func TestSpaceDelimitedStringNotGreater(t *testing.T) { assert.True(t, util.SpaceDelimitedStringNotGreater("", "bar foo qux")) assert.True(t, util.SpaceDelimitedStringNotGreater("foo", "bar foo qux")) assert.True(t, util.SpaceDelimitedStringNotGreater("bar foo qux", "foo bar qux")) assert.False(t, util.SpaceDelimitedStringNotGreater("foo bar qux bogus", "bar foo qux")) }
func (s *Service) refreshTokenGrant(w http.ResponseWriter, r *http.Request, client *Client) { // Fetch the refresh token theRefreshToken, err := s.GetValidRefreshToken( r.Form.Get("refresh_token"), // refresh token client, // client ) if err != nil { response.Error(w, err.Error(), http.StatusBadRequest) return } // Get the scope string scope, err := s.GetScope(r.Form.Get("scope")) if err != nil { response.Error(w, err.Error(), http.StatusBadRequest) return } // Requested scope CANNOT include any scope not originally granted if !util.SpaceDelimitedStringNotGreater(scope, theRefreshToken.Scope) { response.Error(w, errRequestedScopeCannotBeGreater.Error(), http.StatusBadRequest) return } // Create a new access token accessToken, err := s.GrantAccessToken( theRefreshToken.Client, // client theRefreshToken.User, // user scope, // scope ) if err != nil { response.Error(w, err.Error(), http.StatusInternalServerError) return } // Create or retrieve a refresh token refreshToken, err := s.GetOrCreateRefreshToken( theRefreshToken.Client, // client theRefreshToken.User, // user scope, // scope ) if err != nil { response.Error(w, err.Error(), http.StatusInternalServerError) return } // Write the JSON access token to the response accessTokenRespone := &AccessTokenResponse{ ID: accessToken.ID, AccessToken: accessToken.Token, ExpiresIn: s.cnf.Oauth.AccessTokenLifetime, TokenType: "Bearer", Scope: accessToken.Scope, RefreshToken: refreshToken.Token, } response.WriteJSON(w, accessTokenRespone, 200) }
func (s *Service) refreshTokenGrant(w http.ResponseWriter, r *http.Request, client *Client) { // Fetch the refresh token theRefreshToken, err := s.GetValidRefreshToken( r.Form.Get("refresh_token"), // refresh token client, // client ) if err != nil { response.Error(w, err.Error(), http.StatusBadRequest) return } // Default to the scope originally granted by the resource owner scope := theRefreshToken.Scope // If the scope is specified in the request, get the scope string if r.Form.Get("scope") != "" { scope, err = s.GetScope(r.Form.Get("scope")) if err != nil { response.Error(w, err.Error(), http.StatusBadRequest) return } } // Requested scope CANNOT include any scope not originally granted if !util.SpaceDelimitedStringNotGreater(scope, theRefreshToken.Scope) { response.Error(w, ErrRequestedScopeCannotBeGreater.Error(), http.StatusBadRequest) return } // Log in the user accessToken, refreshToken, err := s.Login( theRefreshToken.Client, theRefreshToken.User, scope, ) if err != nil { response.Error(w, err.Error(), http.StatusInternalServerError) return } // Write the JSON access token to the response accessTokenRespone := &AccessTokenResponse{ AccessToken: accessToken.Token, ExpiresIn: s.cnf.Oauth.AccessTokenLifetime, TokenType: TokenType, Scope: accessToken.Scope, RefreshToken: refreshToken.Token, } if accessToken.User != nil { accessTokenRespone.UserID = accessToken.User.ID } response.WriteJSON(w, accessTokenRespone, 200) }
// getRefreshTokenScope returns scope for a new refresh token func (s *Service) getRefreshTokenScope(refreshToken *models.OauthRefreshToken, requestedScope string) (string, error) { var ( scope = refreshToken.Scope // default to the scope originally granted by the resource owner err error ) // If the scope is specified in the request, get the scope string if requestedScope != "" { scope, err = s.GetScope(requestedScope) if err != nil { return "", err } } // Requested scope CANNOT include any scope not originally granted if !util.SpaceDelimitedStringNotGreater(scope, refreshToken.Scope) { return "", ErrRequestedScopeCannotBeGreater } return scope, nil }