Beispiel #1
0
// HandleAccess implements osinserver.AccessHandler
func (h *AccessAuthenticator) HandleAccess(ar *osin.AccessRequest, w http.ResponseWriter) error {
	var (
		info user.Info
		ok   bool
		err  error
	)

	switch ar.Type {
	case osin.AUTHORIZATION_CODE, osin.REFRESH_TOKEN:
		// auth codes and refresh tokens are assumed allowed
		ok = true
	case osin.PASSWORD:
		info, ok, err = h.password.AuthenticatePassword(ar.Username, ar.Password)
	case osin.ASSERTION:
		info, ok, err = h.assertion.AuthenticateAssertion(ar.AssertionType, ar.Assertion)
	case osin.CLIENT_CREDENTIALS:
		info, ok, err = h.client.AuthenticateClient(ar.Client)
	default:
		glog.Warningf("Received unknown access token type: %s", ar.Type)
	}

	if err != nil {
		glog.V(4).Infof("Unable to authenticate %s: %v", ar.Type, err)
		return err
	}

	if ok {
		// Disable refresh_token generation
		ar.GenerateRefresh = false
		ar.Authorized = true
		if info != nil {
			ar.AccessData.UserData = info
		}
	}
	return nil
}
Beispiel #2
0
//检查应用是否有权限访问其申请资源,以及资源是否已启用
func checkAccessRequest(oauth *OAuth, w http.ResponseWriter, r *http.Request, ar *osin.AccessRequest) *osin.AccessRequest {
	switch ar.Type {
	case osin.AUTHORIZATION_CODE:
		ar.Authorized = true

		//校验申请的资源是否已经给第三方应用授权
		resources := ""
		arrScope := strings.Split(ar.Scope, ",")
		for i := 0; i < len(arrScope); i++ {
			resId := GetResId(arrScope[i])
			if IsAppConfered(ar.Client.GetId(), resId) {
				if resources == "" {
					resources += arrScope[i]
				} else {
					resources += "," + arrScope[i]
				}

				//写入用户授权表
				userData := ar.UserData.(map[string]interface{})
				acId := int(userData["Ac_id"].(float64))
				openId := GetOpenId(acId, ar.Client.GetId())
				if !IsPersonConfered(ar.Client.GetId(), openId, resId) {
					InsertPersonConfered(ar.Client.GetId(), openId, resId)
				}
			}
		}

		//重新给token绑定资源
		ar.Scope = resources
	case osin.REFRESH_TOKEN:
		ar.Authorized = true
	case osin.PASSWORD:
		ok := LoginQuery(ar.Username, ar.Password)
		if ok {
			GenerateCookie(w, r, ar.Username, 1)
			ar.Authorized = true
		} else {
			//通过redirect_uri 返回错误约定 并跳转到改redirect_uri
		}
	case osin.CLIENT_CREDENTIALS:
		//校验appId和appKey是否正确
		if ar.Client.GetSecret() != GetAppKey(ar.Client.GetId()) {
			ar.Authorized = false
			return ar
		}

		ar.Authorized = true
		//校验申请的资源是否已经给第三方应用授权
		resources := ""
		arrScope := strings.Split(ar.Scope, ",")
		for i := 0; i < len(arrScope); i++ {
			resId := GetResId(arrScope[i])
			if IsAppConfered(ar.Client.GetId(), resId) {
				if resources == "" {
					resources += arrScope[i]
				} else {
					resources += "," + arrScope[i]
				}
			}
		}
		//重新给token绑定资源
		ar.Scope = resources
	case osin.ASSERTION:
		if ar.AssertionType == "urn:osin.example.complete" && ar.Assertion == "osin.data" {
			ar.Authorized = true
		}
	}

	return ar
}