Context Navigation

source: lib/oauth2.c @ b75671d

Last change on this file since b75671d was b75671d, checked in by Wilmer van der Gaast <wilmer@…>, at 2015-06-17T22:47:26Z
Merge remote-tracking branch 'origin/master' into parson
Property mode set to `100644`
File size: 7.0 KB

Line
1	/***************************************************************************\
2	* *
3	* BitlBee - An IRC to IM gateway *
4	* Simple OAuth2 client (consumer) implementation. *
5	* *
6	* Copyright 2010-2013 Wilmer van der Gaast <wilmer@gaast.net> *
7	* *
8	* This program is free software; you can redistribute it and/or modify *
9	* it under the terms of the GNU General Public License as published by *
10	* the Free Software Foundation; either version 2 of the License, or *
11	* (at your option) any later version. *
12	* *
13	* This program is distributed in the hope that it will be useful, *
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16	* GNU General Public License for more details. *
17	* *
18	* You should have received a copy of the GNU General Public License along *
19	* with this program; if not, write to the Free Software Foundation, Inc., *
20	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
21	* *
22	\***************************************************************************/
23
24	/* Out of protest, I should rename this file. OAuth2 is a pathetic joke, and
25	of all things, DEFINITELY NOT A STANDARD. The only thing various OAuth2
26	implementations have in common is that name, wrongfully stolen from
27	a pretty nice standard called OAuth 1.0a. That, and the fact that they
28	use JSON. Wait, no, Facebook's version doesn't use JSON. For some of its
29	responses.
30
31	Apparently too many people were too retarded to comprehend the elementary
32	bits of crypto in OAuth 1.0a (took me one afternoon to implement) so
33	the standard was replaced with what comes down to a complicated scheme
34	around what's really just application-specific passwords.
35
36	And then a bunch of mostly incompatible implementations. Great work, guys.
37
38	http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/ */
39
40	#include <glib.h>
41	#include "http_client.h"
42	#include "oauth2.h"
43	#include "oauth.h"
44	#include "parson.h"
45	#include "url.h"
46
47	#define JSON_O_FOREACH(o, k, v) \
48	const char k; const JSON_Value v; int __i; \
49	for (__i = 0; json_object_get_tuple(o, __i, &k, &v); __i++)
50
51	char oauth2_url(const struct oauth2_service sp)
52	{
53	return g_strconcat(sp->auth_url,
54	"?scope=", sp->scope,
55	"&response_type=code"
56	"&redirect_uri=", sp->redirect_url,
57	"&client_id=", sp->consumer_key,
58	NULL);
59	}
60
61	struct oauth2_access_token_data {
62	oauth2_token_callback func;
63	gpointer data;
64	};
65
66	static void oauth2_access_token_done(struct http_request *req);
67
68	int oauth2_access_token(const struct oauth2_service *sp,
69	const char auth_type, const char auth,
70	oauth2_token_callback func, gpointer data)
71	{
72	GSList *args = NULL;
73	char args_s, s;
74	url_t url_p;
75	struct http_request *req;
76	struct oauth2_access_token_data *cb_data;
77
78	if (!url_set(&url_p, sp->token_url)) {
79	return 0;
80	}
81
82	oauth_params_add(&args, "client_id", sp->consumer_key);
83	oauth_params_add(&args, "client_secret", sp->consumer_secret);
84	oauth_params_add(&args, "grant_type", auth_type);
85	if (strcmp(auth_type, OAUTH2_AUTH_CODE) == 0) {
86	oauth_params_add(&args, "redirect_uri", sp->redirect_url);
87	oauth_params_add(&args, "code", auth);
88	} else {
89	oauth_params_add(&args, "refresh_token", auth);
90	}
91	args_s = oauth_params_string(args);
92	oauth_params_free(&args);
93
94	s = g_strdup_printf("POST %s HTTP/1.0\r\n"
95	"Host: %s\r\n"
96	"Content-Type: application/x-www-form-urlencoded\r\n"
97	"Content-Length: %zd\r\n"
98	"\r\n"
99	"%s", url_p.file, url_p.host, strlen(args_s), args_s);
100	g_free(args_s);
101
102	cb_data = g_new0(struct oauth2_access_token_data, 1);
103	cb_data->func = func;
104	cb_data->data = data;
105
106	req = http_dorequest(url_p.host, url_p.port, url_p.proto == PROTO_HTTPS,
107	s, oauth2_access_token_done, cb_data);
108
109	g_free(s);
110
111	if (req == NULL) {
112	g_free(cb_data);
113	}
114
115	return req != NULL;
116	}
117
118	static char* oauth2_parse_error(const JSON_Value *e)
119	{
120	/* This does a reasonable job with some of the flavours of error
121	responses I've seen. Because apparently it's not standardised. */
122
123	if (json_type(e) == JSONObject) {
124	/* Facebook style */
125	const char *msg = json_object_get_string(json_object(e), "message");
126	const char *type = json_object_get_string(json_object(e), "type");
127	JSON_Value *code_o = json_object_get_value(json_object(e), "code");
128	int code = json_value_get_integer(code_o);
129	return g_strdup_printf("Error %d: %s", code, msg ? msg : type ? type : "Unknown error");
130	} else if (json_type(e) == JSONString) {
131	return g_strdup(json_string(e));
132	}
133	return NULL;
134	}
135
136	static void oauth2_access_token_done(struct http_request *req)
137	{
138	struct oauth2_access_token_data *cb_data = req->data;
139	char atoken = NULL, rtoken = NULL, *error = NULL;
140	char *content_type = NULL;
141
142	if (req->status_code <= 0 && !req->reply_body) {
143	cb_data->func(cb_data->data, NULL, NULL, req->status_string);
144	g_free(cb_data);
145	return;
146	}
147
148	if (getenv("BITLBEE_DEBUG")) {
149	printf("%s\n", req->reply_body);
150	}
151
152	content_type = get_rfc822_header(req->reply_headers, "Content-Type", 0);
153
154	if (content_type && (strstr(content_type, "application/json") \|\|
155	strstr(content_type, "text/javascript"))) {
156	JSON_Value *js = json_parse_string(req->reply_body);
157	if (js && json_type(js) == JSONObject) {
158	JSON_O_FOREACH(json_object(js), k, v){
159	if (strcmp(k, "error") == 0) {
160	error = oauth2_parse_error(v);
161	}
162	if (json_type(v) != JSONString) {
163	continue;
164	}
165	if (strcmp(k, "access_token") == 0) {
166	atoken = g_strdup(json_string(v));
167	}
168	if (strcmp(k, "refresh_token") == 0) {
169	rtoken = g_strdup(json_string(v));
170	}
171	}
172	}
173	json_value_free(js);
174	} else {
175	/* Facebook use their own odd format here, seems to be URL-encoded. */
176	GSList *p_in = NULL;
177
178	oauth_params_parse(&p_in, req->reply_body);
179	atoken = g_strdup(oauth_params_get(&p_in, "access_token"));
180	rtoken = g_strdup(oauth_params_get(&p_in, "refresh_token"));
181	oauth_params_free(&p_in);
182	}
183	if (getenv("BITLBEE_DEBUG")) {
184	printf("Extracted atoken=%s rtoken=%s\n", atoken, rtoken);
185	}
186	if (!atoken && !rtoken && !error) {
187	error = g_strdup("Unusable response");
188	}
189
190	cb_data->func(cb_data->data, atoken, rtoken, error);
191	g_free(content_type);
192	g_free(atoken);
193	g_free(rtoken);
194	g_free(error);
195	g_free(cb_data);
196	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: