int oauth_admin_api_client(shd_t *cli, char *client_id, char *title, char *logo_url) { shmap_t *sess; char buf[1024]; int err; if (!client_id) client_id = ""; sess = oauth_sess_load(cli, client_id); if (!sess) return (SHERR_INVAL); if (!oauth_sess_login(sess)) { oauth_admin_redir_login(cli, client_id); return (0); } if (title && logo_url && (*title || *logo_url)) { oauth_sess_client_set(sess, client_id, title, logo_url); } sprintf(buf, "<html><form action=\"/admin\"><input name=\"client_id\" value=\"%s\" disabled></input><input name=\"title\" value=\"%s\"></input><input name=\"logo_url\" value=\"%s\"><input type=\"submit\"></input></form></html>\r\n", client_id, title?title:"", logo_url?logo_url:""); oauth_html_template(cli->buff_out, buf); return (0); }
/* api: grant_type = password */ int oauth_token_password(shd_t *cli, char *client_id, char *username, char *password) { shmap_t *sess; shjson_t *json; time_t expire_diff; uint64_t uid; char api_key[256]; char scope_str[256]; int err; if (!username || !password) return (SHERR_INVAL); sess = oauth_sess_load(cli, NULL); if (!sess) return (SHERR_ACCESS); err = oauth_sess_login_verify(cli, sess, username, password); if (err) return (err); #if 0 /* DEBUG: */ strcpy(api_key, oauth_api_token(cli, sess)); expire_diff = 300; strcpy(scope_str, "read"); uid = 1; #endif json = shjson_init(NULL); #if 0 shjson_str_add(json, "access_token", api_key); shjson_str_add(json, "token_type", "bearer"); shjson_num_add(json, "expires_in", expire_diff); shjson_str_add(json, "refresh_token", ""); /* optional */ shjson_str_add(json, "scope", scope_str); shjson_num_add(json, "uid", uid); /* "info":{"name", "email"} .. */ #endif shjson_str_add(json, "code", oauth_sess_token(sess)); oauth_html_json_template(cli->buff_out, json); shjson_free(&json); return (0); }
int oauth_response_token(shd_t *cli, shbuf_t *buff, char *client_id, char *redirect_url, char *scope_str) { shmap_t *sess; char text[1024]; char url[1024]; char key_str[256]; char *token; int i; sess = oauth_sess_load(cli, client_id); if (!sess) return (SHERR_INVAL); if (client_id) { oauth_sess_redirect_url_set(sess, client_id, redirect_url); oauth_sess_scope_set(sess, client_id, scope_str); } if (oauth_sess_login(sess)) { int bits = oauth_scope_bits(scope_str); for (i = 0; i < MAX_OAUTH_SCOPE; i++) { if (!(bits & (1 << i))) continue; fprintf(stderr, "DEBUG: oauth_response_token: access %s = %s\n", oauth_scope_label(1 << i), oauth_sess_access(sess, client_id, (1 << i))?"true":"false"); if (!oauth_sess_access(sess, client_id, (1 << i))) { /* show access template */ oauth_response_access_template(sess, buff, client_id); return (0); } } /* successful login. */ oauth_response_app_template(sess, buff, client_id); return (0); } /* show user/pass login template */ oauth_response_login_template(sess, buff, client_id, NULL); return (0); }
/** * A response to a login html template. */ int oauth_response_password(shd_t *cli, char *client_id, char *username, char *password, int enable_2fa) { oauth_user_t *user; shmap_t *sess; shbuf_t *buff = cli->buff_out; char text[1024]; char *uri; char *c_id; int err; if (!username || !password) return (SHERR_INVAL); sess = oauth_sess_load(cli, NULL); if (!sess) return (SHERR_ACCESS); err = oauth_sess_login_verify(cli, sess, username, password); if (err) { /* re-login */ oauth_response_login_template(sess, buff, client_id, "Warning: Incorrect username or password."); return (err); } if (shmap_get_str(sess, ashkey_str("2fa"))) { /* show user/pass login template */ oauth_response_2fa_template(sess, buff, client_id); return (0); } if (enable_2fa) { oauth_register_2fa_template(sess, buff, client_id); return (0); } /* successful login.. move to next step. */ oauth_response_token_template(sess, buff, client_id); return (0); }
/** * A response to a app access template. */ int oauth_response_access(shd_t *cli, char *client_id, char *client_token) { shmap_t *sess; shbuf_t *buff = cli->buff_out; char text[1024]; char *sys_token; int scope; int err; int idx; int ok; if (!cli) return (SHERR_INVAL); fprintf(stderr, "DEBUG: oauth_response_access()\n"); sess = oauth_sess_load(cli, NULL); sys_token = http_token_decode(oauth_sess_token(sess)); ok = (0 == strcmp(sys_token, client_token)); free(sys_token); if (!ok) { fprintf(stderr, "DEBUG: invalid token: sys(%s) cli(%s)\n", sys_token, client_token); oauth_response_app_error_template(sess, buff, client_id); return (SHERR_ACCESS); } scope = oauth_sess_scope(sess, client_id); fprintf(stderr, "DEBUG: session scope for client %u\n", scope); for (idx = 0; idx < MAX_OAUTH_SCOPE; idx++) { if (scope & (1 << idx)) { oauth_sess_access_grant(sess, client_id, (1 << idx)); fprintf(stderr, "DEBUG: granted client '%s' with access '%s'\n", client_id, oauth_scope_label(1 << idx)); } } oauth_response_token_template(sess, buff, client_id); return (0); }
int oauth_response_2fa(shd_t *cli, char *token, char *client_id, char *code, int enable_2fa) { shbuf_t *buff = cli->buff_out; shmap_t *sess; oauth_user_t *user; char key_str[256]; char text[1024]; char username[MAX_SHARE_NAME_LENGTH]; char *secret; char *login_token; char *user_token; char *uri; char *c_id; char *str; int scope; int err; int idx; int ok; if (!cli || !client_id) return (SHERR_INVAL); sess = oauth_sess_load(cli, NULL); if (!sess) { /* re-login */ oauth_response_login_template(sess, buff, client_id, NULL); return (SHERR_ACCESS); } if (!token) { /* re-login */ oauth_response_login_template(sess, buff, client_id, NULL); return (SHERR_ACCESS); } if (shmap_get_str(sess, ashkey_str("2fa"))) { /* already enabled */ enable_2fa = FALSE; } secret = oauth_sess_2fa_secret(sess); str = shmap_get_str(sess, ashkey_str("username")); memset(username, 0, sizeof(username)); if (str) strncpy(username, str, sizeof(username) - 1); login_token = oauth_sess_token(sess); user_token = http_token_decode(token); ok = (0 == strcmp(login_token, user_token)); free(user_token); if (!ok) { oauth_response_login_template(sess, buff, client_id, NULL); return (SHERR_ACCESS); } ok = oauth_2fa_verify(secret, code); if (!ok && !enable_2fa) { /* re 2fa */ oauth_response_2fa_template(sess, buff, client_id); return (SHERR_ACCESS); } if (ok && enable_2fa) { /* session setting */ shmap_set_astr(sess, ashkey_str("2fa"), "on"); /* persistent setting */ user = oauth_userdb_load(username); if (user) { user->flags |= OAF_2FA; oauth_userdb_save(user); oauth_userdb_free(&user); } } oauth_response_token_template(sess, buff, client_id); return (0); }
int oauth_admin_api_user(shd_t *cli, char *client_id, char *password, char *fullname, char *address, char *zipcode, char *phone, int b_2fa) { shmap_t *sess; char buf[1024]; char warning[256]; int err; if (!client_id) client_id = ""; sess = oauth_sess_load(cli, client_id); if (!sess) return (SHERR_INVAL); if (!oauth_sess_login(sess)) { oauth_admin_redir_login(cli, client_id); return (0); } /* apply new user-defined settings */ if (fullname && *fullname) { if (!oauth_admin_verify_fullname(fullname)) strcpy(warning, "Please specify a valid 'Real Name'."); else shmap_set_astr(sess, ashkey_str("fullname"), fullname); } if (address && *address) { if (!oauth_admin_verify_address(address)) strcpy(warning, "Please specify a valid 'Street Address'."); else shmap_set_astr(sess, ashkey_str("address"), address); } if (zipcode && *zipcode) { if (!oauth_admin_verify_zipcode(zipcode)) strcpy(warning, "Please specify a valid 'Zip Code'."); else shmap_set_astr(sess, ashkey_str("zipcode"), zipcode); } if (phone && *phone) { if (!oauth_admin_verify_phone(phone)) strcpy(warning, "Please specify a valid 'Phone Number'."); else shmap_set_astr(sess, ashkey_str("phone"), phone); } /* initialize variables */ if (!shmap_get_str(sess, ashkey_str("fullname"))) shmap_set_astr(sess, ashkey_str("fullname"), ""); if (!shmap_get_str(sess, ashkey_str("address"))) shmap_set_astr(sess, ashkey_str("address"), ""); if (!shmap_get_str(sess, ashkey_str("zipcode"))) shmap_set_astr(sess, ashkey_str("zipcode"), ""); if (!shmap_get_str(sess, ashkey_str("2fa"))) shmap_set_astr(sess, ashkey_str("2fa"), "0"); /* response with JSON context */ shjson_t *json = shjson_init(NULL); /* core attributes */ shjson_str_add(json, "fullname", shmap_get_str(sess, ashkey_str("fullname"))); shjson_str_add(json, "address", shmap_get_str(sess, ashkey_str("address"))); shjson_str_add(json, "zipcode", shmap_get_str(sess, ashkey_str("zipcode"))); shjson_str_add(json, "phone", shmap_get_str(sess, ashkey_str("phone"))); shjson_num_add(json, "2fa", atoi(shmap_get_str(sess, ashkey_str("2fa")))); oauth_html_json_template(cli->buff_out, json); shjson_free(&json); return (0); }
int oauth_admin_user(shd_t *cli, char *client_id, char *password, char *fullname, char *address, char *zipcode, char *phone, int b_2fa) { shmap_t *sess; char buf[1024]; char warning[1024]; int err; memset(warning, 0, sizeof(warning)); if (!client_id) client_id = ""; sess = oauth_sess_load(cli, client_id); if (!sess) return (SHERR_INVAL); if (!oauth_sess_login(sess)) { oauth_admin_redir_login(cli, client_id); return (0); } /* update attributes with user-defined settings */ if (fullname && *fullname) { if (!oauth_admin_verify_fullname(fullname)) strcpy(warning, "Please specify a valid 'Real Name'."); else shmap_set_astr(sess, ashkey_str("fullname"), fullname); } if (address && *address) { if (!oauth_admin_verify_address(address)) strcpy(warning, "Please specify a valid 'Street Address'."); else shmap_set_astr(sess, ashkey_str("address"), address); } if (zipcode && *zipcode) { if (!oauth_admin_verify_zipcode(zipcode)) strcpy(warning, "Please specify a valid 'Zip Code'."); else shmap_set_astr(sess, ashkey_str("zipcode"), zipcode); } if (phone && *phone) { if (!oauth_admin_verify_phone(phone)) strcpy(warning, "Please specify a valid 'Phone Number'."); else shmap_set_astr(sess, ashkey_str("phone"), phone); } /* initialize variables */ if (!shmap_get_str(sess, ashkey_str("fullname"))) shmap_set_astr(sess, ashkey_str("fullname"), ""); if (!shmap_get_str(sess, ashkey_str("address"))) shmap_set_astr(sess, ashkey_str("address"), ""); if (!shmap_get_str(sess, ashkey_str("zipcode"))) shmap_set_astr(sess, ashkey_str("zipcode"), ""); if (!shmap_get_str(sess, ashkey_str("2fa"))) shmap_set_astr(sess, ashkey_str("2fa"), "0"); oauth_admin_user_template(sess, cli->buff_out, client_id, warning); return (0); }