Beispiel #1
0
func AccessTokenRequest(data utils.H) (utils.H, error) {
	var user models.User
	var client models.Client

	var code string
	var redirectURI string

	if data["code"] == nil || data["redirect_uri"] == nil || data["client"] == nil {
		return invalidRequestResult("")
	}

	redirectURI = data["redirect_uri"].(string)
	code = data["code"].(string)
	client = data["client"].(models.Client)

	authorizationSession := services.FindSessionByToken(code, models.GrantToken)
	defer services.InvalidateSession(authorizationSession)
	if authorizationSession.ID == 0 {
		return invalidGrantResult("")
	}
	user = authorizationSession.User
	user = services.FindUserByPublicId(user.PublicId)
	if authorizationSession.Client.ID != client.ID {
		return invalidGrantResult("")
	}
	if !strings.Contains(authorizationSession.Client.RedirectURI, redirectURI) {
		return invalidGrantResult("")
	}

	accessToken := services.CreateSession(user,
		client,
		authorizationSession.Ip,
		authorizationSession.UserAgent,
		authorizationSession.Scopes,
		models.AccessToken)
	refreshToken := services.CreateSession(user,
		client,
		authorizationSession.Ip,
		authorizationSession.UserAgent,
		authorizationSession.Scopes,
		models.RefreshToken)

	if accessToken.ID == 0 || refreshToken.ID == 0 {
		return serverErrorResult("")
	}

	return utils.H{
		"user_id":       user.PublicId,
		"access_token":  accessToken.Token,
		"token_type":    "Bearer",
		"expires_in":    accessToken.ExpiresIn,
		"refresh_token": refreshToken.Token,
		"scope":         authorizationSession.Scopes,
	}, nil
}
Beispiel #2
0
func RefreshTokenRequest(data utils.H) (utils.H, error) {
	var user models.User
	var client models.Client

	var token string
	var scope string

	if data["refresh_token"] == nil || data["scope"] == nil || data["client"] == nil {
		return invalidRequestResult("")
	}

	token = data["refresh_token"].(string)
	scope = data["scope"].(string)
	client = data["client"].(models.Client)

	refreshSession := services.FindSessionByToken(token, models.RefreshToken)
	defer services.InvalidateSession(refreshSession)
	if refreshSession.ID == 0 {
		return invalidGrantResult("")
	}
	user = refreshSession.User
	user = services.FindUserByPublicId(user.PublicId)
	if refreshSession.Client.ID != client.ID {
		return invalidGrantResult("")
	}
	if scope != refreshSession.Scopes {
		return invalidScopeResult("")
	}

	accessToken := services.CreateSession(user,
		client,
		refreshSession.Ip,
		refreshSession.UserAgent,
		scope,
		models.AccessToken)
	refreshToken := services.CreateSession(user,
		client,
		refreshSession.Ip,
		refreshSession.UserAgent,
		scope,
		models.RefreshToken)

	if accessToken.ID == 0 || refreshToken.ID == 0 {
		return serverErrorResult("")
	}

	return utils.H{
		"user_id":       user.PublicId,
		"access_token":  accessToken.Token,
		"token_type":    "Bearer",
		"expires_in":    accessToken.ExpiresIn,
		"refresh_token": refreshToken.Token,
		"scope":         refreshSession.Scopes,
	}, nil
}
func AuthorizationCodeGrant(data utils.H) (utils.H, error) {
	var redirectURI string
	var scope string
	var state string

	var ip string
	var userAgent string

	var user models.User
	var client models.Client

	if data["redirect_uri"] == nil || data["user"] == nil || data["client"] == nil {
		return invalidRequestResult(state)
	}

	if data["state"] != nil {
		state = data["state"].(string)
	}

	if data["ip"] != nil {
		ip = data["ip"].(string)
	}

	if data["userAgent"] != nil {
		userAgent = data["userAgent"].(string)
	}

	redirectURI = data["redirect_uri"].(string)
	client = data["client"].(models.Client)
	user = data["user"].(models.User)

	if data["scope"] != nil {
		scope = data["scope"].(string)
	}

	if !strings.Contains(client.RedirectURI, redirectURI) {
		return invalidRedirectURIResult(state)
	}

	/*
	 * WARNING
	 * It will grant access, but with a public-only scope
	 */
	if scope != "" && !strings.Contains(client.Scopes, scope) {
		scope = models.PublicScope
	}

	session := services.CreateSession(user, client, ip, userAgent, scope, models.GrantToken)
	if session.ID > 0 {
		return utils.H{
			"code":  session.Token,
			"state": state,
			"scope": scope,
		}, nil
	} else {
		return serverErrorResult(state)
	}
}