Commit a08792a8 authored by Xavier Claessens's avatar Xavier Claessens

SASL: fix facebook mechanism

libsoup was escaping '_' and '.' in the challenge response but the
facebook server is not expecting that.

https://bugzilla.gnome.org/show_bug.cgi?id=707747
parent 2a01ef6e
......@@ -155,8 +155,7 @@ facebook_new_challenge_cb (TpChannel *channel,
GSimpleAsyncResult *result = user_data;
FacebookData *data;
GHashTable *h;
GHashTable *params;
gchar *response;
GString *response_string;
GArray *response_array;
DEBUG ("new challenge: %s", challenge->data);
......@@ -165,27 +164,29 @@ facebook_new_challenge_cb (TpChannel *channel,
h = soup_form_decode (challenge->data);
/* See https://developers.facebook.com/docs/chat/#platauth */
params = g_hash_table_new (g_str_hash, g_str_equal);
g_hash_table_insert (params, "method", g_hash_table_lookup (h, "method"));
g_hash_table_insert (params, "nonce", g_hash_table_lookup (h, "nonce"));
g_hash_table_insert (params, "access_token", data->access_token);
g_hash_table_insert (params, "api_key", data->client_id);
g_hash_table_insert (params, "call_id", "0");
g_hash_table_insert (params, "v", "1.0");
response = soup_form_encode_hash (params);
DEBUG ("Response: %s", response);
/* See https://developers.facebook.com/docs/chat/#platauth.
* We don't use soup_form_encode() here because it would escape parameters
* and facebook server is not expecting that and would reject the response. */
response_string = g_string_new ("v=1.0&call_id=0");
g_string_append (response_string, "&access_token=");
g_string_append_uri_escaped (response_string, data->access_token, NULL, TRUE);
g_string_append (response_string, "&api_key=");
g_string_append_uri_escaped (response_string, data->client_id, NULL, TRUE);
g_string_append (response_string, "&method=");
g_string_append_uri_escaped (response_string, g_hash_table_lookup (h, "method"), NULL, TRUE);
g_string_append (response_string, "&nonce=");
g_string_append_uri_escaped (response_string, g_hash_table_lookup (h, "nonce"), NULL, TRUE);
DEBUG ("Response: %s", response_string->str);
response_array = g_array_new (FALSE, FALSE, sizeof (gchar));
g_array_append_vals (response_array, response, strlen (response));
g_array_append_vals (response_array, response_string->str, response_string->len);
tp_cli_channel_interface_sasl_authentication_call_respond (data->channel, -1,
response_array, generic_cb, g_object_ref (result), g_object_unref, NULL);
g_hash_table_unref (h);
g_hash_table_unref (params);
g_free (response);
g_string_free (response_string, TRUE);
g_array_unref (response_array);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment