Context Navigation

source: lib/oauth2.c @ cb1b973

Last change on this file since cb1b973 was 1a81c83, checked in by Wilmer van der Gaast <wilmer@…>, at 2015-05-06T15:48:16Z

s/number/integer in a few places.

Also (since I forgot to commit), updating rpc module to not treat all plugin
calls as optional.

Property mode set to 100644

File size: 6.9 KB

Line
1	/***************************************************************************\
2	* *
3	* BitlBee - An IRC to IM gateway *
4	* Simple OAuth2 client (consumer) implementation. *
5	* *
6	* Copyright 2010-2013 Wilmer van der Gaast <wilmer@gaast.net> *
7	* *
8	* This program is free software; you can redistribute it and/or modify *
9	* it under the terms of the GNU General Public License as published by *
10	* the Free Software Foundation; either version 2 of the License, or *
11	* (at your option) any later version. *
12	* *
13	* This program is distributed in the hope that it will be useful, *
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16	* GNU General Public License for more details. *
17	* *
18	* You should have received a copy of the GNU General Public License along *
19	* with this program; if not, write to the Free Software Foundation, Inc., *
20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
21	* *
22	\***************************************************************************/
23
24	/* Out of protest, I should rename this file. OAuth2 is a pathetic joke, and
25	of all things, DEFINITELY NOT A STANDARD. The only thing various OAuth2
26	implementations have in common is that name, wrongfully stolen from
27	a pretty nice standard called OAuth 1.0a. That, and the fact that they
28	use JSON. Wait, no, Facebook's version doesn't use JSON. For some of its
29	responses.
30
31	Apparently too many people were too retarded to comprehend the elementary
32	bits of crypto in OAuth 1.0a (took me one afternoon to implement) so
33	the standard was replaced with what comes down to a complicated scheme
34	around what's really just application-specific passwords.
35
36	And then a bunch of mostly incompatible implementations. Great work, guys.
37
38	http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ */
39
40	#include <glib.h>
41	#include "http_client.h"
42	#include "oauth2.h"
43	#include "oauth.h"
44	#include "parson.h"
45	#include "url.h"
46
47	#define JSON_O_FOREACH(o, k, v) \
48	const char k; const JSON_Value v; int __i; \
49	for (__i = 0; json_object_get_tuple(o, __i, &k, &v); __i++)
50
51	char oauth2_url(const struct oauth2_service sp)
52	{
53	return g_strconcat(sp->auth_url,
54	"?scope=", sp->scope,
55	"&response_type=code"
56	"&redirect_uri=", sp->redirect_url,
57	"&client_id=", sp->consumer_key,
58	NULL);
59	}
60
61	struct oauth2_access_token_data {
62	oauth2_token_callback func;
63	gpointer data;
64	};
65
66	static void oauth2_access_token_done(struct http_request *req);
67
68	int oauth2_access_token(const struct oauth2_service *sp,
69	const char auth_type, const char auth,
70	oauth2_token_callback func, gpointer data)
71	{
72	GSList *args = NULL;
73	char args_s, s;
74	url_t url_p;
75	struct http_request *req;
76	struct oauth2_access_token_data *cb_data;
77
78	if (!url_set(&url_p, sp->token_url)) {
79	return 0;
80	}
81
82	oauth_params_add(&args, "client_id", sp->consumer_key);
83	oauth_params_add(&args, "client_secret", sp->consumer_secret);
84	oauth_params_add(&args, "grant_type", auth_type);
85	if (strcmp(auth_type, OAUTH2_AUTH_CODE) == 0) {
86	oauth_params_add(&args, "redirect_uri", sp->redirect_url);
87	oauth_params_add(&args, "code", auth);
88	} else {
89	oauth_params_add(&args, "refresh_token", auth);
90	}
91	args_s = oauth_params_string(args);
92	oauth_params_free(&args);
93
94	s = g_strdup_printf("POST %s HTTP/1.0\r\n"
95	"Host: %s\r\n"
96	"Content-Type: application/x-www-form-urlencoded\r\n"
97	"Content-Length: %zd\r\n"
98	"\r\n"
99	"%s", url_p.file, url_p.host, strlen(args_s), args_s);
100	g_free(args_s);
101
102	cb_data = g_new0(struct oauth2_access_token_data, 1);
103	cb_data->func = func;
104	cb_data->data = data;
105
106	req = http_dorequest(url_p.host, url_p.port, url_p.proto == PROTO_HTTPS,
107	s, oauth2_access_token_done, cb_data);
108
109	g_free(s);
110
111	if (req == NULL) {
112	g_free(cb_data);
113	}
114
115	return req != NULL;
116	}
117
118	static char* oauth2_parse_error(const JSON_Value *e)
119	{
120	/* This does a reasonable job with some of the flavours of error
121	responses I've seen. Because apparently it's not standardised. */
122
123	if (json_type(e) == JSONObject) {
124	/* Facebook style */
125	const char *msg = json_object_get_string(json_object(e), "message");
126	const char *type = json_object_get_string(json_object(e), "type");
127	JSON_Value *code_o = json_object_get_value(json_object(e), "code");
128	int code = json_value_get_integer(code_o);
129	return g_strdup_printf("Error %d: %s", code, msg ? msg : type ? type : "Unknown error");
130	} else if (json_type(e) == JSONString) {
131	return g_strdup(json_string(e));
132	}
133	return NULL;
134	}
135
136	static void oauth2_access_token_done(struct http_request *req)
137	{
138	struct oauth2_access_token_data *cb_data = req->data;
139	char atoken = NULL, rtoken = NULL, *error = NULL;
140	char *content_type;
141
142	if (getenv("BITLBEE_DEBUG") && req->reply_body) {
143	printf("%s\n", req->reply_body);
144	}
145
146	content_type = get_rfc822_header(req->reply_headers, "Content-Type", 0);
147
148	if (content_type && (strstr(content_type, "application/json") \|\|
149	strstr(content_type, "text/javascript"))) {
150	JSON_Value *js = json_parse_string(req->reply_body);
151	if (js && json_type(js) == JSONObject) {
152	JSON_O_FOREACH(json_object(js), k, v){
153	if (strcmp(k, "error") == 0) {
154	error = oauth2_parse_error(v);
155	}
156	if (json_type(v) != JSONString) {
157	continue;
158	}
159	if (strcmp(k, "access_token") == 0) {
160	atoken = g_strdup(json_string(v));
161	}
162	if (strcmp(k, "refresh_token") == 0) {
163	rtoken = g_strdup(json_string(v));
164	}
165	}
166	}
167	json_value_free(js);
168	} else {
169	/* Facebook use their own odd format here, seems to be URL-encoded. */
170	GSList *p_in = NULL;
171
172	oauth_params_parse(&p_in, req->reply_body);
173	atoken = g_strdup(oauth_params_get(&p_in, "access_token"));
174	rtoken = g_strdup(oauth_params_get(&p_in, "refresh_token"));
175	oauth_params_free(&p_in);
176	}
177	if (getenv("BITLBEE_DEBUG")) {
178	printf("Extracted atoken=%s rtoken=%s\n", atoken, rtoken);
179	}
180	if (!atoken && !rtoken && !error) {
181	error = g_strdup("Unusable response");
182	}
183
184	cb_data->func(cb_data->data, atoken, rtoken, error);
185	g_free(content_type);
186	g_free(atoken);
187	g_free(rtoken);
188	g_free(error);
189	g_free(cb_data);
190	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: