Merge 0f3616b into ac7710d

ory · Jun 29, 2016 · 1cf6544 · 1cf6544
2 parents ac7710d + 0f3616b
commit 1cf6544
Show file tree

Hide file tree

Showing 13 changed files with 121 additions and 43 deletions.
diff --git a/cmd/server/handler.go b/cmd/server/handler.go
@@ -39,7 +39,8 @@ func (h *Handler) Start(c *config.Config, router *httprouter.Router) {
 			AccessTokenStrategy: ctx.FositeStrategy,
 			AccessTokenStorage:  ctx.FositeStore,
 		},
-		Issuer: c.Issuer,
+		Issuer:              c.Issuer,
+		AccessTokenLifespan: c.GetAccessTokenLifespan(),
 	}
 
 	// Set up handlers

diff --git a/cmd/server/handler_oauth2_factory.go b/cmd/server/handler_oauth2_factory.go
@@ -1,8 +1,6 @@
 package server
 
 import (
-	"time"
-
 	"net/url"
 
 	"github.com/Sirupsen/logrus"
@@ -116,7 +114,7 @@ func newOAuth2Handler(c *config.Config, router *httprouter.Router, km jwk.Manage
 		RefreshTokenStrategy:      ctx.FositeStrategy,
 		AuthorizeCodeStrategy:     ctx.FositeStrategy,
 		AuthorizeCodeGrantStorage: store,
-		AuthCodeLifespan:          time.Hour,
+		AuthCodeLifespan:          c.GetAuthCodeLifespan(),
 		AccessTokenLifespan:       c.GetAccessTokenLifespan(),
 	}
 

diff --git a/config/config.go b/config/config.go
@@ -52,6 +52,9 @@ type Config struct {
 
 	Dry *bool `mapstructure:"-" yaml:"-"`
 
+	AccessTokenLifespan time.Duration
+	AuthCodeLifespan    time.Duration
+
 	cluster *url.URL
 
 	oauth2Client *http.Client
@@ -61,6 +64,20 @@ type Config struct {
 	sync.Mutex
 }
 
+func (c *Config) GetAccessTokenLifespan() time.Duration {
+	if c.AuthCodeLifespan == 0 {
+		return time.Hour
+	}
+	return c.AccessTokenLifespan
+}
+
+func (c *Config) GetAuthCodeLifespan() time.Duration {
+	if c.AuthCodeLifespan == 0 {
+		return time.Minute * 10
+	}
+	return c.AuthCodeLifespan
+}
+
 func (c *Config) GetClusterURL() string {
 	c.Lock()
 	defer c.Unlock()
@@ -145,6 +162,8 @@ func (c *Config) Context() *Context {
 			Enigma: &hmac.HMACStrategy{
 				GlobalSecret: secret,
 			},
+			AccessTokenLifespan:   c.GetAccessTokenLifespan(),
+			AuthorizeCodeLifespan: c.GetAuthCodeLifespan(),
 		},
 	}
 
@@ -249,13 +268,6 @@ func (c *Config) GetIssuer() string {
 	return c.Issuer
 }
 
-func (c *Config) GetAccessTokenLifespan() time.Duration {
-	c.Lock()
-	defer c.Unlock()
-
-	return time.Hour
-}
-
 func (c *Config) Persist() error {
 	_ = c.GetIssuer()
 	_ = c.GetAddress()

diff --git a/glide.lock b/glide.lock
diff --git a/internal/firewall.go b/internal/firewall.go
@@ -25,7 +25,7 @@ func NewFirewall(issuer string, subject string, scopes fosite.Arguments, p ...la
 	}
 	ladonWarden := pkg.LadonWarden(ps)
 
-	ar := fosite.NewAccessRequest(&Session{Subject: subject})
+	ar := fosite.NewAccessRequest(NewSession(subject))
 	ar.GrantedScopes = scopes
 	fositeStore.CreateAccessTokenSession(nil, tokens[0][0], ar)
 
@@ -37,7 +37,8 @@ func NewFirewall(issuer string, subject string, scopes fosite.Arguments, p ...la
 				AccessTokenStrategy: pkg.HMACStrategy,
 				AccessTokenStorage:  fositeStore,
 			},
-			Issuer: issuer,
+			Issuer:              issuer,
+			AccessTokenLifespan: time.Hour,
 		},
 		conf.Client(oauth2.NoContext, &oauth2.Token{
 			AccessToken: tokens[0][1],

diff --git a/oauth2/handler.go b/oauth2/handler.go
@@ -7,6 +7,9 @@ import (
 	"github.com/go-errors/errors"
 	"github.com/julienschmidt/httprouter"
 	"github.com/ory-am/fosite"
+	csh "github.com/ory-am/fosite/handler/core/strategy"
+	"github.com/ory-am/fosite/handler/oidc/strategy"
+	"github.com/ory-am/fosite/token/jwt"
 	"github.com/ory-am/hydra/pkg"
 )
 
@@ -28,7 +31,13 @@ func (h *Handler) SetRoutes(r *httprouter.Router) {
 }
 
 func (o *Handler) TokenHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	var session Session
+	var session = Session{
+		DefaultSession: &strategy.DefaultSession{
+			Claims:      new(jwt.IDTokenClaims),
+			Headers:     new(jwt.Headers),
+			HMACSession: new(csh.HMACSession),
+		},
+	}
 	var ctx = fosite.NewContext()
 
 	accessRequest, err := o.OAuth2.NewAccessRequest(ctx, r, &session)

diff --git a/oauth2/oauth2_test.go b/oauth2/oauth2_test.go
@@ -48,6 +48,8 @@ var hmacStrategy = &strategy.HMACSHAStrategy{
 	Enigma: &hmac.HMACStrategy{
 		GlobalSecret: []byte("some-super-cool-secret-that-nobody-knows"),
 	},
+	AuthorizeCodeLifespan: time.Hour,
+	AccessTokenLifespan:   time.Hour,
 }
 
 var authCodeHandler = &explicit.AuthorizeExplicitGrantTypeHandler{

diff --git a/oauth2/session.go b/oauth2/session.go
@@ -1,8 +1,23 @@
 package oauth2
 
-import "github.com/ory-am/fosite/handler/oidc/strategy"
+import (
+	csh "github.com/ory-am/fosite/handler/core/strategy"
+	"github.com/ory-am/fosite/handler/oidc/strategy"
+	"github.com/ory-am/fosite/token/jwt"
+)
 
 type Session struct {
 	Subject                  string `json:"sub"`
 	*strategy.DefaultSession `json:"idToken"`
 }
+
+func NewSession(subject string) *Session {
+	return &Session{
+		Subject: subject,
+		DefaultSession: &strategy.DefaultSession{
+			Claims:      new(jwt.IDTokenClaims),
+			Headers:     new(jwt.Headers),
+			HMACSession: new(csh.HMACSession),
+		},
+	}
+}
diff --git a/pkg/errors.go b/pkg/errors.go
@@ -7,6 +7,7 @@ import (
 	log "github.com/Sirupsen/logrus"
 	"github.com/go-errors/errors"
 	"github.com/ory-am/hydra/herodot"
+	perr "github.com/pkg/errors"
 )
 
 var (
@@ -15,11 +16,17 @@ var (
 	ErrForbidden    = errors.New("Forbidden")
 )
 
+type stackTracer interface {
+	StackTrace() perr.StackTrace
+}
+
 func LogError(err error) {
 	if e, ok := err.(*herodot.Error); ok {
-		log.WithError(e).WithField("stack", e.Err.ErrorStack()).Printf("Got error.")
+		log.WithError(err).WithField("stack", e.Err.ErrorStack()).Printf("Got error.")
 	} else if e, ok := err.(*errors.Error); ok {
-		log.WithError(e).WithField("stack", e.ErrorStack()).Printf("Got error.")
+		log.WithError(err).WithField("stack", e.ErrorStack()).Printf("Got error.")
+	} else if e, ok := err.(stackTracer); ok {
+		log.WithError(err).WithField("stack", e.StackTrace()).Printf("Got error.")
 	} else {
 		log.WithError(err).Printf("Got error.")
 	}

diff --git a/pkg/test_helpers.go b/pkg/test_helpers.go
@@ -3,6 +3,8 @@ package pkg
 import (
 	"testing"
 
+	"time"
+
 	"github.com/go-errors/errors"
 	"github.com/ory-am/fosite/fosite-example/store"
 	"github.com/ory-am/fosite/handler/core/strategy"
@@ -21,11 +23,11 @@ func RequireError(t *testing.T, expectError bool, err error, args ...interface{}
 		}
 		t.Logf("\n\n")
 	}
-	require.Equal(t, expectError, err != nil)
+	require.Equal(t, expectError, err != nil, "%v", args)
 }
 
 func AssertError(t *testing.T, expectError bool, err error, args ...interface{}) {
-	assert.Equal(t, expectError, err != nil)
+	assert.Equal(t, expectError, err != nil, "%v", args)
 	if err != nil && !expectError {
 		t.Logf("Unexpected error: %s\n", err.Error())
 		t.Logf("Arguments: %s\n", args)
@@ -60,4 +62,6 @@ var HMACStrategy = &strategy.HMACSHAStrategy{
 	Enigma: &hmac.HMACStrategy{
 		GlobalSecret: []byte("1234567890123456789012345678901234567890"),
 	},
+	AccessTokenLifespan:   time.Hour,
+	AuthorizeCodeLifespan: time.Hour,
 }
diff --git a/warden/handler.go b/warden/handler.go
@@ -16,7 +16,7 @@ import (
 
 const (
 	AuthorizedHandlerPath = "/warden/authorized"
-	AllowedHandlerPath    = "/warden/allowed"
+	AllowedHandlerPath = "/warden/allowed"
 )
 
 type WardenHandler struct {

diff --git a/warden/warden_local.go b/warden/warden_local.go
@@ -13,13 +13,15 @@ import (
 	"github.com/ory-am/hydra/pkg"
 	"github.com/ory-am/ladon"
 	"golang.org/x/net/context"
+	"time"
 )
 
 type LocalWarden struct {
-	Warden         ladon.Warden
-	TokenValidator *core.CoreValidator
+	Warden              ladon.Warden
+	TokenValidator      *core.CoreValidator
 
-	Issuer string
+	AccessTokenLifespan time.Duration
+	Issuer              string
 }
 
 func (w *LocalWarden) actionAllowed(ctx context.Context, a *ladon.Request, scopes []string, oauthRequest fosite.AccessRequester, session *oauth2.Session) (*Context, error) {
@@ -71,6 +73,7 @@ func (w *LocalWarden) actionAllowed(ctx context.Context, a *ladon.Request, scope
 		Issuer:        w.Issuer,
 		Audience:      oauthRequest.GetClient().GetID(),
 		IssuedAt:      oauthRequest.GetRequestedAt(),
+		ExpiresAt:     session.AccessTokenExpiresAt(oauthRequest.GetRequestedAt().Add(w.AccessTokenLifespan)),
 	}, nil
 }
 
@@ -142,6 +145,7 @@ func (w *LocalWarden) Authorized(ctx context.Context, token string, scopes ...st
 		Issuer:        w.Issuer,
 		Audience:      oauthRequest.GetClient().GetID(),
 		IssuedAt:      oauthRequest.GetRequestedAt(),
+		ExpiresAt:     session.AccessTokenExpiresAt(oauthRequest.GetRequestedAt().Add(w.AccessTokenLifespan)),
 	}, nil
 }
 
@@ -184,6 +188,7 @@ func (w *LocalWarden) HTTPAuthorized(ctx context.Context, r *http.Request, scope
 		Issuer:        w.Issuer,
 		Audience:      oauthRequest.GetClient().GetID(),
 		IssuedAt:      oauthRequest.GetRequestedAt(),
+		ExpiresAt:     session.AccessTokenExpiresAt(oauthRequest.GetRequestedAt().Add(w.AccessTokenLifespan)),
 	}, nil
 }