cleanup

2019-12-16 14:46:56 +01:00 · 2019-12-16 14:46:56 +01:00 · 3d276c59b4
commit 3d276c59b4
parent 3782e49234
4 changed files with 25 additions and 43 deletions
--- a/pkg/op/authrequest.go
+++ b/pkg/op/authrequest.go
@ -19,26 +19,17 @@ type Authorizer interface {
 	Encoder() *schema.Encoder
 	Signer() Signer
 	Issuer() string
-	// ErrorHandler() func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error)
 }

-// type Signer interface {
-// 	Sign(claims *oidc.IDTokenClaims) (string, error)
-// }
-
 type ValidationAuthorizer interface {
 	Authorizer
 	ValidateAuthRequest(*oidc.AuthRequest, Storage) error
 }

-// type errorHandler func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error)
-// type callbackHandler func(authReq *oidc.AuthRequest, client oidc.Client, w http.ResponseWriter, r *http.Request)
-
 func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer) {
 	err := r.ParseForm()
 	if err != nil {
 		AuthRequestError(w, r, nil, ErrInvalidRequest("cannot parse form"), authorizer.Encoder())
-		// AuthRequestError(w, r, nil, )
 		return
 	}
 	authReq := new(oidc.AuthRequest)
@ -82,15 +73,13 @@ func ValidateAuthRequest(authReq *oidc.AuthRequest, storage Storage) error {
 	if err := ValidateAuthReqResponseType(authReq.ResponseType); err != nil {
 		return err
 	}
-	return nil
-	// return errors.New("Unimplemented") //TODO: impl https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.2
-
-	// if NeedsExistingSession(authRequest) {
-	// 	session, err := storage.CheckSession(authRequest)
+	// if NeedsExistingSession(authReq) {
+	// 	session, err := storage.CheckSession(authReq.IDTokenHint)
 	// 	if err != nil {
-	// 		//TODO: return err<
+	// 		return err
 	// 	}
 	// }
+	return nil
 }

 func ValidateAuthReqScopes(scopes []string) error {
@ -124,13 +113,13 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons
 		if client.ApplicationType() == ApplicationTypeNative {
 			return nil
 		}
-		return ErrInvalidRequest("redirect_uri not allowed 2")
+		return ErrInvalidRequest("redirect_uri not allowed")
 	} else {
 		if client.ApplicationType() != ApplicationTypeNative {
-			return ErrInvalidRequestRedirectURI("redirect_uri not allowed 3")
+			return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
 		}
 		if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) {
-			return ErrInvalidRequestRedirectURI("redirect_uri not allowed 4")
+			return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
 		}
 	}
 	return nil
--- a/pkg/op/default_op.go
+++ b/pkg/op/default_op.go
@ -165,10 +165,6 @@ func (p *DefaultOP) KeysEndpoint() Endpoint {
 	return Endpoint(p.endpoints.JwksURI)
 }

-func (p *DefaultOP) AuthMethodBasicSupported() bool {
-	return true //TODO: config
-}
-
 func (p *DefaultOP) AuthMethodPostSupported() bool {
 	return true //TODO: config
 }
@ -199,7 +195,6 @@ func (p *DefaultOP) Storage() Storage {

 func (p *DefaultOP) Signer() Signer {
 	return p.signer
-	// return
 }

 func (p *DefaultOP) IDTokenValidity() time.Duration {
@ -209,10 +204,6 @@ func (p *DefaultOP) IDTokenValidity() time.Duration {
 	return p.config.IDTokenValidity
 }

-// func (p *DefaultOP) ErrorHandler() func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) {
-// 	return AuthRequestError
-// }
-
 func (p *DefaultOP) HandleKeys(w http.ResponseWriter, r *http.Request) {
 	Keys(w, r, p)
 }
@ -235,20 +226,7 @@ func (p *DefaultOP) HandleExchange(w http.ResponseWriter, r *http.Request) {
 		CodeExchange(w, r, p)
 		return
 	}
-	p.handleTokenExchange(w, r)
-}
-
-func (p *DefaultOP) handleTokenExchange(w http.ResponseWriter, r *http.Request) {
-	ExchangeRequestError(w, r, ErrServerError("not implemented"))
-	return
-	tokenRequest, err := ParseTokenExchangeRequest(w, r)
-	if err != nil {
-		//TODO: return err
-	}
-	err = ValidateTokenExchangeRequest(tokenRequest, p.storage)
-	if err != nil {
-		//TODO: return err
-	}
+	TokenExchange(w, r, p)
 }

 func (p *DefaultOP) HandleUserinfo(w http.ResponseWriter, r *http.Request) {
--- a/pkg/op/session.go
+++ b/pkg/op/session.go
@ -6,5 +6,8 @@ func NeedsExistingSession(authRequest *oidc.AuthRequest) bool {
 	if authRequest == nil {
 		return true
 	}
-	return authRequest.IDTokenHint != "" //TODO: impl: https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.1.2.2
+	if authRequest.Prompt == oidc.PromptNone {
+		return true
+	}
+	return false
 }
--- a/pkg/op/tokenrequest.go
+++ b/pkg/op/tokenrequest.go
@ -17,7 +17,6 @@ type Exchanger interface {
 	Storage() Storage
 	Decoder() *schema.Decoder
 	Signer() Signer
-	AuthMethodBasicSupported() bool
 	AuthMethodPostSupported() bool
 }

@ -142,6 +141,19 @@ func AuthorizeCodeChallenge(tokenReq *oidc.AccessTokenRequest, storage AuthStora
 	return authReq, nil
 }

+func TokenExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) {
+	tokenRequest, err := ParseTokenExchangeRequest(w, r)
+	if err != nil {
+		ExchangeRequestError(w, r, err)
+		return
+	}
+	err = ValidateTokenExchangeRequest(tokenRequest, exchanger.Storage())
+	if err != nil {
+		ExchangeRequestError(w, r, err)
+		return
+	}
+}
+
 func ParseTokenExchangeRequest(w http.ResponseWriter, r *http.Request) (oidc.TokenRequest, error) {
 	return nil, errors.New("Unimplemented") //TODO: impl
 }