示例#1
0
// LoadAccess retrieves access data by token. Client information MUST be loaded together.
// AuthorizeData and AccessData DON'T NEED to be loaded if not easily available.
// Optionally can return error if expired.
func (s *Storage) LoadAccess(token string) (*osin.AccessData, error) {
	access_token, err := data.GetAccessTokenWithAccessToken(s.db, token)
	if err != nil {
		return nil, err
	}

	if access_token == nil {
		return nil, fmt.Errorf("no such access token")
	}

	client, err := s.getClientWithId(access_token.ApplicationId)
	if err != nil {
		return nil, err
	}

	ad := &osin.AccessData{
		Client:       client,
		AccessToken:  access_token.AccessToken,
		RefreshToken: access_token.RefreshToken.String,
		ExpiresIn:    access_token.ExpiresIn,
		Scope:        access_token.Scope,
		RedirectUri:  access_token.RedirectURI,
		CreatedAt:    access_token.CreatedAt,
		UserData:     access_token,
	}

	return ad, nil
}
示例#2
0
func may_authenticate(c martini.Context, sess sessions.Session, db *sqlx.DB, r *http.Request) {
	var (
		interactive = true
		token       string
		identity_id int64
		identity    *data.Identity
		err         error
	)

	// Attempt with Authorization header
	if v := r.Header.Get("Authorization"); v != "" {
		parts := strings.SplitN(v, " ", 2)
		if len(parts) == 2 && strings.ToLower(parts[0]) == "bearer" {
			interactive = false
			token = parts[1]
		}

		// Attempt with access_token parameter
	} else if v := r.URL.Query().Get("access_token"); v != "" {
		interactive = false
		token = v

		// Attempt with session.identity_id
	} else if id, ok := sess.Get("identity_id").(int64); ok {
		interactive = true
		identity_id = id
	}

	if token != "" {
		at, err := data.GetAccessTokenWithAccessToken(db, token)
		if err != nil {
			panic(err)
		}
		identity_id = at.IdentityId
	}

	if identity_id > 0 {
		identity, err = data.GetIdentity(db, identity_id)
		if err != nil {
			panic(err)
		}
	}

	if interactive {
		r.Header.Set("x-interactive", "true")
	}

	c.Map(identity)
}