dex/refresh/repo.go

package refresh

import (
	"crypto/rand"
	"errors"

	"github.com/coreos/dex/client"
	"github.com/coreos/dex/scope"
)

const (
	DefaultRefreshTokenPayloadLength = 64
	TokenDelimer                     = "/"
)

var (
	ErrorInvalidUserID   = errors.New("invalid user ID")
	ErrorInvalidClientID = errors.New("invalid client ID")

	ErrorInvalidToken = errors.New("invalid token")
)

type RefreshTokenGenerator func() ([]byte, error)

func (g RefreshTokenGenerator) Generate() ([]byte, error) {
	return g()
}

func DefaultRefreshTokenGenerator() ([]byte, error) {
	// TODO(yifan) Remove this duplicated token generate function.
	b := make([]byte, DefaultRefreshTokenPayloadLength)
	n, err := rand.Read(b)
	if err != nil {
		return nil, err
	}
	if n != DefaultRefreshTokenPayloadLength {
		return nil, errors.New("unable to read enough random bytes")
	}
	return b, nil
}

type RefreshTokenRepo interface {
	// Create generates and returns a new refresh token for the given client-user pair.
	// On success the token will be return.
	Create(userID, clientID string, scope []string) (string, error)

	// Verify verifies that a token belongs to the client.
	// It returns the user ID to which the token belongs, and the scopes stored
	// with token.
	Verify(clientID, token string) (string, scope.Scopes, error)

	// Revoke deletes the refresh token if the token belongs to the given userID.
	Revoke(userID, token string) error

	// RevokeTokensForClient revokes all tokens issued for the userID for the provided client.
	RevokeTokensForClient(userID, clientID string) error

	// ClientsWithRefreshTokens returns a list of all clients the user has an outstanding client with.
	ClientsWithRefreshTokens(userID string) ([]client.Client, error)
}
*: move original project to dex 2015-08-18 05:57:27 +05:30			`package refresh`

			`import (`
			`"crypto/rand"`
			`"errors"`
*: add revocation methods to refresh repo 2016-04-06 23:55:50 +05:30
*: Client Repo now deals with custom Client object This is instead of oidc.ClientIdentity. This makes it easier to add new fields custom to dex to the client. 2016-04-15 04:27:53 +05:30			`"github.com/coreos/dex/client"`
refresh tokens: store and validate scopes. A refresh request must fail if it asks for scopes that were not originally granted when the refresh token was obtained. This Commit: * changes repo to store scopes with tokens * changes repo interface signatures so that scopes can be stored and verified * updates dependent code to pass along scopes 2016-06-10 04:26:37 +05:30			`"github.com/coreos/dex/scope"`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`)`

			`const (`
			`DefaultRefreshTokenPayloadLength = 64`
			`TokenDelimer = "/"`
			`)`

			`var (`
			`ErrorInvalidUserID = errors.New("invalid user ID")`
			`ErrorInvalidClientID = errors.New("invalid client ID")`
refresh: bcrypt raw bytes rather than base64 encoded string. This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens. 2015-09-01 07:54:45 +05:30
			`ErrorInvalidToken = errors.New("invalid token")`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`)`

refresh: bcrypt raw bytes rather than base64 encoded string. This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens. 2015-09-01 07:54:45 +05:30			`type RefreshTokenGenerator func() ([]byte, error)`
*: move original project to dex 2015-08-18 05:57:27 +05:30
refresh: bcrypt raw bytes rather than base64 encoded string. This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens. 2015-09-01 07:54:45 +05:30			`func (g RefreshTokenGenerator) Generate() ([]byte, error) {`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`return g()`
			`}`

refresh: bcrypt raw bytes rather than base64 encoded string. This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens. 2015-09-01 07:54:45 +05:30			`func DefaultRefreshTokenGenerator() ([]byte, error) {`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`// TODO(yifan) Remove this duplicated token generate function.`
			`b := make([]byte, DefaultRefreshTokenPayloadLength)`
			`n, err := rand.Read(b)`
			`if err != nil {`
refresh: bcrypt raw bytes rather than base64 encoded string. This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens. 2015-09-01 07:54:45 +05:30			`return nil, err`
*: Remove unnecessary else statements Whenever it makes the code easier to follow, use early return to avoid else statements. 2015-09-05 01:15:32 +05:30			`}`
			`if n != DefaultRefreshTokenPayloadLength {`
refresh: bcrypt raw bytes rather than base64 encoded string. This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens. 2015-09-01 07:54:45 +05:30			`return nil, errors.New("unable to read enough random bytes")`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`}`
refresh: bcrypt raw bytes rather than base64 encoded string. This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens. 2015-09-01 07:54:45 +05:30			`return b, nil`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`}`

			`type RefreshTokenRepo interface {`
			`// Create generates and returns a new refresh token for the given client-user pair.`
			`// On success the token will be return.`
refresh tokens: store and validate scopes. A refresh request must fail if it asks for scopes that were not originally granted when the refresh token was obtained. This Commit: * changes repo to store scopes with tokens * changes repo interface signatures so that scopes can be stored and verified * updates dependent code to pass along scopes 2016-06-10 04:26:37 +05:30			`Create(userID, clientID string, scope []string) (string, error)`
*: move original project to dex 2015-08-18 05:57:27 +05:30
refresh tokens: store and validate scopes. A refresh request must fail if it asks for scopes that were not originally granted when the refresh token was obtained. This Commit: * changes repo to store scopes with tokens * changes repo interface signatures so that scopes can be stored and verified * updates dependent code to pass along scopes 2016-06-10 04:26:37 +05:30			`// Verify verifies that a token belongs to the client.`
			`// It returns the user ID to which the token belongs, and the scopes stored`
			`// with token.`
			`Verify(clientID, token string) (string, scope.Scopes, error)`
*: move original project to dex 2015-08-18 05:57:27 +05:30
			`// Revoke deletes the refresh token if the token belongs to the given userID.`
			`Revoke(userID, token string) error`
*: add revocation methods to refresh repo 2016-04-06 23:55:50 +05:30
			`// RevokeTokensForClient revokes all tokens issued for the userID for the provided client.`
			`RevokeTokensForClient(userID, clientID string) error`

			`// ClientsWithRefreshTokens returns a list of all clients the user has an outstanding client with.`
*: Client Repo now deals with custom Client object This is instead of oidc.ClientIdentity. This makes it easier to add new fields custom to dex to the client. 2016-04-15 04:27:53 +05:30			`ClientsWithRefreshTokens(userID string) ([]client.Client, error)`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`}`