From a06062e714e68619dbf45642e9f2e0d2d270474d Mon Sep 17 00:00:00 2001 From: Chteufleur Date: Sat, 27 Aug 2016 16:34:44 +0200 Subject: [PATCH] Make the transaction ID mandatory again (for security issue). --- README.md | 2 +- http/http.go | 4 ++-- httpAuth.cfg | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9d49422..601204e 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ To ask authorization, just send an HTTP request to the path ``/auth`` with param * __jid__ : JID of the user (user@host/resource or user@host) * __domain__ : Domain you want to access * __method__ : Method you access the domain - * transaction_id : Transaction identifier (auto generated if not provide) + * __transaction_id__ : Transaction identifier (auto generated if not provide) * timeout : Timeout of the request in second (default : 60, max : 300) __Bold parameters__ are mandatory. diff --git a/http/http.go b/http/http.go index 7776652..95a4520 100644 --- a/http/http.go +++ b/http/http.go @@ -62,15 +62,15 @@ func authHandler(w http.ResponseWriter, r *http.Request) { jid := strings.Join(r.Form[PARAM_JID], "") method := strings.Join(r.Form[METHOD_ACCESS], "") domain := strings.Join(r.Form[DOMAIN_ACCESS], "") + transaction := strings.Join(r.Form[TRANSACTION_ID], "") - if jid == "" || method == "" || domain == "" { + if jid == "" || method == "" || domain == "" || transaction == "" { // If mandatory params is missing log.Printf("%sMandatory params is missing", LogInfo) w.WriteHeader(http.StatusBadRequest) return } - transaction := strings.Join(r.Form[TRANSACTION_ID], "") timeoutStr := strings.Join(r.Form[TIMEOUTE], "") log.Printf("%sAuth %s", LogInfo, jid) timeout, err := strconv.Atoi(timeoutStr) diff --git a/httpAuth.cfg b/httpAuth.cfg index 7b11a63..f4537c3 100644 --- a/httpAuth.cfg +++ b/httpAuth.cfg @@ -1,7 +1,7 @@ # XMPP informations (component) xmpp_server_address=192.168.1.2 xmpp_server_port=5347 -xmpp_jid=xmppsteamm.kingpenguin.tk +xmpp_jid=xmppsteam.kingpenguin.tk xmpp_secret=xmpp4steam_password xmpp_debug=true xmpp_verify_cert_validity=true