Changeset 3b878a1 for lib/oauth.c

Timestamp:

2010-05-02T21:20:09Z (14 years ago)

Author:

Wilmer van der Gaast <wilmer@…>

Branches:

master

Children:

6824fb3

Parents:

839189b (diff), f4b0911 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

OAuth sanity fix: Twitter-specific stuff should *not* be in lib/oauth.c.
Somewhat intrusive, should've done this right immediately. :-/

File:

• lib/oauth.c (modified) (15 diffs)

lib/oauth.c

@@ -33 +33 @@
 #include "oauth.h"
 
-#define CONSUMER_KEY "xsDNKJuNZYkZyMcu914uEA"
-#define CONSUMER_SECRET "FCxqcr0pXKzsF9ajmP57S3VQ8V6Drk4o2QYtqMcOszo"
-/* How can it be a secret if it's right here in the source code? No clue... */
-
 #define HMAC_BLOCK_SIZE 64
 
 static char *oauth_sign( const char *method, const char *url,
-                         const char *params, const char *token_secret )
+                         const char *params, struct oauth_info *oi )
 {
         sha1_state_t sha1;
@@ -51 +47 @@
            otherwise just pad. */
         memset( key, 0, HMAC_BLOCK_SIZE );
-        i = strlen( CONSUMER_SECRET ) + 1 + ( token_secret ? strlen( token_secret ) : 0 );
+        i = strlen( oi->sp->consumer_secret ) + 1 + ( oi->token_secret ? strlen( oi->token_secret ) : 0 );
         if( i > HMAC_BLOCK_SIZE )
         {
                 sha1_init( &sha1 );
-                sha1_append( &sha1, (uint8_t*) CONSUMER_SECRET, strlen( CONSUMER_SECRET ) );
+                sha1_append( &sha1, (uint8_t*) oi->sp->consumer_secret, strlen( oi->sp->consumer_secret ) );
                 sha1_append( &sha1, (uint8_t*) "&", 1 );
-                if( token_secret )
-                        sha1_append( &sha1, (uint8_t*) token_secret, strlen( token_secret ) );
+                if( oi->token_secret )
+                        sha1_append( &sha1, (uint8_t*) oi->token_secret, strlen( oi->token_secret ) );
                 sha1_finish( &sha1, key );
         }
@@ -64 +60 @@
         {
                 g_snprintf( (gchar*) key, HMAC_BLOCK_SIZE + 1, "%s&%s",
-                            CONSUMER_SECRET, token_secret ? : "" );
+                            oi->sp->consumer_secret, oi->token_secret ? : "" );
         }
         
@@ -229 +225 @@
         if( info )
         {
-                g_free( info->auth_params );
+                g_free( info->auth_url );
                 g_free( info->request_token );
-                g_free( info->access_token );
+                g_free( info->token );
+                g_free( info->token_secret );
                 g_free( info );
         }
 }
 
-static void oauth_add_default_params( GSList **params )
+static void oauth_add_default_params( GSList **params, const struct oauth_service *sp )
 {
         char *s;
         
-        oauth_params_set( params, "oauth_consumer_key", CONSUMER_KEY );
+        oauth_params_set( params, "oauth_consumer_key", sp->consumer_key );
         oauth_params_set( params, "oauth_signature_method", "HMAC-SHA1" );
         
@@ -254 +251 @@
 }
 
-static void *oauth_post_request( const char *url, GSList **params_, http_input_function func, void *data )
+static void *oauth_post_request( const char *url, GSList **params_, http_input_function func, struct oauth_info *oi )
 {
         GSList *params = NULL;
@@ -270 +267 @@
                 params = *params_;
         
-        oauth_add_default_params( &params );
+        oauth_add_default_params( &params, oi->sp );
         
         params_s = oauth_params_string( params );
         oauth_params_free( &params );
         
-        s = oauth_sign( "POST", url, params_s, NULL );
+        s = oauth_sign( "POST", url, params_s, oi );
         post = g_strdup_printf( "%s&oauth_signature=%s", params_s, s );
         g_free( params_s );
@@ -289 +286 @@
         
         req = http_dorequest( url_p.host, url_p.port, url_p.proto == PROTO_HTTPS,
-                              s, func, data );
+                              s, func, oi );
         g_free( s );
         
@@ -297 +294 @@
 static void oauth_request_token_done( struct http_request *req );
 
-struct oauth_info *oauth_request_token( const char *url, oauth_cb func, void *data )
+struct oauth_info *oauth_request_token( const struct oauth_service *sp, oauth_cb func, void *data )
 {
         struct oauth_info *st = g_new0( struct oauth_info, 1 );
@@ -304 +301 @@
         st->func = func;
         st->data = data;
+        st->sp = sp;
         
         oauth_params_add( &params, "oauth_callback", "oob" );
         
-        if( !oauth_post_request( url, &params, oauth_request_token_done, st ) )
+        if( !oauth_post_request( sp->url_request_token, &params, oauth_request_token_done, st ) )
         {
                 oauth_info_free( st );
@@ -326 +324 @@
                 GSList *params = NULL;
                 
-                st->auth_params = g_strdup( req->reply_body );
-                oauth_params_parse( &params, st->auth_params );
+                st->auth_url = g_strdup_printf( "%s?%s", st->sp->url_authorize, req->reply_body );
+                oauth_params_parse( &params, req->reply_body );
                 st->request_token = g_strdup( oauth_params_get( &params, "oauth_token" ) );
                 oauth_params_free( &params );
@@ -333 +331 @@
         
         st->stage = OAUTH_REQUEST_TOKEN;
-        if( !st->func( st ) )
-                oauth_info_free( st );
+        st->func( st );
 }
 
 static void oauth_access_token_done( struct http_request *req );
 
-void oauth_access_token( const char *url, const char *pin, struct oauth_info *st )
+gboolean oauth_access_token( const char *pin, struct oauth_info *st )
 {
         GSList *params = NULL;
@@ -346 +343 @@
         oauth_params_add( &params, "oauth_verifier", pin );
         
-        if( !oauth_post_request( url, &params, oauth_access_token_done, st ) )
-                oauth_info_free( st );
+        return oauth_post_request( st->sp->url_access_token, &params, oauth_access_token_done, st ) != NULL;
 }
 
@@ -359 +355 @@
         {
                 GSList *params = NULL;
-                const char *token, *token_secret;
                 
                 oauth_params_parse( &params, req->reply_body );
-                token = oauth_params_get( &params, "oauth_token" );
-                token_secret = oauth_params_get( &params, "oauth_token_secret" );
-                st->access_token = g_strdup_printf(
-                        "oauth_token=%s&oauth_token_secret=%s", token, token_secret );
+                st->token = g_strdup( oauth_params_get( &params, "oauth_token" ) );
+                st->token_secret = g_strdup( oauth_params_get( &params, "oauth_token_secret" ) );
                 oauth_params_free( &params );
         }
         
         st->stage = OAUTH_ACCESS_TOKEN;
-        st->func( st );
-        oauth_info_free( st );
-}
-
-char *oauth_http_header( char *access_token, const char *method, const char *url, char *args )
+        if( st->func( st ) )
+        {
+                /* Don't need these anymore, but keep the rest. */
+                g_free( st->auth_url );
+                st->auth_url = NULL;
+                g_free( st->request_token );
+                st->request_token = NULL;
+        }
+}
+
+char *oauth_http_header( struct oauth_info *oi, const char *method, const char *url, char *args )
 {
         GSList *params = NULL, *l;
-        char *token_secret = NULL, *sig = NULL, *params_s, *s;
+        char *sig = NULL, *params_s, *s;
         GString *ret = NULL;
         
-        /* First, get the two pieces of info from the access token that we need. */
-        oauth_params_parse( &params, access_token );
-        if( params == NULL )
-                goto err;
-        
-        /* Pick out the token secret, we shouldn't include it but use it for signing. */
-        token_secret = g_strdup( oauth_params_get( &params, "oauth_token_secret" ) );
-        if( token_secret == NULL )
-                goto err;
-        oauth_params_del( &params, "oauth_token_secret" );
-        
-        oauth_add_default_params( &params );
+        oauth_params_add( &params, "oauth_token", oi->token );
+        oauth_add_default_params( &params, oi->sp );
         
         /* Start building the OAuth header. 'key="value", '... */
@@ -421 +410 @@
         {
                 s = g_strdup( s + 1 );
-                oauth_params_parse( &params, s + 1 );
+                oauth_params_parse( &params, s );
                 g_free( s );
         }
@@ -427 +416 @@
         /* Append the signature and we're done! */
         params_s = oauth_params_string( params );
-        sig = oauth_sign( method, url, params_s, token_secret );
+        sig = oauth_sign( method, url, params_s, oi );
         g_string_append_printf( ret, "oauth_signature=\"%s\"", sig );
         g_free( params_s );
         
-err:
         oauth_params_free( &params );
         g_free( sig );
-        g_free( token_secret );
         
         return ret ? g_string_free( ret, FALSE ) : NULL;
 }
+
+char *oauth_to_string( struct oauth_info *oi )
+{
+        GSList *params = NULL;
+        char *ret;
+        
+        oauth_params_add( &params, "oauth_token", oi->token );
+        oauth_params_add( &params, "oauth_token_secret", oi->token_secret );
+        ret = oauth_params_string( params );
+        oauth_params_free( &params );
+        
+        return ret;
+}
+
+struct oauth_info *oauth_from_string( char *in, const struct oauth_service *sp )
+{
+        struct oauth_info *oi = g_new0( struct oauth_info, 1 );
+        GSList *params = NULL;
+        
+        oauth_params_parse( &params, in );
+        oi->token = g_strdup( oauth_params_get( &params, "oauth_token" ) );
+        oi->token_secret = g_strdup( oauth_params_get( &params, "oauth_token_secret" ) );
+        oauth_params_free( &params );
+        oi->sp = sp;
+        
+        return oi;
+}