Skip to content
Browse files

Dialyzer tweaks for the new usage of the AppCtx

  • Loading branch information...
1 parent e8f7c5b commit 8987f1eaf2f1ac1c7bf8d43cdfb66b9ad91db4f2 @drobakowski drobakowski committed Jan 8, 2014
Showing with 44 additions and 40 deletions.
  1. +1 −1 Makefile
  2. +22 −17 src/oauth2.erl
  3. +21 −22 src/oauth2_backend.erl
View
2 Makefile
@@ -27,7 +27,7 @@ ct: clean deps test-build
build-plt:
$(DIALYZER) --build_plt --output_plt .$(PROJECT).plt \
- --apps kernel stdlib sasl inets crypto public_key ssl
+ --apps erts kernel stdlib sasl inets crypto public_key ssl
dialyze: clean deps test-build
$(DIALYZER) --plt .$(PROJECT).plt ebin
View
39 src/oauth2.erl
@@ -39,6 +39,7 @@
-export_type([context/0]).
-export_type([lifetime/0]).
-export_type([scope/0]).
+-export_type([appctx/0]).
-export_type([error/0]).
%%%_* Macros ===========================================================
@@ -59,6 +60,7 @@
-type response() :: oauth2_response:response().
-type lifetime() :: non_neg_integer().
-type scope() :: list(binary()) | binary().
+-type appctx() :: term().
-type error() :: access_denied | invalid_client | invalid_grant |
invalid_request | invalid_scope | unauthorized_client |
unsupported_response_type | server_error |
@@ -68,8 +70,8 @@
%%%_ * API -------------------------------------------------------------
%% @doc Authorizes a resource owner's credentials. Useful for
%% Resource Owner Password Credentials Grant and Implicit Grant.
--spec authorize_password(binary(), binary(), scope(), term())
- -> {ok, auth()} | {error, error()}.
+-spec authorize_password(binary(), binary(), scope(), appctx())
+ -> {ok, {appctx(), auth()}} | {error, error()}.
authorize_password(UId, Pwd, Scope, AppCtx1) ->
case ?BACKEND:authenticate_username_password(UId, Pwd, AppCtx1) of
{error, _} -> {error, access_denied};
@@ -90,8 +92,8 @@ authorize_password(UId, Pwd, Scope, AppCtx1) ->
%% of a public client identifier and a shared client secret.
%% Should only be used for confidential clients; see the OAuth2 draft
%% for clarification.
--spec authorize_client_credentials(binary(), binary(), scope(), term())
- -> {ok, auth()} | {error, error()}.
+-spec authorize_client_credentials(binary(), binary(), scope(), appctx())
+ -> {ok, {appctx(), auth()}} | {error, error()}.
authorize_client_credentials(CId, CSecret, Scope, AppCtx1) ->
case ?BACKEND:authenticate_client(CId, CSecret, AppCtx1) of
{error, _} -> {error, invalid_client};
@@ -115,8 +117,8 @@ authorize_client_credentials(CId, CSecret, Scope, AppCtx1) ->
%%
%% Then verify the supplied RedirectionUri and Code and if valid issue
%% an Access Token and an optional Refresh Token
--spec authorize_code_grant(binary(), binary(), token(), binary(), term())
- -> {ok, auth()} | {error, error()}.
+-spec authorize_code_grant(binary(), binary(), token(), binary(), appctx())
+ -> {ok, {appctx(), auth()}} | {error, error()}.
authorize_code_grant(CId, CSecret, Code, RedirUri, AppCtx1) ->
case ?BACKEND:authenticate_client(CId, CSecret, AppCtx1) of
{error, _} -> {error, invalid_client};
@@ -149,7 +151,8 @@ authorize_code_grant(CId, CSecret, Code, RedirUri, AppCtx1) ->
, binary()
, binary()
, scope()
- , term()) -> {ok, auth()} | {error, error()}.
+ , appctx())
+ -> {ok, {appctx(), auth()}} | {error, error()}.
authorize_code_request(CId, RedirUri, UId, Pwd, Scope, AppCtx1) ->
case ?BACKEND:get_client_identity(CId, AppCtx1) of
{error, _} -> {error, unauthorized_client};
@@ -178,7 +181,7 @@ authorize_code_request(CId, RedirUri, UId, Pwd, Scope, AppCtx1) ->
end
end.
--spec issue_code(auth(), term()) -> response().
+-spec issue_code(auth(), appctx()) -> {ok, {appctx(), response()}}.
issue_code(#authorization{client = Client, resowner = ResOwner,
scope = Scope, ttl = TTL}, AppCtx1) ->
ExpiryAbsolute = seconds_since_epoch(TTL),
@@ -194,7 +197,7 @@ issue_code(#authorization{client = Client, resowner = ResOwner,
, <<>>
, AccessCode )}}.
--spec issue_token(auth(), term()) -> response().
+-spec issue_token(auth(), appctx()) -> {ok, {appctx(), response()}}.
issue_token(#authorization{client = Client, resowner = ResOwner,
scope = Scope, ttl = TTL}, AppCtx1) ->
ExpiryAbsolute = seconds_since_epoch(TTL),
@@ -208,7 +211,8 @@ issue_token(#authorization{client = Client, resowner = ResOwner,
%% @doc Issue an Access Token and a Refresh Token.
%% The OAuth2 specification forbids or discourages issuing a refresh token
%% when no resource owner is authenticated (See 4.2.2 and 4.4.3)
--spec issue_token_and_refresh(auth(), term()) -> response().
+-spec issue_token_and_refresh(auth(), appctx())
+ -> {ok, {appctx(), response()}}.
issue_token_and_refresh(#authorization{client = Client, resowner = ResOwner,
scope = Scope, ttl = TTL}, AppCtx1)
when ResOwner /= undefined ->
@@ -227,7 +231,8 @@ issue_token_and_refresh(#authorization{client = Client, resowner = ResOwner,
%% @doc Verifies an access code AccessCode, returning its associated
%% context if successful. Otherwise, an OAuth2 error code is returned.
--spec verify_access_code(token(), term()) -> {ok, context()} | {error, error()}.
+-spec verify_access_code(token(), appctx())
+ -> {ok, {appctx(), context()}} | {error, error()}.
verify_access_code(AccessCode, AppCtx1) ->
case ?BACKEND:resolve_access_code(AccessCode, AppCtx1) of
{ok, {AppCtx2, GrantCtx}} ->
@@ -243,8 +248,8 @@ verify_access_code(AccessCode, AppCtx1) ->
%% @doc Verifies an access code AccessCode and it's corresponding Identity,
%% returning its associated context if successful. Otherwise, an OAuth2
%% error code is returned.
--spec verify_access_code(token(), term(), term())
- -> {ok, context()} | {error, error()}.
+-spec verify_access_code(token(), term(), appctx())
+ -> {ok, {appctx(), context()}} | {error, error()}.
verify_access_code(AccessCode, Client, AppCtx1) ->
case verify_access_code(AccessCode, AppCtx1) of
{ok, {AppCtx2, GrantCtx}} ->
@@ -257,8 +262,8 @@ verify_access_code(AccessCode, Client, AppCtx1) ->
%% @doc Verifies an refresh token RefreshToken, returning a new Access Token
%% if successful. Otherwise, an OAuth2 error code is returned.
--spec refresh_access_token(binary(), binary(), token(), scope(), term())
- -> {ok, {term(), response()}} | {error, error()}.
+-spec refresh_access_token(binary(), binary(), token(), scope(), appctx())
+ -> {ok, {appctx(), response()}} | {error, error()}.
refresh_access_token(CId, CSecret, RefreshToken, Scope, AppCtx1) ->
case ?BACKEND:authenticate_client(CId, CSecret, AppCtx1) of
{ok, {AppCtx2, Client}} ->
@@ -298,8 +303,8 @@ refresh_access_token(CId, CSecret, RefreshToken, Scope, AppCtx1) ->
%% @doc Verifies an access token AccessToken, returning its associated
%% context if successful. Otherwise, an OAuth2 error code is returned.
--spec verify_access_token(token(), term())
- -> {ok, context()} | {error, error()}.
+-spec verify_access_token(token(), appctx())
+ -> {ok, {appctx(), context()}} | {error, error()}.
verify_access_token(AccessToken, AppCtx1) ->
case ?BACKEND:resolve_access_token(AccessToken, AppCtx1) of
{ok, {AppCtx2, GrantCtx}} ->
View
43 src/oauth2_backend.erl
@@ -22,93 +22,92 @@
%%%_ * Types -----------------------------------------------------------
-type grantctx() :: oauth2:context().
--type appctx() :: term().
--type token() :: binary().
--type scope() :: list(binary()) | binary().
+-type appctx() :: oauth2:appctx().
+-type token() :: oauth2:token().
+-type scope() :: oauth2:scope().
%%%_* Behaviour ========================================================
%% @doc Authenticates a combination of username and password.
%% Returns the resource owner identity if the credentials are valid.
-callback authenticate_username_password(binary(), binary(), appctx()) ->
- {ok, term()} | {error, notfound | badpass}.
+ {ok, {appctx(), term()}} | {error, notfound | badpass}.
%% @doc Authenticates a client's credentials for a given scope.
-callback authenticate_client(binary(), binary(), appctx()) ->
- {ok, term()} | {error, notfound | badsecret}.
+ {ok, {appctx(), term()}} | {error, notfound | badsecret}.
%% @doc Stores a new access code token(), associating it with Context.
%% The context is a proplist carrying information about the identity
%% with which the code is associated, when it expires, etc.
-callback associate_access_code(token(), grantctx(), appctx()) ->
- ok | {error, notfound}.
+ {ok, appctx()} | {error, notfound}.
%% @doc Stores a new access token token(), associating it with Context.
%% The context is a proplist carrying information about the identity
%% with which the token is associated, when it expires, etc.
-callback associate_access_token(token(), grantctx(), appctx()) ->
- ok | {error, notfound}.
+ {ok, appctx()} | {error, notfound}.
%% @doc Stores a new refresh token token(), associating it with
%% grantctx(). The context is a proplist carrying information about the
%% identity with which the token is associated, when it expires, etc.
-callback associate_refresh_token(token(), grantctx(), appctx()) ->
- ok | {error, notfound}.
+ {ok, appctx()} | {error, notfound}.
%% @doc Looks up an access token token(), returning the corresponding
%% context if a match is found.
-callback resolve_access_token(token(), appctx()) ->
- {ok, grantctx()} | {error, notfound}.
+ {ok, {appctx(), grantctx()}} | {error, notfound}.
%% @doc Looks up an access code token(), returning the corresponding
%% context if a match is found.
-callback resolve_access_code(token(), appctx()) ->
- {ok, grantctx()} | {error, notfound}.
+ {ok, {appctx(), grantctx()}} | {error, notfound}.
%% @doc Looks up an refresh token token(), returning the corresponding
%% context if a match is found.
-callback resolve_refresh_token(token(), appctx()) ->
- {ok, grantctx()} | {error, notfound}.
+ {ok, {appctx(), grantctx()}} | {error, notfound}.
%% @doc Revokes an access token token(), so that it cannot be used again.
-callback revoke_access_token(token(), appctx()) ->
- ok | {error, notfound}.
+ {ok, appctx()} | {error, notfound}.
%% @doc Revokes an access code token(), so that it cannot be used again.
-callback revoke_access_code(token(), appctx()) ->
- ok | {error, notfound}.
+ {ok, appctx()} | {error, notfound}.
%% @doc Revokes an refresh token token(), so that it cannot be used again.
-callback revoke_refresh_token(token(), appctx()) ->
- ok | {error, notfound}.
+ {ok, appctx()} | {error, notfound}.
%% @doc Returns the redirection URI associated with the client ClientId.
-callback get_redirection_uri(binary(), appctx()) ->
- {error, notfound} | {ok, binary()}.
+ {error, notfound} | {ok, {appctx(), binary()}}.
%% @doc Returns a client identity for a given id.
-callback get_client_identity(binary(), appctx()) ->
- {ok, term()} | {error, notfound | badsecret}.
+ {ok, {appctx(), term()}} | {error, notfound | badsecret}.
%% @doc Verifies that RedirectionUri is a valid redirection URI for the
%% client identified by Identity.
-callback verify_redirection_uri(term(), binary(), appctx()) ->
- ok | {error, notfound | baduri}.
+ {ok, appctx()} | {error, notfound | baduri}.
%% @doc Verifies that scope() is a valid scope for the client identified
%% by Identity.
-callback verify_client_scope(term(), scope(), appctx()) ->
- {ok, scope()} | {error, notfound | badscope}.
+ {ok, {appctx(), scope()}} | {error, notfound | badscope}.
%% @doc Verifies that scope() is a valid scope for the resource
%% owner identified by Identity.
-callback verify_resowner_scope(term(), scope(), appctx()) ->
- {ok, scope()} | {error, notfound | badscope}.
+ {ok, {appctx(), scope()}} | {error, notfound | badscope}.
%% @doc Verifies that scope() is a valid scope of the set of scopes defined
-%% by Validscope()s.
-%% @end
+%% by Validscope()s.
-callback verify_scope(scope(), scope(), appctx()) ->
- {ok, scope()} | {error, notfound | badscope}.
+ {ok, {appctx(), scope()}} | {error, notfound | badscope}.
%%%_* Tests ============================================================
-ifdef(TEST).

0 comments on commit 8987f1e

Please sign in to comment.
Something went wrong with that request. Please try again.