auth

Paddy 2014-08-03 Parent:0aa843a306cd Child:422e9082eb70

3:65c49af1ed3f Browse Files

Render JSON errors. Start rendering JSON errors when obtaining an access token doesn't succeed.

access.go context.go errors.go 

     1.1 --- a/access.go	Fri Aug 01 23:54:30 2014 -0400
     1.2 +++ b/access.go	Sun Aug 03 02:06:50 2014 -0400
     1.3 @@ -47,7 +47,7 @@
     1.4  	// Only allow GET or POST
     1.5  	if r.Method != "POST" {
     1.6  		if r.Method != "GET" || !ctx.Config.AllowGetAccessRequest {
     1.7 -			// TODO: return error
     1.8 +			ctx.RenderJSONError(w, ErrorInvalidRequest, "Invalid request method.", ctx.Config.DocumentationDomain)
     1.9  			return
    1.10  		}
    1.11  	}
    1.12 @@ -64,7 +64,7 @@
    1.13  		case ClientCredentialsGrant:
    1.14  			handleClientCredentialsRequest(w, r, ctx)
    1.15  		default:
    1.16 -			// TODO: return error
    1.17 +			ctx.RenderJSONError(w, ErrorUnsupportedGrantType, "Unsupported grant type.", ctx.Config.DocumentationDomain)
    1.18  			return
    1.19  		}
    1.20  	}
    1.21 @@ -74,14 +74,14 @@
    1.22  	// get client authentication
    1.23  	auth, err := getClientAuth(r, ctx.Config.AllowClientSecretInParams)
    1.24  	if err != nil {
    1.25 -		// TODO: return error
    1.26 +		ctx.RenderJSONError(w, ErrorInvalidClient, "Invalid client auth.", ctx.Config.DocumentationDomain)
    1.27  		return
    1.28  	}
    1.29  
    1.30  	code := r.Form.Get("code")
    1.31  	// "code" is required
    1.32  	if code == "" {
    1.33 -		// TODO: return error
    1.34 +		ctx.RenderJSONError(w, ErrorInvalidRequest, "Code must be supplied.", ctx.Config.DocumentationDomain)
    1.35  		return
    1.36  	}
    1.37  
    1.38 @@ -98,17 +98,17 @@
    1.39  		// TODO: return error
    1.40  		return
    1.41  	}
    1.42 -	if authData.Client.RedirectURI == "" {
    1.43 -		// TODO: return error
    1.44 +	/*if authData.Client.RedirectURI == "" {
    1.45  		return
    1.46 -	}
    1.47 +	}*/ // TODO: should this even be checked?
    1.48  	if authData.IsExpired() {
    1.49 -		return // TODO: return error
    1.50 +		ctx.RenderJSONError(w, ErrorInvalidGrant, "Authorization is expired.", ctx.Config.DocumentationDomain)
    1.51 +		return
    1.52  	}
    1.53  
    1.54  	// code must be from the client
    1.55  	if !authData.Client.ID.Equal(client.ID) {
    1.56 -		// TODO: return error
    1.57 +		ctx.RenderJSONError(w, ErrorInvalidGrant, "Grant issued to another client.", ctx.Config.DocumentationDomain)
    1.58  		return
    1.59  	}
    1.60  
    1.61 @@ -118,11 +118,11 @@
    1.62  		redirectURI = client.RedirectURI
    1.63  	}
    1.64  	if err = validateURI(client.RedirectURI, redirectURI); err != nil {
    1.65 -		// TODO: return error
    1.66 +		ctx.RenderJSONError(w, ErrorInvalidGrant, "Redirect URI doesn't match client.", ctx.Config.DocumentationDomain)
    1.67  		return
    1.68  	}
    1.69  	if authData.RedirectURI != redirectURI {
    1.70 -		// TODO: return error
    1.71 +		ctx.RenderJSONError(w, ErrorInvalidGrant, "Redirect URI doesn't match auth redirect.", ctx.Config.DocumentationDomain)
    1.72  		return
    1.73  	}
    1.74  
    1.75 @@ -146,8 +146,9 @@
    1.76  func handleRefreshTokenRequest(w http.ResponseWriter, r *http.Request, ctx Context) {
    1.77  	// get client authentication
    1.78  	auth, err := getClientAuth(r, ctx.Config.AllowClientSecretInParams)
    1.79 +
    1.80  	if err != nil {
    1.81 -		// TODO: return error
    1.82 +		ctx.RenderJSONError(w, ErrorInvalidClient, "Invalid client auth.", ctx.Config.DocumentationDomain)
    1.83  		return
    1.84  	}
    1.85  
    1.86 @@ -155,7 +156,7 @@
    1.87  
    1.88  	// "refresh_token" is required
    1.89  	if code == "" {
    1.90 -		// TODO: return error
    1.91 +		ctx.RenderJSONError(w, ErrorInvalidRequest, "Missing refresh token.", ctx.Config.DocumentationDomain)
    1.92  		return
    1.93  	}
    1.94  
    1.95 @@ -173,13 +174,13 @@
    1.96  		return
    1.97  	}
    1.98  	if refreshData.Client.RedirectURI == "" {
    1.99 -		// TODO: return error
   1.100 +		// TODO: should this even be checked?
   1.101  		return
   1.102  	}
   1.103  
   1.104  	// client must be the same as the previous token
   1.105  	if !refreshData.Client.ID.Equal(client.ID) {
   1.106 -		// TODO: return error
   1.107 +		ctx.RenderJSONError(w, ErrorInvalidGrant, "Refresh token issued to another client.", ctx.Config.DocumentationDomain)
   1.108  		return
   1.109  	}
   1.110  
   1.111 @@ -188,6 +189,8 @@
   1.112  	if redirectURI == "" {
   1.113  		redirectURI = refreshData.RedirectURI
   1.114  	}
   1.115 +	// TODO: check redirect URI?
   1.116 +
   1.117  	scope := r.Form.Get("scope")
   1.118  	if scope == "" {
   1.119  		scope = refreshData.Scope

     2.1 --- a/context.go	Fri Aug 01 23:54:30 2014 -0400
     2.2 +++ b/context.go	Sun Aug 03 02:06:50 2014 -0400
     2.3 @@ -12,6 +12,9 @@
     2.4  func (c Context) RenderError(w io.Writer, err error) {
     2.5  }
     2.6  
     2.7 +func (c Context) RenderJSONError(w io.Writer, code, description, baseURI string) {
     2.8 +}
     2.9 +
    2.10  func (c Context) RenderConfirmation(w io.Writer) {
    2.11  }
    2.12  

     3.1 --- a/errors.go	Fri Aug 01 23:54:30 2014 -0400
     3.2 +++ b/errors.go	Sun Aug 03 02:06:50 2014 -0400
     3.3 @@ -3,9 +3,14 @@
     3.4  import "errors"
     3.5  
     3.6  const (
     3.7 -	ErrorServerError    = "server_error"
     3.8 -	ErrorInvalidRequest = "invalid_request"
     3.9 -	ErrorAccessDenied   = "access_denied"
    3.10 +	ErrorServerError          = "server_error"
    3.11 +	ErrorInvalidRequest       = "invalid_request"
    3.12 +	ErrorAccessDenied         = "access_denied"
    3.13 +	ErrorInvalidClient        = "invalid_client"
    3.14 +	ErrorInvalidGrant         = "invalid_grant"
    3.15 +	ErrorUnauthorizedClient   = "unauthorized_client"
    3.16 +	ErrorUnsupportedGrantType = "unsupported_grant_type"
    3.17 +	ErrorInvalidScope         = "invalid_scope"
    3.18  )
    3.19  
    3.20  var (