all: resolve regression issues introduced by 0.6.0 - closes #118

* oauth2: introspection handler excess calls - closes #117 * oauth2: inaccurate expires_in time - closes #72
ory · Oct 17, 2016 · 0b64877 · 0b64877
1 parent 7957b1f
commit 0b64877
Show file tree

Hide file tree

Showing 9 changed files with 54 additions and 25 deletions.
diff --git a/handler/openid/flow_hybrid.go b/handler/openid/flow_hybrid.go
@@ -19,7 +19,7 @@ type OpenIDConnectHybridHandler struct {
 	IDTokenHandleHelper               *IDTokenHandleHelper
 	ScopeStrategy                     fosite.ScopeStrategy
 
-	Enigma *jwt.RS256JWTStrategy
+	Enigma                            *jwt.RS256JWTStrategy
 }
 
 func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.Context, req *http.Request, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error {
@@ -69,7 +69,7 @@ func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.
 		if err != nil {
 			return err
 		}
-		claims.CodeHash = []byte(base64.URLEncoding.EncodeToString([]byte(hash[:c.Enigma.GetSigningMethodLength()/2])))
+		claims.CodeHash = []byte(base64.URLEncoding.EncodeToString([]byte(hash[:c.Enigma.GetSigningMethodLength() / 2])))
 	}
 
 	if ar.GetResponseTypes().Has("token") {
@@ -84,7 +84,7 @@ func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.
 		if err != nil {
 			return err
 		}
-		claims.AccessTokenHash = []byte(base64.URLEncoding.EncodeToString([]byte(hash[:c.Enigma.GetSigningMethodLength()/2])))
+		claims.AccessTokenHash = []byte(base64.URLEncoding.EncodeToString([]byte(hash[:c.Enigma.GetSigningMethodLength() / 2])))
 	}
 
 	if !ar.GetGrantedScopes().Has("openid") {

diff --git a/handler/openid/flow_implicit.go b/handler/openid/flow_implicit.go
@@ -16,9 +16,9 @@ import (
 type OpenIDConnectImplicitHandler struct {
 	AuthorizeImplicitGrantTypeHandler *oauth2.AuthorizeImplicitGrantTypeHandler
 	*IDTokenHandleHelper
-	ScopeStrategy fosite.ScopeStrategy
+	ScopeStrategy                     fosite.ScopeStrategy
 
-	RS256JWTStrategy *jwt.RS256JWTStrategy
+	RS256JWTStrategy                  *jwt.RS256JWTStrategy
 }
 
 func (c *OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, req *http.Request, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error {
@@ -63,7 +63,7 @@ func (c *OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest(ctx contex
 			return err
 		}
 
-		claims.AccessTokenHash = []byte(base64.URLEncoding.EncodeToString([]byte(hash[:c.RS256JWTStrategy.GetSigningMethodLength()/2])))
+		claims.AccessTokenHash = []byte(base64.URLEncoding.EncodeToString([]byte(hash[:c.RS256JWTStrategy.GetSigningMethodLength() / 2])))
 	} else {
 		resp.AddFragment("state", ar.GetState())
 	}

diff --git a/handler/openid/flow_implicit_test.go b/handler/openid/flow_implicit_test.go
@@ -112,7 +112,6 @@ func TestImplicit_HandleAuthorizeEndpointRequest(t *testing.T) {
 						Subject: "peter",
 					},
 					Headers:        &jwt.Headers{},
-					DefaultSession: new(fosite.DefaultSession),
 				}
 				areq.Form.Add("nonce", "some-random-foo-nonce-wow")
 			},

diff --git a/handler/openid/strategy_jwt.go b/handler/openid/strategy_jwt.go
@@ -22,19 +22,53 @@ type Session interface {
 
 // IDTokenSession is a session container for the id token
 type DefaultSession struct {
-	Claims  *jwt.IDTokenClaims
-	Headers *jwt.Headers
-	*fosite.DefaultSession
+	Claims    *jwt.IDTokenClaims
+	Headers   *jwt.Headers
+	ExpiresAt map[fosite.TokenType]time.Time
+	Username  string
+	Subject   string
 }
 
 func NewDefaultSession() *DefaultSession {
 	return &DefaultSession{
 		Claims:         &jwt.IDTokenClaims{},
 		Headers:        &jwt.Headers{},
-		DefaultSession: &fosite.DefaultSession{},
 	}
 }
 
+func (s *DefaultSession) SetExpiresAt(key fosite.TokenType, exp time.Time) {
+	if s.ExpiresAt == nil {
+		s.ExpiresAt = make(map[fosite.TokenType]time.Time)
+	}
+	s.ExpiresAt[key] = exp
+}
+
+func (s *DefaultSession) GetExpiresAt(key fosite.TokenType) time.Time {
+	if s.ExpiresAt == nil {
+		s.ExpiresAt = make(map[fosite.TokenType]time.Time)
+	}
+
+	if _, ok := s.ExpiresAt[key]; !ok {
+		return time.Time{}
+	}
+	return s.ExpiresAt[key]
+}
+
+func (s *DefaultSession) GetUsername() string {
+	if s == nil {
+		return ""
+	}
+	return s.Username
+}
+
+func (s *DefaultSession) GetSubject() string {
+	if s == nil {
+		return ""
+	}
+
+	return s.Subject
+}
+
 func (s *DefaultSession) IDTokenHeaders() *jwt.Headers {
 	if s.Headers == nil {
 		s.Headers = &jwt.Headers{}

diff --git a/integration/introspect_token_test.go b/integration/introspect_token_test.go
@@ -46,28 +46,28 @@ func runIntrospectTokenTest(t *testing.T, strategy oauth2.AccessTokenStrategy) {
 		},
 		{
 			prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
-				return s.Set("Authorization", "bearer "+a.AccessToken)
+				return s.Set("Authorization", "bearer " + a.AccessToken)
 			},
 			isActive: true,
 			scopes:   "fosite",
 		},
 		{
 			prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
-				return s.Set("Authorization", "bearer "+a.AccessToken)
+				return s.Set("Authorization", "bearer " + a.AccessToken)
 			},
 			isActive: true,
 			scopes:   "",
 		},
 		{
 			prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
-				return s.Set("Authorization", "bearer "+a.AccessToken)
+				return s.Set("Authorization", "bearer " + a.AccessToken)
 			},
 			isActive: false,
 			scopes:   "foo",
 		},
 		{
 			prepare: func(s *gorequest.SuperAgent) *gorequest.SuperAgent {
-				return s.Set("Authorization", "bearer "+b.AccessToken)
+				return s.Set("Authorization", "bearer " + b.AccessToken)
 			},
 			isActive: false,
 			scopes:   "",

diff --git a/integration/oidc_explicit_test.go b/integration/oidc_explicit_test.go
@@ -6,7 +6,6 @@ import (
 
 	"fmt"
 
-	"github.com/ory-am/fosite"
 	"github.com/ory-am/fosite/compose"
 	"github.com/ory-am/fosite/handler/openid"
 	"github.com/ory-am/fosite/internal"
@@ -22,7 +21,6 @@ func TestOpenIDConnectExplicitFlow(t *testing.T) {
 				Subject: "peter",
 			},
 			Headers:        &jwt.Headers{},
-			DefaultSession: &fosite.DefaultSession{},
 		},
 	}
 	f := compose.ComposeAllEnabled(new(compose.Config), fositeStore, []byte("some-secret-thats-random"), internal.MustRSAKey())

diff --git a/integration/oidc_implicit_hybrid_test.go b/integration/oidc_implicit_hybrid_test.go
@@ -13,7 +13,6 @@ import (
 	"github.com/stretchr/testify/require"
 	"golang.org/x/oauth2"
 
-	"github.com/ory-am/fosite"
 	"github.com/ory-am/fosite/compose"
 	"github.com/ory-am/fosite/handler/openid"
 	"github.com/ory-am/fosite/internal"
@@ -27,7 +26,6 @@ func TestOIDCImplicitFlow(t *testing.T) {
 				Subject: "peter",
 			},
 			Headers:        &jwt.Headers{},
-			DefaultSession: &fosite.DefaultSession{},
 		},
 	}
 	f := compose.ComposeAllEnabled(new(compose.Config), fositeStore, []byte("some-secret-thats-random"), internal.MustRSAKey())
@@ -76,7 +74,7 @@ func TestOIDCImplicitFlow(t *testing.T) {
 		c.setup()
 
 		var callbackURL *url.URL
-		authURL := strings.Replace(oauthClient.AuthCodeURL(state), "response_type=code", "response_type="+c.responseType, -1) + "&nonce=" + c.nonce
+		authURL := strings.Replace(oauthClient.AuthCodeURL(state), "response_type=code", "response_type=" + c.responseType, -1) + "&nonce=" + c.nonce
 		client := &http.Client{
 			CheckRedirect: func(req *http.Request, via []*http.Request) error {
 				callbackURL = req.URL

diff --git a/integration/refresh_token_grant_test.go b/integration/refresh_token_grant_test.go
@@ -11,7 +11,7 @@ import (
 	hst "github.com/ory-am/fosite/handler/oauth2"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	oauth2 "golang.org/x/oauth2"
+	"golang.org/x/oauth2"
 )
 
 func TestRefreshTokenFlow(t *testing.T) {

diff --git a/integration/revoke_token_test.go b/integration/revoke_token_test.go
@@ -30,22 +30,22 @@ func runRevokeTokenTest(t *testing.T, strategy oauth2.AccessTokenStrategy) {
 	token, err := oauthClient.Token(goauth.NoContext)
 	assert.Nil(t, err)
 
-	resp, _, errs := gorequest.New().Post(ts.URL+"/revoke").
+	resp, _, errs := gorequest.New().Post(ts.URL + "/revoke").
 		SetBasicAuth(oauthClient.ClientID, oauthClient.ClientSecret).
 		Type("form").
 		SendStruct(map[string]string{"token": "asdf"}).End()
 	assert.Len(t, errs, 0)
 	assert.Equal(t, 200, resp.StatusCode)
 
-	resp, _, errs = gorequest.New().Post(ts.URL+"/revoke").
+	resp, _, errs = gorequest.New().Post(ts.URL + "/revoke").
 		SetBasicAuth(oauthClient.ClientID, oauthClient.ClientSecret).
 		Type("form").
 		SendStruct(map[string]string{"token": token.AccessToken}).End()
 	assert.Len(t, errs, 0)
 	assert.Equal(t, 200, resp.StatusCode)
 
-	hres, _, errs := gorequest.New().Get(ts.URL+"/info").
-		Set("Authorization", "bearer "+token.AccessToken).
+	hres, _, errs := gorequest.New().Get(ts.URL + "/info").
+		Set("Authorization", "bearer " + token.AccessToken).
 		End()
 	require.Len(t, errs, 0)
 	assert.Equal(t, http.StatusUnauthorized, hres.StatusCode)