forked from rosstimothy/sasl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
example_xoauth2_test.go
85 lines (71 loc) · 2.64 KB
/
example_xoauth2_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Copyright 2016 The Mellium Contributors.
// Use of this source code is governed by the BSD 2-clause license that can be
// found in the LICENSE file.
package sasl_test
import (
"bytes"
"fmt"
"github.com/ctrix/sasl"
)
// A custom SASL Mechanism that implements XOAUTH2:
// https://developers.google.com/gmail/xoauth2_protocol
var xoauth2 = sasl.Mechanism{
Name: "XOAUTH2",
Start: func(m *sasl.Negotiator) (bool, []byte, interface{}, error) {
// Start is called only by clients and returns the client first message.
username, password, _ := m.Credentials()
payload := []byte(`user=`)
payload = append(payload, username...)
payload = append(payload, '\x01')
payload = append(payload, []byte(`auth=Bearer `)...)
payload = append(payload, password...)
payload = append(payload, '\x01', '\x01')
return false, payload, nil, nil
},
Next: func(m *sasl.Negotiator, challenge []byte, _ interface{}) (bool, []byte, interface{}, error) {
// Next is called by both clients and servers and must be able to generate
// and handle every challenge except for the client first message which is
// generated (but not handled by) by Start.
state := m.State()
// If we're a client or a server that's past the AuthTextSent step, we
// should never actually hit this step for the XOAUTH2 mechanism so return
// an error.
if state&sasl.Receiving != sasl.Receiving || state&sasl.StepMask != sasl.AuthTextSent {
return false, nil, nil, sasl.ErrTooManySteps
}
parts := bytes.Split(challenge, []byte{1})
if len(parts) != 3 {
return false, nil, nil, sasl.ErrInvalidChallenge
}
user := bytes.TrimPrefix([]byte("user="), parts[0])
if len(user) == len(parts[0]) {
return false, nil, nil, sasl.ErrInvalidChallenge
}
pass := bytes.TrimPrefix([]byte("Auth=Bearer "), parts[1])
if len(pass) == len(parts[1]) {
return false, nil, nil, sasl.ErrInvalidChallenge
}
if len(parts[2]) > 0 {
return false, nil, nil, sasl.ErrInvalidChallenge
}
if m.Permissions(sasl.Credentials(func() ([]byte, []byte, []byte) {
return user, pass, nil
})) {
return false, nil, nil, nil
}
return false, nil, nil, sasl.ErrAuthn
},
}
func Example_xOAUTH2() {
c := sasl.NewClient(
xoauth2,
sasl.Credentials(func() ([]byte, []byte, []byte) {
return []byte("someuser@example.com"), []byte("vF9dft4qmTc2Nvb3RlckBhdHRhdmlzdGEuY29tCg=="), []byte{}
}),
)
// This is the first step and we haven't received any challenge from the
// server yet.
more, resp, _ := c.Step(nil)
fmt.Printf("%v %s", more, bytes.Replace(resp, []byte{1}, []byte{' '}, -1))
// Output: false user=someuser@example.com auth=Bearer vF9dft4qmTc2Nvb3RlckBhdHRhdmlzdGEuY29tCg==
}