auth

Paddy 2015-04-11 Parent:3e8964a914ef Child:73e12d5a1124

159:cf6c1f05eb21 Go to Latest

auth/scope.go

Enable terminating sessions through the API. Add a terminateSession method to the sessionStore that sets the Active property of the Session to false. Create a Context.TerminateSession wrapper for the terminateSession method on the sessionStore. Add a Sessions property to our response type so we can return a []Session in API responses. Use the URL-safe encoding when base64 encoding our session ID and CSRFToken, so the ID can be passed in the URL and so our encodings are consistent. Add a TerminateSessionHandler function that will extract a Session ID from the request URL, authenticate the user, check that the authenticated user owns the session in question, and terminate the session. Add implementations for our new terminateSession method for the memstore and postgres types. Test both the memstore and postgres implementation of our terminateSession helper in session_test.go.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "errors"
5 "sort"
6 )
7
8 var (
9 ErrNoScopeStore = errors.New("scopeStore not set in Context")
10 ErrScopeNotFound = errors.New("scope not found")
11 ErrScopeAlreadyExists = errors.New("scope already exists")
12 )
13
14 // Scope represents a limit on the access that a grant provides.
15 type Scope struct {
16 ID string
17 Name string
18 Description string
19 }
20
21 func (s *Scope) ApplyChange(change ScopeChange) {
22 if change.Name != nil {
23 s.Name = *change.Name
24 }
25 if change.Description != nil {
26 s.Description = *change.Description
27 }
28 }
29
30 type sortedScopes []Scope
31
32 func (s sortedScopes) Len() int {
33 return len(s)
34 }
35
36 func (s sortedScopes) Swap(i, j int) {
37 s[i], s[j] = s[j], s[i]
38 }
39
40 func (s sortedScopes) Less(i, j int) bool {
41 return s[i].ID < s[j].ID
42 }
43
44 // ScopeChange represents a change to a Scope.
45 type ScopeChange struct {
46 Name *string
47 Description *string
48 }
49
50 func (s ScopeChange) Empty() bool {
51 return s.Name == nil && s.Description == nil
52 }
53
54 type scopeStore interface {
55 createScopes(scopes []Scope) error
56 getScopes(ids []string) ([]Scope, error)
57 updateScope(id string, change ScopeChange) error
58 removeScopes(ids []string) error
59 listScopes() ([]Scope, error)
60 }
61
62 func (m *memstore) createScopes(scopes []Scope) error {
63 m.scopeLock.Lock()
64 defer m.scopeLock.Unlock()
65
66 for _, scope := range scopes {
67 if _, ok := m.scopes[scope.ID]; ok {
68 return ErrScopeAlreadyExists
69 }
70 }
71 for _, scope := range scopes {
72 m.scopes[scope.ID] = scope
73 }
74 return nil
75 }
76
77 func (m *memstore) getScopes(ids []string) ([]Scope, error) {
78 m.scopeLock.RLock()
79 defer m.scopeLock.RUnlock()
80
81 scopes := []Scope{}
82 for _, id := range ids {
83 scope, ok := m.scopes[id]
84 if !ok {
85 continue
86 }
87 scopes = append(scopes, scope)
88 }
89 sorted := sortedScopes(scopes)
90 sort.Sort(sorted)
91 scopes = sorted
92 return scopes, nil
93 }
94
95 func (m *memstore) updateScope(id string, change ScopeChange) error {
96 m.scopeLock.Lock()
97 defer m.scopeLock.Unlock()
98
99 scope, ok := m.scopes[id]
100 if !ok {
101 return ErrScopeNotFound
102 }
103 scope.ApplyChange(change)
104 m.scopes[id] = scope
105 return nil
106 }
107
108 func (m *memstore) removeScopes(ids []string) error {
109 m.scopeLock.Lock()
110 defer m.scopeLock.Unlock()
111
112 for _, id := range ids {
113 if _, ok := m.scopes[id]; !ok {
114 return ErrScopeNotFound
115 }
116 }
117 for _, id := range ids {
118 delete(m.scopes, id)
119 }
120 return nil
121 }
122
123 func (m *memstore) listScopes() ([]Scope, error) {
124 m.scopeLock.RLock()
125 defer m.scopeLock.RUnlock()
126
127 scopes := []Scope{}
128 for _, scope := range m.scopes {
129 scopes = append(scopes, scope)
130 }
131 sorted := sortedScopes(scopes)
132 sort.Sort(sorted)
133 scopes = sorted
134 return scopes, nil
135 }