auth
auth/oauth2.go
Update TODOs with error messages and test obtaining a token. Update the TODOs about returning errors when obtaining a token with the actual error code that should be returned. Write a unit test that covers obtaining a token from a grant code, but doesn't cover any of the error conditions or states.
1.1 --- a/oauth2.go Thu Nov 20 01:32:15 2014 -0500 1.2 +++ b/oauth2.go Sat Dec 06 00:35:03 2014 -0500 1.3 @@ -319,7 +319,7 @@ 1.4 redirectURI := r.PostFormValue("redirect_uri") 1.5 clientIDStr, clientSecret, err := getBasicAuth(r) 1.6 if err != nil { 1.7 - // TODO(paddy): render access denied 1.8 + // TODO(paddy): render invalid client JSON 1.9 return 1.10 } 1.11 if clientIDStr == "" && err == nil { 1.12 @@ -327,48 +327,52 @@ 1.13 } 1.14 clientID, err := uuid.Parse(clientIDStr) 1.15 if err != nil { 1.16 - // TODO(paddy): render invalid request JSON 1.17 + // TODO(paddy): render invalid client JSONN 1.18 return 1.19 } 1.20 client, err := context.GetClient(clientID) 1.21 if err != nil { 1.22 if err == ErrClientNotFound { 1.23 - // TODO(paddy): render invalid request JSON 1.24 + // TODO(paddy): render invalid client JSON 1.25 } else { 1.26 // TODO(paddy): render internal server error JSON 1.27 } 1.28 return 1.29 } 1.30 if client.Secret != clientSecret { 1.31 - // TODO(paddy): render invalid request JSON 1.32 + // TODO(paddy): render invalid client JSON 1.33 return 1.34 } 1.35 grant, err := context.GetGrant(code) 1.36 if err != nil { 1.37 if err == ErrGrantNotFound { 1.38 - // TODO(paddy): return error 1.39 + // TODO(paddy): return invalid grant JSON 1.40 return 1.41 } 1.42 - // TODO(paddy): return error 1.43 + // TODO(paddy): return internal server error JSON 1.44 + return 1.45 } 1.46 if grant.RedirectURI != redirectURI { 1.47 - // TODO(paddy): return error 1.48 + // TODO(paddy): return invalid grant JSON 1.49 + return 1.50 } 1.51 if !grant.ClientID.Equal(clientID) { 1.52 - // TODO(paddy): return error 1.53 + // TODO(paddy): return invalid grant JSON 1.54 + return 1.55 } 1.56 token := Token{ 1.57 AccessToken: uuid.NewID().String(), 1.58 RefreshToken: uuid.NewID().String(), 1.59 Created: time.Now(), 1.60 ExpiresIn: defaultTokenExpiration, 1.61 - TokenType: "", // TODO(paddy): fill in token type 1.62 + TokenType: "bearer", 1.63 Scope: grant.Scope, 1.64 ProfileID: grant.ProfileID, 1.65 } 1.66 err = context.SaveToken(token) 1.67 if err != nil { 1.68 - // TODO(paddy): return error 1.69 + // TODO(paddy): return internal server error JSON 1.70 + return 1.71 } 1.72 resp := tokenResponse{ 1.73 AccessToken: token.AccessToken, 1.74 @@ -381,6 +385,7 @@ 1.75 // TODO(paddy): log this or something 1.76 return 1.77 } 1.78 + // BUG(paddy): we need to invalidate the grant for future requests 1.79 } 1.80 1.81 // TODO(paddy): exchange user credentials for access token