// GetOrCreateRefreshToken retrieves an existing refresh token, if expired,
// the token gets deleted and new refresh token is created
func (s *Service) GetOrCreateRefreshToken(client *Client, user *User, scope string) (*RefreshToken, error) {
	// Try to fetch an existing refresh token first
	refreshToken := new(RefreshToken)
	found := !s.db.Where(RefreshToken{
		ClientID: util.IntOrNull(int64(client.ID)),
		UserID:   util.IntOrNull(int64(user.ID)),
	}).Preload("Client").Preload("User").First(refreshToken).RecordNotFound()

	// Check if the token is expired, if found
	var expired bool
	if found {
		expired = time.Now().After(refreshToken.ExpiresAt)
	}

	// If the refresh token has expired, delete it
	if expired {
		s.db.Unscoped().Delete(refreshToken)
	}

	// Create a new refresh token if it expired or was not found
	if expired || !found {
		refreshToken = newRefreshToken(
			s.cnf.Oauth.RefreshTokenLifetime, // expires in
			client, // client
			user,   // user
			scope,  // scope
		)
		if err := s.db.Create(refreshToken).Error; err != nil {
			return nil, err
		}
	}

	return refreshToken, nil
}
Example #2
0
// newRefreshToken creates new RefreshToken instance
func newRefreshToken(expiresIn int, client *Client, user *User, scope string) *RefreshToken {
	clientID := util.IntOrNull(int64(client.ID))
	userID := util.IntOrNull(int64(user.ID))
	refreshToken := &RefreshToken{
		Token:     uuid.New(),
		ExpiresAt: time.Now().Add(time.Duration(expiresIn) * time.Second),
		Scope:     scope,
		ClientID:  clientID,
		UserID:    userID,
	}
	if clientID.Valid {
		refreshToken.Client = client
	}
	if userID.Valid {
		refreshToken.User = user
	}
	return refreshToken
}
Example #3
0
// newAuthorizationCode creates new AuthorizationCode instance
func newAuthorizationCode(expiresIn int, client *Client, user *User, redirectURI, scope string) *AuthorizationCode {
	clientID := util.IntOrNull(int64(client.ID))
	userID := util.IntOrNull(int64(user.ID))
	authorizationCode := &AuthorizationCode{
		Code:        uuid.New(),
		ExpiresAt:   time.Now().Add(time.Duration(expiresIn) * time.Second),
		RedirectURI: util.StringOrNull(redirectURI),
		Scope:       scope,
		ClientID:    clientID,
		UserID:      userID,
	}
	if clientID.Valid {
		authorizationCode.Client = client
	}
	if userID.Valid {
		authorizationCode.User = user
	}
	return authorizationCode
}
// getValidAuthorizationCode returns a valid non expired authorization code
func (s *Service) getValidAuthorizationCode(code string, client *Client) (*AuthorizationCode, error) {
	// Fetch the auth code from the database
	authorizationCode := new(AuthorizationCode)
	if s.db.Where(AuthorizationCode{
		Code:     code,
		ClientID: util.IntOrNull(client.ID),
	}).Preload("Client").Preload("User").First(authorizationCode).RecordNotFound() {
		return nil, errors.New("Authorization code not found")
	}

	// Check the authorization code hasn't expired
	if time.Now().After(authorizationCode.ExpiresAt) {
		return nil, errors.New("Authorization code expired")
	}

	return authorizationCode, nil
}
// GetValidRefreshToken returns a valid non expired refresh token
func (s *Service) GetValidRefreshToken(token string, client *Client) (*RefreshToken, error) {
	// Fetch the refresh token from the database
	refreshToken := new(RefreshToken)
	notFound := s.db.Where(RefreshToken{
		ClientID: util.IntOrNull(int64(client.ID)),
	}).Where("token = ?", token).Preload("Client").Preload("User").
		First(refreshToken).RecordNotFound()

	// Not found
	if notFound {
		return nil, errRefreshTokenNotFound
	}

	// Check the refresh token hasn't expired
	if time.Now().After(refreshToken.ExpiresAt) {
		return nil, errRefreshTokenExpired
	}

	return refreshToken, nil
}
// getValidAuthorizationCode returns a valid non expired authorization code
func (s *Service) getValidAuthorizationCode(code string, client *Client) (*AuthorizationCode, error) {
	// Fetch the auth code from the database
	authorizationCode := new(AuthorizationCode)
	notFound := s.db.Where(AuthorizationCode{
		ClientID: util.IntOrNull(int64(client.ID)),
	}).Where("code = ?", code).Preload("Client").Preload("User").
		First(authorizationCode).RecordNotFound()

	// Not found
	if notFound {
		return nil, errAuthorizationCodeNotFound
	}

	// Check the authorization code hasn't expired
	if time.Now().After(authorizationCode.ExpiresAt) {
		return nil, errAuthorizationCodeExpired
	}

	return authorizationCode, nil
}
// deleteExpiredAccessTokens deletes expired access tokens
func (s *Service) deleteExpiredAccessTokens(client *Client, user *User) {
	s.db.Where(AccessToken{
		ClientID: util.IntOrNull(client.ID),
		UserID:   util.IntOrNull(user.ID),
	}).Where("expires_at <= ?", time.Now()).Delete(new(AccessToken))
}