Example #1
0
func (s *Server) FinishInfoRequest(r *http.Request, ir *InfoRequest) objx.Map {
	response := objx.Map{
		"access_token": ir.AccessData.GetAccessToken(),
		"token_type":   s.Config.TokenType,
		"expires_in":   ir.AccessData.ExpiresAt().Sub(time.Now()) / time.Second,
	}
	if ir.AccessData.GetRefreshToken() != "" {
		response.Set("refresh_token", ir.AccessData.GetRefreshToken())
	}
	if ir.AccessData.GetScope() != "" {
		response.Set("scope", ir.AccessData.GetScope())
	}
	return response
}
Example #2
0
func (s *Server) FinishAccessRequest(params objx.Map, ar *AccessRequest, target AccessData) (response objx.Map, httpErr *HttpError) {
	if ar.Authorized {
		target.SetClient(ar.Client)
		target.SetAuthorizeData(ar.AuthorizeData)
		target.SetAccessData(ar.AccessData)
		target.SetRedirectUri(params.Get("redirect_uri").Str())
		target.SetCreatedAt(time.Now())
		target.SetExpiresIn(ar.Expiration)

		accessToken, refreshToken, tokenErr := s.AccessTokenGen.GenerateAccessToken(ar.GenerateRefresh)
		if tokenErr != nil {
			return nil, tokenErr
		}
		target.SetAccessToken(accessToken)
		target.SetRefreshToken(refreshToken)

		if err := s.Storage.SaveAccess(target); err != nil {
			if httpErr, ok := err.(*HttpError); ok {
				return nil, httpErr
			} else {
				return nil, deferror.Get(err.Error())
			}
		}

		if target.GetAuthorizeData() != nil {
			s.Storage.RemoveAuthorize(target.GetAuthorizeData().GetCode())
		}

		if target.GetAccessData() != nil {
			if target.GetAccessData().GetRefreshToken() != "" {
				s.Storage.RemoveRefresh(target.GetAccessData().GetRefreshToken())
			}
			s.Storage.RemoveAccess(target.GetAccessData().GetAccessToken())
		}

		response := objx.Map{
			"access_token": target.GetAccessToken(),
			"token_type":   s.Config.TokenType,
			"expires_in":   target.GetExpiresIn(),
		}
		if target.GetRefreshToken() != "" {
			response.Set("refresh_token", target.GetRefreshToken())
		}
		if ar.Scope != "" {
			response.Set("scope", ar.Scope)
		}
		return response, nil
	}
	return nil, deferror.Get(E_ACCESS_DENIED)
}
Example #3
0
// CompleteAuth takes a map of arguments that are used to
// complete the authorisation process, completes it, and returns
// the appropriate common.Credentials.
//
// The data must contain an OAuth2KeyCode obtained from the auth
// server.
func CompleteAuth(tripperFactory common.TripperFactory, data objx.Map, config *common.Config, provider common.Provider) (*common.Credentials, error) {

	// get the code
	codeList := data.Get(OAuth2KeyCode).Data()

	code, ok := codeList.(string)
	if !ok {

		if codeList == nil || len(codeList.([]string)) == 0 {
			return nil, &common.MissingParameterError{ParameterName: OAuth2KeyCode}
		}
		code = codeList.([]string)[0]
		if len(code) == 0 {
			return nil, &common.MissingParameterError{ParameterName: OAuth2KeyCode}
		}
	}

	client, clientErr := GetClient(tripperFactory, common.EmptyCredentials, provider)
	if clientErr != nil {
		return nil, clientErr
	}

	params := objx.MSI(OAuth2KeyGrantType, OAuth2GrantTypeAuthorizationCode,
		OAuth2KeyRedirectUrl, config.Get(OAuth2KeyRedirectUrl).Str(),
		OAuth2KeyScope, config.Get(OAuth2KeyScope).Str(),
		OAuth2KeyCode, code,
		OAuth2KeyClientID, config.Get(OAuth2KeyClientID).Str(),
		OAuth2KeySecret, config.Get(OAuth2KeySecret).Str())

	// post the form
	response, requestErr := client.PostForm(config.Get(OAuth2KeyTokenURL).Str(), params.URLValues())

	if requestErr != nil {
		return nil, requestErr
	}

	// make sure we close the body
	defer func() {
		if response.Body != nil {
			response.Body.Close()
		}
	}()

	// make sure we have an OK response
	if response.StatusCode != http.StatusOK {
		return nil, &common.AuthServerError{
			ErrorMessage: fmt.Sprintf("Server replied with %s.", response.Status),
			Response:     response,
		}
	}

	content, _, mimeTypeErr := mime.ParseMediaType(response.Header.Get("Content-Type"))

	if mimeTypeErr != nil {
		return nil, mimeTypeErr
	}

	// prepare the credentials object
	creds := &common.Credentials{Map: objx.MSI()}

	body, err := ioutil.ReadAll(response.Body)
	if err != nil {
		return nil, err
	}

	switch content {
	case "application/x-www-form-urlencoded", "text/plain":

		vals, err := objx.FromURLQuery(string(body))
		if err != nil {
			return nil, err
		}

		// did an error occur?
		if len(vals.Get("error").Str()) > 0 {
			return nil, &common.AuthServerError{
				ErrorMessage: vals.Get("error").Str(),
				Response:     response,
			}
		}

		expiresIn, _ := time.ParseDuration(vals.Get(OAuth2KeyExpiresIn).Str() + "s")

		creds.Set(OAuth2KeyAccessToken, vals.Get(OAuth2KeyAccessToken).Str())
		creds.Set(OAuth2KeyRefreshToken, vals.Get(OAuth2KeyRefreshToken).Str())
		creds.Set(OAuth2KeyExpiresIn, expiresIn)

	default: // use JSON

		var data objx.Map

		jsonErr := json.Unmarshal(body, &data)

		if jsonErr != nil {
			return nil, jsonErr
		}

		// handle the time
		timeDuration := data.Get(OAuth2KeyExpiresIn).Float64()
		data.Set(OAuth2KeyExpiresIn, time.Duration(timeDuration)*time.Second)

		// merge this data into the creds
		creds.MergeHere(data)

	}

	return creds, nil
}