From 70a80b1455e11e5572eac4bd4b7ca647c45bbf81 Mon Sep 17 00:00:00 2001 From: Nils Maier Date: Mon, 21 Jul 2014 08:11:14 +0200 Subject: [PATCH] Remove request pre-authorization again --- src/HttpServerBodyCommand.cc | 8 ++------ src/RpcMethod.cc | 4 +--- src/RpcMethodImpl.cc | 4 ---- src/RpcRequest.cc | 8 +++----- src/RpcRequest.h | 7 ------- src/WebSocketSession.cc | 8 ++------ src/rpc_helper.cc | 5 ++--- src/rpc_helper.h | 3 +-- test/RpcMethodTest.cc | 8 -------- 9 files changed, 11 insertions(+), 44 deletions(-) diff --git a/src/HttpServerBodyCommand.cc b/src/HttpServerBodyCommand.cc index 33ad1abe..8f5cac16 100644 --- a/src/HttpServerBodyCommand.cc +++ b/src/HttpServerBodyCommand.cc @@ -253,7 +253,6 @@ bool HttpServerBodyCommand::execute() case RPC_TYPE_JSONP: { std::string callback; std::unique_ptr json; - auto preauthorized = rpc::RpcRequest::MUST_AUTHORIZE; ssize_t error = 0; if(httpServer_->getRequestType() == RPC_TYPE_JSONP) { json::JsonGetParam param = json::decodeGetParams(query); @@ -284,7 +283,7 @@ bool HttpServerBodyCommand::execute() } Dict* jsondict = downcast(json); if(jsondict) { - auto res = rpc::processJsonRpcRequest(jsondict, e_, preauthorized); + auto res = rpc::processJsonRpcRequest(jsondict, e_); sendJsonRpcResponse(res, callback); } else { List* jsonlist = downcast(json); @@ -296,10 +295,7 @@ bool HttpServerBodyCommand::execute() Dict* jsondict = downcast(*i); if (jsondict) { auto resp = - rpc::processJsonRpcRequest(jsondict, e_, preauthorized); - if (resp.code == 0) { - preauthorized = rpc::RpcRequest::PREAUTHORIZED; - } + rpc::processJsonRpcRequest(jsondict, e_); results.push_back(std::move(resp)); } } diff --git a/src/RpcMethod.cc b/src/RpcMethod.cc index ad3a1c28..950e5544 100644 --- a/src/RpcMethod.cc +++ b/src/RpcMethod.cc @@ -85,11 +85,9 @@ void RpcMethod::authorize(RpcRequest& req, DownloadEngine* e) } } } - if (!e || (req.authorization != RpcRequest::PREAUTHORIZED && - !e->validateToken(token))) { + if (!e || !e->validateToken(token)) { throw DL_ABORT_EX("Unauthorized"); } - req.authorization = RpcRequest::PREAUTHORIZED; } RpcResponse RpcMethod::execute(RpcRequest req, DownloadEngine* e) diff --git a/src/RpcMethodImpl.cc b/src/RpcMethodImpl.cc index eb1a094f..7ad466dd 100644 --- a/src/RpcMethodImpl.cc +++ b/src/RpcMethodImpl.cc @@ -1367,7 +1367,6 @@ std::unique_ptr SystemMulticallRpcMethod::process RpcResponse SystemMulticallRpcMethod::execute(RpcRequest req, DownloadEngine *e) { - auto preauthorized = RpcRequest::MUST_AUTHORIZE; auto authorized = RpcResponse::AUTHORIZED; try { const List* methodSpecs = checkRequiredParam(req, 0); @@ -1403,14 +1402,11 @@ RpcResponse SystemMulticallRpcMethod::execute(RpcRequest req, DownloadEngine *e) methodName->s(), std::move(paramsList), nullptr, - preauthorized, req.jsonRpc }; RpcResponse res = getMethod(methodName->s())->execute(std::move(r), e); if(rpc::not_authorized(res)) { authorized = RpcResponse::NOTAUTHORIZED; - } else { - preauthorized = RpcRequest::PREAUTHORIZED; } if(res.code == 0) { auto l = List::g(); diff --git a/src/RpcRequest.cc b/src/RpcRequest.cc index e49e99ec..5b3c048d 100644 --- a/src/RpcRequest.cc +++ b/src/RpcRequest.cc @@ -39,22 +39,20 @@ namespace aria2 { namespace rpc { RpcRequest::RpcRequest() - : authorization{RpcRequest::MUST_AUTHORIZE}, jsonRpc{false} + : jsonRpc{false} {} RpcRequest::RpcRequest(std::string methodName, std::unique_ptr params) - : methodName{std::move(methodName)}, params{std::move(params)}, - authorization{RpcRequest::MUST_AUTHORIZE}, jsonRpc{false} + : methodName{std::move(methodName)}, params{std::move(params)}, jsonRpc{false} {} RpcRequest::RpcRequest(std::string methodName, std::unique_ptr params, std::unique_ptr id, - RpcRequest::preauthorization_t authorization, bool jsonRpc) : methodName{std::move(methodName)}, params{std::move(params)}, - id{std::move(id)}, authorization{authorization}, jsonRpc{jsonRpc} + id{std::move(id)}, jsonRpc{jsonRpc} {} } // namespace rpc diff --git a/src/RpcRequest.h b/src/RpcRequest.h index 604dcde5..87169c2d 100644 --- a/src/RpcRequest.h +++ b/src/RpcRequest.h @@ -46,15 +46,9 @@ namespace aria2 { namespace rpc { struct RpcRequest { - enum preauthorization_t { - MUST_AUTHORIZE, - PREAUTHORIZED - }; - std::string methodName; std::unique_ptr params; std::unique_ptr id; - preauthorization_t authorization; bool jsonRpc; RpcRequest(); @@ -65,7 +59,6 @@ struct RpcRequest { RpcRequest(std::string methodName, std::unique_ptr params, std::unique_ptr id, - preauthorization_t authorization, bool jsonRpc = false); }; diff --git a/src/WebSocketSession.cc b/src/WebSocketSession.cc index b035eb18..57ac56b8 100644 --- a/src/WebSocketSession.cc +++ b/src/WebSocketSession.cc @@ -165,7 +165,6 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx, // TODO Only process text frame ssize_t error = 0; auto json = wsSession->parseFinal(nullptr, 0, error); - auto preauthorized = RpcRequest::MUST_AUTHORIZE; if(error < 0) { A2_LOG_INFO("Failed to parse JSON-RPC request"); RpcResponse res @@ -177,7 +176,7 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx, auto e = wsSession->getDownloadEngine(); if(jsondict) { RpcResponse res = - processJsonRpcRequest(jsondict, e, preauthorized); + processJsonRpcRequest(jsondict, e); addResponse(wsSession, res); } else { List* jsonlist = downcast(json); @@ -188,10 +187,7 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx, eoi = jsonlist->end(); i != eoi; ++i) { Dict* jsondict = downcast(*i); if (jsondict) { - auto resp = processJsonRpcRequest(jsondict, e, preauthorized); - if (resp.code == 0) { - preauthorized = RpcRequest::PREAUTHORIZED; - } + auto resp = processJsonRpcRequest(jsondict, e); results.push_back(std::move(resp)); } } diff --git a/src/rpc_helper.cc b/src/rpc_helper.cc index 21e492ef..668be024 100644 --- a/src/rpc_helper.cc +++ b/src/rpc_helper.cc @@ -77,8 +77,7 @@ RpcResponse createJsonRpcErrorResponse(int code, std::move(id)}; } -RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e, - RpcRequest::preauthorization_t authorization) +RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e) { auto id = jsondict->popValue("id"); if(!id) { @@ -102,7 +101,7 @@ RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e, } A2_LOG_INFO(fmt("Executing RPC method %s", methodName->s().c_str())); RpcRequest req = - {methodName->s(), std::move(params), std::move(id), authorization, true}; + {methodName->s(), std::move(params), std::move(id), true}; return getMethod(methodName->s())->execute(std::move(req), e); } diff --git a/src/rpc_helper.h b/src/rpc_helper.h index 10bdec32..53b6e685 100644 --- a/src/rpc_helper.h +++ b/src/rpc_helper.h @@ -64,8 +64,7 @@ RpcResponse createJsonRpcErrorResponse(int code, std::unique_ptr id); // Processes JSON-RPC request |jsondict| and returns the result. -RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e, - RpcRequest::preauthorization_t authorization); +RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e); } // namespace rpc diff --git a/test/RpcMethodTest.cc b/test/RpcMethodTest.cc index 5778982f..d5614b4e 100644 --- a/test/RpcMethodTest.cc +++ b/test/RpcMethodTest.cc @@ -200,14 +200,6 @@ void RpcMethodTest::testAuthorize() auto res = m.execute(std::move(req), e_.get()); CPPUNIT_ASSERT_EQUAL(1, res.code); } - // secret token set and bad token: prefixed parameter is given, but preauthorized - { - auto req = createReq(GetVersionRpcMethod::getMethodName()); - req.authorization = RpcRequest::PREAUTHORIZED; - req.params->append("token:foo2"); - auto res = m.execute(std::move(req), e_.get()); - CPPUNIT_ASSERT_EQUAL(0, res.code); - } } void RpcMethodTest::testAddUri()