auth

Paddy 2014-12-13 Parent:d5561856f45e Child:c03b5eb3179e

94:9c50b2e2e03b Go to Latest

auth/authcode.go

Implement invalidating AuthorizationCodes once used. Add a Used property to AuthorizationCodes, which is set to true in the Invalidate function of the AuthorizationCode GrantType. Implement a useAuthorizationCode function for the memstore. Add useAuthorizzationCode to the authorizationCodeStore interface.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/authcode.go	Sat Dec 13 19:24:31 2014 -0500
     1.2 +++ b/authcode.go	Sat Dec 13 19:38:56 2014 -0500
     1.3 @@ -12,6 +12,7 @@
     1.4  func init() {
     1.5  	RegisterGrantType("authorization_code", GrantType{
     1.6  		Validate:      authCodeGrantValidate,
     1.7 +		Invalidate:    authCodeGrantInvalidate,
     1.8  		IssuesRefresh: true,
     1.9  		ReturnToken:   RenderJSONToken,
    1.10  	})
    1.11 @@ -38,12 +39,14 @@
    1.12  	RedirectURI string
    1.13  	State       string
    1.14  	ProfileID   uuid.ID
    1.15 +	Used        bool
    1.16  }
    1.17  
    1.18  type authorizationCodeStore interface {
    1.19  	getAuthorizationCode(code string) (AuthorizationCode, error)
    1.20  	saveAuthorizationCode(authCode AuthorizationCode) error
    1.21  	deleteAuthorizationCode(code string) error
    1.22 +	useAuthorizationCode(code string) error
    1.23  }
    1.24  
    1.25  func (m *memstore) getAuthorizationCode(code string) (AuthorizationCode, error) {
    1.26 @@ -78,6 +81,18 @@
    1.27  	return nil
    1.28  }
    1.29  
    1.30 +func (m *memstore) useAuthorizationCode(code string) error {
    1.31 +	m.authCodeLock.Lock()
    1.32 +	defer m.authCodeLock.Unlock()
    1.33 +	a, ok := m.authCodes[code]
    1.34 +	if !ok {
    1.35 +		return ErrAuthorizationCodeNotFound
    1.36 +	}
    1.37 +	a.Used = true
    1.38 +	m.authCodes[code] = a
    1.39 +	return nil
    1.40 +}
    1.41 +
    1.42  func authCodeGrantValidate(w http.ResponseWriter, r *http.Request, context Context) (scope string, profileID uuid.ID, valid bool) {
    1.43  	enc := json.NewEncoder(w)
    1.44  	code := r.PostFormValue("code")
    1.45 @@ -116,6 +131,9 @@
    1.46  }
    1.47  
    1.48  func authCodeGrantInvalidate(r *http.Request, context Context) error {
    1.49 -	// TODO(paddy): implement marking the authcode as used.
    1.50 -	return nil
    1.51 +	code := r.PostFormValue("code")
    1.52 +	if code == "" {
    1.53 +		return ErrAuthorizationCodeNotFound
    1.54 +	}
    1.55 +	return context.UseAuthorizationCode(code)
    1.56  }