void/ZeroTierOne
2
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-06-06 20:43:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chicken or egg problem.

Browse source 
member must exist in the database before we can generate a nonce & SSO URL
This commit is contained in:
Grant Limberg 2021-06-04 12:49:26 -07:00
parent fed1846c6f
commit 74a678c1e1
No known key found for this signature in database
GPG key ID: 2BA62CCABBB4095A
2 changed files with 66 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
controller/EmbeddedNetworkController.cpp
View file

@ -1338,12 +1338,10 @@ void EmbeddedNetworkController::_request(
int64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0); int64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime); fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
if ((authenticationExpiryTime == 0) || (authenticationExpiryTime < now)) { if ((authenticationExpiryTime == 0) || (authenticationExpiryTime < now)) {
Dictionary<1024> authInfo;
std::string authenticationURL = _db.getSSOAuthURL(member); std::string authenticationURL = _db.getSSOAuthURL(member);
if (!authenticationURL.empty()) { if (!authenticationURL.empty()) {
Dictionary<1024> authInfo;
authInfo.add("aU", authenticationURL.c_str()); authInfo.add("aU", authenticationURL.c_str());
}
fprintf(stderr, "sending auth URL: %s\n", authenticationURL.c_str()); fprintf(stderr, "sending auth URL: %s\n", authenticationURL.c_str());
DB::cleanMember(member); DB::cleanMember(member);
_db.save(member,true); _db.save(member,true);
@ -1351,6 +1349,7 @@ void EmbeddedNetworkController::_request(
return; return;
} }
} }
}
if (authorized) { if (authorized) {
// Update version info and meta-data if authorized and if this is a genuine request // Update version info and meta-data if authorized and if this is a genuine request

5
controller/PostgreSQL.cpp
View file

@ -330,6 +330,9 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member)
std::string nonce = ""; std::string nonce = "";
// check if the member exists first.
pqxx::row count = w.exec_params1("SELECT count(id) FROM ztc_member WHERE id = $1 AND network_id = $2", memberId, networkId);
if (count[0].as<int>() == 1) {
// find an unused nonce, if one exists. // find an unused nonce, if one exists.
pqxx::result r = w.exec_params("SELECT nonce FROM ztc_sso_expiry " pqxx::result r = w.exec_params("SELECT nonce FROM ztc_sso_expiry "
"WHERE network_id = $1 AND member_id = $2 " "WHERE network_id = $1 AND member_id = $2 "
@ -389,11 +392,11 @@ std::string PostgreSQL::getSSOAuthURL(const nlohmann::json &member)
state_hex, state_hex,
client_id.c_str()); client_id.c_str());
} }
}
_pool->unborrow(c); _pool->unborrow(c);
} catch (std::exception &e) { } catch (std::exception &e) {
fprintf(stderr, "ERROR: Error updating member on load: %s\n", e.what()); fprintf(stderr, "ERROR: Error updating member on load: %s\n", e.what());
exit(-1);
} }
return std::string(authenticationURL); return std::string(authenticationURL);