auth

Paddy 2015-04-25 Parent:73e12d5a1124 Child:581c60f8dd23

164:cf1aef6eb81f Go to Latest

auth/context.go

Clean up after Client deletion, finish cleaning up after Profile deletion. 6f473576c6ae started cleaning up after Profiles when they're deleted, but didn't clean up the Clients created by that Profile. This fixes that, and also fixes a BUG note about cleaning up after a Client when it's deleted. Extend the authorizationCodeStore to have a deleteAuthorizationCodesByClientID method that will delete the AuthorizationCodes that have been granted by the Client specified by the passed ID. We also implemented this in memstore and postgres, so tests continue to pass. Extend the clientStore to have a deleteClientsByOwner method that will delete the Clients that were created by the Profile specified by the passed ID. We also implemented this in memstore and postgres, so tests continue to pass. Extend the clientStore to have a removeEndpointsByClientID method that will delete the Endpoints that belong(ed) to a the Client specified by the passed ID. We also implemented this in memstore and postgres, so tests continue to pass. Extend the tokenStore to have a revokeTokensByClientID method that will revoke all the Tokens that were granted to the Client specified by the passed ID. We also implemented this in memstore and postgres, so tests continue to pass. When listing Clients by their owner, allow setting the num argument (which controls how many to return) to 0 or lower, and using that to signal "return all Clients belonging to this owner", instead of paging. This is useful when deleting the Clients belonging to a Profile as part of the cleanup after deleting the Profile. Create a cleanUpAfterClientDeletion helper function that will delete the Endpoints and AuthorizationCodes belonging to a Client, and revoke the Tokens belonging to a Client, as part of cleaning up after a Client has been deleted. Add a check in the handler for listing Clients owned by a Profile to disallow the num argument to be lower than 1, because the API should be forced to page. Call our cleanUpAfterClientDeletion once the Client has been deleted in the appropriate handler. Fill out our Context with new methods to wrap all the new methods we're adding to our *Stores. In cleanUpAfterProfileDeletion, obtain a list of clients belonging to the owner, use our new DeleteClientsByOwner method to remove all of them, and then use the list to run our new cleanUpAfterClientDeletion function to clear away the final remnants of a Profile when it's deleted.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "html/template"
5 "io"
6 "log"
7 "net/url"
8 "time"
9
10 "code.secondbit.org/uuid.hg"
11 )
12
13 // Context wraps the different storage interfaces and should
14 // be used as the main point of interaction for the data storage
15 // layer.
16 type Context struct {
17 template *template.Template
18 loginURI *url.URL
19 clients clientStore
20 authCodes authorizationCodeStore
21 profiles profileStore
22 tokens tokenStore
23 sessions sessionStore
24 scopes scopeStore
25 config Config
26 }
27
28 // NewContext takes a Config instance and uses it to bootstrap a Context
29 // using the information provided in the Config variable.
30 func NewContext(config Config) (Context, error) {
31 if config.iterations == 0 {
32 return Context{}, ErrConfigNotInitialized
33 }
34 context := Context{
35 clients: config.ClientStore,
36 authCodes: config.AuthCodeStore,
37 profiles: config.ProfileStore,
38 tokens: config.TokenStore,
39 sessions: config.SessionStore,
40 scopes: config.ScopeStore,
41 template: config.Template,
42 config: config,
43 }
44 var err error
45 context.loginURI, err = url.Parse(config.LoginURI)
46 if err != nil {
47 log.Println(err)
48 return Context{}, ErrInvalidLoginURI
49 }
50 return context, nil
51 }
52
53 // Render uses the HTML templates associated with the Context to render the
54 // template specified by name to out using data to fill any template variables.
55 func (c Context) Render(out io.Writer, name string, data interface{}) {
56 if c.template == nil {
57 log.Println("No template set on Context, can't render anything!")
58 return
59 }
60 err := c.template.ExecuteTemplate(out, name, data)
61 if err != nil {
62 log.Println("Error executing template", name, ":", err)
63 }
64 }
65
66 // GetClient returns a single Client by its ID from the
67 // clientStore associated with the Context.
68 func (c Context) GetClient(id uuid.ID) (Client, error) {
69 if c.clients == nil {
70 return Client{}, ErrNoClientStore
71 }
72 return c.clients.getClient(id)
73 }
74
75 // SaveClient stores the passed Client in the clientStore
76 // associated with the Context.
77 func (c Context) SaveClient(client Client) error {
78 if c.clients == nil {
79 return ErrNoClientStore
80 }
81 return c.clients.saveClient(client)
82 }
83
84 // UpdateClient applies the specified ClientChange to the Client
85 // with the specified ID in the clientStore associated with the
86 // Context.
87 func (c Context) UpdateClient(id uuid.ID, change ClientChange) error {
88 if c.clients == nil {
89 return ErrNoClientStore
90 }
91 return c.clients.updateClient(id, change)
92 }
93
94 // ListClientsByOwner returns a slice of up to num Clients, starting at offset (inclusive)
95 // that have the specified OwnerID in the clientStore associated with the Context.
96 func (c Context) ListClientsByOwner(ownerID uuid.ID, num, offset int) ([]Client, error) {
97 if c.clients == nil {
98 return []Client{}, ErrNoClientStore
99 }
100 return c.clients.listClientsByOwner(ownerID, num, offset)
101 }
102
103 func (c Context) DeleteClientsByOwner(ownerID uuid.ID) error {
104 if c.clients == nil {
105 return ErrNoClientStore
106 }
107 return c.clients.deleteClientsByOwner(ownerID)
108 }
109
110 // AddEndpoints stores the specified Endpoints in the clientStore associated with the Context.
111 func (c Context) AddEndpoints(endpoints []Endpoint) error {
112 if c.clients == nil {
113 return ErrNoClientStore
114 }
115 for pos, endpoint := range endpoints {
116 u, err := normalizeURIString(endpoint.URI)
117 if err != nil {
118 return err
119 }
120 endpoint.NormalizedURI = u
121 endpoints[pos] = endpoint
122 }
123 return c.clients.addEndpoints(endpoints)
124 }
125
126 // GetEndpoint retrieves the Endpoint with the specified ID from the clientStore associated
127 // with the Context, if and only if it belongs to the Client with the specified ID.
128 func (c Context) GetEndpoint(client, endpoint uuid.ID) (Endpoint, error) {
129 if c.clients == nil {
130 return Endpoint{}, ErrNoClientStore
131 }
132 return c.clients.getEndpoint(client, endpoint)
133 }
134
135 // RemoveEndpoint deletes the Endpoint with the specified ID from the clientStore associated
136 // with the Context, and disassociates the Endpoint from the specified Client.
137 func (c Context) RemoveEndpoint(client, endpoint uuid.ID) error {
138 if c.clients == nil {
139 return ErrNoClientStore
140 }
141 return c.clients.removeEndpoint(client, endpoint)
142 }
143
144 // CheckEndpoint finds Endpoints in the clientStore associated with the Context that belong
145 // to the Client specified by the passed ID and match the URI passed. URI matches must be
146 // performed according to RFC 3986 Section 6.
147 func (c Context) CheckEndpoint(client uuid.ID, URI string) (bool, error) {
148 if c.clients == nil {
149 return false, ErrNoClientStore
150 }
151 u, err := normalizeURIString(URI)
152 if err != nil {
153 return false, err
154 }
155 return c.clients.checkEndpoint(client, u)
156 }
157
158 // ListEndpoints finds Endpoints in the clientStore associated with the Context that belong
159 // to the Client specified by the passed ID. It returns up to num endpoints, starting at offset,
160 // exclusive.
161 func (c Context) ListEndpoints(client uuid.ID, num, offset int) ([]Endpoint, error) {
162 if c.clients == nil {
163 return []Endpoint{}, ErrNoClientStore
164 }
165 return c.clients.listEndpoints(client, num, offset)
166 }
167
168 func (c Context) RemoveEndpointsByClientID(client uuid.ID) error {
169 if c.clients == nil {
170 return ErrNoClientStore
171 }
172 return c.clients.removeEndpointsByClientID(client)
173 }
174
175 // CountEndpoints returns the number of Endpoints the are associated with the Client specified by the
176 // passed ID in the clientStore associated with the Context.
177 func (c Context) CountEndpoints(client uuid.ID) (int64, error) {
178 if c.clients == nil {
179 return 0, ErrNoClientStore
180 }
181 return c.clients.countEndpoints(client)
182 }
183
184 // GetAuthorizationCode returns the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with the
185 // Context.
186 func (c Context) GetAuthorizationCode(code string) (AuthorizationCode, error) {
187 if c.authCodes == nil {
188 return AuthorizationCode{}, ErrNoAuthorizationCodeStore
189 }
190 return c.authCodes.getAuthorizationCode(code)
191 }
192
193 // SaveAuthorizationCode stores the passed AuthorizationCode in the authorizationCodeStore associated with the Context.
194 func (c Context) SaveAuthorizationCode(authCode AuthorizationCode) error {
195 if c.authCodes == nil {
196 return ErrNoAuthorizationCodeStore
197 }
198 return c.authCodes.saveAuthorizationCode(authCode)
199 }
200
201 // DeleteAuthorizationCode removes the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with
202 // the Context.
203 func (c Context) DeleteAuthorizationCode(code string) error {
204 if c.authCodes == nil {
205 return ErrNoAuthorizationCodeStore
206 }
207 return c.authCodes.deleteAuthorizationCode(code)
208 }
209
210 // DeleteAuthorizationCodesByProfileID removes the AuthorizationCodes associated with the Profile specified by the provided ID from the
211 // authorizationCodeStore associated with the Context.
212 func (c Context) DeleteAuthorizationCodesByProfileID(profileID uuid.ID) error {
213 if c.authCodes == nil {
214 return ErrNoAuthorizationCodeStore
215 }
216 return c.authCodes.deleteAuthorizationCodesByProfileID(profileID)
217 }
218
219 func (c Context) DeleteAuthorizationCodesByClientID(clientID uuid.ID) error {
220 if c.authCodes == nil {
221 return ErrNoAuthorizationCodeStore
222 }
223 return c.authCodes.deleteAuthorizationCodesByClientID(clientID)
224 }
225
226 // UseAuthorizationCode marks the AuthorizationCode specified by the provided code as used in the authorizationCodeStore associated with
227 // the Context. Once an AuthorizationCode is marked as used, its Used property will be set to true when retrieved from the authorizationCodeStore.
228 func (c Context) UseAuthorizationCode(code string) error {
229 if c.authCodes == nil {
230 return ErrNoAuthorizationCodeStore
231 }
232 return c.authCodes.useAuthorizationCode(code)
233 }
234
235 // GetProfileByID returns the Profile specified by the provided ID from the profileStore associated with
236 // the Context.
237 func (c Context) GetProfileByID(id uuid.ID) (Profile, error) {
238 if c.profiles == nil {
239 return Profile{}, ErrNoProfileStore
240 }
241 return c.profiles.getProfileByID(id)
242 }
243
244 // GetProfileByLogin returns the Profile associated with the specified Login from the profileStore associated
245 // with the Context.
246 func (c Context) GetProfileByLogin(value string) (Profile, error) {
247 if c.profiles == nil {
248 return Profile{}, ErrNoProfileStore
249 }
250 return c.profiles.getProfileByLogin(value)
251 }
252
253 // SaveProfile inserts the passed Profile into the profileStore associated with the Context.
254 func (c Context) SaveProfile(profile Profile) error {
255 if c.profiles == nil {
256 return ErrNoProfileStore
257 }
258 return c.profiles.saveProfile(profile)
259 }
260
261 // UpdateProfile applies the supplied ProfileChange to the Profile that matches the specified ID
262 // in the profileStore associated with the Context.
263 func (c Context) UpdateProfile(id uuid.ID, change ProfileChange) error {
264 if c.profiles == nil {
265 return ErrNoProfileStore
266 }
267 return c.profiles.updateProfile(id, change)
268 }
269
270 // UpdateProfiles applies the supplied BulkProfileChange to every Profile that matches one of the
271 // specified IDs in the profileStore associated with the Context.
272 func (c Context) UpdateProfiles(ids []uuid.ID, change BulkProfileChange) error {
273 if c.profiles == nil {
274 return ErrNoProfileStore
275 }
276 return c.profiles.updateProfiles(ids, change)
277 }
278
279 // DeleteProfile removes the specified Profile from the profileStore associated with the Context.
280 func (c Context) DeleteProfile(id uuid.ID) error {
281 if c.profiles == nil {
282 return ErrNoProfileStore
283 }
284 return c.profiles.deleteProfile(id)
285 }
286
287 // AddLogin stores the passed Login in the profileStore associated with the Context. It also associates
288 // the newly-created Login with the Orofile in login.ProfileID.
289 func (c Context) AddLogin(login Login) error {
290 if c.profiles == nil {
291 return ErrNoProfileStore
292 }
293 return c.profiles.addLogin(login)
294 }
295
296 // RemoveLogin removes the specified Login from the profileStore associated with the Context, provided
297 // the Login has a ProfileID property that matches the profile ID passed in. It also disassociates the
298 // deleted Login from the Profile in login.ProfileID.
299 func (c Context) RemoveLogin(value string, profile uuid.ID) error {
300 if c.profiles == nil {
301 return ErrNoProfileStore
302 }
303 return c.profiles.removeLogin(value, profile)
304 }
305
306 // RemoveLoginsByProfile removes all Logins connected to the specified Profile in the profileStore
307 // associated with the Context and disassociates them from the Profile.
308 func (c Context) RemoveLoginsByProfile(profile uuid.ID) error {
309 if c.profiles == nil {
310 return ErrNoProfileStore
311 }
312 return c.profiles.removeLoginsByProfile(profile)
313 }
314
315 // RecordLoginUse sets the LastUsed property of the Login specified in the profileStore associated with
316 // the Context to the value passed in as when.
317 func (c Context) RecordLoginUse(value string, when time.Time) error {
318 if c.profiles == nil {
319 return ErrNoProfileStore
320 }
321 return c.profiles.recordLoginUse(value, when)
322 }
323
324 // ListLogins returns a slice of up to num Logins associated with the specified Profile from the profileStore
325 // associated with the Context, skipping offset Profiles.
326 func (c Context) ListLogins(profile uuid.ID, num, offset int) ([]Login, error) {
327 if c.profiles == nil {
328 return []Login{}, ErrNoProfileStore
329 }
330 return c.profiles.listLogins(profile, num, offset)
331 }
332
333 // GetToken returns the Token specified from the tokenStore associated with the Context.
334 // If refresh is true, the token input should be compared against the refresh tokens, not the
335 // access tokens.
336 func (c Context) GetToken(token string, refresh bool) (Token, error) {
337 if c.tokens == nil {
338 return Token{}, ErrNoTokenStore
339 }
340 return c.tokens.getToken(token, refresh)
341 }
342
343 // SaveToken stores the passed Token in the tokenStore associated with the Context.
344 func (c Context) SaveToken(token Token) error {
345 if c.tokens == nil {
346 return ErrNoTokenStore
347 }
348 return c.tokens.saveToken(token)
349 }
350
351 // RevokeToken revokes the Token identfied by the passed token string from the tokenStore associated
352 // with the context. If refresh is true, the token input should be compared against the refresh tokens,
353 // not the access tokens.
354 func (c Context) RevokeToken(token string, refresh bool) error {
355 if c.tokens == nil {
356 return ErrNoTokenStore
357 }
358 return c.tokens.revokeToken(token, refresh)
359 }
360
361 // RevokeTokensByProfileID revokes the Tokens associated with the Profile identified by the passed ID in
362 // the tokenStore associated with the Context.
363 func (c Context) RevokeTokensByProfileID(profileID uuid.ID) error {
364 if c.tokens == nil {
365 return ErrNoTokenStore
366 }
367 return c.tokens.revokeTokensByProfileID(profileID)
368 }
369
370 func (c Context) RevokeTokensByClientID(clientID uuid.ID) error {
371 if c.tokens == nil {
372 return ErrNoTokenStore
373 }
374 return c.tokens.revokeTokensByClientID(clientID)
375 }
376
377 // GetTokensByProfileID returns a slice of up to num Tokens with a ProfileID that matches the specified
378 // profileID from the tokenStore associated with the Context, skipping offset Tokens.
379 func (c Context) GetTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) {
380 if c.tokens == nil {
381 return []Token{}, ErrNoTokenStore
382 }
383 return c.tokens.getTokensByProfileID(profileID, num, offset)
384 }
385
386 // CreateSession stores the passed Session in the sessionStore associated with the Context.
387 func (c Context) CreateSession(session Session) error {
388 if c.sessions == nil {
389 return ErrNoSessionStore
390 }
391 return c.sessions.createSession(session)
392 }
393
394 // GetSession returns the Session specified from the sessionStore associated with the Context.
395 func (c Context) GetSession(id string) (Session, error) {
396 if c.sessions == nil {
397 return Session{}, ErrNoSessionStore
398 }
399 return c.sessions.getSession(id)
400 }
401
402 // TerminateSession sets the Session identified by the passed ID as inactive in the sessionStore assocated
403 // with the Context.
404 func (c Context) TerminateSession(id string) error {
405 if c.sessions == nil {
406 return ErrNoSessionStore
407 }
408 return c.sessions.terminateSession(id)
409 }
410
411 // TerminateSessionsByProfile sets the Sessions associated with the passed Profile ID as inactive in the
412 // sessionStore associated with the Context.
413 func (c Context) TerminateSessionsByProfile(profile uuid.ID) error {
414 if c.sessions == nil {
415 return ErrNoSessionStore
416 }
417 return c.sessions.terminateSessionsByProfile(profile)
418 }
419
420 // RemoveSession removes the Session identified by the passed ID from the sessionStore associated with
421 // the Context.
422 func (c Context) RemoveSession(id string) error {
423 if c.sessions == nil {
424 return ErrNoSessionStore
425 }
426 return c.sessions.removeSession(id)
427 }
428
429 // ListSessions returns a slice of up to num Sessions from the sessionStore associated with the Context,
430 // ordered by the date they were created, descending. If before.IsZero() returns false, only Sessions
431 // that were created before that time will be returned. If profile is not nil, only Sessions belonging to
432 // that Profile will be returned.
433 func (c Context) ListSessions(profile uuid.ID, before time.Time, num int64) ([]Session, error) {
434 if c.sessions == nil {
435 return []Session{}, ErrNoSessionStore
436 }
437 return c.sessions.listSessions(profile, before, num)
438 }
439
440 func (c Context) CreateScopes(scopes []Scope) error {
441 if c.scopes == nil {
442 return ErrNoScopeStore
443 }
444 return c.scopes.createScopes(scopes)
445 }
446
447 func (c Context) GetScopes(ids []string) ([]Scope, error) {
448 if c.scopes == nil {
449 return []Scope{}, ErrNoScopeStore
450 }
451 return c.scopes.getScopes(ids)
452 }
453
454 func (c Context) UpdateScope(id string, change ScopeChange) error {
455 if c.scopes == nil {
456 return ErrNoScopeStore
457 }
458 return c.scopes.updateScope(id, change)
459 }
460
461 func (c Context) RemoveScopes(ids []string) error {
462 if c.scopes == nil {
463 return ErrNoScopeStore
464 }
465 return c.scopes.removeScopes(ids)
466 }
467
468 func (c Context) ListScopes() ([]Scope, error) {
469 if c.scopes == nil {
470 return []Scope{}, ErrNoScopeStore
471 }
472 return c.scopes.listScopes()
473 }