auth

Paddy 2014-12-07 Parent:4cb65cf90217

85:1dc4e152e3b0 Go to Latest

auth/grant.go

Break client verification out, break token returns out. Break client verification out into a helper function to avoid rewriting it for pretty much every grant. Break token returns out into a new function as part of the GrantType, so that implicit grants can redirect with the token value. Split returning the token as JSON into its own exported function, which can be used in multiple grants. Return more relevant information to the template when a user is deciding whether or not to authorize a grant.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/grant.go	Sat Dec 06 03:33:11 2014 -0500
     1.2 +++ b/grant.go	Sun Dec 07 02:52:39 2014 -0500
     1.3 @@ -13,6 +13,7 @@
     1.4  	RegisterGrantType("authorization_code", GrantType{
     1.5  		Validate:      authCodeGrantValidate,
     1.6  		IssuesRefresh: true,
     1.7 +		ReturnToken:   RenderJSONToken,
     1.8  	})
     1.9  }
    1.10  
    1.11 @@ -85,38 +86,8 @@
    1.12  		renderJSONError(enc, "invalid_request")
    1.13  		return
    1.14  	}
    1.15 -	// BUG(paddy): We really ought to break client verification out into its own helper functions, but I think it may depend on which grant_type is used...
    1.16 -	redirectURI := r.PostFormValue("redirect_uri")
    1.17 -	clientIDStr, clientSecret, fromAuthHeader := r.BasicAuth()
    1.18 -	if !fromAuthHeader {
    1.19 -		clientIDStr = r.PostFormValue("client_id")
    1.20 -	}
    1.21 -	clientID, err := uuid.Parse(clientIDStr)
    1.22 -	if err != nil {
    1.23 -		w.WriteHeader(http.StatusUnauthorized)
    1.24 -		if fromAuthHeader {
    1.25 -			w.Header().Set("WWW-Authenticate", "Basic")
    1.26 -		}
    1.27 -		renderJSONError(enc, "invalid_client")
    1.28 -		return
    1.29 -	}
    1.30 -	client, err := context.GetClient(clientID)
    1.31 -	if err != nil {
    1.32 -		if err == ErrClientNotFound {
    1.33 -			w.WriteHeader(http.StatusUnauthorized)
    1.34 -			renderJSONError(enc, "invalid_client")
    1.35 -		} else {
    1.36 -			w.WriteHeader(http.StatusInternalServerError)
    1.37 -			renderJSONError(enc, "server_error")
    1.38 -		}
    1.39 -		return
    1.40 -	}
    1.41 -	if client.Secret != clientSecret {
    1.42 -		w.WriteHeader(http.StatusUnauthorized)
    1.43 -		if fromAuthHeader {
    1.44 -			w.Header().Set("WWW-Authenticate", "Basic")
    1.45 -		}
    1.46 -		renderJSONError(enc, "invalid_client")
    1.47 +	clientID, success := verifyClient(w, r, true, context)
    1.48 +	if !success {
    1.49  		return
    1.50  	}
    1.51  	grant, err := context.GetGrant(code)
    1.52 @@ -130,6 +101,7 @@
    1.53  		renderJSONError(enc, "server_error")
    1.54  		return
    1.55  	}
    1.56 +	redirectURI := r.PostFormValue("redirect_uri")
    1.57  	if grant.RedirectURI != redirectURI {
    1.58  		w.WriteHeader(http.StatusBadRequest)
    1.59  		renderJSONError(enc, "invalid_grant")