oauth

package
v0.0.0-...-318ef2c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 22, 2016 License: MPL-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AccessTokenHint ...
	AccessTokenHint = "access_token"
	// RefreshTokenHint ...
	RefreshTokenHint = "refresh_token"
)

Variables

View Source
var (
	// ErrAccessTokenNotFound ...
	ErrAccessTokenNotFound = errors.New("Access token not found")
	// ErrAccessTokenExpired ...
	ErrAccessTokenExpired = errors.New("Access token expired")
)
View Source
var (
	// ErrAuthorizationCodeNotFound ...
	ErrAuthorizationCodeNotFound = errors.New("Authorization code not found")
	// ErrAuthorizationCodeExpired ...
	ErrAuthorizationCodeExpired = errors.New("Authorization code expired")
)
View Source
var (
	// ErrClientNotFound ...
	ErrClientNotFound = errors.New("Client not found")
	// ErrInvalidClientSecret ...
	ErrInvalidClientSecret = errors.New("Invalid client secret")
	// ErrClientIDTaken ...
	ErrClientIDTaken = errors.New("Client ID taken")
)
View Source
var (
	// ErrInvalidGrantType ...
	ErrInvalidGrantType = errors.New("Invalid grant type")
	// ErrInvalidClientIDOrSecret ...
	ErrInvalidClientIDOrSecret = errors.New("Invalid client ID or secret")
)
View Source
var (
	// ErrTokenMissing ...
	ErrTokenMissing = errors.New("Token missing")
	// ErrTokenHintInvalid ...
	ErrTokenHintInvalid = errors.New("Invalid token hint")
)
View Source
var (
	// ErrRefreshTokenNotFound ...
	ErrRefreshTokenNotFound = errors.New("Refresh token not found")
	// ErrRefreshTokenExpired ...
	ErrRefreshTokenExpired = errors.New("Refresh token expired")
	// ErrRequestedScopeCannotBeGreater ...
	ErrRequestedScopeCannotBeGreater = errors.New("Requested scope cannot be greater")
)
View Source
var (
	// MinPasswordLength defines minimum password length
	MinPasswordLength = 6

	// ErrPasswordTooShort ...
	ErrPasswordTooShort = fmt.Errorf(
		"Password must be at least %d characters long",
		MinPasswordLength,
	)
	// ErrUserNotFound ...
	ErrUserNotFound = errors.New("User not found")
	// ErrInvalidUserPassword ...
	ErrInvalidUserPassword = errors.New("Invalid user password")
	// ErrCannotSetEmptyUsername ...
	ErrCannotSetEmptyUsername = errors.New("Cannot set empty username")
	// ErrUserPasswordNotSet ...
	ErrUserPasswordNotSet = errors.New("User password not set")
	// ErrUsernameTaken ...
	ErrUsernameTaken = errors.New("Username taken")
)
View Source
var (
	// ErrInvalidRedirectURI ...
	ErrInvalidRedirectURI = errors.New("Invalid redirect URI")
)
View Source
var (
	// ErrInvalidScope ...
	ErrInvalidScope = errors.New("Invalid scope")
)
View Source
var (
	// ErrInvalidUsernameOrPassword ...
	ErrInvalidUsernameOrPassword = errors.New("Invalid username or password")
)
View Source
var (
	// ErrRoleNotFound ...
	ErrRoleNotFound = errors.New("Role not found")
)

Functions

func AccessTokenPreload

func AccessTokenPreload(db *gorm.DB) *gorm.DB

AccessTokenPreload sets up Gorm preloads for an access token object

func AccessTokenPreloadWithPrefix

func AccessTokenPreloadWithPrefix(db *gorm.DB, prefix string) *gorm.DB

AccessTokenPreloadWithPrefix sets up Gorm preloads for an access token object, and prefixes with prefix for nested objects

func AuthorizationCodePreload

func AuthorizationCodePreload(db *gorm.DB) *gorm.DB

AuthorizationCodePreload sets up Gorm preloads for an auth code object

func AuthorizationCodePreloadWithPrefix

func AuthorizationCodePreloadWithPrefix(db *gorm.DB, prefix string) *gorm.DB

AuthorizationCodePreloadWithPrefix sets up Gorm preloads for an auth code object, and prefixes with prefix for nested objects

func MigrateAll

func MigrateAll(db *gorm.DB) error

MigrateAll executes all migrations

func RefreshTokenPreload

func RefreshTokenPreload(db *gorm.DB) *gorm.DB

RefreshTokenPreload sets up Gorm preloads for a refresh token object

func RefreshTokenPreloadWithPrefix

func RefreshTokenPreloadWithPrefix(db *gorm.DB, prefix string) *gorm.DB

RefreshTokenPreloadWithPrefix sets up Gorm preloads for a refresh token object, and prefixes with prefix for nested objects

Types

type AccessToken

type AccessToken struct {
	gorm.Model
	ClientID  sql.NullInt64 `sql:"index;not null"`
	UserID    sql.NullInt64 `sql:"index"`
	Client    *Client
	User      *User
	Token     string    `sql:"type:varchar(40);unique;not null"`
	ExpiresAt time.Time `sql:"not null"`
	Scope     string    `sql:"type:varchar(200);not null"`
}

AccessToken ...

func NewAccessToken

func NewAccessToken(client *Client, user *User, expiresIn int, scope string) *AccessToken

NewAccessToken creates new AccessToken instance

func (*AccessToken) TableName

func (at *AccessToken) TableName() string

TableName specifies table name

type AccessTokenResponse

type AccessTokenResponse struct {
	UserID       uint   `json:"user_id,omitempty"`
	AccessToken  string `json:"access_token"`
	ExpiresIn    int    `json:"expires_in"`
	TokenType    string `json:"token_type"`
	Scope        string `json:"scope"`
	RefreshToken string `json:"refresh_token,omitempty"`
}

AccessTokenResponse ...

func NewAccessTokenResponse

func NewAccessTokenResponse(accessToken *AccessToken, refreshToken *RefreshToken, lifetime int, theTokenType string) (*AccessTokenResponse, error)

NewAccessTokenResponse ...

type AuthorizationCode

type AuthorizationCode struct {
	gorm.Model
	ClientID    sql.NullInt64 `sql:"index;not null"`
	UserID      sql.NullInt64 `sql:"index;not null"`
	Client      *Client
	User        *User
	Code        string         `sql:"type:varchar(40);unique;not null"`
	RedirectURI sql.NullString `sql:"type:varchar(200)"`
	ExpiresAt   time.Time      `sql:"not null"`
	Scope       string         `sql:"type:varchar(200);not null"`
}

AuthorizationCode ...

func NewAuthorizationCode

func NewAuthorizationCode(client *Client, user *User, expiresIn int, redirectURI, scope string) *AuthorizationCode

NewAuthorizationCode creates new AuthorizationCode instance

func (*AuthorizationCode) TableName

func (ac *AuthorizationCode) TableName() string

TableName specifies table name

type Client

type Client struct {
	gorm.Model
	Key         string         `sql:"type:varchar(254);unique;not null"`
	Secret      string         `sql:"type:varchar(60);not null"`
	RedirectURI sql.NullString `sql:"type:varchar(200)"`
}

Client ...

func (*Client) TableName

func (c *Client) TableName() string

TableName specifies table name

type IntrospectResponse

type IntrospectResponse struct {
	Active    bool   `json:"active"`
	Scope     string `json:"scope,omitempty"`
	ClientID  string `json:"client_id,omitempty"`
	Username  string `json:"username,omitempty"`
	TokenType string `json:"token_type,omitempty"`
	ExpiresAt int    `json:"exp,omitempty"`
}

IntrospectResponse ...

type RefreshToken

type RefreshToken struct {
	gorm.Model
	ClientID  sql.NullInt64 `sql:"index;not null"`
	UserID    sql.NullInt64 `sql:"index"`
	Client    *Client
	User      *User
	Token     string    `sql:"type:varchar(40);unique;not null"`
	ExpiresAt time.Time `sql:"not null"`
	Scope     string    `sql:"type:varchar(200);not null"`
}

RefreshToken ...

func NewRefreshToken

func NewRefreshToken(client *Client, user *User, expiresIn int, scope string) *RefreshToken

NewRefreshToken creates new RefreshToken instance

func (*RefreshToken) TableName

func (rt *RefreshToken) TableName() string

TableName specifies table name

type Role

type Role struct {
	database.TimestampModel
	ID   string `gorm:"primary_key" sql:"type:varchar(20)"`
	Name string `sql:"type:varchar(50);unique;not null"`
}

Role is a one of roles user can have (currently superuser or user)

func (*Role) TableName

func (r *Role) TableName() string

TableName specifies table name

type Scope

type Scope struct {
	gorm.Model
	Scope       string `sql:"type:varchar(200);unique;not null"`
	Description sql.NullString
	IsDefault   bool `sql:"default:false"`
}

Scope ...

func (*Scope) TableName

func (s *Scope) TableName() string

TableName specifies table name

type Service

type Service struct {
	// contains filtered or unexported fields
}

Service struct keeps objects to avoid passing them around

func NewService

func NewService(cnf *config.Config, db *gorm.DB) *Service

NewService starts a new Service instance

func (*Service) AuthClient

func (s *Service) AuthClient(clientID, secret string) (*Client, error)

AuthClient authenticates client

func (*Service) AuthUser

func (s *Service) AuthUser(username, password string) (*User, error)

AuthUser authenticates user

func (*Service) Authenticate

func (s *Service) Authenticate(token string) (*AccessToken, error)

Authenticate checks the access token is valid

func (*Service) ClientExists

func (s *Service) ClientExists(clientID string) bool

ClientExists returns true if client exists

func (*Service) CreateClient

func (s *Service) CreateClient(clientID, secret, redirectURI string) (*Client, error)

CreateClient saves a new client to database

func (*Service) CreateClientTx

func (s *Service) CreateClientTx(tx *gorm.DB, clientID, secret, redirectURI string) (*Client, error)

CreateClientTx saves a new client to database using injected db object

func (*Service) CreateUser

func (s *Service) CreateUser(roleID, username, password string) (*User, error)

CreateUser saves a new user to database

func (*Service) CreateUserTx

func (s *Service) CreateUserTx(tx *gorm.DB, roleID, username, password string) (*User, error)

CreateUserTx saves a new user to database using injected db object

func (*Service) FindClientByClientID

func (s *Service) FindClientByClientID(clientID string) (*Client, error)

FindClientByClientID looks up a client by client ID

func (*Service) FindRoleByID

func (s *Service) FindRoleByID(id string) (*Role, error)

FindRoleByID looks up a role by ID and returns it

func (*Service) FindUserByUsername

func (s *Service) FindUserByUsername(username string) (*User, error)

FindUserByUsername looks up a user by username

func (*Service) GetConfig

func (s *Service) GetConfig() *config.Config

GetConfig returns config.Config instance

func (*Service) GetDefaultScope

func (s *Service) GetDefaultScope() string

GetDefaultScope returns the default scope

func (*Service) GetOrCreateRefreshToken

func (s *Service) GetOrCreateRefreshToken(client *Client, user *User, expiresIn int, scope string) (*RefreshToken, error)

GetOrCreateRefreshToken retrieves an existing refresh token, if expired, the token gets deleted and new refresh token is created

func (*Service) GetRoutes

func (s *Service) GetRoutes() []routes.Route

GetRoutes returns []routes.Route slice for the oauth service

func (*Service) GetScope

func (s *Service) GetScope(requestedScope string) (string, error)

GetScope takes a requested scope and, if it's empty, returns the default scope, if not empty, it validates the requested scope

func (*Service) GetValidRefreshToken

func (s *Service) GetValidRefreshToken(token string, client *Client) (*RefreshToken, error)

GetValidRefreshToken returns a valid non expired refresh token

func (*Service) GrantAccessToken

func (s *Service) GrantAccessToken(client *Client, user *User, expiresIn int, scope string) (*AccessToken, error)

GrantAccessToken deletes old tokens and grants a new access token

func (*Service) GrantAuthorizationCode

func (s *Service) GrantAuthorizationCode(client *Client, user *User, expiresIn int, redirectURI, scope string) (*AuthorizationCode, error)

GrantAuthorizationCode grants a new authorization code

func (*Service) IsRoleAllowed

func (s *Service) IsRoleAllowed(role string) bool

IsRoleAllowed returns true if the role is allowed to use this service

func (*Service) Login

func (s *Service) Login(client *Client, user *User, scope string) (*AccessToken, *RefreshToken, error)

Login creates an access token and refresh token for a user (logs him/her in)

func (*Service) NewIntrospectResponseFromAccessToken

func (s *Service) NewIntrospectResponseFromAccessToken(accessToken *AccessToken) (*IntrospectResponse, error)

NewIntrospectResponseFromAccessToken ...

func (*Service) NewIntrospectResponseFromRefreshToken

func (s *Service) NewIntrospectResponseFromRefreshToken(refreshToken *RefreshToken) (*IntrospectResponse, error)

NewIntrospectResponseFromRefreshToken ...

func (*Service) RegisterRoutes

func (s *Service) RegisterRoutes(router *mux.Router, prefix string)

RegisterRoutes registers route handlers for the oauth service

func (*Service) RestrictToRoles

func (s *Service) RestrictToRoles(allowedRoles ...string)

RestrictToRoles restricts this service to only specified roles

func (*Service) ScopeExists

func (s *Service) ScopeExists(requestedScope string) bool

ScopeExists checks if a scope exists

func (*Service) SetPassword

func (s *Service) SetPassword(user *User, password string) error

SetPassword sets a user password

func (*Service) SetPasswordTx

func (s *Service) SetPasswordTx(tx *gorm.DB, user *User, password string) error

SetPasswordTx sets a user password in a transaction

func (*Service) UpdateUsername

func (s *Service) UpdateUsername(user *User, username string) error

UpdateUsername ...

func (*Service) UpdateUsernameTx

func (s *Service) UpdateUsernameTx(tx *gorm.DB, user *User, username string) error

UpdateUsernameTx ...

func (*Service) UserExists

func (s *Service) UserExists(username string) bool

UserExists returns true if user exists

type ServiceInterface

type ServiceInterface interface {
	// Exported methods
	GetConfig() *config.Config
	RestrictToRoles(allowedRoles ...string)
	IsRoleAllowed(role string) bool
	GetRoutes() []routes.Route
	RegisterRoutes(router *mux.Router, prefix string)
	ClientExists(clientID string) bool
	FindClientByClientID(clientID string) (*Client, error)
	CreateClient(clientID, secret, redirectURI string) (*Client, error)
	CreateClientTx(tx *gorm.DB, clientID, secret, redirectURI string) (*Client, error)
	AuthClient(clientID, secret string) (*Client, error)
	UserExists(username string) bool
	FindUserByUsername(username string) (*User, error)
	CreateUser(roleID, username, password string) (*User, error)
	CreateUserTx(tx *gorm.DB, roleID, username, password string) (*User, error)
	SetPassword(user *User, password string) error
	SetPasswordTx(tx *gorm.DB, user *User, password string) error
	UpdateUsername(user *User, username string) error
	UpdateUsernameTx(db *gorm.DB, user *User, username string) error
	AuthUser(username, thePassword string) (*User, error)
	GetScope(requestedScope string) (string, error)
	Login(client *Client, user *User, scope string) (*AccessToken, *RefreshToken, error)
	GrantAuthorizationCode(client *Client, user *User, expiresIn int, redirectURI, scope string) (*AuthorizationCode, error)
	GrantAccessToken(client *Client, user *User, expiresIn int, scope string) (*AccessToken, error)
	GetOrCreateRefreshToken(client *Client, user *User, expiresIn int, scope string) (*RefreshToken, error)
	GetValidRefreshToken(token string, client *Client) (*RefreshToken, error)
	Authenticate(token string) (*AccessToken, error)
	NewIntrospectResponseFromAccessToken(accessToken *AccessToken) (*IntrospectResponse, error)
	NewIntrospectResponseFromRefreshToken(refreshToken *RefreshToken) (*IntrospectResponse, error)
}

ServiceInterface defines exported methods

type User

type User struct {
	gorm.Model
	RoleID     sql.NullString `sql:"type:varchar(20);index;not null"`
	Role       *Role
	Username   string         `sql:"type:varchar(254);unique;not null"`
	Password   sql.NullString `sql:"type:varchar(60)"`
	MetaUserID uint           `sql:"index"`
}

User ...

func (*User) TableName

func (u *User) TableName() string

TableName specifies table name

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL