示例#1
0
func RefreshTokenRequest(data utils.H) (utils.H, error) {
	var user models.User
	var client models.Client

	var token string
	var scope string

	if data["refresh_token"] == nil || data["scope"] == nil || data["client"] == nil {
		return invalidRequestResult("")
	}

	token = data["refresh_token"].(string)
	scope = data["scope"].(string)
	client = data["client"].(models.Client)

	refreshSession := services.FindSessionByToken(token, models.RefreshToken)
	defer services.InvalidateSession(refreshSession)
	if refreshSession.ID == 0 {
		return invalidGrantResult("")
	}
	user = refreshSession.User
	user = services.FindUserByPublicId(user.PublicId)
	if refreshSession.Client.ID != client.ID {
		return invalidGrantResult("")
	}
	if scope != refreshSession.Scopes {
		return invalidScopeResult("")
	}

	accessToken := services.CreateSession(user,
		client,
		refreshSession.Ip,
		refreshSession.UserAgent,
		scope,
		models.AccessToken)
	refreshToken := services.CreateSession(user,
		client,
		refreshSession.Ip,
		refreshSession.UserAgent,
		scope,
		models.RefreshToken)

	if accessToken.ID == 0 || refreshToken.ID == 0 {
		return serverErrorResult("")
	}

	return utils.H{
		"user_id":       user.PublicId,
		"access_token":  accessToken.Token,
		"token_type":    "Bearer",
		"expires_in":    accessToken.ExpiresIn,
		"refresh_token": refreshToken.Token,
		"scope":         refreshSession.Scopes,
	}, nil
}
示例#2
0
func AccessTokenRequest(data utils.H) (utils.H, error) {
	var user models.User
	var client models.Client

	var code string
	var redirectURI string

	if data["code"] == nil || data["redirect_uri"] == nil || data["client"] == nil {
		return invalidRequestResult("")
	}

	redirectURI = data["redirect_uri"].(string)
	code = data["code"].(string)
	client = data["client"].(models.Client)

	authorizationSession := services.FindSessionByToken(code, models.GrantToken)
	defer services.InvalidateSession(authorizationSession)
	if authorizationSession.ID == 0 {
		return invalidGrantResult("")
	}
	user = authorizationSession.User
	user = services.FindUserByPublicId(user.PublicId)
	if authorizationSession.Client.ID != client.ID {
		return invalidGrantResult("")
	}
	if !strings.Contains(authorizationSession.Client.RedirectURI, redirectURI) {
		return invalidGrantResult("")
	}

	accessToken := services.CreateSession(user,
		client,
		authorizationSession.Ip,
		authorizationSession.UserAgent,
		authorizationSession.Scopes,
		models.AccessToken)
	refreshToken := services.CreateSession(user,
		client,
		authorizationSession.Ip,
		authorizationSession.UserAgent,
		authorizationSession.Scopes,
		models.RefreshToken)

	if accessToken.ID == 0 || refreshToken.ID == 0 {
		return serverErrorResult("")
	}

	return utils.H{
		"user_id":       user.PublicId,
		"access_token":  accessToken.Token,
		"token_type":    "Bearer",
		"expires_in":    accessToken.ExpiresIn,
		"refresh_token": refreshToken.Token,
		"scope":         authorizationSession.Scopes,
	}, nil
}
示例#3
0
func jupiterHandler(c *gin.Context) {
	session := sessions.Default(c)
	userPublicId := session.Get("userPublicId")
	if userPublicId == nil {
		c.Redirect(http.StatusFound, "/signin")
		return
	}
	client := services.FindOrCreateClient("Jupiter")
	user := services.FindUserByPublicId(userPublicId.(string))
	actionToken := services.CreateAction(user, client,
		c.Request.RemoteAddr,
		c.Request.UserAgent(),
		models.ReadWriteScope)
	c.HTML(http.StatusOK, "satellite", utils.H{
		"AssetsEndpoint": spaceCDN,
		"Title":          " - Mission control",
		"Satellite":      "europa",
		"Data": utils.H{
			"action_token": actionToken.Token,
			"user_id":      user.UUID,
		},
	})
}
示例#4
0
func authorizeHandler(c *gin.Context) {
	var location string
	var responseType string
	var clientId string
	var redirectURI string
	var scope string
	var state string

	session := sessions.Default(c)
	userPublicId := session.Get("userPublicId")
	nextPath := url.QueryEscape(fmt.Sprintf("%s?%s", c.Request.URL.Path, c.Request.URL.RawQuery))
	if userPublicId == nil {
		location = fmt.Sprintf("/signin?_=%s", nextPath)
		c.Redirect(http.StatusFound, location)
		return
	}
	user := services.FindUserByPublicId(userPublicId.(string))
	if user.ID == 0 {
		session.Delete("userPublicId")
		session.Save()
		location = fmt.Sprintf("/signin?_=%s", nextPath)
		c.Redirect(http.StatusFound, location)
		return
	}

	responseType = c.Query("response_type")
	clientId = c.Query("client_id")
	redirectURI = c.Query("redirect_uri")
	scope = c.Query("scope")
	state = c.Query("state")

	if redirectURI == "" {
		redirectURI = "/error"
	}

	client := services.FindClientByKey(clientId)
	if client.ID == 0 {
		redirectURI = "/error"
		location = fmt.Sprintf("%s?error=%s&state=%s",
			redirectURI, oauth.UnauthorizedClient, state)
		c.Redirect(http.StatusFound, location)
		return
	}

	if scope != models.PublicScope && scope != models.ReadScope && scope != models.ReadWriteScope {
		scope = "public"
	}

	switch responseType {
	// Authorization Code Grant
	case oauth.Code:
		activeSessions := services.ActiveSessionsForClient(client.ID, user.ID)
		if c.Request.Method == "GET" && activeSessions == 0 {
			c.HTML(http.StatusOK, "satellite", utils.H{
				"AssetsEndpoint": spaceCDN,
				"Title":          " - Authorize",
				"Satellite":      "callisto",
				"Data": utils.H{
					"first_name":      user.FirstName,
					"last_name":       user.LastName,
					"client_name":     client.Name,
					"client_uri":      client.CanonicalURI,
					"requested_scope": scope,
				},
			})
			return
		} else if c.Request.Method == "POST" || (activeSessions > 0 && c.Request.Method == "GET") {
			if c.PostForm("access_denied") == "true" {
				location = fmt.Sprintf(errorURI, redirectURI, oauth.AccessDenied, state)
				c.Redirect(http.StatusFound, location)
				return
			}
			result, err := oauth.AuthorizationCodeGrant(utils.H{
				"response_type": responseType,
				"client":        client,
				"user":          user,
				"ip":            c.Request.RemoteAddr,
				"userAgent":     c.Request.UserAgent(),
				"redirect_uri":  redirectURI,
				"scope":         scope,
				"state":         state,
			})
			if err != nil {
				location = fmt.Sprintf(errorURI, redirectURI, result["error"], result["state"])
				c.Redirect(http.StatusFound, location)
			} else {
				location = fmt.Sprintf("%s?code=%s&scope=%s&state=%s",
					redirectURI, result["code"], result["scope"], result["state"])
				c.Redirect(http.StatusFound, location)
			}
		} else {
			c.String(http.StatusNotFound, "404 Not Found")
		}
	// Implicit Grant
	case oauth.Token:
		location = fmt.Sprintf(errorURI,
			redirectURI, oauth.UnsupportedResponseType, state)
		c.Redirect(http.StatusFound, location)
		return
	default:
		location = fmt.Sprintf(errorURI,
			redirectURI, oauth.InvalidRequest, state)
		c.Redirect(http.StatusFound, location)
		return
	}
}