From 795fbce2c3ad0564af1ac6e1424baf3c63212fd4 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Petr=20P=C3=ADsa=C5=99?= <petr.pisar@atlas.cz>
Date: Thu, 29 Dec 2011 17:19:11 +0100
Subject: [PATCH] otp: Redirect with cookie and test it

TODO: For unknown reason cURL does not send the cookie.
---
 src/soap.c            | 26 ++++++++++++++++++++++----
 test/simline/http.c   | 24 ++++++++++++++++++++++++
 test/simline/http.h   |  4 ++++
 test/simline/server.c | 29 ++++++++++++++++++++++++-----
 4 files changed, 74 insertions(+), 9 deletions(-)

diff --git a/src/soap.c b/src/soap.c
index 010512b..a16046b 100644
--- a/src/soap.c
+++ b/src/soap.c
@@ -558,6 +558,14 @@ static isds_error http(struct isds_ctx *context, const char *url,
         }
     }
 
+    /* Set authorization cookie for OTP session */
+    if (!curl_err && context->otp != NULL) {
+        isds_log(ILF_SEC, ILL_INFO,
+                _("Cookies will be stored and send "
+                    "because context has been authorized by OTP.\n"));
+        curl_err = curl_easy_setopt(context->curl, CURLOPT_COOKIEFILE, "");
+    }
+
     /* Set timeout */
     if (!curl_err) {
         curl_err = curl_easy_setopt(context->curl, CURLOPT_NOSIGNAL, 1);
@@ -950,7 +958,7 @@ _hidden isds_error _isds_soap(struct isds_ctx *context, const char *file,
 
     if (context->otp != NULL)
         memset(&response_otp_headers, 0, sizeof(response_otp_headers));
-/*redirect:*/
+redirect:
     if (context->otp != NULL) auth_headers_free(&response_otp_headers);
     isds_log(ILF_SOAP, ILL_DEBUG,
             _("SOAP request to sent to %s:\n%.*s\nEnd of SOAP request\n"),
@@ -981,17 +989,27 @@ _hidden isds_error _isds_soap(struct isds_ctx *context, const char *file,
                     context->otp->resolution = OTP_RESOLUTION_SUCCESS;
                 else
                     context->otp->resolution = response_otp_headers.resolution;
-                /* FIXME: Implement redirect on OTP log-in. */
                 err = IE_PARTIAL_SUCCESS;
                 isds_printf_message(context,
                         _("Server redirects on <%s> because OTP authentication "
                             "succeeded."),
                         url);
-                goto leave;
+                if (context->otp->otp_code != NULL &&
+                        response_otp_headers.redirect != NULL) {
+                    /* XXX: If OTP code is known, this must be second OTP phase, so
+                     * sent final POST request. */
+                    free(url);
+                    url = response_otp_headers.redirect;
+                    response_otp_headers.redirect = NULL;
+                    goto redirect;
+                } else {
+                    /* XXX: Otherwise bail out to ask application for OTP code. */
+                    goto leave;
+                }
             } else {
                 err = IE_HTTP;
                 isds_printf_message(context,
-                        _("Code 302: Server redirects on <%s>. "
+                        _("Code 302: Server redirects on <%s> request. "
                             "Redirection is forbidden in stateless mode."),
                         url);
                 goto leave;
diff --git a/test/simline/http.c b/test/simline/http.c
index 390632f..64bb0b1 100644
--- a/test/simline/http.c
+++ b/test/simline/http.c
@@ -999,6 +999,30 @@ http_error http_authenticate_otp(const struct http_request *request,
 }
 
 
+/* Return cookie value by name or NULL if does not present. */
+const char *http_find_cookie(const struct http_request *request,
+        const char *name) {
+    const struct http_header *header;
+    size_t length;
+    const char *value = NULL;
+
+    if (request == NULL || name == NULL) return NULL;
+    length = strlen(name);
+
+    for (header = request->headers; header != NULL; header = header->next) {
+        if (header->name != NULL && !strcasecmp(header->name, "Cookie") &&
+                header->value != NULL) {
+            if (!strncmp(header->value, name, length) &&
+                    header->value[length] == '=') {
+                /* Return last cookie with the name */
+                value = header->value + length + 1;
+            }
+        }
+    }
+    return value;
+}
+
+
 /* Free a HTTP header and set it to NULL */
 void http_header_free(struct http_header **header) {
     if (header == NULL || *header == NULL) return;
diff --git a/test/simline/http.h b/test/simline/http.h
index 60607e0..d33b908 100644
--- a/test/simline/http.h
+++ b/test/simline/http.h
@@ -106,4 +106,8 @@ http_error http_authenticate_basic(const struct http_request *request,
 http_error http_authenticate_otp(const struct http_request *request,
         const char *username, const char *password, const char *otp);
 
+/* Return cookie value by name or NULL if does not present. */
+const char *http_find_cookie(const struct http_request *request,
+        const char *name);
+
 #endif
diff --git a/test/simline/server.c b/test/simline/server.c
index c690ccb..bf56354 100644
--- a/test/simline/server.c
+++ b/test/simline/server.c
@@ -28,6 +28,10 @@ static const char *pong = "<?xml version='1.0' encoding='utf-8'?><SOAP-ENV:Envel
 
 static const char *as_path_sendsms = "/as/processLogin?type=totp&sendSms=true&uri=";
 static const char *as_path_dontsendsms = "/as/processLogin?type=totp&uri=";
+static const char *ws_path = "/apps/DS/dz";
+
+static const char *authorizaton_cookie_name = "IPCZ-X-COOKIE";
+static char *authorizaton_cookie_value = "6x7";
 
 /* Save pointer to static error message if not yet set */
 void set_server_error(const char *message) {
@@ -269,9 +273,10 @@ static void do_as_dontsendsms(int client_socket, const struct http_request *requ
                 char *terminator = strchr(location, '&');
                 if (NULL != terminator) 
                     *terminator = '\0';
+                /* TODO: Generate random cookie value */
                 http_send_response_302_cookie(client_socket,
-                        "IPCZ-X-COOKIE",
-                        "6*7",
+                        authorizaton_cookie_name,
+                        authorizaton_cookie_value,
                         location);
                 free(location);
             }
@@ -294,6 +299,21 @@ static void do_as_dontsendsms(int client_socket, const struct http_request *requ
 }
 
 
+/* Process ISDS WS ping authorized by cookie */
+static void do_ws_with_cookie(int client_socket, const struct http_request *request,
+        const struct arguments_totp_authentication *arguments) {
+    const char *received_cookie =
+        http_find_cookie(request, authorizaton_cookie_name);
+
+    if (received_cookie != NULL &&
+            !strcmp(authorizaton_cookie_value, received_cookie))
+        http_send_response_200(client_socket,
+                pong, strlen(pong), soap_mime_type);
+    else
+        http_send_response_403(client_socket);
+}
+
+
 /* Do the server protocol with TOTP authentication.
  * @server_socket is listening TCP socket of the server
  * @server_arguments is pointer to structure:
@@ -303,8 +323,6 @@ void server_totp_authentication(int server_socket,
     int client_socket;
     const struct arguments_totp_authentication *arguments =
         (const struct arguments_totp_authentication *) server_arguments;
-    /*const char *cookie_name = "IPCZ-X-COOKIE";
-    static char *cookie_value;*/
     struct http_request *request = NULL;
     http_error error;
 
@@ -332,8 +350,9 @@ void server_totp_authentication(int server_socket,
             } else if (!strncmp(request->uri, as_path_dontsendsms,
                         strlen(as_path_dontsendsms))) {
                 do_as_dontsendsms(client_socket, request, arguments);
+            } else if (!strcmp(request->uri, ws_path)) {
+                do_ws_with_cookie(client_socket, request, arguments);
             } else {
-                /* FIXME: Test for R-URI and check for cookie and return pong */
                 http_send_response_400(client_socket,
                         "Unknown path for TOTP authenticating service");
             }            
-- 
2.11.4.GIT