auth

Paddy 2014-12-13 Parent:a22b35677cd5 Child:b0a759e00e6d

Implement invalidating AuthorizationCodes once used. Add a Used property to AuthorizationCodes, which is set to true in the Invalidate function of the AuthorizationCode GrantType. Implement a useAuthorizationCode function for the memstore. Add useAuthorizzationCode to the authorizationCodeStore interface.

authcode.go context.go

Diff to previous Statistics

     1.1 --- a/authcode.go	Sat Dec 13 19:24:31 2014 -0500
     1.2 +++ b/authcode.go	Sat Dec 13 19:38:56 2014 -0500
     1.3 @@ -12,6 +12,7 @@
     1.4  func init() {
     1.5  	RegisterGrantType("authorization_code", GrantType{
     1.6  		Validate:      authCodeGrantValidate,
     1.7 +		Invalidate:    authCodeGrantInvalidate,
     1.8  		IssuesRefresh: true,
     1.9  		ReturnToken:   RenderJSONToken,
    1.10  	})
    1.11 @@ -38,12 +39,14 @@
    1.12  	RedirectURI string
    1.13  	State       string
    1.14  	ProfileID   uuid.ID
    1.15 +	Used        bool
    1.16  }
    1.17  
    1.18  type authorizationCodeStore interface {
    1.19  	getAuthorizationCode(code string) (AuthorizationCode, error)
    1.20  	saveAuthorizationCode(authCode AuthorizationCode) error
    1.21  	deleteAuthorizationCode(code string) error
    1.22 +	useAuthorizationCode(code string) error
    1.23  }
    1.24  
    1.25  func (m *memstore) getAuthorizationCode(code string) (AuthorizationCode, error) {
    1.26 @@ -78,6 +81,18 @@
    1.27  	return nil
    1.28  }
    1.29  
    1.30 +func (m *memstore) useAuthorizationCode(code string) error {
    1.31 +	m.authCodeLock.Lock()
    1.32 +	defer m.authCodeLock.Unlock()
    1.33 +	a, ok := m.authCodes[code]
    1.34 +	if !ok {
    1.35 +		return ErrAuthorizationCodeNotFound
    1.36 +	}
    1.37 +	a.Used = true
    1.38 +	m.authCodes[code] = a
    1.39 +	return nil
    1.40 +}
    1.41 +
    1.42  func authCodeGrantValidate(w http.ResponseWriter, r *http.Request, context Context) (scope string, profileID uuid.ID, valid bool) {
    1.43  	enc := json.NewEncoder(w)
    1.44  	code := r.PostFormValue("code")
    1.45 @@ -116,6 +131,9 @@
    1.46  }
    1.47  
    1.48  func authCodeGrantInvalidate(r *http.Request, context Context) error {
    1.49 -	// TODO(paddy): implement marking the authcode as used.
    1.50 -	return nil
    1.51 +	code := r.PostFormValue("code")
    1.52 +	if code == "" {
    1.53 +		return ErrAuthorizationCodeNotFound
    1.54 +	}
    1.55 +	return context.UseAuthorizationCode(code)
    1.56  }

     2.1 --- a/context.go	Sat Dec 13 19:24:31 2014 -0500
     2.2 +++ b/context.go	Sat Dec 13 19:38:56 2014 -0500
     2.3 @@ -155,6 +155,15 @@
     2.4  	return c.authCodes.deleteAuthorizationCode(code)
     2.5  }
     2.6  
     2.7 +// UseAuthorizationCode marks the AuthorizationCode specified by the provided code as used in the authorizationCodeStore associated with
     2.8 +// the Context. Once an AuthorizationCode is marked as used, its Used property will be set to true when retrieved from the authorizationCodeStore.
     2.9 +func (c Context) UseAuthorizationCode(code string) error {
    2.10 +	if c.authCodes == nil {
    2.11 +		return ErrNoAuthorizationCodeStore
    2.12 +	}
    2.13 +	return c.authCodes.useAuthorizationCode(code)
    2.14 +}
    2.15 +
    2.16  // GetProfileByID returns the Profile specified by the provided ID from the profileStore associated with
    2.17  // the Context.
    2.18  func (c Context) GetProfileByID(id uuid.ID) (Profile, error) {

File	Total	Ratio
authcode.go	22
context.go	9