Mercurial > dovecot > core-2.2
changeset 21646:7f927c405b2f
lib-oauth2: Support basic authorization
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Tue, 21 Feb 2017 11:18:37 +0200 |
parents | a66e16598d6e |
children | cbecd2e16979 |
files | src/lib-oauth2/oauth2-introspect.c src/lib-oauth2/oauth2-refresh.c src/lib-oauth2/oauth2-token-validate.c |
diffstat | 3 files changed, 21 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-oauth2/oauth2-introspect.c Mon Feb 20 14:50:39 2017 +0200 +++ b/src/lib-oauth2/oauth2-introspect.c Tue Feb 21 11:18:37 2017 +0200 @@ -86,7 +86,8 @@ http_url_escape_param(enc, input->token); } - if (http_url_parse(str_c(enc), NULL, 0, pool, &url, &error) < 0) { + if (http_url_parse(str_c(enc), NULL, HTTP_URL_ALLOW_USERINFO_PART, pool, + &url, &error) < 0) { fail.error = t_strdup_printf("http_url_parse(%s) failed: %s", str_c(enc), error); oauth2_introspection_callback(req, &fail); @@ -108,12 +109,13 @@ req); } - if (set->introspection_mode == INTROSPECTION_MODE_GET_AUTH) + if (url->user != NULL) + http_client_request_set_auth_simple(req->req, url->user, url->password); + else if (set->introspection_mode == INTROSPECTION_MODE_GET_AUTH) http_client_request_add_header(req->req, "Authorization", t_strdup_printf("Bearer %s", input->token)); - oauth2_request_set_headers(req, input); http_client_request_set_timeout_msecs(req->req,
--- a/src/lib-oauth2/oauth2-refresh.c Mon Feb 20 14:50:39 2017 +0200 +++ b/src/lib-oauth2/oauth2-refresh.c Tue Feb 21 11:18:37 2017 +0200 @@ -119,11 +119,11 @@ req->re_callback = callback; req->re_context = context; - const char *_url = req->set->refresh_url; - if (http_url_parse(_url, NULL, 0, pool, &url, &error) < 0) { + if (http_url_parse(req->set->refresh_url, NULL, HTTP_URL_ALLOW_USERINFO_PART, + pool, &url, &error) < 0) { fail.error = t_strdup_printf("http_url_parse(%s) failed: %s", - _url, error); + req->set->refresh_url, error); oauth2_refresh_callback(req, &fail); return req; } @@ -141,6 +141,9 @@ struct istream *is = i_stream_create_from_string(payload); + if (url->user != NULL) + http_client_request_set_auth_simple(req->req, url->user, url->password); + http_client_request_add_header(req->req, "Content-Type", "application/x-www-form-urlencoded");
--- a/src/lib-oauth2/oauth2-token-validate.c Mon Feb 20 14:50:39 2017 +0200 +++ b/src/lib-oauth2/oauth2-token-validate.c Tue Feb 21 11:18:37 2017 +0200 @@ -112,7 +112,8 @@ str_append(enc, req->set->tokeninfo_url); http_url_escape_param(enc, input->token); - if (http_url_parse(str_c(enc), NULL, 0, pool, &url, &error) < 0) { + if (http_url_parse(str_c(enc), NULL, HTTP_URL_ALLOW_USERINFO_PART, pool, + &url, &error) < 0) { fail.error = t_strdup_printf("http_url_parse(%s) failed: %s", str_c(enc), error); oauth2_token_validation_callback(req, &fail); @@ -122,10 +123,14 @@ req->req = http_client_request_url(req->set->client, "GET", url, oauth2_token_validate_response, req); - http_client_request_add_header(req->req, - "Authorization", - t_strdup_printf("Bearer %s", - input->token)); + + if (url->user != NULL) + http_client_request_set_auth_simple(req->req, url->user, url->password); + else + http_client_request_add_header(req->req, + "Authorization", + t_strdup_printf("Bearer %s", + input->token)); oauth2_request_set_headers(req, input);