forked from mystiq/dex
Update server/refreshhandlers.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
This commit is contained in:
parent
9340fee011
commit
568fc06520
2 changed files with 15 additions and 15 deletions
|
@ -306,7 +306,7 @@ type Expiry struct {
|
||||||
DeviceRequests string `json:"deviceRequests"`
|
DeviceRequests string `json:"deviceRequests"`
|
||||||
|
|
||||||
// RefreshTokens defines refresh tokens expiry policy
|
// RefreshTokens defines refresh tokens expiry policy
|
||||||
RefreshTokens RefreshTokenExpiry `json:"refreshTokens"`
|
RefreshTokens RefreshToken `json:"refreshTokens"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Logger holds configuration required to customize logging for dex.
|
// Logger holds configuration required to customize logging for dex.
|
||||||
|
@ -318,7 +318,7 @@ type Logger struct {
|
||||||
Format string `json:"format"`
|
Format string `json:"format"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type RefreshTokenExpiry struct {
|
type RefreshToken struct {
|
||||||
DisableRotation bool `json:"disableRotation"`
|
DisableRotation bool `json:"disableRotation"`
|
||||||
ReuseInterval string `json:"reuseInterval"`
|
ReuseInterval string `json:"reuseInterval"`
|
||||||
AbsoluteLifetime string `json:"absoluteLifetime"`
|
AbsoluteLifetime string `json:"absoluteLifetime"`
|
||||||
|
|
|
@ -28,7 +28,9 @@ type refreshError struct {
|
||||||
desc string
|
desc string
|
||||||
}
|
}
|
||||||
|
|
||||||
var internalErr = &refreshError{msg: errInvalidRequest, desc: "", code: http.StatusInternalServerError}
|
func newInternalServerError() *refreshError {
|
||||||
|
return &refreshError{msg: errInvalidRequest, desc: "", code: http.StatusInternalServerError}
|
||||||
|
}
|
||||||
|
|
||||||
func newBadRequestError(desc string) *refreshError {
|
func newBadRequestError(desc string) *refreshError {
|
||||||
return &refreshError{msg: errInvalidRequest, desc: desc, code: http.StatusBadRequest}
|
return &refreshError{msg: errInvalidRequest, desc: desc, code: http.StatusBadRequest}
|
||||||
|
@ -66,7 +68,7 @@ func (s *Server) getRefreshTokenFromStorage(clientID string, token *internal.Ref
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Errorf("failed to get refresh token: %v", err)
|
s.logger.Errorf("failed to get refresh token: %v", err)
|
||||||
if err != storage.ErrNotFound {
|
if err != storage.ErrNotFound {
|
||||||
return nil, internalErr
|
return nil, newInternalServerError()
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil, invalidErr
|
return nil, invalidErr
|
||||||
|
@ -96,7 +98,7 @@ func (s *Server) getRefreshTokenFromStorage(clientID string, token *internal.Ref
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.refreshTokenPolicy.ExpiredBecauseUnused(refresh.LastUsed) {
|
if s.refreshTokenPolicy.ExpiredBecauseUnused(refresh.LastUsed) {
|
||||||
s.logger.Errorf("refresh token with id %s expired because being unused", refresh.ID)
|
s.logger.Errorf("refresh token with id %s expired due to inactivity", refresh.ID)
|
||||||
return nil, expiredErr
|
return nil, expiredErr
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -143,9 +145,7 @@ func (s *Server) refreshWithConnector(ctx context.Context, token *internal.Refre
|
||||||
case err != nil:
|
case err != nil:
|
||||||
if err != storage.ErrNotFound {
|
if err != storage.ErrNotFound {
|
||||||
s.logger.Errorf("failed to get offline session: %v", err)
|
s.logger.Errorf("failed to get offline session: %v", err)
|
||||||
// TODO: previously there was a naked return without writing anything in response
|
return connector.Identity{}, newInternalServerError()
|
||||||
// Need to ensure that everything works as expected.
|
|
||||||
return connector.Identity{}, internalErr
|
|
||||||
}
|
}
|
||||||
case len(refresh.ConnectorData) > 0:
|
case len(refresh.ConnectorData) > 0:
|
||||||
// Use the old connector data if it exists, should be deleted once used
|
// Use the old connector data if it exists, should be deleted once used
|
||||||
|
@ -157,7 +157,7 @@ func (s *Server) refreshWithConnector(ctx context.Context, token *internal.Refre
|
||||||
conn, err := s.getConnector(refresh.ConnectorID)
|
conn, err := s.getConnector(refresh.ConnectorID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Errorf("connector with ID %q not found: %v", refresh.ConnectorID, err)
|
s.logger.Errorf("connector with ID %q not found: %v", refresh.ConnectorID, err)
|
||||||
return connector.Identity{}, internalErr
|
return connector.Identity{}, newInternalServerError()
|
||||||
}
|
}
|
||||||
|
|
||||||
ident := connector.Identity{
|
ident := connector.Identity{
|
||||||
|
@ -185,7 +185,7 @@ func (s *Server) refreshWithConnector(ctx context.Context, token *internal.Refre
|
||||||
newIdent, err := refreshConn.Refresh(ctx, parseScopes(scopes), ident)
|
newIdent, err := refreshConn.Refresh(ctx, parseScopes(scopes), ident)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Errorf("failed to refresh identity: %v", err)
|
s.logger.Errorf("failed to refresh identity: %v", err)
|
||||||
return connector.Identity{}, internalErr
|
return connector.Identity{}, newInternalServerError()
|
||||||
}
|
}
|
||||||
ident = newIdent
|
ident = newIdent
|
||||||
}
|
}
|
||||||
|
@ -209,7 +209,7 @@ func (s *Server) updateOfflineSession(refresh *storage.RefreshToken, ident conne
|
||||||
err := s.storage.UpdateOfflineSessions(refresh.Claims.UserID, refresh.ConnectorID, offlineSessionUpdater)
|
err := s.storage.UpdateOfflineSessions(refresh.Claims.UserID, refresh.ConnectorID, offlineSessionUpdater)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Errorf("failed to update offline session: %v", err)
|
s.logger.Errorf("failed to update offline session: %v", err)
|
||||||
return internalErr
|
return newInternalServerError()
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -265,7 +265,7 @@ func (s *Server) updateRefreshToken(token *internal.RefreshToken, refresh *stora
|
||||||
err := s.storage.UpdateRefreshToken(refresh.ID, refreshTokenUpdater)
|
err := s.storage.UpdateRefreshToken(refresh.ID, refreshTokenUpdater)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Errorf("failed to update refresh token: %v", err)
|
s.logger.Errorf("failed to update refresh token: %v", err)
|
||||||
return nil, internalErr
|
return nil, newInternalServerError()
|
||||||
}
|
}
|
||||||
|
|
||||||
return newToken, nil
|
return newToken, nil
|
||||||
|
@ -310,14 +310,14 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
|
||||||
accessToken, err := s.newAccessToken(client.ID, claims, scopes, refresh.Nonce, refresh.ConnectorID)
|
accessToken, err := s.newAccessToken(client.ID, claims, scopes, refresh.Nonce, refresh.ConnectorID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Errorf("failed to create new access token: %v", err)
|
s.logger.Errorf("failed to create new access token: %v", err)
|
||||||
s.refreshTokenErrHelper(w, internalErr)
|
s.refreshTokenErrHelper(w, newInternalServerError())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
idToken, expiry, err := s.newIDToken(client.ID, claims, scopes, refresh.Nonce, accessToken, "", refresh.ConnectorID)
|
idToken, expiry, err := s.newIDToken(client.ID, claims, scopes, refresh.Nonce, accessToken, "", refresh.ConnectorID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Errorf("failed to create ID token: %v", err)
|
s.logger.Errorf("failed to create ID token: %v", err)
|
||||||
s.refreshTokenErrHelper(w, internalErr)
|
s.refreshTokenErrHelper(w, newInternalServerError())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -330,7 +330,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
|
||||||
rawNewToken, err := internal.Marshal(newToken)
|
rawNewToken, err := internal.Marshal(newToken)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
s.logger.Errorf("failed to marshal refresh token: %v", err)
|
s.logger.Errorf("failed to marshal refresh token: %v", err)
|
||||||
s.refreshTokenErrHelper(w, internalErr)
|
s.refreshTokenErrHelper(w, newInternalServerError())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue