Update to use a generic event emitter.
Rather can creating a purpose-built event emitter for each and every event we
need to emit (I'm looking at you, login verification event) which is _downright
silly_, we're now using a generic event publisher that's based on saying "HEY A
MODEL UPDATED".
This means we need to change all our setup code in authd to use
events.NewNSQPublisher or events.NewStdoutPublisher instead of our homegrown
solutions. Which also means updating our config to take an events.Publisher
instead of our LoginVerificationNotifier (blergh).
Our Context also now uses an events.Publisher instead of a
LoginVerificationNotifier. Party all around! We also replaced our
SendLoginVerification helper method on Context with a SendModelEvent helper
method on Context, which is just a light wrapper around
events.PublishModelEvent.
Of course, all this means we need to update our email_verification listener to
listen to the correct channel (based on the model we want updates about) and
filter down to a Created action or our new custom action for "the customer wants
their verification resent", which I'm OK making a special case and not generic,
because c'mon. But we had a subtle change to all our constants, some of which
are unofficial constants now. I'm unsure how I feel about this.
We also updated our email_verification listener so that we're unmarshalling to a
custom loginEvent, which is just an events.Event that overwrites the Data
property to be an auth.Login instance. This is to make sure we don't need to
wrangle a map[string]interface{}, which is no fun. I'm also OK with
special-casing like this, because it's 1) a tiny amount of code, 2) properly
utilising composition, and 3) the only way I can think of to cleanly accomplish
what I want.
I also added a note about GetLogin's deficient handling of logins, namely that
it doesn't recognise admins and return Verification codes to them, which would
be a useful property for internal tools to take advantage of. Ah well.
I updated the Profile and Login implementations so they're now event.Model
instances, mainly by just exporting some strings from them through getters that
will let us automatically build an Event from them. This lets us use the
PublishModelEvent helper.
I updated our CreateProfileHandler to properly mangle the login Verification
property, and to fire off the ActionCreated events for the new Login and the new
Profile.
I updated our GetLoginHandler and UpdateLoginHandler to properly mangle the
loginVerification property. God that's annoying. :-/
You'll note I didn't start publishing the events.ActionUpdated or
events.ActionDeleted events for Profiles or Logins yet, and didn't bother
publishing any events for literally any other type. That's because I'm a lazy
piece of crap and will end up publishing them when I absolutely have to. Part of
that is because if a channel isn't created/being read for a topic, the messages
will just stack up in NSQ, and I don't want that. But mostly I'm lazy.
Finally, I got to delete the entire profile_verification.go file, because we're
no longer special-casing that. Hooray!
9 "code.secondbit.org/uuid.hg"
13 RegisterGrantType("authorization_code", GrantType{
14 Validate: authCodeGrantValidate,
15 Invalidate: authCodeGrantInvalidate,
17 ReturnToken: RenderJSONToken,
19 AuditString: authCodeGrantAuditString,
24 // ErrNoAuthorizationCodeStore is returned when a Context tries to act on a authorizationCodeStore without setting one first.
25 ErrNoAuthorizationCodeStore = errors.New("no authorizationCodeStore was specified for the Context")
26 // ErrAuthorizationCodeNotFound is returned when an AuthorizationCode is requested but not found in the authorizationCodeStore.
27 ErrAuthorizationCodeNotFound = errors.New("authorization code not found in authorizationCodeStore")
28 // ErrAuthorizationCodeAlreadyExists is returned when an AuthorizationCode is added to a authorizationCodeStore, but another AuthorizationCode with the
29 // same Code already exists in the authorizationCodeStore.
30 ErrAuthorizationCodeAlreadyExists = errors.New("authorization code already exists in authorizationCodeStore")
33 // AuthorizationCode represents an authorization grant made by a user to a Client, to
34 // access user data within a defined Scope for a limited amount of time.
35 type AuthorizationCode struct {
47 type authorizationCodeStore interface {
48 getAuthorizationCode(code string) (AuthorizationCode, error)
49 saveAuthorizationCode(authCode AuthorizationCode) error
50 deleteAuthorizationCode(code string) error
51 deleteAuthorizationCodesByProfileID(profileID uuid.ID) error
52 deleteAuthorizationCodesByClientID(clientID uuid.ID) error
53 useAuthorizationCode(code string) error
56 func (m *memstore) getAuthorizationCode(code string) (AuthorizationCode, error) {
57 m.authCodeLock.RLock()
58 defer m.authCodeLock.RUnlock()
59 authCode, ok := m.authCodes[code]
61 return AuthorizationCode{}, ErrAuthorizationCodeNotFound
66 func (m *memstore) saveAuthorizationCode(authCode AuthorizationCode) error {
68 defer m.authCodeLock.Unlock()
69 _, ok := m.authCodes[authCode.Code]
71 return ErrAuthorizationCodeAlreadyExists
73 m.authCodes[authCode.Code] = authCode
77 func (m *memstore) deleteAuthorizationCode(code string) error {
79 defer m.authCodeLock.Unlock()
80 _, ok := m.authCodes[code]
82 return ErrAuthorizationCodeNotFound
84 delete(m.authCodes, code)
88 func (m *memstore) deleteAuthorizationCodesByProfileID(profileID uuid.ID) error {
90 defer m.authCodeLock.Unlock()
92 for _, code := range m.authCodes {
93 if code.ProfileID.Equal(profileID) {
94 codes = append(codes, code.Code)
98 return ErrProfileNotFound
100 for _, code := range codes {
101 delete(m.authCodes, code)
106 func (m *memstore) deleteAuthorizationCodesByClientID(clientID uuid.ID) error {
107 m.authCodeLock.Lock()
108 defer m.authCodeLock.Unlock()
110 for _, code := range m.authCodes {
111 if code.ClientID.Equal(clientID) {
112 codes = append(codes, code.Code)
116 return ErrClientNotFound
118 for _, code := range codes {
119 delete(m.authCodes, code)
124 func (m *memstore) useAuthorizationCode(code string) error {
125 m.authCodeLock.Lock()
126 defer m.authCodeLock.Unlock()
127 a, ok := m.authCodes[code]
129 return ErrAuthorizationCodeNotFound
132 m.authCodes[code] = a
136 func authCodeGrantValidate(w http.ResponseWriter, r *http.Request, context Context) (scopes Scopes, profileID uuid.ID, valid bool) {
137 enc := json.NewEncoder(w)
138 code := r.PostFormValue("code")
140 w.WriteHeader(http.StatusBadRequest)
141 renderJSONError(enc, "invalid_request")
144 clientID, _, ok := getClientAuth(w, r, true)
148 authCode, err := context.GetAuthorizationCode(code)
150 if err == ErrAuthorizationCodeNotFound {
151 w.WriteHeader(http.StatusBadRequest)
152 renderJSONError(enc, "invalid_grant")
155 w.WriteHeader(http.StatusInternalServerError)
156 renderJSONError(enc, "server_error")
159 redirectURI := r.PostFormValue("redirect_uri")
160 if authCode.RedirectURI != redirectURI {
161 w.WriteHeader(http.StatusBadRequest)
162 renderJSONError(enc, "invalid_grant")
165 if !authCode.ClientID.Equal(clientID) {
166 w.WriteHeader(http.StatusBadRequest)
167 renderJSONError(enc, "invalid_grant")
170 return authCode.Scopes, authCode.ProfileID, true
173 func authCodeGrantInvalidate(r *http.Request, context Context) error {
174 code := r.PostFormValue("code")
176 return ErrAuthorizationCodeNotFound
178 return context.UseAuthorizationCode(code)
181 func authCodeGrantAuditString(r *http.Request) string {
182 return "authcode:" + r.PostFormValue("code")