// getToken returns the token saved in the config file under
// section name.
func getToken(name string) (*oauth2.Token, error) {
tokenString, err := fs.ConfigFile.GetValue(string(name), ConfigToken)
if err != nil {
return nil, err
}
if tokenString == "" {
return nil, fmt.Errorf("Empty token found - please run rclone config again")
}
token := new(oauth2.Token)
err = json.Unmarshal([]byte(tokenString), token)
if err != nil {
return nil, err
}
// if has data then return it
if token.AccessToken != "" && token.RefreshToken != "" {
return token, nil
}
// otherwise try parsing as oldToken
oldtoken := new(oldToken)
err = json.Unmarshal([]byte(tokenString), oldtoken)
if err != nil {
return nil, err
}
// Fill in result into new token
token.AccessToken = oldtoken.AccessToken
token.RefreshToken = oldtoken.RefreshToken
token.Expiry = oldtoken.Expiry
// Save new format in config file
err = putToken(name, token)
if err != nil {
return nil, err
}
return token, nil
}
func newTokenFromRefreshToken(refreshToken string) (*oauth2.Token, error) {
token := new(oauth2.Token)
token.RefreshToken = refreshToken
token.Expiry = time.Now()
// TokenSource will refresh the token if needed (which is likely in this
// use case)
oauthConfig := *googleOauthConfig
ts := oauthConfig.TokenSource(oauth2.NoContext, token)
return ts.Token()
}
func GetSpotifyClient(clientID, clientSecret, refreshToken string) *spotify.Client {
// So as not to introduce a web flow into this program, we cheat a bit here
// by just using a refresh token and not an access token (because access
// tokens expiry very quickly and are therefore not suitable for inclusion
// in configuration). This will force a refresh on the first call, but meh.
token := new(oauth2.Token)
token.Expiry = time.Now().Add(time.Second * -1)
token.RefreshToken = refreshToken
// See comment above. We've already procured the first access/refresh token
// pair outside of this program, so no redirect URL is necessary.
authenticator := spotify.NewAuthenticator("no-redirect-url")
authenticator.SetAuthInfo(clientID, clientSecret)
client := authenticator.NewClient(token)
return &client
}
// decodeToken parses an access token, refresh token, and optional
// expiry unix timestamp separated by spaces into an oauth2.Token.
// It returns as much as it can.
func decodeToken(encoded string) *oauth2.Token {
t := new(oauth2.Token)
f := strings.Fields(encoded)
if len(f) > 0 {
t.AccessToken = f[0]
}
if len(f) > 1 {
t.RefreshToken = f[1]
}
if len(f) > 2 && f[2] != "0" {
sec, err := strconv.ParseInt(f[2], 10, 64)
if err == nil {
t.Expiry = time.Unix(sec, 0)
}
}
return t
}
func TestSessionStore(t *testing.T) {
// setup oauthmw
sess := newSession()
prov := newProvider()
prov.Path = "/"
prov.Configs = map[string]*oauth2.Config{
"google": newGoogleEndpoint(""),
}
prov.checkDefaults()
// setup mux and middleware
m0 := goji.NewMux()
m0.UseC(sess.Handler)
m0.UseC(prov.Login(nil))
m0.HandleFuncC(pat.Get("/ok"), okHandler)
// do initial request to establish session
r0, _ := get(m0, "/ok", nil, t)
checkOK(r0, t)
cookie := getCookie(r0, t)
// set session store to bad data
obj0 := swapSessionStore(sess.Store, &prov, "baddata", true, t)
_, ok := obj0.(Store)
if !ok {
t.Error("item in session should be store")
}
// send another request
r1, _ := get(m0, "/ok", cookie, t)
checkOK(r1, t)
// check that store is no longer corrupted
obj1 := swapSessionStore(sess.Store, &prov, obj0, true, t)
_, ok = obj1.(Store)
if !ok {
t.Error("store should have been fixed")
}
// test nil token
_ = swapSessionStore(sess.Store, &prov, Store{Token: nil}, false, t)
r2, _ := get(m0, "/ok", cookie, t)
checkOK(r2, t)
// setup mux and middleware
m1 := goji.NewMux()
m1.UseC(sess.Handler)
m1.UseC(prov.RequireLogin(nil))
m1.HandleFuncC(pat.Get("/ok"), okHandler)
// check expired token
r3, _ := get(m1, "/ok", cookie, t)
check(302, r3, t)
// create token
t3 := oauth2.Token{
AccessToken: "access",
TokenType: "bearer",
Expiry: time.Now().Add(1 * time.Hour),
}
// put token in session
swapSessionStore(sess.Store, &prov, Store{
Token: &t3,
States: make(map[string]StoreState),
}, true, t)
// check access
r4, _ := get(m1, "/ok", cookie, t)
checkOK(r4, t)
// force token expiration
t3.Expiry = time.Now().Add(-1 * time.Hour)
// check that access has been revoked
r5, _ := get(m1, "/ok", cookie, t)
check(302, r5, t)
}