auth

Paddy 2015-03-07 Parent:d103a598548c Child:de5e09680f6b

139:026adb0c7fc4 Go to Latest

auth/scope.go

Test our GetClientHandler function, add isAuthError helper. Add a helper that identifies whether the error passed to it is an authentication error or is some other type of error. This is useful fo checking whether or not an internal error occurred while authenticating users. Update all instances where we call our authentication helper to make them use the new error helper. All tests continue to pass. Add a new test case for retrieving a client as an unauthenticated user. This clears the client's secret from the response before sending it. Update the GetClientHandler function to return the secret when the owner of the client used Basic Auth in the request. Add a new test case for retrieving a client as an authenticated user, both the owner and a non-owner user. This makes sure the secret is divulged only in the appropriate cases.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "errors"
5 "fmt"
6 "sort"
7 )
8
9 var (
10 ErrNoScopeStore = errors.New("scopeStore not set in Context")
11 )
12
13 type ErrScopeNotFound struct {
14 Pos int
15 ID string
16 }
17
18 func (e ErrScopeNotFound) Error() string {
19 return fmt.Sprintf("scope %s couldn't be found", e.ID)
20 }
21
22 type ErrScopeAlreadyExists struct {
23 Pos int
24 ID string
25 }
26
27 func (e ErrScopeAlreadyExists) Error() string {
28 return fmt.Sprintf("scope %s already exists", e.ID)
29 }
30
31 // Scope represents a limit on the access that a grant provides.
32 type Scope struct {
33 ID string
34 Name string
35 Description string
36 }
37
38 func (s *Scope) ApplyChange(change ScopeChange) {
39 if change.Name != nil {
40 s.Name = *change.Name
41 }
42 if change.Description != nil {
43 s.Description = *change.Description
44 }
45 }
46
47 type sortedScopes []Scope
48
49 func (s sortedScopes) Len() int {
50 return len(s)
51 }
52
53 func (s sortedScopes) Swap(i, j int) {
54 s[i], s[j] = s[j], s[i]
55 }
56
57 func (s sortedScopes) Less(i, j int) bool {
58 return s[i].ID < s[j].ID
59 }
60
61 // ScopeChange represents a change to a Scope.
62 type ScopeChange struct {
63 ID string
64 Name *string
65 Description *string
66 }
67
68 type scopeStore interface {
69 createScopes(scopes []Scope) error
70 getScopes(ids []string) ([]Scope, error)
71 updateScopes(changes []ScopeChange) ([]Scope, error)
72 removeScopes(ids []string) error
73 listScopes() ([]Scope, error)
74 }
75
76 func (m *memstore) createScopes(scopes []Scope) error {
77 m.scopeLock.Lock()
78 defer m.scopeLock.Unlock()
79
80 for pos, scope := range scopes {
81 if _, ok := m.scopes[scope.ID]; ok {
82 return ErrScopeAlreadyExists{Pos: pos, ID: scope.ID}
83 }
84 }
85 for _, scope := range scopes {
86 m.scopes[scope.ID] = scope
87 }
88 return nil
89 }
90
91 func (m *memstore) getScopes(ids []string) ([]Scope, error) {
92 m.scopeLock.RLock()
93 defer m.scopeLock.RUnlock()
94
95 scopes := []Scope{}
96 for pos, id := range ids {
97 scope, ok := m.scopes[id]
98 if !ok {
99 return []Scope{}, ErrScopeNotFound{ID: id, Pos: pos}
100 }
101 scopes = append(scopes, scope)
102 }
103 sorted := sortedScopes(scopes)
104 sort.Sort(sorted)
105 scopes = sorted
106 return scopes, nil
107 }
108
109 func (m *memstore) updateScopes(changes []ScopeChange) ([]Scope, error) {
110 m.scopeLock.Lock()
111 defer m.scopeLock.Unlock()
112
113 scopes := []Scope{}
114
115 for pos, change := range changes {
116 if _, ok := m.scopes[change.ID]; !ok {
117 return []Scope{}, ErrScopeNotFound{Pos: pos, ID: change.ID}
118 }
119 }
120 for _, change := range changes {
121 scope := m.scopes[change.ID]
122 scope.ApplyChange(change)
123 m.scopes[change.ID] = scope
124 scopes = append(scopes, scope)
125 }
126 sorted := sortedScopes(scopes)
127 sort.Sort(sorted)
128 scopes = sorted
129 return scopes, nil
130 }
131
132 func (m *memstore) removeScopes(ids []string) error {
133 m.scopeLock.Lock()
134 defer m.scopeLock.Unlock()
135
136 for pos, id := range ids {
137 if _, ok := m.scopes[id]; !ok {
138 return ErrScopeNotFound{Pos: pos, ID: id}
139 }
140 }
141 for _, id := range ids {
142 delete(m.scopes, id)
143 }
144 return nil
145 }
146
147 func (m *memstore) listScopes() ([]Scope, error) {
148 m.scopeLock.RLock()
149 defer m.scopeLock.RUnlock()
150
151 scopes := []Scope{}
152 for _, scope := range m.scopes {
153 scopes = append(scopes, scope)
154 }
155 sorted := sortedScopes(scopes)
156 sort.Sort(sorted)
157 scopes = sorted
158 return scopes, nil
159 }