char *oauth_api_token(shd_t *api_cli, shmap_t *sess)
{
static char ret_buf[MAX_SHARE_HASH_LENGTH];
char *token;
char *login;
int err;
token = shmap_get_str(sess, ashkey_str("access_token"));
if (!token) {
shkey_t *cli_k = shkey_gen(oauth_sess_token(sess));
shkey_t *serv_k = oauth_sess_id(api_cli);
shkey_t *key;
key = shkey_xor(cli_k, serv_k);
shkey_free(&cli_k);
shkey_free(&serv_k);
token = shkey_print(key);
shmap_set_astr(sess, "access_token", token);
shkey_free(&key);
}
memset(ret_buf, 0, sizeof(ret_buf));
strncpy(ret_buf, token, sizeof(ret_buf)-1);
return (ret_buf);
}
int oauth_response_2fa(shd_t *cli, char *token, char *client_id, char *code, int enable_2fa)
{
shbuf_t *buff = cli->buff_out;
shmap_t *sess;
oauth_user_t *user;
char key_str[256];
char text[1024];
char username[MAX_SHARE_NAME_LENGTH];
char *secret;
char *login_token;
char *user_token;
char *uri;
char *c_id;
char *str;
int scope;
int err;
int idx;
int ok;
if (!cli || !client_id)
return (SHERR_INVAL);
sess = oauth_sess_load(cli, NULL);
if (!sess) {
/* re-login */
oauth_response_login_template(sess, buff, client_id, NULL);
return (SHERR_ACCESS);
}
if (!token) {
/* re-login */
oauth_response_login_template(sess, buff, client_id, NULL);
return (SHERR_ACCESS);
}
if (shmap_get_str(sess, ashkey_str("2fa"))) {
/* already enabled */
enable_2fa = FALSE;
}
secret = oauth_sess_2fa_secret(sess);
str = shmap_get_str(sess, ashkey_str("username"));
memset(username, 0, sizeof(username));
if (str)
strncpy(username, str, sizeof(username) - 1);
login_token = oauth_sess_token(sess);
user_token = http_token_decode(token);
ok = (0 == strcmp(login_token, user_token));
free(user_token);
if (!ok) {
oauth_response_login_template(sess, buff, client_id, NULL);
return (SHERR_ACCESS);
}
ok = oauth_2fa_verify(secret, code);
if (!ok && !enable_2fa) {
/* re 2fa */
oauth_response_2fa_template(sess, buff, client_id);
return (SHERR_ACCESS);
}
if (ok && enable_2fa) {
/* session setting */
shmap_set_astr(sess, ashkey_str("2fa"), "on");
/* persistent setting */
user = oauth_userdb_load(username);
if (user) {
user->flags |= OAF_2FA;
oauth_userdb_save(user);
oauth_userdb_free(&user);
}
}
oauth_response_token_template(sess, buff, client_id);
return (0);
}
int oauth_admin_api_user(shd_t *cli, char *client_id, char *password, char *fullname, char *address, char *zipcode, char *phone, int b_2fa)
{
shmap_t *sess;
char buf[1024];
char warning[256];
int err;
if (!client_id)
client_id = "";
sess = oauth_sess_load(cli, client_id);
if (!sess)
return (SHERR_INVAL);
if (!oauth_sess_login(sess)) {
oauth_admin_redir_login(cli, client_id);
return (0);
}
/* apply new user-defined settings */
if (fullname && *fullname) {
if (!oauth_admin_verify_fullname(fullname))
strcpy(warning, "Please specify a valid 'Real Name'.");
else
shmap_set_astr(sess, ashkey_str("fullname"), fullname);
}
if (address && *address) {
if (!oauth_admin_verify_address(address))
strcpy(warning, "Please specify a valid 'Street Address'.");
else
shmap_set_astr(sess, ashkey_str("address"), address);
}
if (zipcode && *zipcode) {
if (!oauth_admin_verify_zipcode(zipcode))
strcpy(warning, "Please specify a valid 'Zip Code'.");
else
shmap_set_astr(sess, ashkey_str("zipcode"), zipcode);
}
if (phone && *phone) {
if (!oauth_admin_verify_phone(phone))
strcpy(warning, "Please specify a valid 'Phone Number'.");
else
shmap_set_astr(sess, ashkey_str("phone"), phone);
}
/* initialize variables */
if (!shmap_get_str(sess, ashkey_str("fullname")))
shmap_set_astr(sess, ashkey_str("fullname"), "");
if (!shmap_get_str(sess, ashkey_str("address")))
shmap_set_astr(sess, ashkey_str("address"), "");
if (!shmap_get_str(sess, ashkey_str("zipcode")))
shmap_set_astr(sess, ashkey_str("zipcode"), "");
if (!shmap_get_str(sess, ashkey_str("2fa")))
shmap_set_astr(sess, ashkey_str("2fa"), "0");
/* response with JSON context */
shjson_t *json = shjson_init(NULL);
/* core attributes */
shjson_str_add(json, "fullname",
shmap_get_str(sess, ashkey_str("fullname")));
shjson_str_add(json, "address",
shmap_get_str(sess, ashkey_str("address")));
shjson_str_add(json, "zipcode",
shmap_get_str(sess, ashkey_str("zipcode")));
shjson_str_add(json, "phone",
shmap_get_str(sess, ashkey_str("phone")));
shjson_num_add(json, "2fa",
atoi(shmap_get_str(sess, ashkey_str("2fa"))));
oauth_html_json_template(cli->buff_out, json);
shjson_free(&json);
return (0);
}
int oauth_admin_user(shd_t *cli, char *client_id, char *password, char *fullname, char *address, char *zipcode, char *phone, int b_2fa)
{
shmap_t *sess;
char buf[1024];
char warning[1024];
int err;
memset(warning, 0, sizeof(warning));
if (!client_id)
client_id = "";
sess = oauth_sess_load(cli, client_id);
if (!sess)
return (SHERR_INVAL);
if (!oauth_sess_login(sess)) {
oauth_admin_redir_login(cli, client_id);
return (0);
}
/* update attributes with user-defined settings */
if (fullname && *fullname) {
if (!oauth_admin_verify_fullname(fullname))
strcpy(warning, "Please specify a valid 'Real Name'.");
else
shmap_set_astr(sess, ashkey_str("fullname"), fullname);
}
if (address && *address) {
if (!oauth_admin_verify_address(address))
strcpy(warning, "Please specify a valid 'Street Address'.");
else
shmap_set_astr(sess, ashkey_str("address"), address);
}
if (zipcode && *zipcode) {
if (!oauth_admin_verify_zipcode(zipcode))
strcpy(warning, "Please specify a valid 'Zip Code'.");
else
shmap_set_astr(sess, ashkey_str("zipcode"), zipcode);
}
if (phone && *phone) {
if (!oauth_admin_verify_phone(phone))
strcpy(warning, "Please specify a valid 'Phone Number'.");
else
shmap_set_astr(sess, ashkey_str("phone"), phone);
}
/* initialize variables */
if (!shmap_get_str(sess, ashkey_str("fullname")))
shmap_set_astr(sess, ashkey_str("fullname"), "");
if (!shmap_get_str(sess, ashkey_str("address")))
shmap_set_astr(sess, ashkey_str("address"), "");
if (!shmap_get_str(sess, ashkey_str("zipcode")))
shmap_set_astr(sess, ashkey_str("zipcode"), "");
if (!shmap_get_str(sess, ashkey_str("2fa")))
shmap_set_astr(sess, ashkey_str("2fa"), "0");
oauth_admin_user_template(sess, cli->buff_out, client_id, warning);
return (0);
}
