lib/clarion/app.rb in clarion-0.2.1 vs lib/clarion/app.rb in clarion-0.3.0

@@ -88,18 +88,17 @@
     get '/authn/:id' do
       @authn = store.find_authn(params[:id])
       unless @authn
         halt 404, "authn not found"
       end
-      if @authn.verified?
-        halt 410, "Authn already processed"
-      end
       if @authn.expired?
         halt 410, "Authn expired"
       end
+      if @authn.closed?
+        halt 410, "Authn already processed"
+      end
 
-
       authenticator = Authenticator.new(@authn, u2f, counter, store)
       @app_id, @requests, @challenge = authenticator.request
 
       @req_id = SecureRandom.urlsafe_base64(12)
       session[:reqs] ||= {}
@@ -112,12 +111,18 @@
 
     register = Proc.new do
       unless params[:name] && params[:callback] && params[:public_key]
         halt 400, 'missing params'
       end
-      if params[:callback].start_with?('js:') && !(conf.registration_allowed_url === params[:callback])
-        halt 400, 'invalid callback'
+      if params[:callback].start_with?('js:')
+        unless conf.registration_allowed_url === params[:callback][3..-1]
+          halt 400, 'invalid callback'
+        end
+      else
+        unless conf.registration_allowed_url === params[:callback]
+          halt 400, 'invalid callback'
+        end
       end
 
       public_key = begin
         OpenSSL::PKey::RSA.new(params[:public_key].unpack('m*')[0], '')
       rescue OpenSSL::PKey::RSAError
@@ -171,13 +176,13 @@
       session[:regis].reject! { |_| _[:id] == data[:reg_id] }
 
       {ok: true, name: key.name, encrypted_key: key.to_encrypted_json(public_key, :all)}.to_json
     end
 
-    post '/ui/verify/:id' do
+    post '/ui/cancel/:id' do
       content_type :json
-      unless data[:req_id] && data[:response]
+      unless data[:req_id]
         halt 400, '{"error": "missing params"}'
       end
       session[:reqs] ||= {}
       unless session[:reqs][data[:req_id]]
         halt 400, '{"error": "invalid :req_id"}'
@@ -189,14 +194,46 @@
 
       @authn = store.find_authn(params[:id])
       unless @authn
         halt 404, '{"error": "authn not found"}'
       end
-      if @authn.verified?
+      if @authn.expired?
+        halt 410, '{"error": "authn expired"}'
+      end
+      if @authn.closed?
         halt 410, '{"error": "authn already processed"}'
       end
+
+      @authn.cancel!
+      store.store_authn(@authn)
+      session[:reqs].delete data[:req_id]
+
+      '{"ok": true}'
+    end
+
+    post '/ui/verify/:id' do
+      content_type :json
+      unless data[:req_id] && data[:response]
+        halt 400, '{"error": "missing params"}'
+      end
+      session[:reqs] ||= {}
+      unless session[:reqs][data[:req_id]]
+        halt 400, '{"error": "invalid :req_id"}'
+      end
+      challenge = session[:reqs][data[:req_id]][:challenge]
+      unless challenge
+        halt 400, '{"error": "invalid :req_id"}'
+      end
+
+      @authn = store.find_authn(params[:id])
+      unless @authn
+        halt 404, '{"error": "authn not found"}'
+      end
       if @authn.expired?
         halt 410, '{"error": "authn expired"}'
+      end
+      if @authn.closed?
+        halt 410, '{"error": "authn already processed"}'
       end
 
       authenticator = Authenticator.new(@authn, u2f, counter, store)
 
       begin