From: Aki Tuomi Date: Tue, 21 Feb 2017 09:18:37 +0000 (+0200) Subject: lib-oauth2: Support basic authorization X-Git-Tag: 2.3.0.rc1~2039 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=177056ea9a79be1c782e4bb8558adf4dc87f2fec;p=thirdparty%2Fdovecot%2Fcore.git lib-oauth2: Support basic authorization --- diff --git a/src/lib-oauth2/oauth2-introspect.c b/src/lib-oauth2/oauth2-introspect.c index ce9d2a8a3e..e3f555fb44 100644 --- a/src/lib-oauth2/oauth2-introspect.c +++ b/src/lib-oauth2/oauth2-introspect.c @@ -86,7 +86,8 @@ oauth2_introspection_start(const struct oauth2_settings *set, http_url_escape_param(enc, input->token); } - if (http_url_parse(str_c(enc), NULL, 0, pool, &url, &error) < 0) { + if (http_url_parse(str_c(enc), NULL, HTTP_URL_ALLOW_USERINFO_PART, pool, + &url, &error) < 0) { fail.error = t_strdup_printf("http_url_parse(%s) failed: %s", str_c(enc), error); oauth2_introspection_callback(req, &fail); @@ -108,12 +109,13 @@ oauth2_introspection_start(const struct oauth2_settings *set, req); } - if (set->introspection_mode == INTROSPECTION_MODE_GET_AUTH) + if (url->user != NULL) + http_client_request_set_auth_simple(req->req, url->user, url->password); + else if (set->introspection_mode == INTROSPECTION_MODE_GET_AUTH) http_client_request_add_header(req->req, "Authorization", t_strdup_printf("Bearer %s", input->token)); - oauth2_request_set_headers(req, input); http_client_request_set_timeout_msecs(req->req, diff --git a/src/lib-oauth2/oauth2-refresh.c b/src/lib-oauth2/oauth2-refresh.c index 00ea604a27..531e1b2ca2 100644 --- a/src/lib-oauth2/oauth2-refresh.c +++ b/src/lib-oauth2/oauth2-refresh.c @@ -119,11 +119,11 @@ oauth2_refresh_start(const struct oauth2_settings *set, req->re_callback = callback; req->re_context = context; - const char *_url = req->set->refresh_url; - if (http_url_parse(_url, NULL, 0, pool, &url, &error) < 0) { + if (http_url_parse(req->set->refresh_url, NULL, HTTP_URL_ALLOW_USERINFO_PART, + pool, &url, &error) < 0) { fail.error = t_strdup_printf("http_url_parse(%s) failed: %s", - _url, error); + req->set->refresh_url, error); oauth2_refresh_callback(req, &fail); return req; } @@ -141,6 +141,9 @@ oauth2_refresh_start(const struct oauth2_settings *set, struct istream *is = i_stream_create_from_string(payload); + if (url->user != NULL) + http_client_request_set_auth_simple(req->req, url->user, url->password); + http_client_request_add_header(req->req, "Content-Type", "application/x-www-form-urlencoded"); diff --git a/src/lib-oauth2/oauth2-token-validate.c b/src/lib-oauth2/oauth2-token-validate.c index 7c680188eb..abcc8bbdeb 100644 --- a/src/lib-oauth2/oauth2-token-validate.c +++ b/src/lib-oauth2/oauth2-token-validate.c @@ -112,7 +112,8 @@ oauth2_token_validation_start(const struct oauth2_settings *set, str_append(enc, req->set->tokeninfo_url); http_url_escape_param(enc, input->token); - if (http_url_parse(str_c(enc), NULL, 0, pool, &url, &error) < 0) { + if (http_url_parse(str_c(enc), NULL, HTTP_URL_ALLOW_USERINFO_PART, pool, + &url, &error) < 0) { fail.error = t_strdup_printf("http_url_parse(%s) failed: %s", str_c(enc), error); oauth2_token_validation_callback(req, &fail); @@ -122,10 +123,14 @@ oauth2_token_validation_start(const struct oauth2_settings *set, req->req = http_client_request_url(req->set->client, "GET", url, oauth2_token_validate_response, req); - http_client_request_add_header(req->req, - "Authorization", - t_strdup_printf("Bearer %s", - input->token)); + + if (url->user != NULL) + http_client_request_set_auth_simple(req->req, url->user, url->password); + else + http_client_request_add_header(req->req, + "Authorization", + t_strdup_printf("Bearer %s", + input->token)); oauth2_request_set_headers(req, input);