-
-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
oauth_create_token.go
70 lines (64 loc) Β· 2.57 KB
/
oauth_create_token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package form
import (
"github.com/photoprism/photoprism/pkg/authn"
"github.com/photoprism/photoprism/pkg/clean"
"github.com/photoprism/photoprism/pkg/rnd"
"github.com/photoprism/photoprism/pkg/txt"
)
// OAuthCreateToken represents a create token request form.
type OAuthCreateToken struct {
GrantType authn.GrantType `form:"grant_type" json:"grant_type,omitempty"`
ClientID string `form:"client_id" json:"client_id,omitempty"`
ClientName string `form:"client_name" json:"client_name,omitempty"`
ClientSecret string `form:"client_secret" json:" client_secret,omitempty"`
Username string `form:"username" json:"username,omitempty"`
Password string `form:"password" json:"password,omitempty"`
RefreshToken string `form:"refresh_token" json:"refresh_token,omitempty"`
Code string `form:"code" json:"code,omitempty"`
CodeVerifier string `form:"code_verifier" json:"code_verifier,omitempty"`
RedirectURI string `form:"redirect_uri" json:"redirect_uri,omitempty"`
Assertion string `form:"assertion" json:"assertion,omitempty"`
Scope string `form:"scope" json:"scope,omitempty"`
ExpiresIn int64 `form:"expires_in" json:"expires_in,omitempty"`
}
// Validate verifies the request parameters depending on the grant type.
func (f OAuthCreateToken) Validate() error {
switch f.GrantType {
case authn.GrantClientCredentials, authn.GrantUndefined:
// Validate client id.
if f.ClientID == "" {
return authn.ErrClientIDRequired
} else if rnd.InvalidUID(f.ClientID, 'c') {
return authn.ErrInvalidCredentials
}
// Validate client secret.
if f.ClientSecret == "" {
return authn.ErrClientSecretRequired
} else if !rnd.IsAlnum(f.ClientSecret) {
return authn.ErrInvalidCredentials
}
case authn.GrantPassword, authn.GrantSession:
// Validate request credentials.
if f.Username == "" {
return authn.ErrUsernameRequired
} else if len(f.Username) > txt.ClipUsername {
return authn.ErrInvalidCredentials
} else if f.Password == "" {
return authn.ErrPasswordRequired
} else if len(f.Password) > txt.ClipPassword {
return authn.ErrInvalidCredentials
} else if f.ClientName == "" {
return authn.ErrNameRequired
} else if f.Scope == "" {
return authn.ErrScopeRequired
}
default:
// Reject requests with unsupported grant types.
return authn.ErrInvalidGrantType
}
return nil
}
// CleanScope returns the client scopes as sanitized string.
func (f OAuthCreateToken) CleanScope() string {
return clean.Scope(f.Scope)
}