]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
lib-oauth2: Support basic authorization
authorAki Tuomi <aki.tuomi@dovecot.fi>
Tue, 21 Feb 2017 09:18:37 +0000 (11:18 +0200)
committerAki Tuomi <aki.tuomi@dovecot.fi>
Tue, 21 Feb 2017 09:48:30 +0000 (11:48 +0200)
src/lib-oauth2/oauth2-introspect.c
src/lib-oauth2/oauth2-refresh.c
src/lib-oauth2/oauth2-token-validate.c

index ce9d2a8a3eb89d13e527cf8500afa46783f04890..e3f555fb44a1f796f75e3d7355929787dab05986 100644 (file)
@@ -86,7 +86,8 @@ oauth2_introspection_start(const struct oauth2_settings *set,
                http_url_escape_param(enc, input->token);
        }
 
-       if (http_url_parse(str_c(enc), NULL, 0, pool, &url, &error) < 0) {
+       if (http_url_parse(str_c(enc), NULL, HTTP_URL_ALLOW_USERINFO_PART, pool,
+                          &url, &error) < 0) {
                fail.error = t_strdup_printf("http_url_parse(%s) failed: %s",
                                             str_c(enc), error);
                oauth2_introspection_callback(req, &fail);
@@ -108,12 +109,13 @@ oauth2_introspection_start(const struct oauth2_settings *set,
                                                   req);
        }
 
-       if (set->introspection_mode == INTROSPECTION_MODE_GET_AUTH)
+       if (url->user != NULL)
+               http_client_request_set_auth_simple(req->req, url->user, url->password);
+       else if (set->introspection_mode == INTROSPECTION_MODE_GET_AUTH)
                http_client_request_add_header(req->req,
                                               "Authorization",
                                               t_strdup_printf("Bearer %s",
                                                               input->token));
-
        oauth2_request_set_headers(req, input);
 
        http_client_request_set_timeout_msecs(req->req,
index 00ea604a279636e6b3459df8afc91eda68851c73..531e1b2ca2af736814688436d61009f4a8d2e62f 100644 (file)
@@ -119,11 +119,11 @@ oauth2_refresh_start(const struct oauth2_settings *set,
        req->re_callback = callback;
        req->re_context = context;
 
-       const char *_url = req->set->refresh_url;
 
-       if (http_url_parse(_url, NULL, 0, pool, &url, &error) < 0) {
+       if (http_url_parse(req->set->refresh_url, NULL, HTTP_URL_ALLOW_USERINFO_PART,
+                          pool, &url, &error) < 0) {
                fail.error = t_strdup_printf("http_url_parse(%s) failed: %s",
-                                            _url, error);
+                                            req->set->refresh_url, error);
                oauth2_refresh_callback(req, &fail);
                return req;
        }
@@ -141,6 +141,9 @@ oauth2_refresh_start(const struct oauth2_settings *set,
 
        struct istream *is = i_stream_create_from_string(payload);
 
+       if (url->user != NULL)
+               http_client_request_set_auth_simple(req->req, url->user, url->password);
+
        http_client_request_add_header(req->req, "Content-Type",
                                       "application/x-www-form-urlencoded");
 
index 7c680188eb7d31ba5deabaca5df4d3701db764bd..abcc8bbdebeedbbfc821d1d984c005bfc388d3bf 100644 (file)
@@ -112,7 +112,8 @@ oauth2_token_validation_start(const struct oauth2_settings *set,
        str_append(enc, req->set->tokeninfo_url);
        http_url_escape_param(enc, input->token);
 
-       if (http_url_parse(str_c(enc), NULL, 0, pool, &url, &error) < 0) {
+       if (http_url_parse(str_c(enc), NULL, HTTP_URL_ALLOW_USERINFO_PART, pool,
+                          &url, &error) < 0) {
                fail.error = t_strdup_printf("http_url_parse(%s) failed: %s",
                                             str_c(enc), error);
                oauth2_token_validation_callback(req, &fail);
@@ -122,10 +123,14 @@ oauth2_token_validation_start(const struct oauth2_settings *set,
        req->req = http_client_request_url(req->set->client, "GET", url,
                                           oauth2_token_validate_response,
                                           req);
-       http_client_request_add_header(req->req,
-                                      "Authorization",
-                                      t_strdup_printf("Bearer %s",
-                                                      input->token));
+
+        if (url->user != NULL)
+                http_client_request_set_auth_simple(req->req, url->user, url->password);
+       else
+               http_client_request_add_header(req->req,
+                                              "Authorization",
+                                              t_strdup_printf("Bearer %s",
+                                                              input->token));
 
        oauth2_request_set_headers(req, input);