Remove request pre-authorization again

2014-07-21 08:11:14 +02:00 · 2014-07-21 08:11:14 +02:00 · 70a80b1455
parent 8f2af33b6d
commit 70a80b1455
9 changed files with 11 additions and 44 deletions
--- a/src/HttpServerBodyCommand.cc
+++ b/src/HttpServerBodyCommand.cc
@ -253,7 +253,6 @@ bool HttpServerBodyCommand::execute()
        case RPC_TYPE_JSONP: {
          std::string callback;
          std::unique_ptr<ValueBase> json;
-          auto preauthorized = rpc::RpcRequest::MUST_AUTHORIZE;
          ssize_t error = 0;
          if(httpServer_->getRequestType() == RPC_TYPE_JSONP) {
            json::JsonGetParam param = json::decodeGetParams(query);
@ -284,7 +283,7 @@ bool HttpServerBodyCommand::execute()
          }
          Dict* jsondict = downcast<Dict>(json);
          if(jsondict) {
-            auto res = rpc::processJsonRpcRequest(jsondict, e_, preauthorized);
+            auto res = rpc::processJsonRpcRequest(jsondict, e_);
            sendJsonRpcResponse(res, callback);
          } else {
            List* jsonlist = downcast<List>(json);
@ -296,10 +295,7 @@ bool HttpServerBodyCommand::execute()
                Dict* jsondict = downcast<Dict>(*i);
                if (jsondict) {
                  auto resp =
-                      rpc::processJsonRpcRequest(jsondict, e_, preauthorized);
-                  if (resp.code == 0) {
-                    preauthorized = rpc::RpcRequest::PREAUTHORIZED;
-                  }
+                      rpc::processJsonRpcRequest(jsondict, e_);
                  results.push_back(std::move(resp));
                }
              }
--- a/src/RpcMethod.cc
+++ b/src/RpcMethod.cc
@ -85,11 +85,9 @@ void RpcMethod::authorize(RpcRequest& req, DownloadEngine* e)
      }
    }
  }
-  if (!e || (req.authorization != RpcRequest::PREAUTHORIZED &&
-        !e->validateToken(token))) {
+  if (!e || !e->validateToken(token)) {
    throw DL_ABORT_EX("Unauthorized");
  }
-  req.authorization = RpcRequest::PREAUTHORIZED;
 }

 RpcResponse RpcMethod::execute(RpcRequest req, DownloadEngine* e)
--- a/src/RpcMethodImpl.cc
+++ b/src/RpcMethodImpl.cc
@ -1367,7 +1367,6 @@ std::unique_ptr<ValueBase> SystemMulticallRpcMethod::process

 RpcResponse SystemMulticallRpcMethod::execute(RpcRequest req, DownloadEngine *e)
 {
-  auto preauthorized = RpcRequest::MUST_AUTHORIZE;
  auto authorized = RpcResponse::AUTHORIZED;
  try {
    const List* methodSpecs = checkRequiredParam<List>(req, 0);
@ -1403,14 +1402,11 @@ RpcResponse SystemMulticallRpcMethod::execute(RpcRequest req, DownloadEngine *e)
        methodName->s(),
        std::move(paramsList),
        nullptr,
-        preauthorized,
        req.jsonRpc
      };
      RpcResponse res = getMethod(methodName->s())->execute(std::move(r), e);
      if(rpc::not_authorized(res)) {
        authorized = RpcResponse::NOTAUTHORIZED;
-      } else {
-        preauthorized = RpcRequest::PREAUTHORIZED;
      }
      if(res.code == 0) {
        auto l = List::g();
--- a/src/RpcRequest.cc
+++ b/src/RpcRequest.cc
@ -39,22 +39,20 @@ namespace aria2 {
 namespace rpc {

 RpcRequest::RpcRequest()
-  : authorization{RpcRequest::MUST_AUTHORIZE}, jsonRpc{false}
+  : jsonRpc{false}
 {}

 RpcRequest::RpcRequest(std::string methodName,
                       std::unique_ptr<List> params)
-  : methodName{std::move(methodName)}, params{std::move(params)},
-    authorization{RpcRequest::MUST_AUTHORIZE}, jsonRpc{false}
+  : methodName{std::move(methodName)}, params{std::move(params)}, jsonRpc{false}
 {}

 RpcRequest::RpcRequest(std::string methodName,
                       std::unique_ptr<List> params,
                       std::unique_ptr<ValueBase> id,
-                       RpcRequest::preauthorization_t authorization,
                       bool jsonRpc)
  : methodName{std::move(methodName)}, params{std::move(params)},
-    id{std::move(id)}, authorization{authorization}, jsonRpc{jsonRpc}
+    id{std::move(id)}, jsonRpc{jsonRpc}
 {}

 } // namespace rpc
--- a/src/RpcRequest.h
+++ b/src/RpcRequest.h
@ -46,15 +46,9 @@ namespace aria2 {
 namespace rpc {

 struct RpcRequest {
-  enum preauthorization_t {
-    MUST_AUTHORIZE,
-    PREAUTHORIZED
-  };
-
  std::string methodName;
  std::unique_ptr<List> params;
  std::unique_ptr<ValueBase> id;
-  preauthorization_t authorization;
  bool jsonRpc;

  RpcRequest();
@ -65,7 +59,6 @@ struct RpcRequest {
  RpcRequest(std::string methodName,
             std::unique_ptr<List> params,
             std::unique_ptr<ValueBase> id,
-             preauthorization_t authorization,
             bool jsonRpc = false);
 };

--- a/src/WebSocketSession.cc
+++ b/src/WebSocketSession.cc
@ -165,7 +165,6 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx,
    // TODO Only process text frame
    ssize_t error = 0;
    auto json = wsSession->parseFinal(nullptr, 0, error);
-    auto preauthorized = RpcRequest::MUST_AUTHORIZE;
    if(error < 0) {
      A2_LOG_INFO("Failed to parse JSON-RPC request");
      RpcResponse res
@ -177,7 +176,7 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx,
    auto e = wsSession->getDownloadEngine();
    if(jsondict) {
      RpcResponse res =
-        processJsonRpcRequest(jsondict, e, preauthorized);
+        processJsonRpcRequest(jsondict, e);
      addResponse(wsSession, res);
    } else {
      List* jsonlist = downcast<List>(json);
@ -188,10 +187,7 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx,
              eoi = jsonlist->end(); i != eoi; ++i) {
          Dict* jsondict = downcast<Dict>(*i);
          if (jsondict) {
-            auto resp = processJsonRpcRequest(jsondict, e, preauthorized);
-            if (resp.code == 0) {
-              preauthorized = RpcRequest::PREAUTHORIZED;
-            }
+            auto resp = processJsonRpcRequest(jsondict, e);
            results.push_back(std::move(resp));
          }
        }
--- a/src/rpc_helper.cc
+++ b/src/rpc_helper.cc
@ -77,8 +77,7 @@ RpcResponse createJsonRpcErrorResponse(int code,
                          std::move(id)};
 }

-RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e,
-                                  RpcRequest::preauthorization_t authorization)
+RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e)
 {
  auto id = jsondict->popValue("id");
  if(!id) {
@ -102,7 +101,7 @@ RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e,
  }
  A2_LOG_INFO(fmt("Executing RPC method %s", methodName->s().c_str()));
  RpcRequest req =
-    {methodName->s(), std::move(params), std::move(id), authorization, true};
+    {methodName->s(), std::move(params), std::move(id), true};
  return getMethod(methodName->s())->execute(std::move(req), e);
 }

--- a/src/rpc_helper.h
+++ b/src/rpc_helper.h
@ -64,8 +64,7 @@ RpcResponse createJsonRpcErrorResponse(int code,
                                       std::unique_ptr<ValueBase> id);

 // Processes JSON-RPC request |jsondict| and returns the result.
-RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e,
-                                  RpcRequest::preauthorization_t authorization);
+RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e);

 } // namespace rpc

--- a/test/RpcMethodTest.cc
+++ b/test/RpcMethodTest.cc
@ -200,14 +200,6 @@ void RpcMethodTest::testAuthorize()
    auto res = m.execute(std::move(req), e_.get());
    CPPUNIT_ASSERT_EQUAL(1, res.code);
  }
-  // secret token set and bad token: prefixed parameter is given, but preauthorized
-  {
-    auto req = createReq(GetVersionRpcMethod::getMethodName());
-    req.authorization = RpcRequest::PREAUTHORIZED;
-    req.params->append("token:foo2");
-    auto res = m.execute(std::move(req), e_.get());
-    CPPUNIT_ASSERT_EQUAL(0, res.code);
-  }
 }

 void RpcMethodTest::testAddUri()