auth
auth/config.go
Validate client when doing credential grants. When granting a token based on user credentials, I forgot to validate the client credentials that were sent. So implement that.
1 package auth
3 import (
4 "errors"
5 "html/template"
6 "log"
7 )
9 var (
10 // ErrInvalidLoginURI is returned when a Context is instantiated with a Config object that specifies a LoginURI that can't be parsed as a URL.
11 ErrInvalidLoginURI = errors.New("invalid login URI")
12 // ErrConfigNotInitialized is returned when a Context is instantiated with a Config object that hasn't had its Init function called.
13 ErrConfigNotInitialized = errors.New("config not initialized")
14 )
16 // Config holds the configuration values necessary to run a server. A Config
17 // instance is the only way to instantiate a Context variable.
18 type Config struct {
19 ClientStore clientStore
20 AuthCodeStore authorizationCodeStore
21 ProfileStore profileStore
22 TokenStore tokenStore
23 SessionStore sessionStore
24 Template *template.Template
25 LoginURI string
26 iterations int
27 }
29 // Init is a function that preps the Config object to be used for Context creation, setting variables
30 // that are determined at the beginning of program execution.
31 func (c *Config) Init() error {
32 scheme, ok := passphraseSchemes[CurPassphraseScheme]
33 if !ok {
34 return ErrInvalidPassphraseScheme
35 }
36 var err error
37 c.iterations, err = scheme.calculateIterations()
38 if err != nil {
39 return err
40 }
41 log.Printf("Generating passphrases with %d iterations...\n", c.iterations)
42 return nil
43 }