Check auth for logout

author Chip Black <bytex64@bytex64.net>

Thu, 30 Dec 2010 23:31:26 +0000 (17:31 -0600)

committer Chip Black <bytex64@bytex64.net>

Thu, 30 Dec 2010 23:31:26 +0000 (17:31 -0600)
author Chip Black <bytex64@bytex64.net>
Thu, 30 Dec 2010 23:31:26 +0000 (17:31 -0600)
committer Chip Black <bytex64@bytex64.net>
Thu, 30 Dec 2010 23:31:26 +0000 (17:31 -0600)
diff --git a/common/auth.c b/common/auth.c

index 0116462..1b6ecb6 100644 (file)
--- a/common/auth.c
+++ b/common/auth.c
@@ -132,3 +132,14 @@ char *auth_get_token(const char *username) {
  
         return token;
  }
  
         return token;
  }
+
+int auth_check_token(const char *username, const char *given_token) {
+       char *token = auth_get_token(username);
+       if (token != NULL && given_token != NULL) {
+               int ret = (strncmp(token, given_token, TOKEN_SIZE * 2) == 0);
+               free(token);
+               return ret;
+       } else {
+               return 0;
+       }
+}
diff --git a/common/auth.h b/common/auth.h

index f73701b..124f014 100644 (file)
--- a/common/auth.h
+++ b/common/auth.h
@@ -7,5 +7,6 @@ int auth_check_password(const char *, const char *);
  int auth_login(const char *username, const char *password);
  int auth_logout(const char *username);
  char *auth_get_token(const char *username);
  int auth_login(const char *username, const char *password);
  int auth_logout(const char *username);
  char *auth_get_token(const char *username);
+int auth_check_token(const char *username, const char *given_token);
  
  #endif //_AUTH_H
  
  #endif //_AUTH_H
diff --git a/http/http_blerg.c b/http/http_blerg.c

index f481671..e994574 100644 (file)
--- a/http/http_blerg.c
+++ b/http/http_blerg.c
@@ -532,9 +532,13 @@ ahc_derp (void *cls, struct MHD_Connection *connection, const char *url, const c
                         return MHD_YES;
                 }
  
                         return MHD_YES;
                 }
  
-               auth_logout(as->username);
-
-               return respond_JSON_Success(connection);
+               const char *given_token = MHD_lookup_connection_value(connection, MHD_COOKIE_KIND, "auth");
+               if (given_token != NULL && auth_check_token(as->username, given_token)) {
+                       auth_logout(as->username);
+                       return respond_JSON_Success(connection);
+               } else {
+                       return respond_JSON_Failure(connection);
+               }
         } else {
                 return respond_404(connection);
         }
         } else {
                 return respond_404(connection);
         }
author	Chip Black <bytex64@bytex64.net>
	Thu, 30 Dec 2010 23:31:26 +0000 (17:31 -0600)
committer	Chip Black <bytex64@bytex64.net>
	Thu, 30 Dec 2010 23:31:26 +0000 (17:31 -0600)
common/auth.c		patch \| blob \| history
common/auth.h		patch \| blob \| history
http/http_blerg.c		patch \| blob \| history