auth
124:d14f0a81498c Browse Files
Fill out token.CreatedFrom. Add a GrantType.AuditString() string method that will return a string for an audit log. Basically, it returns enough information to identify how the token got created. For client credentials, that's just the string "client_credentials". For user credentials, that's just the string "credentials". For auth codes, that's "authcode:", followed by the code used. For refresh tokens, that's "refresh_token:", followed by the refresh token used.
authcode.go client.go oauth2.go session.go token.go
1.1 --- a/authcode.go Sun Jan 18 04:54:02 2015 -0500 1.2 +++ b/authcode.go Sun Jan 18 05:03:17 2015 -0500 1.3 @@ -16,6 +16,7 @@ 1.4 IssuesRefresh: true, 1.5 ReturnToken: RenderJSONToken, 1.6 AllowsPublic: true, 1.7 + AuditString: authCodeGrantAuditString, 1.8 }) 1.9 } 1.10 1.11 @@ -138,3 +139,7 @@ 1.12 } 1.13 return context.UseAuthorizationCode(code) 1.14 } 1.15 + 1.16 +func authCodeGrantAuditString(r *http.Request) string { 1.17 + return "authcode:" + r.PostFormValue("code") 1.18 +}
2.1 --- a/client.go Sun Jan 18 04:54:02 2015 -0500 2.2 +++ b/client.go Sun Jan 18 05:03:17 2015 -0500 2.3 @@ -24,6 +24,7 @@ 2.4 IssuesRefresh: true, 2.5 ReturnToken: RenderJSONToken, 2.6 AllowsPublic: false, 2.7 + AuditString: clientCredentialsAuditString, 2.8 }) 2.9 } 2.10 2.11 @@ -487,3 +488,7 @@ 2.12 valid = true 2.13 return 2.14 } 2.15 + 2.16 +func clientCredentialsAuditString(r *http.Request) string { 2.17 + return "client_credentials" 2.18 +}
3.1 --- a/oauth2.go Sun Jan 18 04:54:02 2015 -0500 3.2 +++ b/oauth2.go Sun Jan 18 05:03:17 2015 -0500 3.3 @@ -59,12 +59,16 @@ 3.4 // AllowsPublic determines whether the GrantType should allow public clients to use that grant. If true, clients without 3.5 // credentials will be able to use the grant to obtain a token. 3.6 // 3.7 +// AuditString should return the string that will be saved in the resulting Token's CreatedFrom field, as an audit log of how 3.8 +// the Token was authorized. 3.9 +// 3.10 // The ReturnToken will be called when a token is created and needs to be returned to the client. If it returns true, the token 3.11 // was successfully returned and the Invalidate function will be called asynchronously. 3.12 type GrantType struct { 3.13 Validate func(w http.ResponseWriter, r *http.Request, context Context) (scope string, profileID uuid.ID, valid bool) 3.14 Invalidate func(r *http.Request, context Context) error 3.15 ReturnToken func(w http.ResponseWriter, r *http.Request, token Token, context Context) bool 3.16 + AuditString func(r *http.Request) string 3.17 IssuesRefresh bool 3.18 AllowsPublic bool 3.19 } 3.20 @@ -376,6 +380,7 @@ 3.21 AccessToken: uuid.NewID().String(), 3.22 RefreshToken: refresh, 3.23 Created: time.Now(), 3.24 + CreatedFrom: gt.AuditString(r), 3.25 ExpiresIn: defaultTokenExpiration, 3.26 RefreshExpiresIn: defaultRefreshTokenExpiration, 3.27 TokenType: "bearer",
4.1 --- a/session.go Sun Jan 18 04:54:02 2015 -0500 4.2 +++ b/session.go Sun Jan 18 05:03:17 2015 -0500 4.3 @@ -25,6 +25,7 @@ 4.4 Invalidate: nil, 4.5 IssuesRefresh: true, 4.6 ReturnToken: RenderJSONToken, 4.7 + AuditString: credentialsAuditString, 4.8 }) 4.9 } 4.10 4.11 @@ -301,3 +302,7 @@ 4.12 valid = true 4.13 return 4.14 } 4.15 + 4.16 +func credentialsAuditString(r *http.Request) string { 4.17 + return "credentials" 4.18 +}
5.1 --- a/token.go Sun Jan 18 04:54:02 2015 -0500 5.2 +++ b/token.go Sun Jan 18 05:03:17 2015 -0500 5.3 @@ -21,6 +21,7 @@ 5.4 Invalidate: refreshTokenInvalidate, 5.5 IssuesRefresh: true, 5.6 ReturnToken: RenderJSONToken, 5.7 + AuditString: refreshTokenAuditString, 5.8 }) 5.9 } 5.10 5.11 @@ -215,3 +216,7 @@ 5.12 } 5.13 return context.RevokeToken(refresh, true) 5.14 } 5.15 + 5.16 +func refreshTokenAuditString(r *http.Request) string { 5.17 + return "refresh_token:" + r.PostFormValue("refresh_token") 5.18 +}