aboutsummaryrefslogtreecommitdiff
path: root/modules/oauth2
diff options
context:
space:
mode:
authorzhsso <zhssoge@gmail.com>2014-04-10 14:20:01 -0400
committerzhsso <zhssoge@gmail.com>2014-04-10 14:20:01 -0400
commitf3ed11d177d76bcb1850c6670c1516d25a66eb2c (patch)
tree4b825dc642cb6eb9a060e54bf8d69288fbee4904 /modules/oauth2
parentfde5b16332d5c4dc8246b899cd42d58b058f2bed (diff)
mistakes
Diffstat (limited to 'modules/oauth2')
-rw-r--r--modules/oauth2/oauth2.go234
-rw-r--r--modules/oauth2/oauth2_test.go162
2 files changed, 0 insertions, 396 deletions
diff --git a/modules/oauth2/oauth2.go b/modules/oauth2/oauth2.go
deleted file mode 100644
index 05ae4606..00000000
--- a/modules/oauth2/oauth2.go
+++ /dev/null
@@ -1,234 +0,0 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-// Package oauth2 contains Martini handlers to provide
-// user login via an OAuth 2.0 backend.
-package oauth2
-
-import (
- "encoding/json"
- "fmt"
- "net/http"
- "net/url"
- "strings"
- "time"
-
- "code.google.com/p/goauth2/oauth"
- "github.com/go-martini/martini"
-
- "github.com/gogits/session"
-
- "github.com/gogits/gogs/modules/log"
- "github.com/gogits/gogs/modules/middleware"
-)
-
-const (
- keyToken = "oauth2_token"
- keyNextPage = "next"
-)
-
-var (
- // Path to handle OAuth 2.0 logins.
- PathLogin = "/login"
- // Path to handle OAuth 2.0 logouts.
- PathLogout = "/logout"
- // Path to handle callback from OAuth 2.0 backend
- // to exchange credentials.
- PathCallback = "/oauth2callback"
- // Path to handle error cases.
- PathError = "/oauth2error"
-)
-
-// Represents OAuth2 backend options.
-type Options struct {
- ClientId string
- ClientSecret string
- RedirectURL string
- Scopes []string
-
- AuthUrl string
- TokenUrl string
-}
-
-// Represents a container that contains
-// user's OAuth 2.0 access and refresh tokens.
-type Tokens interface {
- Access() string
- Refresh() string
- IsExpired() bool
- ExpiryTime() time.Time
- ExtraData() map[string]string
-}
-
-type token struct {
- oauth.Token
-}
-
-func (t *token) ExtraData() map[string]string {
- return t.Extra
-}
-
-// Returns the access token.
-func (t *token) Access() string {
- return t.AccessToken
-}
-
-// Returns the refresh token.
-func (t *token) Refresh() string {
- return t.RefreshToken
-}
-
-// Returns whether the access token is
-// expired or not.
-func (t *token) IsExpired() bool {
- if t == nil {
- return true
- }
- return t.Expired()
-}
-
-// Returns the expiry time of the user's
-// access token.
-func (t *token) ExpiryTime() time.Time {
- return t.Expiry
-}
-
-// Formats tokens into string.
-func (t *token) String() string {
- return fmt.Sprintf("tokens: %v", t)
-}
-
-// Returns a new Google OAuth 2.0 backend endpoint.
-func Google(opts *Options) martini.Handler {
- opts.AuthUrl = "https://accounts.google.com/o/oauth2/auth"
- opts.TokenUrl = "https://accounts.google.com/o/oauth2/token"
- return NewOAuth2Provider(opts)
-}
-
-// Returns a new Github OAuth 2.0 backend endpoint.
-func Github(opts *Options) martini.Handler {
- opts.AuthUrl = "https://github.com/login/oauth/authorize"
- opts.TokenUrl = "https://github.com/login/oauth/access_token"
- return NewOAuth2Provider(opts)
-}
-
-func Facebook(opts *Options) martini.Handler {
- opts.AuthUrl = "https://www.facebook.com/dialog/oauth"
- opts.TokenUrl = "https://graph.facebook.com/oauth/access_token"
- return NewOAuth2Provider(opts)
-}
-
-// Returns a generic OAuth 2.0 backend endpoint.
-func NewOAuth2Provider(opts *Options) martini.Handler {
- config := &oauth.Config{
- ClientId: opts.ClientId,
- ClientSecret: opts.ClientSecret,
- RedirectURL: opts.RedirectURL,
- Scope: strings.Join(opts.Scopes, " "),
- AuthURL: opts.AuthUrl,
- TokenURL: opts.TokenUrl,
- }
-
- transport := &oauth.Transport{
- Config: config,
- Transport: http.DefaultTransport,
- }
-
- return func(c martini.Context, ctx *middleware.Context) {
- if ctx.Req.Method == "GET" {
- switch ctx.Req.URL.Path {
- case PathLogin:
- login(transport, ctx)
- case PathLogout:
- logout(transport, ctx)
- case PathCallback:
- handleOAuth2Callback(transport, ctx)
- }
- }
-
- tk := unmarshallToken(ctx.Session)
- if tk != nil {
- // check if the access token is expired
- if tk.IsExpired() && tk.Refresh() == "" {
- ctx.Session.Delete(keyToken)
- tk = nil
- }
- }
- // Inject tokens.
- c.MapTo(tk, (*Tokens)(nil))
- }
-}
-
-// Handler that redirects user to the login page
-// if user is not logged in.
-// Sample usage:
-// m.Get("/login-required", oauth2.LoginRequired, func() ... {})
-var LoginRequired martini.Handler = func() martini.Handler {
- return func(c martini.Context, ctx *middleware.Context) {
- token := unmarshallToken(ctx.Session)
- if token == nil || token.IsExpired() {
- next := url.QueryEscape(ctx.Req.URL.RequestURI())
- ctx.Redirect(PathLogin + "?next=" + next)
- return
- }
- }
-}()
-
-func login(t *oauth.Transport, ctx *middleware.Context) {
- next := extractPath(ctx.Query(keyNextPage))
- if ctx.Session.Get(keyToken) == nil {
- // User is not logged in.
- ctx.Redirect(t.Config.AuthCodeURL(next))
- return
- }
- // No need to login, redirect to the next page.
- ctx.Redirect(next)
-}
-
-func logout(t *oauth.Transport, ctx *middleware.Context) {
- next := extractPath(ctx.Query(keyNextPage))
- ctx.Session.Delete(keyToken)
- ctx.Redirect(next)
-}
-
-func handleOAuth2Callback(t *oauth.Transport, ctx *middleware.Context) {
- if errMsg := ctx.Query("error_description"); len(errMsg) > 0 {
- log.Error("oauth2.handleOAuth2Callback: %s", errMsg)
- return
- }
-
- next := extractPath(ctx.Query("state"))
- code := ctx.Query("code")
- tk, err := t.Exchange(code)
- if err != nil {
- // Pass the error message, or allow dev to provide its own
- // error handler.
- log.Error("oauth2.handleOAuth2Callback(token.Exchange): %v", err)
- // ctx.Redirect(PathError)
- return
- }
- // Store the credentials in the session.
- val, _ := json.Marshal(tk)
- ctx.Session.Set(keyToken, val)
- ctx.Redirect(next)
-}
-
-func unmarshallToken(s session.SessionStore) (t *token) {
- if s.Get(keyToken) == nil {
- return
- }
- data := s.Get(keyToken).([]byte)
- var tk oauth.Token
- json.Unmarshal(data, &tk)
- return &token{tk}
-}
-
-func extractPath(next string) string {
- n, err := url.Parse(next)
- if err != nil {
- return "/"
- }
- return n.Path
-}
diff --git a/modules/oauth2/oauth2_test.go b/modules/oauth2/oauth2_test.go
deleted file mode 100644
index 71443030..00000000
--- a/modules/oauth2/oauth2_test.go
+++ /dev/null
@@ -1,162 +0,0 @@
-// Copyright 2014 Google Inc. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package oauth2
-
-import (
- "net/http"
- "net/http/httptest"
- "testing"
-
- "github.com/go-martini/martini"
- "github.com/martini-contrib/sessions"
-)
-
-func Test_LoginRedirect(t *testing.T) {
- recorder := httptest.NewRecorder()
- m := martini.New()
- m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
- m.Use(Google(&Options{
- ClientId: "client_id",
- ClientSecret: "client_secret",
- RedirectURL: "refresh_url",
- Scopes: []string{"x", "y"},
- }))
-
- r, _ := http.NewRequest("GET", "/login", nil)
- m.ServeHTTP(recorder, r)
-
- location := recorder.HeaderMap["Location"][0]
- if recorder.Code != 302 {
- t.Errorf("Not being redirected to the auth page.")
- }
- if location != "https://accounts.google.com/o/oauth2/auth?access_type=&approval_prompt=&client_id=client_id&redirect_uri=refresh_url&response_type=code&scope=x+y&state=" {
- t.Errorf("Not being redirected to the right page, %v found", location)
- }
-}
-
-func Test_LoginRedirectAfterLoginRequired(t *testing.T) {
- recorder := httptest.NewRecorder()
- m := martini.Classic()
- m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
- m.Use(Google(&Options{
- ClientId: "client_id",
- ClientSecret: "client_secret",
- RedirectURL: "refresh_url",
- Scopes: []string{"x", "y"},
- }))
-
- m.Get("/login-required", LoginRequired, func(tokens Tokens) (int, string) {
- return 200, tokens.Access()
- })
-
- r, _ := http.NewRequest("GET", "/login-required?key=value", nil)
- m.ServeHTTP(recorder, r)
-
- location := recorder.HeaderMap["Location"][0]
- if recorder.Code != 302 {
- t.Errorf("Not being redirected to the auth page.")
- }
- if location != "/login?next=%2Flogin-required%3Fkey%3Dvalue" {
- t.Errorf("Not being redirected to the right page, %v found", location)
- }
-}
-
-func Test_Logout(t *testing.T) {
- recorder := httptest.NewRecorder()
- s := sessions.NewCookieStore([]byte("secret123"))
-
- m := martini.Classic()
- m.Use(sessions.Sessions("my_session", s))
- m.Use(Google(&Options{
- // no need to configure
- }))
-
- m.Get("/", func(s sessions.Session) {
- s.Set(keyToken, "dummy token")
- })
-
- m.Get("/get", func(s sessions.Session) {
- if s.Get(keyToken) != nil {
- t.Errorf("User credentials are still kept in the session.")
- }
- })
-
- logout, _ := http.NewRequest("GET", "/logout", nil)
- index, _ := http.NewRequest("GET", "/", nil)
-
- m.ServeHTTP(httptest.NewRecorder(), index)
- m.ServeHTTP(recorder, logout)
-
- if recorder.Code != 302 {
- t.Errorf("Not being redirected to the next page.")
- }
-}
-
-func Test_LogoutOnAccessTokenExpiration(t *testing.T) {
- recorder := httptest.NewRecorder()
- s := sessions.NewCookieStore([]byte("secret123"))
-
- m := martini.Classic()
- m.Use(sessions.Sessions("my_session", s))
- m.Use(Google(&Options{
- // no need to configure
- }))
-
- m.Get("/addtoken", func(s sessions.Session) {
- s.Set(keyToken, "dummy token")
- })
-
- m.Get("/", func(s sessions.Session) {
- if s.Get(keyToken) != nil {
- t.Errorf("User not logged out although access token is expired.")
- }
- })
-
- addtoken, _ := http.NewRequest("GET", "/addtoken", nil)
- index, _ := http.NewRequest("GET", "/", nil)
- m.ServeHTTP(recorder, addtoken)
- m.ServeHTTP(recorder, index)
-}
-
-func Test_InjectedTokens(t *testing.T) {
- recorder := httptest.NewRecorder()
- m := martini.Classic()
- m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
- m.Use(Google(&Options{
- // no need to configure
- }))
- m.Get("/", func(tokens Tokens) string {
- return "Hello world!"
- })
- r, _ := http.NewRequest("GET", "/", nil)
- m.ServeHTTP(recorder, r)
-}
-
-func Test_LoginRequired(t *testing.T) {
- recorder := httptest.NewRecorder()
- m := martini.Classic()
- m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
- m.Use(Google(&Options{
- // no need to configure
- }))
- m.Get("/", LoginRequired, func(tokens Tokens) string {
- return "Hello world!"
- })
- r, _ := http.NewRequest("GET", "/", nil)
- m.ServeHTTP(recorder, r)
- if recorder.Code != 302 {
- t.Errorf("Not being redirected to the auth page although user is not logged in.")
- }
-}