oauth

package
v0.0.0-...-13bf86e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 2, 2019 License: MPL-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AccessTokenHint ...
	AccessTokenHint = "access_token"
	// RefreshTokenHint ...
	RefreshTokenHint = "refresh_token"
)

Variables

View Source
var (
	// ErrAccessTokenNotFound ...
	ErrAccessTokenNotFound = errors.New("Access token not found")
	// ErrAccessTokenExpired ...
	ErrAccessTokenExpired = errors.New("Access token expired")
)
View Source
var (
	// ErrAuthorizationCodeNotFound ...
	ErrAuthorizationCodeNotFound = errors.New("Authorization code not found")
	// ErrAuthorizationCodeExpired ...
	ErrAuthorizationCodeExpired = errors.New("Authorization code expired")
)
View Source
var (
	// ErrClientNotFound ...
	ErrClientNotFound = errors.New("Client not found")
	// ErrInvalidClientSecret ...
	ErrInvalidClientSecret = errors.New("Invalid client secret")
	// ErrClientIDTaken ...
	ErrClientIDTaken = errors.New("Client ID taken")
)
View Source
var (
	// ErrInvalidGrantType ...
	ErrInvalidGrantType = errors.New("Invalid grant type")
	// ErrInvalidClientIDOrSecret ...
	ErrInvalidClientIDOrSecret = errors.New("Invalid client ID or secret")
)
View Source
var (
	// ErrTokenMissing ...
	ErrTokenMissing = errors.New("Token missing")
	// ErrTokenHintInvalid ...
	ErrTokenHintInvalid = errors.New("Invalid token hint")
)
View Source
var (
	// ErrRefreshTokenNotFound ...
	ErrRefreshTokenNotFound = errors.New("Refresh token not found")
	// ErrRefreshTokenExpired ...
	ErrRefreshTokenExpired = errors.New("Refresh token expired")
	// ErrRequestedScopeCannotBeGreater ...
	ErrRequestedScopeCannotBeGreater = errors.New("Requested scope cannot be greater")
)
View Source
var (
	// MinPasswordLength defines minimum password length
	MinPasswordLength = 6

	// ErrPasswordTooShort ...
	ErrPasswordTooShort = fmt.Errorf(
		"Password must be at least %d characters long",
		MinPasswordLength,
	)
	// ErrUserNotFound ...
	ErrUserNotFound = errors.New("User not found")
	// ErrInvalidUserPassword ...
	ErrInvalidUserPassword = errors.New("Invalid user password")
	// ErrCannotSetEmptyUsername ...
	ErrCannotSetEmptyUsername = errors.New("Cannot set empty username")
	// ErrUserPasswordNotSet ...
	ErrUserPasswordNotSet = errors.New("User password not set")
	// ErrUsernameTaken ...
	ErrUsernameTaken = errors.New("Username taken")
)
View Source
var (
	// ErrInvalidRedirectURI ...
	ErrInvalidRedirectURI = errors.New("Invalid redirect URI")
)
View Source
var (
	// ErrInvalidScope ...
	ErrInvalidScope = errors.New("Invalid scope")
)
View Source
var (
	// ErrInvalidUsernameOrPassword ...
	ErrInvalidUsernameOrPassword = errors.New("Invalid username or password")
)
View Source
var (
	// ErrRoleNotFound ...
	ErrRoleNotFound = errors.New("Role not found")
)

Functions

This section is empty.

Types

type AccessTokenResponse

type AccessTokenResponse struct {
	UserID       string `json:"user_id,omitempty"`
	AccessToken  string `json:"access_token"`
	ExpiresIn    int    `json:"expires_in"`
	TokenType    string `json:"token_type"`
	Scope        string `json:"scope"`
	RefreshToken string `json:"refresh_token,omitempty"`
}

AccessTokenResponse ...

func NewAccessTokenResponse

func NewAccessTokenResponse(accessToken *models.OauthAccessToken, refreshToken *models.OauthRefreshToken, lifetime int, theTokenType string) (*AccessTokenResponse, error)

NewAccessTokenResponse ...

type IntrospectResponse

type IntrospectResponse struct {
	Active    bool   `json:"active"`
	Scope     string `json:"scope,omitempty"`
	ClientID  string `json:"client_id,omitempty"`
	Username  string `json:"username,omitempty"`
	TokenType string `json:"token_type,omitempty"`
	ExpiresAt int    `json:"exp,omitempty"`
}

IntrospectResponse ...

type Service

type Service struct {
	// contains filtered or unexported fields
}

Service struct keeps objects to avoid passing them around

func NewService

func NewService(cnf *config.Config, db *gorm.DB) *Service

NewService returns a new Service instance

func (*Service) AuthClient

func (s *Service) AuthClient(clientID, secret string) (*models.OauthClient, error)

AuthClient authenticates client

func (*Service) AuthUser

func (s *Service) AuthUser(username, password string) (*models.OauthUser, error)

AuthUser authenticates user

func (*Service) Authenticate

func (s *Service) Authenticate(token string) (*models.OauthAccessToken, error)

Authenticate checks the access token is valid

func (*Service) ClearUserTokens

func (s *Service) ClearUserTokens(userSession *session.UserSession)

ClearUserTokens deletes the user's access and refresh tokens associated with this client id

func (*Service) ClientExists

func (s *Service) ClientExists(clientID string) bool

ClientExists returns true if client exists

func (*Service) Close

func (s *Service) Close()

Close stops any running services

func (*Service) CreateClient

func (s *Service) CreateClient(clientID, secret, redirectURI string) (*models.OauthClient, error)

CreateClient saves a new client to database

func (*Service) CreateClientTx

func (s *Service) CreateClientTx(tx *gorm.DB, clientID, secret, redirectURI string) (*models.OauthClient, error)

CreateClientTx saves a new client to database using injected db object

func (*Service) CreateUser

func (s *Service) CreateUser(roleID, username, password string) (*models.OauthUser, error)

CreateUser saves a new user to database

func (*Service) CreateUserTx

func (s *Service) CreateUserTx(tx *gorm.DB, roleID, username, password string) (*models.OauthUser, error)

CreateUserTx saves a new user to database using injected db object

func (*Service) FindClientByClientID

func (s *Service) FindClientByClientID(clientID string) (*models.OauthClient, error)

FindClientByClientID looks up a client by client ID

func (*Service) FindRoleByID

func (s *Service) FindRoleByID(id string) (*models.OauthRole, error)

FindRoleByID looks up a role by ID and returns it

func (*Service) FindUserByUsername

func (s *Service) FindUserByUsername(username string) (*models.OauthUser, error)

FindUserByUsername looks up a user by username

func (*Service) GetConfig

func (s *Service) GetConfig() *config.Config

GetConfig returns config.Config instance

func (*Service) GetDefaultScope

func (s *Service) GetDefaultScope() string

GetDefaultScope returns the default scope

func (*Service) GetOrCreateRefreshToken

func (s *Service) GetOrCreateRefreshToken(client *models.OauthClient, user *models.OauthUser, expiresIn int, scope string) (*models.OauthRefreshToken, error)

GetOrCreateRefreshToken retrieves an existing refresh token, if expired, the token gets deleted and new refresh token is created

func (*Service) GetRoutes

func (s *Service) GetRoutes() []routes.Route

GetRoutes returns []routes.Route slice for the oauth service

func (*Service) GetScope

func (s *Service) GetScope(requestedScope string) (string, error)

GetScope takes a requested scope and, if it's empty, returns the default scope, if not empty, it validates the requested scope

func (*Service) GetValidRefreshToken

func (s *Service) GetValidRefreshToken(token string, client *models.OauthClient) (*models.OauthRefreshToken, error)

GetValidRefreshToken returns a valid non expired refresh token

func (*Service) GrantAccessToken

func (s *Service) GrantAccessToken(client *models.OauthClient, user *models.OauthUser, expiresIn int, scope string) (*models.OauthAccessToken, error)

GrantAccessToken deletes old tokens and grants a new access token

func (*Service) GrantAuthorizationCode

func (s *Service) GrantAuthorizationCode(client *models.OauthClient, user *models.OauthUser, expiresIn int, redirectURI, scope string) (*models.OauthAuthorizationCode, error)

GrantAuthorizationCode grants a new authorization code

func (*Service) IsRoleAllowed

func (s *Service) IsRoleAllowed(role string) bool

IsRoleAllowed returns true if the role is allowed to use this service

func (*Service) Login

Login creates an access token and refresh token for a user (logs him/her in)

func (*Service) NewIntrospectResponseFromAccessToken

func (s *Service) NewIntrospectResponseFromAccessToken(accessToken *models.OauthAccessToken) (*IntrospectResponse, error)

NewIntrospectResponseFromAccessToken ...

func (*Service) NewIntrospectResponseFromRefreshToken

func (s *Service) NewIntrospectResponseFromRefreshToken(refreshToken *models.OauthRefreshToken) (*IntrospectResponse, error)

NewIntrospectResponseFromRefreshToken ...

func (*Service) RegisterRoutes

func (s *Service) RegisterRoutes(router *mux.Router, prefix string)

RegisterRoutes registers route handlers for the oauth service

func (*Service) RestrictToRoles

func (s *Service) RestrictToRoles(allowedRoles ...string)

RestrictToRoles restricts this service to only specified roles

func (*Service) ScopeExists

func (s *Service) ScopeExists(requestedScope string) bool

ScopeExists checks if a scope exists

func (*Service) SetPassword

func (s *Service) SetPassword(user *models.OauthUser, password string) error

SetPassword sets a user password

func (*Service) SetPasswordTx

func (s *Service) SetPasswordTx(tx *gorm.DB, user *models.OauthUser, password string) error

SetPasswordTx sets a user password in a transaction

func (*Service) UpdateUsername

func (s *Service) UpdateUsername(user *models.OauthUser, username string) error

UpdateUsername ...

func (*Service) UpdateUsernameTx

func (s *Service) UpdateUsernameTx(tx *gorm.DB, user *models.OauthUser, username string) error

UpdateUsernameTx ...

func (*Service) UserExists

func (s *Service) UserExists(username string) bool

UserExists returns true if user exists

type ServiceInterface

type ServiceInterface interface {
	// Exported methods
	GetConfig() *config.Config
	RestrictToRoles(allowedRoles ...string)
	IsRoleAllowed(role string) bool
	FindRoleByID(id string) (*models.OauthRole, error)
	GetRoutes() []routes.Route
	RegisterRoutes(router *mux.Router, prefix string)
	ClientExists(clientID string) bool
	FindClientByClientID(clientID string) (*models.OauthClient, error)
	CreateClient(clientID, secret, redirectURI string) (*models.OauthClient, error)
	CreateClientTx(tx *gorm.DB, clientID, secret, redirectURI string) (*models.OauthClient, error)
	AuthClient(clientID, secret string) (*models.OauthClient, error)
	UserExists(username string) bool
	FindUserByUsername(username string) (*models.OauthUser, error)
	CreateUser(roleID, username, password string) (*models.OauthUser, error)
	CreateUserTx(tx *gorm.DB, roleID, username, password string) (*models.OauthUser, error)
	SetPassword(user *models.OauthUser, password string) error
	SetPasswordTx(tx *gorm.DB, user *models.OauthUser, password string) error
	UpdateUsername(user *models.OauthUser, username string) error
	UpdateUsernameTx(db *gorm.DB, user *models.OauthUser, username string) error
	AuthUser(username, thePassword string) (*models.OauthUser, error)
	GetScope(requestedScope string) (string, error)
	GetDefaultScope() string
	ScopeExists(requestedScope string) bool
	Login(client *models.OauthClient, user *models.OauthUser, scope string) (*models.OauthAccessToken, *models.OauthRefreshToken, error)
	GrantAuthorizationCode(client *models.OauthClient, user *models.OauthUser, expiresIn int, redirectURI, scope string) (*models.OauthAuthorizationCode, error)
	GrantAccessToken(client *models.OauthClient, user *models.OauthUser, expiresIn int, scope string) (*models.OauthAccessToken, error)
	GetOrCreateRefreshToken(client *models.OauthClient, user *models.OauthUser, expiresIn int, scope string) (*models.OauthRefreshToken, error)
	GetValidRefreshToken(token string, client *models.OauthClient) (*models.OauthRefreshToken, error)
	Authenticate(token string) (*models.OauthAccessToken, error)
	NewIntrospectResponseFromAccessToken(accessToken *models.OauthAccessToken) (*IntrospectResponse, error)
	NewIntrospectResponseFromRefreshToken(refreshToken *models.OauthRefreshToken) (*IntrospectResponse, error)
	ClearUserTokens(userSession *session.UserSession)
	Close()
}

ServiceInterface defines exported methods

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL