Ejemplo n.º 1
0
func (w *LocalWarden) actionAllowed(ctx context.Context, a *ladon.Request, scopes []string, oauthRequest fosite.AccessRequester, session *oauth2.Session) (*Context, error) {
	session = oauthRequest.GetSession().(*oauth2.Session)
	if a.Subject != "" && a.Subject != session.Subject {
		return nil, errors.New("Subject mismatch " + a.Subject + " - " + session.Subject)
	}

	if !matchScopes(oauthRequest.GetGrantedScopes(), scopes, session, oauthRequest.GetClient()) {
		return nil, errors.New(herodot.ErrForbidden)
	}

	a.Subject = session.Subject
	if err := w.Warden.IsAllowed(a); err != nil {
		return nil, err
	}

	logrus.WithFields(logrus.Fields{
		"scopes":   scopes,
		"subject":  a.Subject,
		"audience": oauthRequest.GetClient().GetID(),
		"request":  a,
	}).Infof("Access granted")

	return &Context{
		Subject:       session.Subject,
		GrantedScopes: oauthRequest.GetGrantedScopes(),
		Issuer:        w.Issuer,
		Audience:      oauthRequest.GetClient().GetID(),
		IssuedAt:      oauthRequest.GetRequestedAt(),
	}, nil
}