/
auth.go
92 lines (74 loc) · 2.38 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package v7action
import (
"encoding/base64"
"encoding/json"
"fmt"
"strings"
"code.cloudfoundry.org/cli/actor/actionerror"
"code.cloudfoundry.org/cli/api/uaa/constant"
"code.cloudfoundry.org/cli/cf/configuration/coreconfig"
)
func (actor Actor) Authenticate(credentials map[string]string, origin string, grantType constant.GrantType) error {
if grantType == constant.GrantTypePassword && actor.Config.UAAGrantType() == string(constant.GrantTypeClientCredentials) {
return actionerror.PasswordGrantTypeLogoutRequiredError{}
}
actor.Config.UnsetOrganizationAndSpaceInformation()
accessToken, refreshToken, err := actor.UAAClient.Authenticate(credentials, origin, grantType)
if err != nil {
actor.Config.SetTokenInformation("", "", "")
return err
}
accessToken = fmt.Sprintf("bearer %s", accessToken)
actor.Config.SetTokenInformation(accessToken, refreshToken, "")
if grantType == constant.GrantTypePassword {
actor.Config.SetUAAGrantType("")
} else {
actor.Config.SetUAAGrantType(string(grantType))
}
if grantType == constant.GrantTypeClientCredentials {
actor.Config.SetUAAClientCredentials(credentials["client_id"], "")
}
return nil
}
func (actor Actor) GetLoginPrompts() map[string]coreconfig.AuthPrompt {
rawPrompts := actor.UAAClient.LoginPrompts()
prompts := make(map[string]coreconfig.AuthPrompt)
for key, val := range rawPrompts {
prompts[key] = coreconfig.AuthPrompt{
Type: knownAuthPromptTypes[val[0]],
DisplayName: val[1],
}
}
return prompts
}
// TODO: error check this in future stories
func (actor Actor) RevokeAccessAndRefreshTokens() error {
accessToken := actor.Config.AccessToken()
if actor.isTokenRevocable(accessToken) {
refreshToken := actor.Config.RefreshToken()
_ = actor.UAAClient.Revoke(refreshToken)
_ = actor.UAAClient.Revoke(accessToken)
}
return nil
}
func (actor Actor) isTokenRevocable(token string) bool {
segments := strings.Split(token, ".")
if len(segments) < 2 {
return false
}
jsonPayload, err := base64.RawURLEncoding.DecodeString(segments[1])
if err != nil {
return false
}
payload := make(map[string]interface{})
json.Unmarshal(jsonPayload, &payload)
revocable, ok := payload["revocable"].(bool)
if !ok {
return false
}
return revocable
}
var knownAuthPromptTypes = map[string]coreconfig.AuthPromptType{
"text": coreconfig.AuthPromptTypeText,
"password": coreconfig.AuthPromptTypePassword,
}