Mercurial > dovecot > core-2.2
view src/lib-oauth2/oauth2-refresh.c @ 21738:29066a72703a
lib-oauth2: Fix memory leak if HTTP URL parsing fails.
Also delay calling the callback. The callers don't necessarily expect an
immediate callback (auth/db-oauth2.c doesn't).
author | Timo Sirainen <timo.sirainen@dovecot.fi> |
---|---|
date | Thu, 16 Mar 2017 01:12:57 +0200 |
parents | 8afc52576667 |
children | 69f17440719c |
line wrap: on
line source
/* Copyright (c) 2017 Dovecot authors, see the included COPYING file */ #include "lib.h" #include "ioloop.h" #include "istream.h" #include "str.h" #include "http-client.h" #include "http-url.h" #include "json-parser.h" #include "oauth2.h" #include "oauth2-private.h" static void oauth2_refresh_callback(struct oauth2_request *req, struct oauth2_refresh_result *res) { i_assert(res->success == (res->error == NULL)); i_assert(req->re_callback != NULL); oauth2_refresh_callback_t *callback = req->re_callback; req->re_callback = NULL; callback(res, req->re_context); } static bool oauth2_refresh_field_parse(const struct oauth2_field *field, struct oauth2_refresh_result *res) { if (strcasecmp(field->name, "expires_in") == 0) { uint32_t expires_in = 0; if (str_to_uint32(field->value, &expires_in) < 0) { res->success = FALSE; res->error = t_strdup_printf( "Malformed number '%s' in expires_in", field->value); return FALSE; } else { res->expires_at = ioloop_time + expires_in; } } else if (strcasecmp(field->name, "token_type") == 0) { if (strcasecmp(field->value,"bearer") != 0) { res->success = FALSE; res->error = t_strdup_printf( "Expected Bearer token, got '%s'", field->value); return FALSE; } } else if (strcasecmp(field->name, "access_token") == 0) { /* pooled memory */ res->bearer_token = field->value; } return TRUE; } static void oauth2_refresh_continue(struct oauth2_request *req, bool success, const char *error) { struct oauth2_refresh_result res; i_zero(&res); res.success = success; res.error = error; if (res.success) { const struct oauth2_field *field; /* see if we can figure out when it expires */ array_foreach(&req->fields, field) { if (!oauth2_refresh_field_parse(field, &res)) break; } } res.fields = &req->fields; oauth2_refresh_callback(req, &res); } static void oauth2_refresh_response(const struct http_response *response, struct oauth2_request *req) { if (response->status / 100 != 2) { oauth2_refresh_continue(req, FALSE, response->reason); } else { if (response->payload == NULL) { oauth2_refresh_continue(req, FALSE, "Missing response body"); return; } req->is = response->payload; i_stream_ref(req->is); req->parser = json_parser_init(req->is); req->json_parsed_cb = oauth2_refresh_continue; req->io = io_add_istream(req->is, oauth2_parse_json, req); oauth2_parse_json(req); } } static void oauth2_refresh_delayed_error(struct oauth2_request *req) { struct oauth2_refresh_result fail = { .success = FALSE, .error = req->delayed_error }; oauth2_refresh_callback(req, &fail); oauth2_request_free_internal(req); } #undef oauth2_refresh_start struct oauth2_request* oauth2_refresh_start(const struct oauth2_settings *set, const struct oauth2_request_input *input, oauth2_refresh_callback_t *callback, void *context) { i_assert(oauth2_valid_token(input->token)); pool_t pool = pool_alloconly_create_clean("oauth2 refresh", 1024); struct oauth2_request *req = p_new(pool, struct oauth2_request, 1); struct http_url *url; const char *error; req->pool = pool; req->set = set; req->re_callback = callback; req->re_context = context; if (http_url_parse(req->set->refresh_url, NULL, HTTP_URL_ALLOW_USERINFO_PART, pool, &url, &error) < 0) { req->delayed_error = p_strdup_printf(pool, "http_url_parse(%s) failed: %s", req->set->refresh_url, error); req->to_delayed_error = timeout_add_short(0, oauth2_refresh_delayed_error, req); return req; } req->req = http_client_request_url(req->set->client, "POST", url, oauth2_refresh_response, req); string_t *payload = str_new(req->pool, 128); str_append(payload, "client_secret="); http_url_escape_param(payload, req->set->client_secret); str_append(payload, "&grant_type=refresh_token&refresh_token="); http_url_escape_param(payload, input->token); str_append(payload, "&client_id="); http_url_escape_param(payload, req->set->client_id); struct istream *is = i_stream_create_from_string(payload); if (url->user != NULL) http_client_request_set_auth_simple(req->req, url->user, url->password); http_client_request_add_header(req->req, "Content-Type", "application/x-www-form-urlencoded"); oauth2_request_set_headers(req, input); http_client_request_set_payload(req->req, is, FALSE); i_stream_unref(&is); http_client_request_set_timeout_msecs(req->req, req->set->timeout_msecs); http_client_request_set_destroy_callback(req->req, oauth2_request_free_internal, req); http_client_request_submit(req->req); return req; }