auth

Paddy 2014-12-07 Parent:7f64033806bb Child:61a802849b51

87:1fb166575e69 Go to Latest

auth/oauth2.go

Rename Grant to AuthorizationCode. God bless gofmt. Rename all our instances of Grant to AuthorizationCode (including related variables and types, like grantStore and ErrGrantNotFound, plus all our comments and error strings. Whew.) to better reflect that it is only a single type of grant that could be accepted by the server.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/oauth2.go	Sun Dec 07 02:54:42 2014 -0500
     1.2 +++ b/oauth2.go	Sun Dec 07 03:40:25 2014 -0500
     1.3 @@ -19,9 +19,9 @@
     1.4  )
     1.5  
     1.6  const (
     1.7 -	authCookieName         = "auth"
     1.8 -	defaultGrantExpiration = 600 // default to ten minute grant expirations
     1.9 -	getGrantTemplateName   = "get_grant"
    1.10 +	authCookieName                     = "auth"
    1.11 +	defaultAuthorizationCodeExpiration = 600 // default to ten minute grant expirations
    1.12 +	getAuthorizationCodeTemplateName   = "get_grant"
    1.13  )
    1.14  
    1.15  var (
    1.16 @@ -192,13 +192,13 @@
    1.17  
    1.18  // RegisterOAuth2 adds handlers to the passed router to handle the OAuth2 endpoints.
    1.19  func RegisterOAuth2(r *mux.Router, context Context) {
    1.20 -	r.Handle("/authorize", wrap(context, GetGrantHandler))
    1.21 +	r.Handle("/authorize", wrap(context, GetAuthorizationCodeHandler))
    1.22  	r.Handle("/token", wrap(context, GetTokenHandler))
    1.23  }
    1.24  
    1.25 -// GetGrantHandler presents and processes the page for asking a user to grant access
    1.26 +// GetAuthorizationCodeHandler presents and processes the page for asking a user to grant access
    1.27  // to their data. See RFC 6749, Section 4.1.
    1.28 -func GetGrantHandler(w http.ResponseWriter, r *http.Request, context Context) {
    1.29 +func GetAuthorizationCodeHandler(w http.ResponseWriter, r *http.Request, context Context) {
    1.30  	session, err := checkCookie(r, context)
    1.31  	if err != nil {
    1.32  		if err == ErrNoSession || err == ErrInvalidSession {
    1.33 @@ -206,7 +206,7 @@
    1.34  			if redir == "" {
    1.35  				log.Println("No login URL configured.")
    1.36  				w.WriteHeader(http.StatusInternalServerError)
    1.37 -				context.Render(w, getGrantTemplateName, map[string]interface{}{
    1.38 +				context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
    1.39  					"internal_error": template.HTML("Missing login URL."),
    1.40  				})
    1.41  				return
    1.42 @@ -216,14 +216,14 @@
    1.43  		}
    1.44  		log.Println(err.Error())
    1.45  		w.WriteHeader(http.StatusInternalServerError)
    1.46 -		context.Render(w, getGrantTemplateName, map[string]interface{}{
    1.47 +		context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
    1.48  			"internal_error": template.HTML(err.Error()),
    1.49  		})
    1.50  		return
    1.51  	}
    1.52  	if r.URL.Query().Get("client_id") == "" {
    1.53  		w.WriteHeader(http.StatusBadRequest)
    1.54 -		context.Render(w, getGrantTemplateName, map[string]interface{}{
    1.55 +		context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
    1.56  			"error": template.HTML("Client ID must be specified in the request."),
    1.57  		})
    1.58  		return
    1.59 @@ -231,7 +231,7 @@
    1.60  	clientID, err := uuid.Parse(r.URL.Query().Get("client_id"))
    1.61  	if err != nil {
    1.62  		w.WriteHeader(http.StatusBadRequest)
    1.63 -		context.Render(w, getGrantTemplateName, map[string]interface{}{
    1.64 +		context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
    1.65  			"error": template.HTML("client_id is not a valid Client ID."),
    1.66  		})
    1.67  		return
    1.68 @@ -240,7 +240,7 @@
    1.69  	redirectURL, err := url.Parse(redirectURI)
    1.70  	if err != nil {
    1.71  		w.WriteHeader(http.StatusBadRequest)
    1.72 -		context.Render(w, getGrantTemplateName, map[string]interface{}{
    1.73 +		context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
    1.74  			"error": template.HTML("The redirect_uri specified is not valid."),
    1.75  		})
    1.76  		return
    1.77 @@ -249,13 +249,13 @@
    1.78  	if err != nil {
    1.79  		if err == ErrClientNotFound {
    1.80  			w.WriteHeader(http.StatusBadRequest)
    1.81 -			context.Render(w, getGrantTemplateName, map[string]interface{}{
    1.82 +			context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
    1.83  				"error": template.HTML("The specified Client couldn’t be found."),
    1.84  			})
    1.85  		} else {
    1.86  			log.Println(err.Error())
    1.87  			w.WriteHeader(http.StatusInternalServerError)
    1.88 -			context.Render(w, getGrantTemplateName, map[string]interface{}{
    1.89 +			context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
    1.90  				"internal_error": template.HTML(err.Error()),
    1.91  			})
    1.92  		}
    1.93 @@ -267,7 +267,7 @@
    1.94  	if err != nil {
    1.95  		log.Println(err.Error())
    1.96  		w.WriteHeader(http.StatusInternalServerError)
    1.97 -		context.Render(w, getGrantTemplateName, map[string]interface{}{
    1.98 +		context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
    1.99  			"internal_error": template.HTML(err.Error()),
   1.100  		})
   1.101  		return
   1.102 @@ -279,7 +279,7 @@
   1.103  		if err != nil {
   1.104  			log.Println(err.Error())
   1.105  			w.WriteHeader(http.StatusInternalServerError)
   1.106 -			context.Render(w, getGrantTemplateName, map[string]interface{}{
   1.107 +			context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
   1.108  				"internal_error": template.HTML(err.Error()),
   1.109  			})
   1.110  			return
   1.111 @@ -292,7 +292,7 @@
   1.112  		if err != nil {
   1.113  			log.Println(err.Error())
   1.114  			w.WriteHeader(http.StatusInternalServerError)
   1.115 -			context.Render(w, getGrantTemplateName, map[string]interface{}{
   1.116 +			context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
   1.117  				"internal_error": template.HTML(err.Error()),
   1.118  			})
   1.119  			return
   1.120 @@ -309,7 +309,7 @@
   1.121  	}
   1.122  	if !validURI {
   1.123  		w.WriteHeader(http.StatusBadRequest)
   1.124 -		context.Render(w, getGrantTemplateName, map[string]interface{}{
   1.125 +		context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
   1.126  			"error": template.HTML("The redirect_uri specified is not valid."),
   1.127  		})
   1.128  		return
   1.129 @@ -328,17 +328,17 @@
   1.130  		// BUG(paddy): We need to implement CSRF protection when obtaining a grant code.
   1.131  		if r.PostFormValue("grant") == "approved" {
   1.132  			code := uuid.NewID().String()
   1.133 -			grant := Grant{
   1.134 +			authCode := AuthorizationCode{
   1.135  				Code:        code,
   1.136  				Created:     time.Now(),
   1.137 -				ExpiresIn:   defaultGrantExpiration,
   1.138 +				ExpiresIn:   defaultAuthorizationCodeExpiration,
   1.139  				ClientID:    clientID,
   1.140  				Scope:       scope,
   1.141  				RedirectURI: r.URL.Query().Get("redirect_uri"),
   1.142  				State:       state,
   1.143  				ProfileID:   session.ProfileID,
   1.144  			}
   1.145 -			err := context.SaveGrant(grant)
   1.146 +			err := context.SaveAuthorizationCode(authCode)
   1.147  			if err != nil {
   1.148  				q := redirectURL.Query()
   1.149  				q.Add("error", "server_error")
   1.150 @@ -371,7 +371,7 @@
   1.151  		return
   1.152  	}
   1.153  	w.WriteHeader(http.StatusOK)
   1.154 -	context.Render(w, getGrantTemplateName, map[string]interface{}{
   1.155 +	context.Render(w, getAuthorizationCodeTemplateName, map[string]interface{}{
   1.156  		"client":      client,
   1.157  		"redirectURL": redirectURL,
   1.158  		"scope":       scope,