jimzah/Telodendria
1
0
Fork 0
forked from Telodendria/Telodendria
Code Pull requests Activity

Implement flow handling in Uia API.

Browse source 
This commit should fix user interactive authentication for dummy flows,
but I still have to implement a few more flows, including passwords and
refresh token. I also have to fix the cleanup logic: when do we purge
UIA sessions?
This commit is contained in:
Jordan Bancino 2023-02-27 15:39:12 +00:00
parent 7703405c70
commit 6ce6cb4525
3 changed files with 153 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
src/Db.c
View file

@ -32,6 +32,9 @@
#include <fcntl.h> #include <fcntl.h>
#include <unistd.h> #include <unistd.h>
#include <errno.h>
#include <string.h>
struct Db struct Db
{ {
char *dir; char *dir;
@ -403,6 +406,38 @@ DbLockFromArr(Db * db, Array * args)
fp = fopen(file, "r+"); fp = fopen(file, "r+");
if (!fp) if (!fp)
{ {
if (ref)
{
pthread_mutex_lock(&ref->lock);
HashMapDelete(db->cache, hash);
JsonFree(ref->json);
StringArrayFree(ref->name);
db->cacheSize -= ref->size;
if (ref->next)
{
ref->next->prev = ref->prev;
}
else
{
db->mostRecent = ref->prev;
}
if (ref->prev)
{
ref->prev->next = ref->next;
}
else
{
db->leastRecent = ref->next;
}
pthread_mutex_unlock(&ref->lock);
pthread_mutex_destroy(&ref->lock);
Free(ref);
}
ref = NULL; ref = NULL;
goto finish; goto finish;
} }
@ -415,6 +450,7 @@ DbLockFromArr(Db * db, Array * args)
/* Lock the file on the disk */ /* Lock the file on the disk */
if (fcntl(fileno(fp), F_SETLK, &lock) < 0) if (fcntl(fileno(fp), F_SETLK, &lock) < 0)
{ {
printf("fcntl() failed on %s (%s)\n", file, strerror(errno));
fclose(fp); fclose(fp);
ref = NULL; ref = NULL;
goto finish; goto finish;

140
src/Uia.c
View file

@ -101,9 +101,8 @@ BuildFlows(Array * flows)
} }
static int static int
BuildResponse(Array * flows, char *session, Db * db, HashMap ** response) BuildResponse(Array * flows, Db * db, HashMap ** response, char *session, DbRef * ref)
{ {
DbRef *ref;
HashMap *json; HashMap *json;
*response = BuildFlows(flows); *response = BuildFlows(flows);
@ -135,8 +134,6 @@ BuildResponse(Array * flows, char *session, Db * db, HashMap ** response)
DbUnlock(db, ref); DbUnlock(db, ref);
HashMapSet(*response, "completed", JsonValueArray(ArrayCreate())); HashMapSet(*response, "completed", JsonValueArray(ArrayCreate()));
HashMapSet(*response, "session", JsonValueString(session));
Free(session);
} }
else else
{ {
@ -150,14 +147,6 @@ BuildResponse(Array * flows, char *session, Db * db, HashMap ** response)
return -1; return -1;
} }
ref = DbLock(db, 2, "user_interactive", session);
if (!ref)
{
JsonFree(*response);
ArrayFree(completed);
return -1;
}
json = DbJson(ref); json = DbJson(ref);
dbCompleted = JsonValueAsArray(HashMapGet(json, "completed")); dbCompleted = JsonValueAsArray(HashMapGet(json, "completed"));
@ -169,11 +158,13 @@ BuildResponse(Array * flows, char *session, Db * db, HashMap ** response)
} }
HashMapSet(*response, "completed", JsonValueArray(completed)); HashMapSet(*response, "completed", JsonValueArray(completed));
HashMapSet(*response, "session", JsonValueString(session));
DbUnlock(db, ref); session = StrDuplicate(session);
} }
HashMapSet(*response, "session", JsonValueString(session));
Free(session);
return 0; return 0;
} }
@ -216,9 +207,13 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
HashMap *auth; HashMap *auth;
char *session; char *session;
char *authType; char *authType;
Array *completed;
Array *possibleNext;
size_t i;
DbRef *dbRef; DbRef *dbRef;
HashMap *dbJson; HashMap *dbJson;
int ret;
if (!flows) if (!flows)
{ {
@ -235,7 +230,7 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
if (!val) if (!val)
{ {
HttpResponseStatus(context, HTTP_UNAUTHORIZED); HttpResponseStatus(context, HTTP_UNAUTHORIZED);
return BuildResponse(flows, NULL, db, response); return BuildResponse(flows, db, response, NULL, NULL);
} }
if (JsonValueType(val) != JSON_OBJECT) if (JsonValueType(val) != JSON_OBJECT)
@ -256,33 +251,130 @@ UiaComplete(Array * flows, HttpServerContext * context, Db * db,
} }
session = JsonValueAsString(val); session = JsonValueAsString(val);
dbRef = DbLock(db, 2, "user_interactive", session);
if (!dbRef)
{
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
return BuildResponse(flows, db, response, NULL, NULL);
}
dbJson = DbJson(dbRef);
completed = JsonValueAsArray(HashMapGet(dbJson, "completed"));
possibleNext = ArrayCreate();
for (i = 0; i < ArraySize(flows); i++)
{
size_t j;
Array *stages = ArrayGet(flows, i);
if (ArraySize(stages) > ArraySize(completed))
{
UiaStage *stage = ArrayGet(stages, ArraySize(completed));
ArrayAdd(possibleNext, stage->type);
}
else if (ArraySize(stages) == ArraySize(completed))
{
for (j = 0; j < ArraySize(stages); j++)
{
UiaStage *stage = ArrayGet(stages, j);
char *flowStage = stage->type;
char *completedStage = JsonValueAsString(ArrayGet(completed, j));
if (strcmp(flowStage, completedStage) != 0)
{
break;
}
}
if (j == ArraySize(stages))
{
/* Success: completed matches a stage perfectly */
ret = 1;
goto finish;
}
}
}
val = HashMapGet(auth, "type"); val = HashMapGet(auth, "type");
if (!val || JsonValueType(val) != JSON_STRING) if (!val || JsonValueType(val) != JSON_STRING)
{ {
HttpResponseStatus(context, HTTP_BAD_REQUEST); HttpResponseStatus(context, HTTP_BAD_REQUEST);
*response = MatrixErrorCreate(M_BAD_JSON); *response = MatrixErrorCreate(M_BAD_JSON);
return 0; ret = 0;
goto finish;
} }
authType = JsonValueAsString(val); authType = JsonValueAsString(val);
dbRef = DbLock(db, 2, "user_interactive", session); for (i = 0; i < ArraySize(possibleNext); i++)
if (!dbRef)
{ {
HttpResponseStatus(context, HTTP_UNAUTHORIZED); char *possible = ArrayGet(possibleNext, i);
return BuildResponse(flows, StrDuplicate(session), db, response);
if (strcmp(authType, possible) == 0)
{
break;
}
} }
dbJson = DbJson(dbRef); if (i == ArraySize(possibleNext))
{
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
ret = BuildResponse(flows, db, response, session, dbRef);
goto finish;
}
if (strcmp(authType, "m.login.dummy") == 0)
{
/* Do nothing */
}
else if (strcmp(authType, "m.login.password") == 0)
{
/* TODO */
}
else if (strcmp(authType, "m.login.registration_token") == 0)
{
/* TODO */
}
else if (strcmp(authType, "m.login.recaptcha") == 0)
{
/* TODO */
}
else if (strcmp(authType, "m.login.sso") == 0)
{
/* TODO */
}
else if (strcmp(authType, "m.login.email.identity") == 0)
{
/* TODO */
}
else if (strcmp(authType, "m.login.msisdn") == 0)
{
/* TODO */
}
else
{
HttpResponseStatus(context, HTTP_UNAUTHORIZED);
ret = BuildResponse(flows, db, response, session, dbRef);
goto finish;
}
ArrayAdd(completed, JsonValueString(authType));
ret = 1;
finish:
ArrayFree(possibleNext);
DbUnlock(db, dbRef); DbUnlock(db, dbRef);
return ret;
return 1;
} }
void void
UiaFlowsFree(Array *flows) UiaFlowsFree(Array * flows)
{ {
size_t i, j; size_t i, j;

2
src/include/Uia.h
View file

@ -44,6 +44,6 @@ extern int
UiaComplete(Array *, HttpServerContext *, Db *, HashMap *, HashMap **); UiaComplete(Array *, HttpServerContext *, Db *, HashMap *, HashMap **);
extern void extern void
UiaFlowsFree(Array *); UiaFlowsFree(Array *);
#endif #endif