auth

Paddy 2015-05-15 Parent:e000b1c24fc0 Child:8ecb60d29b0d

auth/request_test.go

Switch to a JWT approach. We're going to use a JWT as our access tokens (as discussed in &yet's excellent post https://blog.andyet.com/2015/05/12/micro-services-user-info-and-auth and my ensuing conversation with Fritzy). The benefit of this approach is that we can do authentication and even some authorization without touching the database at all. The drawback is that we can no longer revoke access tokens, only the refresh tokens that grant the access tokens. We need a new config variable to set our private key, used to sign the JWT. We get to remove our token handlers, as we no longer can revoke tokens, so there's no purpose in getting information about it or listing them. Our tokenStore revokeToken gets to be simplified, as it will only ever be used for refresh tokens now. We also updated our postgres and memstore implementations. We added a helper method for generating the signed "access token" (our JWT) and started using it in the places where we're creating a Token. We get to remove the `revoked` SQL column for the tokens table, and rename the `refresh_revoked` column to just be `revoked`. We shortened our access token expiration to 15 minutes instead of an hour, to deal with the token not being revokable.

Download raw file

View source Diff to previous Annotate

paddy@116	1 package auth
paddy@116	2
paddy@116	3 import "fmt"
paddy@116	4
paddy@116	5 func compareErrors(err1, err2 requestError) (success bool, field string, val1, val2 interface{}) {
paddy@116	6 if err1.Slug != err2.Slug {
paddy@116	7 return false, "Slug", err1.Slug, err2.Slug
paddy@116	8 }
paddy@116	9 if err1.Field != err2.Field {
paddy@116	10 return false, "Field", err1.Field, err2.Field
paddy@116	11 }
paddy@116	12 if err1.Param != err2.Param {
paddy@116	13 return false, "Param", err1.Param, err2.Param
paddy@116	14 }
paddy@116	15 if err1.Header != err2.Header {
paddy@116	16 return false, "Header", err1.Header, err2.Header
paddy@116	17 }
paddy@116	18 return true, "", nil, nil
paddy@116	19 }
paddy@116	20
paddy@116	21 func compareResponses(resp1, resp2 response) (success bool, field string, val1, val2 interface{}) {
paddy@116	22 if len(resp1.Errors) != len(resp2.Errors) {
paddy@116	23 return false, "Errors", resp1.Errors, resp2.Errors
paddy@116	24 }
paddy@116	25 if len(resp1.Logins) != len(resp2.Logins) {
paddy@116	26 return false, "Logins", resp1.Logins, resp2.Logins
paddy@116	27 }
paddy@116	28 if len(resp1.Profiles) != len(resp2.Profiles) {
paddy@116	29 return false, "Profiles", resp1.Profiles, resp2.Profiles
paddy@116	30 }
paddy@116	31 if len(resp1.Clients) != len(resp2.Clients) {
paddy@116	32 return false, "Clients", resp1.Clients, resp2.Clients
paddy@116	33 }
paddy@116	34 if len(resp1.Endpoints) != len(resp2.Endpoints) {
paddy@116	35 return false, "Endpoints", resp1.Endpoints, resp2.Endpoints
paddy@116	36 }
paddy@116	37 for pos := range resp1.Errors {
paddy@116	38 success, field, val1, val2 = compareErrors(resp1.Errors[pos], resp2.Errors[pos])
paddy@116	39 if !success {
paddy@116	40 field = fmt.Sprintf("Error %d %s", pos, field)
paddy@116	41 return
paddy@116	42 }
paddy@116	43 }
paddy@116	44 for pos := range resp1.Logins {
paddy@116	45 success, field, val1, val2 = compareLogins(resp1.Logins[pos], resp2.Logins[pos])
paddy@116	46 if !success {
paddy@116	47 field = fmt.Sprintf("Login %d %s", pos, field)
paddy@116	48 return
paddy@116	49 }
paddy@116	50 }
paddy@116	51 for pos := range resp1.Profiles {
paddy@116	52 success, field, val1, val2 = compareProfiles(resp1.Profiles[pos], resp2.Profiles[pos])
paddy@116	53 if !success {
paddy@116	54 field = fmt.Sprintf("Profile %d %s", pos, field)
paddy@116	55 return
paddy@116	56 }
paddy@116	57 }
paddy@116	58 for pos := range resp1.Clients {
paddy@116	59 success, field, val1, val2 = compareClients(resp1.Clients[pos], resp2.Clients[pos])
paddy@116	60 if !success {
paddy@116	61 field = fmt.Sprintf("Client %d %s", pos, field)
paddy@116	62 return
paddy@116	63 }
paddy@116	64 }
paddy@116	65 for pos := range resp1.Endpoints {
paddy@116	66 success, field, val1, val2 = compareEndpoints(resp1.Endpoints[pos], resp2.Endpoints[pos])
paddy@116	67 if !success {
paddy@116	68 field = fmt.Sprintf("Endpoint %d %s", pos, field)
paddy@116	69 return
paddy@116	70 }
paddy@116	71 }
paddy@116	72 return true, "", nil, nil
paddy@116	73 }
paddy@116	74
paddy@116	75 func fillInServerGenerated(expectation, result response) {
paddy@116	76 if len(expectation.Profiles) > 0 {
paddy@116	77 for pos, profile := range expectation.Profiles {
paddy@116	78 profile.ID = result.Profiles[pos].ID
paddy@116	79 profile.Created = result.Profiles[pos].Created
paddy@116	80 profile.LastSeen = result.Profiles[pos].LastSeen
paddy@116	81 expectation.Profiles[pos] = profile
paddy@116	82 }
paddy@116	83 }
paddy@116	84 if len(expectation.Logins) > 0 {
paddy@116	85 for pos, login := range expectation.Logins {
paddy@116	86 login.ProfileID = result.Logins[pos].ProfileID
paddy@116	87 login.Created = result.Logins[pos].Created
paddy@116	88 login.LastUsed = result.Logins[pos].LastUsed
paddy@116	89 expectation.Logins[pos] = login
paddy@116	90 }
paddy@116	91 }
paddy@116	92 if len(expectation.Clients) > 0 {
paddy@116	93 for pos, client := range expectation.Clients {
paddy@116	94 client.ID = result.Clients[pos].ID
paddy@116	95 client.Secret = result.Clients[pos].Secret
paddy@116	96 client.OwnerID = result.Clients[pos].OwnerID
paddy@116	97 expectation.Clients[pos] = client
paddy@116	98 }
paddy@116	99 }
paddy@116	100 if len(expectation.Endpoints) > 0 {
paddy@116	101 for pos, endpoint := range expectation.Endpoints {
paddy@116	102 endpoint.ID = result.Endpoints[pos].ID
paddy@116	103 endpoint.ClientID = result.Endpoints[pos].ClientID
paddy@116	104 endpoint.Added = result.Endpoints[pos].Added
paddy@116	105 expectation.Endpoints[pos] = endpoint
paddy@116	106 }
paddy@116	107 }
paddy@116	108 }