func RefreshTokenRequest(data utils.H) (utils.H, error) { var user models.User var client models.Client var token string var scope string if data["refresh_token"] == nil || data["scope"] == nil || data["client"] == nil { return invalidRequestResult("") } token = data["refresh_token"].(string) scope = data["scope"].(string) client = data["client"].(models.Client) refreshSession := services.FindSessionByToken(token, models.RefreshToken) defer services.InvalidateSession(refreshSession) if refreshSession.ID == 0 { return invalidGrantResult("") } user = refreshSession.User user = services.FindUserByPublicId(user.PublicId) if refreshSession.Client.ID != client.ID { return invalidGrantResult("") } if scope != refreshSession.Scopes { return invalidScopeResult("") } accessToken := services.CreateSession(user, client, refreshSession.Ip, refreshSession.UserAgent, scope, models.AccessToken) refreshToken := services.CreateSession(user, client, refreshSession.Ip, refreshSession.UserAgent, scope, models.RefreshToken) if accessToken.ID == 0 || refreshToken.ID == 0 { return serverErrorResult("") } return utils.H{ "user_id": user.PublicId, "access_token": accessToken.Token, "token_type": "Bearer", "expires_in": accessToken.ExpiresIn, "refresh_token": refreshToken.Token, "scope": refreshSession.Scopes, }, nil }
func AccessTokenRequest(data utils.H) (utils.H, error) { var user models.User var client models.Client var code string var redirectURI string if data["code"] == nil || data["redirect_uri"] == nil || data["client"] == nil { return invalidRequestResult("") } redirectURI = data["redirect_uri"].(string) code = data["code"].(string) client = data["client"].(models.Client) authorizationSession := services.FindSessionByToken(code, models.GrantToken) defer services.InvalidateSession(authorizationSession) if authorizationSession.ID == 0 { return invalidGrantResult("") } user = authorizationSession.User user = services.FindUserByPublicId(user.PublicId) if authorizationSession.Client.ID != client.ID { return invalidGrantResult("") } if !strings.Contains(authorizationSession.Client.RedirectURI, redirectURI) { return invalidGrantResult("") } accessToken := services.CreateSession(user, client, authorizationSession.Ip, authorizationSession.UserAgent, authorizationSession.Scopes, models.AccessToken) refreshToken := services.CreateSession(user, client, authorizationSession.Ip, authorizationSession.UserAgent, authorizationSession.Scopes, models.RefreshToken) if accessToken.ID == 0 || refreshToken.ID == 0 { return serverErrorResult("") } return utils.H{ "user_id": user.PublicId, "access_token": accessToken.Token, "token_type": "Bearer", "expires_in": accessToken.ExpiresIn, "refresh_token": refreshToken.Token, "scope": authorizationSession.Scopes, }, nil }
func jupiterHandler(c *gin.Context) { session := sessions.Default(c) userPublicId := session.Get("userPublicId") if userPublicId == nil { c.Redirect(http.StatusFound, "/signin") return } client := services.FindOrCreateClient("Jupiter") user := services.FindUserByPublicId(userPublicId.(string)) actionToken := services.CreateAction(user, client, c.Request.RemoteAddr, c.Request.UserAgent(), models.ReadWriteScope) c.HTML(http.StatusOK, "satellite", utils.H{ "AssetsEndpoint": spaceCDN, "Title": " - Mission control", "Satellite": "europa", "Data": utils.H{ "action_token": actionToken.Token, "user_id": user.UUID, }, }) }
func authorizeHandler(c *gin.Context) { var location string var responseType string var clientId string var redirectURI string var scope string var state string session := sessions.Default(c) userPublicId := session.Get("userPublicId") nextPath := url.QueryEscape(fmt.Sprintf("%s?%s", c.Request.URL.Path, c.Request.URL.RawQuery)) if userPublicId == nil { location = fmt.Sprintf("/signin?_=%s", nextPath) c.Redirect(http.StatusFound, location) return } user := services.FindUserByPublicId(userPublicId.(string)) if user.ID == 0 { session.Delete("userPublicId") session.Save() location = fmt.Sprintf("/signin?_=%s", nextPath) c.Redirect(http.StatusFound, location) return } responseType = c.Query("response_type") clientId = c.Query("client_id") redirectURI = c.Query("redirect_uri") scope = c.Query("scope") state = c.Query("state") if redirectURI == "" { redirectURI = "/error" } client := services.FindClientByKey(clientId) if client.ID == 0 { redirectURI = "/error" location = fmt.Sprintf("%s?error=%s&state=%s", redirectURI, oauth.UnauthorizedClient, state) c.Redirect(http.StatusFound, location) return } if scope != models.PublicScope && scope != models.ReadScope && scope != models.ReadWriteScope { scope = "public" } switch responseType { // Authorization Code Grant case oauth.Code: activeSessions := services.ActiveSessionsForClient(client.ID, user.ID) if c.Request.Method == "GET" && activeSessions == 0 { c.HTML(http.StatusOK, "satellite", utils.H{ "AssetsEndpoint": spaceCDN, "Title": " - Authorize", "Satellite": "callisto", "Data": utils.H{ "first_name": user.FirstName, "last_name": user.LastName, "client_name": client.Name, "client_uri": client.CanonicalURI, "requested_scope": scope, }, }) return } else if c.Request.Method == "POST" || (activeSessions > 0 && c.Request.Method == "GET") { if c.PostForm("access_denied") == "true" { location = fmt.Sprintf(errorURI, redirectURI, oauth.AccessDenied, state) c.Redirect(http.StatusFound, location) return } result, err := oauth.AuthorizationCodeGrant(utils.H{ "response_type": responseType, "client": client, "user": user, "ip": c.Request.RemoteAddr, "userAgent": c.Request.UserAgent(), "redirect_uri": redirectURI, "scope": scope, "state": state, }) if err != nil { location = fmt.Sprintf(errorURI, redirectURI, result["error"], result["state"]) c.Redirect(http.StatusFound, location) } else { location = fmt.Sprintf("%s?code=%s&scope=%s&state=%s", redirectURI, result["code"], result["scope"], result["state"]) c.Redirect(http.StatusFound, location) } } else { c.String(http.StatusNotFound, "404 Not Found") } // Implicit Grant case oauth.Token: location = fmt.Sprintf(errorURI, redirectURI, oauth.UnsupportedResponseType, state) c.Redirect(http.StatusFound, location) return default: location = fmt.Sprintf(errorURI, redirectURI, oauth.InvalidRequest, state) c.Redirect(http.StatusFound, location) return } }