From f12bfecb345d42bc3b57e76b8f2e71548ceefc16 Mon Sep 17 00:00:00 2001 From: Eduardo Chappa Date: Sat, 29 Aug 2020 18:58:30 -0600 Subject: * When a server expires a refresh token, Alpine needs to cancel it internally. * Fixes to some prototyping for code related to authentication. * Fixes to documentation contributed by Dennis Davis. --- imap/src/c-client/auth_bea.c | 3 ++- imap/src/c-client/auth_oa2.c | 5 +++-- imap/src/c-client/mail.h | 1 + imap/src/c-client/oauth2_aux.c | 15 +++++++++++---- 4 files changed, 17 insertions(+), 7 deletions(-) (limited to 'imap') diff --git a/imap/src/c-client/auth_bea.c b/imap/src/c-client/auth_bea.c index e5800427..64c3aa6c 100644 --- a/imap/src/c-client/auth_bea.c +++ b/imap/src/c-client/auth_bea.c @@ -99,7 +99,8 @@ long auth_oauthbearer_client (authchallenge_t challenger,authrespond_t responder && (oauth2.access_token || (!RefreshToken && oauth2.param[OA2_RefreshToken].value) || (RefreshToken && oauth2.param[OA2_RefreshToken].value - && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value)))) + && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value) + || oauth2.cancel_refresh_token))) mm_login_method (mb, user, (void *) &oauth2, *trial, BEARERNAME); } diff --git a/imap/src/c-client/auth_oa2.c b/imap/src/c-client/auth_oa2.c index f5345bfa..dac87960 100644 --- a/imap/src/c-client/auth_oa2.c +++ b/imap/src/c-client/auth_oa2.c @@ -124,10 +124,11 @@ long auth_oauth2_client (authchallenge_t challenger,authrespond_t responder, cha */ if(!tryanother - && (oauth2.access_token + && (oauth2.access_token || (!RefreshToken && oauth2.param[OA2_RefreshToken].value) || (RefreshToken && oauth2.param[OA2_RefreshToken].value - && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value)))) + && strcmp(RefreshToken, oauth2.param[OA2_RefreshToken].value) + || oauth2.cancel_refresh_token))) mm_login_method (mb, user, (void *) &oauth2, *trial, OA2NAME); } diff --git a/imap/src/c-client/mail.h b/imap/src/c-client/mail.h index 9a02c5f9..13bbc84f 100644 --- a/imap/src/c-client/mail.h +++ b/imap/src/c-client/mail.h @@ -1989,6 +1989,7 @@ typedef struct oauth2_s { unsigned long expiration; unsigned int first_time:1; /* this is the first time we get credentials for this account */ unsigned int require_secret:1; /* this server requires a client-secret */ + int cancel_refresh_token; /* ask client to cancel refresh token */ } OAUTH2_S; typedef struct deviceproc_s { diff --git a/imap/src/c-client/oauth2_aux.c b/imap/src/c-client/oauth2_aux.c index 6fab2917..6b7c401b 100644 --- a/imap/src/c-client/oauth2_aux.c +++ b/imap/src/c-client/oauth2_aux.c @@ -223,11 +223,13 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, char *method, case JLong : oauth2->expiration = time(0) + *(long *) jx->value; break; } + oauth2->cancel_refresh_token = 0; /* do not cancel this token. It is good */ break; default : { char tmp[100]; - sprintf(tmp, "Oauth2 client Received Code %d", status); - mm_log (tmp, ERROR); + sprintf(tmp, "Oauth2 client Received Code %d", status); + mm_log (tmp, ERROR); + oauth2->cancel_refresh_token++; } break; } @@ -284,13 +286,16 @@ mm_login_oauth2_c_client_method (NETMBX *mb, char *user, char *method, if(jx && jx->jtype == JString) oauth2->expiration = time(0) + atol((char *) jx->value); + oauth2->cancel_refresh_token = 0; /* do not cancel this token. It is good */ + break; case HTTP_BAD : break; default : { char tmp[100]; sprintf(tmp, "Oauth2 Client Received Code %d", status); - fatal (tmp); + mm_log (tmp, ERROR); + oauth2->cancel_refresh_token++; } } @@ -356,13 +361,15 @@ void oauth2deviceinfo_get_accesscode(void *inp, void *outp) } rv = OA2_CODE_SUCCESS; + oauth2->cancel_refresh_token = 0; /* do not cancel this token. It is good */ break; default : { char tmp[100]; sprintf(tmp, "Oauth device Received Code %d", status); mm_log (tmp, ERROR); - } + oauth2->cancel_refresh_token++; + } } json_free(&json); -- cgit v1.2.3-54-g00ecf