Exemplo n.º 1
0
func handleGetPublicKey(core *roll.Core, w http.ResponseWriter, r *http.Request) {
	//Extract client id
	clientID := strings.TrimPrefix(r.RequestURI, JWTFlowCertsURI)
	if clientID == "" {
		respondError(w, http.StatusBadRequest, errors.New("Resource not specified"))
		return
	}

	log.Info("retrieve public key for application: ", clientID)

	//Retrieve the app definition. Note that here since we are only returning publically
	//available information, we do not have to apply the data security model
	app, err := core.SystemRetrieveApplication(clientID)
	if err != nil {
		log.Info("error retrieving application")
		respondError(w, http.StatusInternalServerError, errReadingApplicationRecord)
		return
	}

	if app == nil {
		log.Info("application not found")
		respondError(w, http.StatusNotFound, nil)
		return
	}

	pk := publicKeyCtx{
		PublicKey: app.JWTFlowPublicKey,
	}

	respondOk(w, &pk)
}
Exemplo n.º 2
0
func lookupApplicationFromFormClientID(core *roll.Core, r *http.Request) (*roll.Application, error) {
	app, err := core.SystemRetrieveApplication(r.Form["client_id"][0])
	if err != nil {
		return nil, err
	}

	if app == nil {
		return nil, errors.New("Invalid client id")
	}

	return app, nil
}
Exemplo n.º 3
0
func lookupApplication(core *roll.Core, clientID string) (*roll.Application, error) {
	app, err := core.SystemRetrieveApplication(clientID)
	if err != nil {
		log.Info("Error retrieving app data: ", err.Error())
		return nil, ErrRetrievingAppData
	}

	if app == nil {
		log.Info("Invalid client id: ", clientID)
		return nil, errors.New("Invalid client id")
	}

	return app, nil
}
Exemplo n.º 4
0
func validateClientSecret(core *roll.Core, r *http.Request, clientID, clientSecret string) (*roll.Application, error) {

	app, err := core.SystemRetrieveApplication(clientID)
	if err != nil {
		return nil, errReadingApplicationRecord
	}

	if app == nil {
		return nil, errApplicationNotFound
	}

	if clientSecret != app.ClientSecret {
		return nil, errInvalidClientSecret
	}

	return app, nil
}
Exemplo n.º 5
0
func validateInputParams(core *roll.Core, r *http.Request) (*roll.Application, error) {
	responseType := r.FormValue("response_type")
	if responseType != "token" && responseType != "code" {
		return nil, errors.New("response_type must be code or token")
	}

	//Client id is application key
	clientID := r.FormValue("client_id")
	app, err := core.SystemRetrieveApplication(clientID)
	if err != nil {
		return nil, err
	}

	if app == nil {
		return nil, errors.New("Invalid client id")
	}

	redirectURI := r.FormValue("redirect_uri")
	if app.RedirectURI != redirectURI {
		return nil, errors.New("redirect_uri does not match registered redirect URIs")
	}

	return app, nil
}