cleanup

2019-12-16 14:46:56 +01:00 · 2019-12-16 14:46:56 +01:00 · 3d276c59b4
commit 3d276c59b4
parent 3782e49234
4 changed files with 25 additions and 43 deletions
--- a/pkg/op/authrequest.go
+++ b/pkg/op/authrequest.go
@ -19,26 +19,17 @@ type Authorizer interface {
 	Encoder() *schema.Encoder
 	Signer() Signer
 	Issuer() string
 	// ErrorHandler() func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error)
 }
 // type Signer interface {
 // 	Sign(claims *oidc.IDTokenClaims) (string, error)
 // }
 type ValidationAuthorizer interface {
 	Authorizer
 	ValidateAuthRequest(*oidc.AuthRequest, Storage) error
 }
 // type errorHandler func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error)
 // type callbackHandler func(authReq *oidc.AuthRequest, client oidc.Client, w http.ResponseWriter, r *http.Request)
 func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer) {
 	err := r.ParseForm()
 	if err != nil {
 		AuthRequestError(w, r, nil, ErrInvalidRequest("cannot parse form"), authorizer.Encoder())
 		// AuthRequestError(w, r, nil, )
 		return
 	}
 	authReq := new(oidc.AuthRequest)
@ -82,15 +73,13 @@ func ValidateAuthRequest(authReq *oidc.AuthRequest, storage Storage) error {
 	if err := ValidateAuthReqResponseType(authReq.ResponseType); err != nil {
 		return err
 	}
-	return nil
+	// if NeedsExistingSession(authReq) {
-	// return errors.New("Unimplemented") //TODO: impl https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.2
+	// 	session, err := storage.CheckSession(authReq.IDTokenHint)
 	// if NeedsExistingSession(authRequest) {
 	// 	session, err := storage.CheckSession(authRequest)
 	// 	if err != nil {
-	// 		//TODO: return err<
+	// 		return err
 	// 	}
 	// }
 	return nil
 }
 func ValidateAuthReqScopes(scopes []string) error {
@ -124,13 +113,13 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons
 		if client.ApplicationType() == ApplicationTypeNative {
 			return nil
 		}
-		return ErrInvalidRequest("redirect_uri not allowed 2")
+		return ErrInvalidRequest("redirect_uri not allowed")
 	} else {
 		if client.ApplicationType() != ApplicationTypeNative {
-			return ErrInvalidRequestRedirectURI("redirect_uri not allowed 3")
+			return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
 		}
 		if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) {
-			return ErrInvalidRequestRedirectURI("redirect_uri not allowed 4")
+			return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
 		}
 	}
 	return nil
--- a/pkg/op/default_op.go
+++ b/pkg/op/default_op.go
@ -165,10 +165,6 @@ func (p *DefaultOP) KeysEndpoint() Endpoint {
 	return Endpoint(p.endpoints.JwksURI)
 }
 func (p *DefaultOP) AuthMethodBasicSupported() bool {
 	return true //TODO: config
 }
 func (p *DefaultOP) AuthMethodPostSupported() bool {
 	return true //TODO: config
 }
@ -199,7 +195,6 @@ func (p *DefaultOP) Storage() Storage {
 func (p *DefaultOP) Signer() Signer {
 	return p.signer
 	// return
 }
 func (p *DefaultOP) IDTokenValidity() time.Duration {
@ -209,10 +204,6 @@ func (p *DefaultOP) IDTokenValidity() time.Duration {
 	return p.config.IDTokenValidity
 }
 // func (p *DefaultOP) ErrorHandler() func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) {
 // 	return AuthRequestError
 // }
 func (p *DefaultOP) HandleKeys(w http.ResponseWriter, r *http.Request) {
 	Keys(w, r, p)
 }
@ -235,20 +226,7 @@ func (p *DefaultOP) HandleExchange(w http.ResponseWriter, r *http.Request) {
 		CodeExchange(w, r, p)
 		return
 	}
-	p.handleTokenExchange(w, r)
+	TokenExchange(w, r, p)
 }
 func (p *DefaultOP) handleTokenExchange(w http.ResponseWriter, r *http.Request) {
 	ExchangeRequestError(w, r, ErrServerError("not implemented"))
 	return
 	tokenRequest, err := ParseTokenExchangeRequest(w, r)
 	if err != nil {
 		//TODO: return err
 	}
 	err = ValidateTokenExchangeRequest(tokenRequest, p.storage)
 	if err != nil {
 		//TODO: return err
 	}
 }
 func (p *DefaultOP) HandleUserinfo(w http.ResponseWriter, r *http.Request) {
--- a/pkg/op/session.go
+++ b/pkg/op/session.go
@ -6,5 +6,8 @@ func NeedsExistingSession(authRequest *oidc.AuthRequest) bool {
 	if authRequest == nil {
 		return true
 	}
-	return authRequest.IDTokenHint != "" //TODO: impl: https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.2
+	if authRequest.Prompt == oidc.PromptNone {
 		return true
 	}
 	return false
 }
--- a/pkg/op/tokenrequest.go
+++ b/pkg/op/tokenrequest.go
@ -17,7 +17,6 @@ type Exchanger interface {
 	Storage() Storage
 	Decoder() *schema.Decoder
 	Signer() Signer
 	AuthMethodBasicSupported() bool
 	AuthMethodPostSupported() bool
 }
@ -142,6 +141,19 @@ func AuthorizeCodeChallenge(tokenReq *oidc.AccessTokenRequest, storage AuthStora
 	return authReq, nil
 }
 func TokenExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) {
 	tokenRequest, err := ParseTokenExchangeRequest(w, r)
 	if err != nil {
 		ExchangeRequestError(w, r, err)
 		return
 	}
 	err = ValidateTokenExchangeRequest(tokenRequest, exchanger.Storage())
 	if err != nil {
 		ExchangeRequestError(w, r, err)
 		return
 	}
 }
 func ParseTokenExchangeRequest(w http.ResponseWriter, r *http.Request) (oidc.TokenRequest, error) {
 	return nil, errors.New("Unimplemented") //TODO: impl
 }