simplify oauth Protocol.Secret
Niklas Fiekas
parent
e1ff8a1504
commit
48f7111448
|
|
@ -202,7 +202,7 @@ final class Challenge(
|
||||||
Action.async { req =>
|
Action.async { req =>
|
||||||
import cats.implicits._
|
import cats.implicits._
|
||||||
val scopes = List(OAuthScope.Challenge.Write)
|
val scopes = List(OAuthScope.Challenge.Write)
|
||||||
(get("token1", req) map AccessToken.Id, get("token2", req) map AccessToken.Id).mapN {
|
(get("token1", req) map AccessToken.Id.apply, get("token2", req) map AccessToken.Id.apply).mapN {
|
||||||
env.oAuth.server.authBoth(scopes)
|
env.oAuth.server.authBoth(scopes)
|
||||||
} ?? {
|
} ?? {
|
||||||
_ flatMap {
|
_ flatMap {
|
||||||
|
|
|
||||||
|
|
@ -23,14 +23,11 @@ case class AccessToken(
|
||||||
|
|
||||||
object AccessToken {
|
object AccessToken {
|
||||||
|
|
||||||
val idSize = 16
|
case class Id(value: String) extends AnyVal
|
||||||
|
object Id {
|
||||||
case class Id(value: String) extends AnyVal {
|
def random() = Id(s"lio_${SecureRandom.nextString(32)}")
|
||||||
def isPersonal = value.lengthIs == idSize
|
|
||||||
}
|
}
|
||||||
|
|
||||||
def makeId = Id(SecureRandom nextString idSize)
|
|
||||||
|
|
||||||
case class ForAuth(userId: User.ID, scopes: List[OAuthScope])
|
case class ForAuth(userId: User.ID, scopes: List[OAuthScope])
|
||||||
|
|
||||||
case class WithApp(token: AccessToken, app: OAuthApp)
|
case class WithApp(token: AccessToken, app: OAuthApp)
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ final class AccessTokenApi(colls: OauthColls)(implicit ec: scala.concurrent.Exec
|
||||||
|
|
||||||
def create(granted: AccessTokenRequest.Granted): Fu[AccessToken] = {
|
def create(granted: AccessTokenRequest.Granted): Fu[AccessToken] = {
|
||||||
val token = AccessToken(
|
val token = AccessToken(
|
||||||
id = AccessToken.Id(Protocol.Secret.random("lio_").value),
|
id = AccessToken.Id.random(),
|
||||||
publicId = BSONObjectID.generate(),
|
publicId = BSONObjectID.generate(),
|
||||||
clientId = PersonalToken.clientId, // TODO
|
clientId = PersonalToken.clientId, // TODO
|
||||||
userId = granted.userId,
|
userId = granted.userId,
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ final class AuthorizationApi(val coll: Coll)(implicit ec: scala.concurrent.Execu
|
||||||
val code = Protocol.AuthorizationCode.random()
|
val code = Protocol.AuthorizationCode.random()
|
||||||
coll.insert.one(
|
coll.insert.one(
|
||||||
PendingAuthorizationBSONHandler write PendingAuthorization(
|
PendingAuthorizationBSONHandler write PendingAuthorization(
|
||||||
code.secret.hashed,
|
code.hashed,
|
||||||
request.clientId,
|
request.clientId,
|
||||||
request.user,
|
request.user,
|
||||||
request.redirectUri,
|
request.redirectUri,
|
||||||
|
|
@ -27,7 +27,7 @@ final class AuthorizationApi(val coll: Coll)(implicit ec: scala.concurrent.Execu
|
||||||
def consume(
|
def consume(
|
||||||
request: AccessTokenRequest.Prepared
|
request: AccessTokenRequest.Prepared
|
||||||
): Fu[Validated[Protocol.Error, AccessTokenRequest.Granted]] =
|
): Fu[Validated[Protocol.Error, AccessTokenRequest.Granted]] =
|
||||||
coll.findAndModify($doc(F.hashedCode -> request.code.secret.hashed), coll.removeModifier) map {
|
coll.findAndModify($doc(F.hashedCode -> request.code.hashed), coll.removeModifier) map {
|
||||||
_.result[PendingAuthorization]
|
_.result[PendingAuthorization]
|
||||||
.toValid(Protocol.Error.AuthorizationCodeInvalid)
|
.toValid(Protocol.Error.AuthorizationCodeInvalid)
|
||||||
.ensure(Protocol.Error.AuthorizationCodeExpired)(_.expires.isAfter(DateTime.now()))
|
.ensure(Protocol.Error.AuthorizationCodeExpired)(_.expires.isAfter(DateTime.now()))
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ object OAuthForm {
|
||||||
) {
|
) {
|
||||||
def make(user: lila.user.User) =
|
def make(user: lila.user.User) =
|
||||||
AccessToken(
|
AccessToken(
|
||||||
id = AccessToken.makeId,
|
id = AccessToken.Id.random(),
|
||||||
publicId = BSONObjectID.generate(),
|
publicId = BSONObjectID.generate(),
|
||||||
clientId = PersonalToken.clientId,
|
clientId = PersonalToken.clientId,
|
||||||
userId = user.id,
|
userId = user.id,
|
||||||
|
|
|
||||||
|
|
@ -10,23 +10,12 @@ import io.lemonlabs.uri.AbsoluteUrl
|
||||||
import lila.common.SecureRandom
|
import lila.common.SecureRandom
|
||||||
|
|
||||||
object Protocol {
|
object Protocol {
|
||||||
case class Secret(value: String) {
|
case class AuthorizationCode(secret: String) extends AnyVal {
|
||||||
def hashed: String = Algo.sha256(value).hex
|
def hashed = Algo.sha256(secret).hex
|
||||||
override def toString = "Secret(***)"
|
override def toString = "AuthorizationCode(***)"
|
||||||
override def equals(other: Any) = other match {
|
|
||||||
case other: Secret => hashed == other.hashed
|
|
||||||
case _ => false
|
|
||||||
}
|
|
||||||
override def hashCode = hashed.hashCode()
|
|
||||||
}
|
}
|
||||||
object Secret {
|
|
||||||
def random(prefix: String) = Secret(s"$prefix${SecureRandom.nextString(32)}")
|
|
||||||
}
|
|
||||||
|
|
||||||
case class AuthorizationCode(secret: Secret) extends AnyVal
|
|
||||||
object AuthorizationCode {
|
object AuthorizationCode {
|
||||||
def apply(value: String): AuthorizationCode = AuthorizationCode(Secret(value))
|
def random() = AuthorizationCode(s"liu_${SecureRandom.nextString(32)}")
|
||||||
def random() = AuthorizationCode(Secret.random("liu_"))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
case class ClientId(value: String) extends AnyVal
|
case class ClientId(value: String) extends AnyVal
|
||||||
|
|
@ -91,7 +80,7 @@ object Protocol {
|
||||||
|
|
||||||
def code(code: AuthorizationCode, state: Option[State]): String = value
|
def code(code: AuthorizationCode, state: Option[State]): String = value
|
||||||
.withQueryString(
|
.withQueryString(
|
||||||
"code" -> Some(code.secret.value),
|
"code" -> Some(code.secret),
|
||||||
"state" -> state.map(_.value)
|
"state" -> state.map(_.value)
|
||||||
)
|
)
|
||||||
.toString
|
.toString
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue