auth

Paddy 2015-03-18 Parent:d30a3a12d387 Child:2809016184f6

auth/authcode.go

Implement UpdateProfileHandler. Implement a handler that will allow users to update their Profiles through the API.

paddy@26	1 package auth
paddy@26	2
paddy@26	3 import (
paddy@84	4 "encoding/json"
paddy@29	5 "errors"
paddy@84	6 "net/http"
paddy@26	7 "time"
paddy@26	8
paddy@107	9 "code.secondbit.org/uuid.hg"
paddy@26	10 )
paddy@26	11
paddy@84	12 func init() {
paddy@84	13 RegisterGrantType("authorization_code", GrantType{
paddy@84	14 Validate: authCodeGrantValidate,
paddy@94	15 Invalidate: authCodeGrantInvalidate,
paddy@84	16 IssuesRefresh: true,
paddy@85	17 ReturnToken: RenderJSONToken,
paddy@123	18 AllowsPublic: true,
paddy@124	19 AuditString: authCodeGrantAuditString,
paddy@84	20 })
paddy@84	21 }
paddy@84	22
paddy@29	23 var (
paddy@87	24 // ErrNoAuthorizationCodeStore is returned when a Context tries to act on a authorizationCodeStore without setting one first.
paddy@87	25 ErrNoAuthorizationCodeStore = errors.New("no authorizationCodeStore was specified for the Context")
paddy@87	26 // ErrAuthorizationCodeNotFound is returned when an AuthorizationCode is requested but not found in the authorizationCodeStore.
paddy@87	27 ErrAuthorizationCodeNotFound = errors.New("authorization code not found in authorizationCodeStore")
paddy@87	28 // ErrAuthorizationCodeAlreadyExists is returned when an AuthorizationCode is added to a authorizationCodeStore, but another AuthorizationCode with the
paddy@87	29 // same Code already exists in the authorizationCodeStore.
paddy@87	30 ErrAuthorizationCodeAlreadyExists = errors.New("authorization code already exists in authorizationCodeStore")
paddy@29	31 )
paddy@29	32
paddy@87	33 // AuthorizationCode represents an authorization grant made by a user to a Client, to
paddy@57	34 // access user data within a defined Scope for a limited amount of time.
paddy@87	35 type AuthorizationCode struct {
paddy@26	36 Code string
paddy@26	37 Created time.Time
paddy@26	38 ExpiresIn int32
paddy@26	39 ClientID uuid.ID
paddy@135	40 Scopes []string
paddy@26	41 RedirectURI string
paddy@26	42 State string
paddy@69	43 ProfileID uuid.ID
paddy@94	44 Used bool
paddy@26	45 }
paddy@26	46
paddy@87	47 type authorizationCodeStore interface {
paddy@87	48 getAuthorizationCode(code string) (AuthorizationCode, error)
paddy@87	49 saveAuthorizationCode(authCode AuthorizationCode) error
paddy@87	50 deleteAuthorizationCode(code string) error
paddy@94	51 useAuthorizationCode(code string) error
paddy@26	52 }
paddy@29	53
paddy@87	54 func (m *memstore) getAuthorizationCode(code string) (AuthorizationCode, error) {
paddy@87	55 m.authCodeLock.RLock()
paddy@87	56 defer m.authCodeLock.RUnlock()
paddy@87	57 authCode, ok := m.authCodes[code]
paddy@29	58 if !ok {
paddy@87	59 return AuthorizationCode{}, ErrAuthorizationCodeNotFound
paddy@29	60 }
paddy@87	61 return authCode, nil
paddy@29	62 }
paddy@29	63
paddy@87	64 func (m *memstore) saveAuthorizationCode(authCode AuthorizationCode) error {
paddy@87	65 m.authCodeLock.Lock()
paddy@87	66 defer m.authCodeLock.Unlock()
paddy@87	67 _, ok := m.authCodes[authCode.Code]
paddy@29	68 if ok {
paddy@87	69 return ErrAuthorizationCodeAlreadyExists
paddy@29	70 }
paddy@87	71 m.authCodes[authCode.Code] = authCode
paddy@29	72 return nil
paddy@29	73 }
paddy@29	74
paddy@87	75 func (m *memstore) deleteAuthorizationCode(code string) error {
paddy@87	76 m.authCodeLock.Lock()
paddy@87	77 defer m.authCodeLock.Unlock()
paddy@87	78 _, ok := m.authCodes[code]
paddy@29	79 if !ok {
paddy@87	80 return ErrAuthorizationCodeNotFound
paddy@29	81 }
paddy@87	82 delete(m.authCodes, code)
paddy@29	83 return nil
paddy@29	84 }
paddy@84	85
paddy@94	86 func (m *memstore) useAuthorizationCode(code string) error {
paddy@94	87 m.authCodeLock.Lock()
paddy@94	88 defer m.authCodeLock.Unlock()
paddy@94	89 a, ok := m.authCodes[code]
paddy@94	90 if !ok {
paddy@94	91 return ErrAuthorizationCodeNotFound
paddy@94	92 }
paddy@94	93 a.Used = true
paddy@94	94 m.authCodes[code] = a
paddy@94	95 return nil
paddy@94	96 }
paddy@94	97
paddy@135	98 func authCodeGrantValidate(w http.ResponseWriter, r *http.Request, context Context) (scopes []string, profileID uuid.ID, valid bool) {
paddy@84	99 enc := json.NewEncoder(w)
paddy@84	100 code := r.PostFormValue("code")
paddy@84	101 if code == "" {
paddy@84	102 w.WriteHeader(http.StatusBadRequest)
paddy@84	103 renderJSONError(enc, "invalid_request")
paddy@84	104 return
paddy@84	105 }
paddy@123	106 clientID, _, ok := getClientAuth(w, r, true)
paddy@123	107 if !ok {
paddy@84	108 return
paddy@84	109 }
paddy@87	110 authCode, err := context.GetAuthorizationCode(code)
paddy@84	111 if err != nil {
paddy@87	112 if err == ErrAuthorizationCodeNotFound {
paddy@84	113 w.WriteHeader(http.StatusBadRequest)
paddy@84	114 renderJSONError(enc, "invalid_grant")
paddy@84	115 return
paddy@84	116 }
paddy@84	117 w.WriteHeader(http.StatusInternalServerError)
paddy@84	118 renderJSONError(enc, "server_error")
paddy@84	119 return
paddy@84	120 }
paddy@85	121 redirectURI := r.PostFormValue("redirect_uri")
paddy@87	122 if authCode.RedirectURI != redirectURI {
paddy@84	123 w.WriteHeader(http.StatusBadRequest)
paddy@84	124 renderJSONError(enc, "invalid_grant")
paddy@84	125 return
paddy@84	126 }
paddy@87	127 if !authCode.ClientID.Equal(clientID) {
paddy@84	128 w.WriteHeader(http.StatusBadRequest)
paddy@84	129 renderJSONError(enc, "invalid_grant")
paddy@84	130 return
paddy@84	131 }
paddy@135	132 return authCode.Scopes, authCode.ProfileID, true
paddy@84	133 }
paddy@90	134
paddy@90	135 func authCodeGrantInvalidate(r *http.Request, context Context) error {
paddy@94	136 code := r.PostFormValue("code")
paddy@94	137 if code == "" {
paddy@94	138 return ErrAuthorizationCodeNotFound
paddy@94	139 }
paddy@94	140 return context.UseAuthorizationCode(code)
paddy@90	141 }
paddy@124	142
paddy@124	143 func authCodeGrantAuditString(r *http.Request) string {
paddy@124	144 return "authcode:" + r.PostFormValue("code")
paddy@124	145 }