func RefreshTokenRequest(data utils.H) (utils.H, error) {
var user models.User
var client models.Client
var token string
var scope string
if data["refresh_token"] == nil || data["scope"] == nil || data["client"] == nil {
return invalidRequestResult("")
}
token = data["refresh_token"].(string)
scope = data["scope"].(string)
client = data["client"].(models.Client)
refreshSession := services.FindSessionByToken(token, models.RefreshToken)
defer services.InvalidateSession(refreshSession)
if refreshSession.ID == 0 {
return invalidGrantResult("")
}
user = refreshSession.User
user = services.FindUserByPublicId(user.PublicId)
if refreshSession.Client.ID != client.ID {
return invalidGrantResult("")
}
if scope != refreshSession.Scopes {
return invalidScopeResult("")
}
accessToken := services.CreateSession(user,
client,
refreshSession.Ip,
refreshSession.UserAgent,
scope,
models.AccessToken)
refreshToken := services.CreateSession(user,
client,
refreshSession.Ip,
refreshSession.UserAgent,
scope,
models.RefreshToken)
if accessToken.ID == 0 || refreshToken.ID == 0 {
return serverErrorResult("")
}
return utils.H{
"user_id": user.PublicId,
"access_token": accessToken.Token,
"token_type": "Bearer",
"expires_in": accessToken.ExpiresIn,
"refresh_token": refreshToken.Token,
"scope": refreshSession.Scopes,
}, nil
}
func AccessTokenRequest(data utils.H) (utils.H, error) {
var user models.User
var client models.Client
var code string
var redirectURI string
if data["code"] == nil || data["redirect_uri"] == nil || data["client"] == nil {
return invalidRequestResult("")
}
redirectURI = data["redirect_uri"].(string)
code = data["code"].(string)
client = data["client"].(models.Client)
authorizationSession := services.FindSessionByToken(code, models.GrantToken)
defer services.InvalidateSession(authorizationSession)
if authorizationSession.ID == 0 {
return invalidGrantResult("")
}
user = authorizationSession.User
user = services.FindUserByPublicId(user.PublicId)
if authorizationSession.Client.ID != client.ID {
return invalidGrantResult("")
}
if !strings.Contains(authorizationSession.Client.RedirectURI, redirectURI) {
return invalidGrantResult("")
}
accessToken := services.CreateSession(user,
client,
authorizationSession.Ip,
authorizationSession.UserAgent,
authorizationSession.Scopes,
models.AccessToken)
refreshToken := services.CreateSession(user,
client,
authorizationSession.Ip,
authorizationSession.UserAgent,
authorizationSession.Scopes,
models.RefreshToken)
if accessToken.ID == 0 || refreshToken.ID == 0 {
return serverErrorResult("")
}
return utils.H{
"user_id": user.PublicId,
"access_token": accessToken.Token,
"token_type": "Bearer",
"expires_in": accessToken.ExpiresIn,
"refresh_token": refreshToken.Token,
"scope": authorizationSession.Scopes,
}, nil
}
func jupiterHandler(c *gin.Context) {
session := sessions.Default(c)
userPublicId := session.Get("userPublicId")
if userPublicId == nil {
c.Redirect(http.StatusFound, "/signin")
return
}
client := services.FindOrCreateClient("Jupiter")
user := services.FindUserByPublicId(userPublicId.(string))
actionToken := services.CreateAction(user, client,
c.Request.RemoteAddr,
c.Request.UserAgent(),
models.ReadWriteScope)
c.HTML(http.StatusOK, "satellite", utils.H{
"AssetsEndpoint": spaceCDN,
"Title": " - Mission control",
"Satellite": "europa",
"Data": utils.H{
"action_token": actionToken.Token,
"user_id": user.UUID,
},
})
}
func authorizeHandler(c *gin.Context) {
var location string
var responseType string
var clientId string
var redirectURI string
var scope string
var state string
session := sessions.Default(c)
userPublicId := session.Get("userPublicId")
nextPath := url.QueryEscape(fmt.Sprintf("%s?%s", c.Request.URL.Path, c.Request.URL.RawQuery))
if userPublicId == nil {
location = fmt.Sprintf("/signin?_=%s", nextPath)
c.Redirect(http.StatusFound, location)
return
}
user := services.FindUserByPublicId(userPublicId.(string))
if user.ID == 0 {
session.Delete("userPublicId")
session.Save()
location = fmt.Sprintf("/signin?_=%s", nextPath)
c.Redirect(http.StatusFound, location)
return
}
responseType = c.Query("response_type")
clientId = c.Query("client_id")
redirectURI = c.Query("redirect_uri")
scope = c.Query("scope")
state = c.Query("state")
if redirectURI == "" {
redirectURI = "/error"
}
client := services.FindClientByKey(clientId)
if client.ID == 0 {
redirectURI = "/error"
location = fmt.Sprintf("%s?error=%s&state=%s",
redirectURI, oauth.UnauthorizedClient, state)
c.Redirect(http.StatusFound, location)
return
}
if scope != models.PublicScope && scope != models.ReadScope && scope != models.ReadWriteScope {
scope = "public"
}
switch responseType {
// Authorization Code Grant
case oauth.Code:
activeSessions := services.ActiveSessionsForClient(client.ID, user.ID)
if c.Request.Method == "GET" && activeSessions == 0 {
c.HTML(http.StatusOK, "satellite", utils.H{
"AssetsEndpoint": spaceCDN,
"Title": " - Authorize",
"Satellite": "callisto",
"Data": utils.H{
"first_name": user.FirstName,
"last_name": user.LastName,
"client_name": client.Name,
"client_uri": client.CanonicalURI,
"requested_scope": scope,
},
})
return
} else if c.Request.Method == "POST" || (activeSessions > 0 && c.Request.Method == "GET") {
if c.PostForm("access_denied") == "true" {
location = fmt.Sprintf(errorURI, redirectURI, oauth.AccessDenied, state)
c.Redirect(http.StatusFound, location)
return
}
result, err := oauth.AuthorizationCodeGrant(utils.H{
"response_type": responseType,
"client": client,
"user": user,
"ip": c.Request.RemoteAddr,
"userAgent": c.Request.UserAgent(),
"redirect_uri": redirectURI,
"scope": scope,
"state": state,
})
if err != nil {
location = fmt.Sprintf(errorURI, redirectURI, result["error"], result["state"])
c.Redirect(http.StatusFound, location)
} else {
location = fmt.Sprintf("%s?code=%s&scope=%s&state=%s",
redirectURI, result["code"], result["scope"], result["state"])
c.Redirect(http.StatusFound, location)
}
} else {
c.String(http.StatusNotFound, "404 Not Found")
}
// Implicit Grant
case oauth.Token:
location = fmt.Sprintf(errorURI,
redirectURI, oauth.UnsupportedResponseType, state)
c.Redirect(http.StatusFound, location)
return
default:
location = fmt.Sprintf(errorURI,
redirectURI, oauth.InvalidRequest, state)
c.Redirect(http.StatusFound, location)
return
}
}
