oauth

package
v1.0.0-10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 13, 2022 License: MPL-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AccessTokenHint ...
	AccessTokenHint = "access_token"
	// RefreshTokenHint ...
	RefreshTokenHint = "refresh_token"
)

Variables

View Source 
var (
	// ErrAccessTokenNotFound ...
	ErrAccessTokenNotFound = errors.New("Access token not found")
	// ErrAccessTokenExpired ...
	ErrAccessTokenExpired = errors.New("Access token expired")
)
View Source 
var (
	// ErrAuthorizationCodeNotFound ...
	ErrAuthorizationCodeNotFound = errors.New("Authorization code not found")
	// ErrAuthorizationCodeExpired ...
	ErrAuthorizationCodeExpired = errors.New("Authorization code expired")
)
View Source 
var (
	// ErrClientNotFound ...
	ErrClientNotFound = errors.New("Client not found")
	// ErrInvalidClientSecret ...
	ErrInvalidClientSecret = errors.New("Invalid client secret")
	// ErrClientIDTaken ...
	ErrClientIDTaken = errors.New("Client ID taken")
)
View Source 
var (
	ErrEmailTokenNotFound    = errors.New("this token was not found")
	ErrEmailTokenInvalid     = errors.New("this token is invalid or has expired")
	ErrInvalidEmailTokenLink = errors.New("email token link is invalid")
)
View Source 
var (
	// ErrInvalidGrantType ...
	ErrInvalidGrantType = errors.New("Invalid grant type")
	// ErrInvalidClientIDOrSecret ...
	ErrInvalidClientIDOrSecret = errors.New("Invalid client ID or secret")
)
View Source 
var (
	// ErrTokenMissing ...
	ErrTokenMissing = errors.New("Token missing")
	// ErrTokenHintInvalid ...
	ErrTokenHintInvalid = errors.New("Invalid token hint")
)
View Source 
var (
	// ErrRefreshTokenNotFound ...
	ErrRefreshTokenNotFound = errors.New("Refresh token not found")
	// ErrRefreshTokenExpired ...
	ErrRefreshTokenExpired = errors.New("Refresh token expired")
	// ErrRequestedScopeCannotBeGreater ...
	ErrRequestedScopeCannotBeGreater = errors.New("Requested scope cannot be greater")
)
View Source 
var (
	// MinPasswordLength defines minimum password length
	MaxLoginLength = 50
	MinLoginLength = 3

	// ErrLoginTooShort ...
	ErrLoginTooShort = fmt.Errorf(
		"Login must be at least %d characters long",
		MinLoginLength,
	)

	// ErrLoginTooShort ...
	ErrLoginTooLong = fmt.Errorf(
		"Login must be at maximum %d characters long",
		MaxLoginLength,
	)

	// ErrLoginRequired ...
	ErrLoginRequired = errors.New("Login is required")
	// ErrDisplayNameRequired ...
	ErrDisplayNameRequired = errors.New("Display Name is required")
	// ErrUsernameRequired ...
	ErrUsernameRequired = errors.New("Email is required")
	// ErrUserNotFound ...
	ErrUserNotFound = errors.New("User not found")
	// ErrInvalidUserPassword ...
	ErrInvalidUserPassword = errors.New("Invalid user password")
	// ErrCannotSetEmptyUsername ...
	ErrCannotSetEmptyUsername = errors.New("Cannot set empty username")
	// ErrUserPasswordNotSet ...
	ErrUserPasswordNotSet = errors.New("User password not set")
	// ErrUsernameTaken ...
	ErrUsernameTaken = errors.New("Email is not available")
	// ErrEmailInvalid
	ErrEmailInvalid = errors.New("Not a valid email")
	// ErrEmailNotFound
	ErrEmailNotFound = errors.New("We can't find an account registered with that address or username")
	// ErrAccountDeletionFailed
	ErrAccountDeletionFailed = errors.New("Account could not be deleted. Please reach to us now")
	// ErrEmailAsLogin
	ErrEmailAsLogin = errors.New("Username cannot be an email address")
	// ErrCountryNotFound
	ErrCountryNotFound = errors.New("Country cannot be found")
	// ErrEmailNotConfirmed
	ErrEmailNotConfirmed = errors.New("Please confirm your email address")
)
View Source 
var (
	// ErrInvalidRedirectURI ...
	ErrInvalidRedirectURI = errors.New("Invalid redirect URI")
)
View Source 
var (
	// ErrInvalidScope ...
	ErrInvalidScope = errors.New("Invalid scope")
)
View Source 
var (
	// ErrInvalidUsernameOrPassword ...
	ErrInvalidUsernameOrPassword = errors.New("Invalid username or password")
)
View Source 
var (
	// ErrRoleNotFound ...
	ErrRoleNotFound = errors.New("Role not found")
)

Functions

This section is empty.

Types

type AccessTokenResponse 

type AccessTokenResponse struct {
	UserID       string `json:"user_id,omitempty"`
	AccessToken  string `json:"access_token"`
	ExpiresIn    int    `json:"expires_in"`
	TokenType    string `json:"token_type"`
	Scope        string `json:"scope"`
	RefreshToken string `json:"refresh_token,omitempty"`
}

AccessTokenResponse ...

func NewAccessTokenResponse 

func NewAccessTokenResponse(accessToken *model.AccessToken, refreshToken *model.RefreshToken, lifetime int, theTokenType string) (*AccessTokenResponse, error)

NewAccessTokenResponse ...

type IntrospectResponse 

type IntrospectResponse struct {
	UserID    string `json:"user_id,omitempty"`
	Active    bool   `json:"active"`
	Scope     string `json:"scope,omitempty"`
	ClientID  string `json:"client_id,omitempty"`
	Username  string `json:"username,omitempty"`
	TokenType string `json:"token_type,omitempty"`
	ExpiresAt int    `json:"exp,omitempty"`
}

IntrospectResponse ...

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service struct keeps objects to avoid passing them around

func NewService 

func NewService(cnf *config.Config, db *bun.DB) *Service

NewService returns a new Service instance

func (*Service) AuthClient 

func (s *Service) AuthClient(clientID, secret string) (*model.Client, error)

AuthClient authenticates client

func (*Service) AuthUser 

func (s *Service) AuthUser(username, password string) (*model.User, error)

AuthUser authenticates user

func (*Service) Authenticate 

func (s *Service) Authenticate(token string) (*model.AccessToken, error)

Authenticate checks the access token is valid

func (*Service) ClearExpiredEmailTokens 

func (s *Service) ClearExpiredEmailTokens() error

ClearExpiredEmailTokens ...

func (*Service) ClearUserTokens 

func (s *Service) ClearUserTokens(userSession *session.UserSession)

ClearUserTokens deletes the user's access and refresh tokens associated with this client id

func (*Service) ClientExists 

func (s *Service) ClientExists(clientID string) bool

ClientExists returns true if client exists

func (*Service) Close 

func (s *Service) Close()

Close stops any running services

func (*Service) ConfirmUserEmail 

func (s *Service) ConfirmUserEmail(email string) error

func (*Service) CreateClient 

func (s *Service) CreateClient(clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL string) (*model.Client, error)

CreateClient saves a new client to database

func (*Service) CreateClientTx 

func (s *Service) CreateClientTx(tx *bun.DB, clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL string) (*model.Client, error)

CreateClientTx saves a new client to database using injected db object

func (*Service) CreateEmailToken 

func (s *Service) CreateEmailToken(email string) (*model.EmailToken, error)

CreateEmailToken ...

func (*Service) DeleteEmailToken 

func (s *Service) DeleteEmailToken(emailToken *model.EmailToken, soft bool) error

DeleteEmailToken ...

func (*Service) DeleteUser 

func (s *Service) DeleteUser(user *model.User, password string) error

Delete user will soft delete user

func (*Service) DeleteUserTx 

func (s *Service) DeleteUserTx(tx *bun.DB, user *model.User, password string) error

DeleteUserTx deletes a user in a transaction

func (*Service) FindClientByApplicationURL 

func (s *Service) FindClientByApplicationURL(applicationURL string) (*model.Client, error)

FindClientByRedirectURI looks up a client by redirect URI

func (*Service) FindClientByClientID 

func (s *Service) FindClientByClientID(clientID string) (*model.Client, error)

FindClientByClientID looks up a client by client ID

func (*Service) FindRoleByID 

func (s *Service) FindRoleByID(id int32) (*model.AccessRole, error)

FindRoleByID looks up a role by ID and returns it

func (*Service) FindUserByEmail 

func (s *Service) FindUserByEmail(email string) (*model.User, error)

func (*Service) FindUserByUsername 

func (s *Service) FindUserByUsername(username string) (*model.User, error)

FindUserByUsername looks up a user by username (email)

func (*Service) GetConfig 

func (s *Service) GetConfig() *config.Config

GetConfig returns config.Config instance

func (*Service) GetDefaultScope 

func (s *Service) GetDefaultScope() string

GetDefaultScope returns the default scope

func (*Service) GetOrCreateRefreshToken 

func (s *Service) GetOrCreateRefreshToken(client *model.Client, user *model.User, expiresIn int, scope string) (*model.RefreshToken, error)

GetOrCreateRefreshToken retrieves an existing refresh token, if expired, the token gets deleted and new refresh token is created

func (*Service) GetRoutes 

func (s *Service) GetRoutes() []routes.Route

GetRoutes returns []routes.Route slice for the oauth service

func (*Service) GetScope 

func (s *Service) GetScope(requestedScope string) (string, error)

GetScope takes a requested scope and, if it's empty, returns the default scope, if not empty, it validates the requested scope

func (*Service) GetValidEmailToken 

func (s *Service) GetValidEmailToken(token string) (*model.EmailToken, *model.User, error)

GetValidEmailToken ...

func (*Service) GetValidRefreshToken 

func (s *Service) GetValidRefreshToken(token string, client *model.Client) (*model.RefreshToken, error)

GetValidRefreshToken returns a valid non expired refresh token

func (*Service) GrantAccessToken 

func (s *Service) GrantAccessToken(client *model.Client, user *model.User, expiresIn int, scope string) (*model.AccessToken, error)

GrantAccessToken deletes old tokens and grants a new access token

func (*Service) GrantAuthorizationCode 

func (s *Service) GrantAuthorizationCode(client *model.Client, user *model.User, expiresIn int, redirectURI, scope string) (*model.AuthorizationCode, error)

GrantAuthorizationCode grants a new authorization code

func (*Service) IsRoleAllowed 

func (s *Service) IsRoleAllowed(role int32) bool

IsRoleAllowed returns true if the role is allowed to use this service

func (*Service) Login 

func (s *Service) Login(client *model.Client, user *model.User, scope string) (*model.AccessToken, *model.RefreshToken, error)

Login creates an access token and refresh token for a user (logs him/her in)

func (*Service) NewIntrospectResponseFromAccessToken 

func (s *Service) NewIntrospectResponseFromAccessToken(accessToken *model.AccessToken) (*IntrospectResponse, error)

NewIntrospectResponseFromAccessToken ...

func (*Service) NewIntrospectResponseFromRefreshToken 

func (s *Service) NewIntrospectResponseFromRefreshToken(refreshToken *model.RefreshToken) (*IntrospectResponse, error)

NewIntrospectResponseFromRefreshToken ...

func (*Service) RegisterRoutes 

func (s *Service) RegisterRoutes(router *mux.Router, prefix string)

RegisterRoutes registers route handlers for the oauth service

func (*Service) RestrictToRoles 

func (s *Service) RestrictToRoles(allowedRoles ...int32)

RestrictToRoles restricts this service to only specified roles

func (*Service) ScopeExists 

func (s *Service) ScopeExists(requestedScope string) bool

ScopeExists checks if a scope exists

func (*Service) SendEmailToken 

func (s *Service) SendEmailToken(
	email *model.Email,
	emailTokenLink string,
) (*model.EmailToken, error)

SendEmailToken ...

func (*Service) SendEmailTokenTx 

func (s *Service) SendEmailTokenTx(
	tx *bun.DB,
	email *model.Email,
	emailTokenLink string,
) (*model.EmailToken, error)

SendEmailTokenTx ...

func (*Service) SetPassword 

func (s *Service) SetPassword(user *model.User, password string) error

SetPassword sets a user password

func (*Service) SetPasswordTx 

func (s *Service) SetPasswordTx(tx *bun.DB, user *model.User, password string) error

SetPasswordTx sets a user password in a transaction

func (*Service) SetUserCountry 

func (s *Service) SetUserCountry(user *model.User, country string) error

SetUserCountry ...

func (*Service) SetUserCountryTx 

func (s *Service) SetUserCountryTx(tx *bun.DB, user *model.User, country string) error

SetUserCountryTx

func (*Service) UpdateUser 

func (s *Service) UpdateUser(user *model.User, fullName, firstName, lastName, country string, newsletter bool) error

UpdateUser ...

func (*Service) UpdateUsername 

func (s *Service) UpdateUsername(user *model.User, username, password string) error

UpdateUsername ...

func (*Service) UpdateUsernameTx 

func (s *Service) UpdateUsernameTx(tx *bun.DB, user *model.User, username, password string) error

UpdateUsernameTx ...

func (*Service) UserExists 

func (s *Service) UserExists(username string) bool

UserExists returns true if user exists

type ServiceInterface 

type ServiceInterface interface {
	// Exported methods
	GetConfig() *config.Config
	RestrictToRoles(allowedRoles ...int32)
	IsRoleAllowed(role int32) bool
	FindRoleByID(id int32) (*model.AccessRole, error)
	GetRoutes() []routes.Route
	RegisterRoutes(router *mux.Router, prefix string)
	ClientExists(clientID string) bool
	FindClientByClientID(clientID string) (*model.Client, error)
	FindClientByApplicationURL(applicationURL string) (*model.Client, error)
	CreateClient(clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL string) (*model.Client, error)
	CreateClientTx(tx *bun.DB, clientID, secret, redirectURI, applicationName, applicationHostname, applicationURL string) (*model.Client, error)
	AuthClient(clientID, secret string) (*model.Client, error)
	GetValidEmailToken(token string) (*model.EmailToken, *model.User, error)
	ClearExpiredEmailTokens() error
	DeleteEmailToken(*model.EmailToken, bool) error
	SendEmailToken(email *model.Email, emailTokenLink string) (*model.EmailToken, error)
	SendEmailTokenTx(db *bun.DB, email *model.Email, emailTokenLink string) (*model.EmailToken, error)
	UserExists(username string) bool
	FindUserByUsername(username string) (*model.User, error)
	FindUserByEmail(email string) (*model.User, error)
	DeleteUser(user *model.User, password string) error
	DeleteUserTx(tx *bun.DB, user *model.User, password string) error
	ConfirmUserEmail(email string) error
	SetPassword(user *model.User, password string) error
	SetPasswordTx(tx *bun.DB, user *model.User, password string) error
	UpdateUsername(user *model.User, username, password string) error
	UpdateUsernameTx(db *bun.DB, user *model.User, username, password string) error
	UpdateUser(user *model.User, fullName, firstName, lastName, country string, newsletter bool) error
	SetUserCountry(user *model.User, country string) error
	SetUserCountryTx(db *bun.DB, user *model.User, country string) error
	AuthUser(username, thePassword string) (*model.User, error)
	GetScope(requestedScope string) (string, error)
	GetDefaultScope() string
	ScopeExists(requestedScope string) bool
	Login(client *model.Client, user *model.User, scope string) (*model.AccessToken, *model.RefreshToken, error)
	GrantAuthorizationCode(client *model.Client, user *model.User, expiresIn int, redirectURI, scope string) (*model.AuthorizationCode, error)
	GrantAccessToken(client *model.Client, user *model.User, expiresIn int, scope string) (*model.AccessToken, error)
	GetOrCreateRefreshToken(client *model.Client, user *model.User, expiresIn int, scope string) (*model.RefreshToken, error)
	GetValidRefreshToken(token string, client *model.Client) (*model.RefreshToken, error)
	Authenticate(token string) (*model.AccessToken, error)
	NewIntrospectResponseFromAccessToken(accessToken *model.AccessToken) (*IntrospectResponse, error)
	NewIntrospectResponseFromRefreshToken(refreshToken *model.RefreshToken) (*IntrospectResponse, error)
	ClearUserTokens(userSession *session.UserSession)
	Close()
}

ServiceInterface defines exported methods

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.