auth

Paddy 2014-11-20 Parent:b3cd7765a7c8 Child:1dc4e152e3b0

auth/client.go

Add tests for redirecting to the login page. Make sure that we're redirecting to the configured login page (or returning an error) as expected when trying to obtain a grant code.

Download raw file

View source Diff to previous Annotate

1 package auth

3 import (

4 "errors"

5 "net/url"

6 "time"

8 "code.secondbit.org/uuid"

9 )

11 var (

12 // ErrNoClientStore is returned when a Context tries to act on a clientStore without setting one first.

13 ErrNoClientStore = errors.New("no clientStore was specified for the Context")

14 // ErrClientNotFound is returned when a Client is requested but not found in a clientStore.

15 ErrClientNotFound = errors.New("client not found in clientStore")

16 // ErrClientAlreadyExists is returned when a Client is added to a clientStore, but another Client with

17 // the same ID already exists in the clientStore.

18 ErrClientAlreadyExists = errors.New("client already exists in clientStore")

20 // ErrEmptyChange is returned when a Change has all its properties set to nil.

21 ErrEmptyChange = errors.New("change must have at least one property set")

22 // ErrClientNameTooShort is returned when a Client's Name property is too short.

23 ErrClientNameTooShort = errors.New("client name must be at least 2 characters")

24 // ErrClientNameTooLong is returned when a Client's Name property is too long.

25 ErrClientNameTooLong = errors.New("client name must be at most 32 characters")

26 // ErrClientLogoTooLong is returned when a Client's Logo property is too long.

27 ErrClientLogoTooLong = errors.New("client logo must be at most 1024 characters")

28 // ErrClientLogoNotURL is returned when a Client's Logo property is not a valid absolute URL.

29 ErrClientLogoNotURL = errors.New("client logo must be a valid absolute URL")

30 // ErrClientWebsiteTooLong is returned when a Client's Website property is too long.

31 ErrClientWebsiteTooLong = errors.New("client website must be at most 1024 characters")

32 // ErrClientWebsiteNotURL is returned when a Client's Website property is not a valid absolute URL.

33 ErrClientWebsiteNotURL = errors.New("client website must be a valid absolute URL")

34 )

36 // Client represents a client that grants access

37 // to the auth server, exchanging grants for tokens,

38 // and tokens for access.

39 type Client struct {

40 ID uuid.ID

41 Secret string

42 OwnerID uuid.ID

43 Name string

44 Logo string

45 Website string

46 Type string

47 }

49 // ApplyChange applies the properties of the passed

50 // ClientChange to the Client object it is called on.

51 func (c *Client) ApplyChange(change ClientChange) {

52 if change.Secret != nil {

53 c.Secret = *change.Secret

54 }

55 if change.OwnerID != nil {

56 c.OwnerID = change.OwnerID

57 }

58 if change.Name != nil {

59 c.Name = *change.Name

60 }

61 if change.Logo != nil {

62 c.Logo = *change.Logo

63 }

64 if change.Website != nil {

65 c.Website = *change.Website

66 }

67 }

69 // ClientChange represents a bundle of options for

70 // updating a Client's mutable data.

71 type ClientChange struct {

72 Secret *string

73 OwnerID uuid.ID

74 Name *string

75 Logo *string

76 Website *string

77 }

79 // Validate checks the ClientChange it is called on

80 // and asserts its internal validity, or lack thereof.

81 func (c ClientChange) Validate() error {

82 if c.Secret == nil && c.OwnerID == nil && c.Name == nil && c.Logo == nil && c.Website == nil {

83 return ErrEmptyChange

84 }

85 if c.Name != nil && len(*c.Name) < 2 {

86 return ErrClientNameTooShort

87 }

88 if c.Name != nil && len(*c.Name) > 32 {

89 return ErrClientNameTooLong

90 }

91 if c.Logo != nil && *c.Logo != "" {

92 if len(*c.Logo) > 1024 {

93 return ErrClientLogoTooLong

94 }

95 u, err := url.Parse(*c.Logo)

96 if err != nil || !u.IsAbs() {

97 return ErrClientLogoNotURL

98 }

99 }

100 if c.Website != nil && *c.Website != "" {

101 if len(*c.Website) > 140 {

102 return ErrClientWebsiteTooLong

103 }

104 u, err := url.Parse(*c.Website)

105 if err != nil || !u.IsAbs() {

106 return ErrClientWebsiteNotURL

107 }

108 }

109 return nil

110 }

111

112 // Endpoint represents a single URI that a Client

113 // controls. Users will be redirected to these URIs

114 // following successful authorization grants and

115 // exchanges for access tokens.

116 type Endpoint struct {

117 ID uuid.ID

118 ClientID uuid.ID

119 URI url.URL

120 Added time.Time

121 }

122

123 type sortedEndpoints []Endpoint

124

125 func (s sortedEndpoints) Len() int {

126 return len(s)

127 }

128

129 func (s sortedEndpoints) Less(i, j int) bool {

130 return s[i].Added.Before(s[j].Added)

131 }

132

133 func (s sortedEndpoints) Swap(i, j int) {

134 s[i], s[j] = s[j], s[i]

135 }

136

137 type clientStore interface {

138 getClient(id uuid.ID) (Client, error)

139 saveClient(client Client) error

140 updateClient(id uuid.ID, change ClientChange) error

141 deleteClient(id uuid.ID) error

142 listClientsByOwner(ownerID uuid.ID, num, offset int) ([]Client, error)

143

144 addEndpoint(client uuid.ID, endpoint Endpoint) error

145 removeEndpoint(client, endpoint uuid.ID) error

146 checkEndpoint(client uuid.ID, endpoint string) (bool, error)

147 listEndpoints(client uuid.ID, num, offset int) ([]Endpoint, error)

148 countEndpoints(client uuid.ID) (int64, error)

149 }

150

151 func (m *memstore) getClient(id uuid.ID) (Client, error) {

152 m.clientLock.RLock()

153 defer m.clientLock.RUnlock()

154 c, ok := m.clients[id.String()]

155 if !ok {

156 return Client{}, ErrClientNotFound

157 }

158 return c, nil

159 }

160

161 func (m *memstore) saveClient(client Client) error {

162 m.clientLock.Lock()

163 defer m.clientLock.Unlock()

164 if _, ok := m.clients[client.ID.String()]; ok {

165 return ErrClientAlreadyExists

166 }

167 m.clients[client.ID.String()] = client

168 m.profileClientLookup[client.OwnerID.String()] = append(m.profileClientLookup[client.OwnerID.String()], client.ID)

169 return nil

170 }

171

172 func (m *memstore) updateClient(id uuid.ID, change ClientChange) error {

173 m.clientLock.Lock()

174 defer m.clientLock.Unlock()

175 c, ok := m.clients[id.String()]

176 if !ok {

177 return ErrClientNotFound

178 }

179 c.ApplyChange(change)

180 m.clients[id.String()] = c

181 return nil

182 }

183

184 func (m *memstore) deleteClient(id uuid.ID) error {

185 client, err := m.getClient(id)

186 if err != nil {

187 return err

188 }

189 m.clientLock.Lock()

190 defer m.clientLock.Unlock()

191 delete(m.clients, id.String())

192 pos := -1

193 for p, item := range m.profileClientLookup[client.OwnerID.String()] {

194 if item.Equal(id) {

195 pos = p

196 break

197 }

198 }

199 if pos >= 0 {

200 m.profileClientLookup[client.OwnerID.String()] = append(m.profileClientLookup[client.OwnerID.String()][:pos], m.profileClientLookup[client.OwnerID.String()][pos+1:]...)

201 }

202 return nil

203 }

204

205 func (m *memstore) listClientsByOwner(ownerID uuid.ID, num, offset int) ([]Client, error) {

206 ids := m.lookupClientsByProfileID(ownerID.String())

207 if len(ids) > num+offset {

208 ids = ids[offset : num+offset]

209 } else if len(ids) > offset {

210 ids = ids[offset:]

211 } else {

212 return []Client{}, nil