auth
auth/util.go
Continue our descent to horribleness. Remove all the nonsense about "extensibility" and "clean separation of concerns", instead hardcoding connections to decisions. Remove all those "test" things that stopped passing.
1.1 --- a/util.go Fri Jul 18 07:13:22 2014 -0400 1.2 +++ b/util.go Fri Aug 01 23:08:38 2014 -0400 1.3 @@ -3,8 +3,12 @@ 1.4 import ( 1.5 "encoding/base64" 1.6 "errors" 1.7 + "fmt" 1.8 "net/http" 1.9 + "net/url" 1.10 "strings" 1.11 + 1.12 + "code.google.com/p/go-uuid/uuid" 1.13 ) 1.14 1.15 var ( 1.16 @@ -61,3 +65,38 @@ 1.17 1.18 return CheckBasicAuth(r) 1.19 } 1.20 + 1.21 +func newToken() string { 1.22 + return base64.StdEncoding.EncodeToString([]byte(uuid.New())) 1.23 +} 1.24 + 1.25 +// validateURI validates that redirectURI is contained in baseURI 1.26 +func validateURI(baseURI string, redirectURI string) error { 1.27 + if baseURI == "" || redirectURI == "" { 1.28 + return errors.New("urls cannot be blank.") 1.29 + } 1.30 + 1.31 + // parse base url 1.32 + base, err := url.Parse(baseURI) 1.33 + if err != nil { 1.34 + return err 1.35 + } 1.36 + 1.37 + // parse passed url 1.38 + redirect, err := url.Parse(redirectURI) 1.39 + if err != nil { 1.40 + return err 1.41 + } 1.42 + 1.43 + // must not have fragment 1.44 + if base.Fragment != "" || redirect.Fragment != "" { 1.45 + return errors.New("url must not include fragment.") 1.46 + } 1.47 + 1.48 + // check if urls match 1.49 + if base.Scheme == redirect.Scheme && base.Host == redirect.Host && len(redirect.Path) >= len(base.Path) && strings.HasPrefix(redirect.Path, base.Path) { 1.50 + return nil 1.51 + } 1.52 + 1.53 + return errors.New(fmt.Sprintf("urls don't validate: %s / %s\n", baseURI, redirectURI)) 1.54 +}