Remove request pre-authorization again

src/HttpServerBodyCommand.cc

@@ -253,7 +253,6 @@ bool HttpServerBodyCommand::execute()
         case RPC_TYPE_JSONP: {
           std::string callback;
           std::unique_ptr<ValueBase> json;
-          auto preauthorized = rpc::RpcRequest::MUST_AUTHORIZE;
           ssize_t error = 0;
           if(httpServer_->getRequestType() == RPC_TYPE_JSONP) {
             json::JsonGetParam param = json::decodeGetParams(query);
@@ -284,7 +283,7 @@ bool HttpServerBodyCommand::execute()
           }
           Dict* jsondict = downcast<Dict>(json);
           if(jsondict) {
-            auto res = rpc::processJsonRpcRequest(jsondict, e_, preauthorized);
+            auto res = rpc::processJsonRpcRequest(jsondict, e_);
             sendJsonRpcResponse(res, callback);
           } else {
             List* jsonlist = downcast<List>(json);
@@ -296,10 +295,7 @@ bool HttpServerBodyCommand::execute()
                 Dict* jsondict = downcast<Dict>(*i);
                 if (jsondict) {
                   auto resp =
-                      rpc::processJsonRpcRequest(jsondict, e_, preauthorized);
-                  if (resp.code == 0) {
-                    preauthorized = rpc::RpcRequest::PREAUTHORIZED;
-                  }
+                      rpc::processJsonRpcRequest(jsondict, e_);
                   results.push_back(std::move(resp));
                 }
               }

src/RpcMethod.cc

@@ -85,11 +85,9 @@ void RpcMethod::authorize(RpcRequest& req, DownloadEngine* e)
       }
     }
   }
-  if (!e || (req.authorization != RpcRequest::PREAUTHORIZED &&
-        !e->validateToken(token))) {
+  if (!e || !e->validateToken(token)) {
     throw DL_ABORT_EX("Unauthorized");
   }
-  req.authorization = RpcRequest::PREAUTHORIZED;
 }
 
 RpcResponse RpcMethod::execute(RpcRequest req, DownloadEngine* e)

src/RpcMethodImpl.cc

@@ -1367,7 +1367,6 @@ std::unique_ptr<ValueBase> SystemMulticallRpcMethod::process
 
 RpcResponse SystemMulticallRpcMethod::execute(RpcRequest req, DownloadEngine *e)
 {
-  auto preauthorized = RpcRequest::MUST_AUTHORIZE;
   auto authorized = RpcResponse::AUTHORIZED;
   try {
     const List* methodSpecs = checkRequiredParam<List>(req, 0);
@@ -1403,14 +1402,11 @@ RpcResponse SystemMulticallRpcMethod::execute(RpcRequest req, DownloadEngine *e)
         methodName->s(),
         std::move(paramsList),
         nullptr,
-        preauthorized,
         req.jsonRpc
       };
       RpcResponse res = getMethod(methodName->s())->execute(std::move(r), e);
       if(rpc::not_authorized(res)) {
         authorized = RpcResponse::NOTAUTHORIZED;
-      } else {
-        preauthorized = RpcRequest::PREAUTHORIZED;
       }
       if(res.code == 0) {
         auto l = List::g();

src/RpcRequest.cc

@@ -39,22 +39,20 @@ namespace aria2 {
 namespace rpc {
 
 RpcRequest::RpcRequest()
-  : authorization{RpcRequest::MUST_AUTHORIZE}, jsonRpc{false}
+  : jsonRpc{false}
 {}
 
 RpcRequest::RpcRequest(std::string methodName,
                        std::unique_ptr<List> params)
-  : methodName{std::move(methodName)}, params{std::move(params)},
-    authorization{RpcRequest::MUST_AUTHORIZE}, jsonRpc{false}
+  : methodName{std::move(methodName)}, params{std::move(params)}, jsonRpc{false}
 {}
 
 RpcRequest::RpcRequest(std::string methodName,
                        std::unique_ptr<List> params,
                        std::unique_ptr<ValueBase> id,
-                       RpcRequest::preauthorization_t authorization,
                        bool jsonRpc)
   : methodName{std::move(methodName)}, params{std::move(params)},
-    id{std::move(id)}, authorization{authorization}, jsonRpc{jsonRpc}
+    id{std::move(id)}, jsonRpc{jsonRpc}
 {}
 
 } // namespace rpc

src/RpcRequest.h

@@ -46,15 +46,9 @@ namespace aria2 {
 namespace rpc {
 
 struct RpcRequest {
-  enum preauthorization_t {
-    MUST_AUTHORIZE,
-    PREAUTHORIZED
-  };
-
   std::string methodName;
   std::unique_ptr<List> params;
   std::unique_ptr<ValueBase> id;
-  preauthorization_t authorization;
   bool jsonRpc;
 
   RpcRequest();
@@ -65,7 +59,6 @@ struct RpcRequest {
   RpcRequest(std::string methodName,
              std::unique_ptr<List> params,
              std::unique_ptr<ValueBase> id,
-             preauthorization_t authorization,
              bool jsonRpc = false);
 };
 

src/WebSocketSession.cc

@@ -165,7 +165,6 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx,
     // TODO Only process text frame
     ssize_t error = 0;
     auto json = wsSession->parseFinal(nullptr, 0, error);
-    auto preauthorized = RpcRequest::MUST_AUTHORIZE;
     if(error < 0) {
       A2_LOG_INFO("Failed to parse JSON-RPC request");
       RpcResponse res
@@ -177,7 +176,7 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx,
     auto e = wsSession->getDownloadEngine();
     if(jsondict) {
       RpcResponse res =
-        processJsonRpcRequest(jsondict, e, preauthorized);
+        processJsonRpcRequest(jsondict, e);
       addResponse(wsSession, res);
     } else {
       List* jsonlist = downcast<List>(json);
@@ -188,10 +187,7 @@ void onMsgRecvCallback(wslay_event_context_ptr wsctx,
               eoi = jsonlist->end(); i != eoi; ++i) {
           Dict* jsondict = downcast<Dict>(*i);
           if (jsondict) {
-            auto resp = processJsonRpcRequest(jsondict, e, preauthorized);
-            if (resp.code == 0) {
-              preauthorized = RpcRequest::PREAUTHORIZED;
-            }
+            auto resp = processJsonRpcRequest(jsondict, e);
             results.push_back(std::move(resp));
           }
         }

src/rpc_helper.cc

@@ -77,8 +77,7 @@ RpcResponse createJsonRpcErrorResponse(int code,
                           std::move(id)};
 }
 
-RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e,
-                                  RpcRequest::preauthorization_t authorization)
+RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e)
 {
   auto id = jsondict->popValue("id");
   if(!id) {
@@ -102,7 +101,7 @@ RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e,
   }
   A2_LOG_INFO(fmt("Executing RPC method %s", methodName->s().c_str()));
   RpcRequest req =
-    {methodName->s(), std::move(params), std::move(id), authorization, true};
+    {methodName->s(), std::move(params), std::move(id), true};
   return getMethod(methodName->s())->execute(std::move(req), e);
 }
 

src/rpc_helper.h

@@ -64,8 +64,7 @@ RpcResponse createJsonRpcErrorResponse(int code,
                                        std::unique_ptr<ValueBase> id);
 
 // Processes JSON-RPC request |jsondict| and returns the result.
-RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e,
-                                  RpcRequest::preauthorization_t authorization);
+RpcResponse processJsonRpcRequest(Dict* jsondict, DownloadEngine* e);
 
 } // namespace rpc
 

test/RpcMethodTest.cc

@@ -200,14 +200,6 @@ void RpcMethodTest::testAuthorize()
     auto res = m.execute(std::move(req), e_.get());
     CPPUNIT_ASSERT_EQUAL(1, res.code);
   }
-  // secret token set and bad token: prefixed parameter is given, but preauthorized
-  {
-    auto req = createReq(GetVersionRpcMethod::getMethodName());
-    req.authorization = RpcRequest::PREAUTHORIZED;
-    req.params->append("token:foo2");
-    auto res = m.execute(std::move(req), e_.get());
-    CPPUNIT_ASSERT_EQUAL(0, res.code);
-  }
 }
 
 void RpcMethodTest::testAddUri()