void OAuthTokenEndpoint::handleRequest(const Http::Request &request, Http::Response &response) { #ifdef WT_TARGET_JAVA try { #endif // WT_TARGET_JAVA response.setMimeType("application/json"); response.addHeader("Cache-Control", "no-store"); response.addHeader("Pragma", "no-cache"); const std::string *grantType = request.getParameter("grant_type"); const std::string *redirectUri = request.getParameter("redirect_uri"); const std::string *code = request.getParameter("code"); std::string clientId; std::string clientSecret; ClientSecretMethod authMethod = HttpAuthorizationBasic; // Preferred method: get authorization information from // Http Basic authentication std::string headerSecret; std::string authHeader = request.headerValue("Authorization"); if (authHeader.length() > AUTH_TYPE.length() + 1) { #ifndef WT_TARGET_JAVA headerSecret = Utils::base64Decode(authHeader.substr(AUTH_TYPE.length() + 1)); #else headerSecret = Utils::base64DecodeS(authHeader.substr(AUTH_TYPE.length() + 1)); #endif // WT_TARGET_JAVA std::vector<std::string> tokens; boost::split(tokens, headerSecret, boost::is_any_of(":")); if (tokens.size() == 2) { clientId = Utils::urlDecode(tokens[0]); clientSecret = Utils::urlDecode(tokens[1]); authMethod = HttpAuthorizationBasic; } } // Alternative method: pass authorization information as parameters // (only allowed for post methods) if (clientId.empty() && clientSecret.empty()) { const std::string *clientIdParam = request.getParameter("client_id"); const std::string *clientSecretParam = request.getParameter("client_secret"); if (clientIdParam && clientSecretParam) { clientId = *clientIdParam; clientSecret = *clientSecretParam; authMethod = RequestBodyParameter; } } if (!code || clientId.empty() || clientSecret.empty() || !grantType || !redirectUri) { response.setStatus(400); response.out() << "{\"error\": \"invalid_request\"}" << std::endl; return; } OAuthClient client = db_->idpClientFindWithId(clientId); if (!client.checkValid() || !client.verifySecret(clientSecret) || client.authMethod() != authMethod) { response.setStatus(401); if (!authHeader.empty()) { if (client.authMethod() == HttpAuthorizationBasic) response.addHeader("WWW-Authenticate", AUTH_TYPE); else response.addHeader("WWW-Authenticate", methodToString(client.authMethod())); } response.out() << "{\n\"error\": \"invalid_client\"\n}" << std::endl; return; } if (*grantType != GRANT_TYPE) { response.setStatus(400); response.out() << "{\n\"error\": \"unsupported_grant_type\"\n}" << std::endl; return; } IssuedToken authCode = db_->idpTokenFindWithValue(GRANT_TYPE, *code); if (!authCode.checkValid() || authCode.redirectUri() != *redirectUri || WDateTime::currentDateTime() > authCode.expirationTime()) { response.setStatus(400); response.out() << "{\n\"error\": \"invalid_grant\"\n}" << std::endl; return; } std::string accessTokenValue = WRandom::generateId(); WDateTime expirationTime = WDateTime::currentDateTime().addSecs(accessExpSecs_); const User &user = authCode.user(); const OAuthClient &authClient = authCode.authClient(); const std::string scope = authCode.scope(); db_->idpTokenAdd(accessTokenValue, expirationTime, "access_token", scope, authCode.redirectUri(), user, authClient); db_->idpTokenRemove(authCode); response.setStatus(200); Json::Object root; root["access_token"] = Json::Value(accessTokenValue); root["token_type"] = Json::Value("Bearer"); root["expires_in"] = Json::Value(accessExpSecs_); if (authCode.scope().find("openid") != std::string::npos) { std::string header; std::string signature; std::string payload = Utils::base64Encode(idTokenPayload(authClient.clientId(), scope, user), false); #ifndef WT_TARGET_JAVA #ifdef WT_WITH_SSL if (privateKey) { header = Utils::base64Encode("{\n\"typ\": \"JWT\",\n\"alg\": \"RS256\"\n}", false); signature = Utils::base64Encode(rs256(header + "." + payload), false); } else { #endif // WT_WITH_SSL #endif // WT_TARGET_JAVA header = Utils::base64Encode("{\n\"typ\": \"JWT\",\n\"alg\": \"none\"\n}", false); signature = Utils::base64Encode("", false); #ifndef WT_TARGET_JAVA #ifdef WT_WITH_SSL } #endif // WT_WITH_SSL #endif // WT_TARGET_JAVA root["id_token"] = Json::Value(header + "." + payload + "." + signature); } response.out() << Json::serialize(root); #ifdef WT_TARGET_JAVA } catch (std::io_exception ioe) { LOG_ERROR(ioe.message()); } #endif }
static void showClass(const Smoke::ModuleIndex& classId, int indent) { if (showClassNamesOnly) { QString className = QString::fromLatin1(classId.smoke->classes[classId.index].className); className.replace("::", "."); if (!matchPattern || targetPattern.indexIn(className) != -1) { while (indent > 0) { qOut << " "; indent--; } qOut << className << "\n"; } return; } Smoke * smoke = classId.smoke; Smoke::Index imax = smoke->numMethodMaps; Smoke::Index imin = 0, icur = -1, methmin, methmax; methmin = -1; methmax = -1; // kill warnings int icmp = -1; while (imax >= imin) { icur = (imin + imax) / 2; icmp = smoke->leg(smoke->methodMaps[icur].classId, classId.index); if (icmp == 0) { Smoke::Index pos = icur; while (icur != 0 && smoke->methodMaps[icur-1].classId == classId.index) { icur --; } methmin = icur; icur = pos; while (icur < imax && smoke->methodMaps[icur+1].classId == classId.index) { icur ++; } methmax = icur; break; } if (icmp > 0) { imax = icur - 1; } else { imin = icur + 1; } } if (icmp == 0) { for (Smoke::Index i = methmin ; i <= methmax ; i++) { Smoke::Index ix = smoke->methodMaps[i].method; if (ix >= 0) { // single match if ((smoke->methods[ix].flags & Smoke::mf_dtor) == 0) { QString method = methodToString(Smoke::ModuleIndex(smoke, ix)); if (!matchPattern || targetPattern.indexIn(method) != -1) { qWarning("%s", method.toLatin1().constData()); } } } else { // multiple match ix = -ix; // turn into ambiguousMethodList index while (smoke->ambiguousMethodList[ix]) { if ((smoke->methods[smoke->ambiguousMethodList[ix]].flags & Smoke::mf_dtor) == 0) { QString method = methodToString(Smoke::ModuleIndex(smoke, smoke->ambiguousMethodList[ix])); if (!matchPattern || targetPattern.indexIn(method) != -1) { qWarning("%s", method.toLatin1().constData()); } } ix++; } } } } }