unstaged

ory · Jan 15, 2016 · 17ad70b · 17ad70b
1 parent 8a830d3
commit 17ad70b
Show file tree

Hide file tree

Showing 23 changed files with 243 additions and 327 deletions.
diff --git a/access.go b/access.go
diff --git a/access_request.go b/access_request.go
@@ -5,49 +5,16 @@ import (
 	"time"
 )
 
-type AccessRequester interface {
-	// GetGrantType returns the requests grant type.
-	GetGrantType() string
-
-	// GetClient returns the requests client.
-	GetClient() client.Client
-
-	// GetRequestedAt returns the time the request was created.
-	GetRequestedAt() time.Time
-
-	// GetScopes returns the request's scopes.
-	GetScopes() Arguments
-
-	// SetScopes sets the request's scopes.
-	SetScopes(Arguments)
-
-	// GetGrantScopes returns all granted scopes.
-	GetGrantedScopes() Arguments
-
-	// GrantScope marks a request's scope as granted.
-	GrantScope(string)
-
-	// SetGrantTypeHandled marks a grant type as handled indicating that the response type is supported.
-	SetGrantTypeHandled(string)
-
-	// DidHandleGrantType returns if the requested grant type has been handled correctly.
-	DidHandleGrantType() bool
-}
-
 type AccessRequest struct {
 	GrantType        string
 	HandledGrantType []string
 	RequestedAt      time.Time
 	Client           client.Client
 	Scopes           Arguments
 	GrantedScopes    []string
-}
+	Session          interface{}
 
-func NewAccessRequest() *AccessRequest {
-	return &AccessRequest{
-		RequestedAt:      time.Now(),
-		HandledGrantType: []string{},
-	}
+	Request
 }
 
 func (a *AccessRequest) DidHandleGrantType() bool {
@@ -61,27 +28,3 @@ func (a *AccessRequest) SetGrantTypeHandled(name string) {
 func (a *AccessRequest) GetGrantType() string {
 	return a.GrantType
 }
-
-func (a *AccessRequest) GetRequestedAt() time.Time {
-	return a.RequestedAt
-}
-
-func (a *AccessRequest) GetClient() client.Client {
-	return a.Client
-}
-
-func (a *AccessRequest) GetScopes() Arguments {
-	return a.Scopes
-}
-
-func (a *AccessRequest) SetScopes(s Arguments) {
-	a.Scopes = s
-}
-
-func (a *AccessRequest) GetGrantedScopes() Arguments {
-	return Arguments(a.GrantedScopes)
-}
-
-func (a *AccessRequest) GrantScope(scope string) {
-	a.GrantedScopes = append(a.GrantedScopes, scope)
-}
diff --git a/access_response.go b/access_response.go
@@ -1,21 +1,5 @@
 package fosite
 
-type AccessResponder interface {
-	SetExtra(key string, value interface{})
-
-	GetExtra(key string) interface{}
-
-	SetAccessToken(string)
-
-	SetTokenType(string)
-
-	GetAccessToken() string
-
-	GetTokenType() string
-
-	ToMap() map[string]interface{}
-}
-
 func NewAccessResponse() AccessResponder {
 	return &AccessResponse{
 		Extra: map[string]interface{}{},

diff --git a/access_response_handler.go b/access_response_handler.go
@@ -6,13 +6,13 @@ import (
 	"net/http"
 )
 
-func (f *Fosite) NewAccessResponse(ctx context.Context, req *http.Request, requester AccessRequester, session interface{}) (AccessResponder, error) {
+func (f *Fosite) NewAccessResponse(ctx context.Context, req *http.Request, requester AccessRequester) (AccessResponder, error) {
 	var err error
 	var tk TokenEndpointHandler
 
 	response := NewAccessResponse()
 	for _, tk = range f.TokenEndpointHandlers {
-		if err = tk.HandleTokenEndpointRequest(ctx, req, requester, response, session); err != nil {
+		if err = tk.HandleTokenEndpointRequest(ctx, req, requester, response); err != nil {
 			return nil, errors.Wrap(err, 1)
 		}
 	}

diff --git a/authorize_request.go b/authorize_request.go
@@ -1,68 +1,17 @@
 package fosite
 
 import (
-	. "github.com/ory-am/fosite/client"
 	"net/url"
-	"time"
 )
 
-// AuthorizeRequester represents an authorize request
-type AuthorizeRequester interface {
-	// GetResponseTypes returns the requested response types
-	GetResponseTypes() Arguments
-
-	// SetResponseTypeHandled marks a response_type (e.g. token or code) as handled indicating that the response type
-	// is supported.
-	SetResponseTypeHandled(string)
-
-	// DidHandleAllResponseTypes returns if all requested response types have been handled correctly
-	DidHandleAllResponseTypes() bool
-
-	// GetClient returns this request's client or nil
-	GetClient() Client
-
-	// GetScopes returns this request's scopes
-	GetScopes() Arguments
-
-	// GetState returns the request's state
-	GetState() string
-
-	// GetRequestedAt returns the time the request was issued
-	GetRequestedAt() time.Time
-
-	// GetRedirectURI returns the requested redirect URI
-	GetRedirectURI() *url.URL
-
-	// IsRedirectURIValid returns false if the redirect is not rfc-conform (i.e. missing client, not on white list,
-	// or malformed)
-	IsRedirectURIValid() bool
-
-	// SetScopes sets the request's scopes.
-	SetScopes(Arguments)
-
-	// GetGrantScopes returns all granted scopes.
-	GetGrantedScopes() Arguments
-}
-
-func NewAuthorizeRequest() *AuthorizeRequest {
-	return &AuthorizeRequest{
-		ResponseTypes:        Arguments{},
-		Scopes:               Arguments{},
-		HandledResponseTypes: Arguments{},
-		GrantedScopes:        []string{},
-	}
-}
-
 // AuthorizeRequest is an implementation of AuthorizeRequester
 type AuthorizeRequest struct {
 	ResponseTypes        Arguments
-	Client               Client
-	Scopes               Arguments
 	RedirectURI          *url.URL
 	State                string
-	RequestedAt          time.Time
 	HandledResponseTypes Arguments
-	GrantedScopes        []string
+
+	Request
 }
 
 func (d *AuthorizeRequest) IsRedirectURIValid() bool {
@@ -86,14 +35,6 @@ func (d *AuthorizeRequest) GetResponseTypes() Arguments {
 	return d.ResponseTypes
 }
 
-func (d *AuthorizeRequest) GetClient() Client {
-	return d.Client
-}
-
-func (d *AuthorizeRequest) GetScopes() Arguments {
-	return d.Scopes
-}
-
 func (d *AuthorizeRequest) GetState() string {
 	return d.State
 }
@@ -102,10 +43,6 @@ func (d *AuthorizeRequest) GetRedirectURI() *url.URL {
 	return d.RedirectURI
 }
 
-func (d *AuthorizeRequest) GetRequestedAt() time.Time {
-	return d.RequestedAt
-}
-
 func (d *AuthorizeRequest) SetResponseTypeHandled(name string) {
 	d.HandledResponseTypes = append(d.HandledResponseTypes, name)
 }
@@ -119,15 +56,3 @@ func (d *AuthorizeRequest) DidHandleAllResponseTypes() bool {
 
 	return len(d.ResponseTypes) > 0
 }
-
-func (a *AuthorizeRequest) GetGrantedScopes() Arguments {
-	return Arguments(a.GrantedScopes)
-}
-
-func (a *AuthorizeRequest) GrantScope(scope string) {
-	a.GrantedScopes = append(a.GrantedScopes, scope)
-}
-
-func (a *AuthorizeRequest) SetScopes(s Arguments) {
-	a.Scopes = s
-}
diff --git a/authorize_request_handler.go b/authorize_request_handler.go
@@ -8,15 +8,20 @@ import (
 	"time"
 )
 
-func (c *Fosite) NewAuthorizeRequest(_ context.Context, r *http.Request) (AuthorizeRequester, error) {
+func (c *Fosite) NewAuthorizeRequest(ctx context.Context, r *http.Request, session interface{}) (AuthorizeRequester, error) {
 	if c.RequiredScope == "" {
 		c.RequiredScope = DefaultRequiredScopeName
 	}
 
 	request := &AuthorizeRequest{
-		RequestedAt:   time.Now(),
-		ResponseTypes: Arguments{},
-		Scopes:        Arguments{},
+		ResponseTypes:        Arguments{},
+		HandledResponseTypes: Arguments{},
+		Request: Request{
+			Scopes:      Arguments{},
+			Session:     session,
+			RequestedAt: time.Now(),
+			Form:        r.Form,
+		},
 	}
 
 	if err := r.ParseForm(); err != nil {

diff --git a/authorize_response.go b/authorize_response.go
@@ -5,18 +5,6 @@ import (
 	"net/url"
 )
 
-// AuthorizeResponder defines fosite's response model
-type AuthorizeResponder interface {
-	GetHeader() http.Header
-	AddHeader(key, value string)
-
-	GetQuery() url.Values
-	AddQuery(key, value string)
-
-	GetFragment() url.Values
-	AddFragment(key, value string)
-}
-
 // NewAuthorizeResponse creates a new AuthorizeResponse
 func NewAuthorizeResponse() *AuthorizeResponse {
 	return &AuthorizeResponse{

diff --git a/authorize_response_handler.go b/authorize_response_handler.go
@@ -6,14 +6,10 @@ import (
 	"net/http"
 )
 
-func (o *Fosite) NewAuthorizeResponse(ctx context.Context, r *http.Request, ar AuthorizeRequester, session interface{}) (AuthorizeResponder, error) {
-	if session == nil {
-		return nil, errors.New("Session must not be nil")
-	}
-
+func (o *Fosite) NewAuthorizeResponse(ctx context.Context, r *http.Request, ar AuthorizeRequester) (AuthorizeResponder, error) {
 	var resp = NewAuthorizeResponse()
 	for _, h := range o.AuthorizeEndpointHandlers {
-		if err := h.HandleAuthorizeEndpointRequest(ctx, r, ar, resp, session); err != nil {
+		if err := h.HandleAuthorizeEndpointRequest(ctx, r, ar, resp); err != nil {
 			return nil, err
 		}
 	}

diff --git a/enigma/hmacsha.go b/enigma/hmacsha.go
@@ -61,7 +61,7 @@ func (c *HMACSHAEnigma) Generate(secret []byte) (string, string, error) {
 	signature := mac.Sum([]byte{})
 
 	token := fmt.Sprintf("%s.%s", b64.EncodeToString(randomBytes), b64.EncodeToString(signature))
-	return token, signature, nil
+	return token, b64.EncodeToString(signature), nil
 }
 
 // Validate validates a token and returns its signature or an error if the token is not valid.

diff --git a/enigma/hmacsha_test.go b/enigma/hmacsha_test.go
@@ -7,51 +7,48 @@ import (
 )
 
 func TestGenerateFailsWithShortCredentials(t *testing.T) {
-	cg := HMACSHAEnigma{
-		GlobalSecret: []byte("foo"),
-	}
-
-	challenge, err := cg.Generate([]byte("bar"))
+	cg := HMACSHAEnigma{GlobalSecret: []byte("foo")}
+	challenge, signature, err := cg.Generate([]byte("bar"))
 	require.NotNil(t, err, "%s", err)
-	require.Nil(t, challenge)
+	require.Empty(t, challenge)
+	require.Empty(t, signature)
 
 	cg.GlobalSecret = []byte("12345678901234567890")
-	challenge, err = cg.Generate([]byte("bar"))
+	challenge, signature, err = cg.Generate([]byte("bar"))
 	require.NotNil(t, err, "%s", err)
-	require.Nil(t, challenge)
+	require.Empty(t, challenge)
+	require.Empty(t, signature)
 
 	cg.GlobalSecret = []byte("bar")
-	challenge, err = cg.Generate([]byte("12345678901234567890"))
+	challenge, signature, err = cg.Generate([]byte("12345678901234567890"))
 	require.NotNil(t, err, "%s", err)
-	require.Nil(t, challenge)
+	require.Empty(t, challenge)
+	require.Empty(t, signature)
 }
 
 func TestGenerate(t *testing.T) {
 	cg := HMACSHAEnigma{
 		GlobalSecret: []byte("12345678901234567890"),
 	}
 
-	challenge, err := cg.Generate([]byte("09876543210987654321"))
+	token, signature, err := cg.Generate([]byte("09876543210987654321"))
 	require.Nil(t, err, "%s", err)
-	require.NotNil(t, challenge)
-	t.Logf("%s.%s", challenge.Key, challenge.Signature)
-
-	err = cg.ValidateChallenge([]byte("09876543210987654321"), challenge)
-	require.Nil(t, err, "%s", err)
-
-	challenge.FromString(challenge.String())
+	require.NotEmpty(t, token)
+	require.NotEmpty(t, signature)
+	t.Logf("%s.%s", token, signature)
 
-	err = cg.ValidateChallenge([]byte("09876543210987654321"), challenge)
+	validateSignature, err := cg.Validate([]byte("09876543210987654321"), token)
 	require.Nil(t, err, "%s", err)
+	assert.Equal(t, signature, validateSignature)
 
-	err = cg.ValidateChallenge([]byte("bar"), challenge)
+	_, err = cg.Validate([]byte("bar"), token)
 	require.NotNil(t, err, "%s", err)
 
-	err = cg.ValidateChallenge([]byte("baz"), challenge)
+	_, err = cg.Validate([]byte("baz"), token)
 	require.NotNil(t, err, "%s", err)
 
 	cg.GlobalSecret = []byte("baz")
-	err = cg.ValidateChallenge([]byte("bar"), challenge)
+	_, err = cg.Validate([]byte("bar"), token)
 	require.NotNil(t, err, "%s", err)
 }
 
@@ -60,16 +57,14 @@ func TestValidateSignatureRejects(t *testing.T) {
 	cg := HMACSHAEnigma{
 		GlobalSecret: []byte("12345678901234567890"),
 	}
-	token := new(Challenge)
 	for k, c := range []string{
 		"",
 		" ",
 		"foo.bar",
 		"foo.",
 		".foo",
 	} {
-		token.FromString(c)
-		err = cg.ValidateChallenge([]byte("09876543210987654321"), token)
+		_, err = cg.Validate([]byte("09876543210987654321"), c)
 		assert.NotNil(t, err, "%s", err)
 		t.Logf("Passed test case %d", k)
 	}