auth

Paddy 2015-01-18 Parent:565a9335e035 Child:118a69954621

119:3ec7134fa211 Browse Files

Exchange resource owner credentials for access token. Well, that was easy.

oauth2.go session.go 

     1.1 --- a/oauth2.go	Sun Jan 18 01:54:11 2015 -0500
     1.2 +++ b/oauth2.go	Sun Jan 18 01:54:53 2015 -0500
     1.3 @@ -360,7 +360,6 @@
     1.4  	}
     1.5  }
     1.6  
     1.7 -// TODO(paddy): exchange user credentials for access token
     1.8  // TODO(paddy): exchange client credentials for access token
     1.9  // TODO(paddy): implicit grant for access token
    1.10  // TODO(paddy): exchange refresh token for access token

     2.1 --- a/session.go	Sun Jan 18 01:54:11 2015 -0500
     2.2 +++ b/session.go	Sun Jan 18 01:54:53 2015 -0500
     2.3 @@ -3,6 +3,7 @@
     2.4  import (
     2.5  	"crypto/sha256"
     2.6  	"encoding/hex"
     2.7 +	"encoding/json"
     2.8  	"errors"
     2.9  	"log"
    2.10  	"net/http"
    2.11 @@ -18,6 +19,15 @@
    2.12  	loginTemplateName = "login"
    2.13  )
    2.14  
    2.15 +func init() {
    2.16 +	RegisterGrantType("password", GrantType{
    2.17 +		Validate:      credentialsValidate,
    2.18 +		Invalidate:    nil,
    2.19 +		IssuesRefresh: true,
    2.20 +		ReturnToken:   RenderJSONToken,
    2.21 +	})
    2.22 +}
    2.23 +
    2.24  var (
    2.25  	// ErrNoSessionStore is returned when a Context tries to act on a sessionStore without setting on first.
    2.26  	ErrNoSessionStore = errors.New("no sessionStore was specified for the Context")
    2.27 @@ -270,3 +280,24 @@
    2.28  		"errors": errors,
    2.29  	})
    2.30  }
    2.31 +
    2.32 +func credentialsValidate(w http.ResponseWriter, r *http.Request, context Context) (scope string, profileID uuid.ID, valid bool) {
    2.33 +	enc := json.NewEncoder(w)
    2.34 +	username := r.PostFormValue("username")
    2.35 +	password := r.PostFormValue("password")
    2.36 +	scope = r.PostFormValue("scope")
    2.37 +	profile, err := authenticate(username, password, context)
    2.38 +	if err != nil {
    2.39 +		if err == ErrIncorrectAuth || err == ErrProfileCompromised || err == ErrProfileLocked {
    2.40 +			w.WriteHeader(http.StatusBadRequest)
    2.41 +			renderJSONError(enc, "invalid_grant")
    2.42 +			return
    2.43 +		}
    2.44 +		w.WriteHeader(http.StatusInternalServerError)
    2.45 +		w.Write([]byte(err.Error()))
    2.46 +		return
    2.47 +	}
    2.48 +	profileID = profile.ID
    2.49 +	valid = true
    2.50 +	return
    2.51 +}