Exemplo n.º 1
0
func ExampleLogin() {
	m := martini.Classic()
	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
	m.Use(oauth2.Google(
		goauth2.Client("client_id", "client_secret"),
		goauth2.RedirectURL("redirect_url"),
		goauth2.Scope("https://www.googleapis.com/auth/drive"),
	))
	// Tokens are injected to the handlers
	m.Get("/", func(tokens oauth2.Tokens) string {
		if tokens.Expired() {
			return "not logged in, or the access token is expired"
		}
		return "logged in"
	})

	// Routes that require a logged in user
	// can be protected with oauth2.LoginRequired handler.
	// If the user is not authenticated, they will be
	// redirected to the login path.
	m.Get("/restrict", oauth2.LoginRequired, func(tokens oauth2.Tokens) string {
		return tokens.Access()
	})

	m.Run()
}
Exemplo n.º 2
0
func Test_LoginRedirectAfterLoginRequired(t *testing.T) {
	recorder := httptest.NewRecorder()
	n := negroni.New()
	n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
	n.Use(Google(
		goauth2.Client("client_id", "client_secret"),
		goauth2.RedirectURL("refresh_url"),
		goauth2.Scope("x", "y"),
	))

	n.Use(LoginRequired())

	mux := http.NewServeMux()

	mux.HandleFunc("/login-required", func(w http.ResponseWriter, req *http.Request) {
		t.Log("hi there")
		fmt.Fprintf(w, "OK")
	})

	n.UseHandler(mux)

	r, _ := http.NewRequest("GET", "/login-required?key=value", nil)
	n.ServeHTTP(recorder, r)

	location := recorder.HeaderMap["Location"][0]
	if recorder.Code != 302 {
		t.Errorf("Not being redirected to the auth page.")
	}
	if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" {
		t.Errorf("Not being redirected to the right page, %v found", location)
	}
}
Exemplo n.º 3
0
func TestFetchTokenLocalCacheMiss(t *testing.T) {
	m := &mockMemcache{vals: make(tokMap)}
	memcacheGob = m
	accessTokenCount = 0
	delete(tokens, testScopeKey) // clear local cache
	f, err := oauth2.New(
		AppEngineContext(nil),
		oauth2.Scope(testScope),
	)
	if err != nil {
		t.Error(err)
	}
	tr := f.NewTransport()
	c := http.Client{Transport: tr}
	c.Get("server")
	if w := 1; m.getCount != w {
		t.Errorf("bad memcache.Get count: got %v, want %v", m.getCount, w)
	}
	if w := 1; accessTokenCount != w {
		t.Errorf("bad AccessToken count: got %v, want %v", accessTokenCount, w)
	}
	if w := 1; m.setCount != w {
		t.Errorf("bad memcache.Set count: got %v, want %v", m.setCount, w)
	}
	// Make sure local cache has been populated
	_, ok := tokens[testScopeKey]
	if !ok {
		t.Errorf("local cache not populated!")
	}
}
Exemplo n.º 4
0
func Example_serviceAccounts() {
	// Your credentials should be obtained from the Google
	// Developer Console (https://console.developers.google.com).
	opts, err := oauth2.New(
		// The contents of your RSA private key or your PEM file
		// that contains a private key.
		// If you have a p12 file instead, you
		// can use `openssl` to export the private key into a pem file.
		//
		//    $ openssl pkcs12 -in key.p12 -out key.pem -nodes
		//
		// It only supports PEM containers with no passphrase.
		oauth2.JWTClient(
			"*****@*****.**",
			[]byte("-----BEGIN RSA PRIVATE KEY-----...")),
		oauth2.Scope(
			"https://www.googleapis.com/auth/bigquery",
			"https://www.googleapis.com/auth/blogger",
		),
		google.JWTEndpoint(),
		// If you would like to impersonate a user, you can
		// create a transport with a subject. The following GET
		// request will be made on the behalf of [email protected].
		// Subject is optional.
		oauth2.Subject("*****@*****.**"),
	)
	if err != nil {
		log.Fatal(err)
	}

	// Initiate an http.Client, the following GET request will be
	// authorized and authenticated on the behalf of [email protected].
	client := http.Client{Transport: opts.NewTransport()}
	client.Get("...")
}
Exemplo n.º 5
0
func Example_webServer() {
	// Your credentials should be obtained from the Google
	// Developer Console (https://console.developers.google.com).
	opts, err := oauth2.New(
		oauth2.Client("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET"),
		oauth2.RedirectURL("YOUR_REDIRECT_URL"),
		oauth2.Scope(
			"https://www.googleapis.com/auth/bigquery",
			"https://www.googleapis.com/auth/blogger",
		),
		google.Endpoint(),
	)
	if err != nil {
		log.Fatal(err)
	}
	// Redirect user to Google's consent page to ask for permission
	// for the scopes specified above.
	url := opts.AuthCodeURL("state", "online", "auto")
	fmt.Printf("Visit the URL for the auth dialog: %v", url)

	// Handle the exchange code to initiate a transport
	t, err := opts.NewTransportFromCode("exchange-code")
	if err != nil {
		log.Fatal(err)
	}
	client := http.Client{Transport: t}
	client.Get("...")
}
Exemplo n.º 6
0
func NewServer(databaseName string) *martini.ClassicMartini {

	m := martini.Classic()
	c := config.GetConfig()

	// Setup middleware
	m.Use(db.DB(databaseName))
	m.Use(render.Renderer())
	m.Use(cors.Allow(&cors.Options{
		AllowOrigins:     []string{"http://localhost*"},
		AllowMethods:     []string{"POST", "GET"},
		AllowHeaders:     []string{"Origin"},
		ExposeHeaders:    []string{"Content-Length"},
		AllowCredentials: true,
	}))

	// Google OAuth
	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte(c.Cookie_Auth),
		[]byte(c.Cookie_Enc))))

	m.Use(oauth2.Google(
		goauth2.Client(c.Client_Id, c.Client_Secret),
		goauth2.RedirectURL(c.OAuth_Callback),
		goauth2.Scope("email"),
	))

	// Static Assets
	m.Use(martini.Static("frontend/dist"))

	// Setup event routes
	m.Get(`/events`, controllers.GetAllEvents)
	m.Get(`/events/:id`, controllers.GetEvent)
	m.Post(`/events`, binding.Json(models.Event{}), binding.ErrorHandler, controllers.AddEvent)

	// Setup comment routes
	m.Get(`/events/:event_id/comments`, controllers.GetAllComments)
	m.Post(`/events/:event_id/comments`, binding.Json(models.Comment{}), binding.ErrorHandler, controllers.AddComment)

	// User route for Oauth
	m.Get(`/users`, oauth2.LoginRequired, controllers.GetLoggedInUser)

	// TODO Update, Delete for events
	//m.Put(`/events/:id`, UpdateEvent)
	//m.Delete(`/events/:id`, DeleteEvent)

	// Add the router action

	return m
}
Exemplo n.º 7
0
func main() {

	secureMux := http.NewServeMux()

	// Routes that require a logged in user
	// can be protected by using a separate route handler
	// If the user is not authenticated, they will be
	// redirected to the login path.
	secureMux.HandleFunc("/restrict", func(w http.ResponseWriter, req *http.Request) {
		token := oauth2.GetToken(req)
		fmt.Fprintf(w, "OK: %s", token.Access())
	})

	secure := negroni.New()
	secure.Use(oauth2.LoginRequired())
	secure.UseHandler(secureMux)

	n := negroni.New()
	n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
	n.Use(oauth2.Google(
		goauth2.Client("client_id", "client_secret"),
		goauth2.RedirectURL("redirect_url"),
		goauth2.Scope("https://www.googleapis.com/auth/drive"),
	))

	router := http.NewServeMux()

	//routes added to mux do not require authentication
	router.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
		token := oauth2.GetToken(req)
		if token == nil || token.Expired() {
			fmt.Fprintf(w, "not logged in, or the access token is expired")
			return
		}
		fmt.Fprintf(w, "logged in")
		return
	})

	//There is probably a nicer way to handle this than repeat the restricted routes again
	//of course, you could use something like gorilla/mux and define prefix / regex etc.
	router.Handle("/restrict", secure)

	n.UseHandler(router)

	n.Run(":3000")
}
Exemplo n.º 8
0
func Example_appEngine() {
	ctx := appengine.NewContext(nil)
	opts, err := oauth2.New(
		google.AppEngineContext(ctx),
		oauth2.Scope(
			"https://www.googleapis.com/auth/bigquery",
			"https://www.googleapis.com/auth/blogger",
		),
	)
	if err != nil {
		log.Fatal(err)
	}
	// The following client will be authorized by the App Engine
	// app's service account for the provided scopes.
	client := http.Client{Transport: opts.NewTransport()}
	client.Get("...")
}
Exemplo n.º 9
0
func TestFetchTokenLocalCacheExpired(t *testing.T) {
	m := &mockMemcache{vals: make(tokMap)}
	memcacheGob = m
	accessTokenCount = 0
	// Pre-populate the local cache
	tokens[testScopeKey] = &oauth2.Token{
		AccessToken: "mytoken",
		Expiry:      time.Now().Add(-1 * time.Hour),
	}
	// Pre-populate the memcache
	tok := &oauth2.Token{
		AccessToken: "mytoken",
		Expiry:      time.Now().Add(1 * time.Hour),
	}
	m.Set(nil, &memcache.Item{
		Key:        testScopeKey,
		Object:     *tok,
		Expiration: 1 * time.Hour,
	})
	m.setCount = 0
	f, err := oauth2.New(
		AppEngineContext(nil),
		oauth2.Scope(testScope),
	)
	if err != nil {
		t.Error(err)
	}
	c := http.Client{Transport: f.NewTransport()}
	c.Get("server")
	if w := 1; m.getCount != w {
		t.Errorf("bad memcache.Get count: got %v, want %v", m.getCount, w)
	}
	if w := 0; accessTokenCount != w {
		t.Errorf("bad AccessToken count: got %v, want %v", accessTokenCount, w)
	}
	if w := 0; m.setCount != w {
		t.Errorf("bad memcache.Set count: got %v, want %v", m.setCount, w)
	}
	// Make sure local cache remains populated
	_, ok := tokens[testScopeKey]
	if !ok {
		t.Errorf("local cache not populated!")
	}
}
Exemplo n.º 10
0
func Test_LoginRedirect(t *testing.T) {
	recorder := httptest.NewRecorder()
	m := martini.New()
	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
	m.Use(Google(
		oauth2.Client("client_id", "client_secret"),
		oauth2.RedirectURL("redirect_url"),
		oauth2.Scope("x", "y"),
	))
	r, _ := http.NewRequest("GET", "/login", nil)
	m.ServeHTTP(recorder, r)
	location := recorder.HeaderMap["Location"][0]
	if recorder.Code != 302 {
		t.Errorf("Not being redirected to the auth page.")
	}
	if location != "https://accounts.google.com/o/oauth2/auth?client_id=client_id&redirect_uri=redirect_url&response_type=code&scope=x+y&state=%2F" {
		t.Errorf("Not being redirected to the right page, %v found", location)
	}
}
Exemplo n.º 11
0
func Test_LoginRedirectAfterLoginRequired(t *testing.T) {
	recorder := httptest.NewRecorder()
	m := martini.Classic()
	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
	m.Use(Google(
		oauth2.Client("client_id", "client_secret"),
		oauth2.RedirectURL("redirect_url"),
		oauth2.Scope("x", "y"),
	))
	m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) {
		return 200, tokens.Access()
	})
	r, _ := http.NewRequest("GET", "/login-required?key=value", nil)
	m.ServeHTTP(recorder, r)
	location := recorder.HeaderMap["Location"][0]
	if recorder.Code != 302 {
		t.Errorf("Not being redirected to the auth page.")
	}
	if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" {
		t.Errorf("Not being redirected to the right page, %v found", location)
	}
}
Exemplo n.º 12
0
func Test_LoginRedirect(t *testing.T) {
	recorder := httptest.NewRecorder()
	n := negroni.New()
	n.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
	n.Use(Google(
		goauth2.Client("client_id", "client_secret"),
		goauth2.RedirectURL("refresh_url"),
		goauth2.Scope("x", "y"),
	))

	r, _ := http.NewRequest("GET", "/login", nil)
	n.ServeHTTP(recorder, r)

	location := recorder.HeaderMap["Location"][0]
	if recorder.Code != 302 {
		t.Errorf("Not being redirected to the auth page.")
	}
	t.Logf(location)
	if strings.HasPrefix("https://accounts.google.com/o/oauth2/auth?access_type=online&approval_prompt=auto&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=", location) {
		t.Errorf("Not being redirected to the right page, %v found", location)
	}
}
Exemplo n.º 13
0
func Example_serviceAccountsJSON() {
	// Your credentials should be obtained from the Google
	// Developer Console (https://console.developers.google.com).
	// Navigate to your project, then see the "Credentials" page
	// under "APIs & Auth".
	// To create a service account client, click "Create new Client ID",
	// select "Service Account", and click "Create Client ID". A JSON
	// key file will then be downloaded to your computer.
	opts, err := oauth2.New(
		google.ServiceAccountJSONKey("/path/to/your-project-key.json"),
		oauth2.Scope(
			"https://www.googleapis.com/auth/bigquery",
			"https://www.googleapis.com/auth/blogger",
		),
	)
	if err != nil {
		log.Fatal(err)
	}
	// Initiate an http.Client. The following GET request will be
	// authorized and authenticated on the behalf of
	// your service account.
	client := http.Client{Transport: opts.NewTransport()}
	client.Get("...")
}