Albirew/nyaa-pantsu
Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0
Code Activité
Ce dépôt a été archivé le 2022-05-07. Vous pouvez voir ses fichiers ou le cloner, mais pas ouvrir de ticket ou de demandes d'ajout, ni soumettre de changements.
nyaa-pantsu/vendor/github.com/ory/fosite/handler/openid/strategy_jwt.go
akuma06 03ea72595d OAuth API [done] (#1275) 
* Initial Commit for OAuth API

This builds and run and return the right error.
Need to test it and then adding all users as possible client

* Added mising dependency

* just compile already...

* Fixing template test

* Imrpovements

Moved db stuff in models
Added some tests
Added form in modpanel to add/update a client
Added controllers for add/update of client

* Added Forms + speed improvements

Controller oauth client listing + html
Controller oauth client delete + messages
Messages on comment delete
New ES config that disable ES if set to false. Improve load speed on local development
Fix a load config bug
Fix index admin & translation string sign_out broken by @ewhal

* Sanitize empty strig in form array + css

Multiple empty array of strings are sanitized for the oauth client create form
Added some css for the form display

* Upload and Create form works

* Fix splitting response types

* Removing required on secret when updating

* fix travis error

* Fix travis template test

* Update dependency

* Moved to jinzhu instead of azhao

* randomizen secret on creation

* Final touch on oath api

improved display name
fix grant form csrf
fix login csrf on oauth

* Fix gorm test

* fix template test

* Fixing deleted dependency issue

* Make travis faster

* Fix typo

* Fix csrf for api calls

* This shouldn't be exempt

* Removing hard coded hash

@ewhal Don't forget to replace the hash in tokens.go with another one

* Added an example on how to use OAuth middleware

* Renamed fosite utils to oauth2 utils
2017-07-28 13:46:40 +10:00

152 lignes
3,6 Kio
Go
Brut Annotations Historique

package openid
import (
"context"
"time"
"github.com/mohae/deepcopy"
"github.com/ory/fosite"
"github.com/ory/fosite/token/jwt"
"github.com/pborman/uuid"
"github.com/pkg/errors"
)
const defaultExpiryTime = time.Hour
type Session interface {
IDTokenClaims() *jwt.IDTokenClaims
IDTokenHeaders() *jwt.Headers
fosite.Session
}
// IDTokenSession is a session container for the id token
type DefaultSession struct {
Claims *jwt.IDTokenClaims
Headers *jwt.Headers
ExpiresAt map[fosite.TokenType]time.Time
Username string
Subject string
}
func NewDefaultSession() *DefaultSession {
return &DefaultSession{
Claims: &jwt.IDTokenClaims{},
Headers: &jwt.Headers{},
}
}
func (s *DefaultSession) Clone() fosite.Session {
if s == nil {
return nil
}
return deepcopy.Copy(s).(fosite.Session)
}
func (s *DefaultSession) SetExpiresAt(key fosite.TokenType, exp time.Time) {
if s.ExpiresAt == nil {
s.ExpiresAt = make(map[fosite.TokenType]time.Time)
}
s.ExpiresAt[key] = exp
}
func (s *DefaultSession) GetExpiresAt(key fosite.TokenType) time.Time {
if s.ExpiresAt == nil {
s.ExpiresAt = make(map[fosite.TokenType]time.Time)
}
if _, ok := s.ExpiresAt[key]; !ok {
return time.Time{}
}
return s.ExpiresAt[key]
}
func (s *DefaultSession) GetUsername() string {
if s == nil {
return ""
}
return s.Username
}
func (s *DefaultSession) GetSubject() string {
if s == nil {
return ""
}
return s.Subject
}
func (s *DefaultSession) IDTokenHeaders() *jwt.Headers {
if s.Headers == nil {
s.Headers = &jwt.Headers{}
}
return s.Headers
}
func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims {
if s.Claims == nil {
s.Claims = &jwt.IDTokenClaims{}
}
return s.Claims
}
type DefaultStrategy struct {
*jwt.RS256JWTStrategy
Expiry time.Duration
Issuer string
}
func (h DefaultStrategy) GenerateIDToken(_ context.Context, requester fosite.Requester) (token string, err error) {
if h.Expiry == 0 {
h.Expiry = defaultExpiryTime
}
sess, ok := requester.GetSession().(Session)
if !ok {
return "", errors.New("Failed to generate id token because session must be of type fosite/handler/openid.Session")
}
claims := sess.IDTokenClaims()
if requester.GetRequestForm().Get("max_age") != "" && (claims.AuthTime.IsZero() || claims.AuthTime.After(time.Now())) {
return "", errors.New("Failed to generate id token because authentication time claim is required when max_age is set and can not be in the future")
}
if claims.Subject == "" {
return "", errors.New("Failed to generate id token because subject is an empty string")
}
if claims.ExpiresAt.IsZero() {
claims.ExpiresAt = time.Now().Add(h.Expiry)
}
if claims.ExpiresAt.Before(time.Now()) {
return "", errors.New("Failed to generate id token because expiry claim can not be in the past")
}
if claims.AuthTime.IsZero() {
claims.AuthTime = time.Now()
}
if claims.Issuer == "" {
claims.Issuer = h.Issuer
}
nonce := requester.GetRequestForm().Get("nonce")
// OPTIONAL. String value used to associate a Client session with an ID Token, and to mitigate replay attacks.
if len(nonce) == 0 {
// skip this check, no nonce provided, let's use a random one.
nonce = uuid.New()
} else if len(nonce) < fosite.MinParameterEntropy {
// We're assuming that using less then 8 characters for the state can not be considered "unguessable"
return "", errors.WithStack(fosite.ErrInsufficientEntropy)
}
claims.Nonce = nonce
claims.Audience = requester.GetClient().GetID()
claims.IssuedAt = time.Now()
token, _, err = h.RS256JWTStrategy.Generate(claims.ToMapClaims(), sess.IDTokenHeaders())
return token, err
}
Voir Git blame Copier le lien permanent