diff options
| author | Christian Grothoff <grothoff@gnunet.org> | 2023-09-06 22:58:57 +0200 |
|---|---|---|
| committer | Christian Grothoff <grothoff@gnunet.org> | 2023-09-06 22:58:57 +0200 |
| commit | c68a0b309f570454423efb9eb6404208e0cae3d9 (patch) | |
| tree | 52388e31f5aefd43b7c7360524d9ee874f6d8cf9 /src/backend/taler-merchant-httpd.c | |
| parent | 78a0c837355f97df7331212e4faf71eed81c05ca (diff) | |
keep using Bearer prefix
Diffstat (limited to 'src/backend/taler-merchant-httpd.c')
| -rw-r--r-- | src/backend/taler-merchant-httpd.c | 44 |
1 files changed, 21 insertions, 23 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c index b714ac8c..dfffa36d 100644 --- a/src/backend/taler-merchant-httpd.c +++ b/src/backend/taler-merchant-httpd.c @@ -199,17 +199,23 @@ TMH_check_token (const char *token, enum GNUNET_DB_QueryStatus qs; struct TALER_MERCHANTDB_LoginTokenP btoken; - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "checking token %s\n", - token); if (NULL == token) return TMH_AS_NONE; + /* This was presumably checked before... */ + GNUNET_assert (0 == strncasecmp (token, + RFC_8959_PREFIX, + strlen (RFC_8959_PREFIX))); + token += strlen (RFC_8959_PREFIX); + if (GNUNET_OK != GNUNET_STRINGS_string_to_data (token, strlen (token), &btoken, sizeof (btoken))) { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to convert %s\n", + token); GNUNET_break_op (0); return TMH_AS_NONE; } @@ -227,24 +233,18 @@ TMH_check_token (const char *token, } if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Token %s unknown\n", - token); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Token unknown\n"); return TMH_AS_NONE; } if (GNUNET_TIME_absolute_is_past (expiration.abs_time)) { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Token %s expired\n", - token); + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Token expired\n"); /* FIXME: may want to return special EC to indicate (recently) expired token in the future */ return TMH_AS_NONE; } - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Token %s has scope %d\n", - token, - scope); return scope; } @@ -622,12 +622,14 @@ extract_token (const char **auth) const char *bearer = "Bearer "; const char *tok = *auth; - if (0 != strncmp (tok, bearer, strlen (bearer))) + if (0 != strncmp (tok, + bearer, + strlen (bearer))) { *auth = NULL; return; } - tok = tok + strlen (bearer); + tok += strlen (bearer); while (' ' == *tok) tok++; if (0 != strncasecmp (tok, @@ -1771,16 +1773,14 @@ url_handler (void *cls, if (public_handlers != handlers) { const char *auth; - const char *tok; bool auth_ok; bool auth_malformed = false; /* PATCHing an instance can alternatively be checked against the default instance */ - tok = MHD_lookup_connection_value (connection, - MHD_HEADER_KIND, - MHD_HTTP_HEADER_AUTHORIZATION); - auth = tok; + auth = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + MHD_HTTP_HEADER_AUTHORIZATION); if (NULL != auth) { /* We _only_ complain about malformed auth headers if @@ -1816,10 +1816,8 @@ url_handler (void *cls, TMH_default_auth)) ); hc->auth_scope = auth_ok ? TMH_AS_ALL - : TMH_check_token (tok, + : TMH_check_token (auth, hc->instance->settings.id); - if (TMH_AS_NONE != hc->auth_scope) - auth_malformed = false; /* We grant access if: - scope is 'all' - rh has an explicit non-NONE scope that matches |