Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Aeneas Rekkas (arekkas)
committed
Oct 13, 2016
1 parent
60a7672
commit f8c989e
Showing
3 changed files
with
202 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1 @@ | ||
Aeneas Rekkas <aeneas@ory.am> (github: arekkas) | ||
Thomas Aidan Curran <thomasaidancurran@gmail.com> (github: tacurran) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
package apikey | ||
|
||
import ( | ||
"github.com/ory-am/fosite" | ||
"net/http" | ||
"golang.org/x/net/context" | ||
) | ||
|
||
type ApiKeyGrantHandler struct {} | ||
|
||
// HandleTokenEndpointRequest. | ||
func (c *ApiKeyGrantHandler) HandleTokenEndpointRequest(ctx context.Context, req *http.Request, request fosite.AccessRequester) error { | ||
return nil | ||
} | ||
|
||
// PopulateTokenEndpointResponse. | ||
func (c *ApiKeyGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, req *http.Request, requester fosite.AccessRequester, responder fosite.AccessResponder) error { | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,183 @@ | ||
package store | ||
|
||
import ( | ||
"github.com/ory-am/fosite" | ||
"github.com/pkg/errors" | ||
"golang.org/x/net/context" | ||
) | ||
|
||
type UserRelation struct { | ||
Username string | ||
Password string | ||
} | ||
|
||
type Store struct { | ||
Clients map[string]*fosite.DefaultClient | ||
AuthorizeCodes map[string]fosite.Requester | ||
IDSessions map[string]fosite.Requester | ||
AccessTokens map[string]fosite.Requester | ||
Implicit map[string]fosite.Requester | ||
RefreshTokens map[string]fosite.Requester | ||
Users map[string]UserRelation | ||
} | ||
|
||
func NewStore() *Store { | ||
return &Store{ | ||
Clients: make(map[string]*fosite.DefaultClient), | ||
AuthorizeCodes: make(map[string]fosite.Requester), | ||
IDSessions: make(map[string]fosite.Requester), | ||
AccessTokens: make(map[string]fosite.Requester), | ||
Implicit: make(map[string]fosite.Requester), | ||
RefreshTokens: make(map[string]fosite.Requester), | ||
Users: make(map[string]UserRelation), | ||
} | ||
} | ||
|
||
func NewExampleStore() *Store { | ||
return &Store{ | ||
IDSessions: make(map[string]fosite.Requester), | ||
Clients: map[string]*fosite.DefaultClient{ | ||
"my-client": { | ||
ID: "my-client", | ||
Secret: []byte(`$2a$10$IxMdI6d.LIRZPpSfEwNoeu4rY3FhDREsxFJXikcgdRRAStxUlsuEO`), // = "foobar" | ||
RedirectURIs: []string{"http://localhost:3846/callback"}, | ||
ResponseTypes: []string{"id_token", "code", "token"}, | ||
GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, | ||
Scopes: []string{"fosite", "openid", "photos", "offline"}, | ||
}, | ||
}, | ||
Users: map[string]UserRelation{ | ||
"peter": { | ||
// This store simply checks for equality, a real storage implementation would obviously use | ||
// a hashing algorithm for encrypting the user password. | ||
Username: "peter", | ||
Password: "secret", | ||
}, | ||
}, | ||
AuthorizeCodes: map[string]fosite.Requester{}, | ||
Implicit: map[string]fosite.Requester{}, | ||
AccessTokens: map[string]fosite.Requester{}, | ||
RefreshTokens: map[string]fosite.Requester{}, | ||
} | ||
} | ||
|
||
func (s *Store) CreateOpenIDConnectSession(_ context.Context, authorizeCode string, requester fosite.Requester) error { | ||
s.IDSessions[authorizeCode] = requester | ||
return nil | ||
} | ||
|
||
func (s *Store) GetOpenIDConnectSession(_ context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error) { | ||
cl, ok := s.IDSessions[authorizeCode] | ||
if !ok { | ||
return nil, fosite.ErrNotFound | ||
} | ||
return cl, nil | ||
} | ||
|
||
func (s *Store) DeleteOpenIDConnectSession(_ context.Context, authorizeCode string) error { | ||
delete(s.IDSessions, authorizeCode) | ||
return nil | ||
} | ||
|
||
func (s *Store) GetClient(id string) (fosite.Client, error) { | ||
cl, ok := s.Clients[id] | ||
if !ok { | ||
return nil, fosite.ErrNotFound | ||
} | ||
return cl, nil | ||
} | ||
|
||
func (s *Store) CreateAuthorizeCodeSession(_ context.Context, code string, req fosite.Requester) error { | ||
s.AuthorizeCodes[code] = req | ||
return nil | ||
} | ||
|
||
func (s *Store) GetAuthorizeCodeSession(_ context.Context, code string, _ interface{}) (fosite.Requester, error) { | ||
rel, ok := s.AuthorizeCodes[code] | ||
if !ok { | ||
return nil, fosite.ErrNotFound | ||
} | ||
return rel, nil | ||
} | ||
|
||
func (s *Store) DeleteAuthorizeCodeSession(_ context.Context, code string) error { | ||
delete(s.AuthorizeCodes, code) | ||
return nil | ||
} | ||
|
||
func (s *Store) CreateAccessTokenSession(_ context.Context, signature string, req fosite.Requester) error { | ||
s.AccessTokens[signature] = req | ||
return nil | ||
} | ||
|
||
func (s *Store) GetAccessTokenSession(_ context.Context, signature string, _ interface{}) (fosite.Requester, error) { | ||
rel, ok := s.AccessTokens[signature] | ||
if !ok { | ||
return nil, fosite.ErrNotFound | ||
} | ||
return rel, nil | ||
} | ||
|
||
func (s *Store) DeleteAccessTokenSession(_ context.Context, signature string) error { | ||
delete(s.AccessTokens, signature) | ||
return nil | ||
} | ||
|
||
func (s *Store) CreateRefreshTokenSession(_ context.Context, signature string, req fosite.Requester) error { | ||
s.RefreshTokens[signature] = req | ||
return nil | ||
} | ||
|
||
func (s *Store) GetRefreshTokenSession(_ context.Context, signature string, _ interface{}) (fosite.Requester, error) { | ||
rel, ok := s.RefreshTokens[signature] | ||
if !ok { | ||
return nil, fosite.ErrNotFound | ||
} | ||
return rel, nil | ||
} | ||
|
||
func (s *Store) DeleteRefreshTokenSession(_ context.Context, signature string) error { | ||
delete(s.RefreshTokens, signature) | ||
return nil | ||
} | ||
|
||
func (s *Store) CreateImplicitAccessTokenSession(_ context.Context, code string, req fosite.Requester) error { | ||
s.Implicit[code] = req | ||
return nil | ||
} | ||
|
||
func (s *Store) Authenticate(_ context.Context, name string, secret string) error { | ||
rel, ok := s.Users[name] | ||
if !ok { | ||
return fosite.ErrNotFound | ||
} | ||
if rel.Password != secret { | ||
return errors.New("Invalid credentials") | ||
} | ||
return nil | ||
} | ||
|
||
func (s *Store) PersistAuthorizeCodeGrantSession(ctx context.Context, authorizeCode, accessSignature, refreshSignature string, request fosite.Requester) error { | ||
if err := s.DeleteAuthorizeCodeSession(ctx, authorizeCode); err != nil { | ||
return err | ||
} else if err := s.CreateAccessTokenSession(ctx, accessSignature, request); err != nil { | ||
return err | ||
} else if refreshSignature == "" { | ||
return nil | ||
} else if err := s.CreateRefreshTokenSession(ctx, refreshSignature, request); err != nil { | ||
return err | ||
} | ||
|
||
return nil | ||
} | ||
func (s *Store) PersistRefreshTokenGrantSession(ctx context.Context, originalRefreshSignature, accessSignature, refreshSignature string, request fosite.Requester) error { | ||
if err := s.DeleteRefreshTokenSession(ctx, originalRefreshSignature); err != nil { | ||
return err | ||
} else if err := s.CreateAccessTokenSession(ctx, accessSignature, request); err != nil { | ||
return err | ||
} else if err := s.CreateRefreshTokenSession(ctx, refreshSignature, request); err != nil { | ||
return err | ||
} | ||
|
||
return nil | ||
} |