auth

Paddy 2014-08-03 Parent:7b9e0fc20256 Child:3423c552e249

3:65c49af1ed3f Go to Latest

auth/util.go

Render JSON errors. Start rendering JSON errors when obtaining an access token doesn't succeed.

Download raw file
View source Diff to previous Annotate
History
1 package oauth2
2
3 import (
4 "encoding/base64"
5 "errors"
6 "fmt"
7 "net/http"
8 "net/url"
9 "strings"
10
11 "code.google.com/p/go-uuid/uuid"
12 )
13
14 var (
15 BasicAuthNotSetError = errors.New("Authorization header not set.")
16 InvalidBasicAuthTypeError = errors.New("Invalid basic auth type.")
17 InvalidBasicAuthMessage = errors.New("Invalid basic auth format.")
18 )
19
20 // Parse basic authentication header
21 type BasicAuth struct {
22 Username string
23 Password string
24 }
25
26 // Return authorization header data
27 func CheckBasicAuth(r *http.Request) (BasicAuth, error) {
28 if r.Header.Get("Authorization") == "" {
29 return BasicAuth{}, BasicAuthNotSetError
30 }
31
32 s := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
33 if len(s) != 2 || s[0] != "Basic" {
34 return BasicAuth{}, InvalidBasicAuthTypeError
35 }
36
37 b, err := base64.StdEncoding.DecodeString(s[1])
38 if err != nil {
39 return BasicAuth{}, err
40 }
41 pair := strings.SplitN(string(b), ":", 2)
42 if len(pair) != 2 {
43 return BasicAuth{}, InvalidBasicAuthMessage
44 }
45
46 return BasicAuth{Username: pair[0], Password: pair[1]}, nil
47 }
48
49 // getClientAuth checks client basic authentication in params if allowed,
50 // otherwise gets it from the header.
51 func getClientAuth(r *http.Request, allowQueryParams bool) (BasicAuth, error) {
52
53 if allowQueryParams {
54 // Allow for auth without password
55 if _, hasSecret := r.Form["client_secret"]; hasSecret {
56 auth := BasicAuth{
57 Username: r.Form.Get("client_id"),
58 Password: r.Form.Get("client_secret"),
59 }
60 if auth.Username != "" {
61 return auth, nil
62 }
63 }
64 }
65
66 return CheckBasicAuth(r)
67 }
68
69 func newToken() string {
70 return base64.StdEncoding.EncodeToString([]byte(uuid.New()))
71 }
72
73 // validateURI validates that redirectURI is contained in baseURI
74 func validateURI(baseURI string, redirectURI string) error {
75 if baseURI == "" || redirectURI == "" {
76 return errors.New("urls cannot be blank.")
77 }
78
79 // parse base url
80 base, err := url.Parse(baseURI)
81 if err != nil {
82 return err
83 }
84
85 // parse passed url
86 redirect, err := url.Parse(redirectURI)
87 if err != nil {
88 return err
89 }
90
91 // must not have fragment
92 if base.Fragment != "" || redirect.Fragment != "" {
93 return errors.New("url must not include fragment.")
94 }
95
96 // check if urls match
97 if base.Scheme == redirect.Scheme && base.Host == redirect.Host && len(redirect.Path) >= len(base.Path) && strings.HasPrefix(redirect.Path, base.Path) {
98 return nil
99 }
100
101 return errors.New(fmt.Sprintf("urls don't validate: %s / %s\n", baseURI, redirectURI))
102 }