|
|
|
|
@ -386,33 +386,49 @@ AuthInfo PostgreSQL::getSSOAuthInfo(const nlohmann::json &member, const std::str
|
|
|
|
|
// check if the member exists first.
|
|
|
|
|
pqxx::row count = w.exec_params1("SELECT count(id) FROM ztc_member WHERE id = $1 AND network_id = $2 AND deleted = false", memberId, networkId); |
|
|
|
|
if (count[0].as<int>() == 1) { |
|
|
|
|
// find an unused nonce, if one exists.
|
|
|
|
|
// get active nonce, if exists.
|
|
|
|
|
pqxx::result r = w.exec_params("SELECT nonce FROM ztc_sso_expiry " |
|
|
|
|
"WHERE network_id = $1 AND member_id = $2 " |
|
|
|
|
"AND authentication_expiry_time IS NULL AND ((NOW() AT TIME ZONE 'UTC') <= nonce_expiration)", |
|
|
|
|
"AND ((NOW() AT TIME ZONE 'UTC') <= authentication_expiry_time) AND ((NOW() AT TIME ZONE 'UTC') <= nonce_expiration)", |
|
|
|
|
networkId, memberId); |
|
|
|
|
|
|
|
|
|
if (r.size() == 1) { |
|
|
|
|
// we have an existing nonce. Use it
|
|
|
|
|
if (r.size() == 0) { |
|
|
|
|
// no active nonce.
|
|
|
|
|
// find an unused nonce, if one exists.
|
|
|
|
|
pqxx::result r = w.exec_params("SELECT nonce FROM ztc_sso_expiry " |
|
|
|
|
"WHERE network_id = $1 AND member_id = $2 " |
|
|
|
|
"AND authentication_expiry_time IS NULL AND ((NOW() AT TIME ZONE 'UTC') <= nonce_expiration)", |
|
|
|
|
networkId, memberId); |
|
|
|
|
|
|
|
|
|
if (r.size() == 1) { |
|
|
|
|
// we have an existing nonce. Use it
|
|
|
|
|
nonce = r.at(0)[0].as<std::string>(); |
|
|
|
|
Utils::unhex(nonce.c_str(), nonceBytes, sizeof(nonceBytes)); |
|
|
|
|
} else if (r.empty()) { |
|
|
|
|
// create a nonce
|
|
|
|
|
Utils::getSecureRandom(nonceBytes, 16); |
|
|
|
|
char nonceBuf[64] = {0}; |
|
|
|
|
Utils::hex(nonceBytes, sizeof(nonceBytes), nonceBuf); |
|
|
|
|
nonce = std::string(nonceBuf); |
|
|
|
|
|
|
|
|
|
pqxx::result ir = w.exec_params0("INSERT INTO ztc_sso_expiry " |
|
|
|
|
"(nonce, nonce_expiration, network_id, member_id) VALUES " |
|
|
|
|
"($1, TO_TIMESTAMP($2::double precision/1000), $3, $4)", |
|
|
|
|
nonce, OSUtils::now() + 300000, networkId, memberId); |
|
|
|
|
|
|
|
|
|
w.commit(); |
|
|
|
|
} else { |
|
|
|
|
// > 1 ?!? Thats an error!
|
|
|
|
|
fprintf(stderr, "> 1 unused nonce!\n"); |
|
|
|
|
exit(6); |
|
|
|
|
} |
|
|
|
|
} else if (r.size() == 1) { |
|
|
|
|
nonce = r.at(0)[0].as<std::string>(); |
|
|
|
|
Utils::unhex(nonce.c_str(), nonceBytes, sizeof(nonceBytes)); |
|
|
|
|
} else if (r.empty()) { |
|
|
|
|
// create a nonce
|
|
|
|
|
Utils::getSecureRandom(nonceBytes, 16); |
|
|
|
|
char nonceBuf[64] = {0}; |
|
|
|
|
Utils::hex(nonceBytes, sizeof(nonceBytes), nonceBuf); |
|
|
|
|
nonce = std::string(nonceBuf); |
|
|
|
|
|
|
|
|
|
pqxx::result ir = w.exec_params0("INSERT INTO ztc_sso_expiry " |
|
|
|
|
"(nonce, nonce_expiration, network_id, member_id) VALUES " |
|
|
|
|
"($1, TO_TIMESTAMP($2::double precision/1000), $3, $4)", |
|
|
|
|
nonce, OSUtils::now() + 300000, networkId, memberId); |
|
|
|
|
|
|
|
|
|
w.commit(); |
|
|
|
|
} else { |
|
|
|
|
// > 1 ?!? Thats an error!
|
|
|
|
|
fprintf(stderr, "> 1 unused nonce!\n"); |
|
|
|
|
exit(6); |
|
|
|
|
} else { |
|
|
|
|
// more than 1 nonce in use? Uhhh...
|
|
|
|
|
fprintf(stderr, "> 1 nonce in use for network member?!?\n"); |
|
|
|
|
exit(7); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
r = w.exec_params("SELECT org.client_id, org.authorization_endpoint, org.issuer, org.sso_impl_version " |
|
|
|
|
|
Grant Limberg
4 years ago