Index i = methmin ; i <= methmax ; i++) {
Smoke::Index ix = smoke->methodMaps[i].method;
if (ix >= 0) { // single match
if ((smoke->methods[ix].flags & Smoke::mf_dtor) == 0) {
QString method = methodToString(Smoke::ModuleIndex(smoke, ix));
if (!matchPattern || targetPattern.indexIn(method) != -1) {
qWarning("%s", method.toLatin1().constData());
}
}
} else { // multiple match
ix = -ix; // turn into ambiguousMethodList index
while (smoke->ambiguousMethodList[ix]) {
if ((smoke->methods[smoke->ambiguousMethodList[ix]].flags & Smoke::mf_dtor) == 0) {
QString method = methodToString(Smoke::ModuleIndex(smoke, smoke->ambiguousMethodList[ix]));
if (!matchPattern || targetPattern.indexIn(method) != -1) {
qWarning("%s", method.toLatin1().constData());
}
}
ix++;
}
}
}
}
}
