summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Melnikov <alexey.melnikov@isode.com>2017-06-19 11:47:27 (GMT)
committerKevin Smith <kevin.smith@isode.com>2017-07-07 16:10:06 (GMT)
commitd89b27b8796f89c847c280dacfb1b09fd6cb6731 (patch)
tree1014011bf564c665ad27dfafa0dcbe5c4e1db3c4
parent1b678a155adca8957866e016b0e344eee6290466 (diff)
downloadswift-d89b27b8796f89c847c280dacfb1b09fd6cb6731.zip
swift-d89b27b8796f89c847c280dacfb1b09fd6cb6731.tar.bz2
Add support for authorization identity in SASL EXTERNAL
As per RFC 4422. Tested by connecting Harrier configured to use SASL EXTERNAL to M-Box and verifying that authentication worked as expected. Also added cppunit test for SASL EXTERNAL. Change-Id: Ica5c72a858b9d8fcd9197f9c4287ca84e03fcbd2
-rw-r--r--Swiften/SASL/EXTERNALClientAuthenticator.cpp8
-rw-r--r--Swiften/SASL/SConscript1
-rw-r--r--Swiften/SASL/UnitTest/EXTERNALClientAuthenticatorTest.cpp47
3 files changed, 55 insertions, 1 deletions
diff --git a/Swiften/SASL/EXTERNALClientAuthenticator.cpp b/Swiften/SASL/EXTERNALClientAuthenticator.cpp
index 546140f..027bc89 100644
--- a/Swiften/SASL/EXTERNALClientAuthenticator.cpp
+++ b/Swiften/SASL/EXTERNALClientAuthenticator.cpp
@@ -12,7 +12,13 @@ EXTERNALClientAuthenticator::EXTERNALClientAuthenticator() : ClientAuthenticator
}
boost::optional<SafeByteArray> EXTERNALClientAuthenticator::getResponse() const {
- return boost::optional<SafeByteArray>();
+ const std::string& authorizationID = getAuthorizationID();
+
+ if (authorizationID.empty()) {
+ return boost::optional<SafeByteArray>();
+ } else {
+ return createSafeByteArray(authorizationID);
+ }
}
bool EXTERNALClientAuthenticator::setChallenge(const boost::optional<ByteArray>&) {
diff --git a/Swiften/SASL/SConscript b/Swiften/SASL/SConscript
index 6aa3e72..8a248cc 100644
--- a/Swiften/SASL/SConscript
+++ b/Swiften/SASL/SConscript
@@ -23,6 +23,7 @@ swiften_env.Append(SWIFTEN_OBJECTS = [objects])
env.Append(UNITTEST_SOURCES = [
File("UnitTest/PLAINMessageTest.cpp"),
File("UnitTest/PLAINClientAuthenticatorTest.cpp"),
+ File("UnitTest/EXTERNALClientAuthenticatorTest.cpp"),
File("UnitTest/SCRAMSHA1ClientAuthenticatorTest.cpp"),
File("UnitTest/DIGESTMD5PropertiesTest.cpp"),
File("UnitTest/DIGESTMD5ClientAuthenticatorTest.cpp"),
diff --git a/Swiften/SASL/UnitTest/EXTERNALClientAuthenticatorTest.cpp b/Swiften/SASL/UnitTest/EXTERNALClientAuthenticatorTest.cpp
new file mode 100644
index 0000000..728eed6
--- /dev/null
+++ b/Swiften/SASL/UnitTest/EXTERNALClientAuthenticatorTest.cpp
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2017 Isode Limited.
+ * All rights reserved.
+ * See the COPYING file for more information.
+ */
+
+#include <QA/Checker/IO.h>
+
+#include <cppunit/extensions/HelperMacros.h>
+#include <cppunit/extensions/TestFactoryRegistry.h>
+
+#include <Swiften/SASL/EXTERNALClientAuthenticator.h>
+
+using namespace Swift;
+
+class EXTERNALClientAuthenticatorTest : public CppUnit::TestFixture {
+ CPPUNIT_TEST_SUITE(EXTERNALClientAuthenticatorTest);
+ CPPUNIT_TEST(testGetResponse_WithoutAuthzID);
+ CPPUNIT_TEST(testGetResponse_WithAuthzID);
+ CPPUNIT_TEST_SUITE_END();
+
+ public:
+ void testGetResponse_WithoutAuthzID() {
+ EXTERNALClientAuthenticator testling;
+
+ // Authcid and password are not used (ignored)
+ testling.setCredentials("user", createSafeByteArray("pass"));
+
+ boost::optional<SafeByteArray> response = testling.getResponse();
+
+ // No data should have been returned
+ bool result = !response;
+
+ CPPUNIT_ASSERT(result);
+ }
+
+ void testGetResponse_WithAuthzID() {
+ EXTERNALClientAuthenticator testling;
+
+ // Authcid and password are not used (ignored)
+ testling.setCredentials("user", createSafeByteArray("pass"), "authz");
+
+ CPPUNIT_ASSERT_EQUAL(*testling.getResponse(), createSafeByteArray("authz", 5));
+ }
+};
+
+CPPUNIT_TEST_SUITE_REGISTRATION(EXTERNALClientAuthenticatorTest);