Merge pull request #444 from mmd-osm/patch/cleanup26

Simplified is_valid_bearer_token_char
zerebubuth · Aug 14, 2024 · f80620e · f80620e
2 parents c2e91f8 + a87ab8b
commit f80620e
Showing 1 changed file with 6 additions and 20 deletions.
diff --git a/src/oauth2.cpp b/src/oauth2.cpp
@@ -13,11 +13,8 @@
 #include <cryptopp/sha.h>
 #include <sys/types.h>
 
-#include <regex>
-
 #include "cgimap/oauth2.hpp"
 
-
 inline std::string sha256_hash(const std::string& s) {
 
   using namespace CryptoPP;
@@ -33,39 +30,28 @@ inline std::string sha256_hash(const std::string& s) {
 
 namespace oauth2 {
 
-  bool is_valid_bearer_token_char(unsigned char c) {
+  [[nodiscard]] constexpr bool is_valid_bearer_token_char(unsigned char c) {
       // according to RFC 6750, section 2.1
 
       switch (c) {
           case 'a' ... 'z':
-              return true;
           case 'A' ... 'Z':
-              return true;
           case '0' ... '9':
-              return true;
           case '-':
-              return true;
           case '.':
-              return true;
           case '_':
-              return true;
           case '~':
-              return true;
           case '+':
-              return true;
           case '/':
+          case '=': // we ignore that this char should only occur at end
               return true;
-          case '=':
-              return true;  // we ignore that this char should only occur at end
       }
 
       return false;
   }
 
-  bool has_forbidden_char(std::string_view str) {
-      return std::find_if(str.begin(), str.end(), [](unsigned char ch) {
-                 return !is_valid_bearer_token_char(ch);
-             }) != str.end();
+  [[nodiscard]] bool has_forbidden_char(std::string_view str) {
+    return !std::all_of(str.begin(), str.end(), is_valid_bearer_token_char);
   }
 
   [[nodiscard]] std::optional<osm_user_id_t> validate_bearer_token(const request &req, data_selection& selection, bool& allow_api_write)
@@ -88,8 +74,8 @@ namespace oauth2 {
     if (has_forbidden_char(bearer_token))
       return std::nullopt;
 
-    bool expired;
-    bool revoked;
+    bool expired{true};
+    bool revoked{true};
 
     // Check token as plain text first
     auto user_id = selection.get_user_id_for_oauth2_token(bearer_token, expired, revoked, allow_api_write);