auth

Paddy 2014-12-14 Parent:e57a57a944c4 Child:267483f168b5

auth/context.go

Add an endpoint to validate and register profiles. Add a newProfileRequest object that defines the user-specified properties of a new Profile. Add a helper that validates a newProfileRequest and modifies it for sanitization, mostly just removing leading and trailing whitespace. Add MaxNameLength, MaxUsernameLength, and MaxEmailLength constants to hold the maximum length for those properties. Add errors to be returned when a users attempts to log in with a profile that is compromised or locked. Add the bare bones of a CreateProfileHandler that validates a profile registration request adn uses it to create a Profile and at least one Login. Create a requestError struct that is used for returning API errors, along with constants for the slugs we'll use to signal those errors.

Download raw file

View source Diff to previous Annotate

paddy@50	1 package auth
paddy@50	2
paddy@50	3 import (
paddy@50	4 "html/template"
paddy@50	5 "io"
paddy@55	6 "log"
paddy@77	7 "net/url"
paddy@50	8 "time"
paddy@50	9
paddy@50	10 "code.secondbit.org/uuid"
paddy@50	11 )
paddy@50	12
paddy@57	13 // Context wraps the different storage interfaces and should
paddy@57	14 // be used as the main point of interaction for the data storage
paddy@57	15 // layer.
paddy@50	16 type Context struct {
paddy@87	17 template *template.Template
paddy@87	18 loginURI *url.URL
paddy@87	19 clients clientStore
paddy@87	20 authCodes authorizationCodeStore
paddy@87	21 profiles profileStore
paddy@87	22 tokens tokenStore
paddy@87	23 sessions sessionStore
paddy@96	24 config Config
paddy@96	25 }
paddy@96	26
paddy@96	27 // NewContext takes a Config instance and uses it to bootstrap a Context
paddy@96	28 // using the information provided in the Config variable.
paddy@96	29 func NewContext(config Config) (Context, error) {
paddy@96	30 context := Context{
paddy@96	31 clients: config.ClientStore,
paddy@96	32 authCodes: config.AuthCodeStore,
paddy@96	33 profiles: config.ProfileStore,
paddy@96	34 tokens: config.TokenStore,
paddy@96	35 sessions: config.SessionStore,
paddy@96	36 template: config.Template,
paddy@96	37 config: config,
paddy@96	38 }
paddy@96	39 var err error
paddy@96	40 context.loginURI, err = url.Parse(config.LoginURI)
paddy@96	41 if err != nil {
paddy@96	42 log.Println(err)
paddy@96	43 return Context{}, ErrInvalidLoginURI
paddy@96	44 }
paddy@96	45 return context, nil
paddy@50	46 }
paddy@50	47
paddy@57	48 // Render uses the HTML templates associated with the Context to render the
paddy@57	49 // template specified by name to out using data to fill any template variables.
paddy@55	50 func (c Context) Render(out io.Writer, name string, data interface{}) {
paddy@50	51 if c.template == nil {
paddy@57	52 log.Println("No template set on Context, can't render anything!")
paddy@57	53 return
paddy@50	54 }
paddy@55	55 err := c.template.ExecuteTemplate(out, name, data)
paddy@55	56 if err != nil {
paddy@55	57 log.Println("Error executing template", name, ":", err)
paddy@55	58 }
paddy@50	59 }
paddy@50	60
paddy@57	61 // GetClient returns a single Client by its ID from the
paddy@57	62 // clientStore associated with the Context.
paddy@50	63 func (c Context) GetClient(id uuid.ID) (Client, error) {
paddy@50	64 if c.clients == nil {
paddy@50	65 return Client{}, ErrNoClientStore
paddy@50	66 }
paddy@57	67 return c.clients.getClient(id)
paddy@50	68 }
paddy@50	69
paddy@57	70 // SaveClient stores the passed Client in the clientStore
paddy@57	71 // associated with the Context.
paddy@50	72 func (c Context) SaveClient(client Client) error {
paddy@50	73 if c.clients == nil {
paddy@50	74 return ErrNoClientStore
paddy@50	75 }
paddy@57	76 return c.clients.saveClient(client)
paddy@50	77 }
paddy@50	78
paddy@57	79 // UpdateClient applies the specified ClientChange to the Client
paddy@57	80 // with the specified ID in the clientStore associated with the
paddy@57	81 // Context.
paddy@50	82 func (c Context) UpdateClient(id uuid.ID, change ClientChange) error {
paddy@50	83 if c.clients == nil {
paddy@50	84 return ErrNoClientStore
paddy@50	85 }
paddy@57	86 return c.clients.updateClient(id, change)
paddy@50	87 }
paddy@50	88
paddy@57	89 // DeleteClient removes the client with the specified ID from the
paddy@57	90 // clientStore associated with the Context.
paddy@50	91 func (c Context) DeleteClient(id uuid.ID) error {
paddy@50	92 if c.clients == nil {
paddy@50	93 return ErrNoClientStore
paddy@50	94 }
paddy@57	95 return c.clients.deleteClient(id)
paddy@50	96 }
paddy@50	97
paddy@57	98 // ListClientsByOwner returns a slice of up to num Clients, starting at offset (inclusive)
paddy@57	99 // that have the specified OwnerID in the clientStore associated with the Context.
paddy@50	100 func (c Context) ListClientsByOwner(ownerID uuid.ID, num, offset int) ([]Client, error) {
paddy@50	101 if c.clients == nil {
paddy@50	102 return []Client{}, ErrNoClientStore
paddy@50	103 }
paddy@57	104 return c.clients.listClientsByOwner(ownerID, num, offset)
paddy@50	105 }
paddy@50	106
paddy@57	107 // AddEndpoint stores the specified Endpoint in the clientStore associated with the Context,
paddy@57	108 // and associates the newly-stored Endpoint with the Client specified by the passed ID.
paddy@50	109 func (c Context) AddEndpoint(client uuid.ID, endpoint Endpoint) error {
paddy@50	110 if c.clients == nil {
paddy@50	111 return ErrNoClientStore
paddy@50	112 }
paddy@57	113 return c.clients.addEndpoint(client, endpoint)
paddy@50	114 }
paddy@50	115
paddy@57	116 // RemoveEndpoint deletes the Endpoint with the specified ID from the clientStore associated
paddy@57	117 // with the Context, and disassociates the Endpoint from the specified Client.
paddy@50	118 func (c Context) RemoveEndpoint(client, endpoint uuid.ID) error {
paddy@50	119 if c.clients == nil {
paddy@50	120 return ErrNoClientStore
paddy@50	121 }
paddy@57	122 return c.clients.removeEndpoint(client, endpoint)
paddy@50	123 }
paddy@50	124
paddy@57	125 // CheckEndpoint finds Endpoints in the clientStore associated with the Context that belong
paddy@58	126 // to the Client specified by the passed ID and match the URI passed. URI matches must be
paddy@58	127 // performed according to RFC 3986 Section 6.
paddy@58	128 func (c Context) CheckEndpoint(client uuid.ID, URI string) (bool, error) {
paddy@50	129 if c.clients == nil {
paddy@50	130 return false, ErrNoClientStore
paddy@50	131 }
paddy@58	132 return c.clients.checkEndpoint(client, URI)
paddy@50	133 }
paddy@50	134
paddy@57	135 // ListEndpoints finds Endpoints in the clientStore associated with the Context that belong
paddy@57	136 // to the Client specified by the passed ID. It returns up to num endpoints, starting at offset,
paddy@57	137 // exclusive.
paddy@50	138 func (c Context) ListEndpoints(client uuid.ID, num, offset int) ([]Endpoint, error) {
paddy@50	139 if c.clients == nil {
paddy@50	140 return []Endpoint{}, ErrNoClientStore
paddy@50	141 }
paddy@57	142 return c.clients.listEndpoints(client, num, offset)
paddy@50	143 }
paddy@50	144
paddy@57	145 // CountEndpoints returns the number of Endpoints the are associated with the Client specified by the
paddy@57	146 // passed ID in the clientStore associated with the Context.
paddy@55	147 func (c Context) CountEndpoints(client uuid.ID) (int64, error) {
paddy@55	148 if c.clients == nil {
paddy@55	149 return 0, ErrNoClientStore
paddy@55	150 }
paddy@57	151 return c.clients.countEndpoints(client)
paddy@55	152 }
paddy@55	153
paddy@87	154 // GetAuthorizationCode returns the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with the
paddy@57	155 // Context.
paddy@87	156 func (c Context) GetAuthorizationCode(code string) (AuthorizationCode, error) {
paddy@87	157 if c.authCodes == nil {
paddy@87	158 return AuthorizationCode{}, ErrNoAuthorizationCodeStore
paddy@50	159 }
paddy@87	160 return c.authCodes.getAuthorizationCode(code)
paddy@50	161 }
paddy@50	162
paddy@87	163 // SaveAuthorizationCode stores the passed AuthorizationCode in the authorizationCodeStore associated with the Context.
paddy@87	164 func (c Context) SaveAuthorizationCode(authCode AuthorizationCode) error {
paddy@87	165 if c.authCodes == nil {
paddy@87	166 return ErrNoAuthorizationCodeStore
paddy@50	167 }
paddy@87	168 return c.authCodes.saveAuthorizationCode(authCode)
paddy@50	169 }
paddy@50	170
paddy@87	171 // DeleteAuthorizationCode removes the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with
paddy@57	172 // the Context.
paddy@87	173 func (c Context) DeleteAuthorizationCode(code string) error {
paddy@87	174 if c.authCodes == nil {
paddy@87	175 return ErrNoAuthorizationCodeStore
paddy@50	176 }
paddy@87	177 return c.authCodes.deleteAuthorizationCode(code)
paddy@50	178 }
paddy@50	179
paddy@94	180 // UseAuthorizationCode marks the AuthorizationCode specified by the provided code as used in the authorizationCodeStore associated with
paddy@94	181 // the Context. Once an AuthorizationCode is marked as used, its Used property will be set to true when retrieved from the authorizationCodeStore.
paddy@94	182 func (c Context) UseAuthorizationCode(code string) error {
paddy@94	183 if c.authCodes == nil {
paddy@94	184 return ErrNoAuthorizationCodeStore
paddy@94	185 }
paddy@94	186 return c.authCodes.useAuthorizationCode(code)
paddy@94	187 }
paddy@94	188
paddy@57	189 // GetProfileByID returns the Profile specified by the provided ID from the profileStore associated with
paddy@57	190 // the Context.
paddy@50	191 func (c Context) GetProfileByID(id uuid.ID) (Profile, error) {
paddy@50	192 if c.profiles == nil {
paddy@50	193 return Profile{}, ErrNoProfileStore
paddy@50	194 }
paddy@57	195 return c.profiles.getProfileByID(id)
paddy@50	196 }
paddy@50	197
paddy@57	198 // GetProfileByLogin returns the Profile associated with the specified Login from the profileStore associated
paddy@57	199 // with the Context.
paddy@69	200 func (c Context) GetProfileByLogin(value string) (Profile, error) {
paddy@50	201 if c.profiles == nil {
paddy@50	202 return Profile{}, ErrNoProfileStore
paddy@50	203 }
paddy@69	204 return c.profiles.getProfileByLogin(value)
paddy@50	205 }
paddy@50	206
paddy@57	207 // SaveProfile inserts the passed Profile into the profileStore associated with the Context.
paddy@50	208 func (c Context) SaveProfile(profile Profile) error {
paddy@50	209 if c.profiles == nil {
paddy@50	210 return ErrNoProfileStore
paddy@50	211 }
paddy@57	212 return c.profiles.saveProfile(profile)
paddy@50	213 }
paddy@50	214
paddy@57	215 // UpdateProfile applies the supplied ProfileChange to the Profile that matches the specified ID
paddy@57	216 // in the profileStore associated with the Context.
paddy@50	217 func (c Context) UpdateProfile(id uuid.ID, change ProfileChange) error {
paddy@50	218 if c.profiles == nil {
paddy@50	219 return ErrNoProfileStore
paddy@50	220 }
paddy@57	221 return c.profiles.updateProfile(id, change)
paddy@50	222 }
paddy@50	223
paddy@57	224 // UpdateProfiles applies the supplied BulkProfileChange to every Profile that matches one of the
paddy@57	225 // specified IDs in the profileStore associated with the Context.
paddy@50	226 func (c Context) UpdateProfiles(ids []uuid.ID, change BulkProfileChange) error {
paddy@50	227 if c.profiles == nil {
paddy@50	228 return ErrNoProfileStore
paddy@50	229 }
paddy@57	230 return c.profiles.updateProfiles(ids, change)
paddy@50	231 }
paddy@50	232
paddy@57	233 // DeleteProfile removes the Profile specified by the passed ID from the profileStore associated
paddy@57	234 // with the Context.
paddy@50	235 func (c Context) DeleteProfile(id uuid.ID) error {
paddy@50	236 if c.profiles == nil {
paddy@50	237 return ErrNoProfileStore
paddy@50	238 }
paddy@57	239 return c.profiles.deleteProfile(id)
paddy@50	240 }
paddy@50	241
paddy@57	242 // AddLogin stores the passed Login in the profileStore associated with the Context. It also associates
paddy@57	243 // the newly-created Login with the Orofile in login.ProfileID.
paddy@50	244 func (c Context) AddLogin(login Login) error {
paddy@50	245 if c.profiles == nil {
paddy@50	246 return ErrNoProfileStore
paddy@50	247 }
paddy@57	248 return c.profiles.addLogin(login)
paddy@50	249 }
paddy@50	250
paddy@57	251 // RemoveLogin removes the specified Login from the profileStore associated with the Context, provided
paddy@57	252 // the Login has a ProfileID property that matches the profile ID passed in. It also disassociates the
paddy@57	253 // deleted Login from the Profile in login.ProfileID.
paddy@69	254 func (c Context) RemoveLogin(value string, profile uuid.ID) error {
paddy@50	255 if c.profiles == nil {
paddy@50	256 return ErrNoProfileStore
paddy@50	257 }
paddy@69	258 return c.profiles.removeLogin(value, profile)
paddy@50	259 }
paddy@50	260
paddy@57	261 // RecordLoginUse sets the LastUsed property of the Login specified in the profileStore associated with
paddy@57	262 // the Context to the value passed in as when.
paddy@69	263 func (c Context) RecordLoginUse(value string, when time.Time) error {
paddy@50	264 if c.profiles == nil {
paddy@50	265 return ErrNoProfileStore
paddy@50	266 }
paddy@69	267 return c.profiles.recordLoginUse(value, when)
paddy@50	268 }
paddy@50	269
paddy@57	270 // ListLogins returns a slice of up to num Logins associated with the specified Profile from the profileStore
paddy@57	271 // associated with the Context, skipping offset Profiles.
paddy@50	272 func (c Context) ListLogins(profile uuid.ID, num, offset int) ([]Login, error) {
paddy@50	273 if c.profiles == nil {
paddy@50	274 return []Login{}, ErrNoProfileStore
paddy@50	275 }
paddy@57	276 return c.profiles.listLogins(profile, num, offset)
paddy@50	277 }
paddy@50	278
paddy@57	279 // GetToken returns the Token specified from the tokenStore associated with the Context.
paddy@57	280 // If refresh is true, the token input should be compared against the refresh tokens, not the
paddy@57	281 // access tokens.
paddy@50	282 func (c Context) GetToken(token string, refresh bool) (Token, error) {
paddy@50	283 if c.tokens == nil {
paddy@50	284 return Token{}, ErrNoTokenStore
paddy@50	285 }
paddy@57	286 return c.tokens.getToken(token, refresh)
paddy@50	287 }
paddy@50	288
paddy@57	289 // SaveToken stores the passed Token in the tokenStore associated with the Context.
paddy@50	290 func (c Context) SaveToken(token Token) error {
paddy@50	291 if c.tokens == nil {
paddy@50	292 return ErrNoTokenStore
paddy@50	293 }
paddy@57	294 return c.tokens.saveToken(token)
paddy@50	295 }
paddy@50	296
paddy@57	297 // RemoveToken removes the Token identified by the passed token string from the tokenStore associated
paddy@57	298 // with the Context.
paddy@50	299 func (c Context) RemoveToken(token string) error {
paddy@50	300 if c.tokens == nil {
paddy@50	301 return ErrNoTokenStore
paddy@50	302 }
paddy@57	303 return c.tokens.removeToken(token)
paddy@50	304 }
paddy@50	305
paddy@93	306 // RevokeToken revokes the Token identfied by the passed token string from the tokenStore associated
paddy@93	307 // with the context. If refresh is true, the token input should be compared against the refresh tokens,
paddy@93	308 // not the access tokens.
paddy@93	309 func (c Context) RevokeToken(token string, refresh bool) error {
paddy@93	310 if c.tokens == nil {
paddy@93	311 return ErrNoTokenStore
paddy@93	312 }
paddy@93	313 return c.tokens.revokeToken(token, refresh)
paddy@93	314 }
paddy@93	315
paddy@57	316 // GetTokensByProfileID returns a slice of up to num Tokens with a ProfileID that matches the specified
paddy@57	317 // profileID from the tokenStore associated with the Context, skipping offset Tokens.
paddy@50	318 func (c Context) GetTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) {
paddy@50	319 if c.tokens == nil {
paddy@50	320 return []Token{}, ErrNoTokenStore
paddy@50	321 }
paddy@57	322 return c.tokens.getTokensByProfileID(profileID, num, offset)
paddy@50	323 }
paddy@69	324
paddy@69	325 // CreateSession stores the passed Session in the sessionStore associated with the Context.
paddy@69	326 func (c Context) CreateSession(session Session) error {
paddy@69	327 if c.sessions == nil {
paddy@69	328 return ErrNoSessionStore
paddy@69	329 }
paddy@69	330 return c.sessions.createSession(session)
paddy@69	331 }
paddy@69	332
paddy@69	333 // GetSession returns the Session specified from the sessionStore associated with the Context.
paddy@69	334 func (c Context) GetSession(id string) (Session, error) {
paddy@69	335 if c.sessions == nil {
paddy@69	336 return Session{}, ErrNoSessionStore
paddy@69	337 }
paddy@69	338 return c.sessions.getSession(id)
paddy@69	339 }
paddy@69	340
paddy@69	341 // RemoveSession removes the Session identified by the passed ID from the sessionStore associated with
paddy@69	342 // the Context.
paddy@69	343 func (c Context) RemoveSession(id string) error {
paddy@69	344 if c.sessions == nil {
paddy@69	345 return ErrNoSessionStore
paddy@69	346 }
paddy@69	347 return c.sessions.removeSession(id)
paddy@69	348 }
paddy@69	349
paddy@69	350 // ListSessions returns a slice of up to num Sessions from the sessionStore associated with the Context,
paddy@69	351 // ordered by the date they were created, descending. If before.IsZero() returns false, only Sessions
paddy@69	352 // that were created before that time will be returned. If profile is not nil, only Sessions belonging to
paddy@69	353 // that Profile will be returned.
paddy@69	354 func (c Context) ListSessions(profile uuid.ID, before time.Time, num int64) ([]Session, error) {
paddy@69	355 if c.sessions != nil {
paddy@69	356 return []Session{}, ErrNoSessionStore
paddy@69	357 }
paddy@69	358 return c.sessions.listSessions(profile, before, num)
paddy@69	359 }