From 3110f45c3dba037d54c467b59e2fbb3d32935509 Mon Sep 17 00:00:00 2001 From: Eric Chiang Date: Tue, 2 Aug 2016 21:57:36 -0700 Subject: [PATCH] *: lots of renaming --- api/api.go | 4 +- server/handlers.go | 32 +++++++------- server/oauth2.go | 4 +- server/templates.go | 2 +- storage/kubernetes/garbage_collection_test.go | 8 ++-- storage/kubernetes/storage.go | 18 ++++---- storage/kubernetes/types.go | 42 +++++++++---------- storage/memory/memory.go | 12 +++--- storage/storage.go | 24 +++++------ storage/storagetest/storagetest.go | 16 +++---- 10 files changed, 81 insertions(+), 81 deletions(-) diff --git a/api/api.go b/api/api.go index 55404683..b9f5c4dc 100644 --- a/api/api.go +++ b/api/api.go @@ -47,10 +47,10 @@ func (s *server) CreateClient(ctx context.Context, req *apipb.CreateClientReq) ( // and secrets which are restricted based on the storage. client := fromPBClient(req.Client) if client.ID == "" { - client.ID = storage.NewNonce() + client.ID = storage.NewID() } if client.Secret == "" { - client.Secret = storage.NewNonce() + storage.NewNonce() + client.Secret = storage.NewID() + storage.NewID() } if err := s.storage.CreateClient(client); err != nil { diff --git a/server/handlers.go b/server/handlers.go index 6ce2f6e5..85214a41 100644 --- a/server/handlers.go +++ b/server/handlers.go @@ -224,7 +224,7 @@ func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http.Request) } func (s *Server) finalizeLogin(identity connector.Identity, authReqID, connectorID string, conn connector.Connector) (string, error) { - claims := storage.Identity{ + claims := storage.Claims{ UserID: identity.UserID, Username: identity.Username, Email: identity.Email, @@ -253,7 +253,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReqID, connector } updater := func(a storage.AuthRequest) (storage.AuthRequest, error) { - a.Identity = &claims + a.Claims = &claims a.ConnectorID = connectorID a.ConnectorData = identity.ConnectorData return a, nil @@ -271,7 +271,7 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) { s.renderError(w, http.StatusInternalServerError, errServerError, "") return } - if authReq.Identity == nil { + if authReq.Claims == nil { log.Printf("Auth request does not have an identity for approval") s.renderError(w, http.StatusInternalServerError, errServerError, "") return @@ -280,7 +280,7 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) { switch r.Method { case "GET": if s.skipApproval { - s.sendCodeResponse(w, r, authReq, *authReq.Identity) + s.sendCodeResponse(w, r, authReq) return } client, err := s.storage.GetClient(authReq.ClientID) @@ -289,17 +289,17 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) { s.renderError(w, http.StatusInternalServerError, errServerError, "") return } - renderApprovalTmpl(w, authReq.ID, *authReq.Identity, client, authReq.Scopes) + renderApprovalTmpl(w, authReq.ID, *authReq.Claims, client, authReq.Scopes) case "POST": if r.FormValue("approval") != "approve" { s.renderError(w, http.StatusInternalServerError, "approval rejected", "") return } - s.sendCodeResponse(w, r, authReq, *authReq.Identity) + s.sendCodeResponse(w, r, authReq) } } -func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authReq storage.AuthRequest, identity storage.Identity) { +func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authReq storage.AuthRequest) { if authReq.Expiry.After(s.now()) { s.renderError(w, http.StatusBadRequest, errInvalidRequest, "Authorization request period has expired.") return @@ -315,12 +315,12 @@ func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authRe return } code := storage.AuthCode{ - ID: storage.NewNonce(), + ID: storage.NewID(), ClientID: authReq.ClientID, ConnectorID: authReq.ConnectorID, Nonce: authReq.Nonce, Scopes: authReq.Scopes, - Identity: *authReq.Identity, + Claims: *authReq.Claims, Expiry: s.now().Add(time.Minute * 5), RedirectURI: authReq.RedirectURI, } @@ -412,7 +412,7 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s return } - idToken, expiry, err := s.newIDToken(client.ID, authCode.Identity, authCode.Scopes, authCode.Nonce) + idToken, expiry, err := s.newIDToken(client.ID, authCode.Claims, authCode.Scopes, authCode.Nonce) if err != nil { log.Printf("failed to create ID token: %v", err) tokenErr(w, errServerError, "", http.StatusInternalServerError) @@ -435,12 +435,12 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s }() var refreshToken string if reqRefresh { - refresh := storage.Refresh{ - RefreshToken: storage.NewNonce(), + refresh := storage.RefreshToken{ + RefreshToken: storage.NewID(), ClientID: authCode.ClientID, ConnectorID: authCode.ConnectorID, Scopes: authCode.Scopes, - Identity: authCode.Identity, + Claims: authCode.Claims, Nonce: authCode.Nonce, } if err := s.storage.CreateRefresh(refresh); err != nil { @@ -497,7 +497,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie // TODO(ericchiang): re-auth with backends - idToken, expiry, err := s.newIDToken(client.ID, refresh.Identity, scopes, refresh.Nonce) + idToken, expiry, err := s.newIDToken(client.ID, refresh.Claims, scopes, refresh.Nonce) if err != nil { log.Printf("failed to create ID token: %v", err) tokenErr(w, errServerError, "", http.StatusInternalServerError) @@ -509,7 +509,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie tokenErr(w, errServerError, "", http.StatusInternalServerError) return } - refresh.RefreshToken = storage.NewNonce() + refresh.RefreshToken = storage.NewID() if err := s.storage.CreateRefresh(refresh); err != nil { log.Printf("failed to create refresh token: %v", err) tokenErr(w, errServerError, "", http.StatusInternalServerError) @@ -529,7 +529,7 @@ func (s *Server) writeAccessToken(w http.ResponseWriter, idToken, refreshToken s RefreshToken string `json:"refresh_token,omitempty"` IDToken string `json:"id_token"` }{ - storage.NewNonce(), + storage.NewID(), "bearer", int(expiry.Sub(s.now())), refreshToken, diff --git a/server/oauth2.go b/server/oauth2.go index c1c125e5..ea610cc4 100644 --- a/server/oauth2.go +++ b/server/oauth2.go @@ -120,7 +120,7 @@ type idTokenClaims struct { Name string `json:"name,omitempty"` } -func (s *Server) newIDToken(clientID string, claims storage.Identity, scopes []string, nonce string) (idToken string, expiry time.Time, err error) { +func (s *Server) newIDToken(clientID string, claims storage.Claims, scopes []string, nonce string) (idToken string, expiry time.Time, err error) { issuedAt := s.now() expiry = issuedAt.Add(s.idTokensValidFor) @@ -260,7 +260,7 @@ func parseAuthorizationRequest(s storage.Storage, r *http.Request) (req storage. } return storage.AuthRequest{ - ID: storage.NewNonce(), + ID: storage.NewID(), ClientID: client.ID, State: r.Form.Get("state"), Nonce: r.Form.Get("nonce"), diff --git a/server/templates.go b/server/templates.go index de261921..9bfc71f6 100644 --- a/server/templates.go +++ b/server/templates.go @@ -72,7 +72,7 @@ var approvalTmpl = template.Must(template.New("approval-template").Parse(` `)) -func renderApprovalTmpl(w http.ResponseWriter, state string, identity storage.Identity, client storage.Client, scopes []string) { +func renderApprovalTmpl(w http.ResponseWriter, state string, identity storage.Claims, client storage.Client, scopes []string) { data := struct { User string ClientName string diff --git a/storage/kubernetes/garbage_collection_test.go b/storage/kubernetes/garbage_collection_test.go index 34dfd209..139dbe3e 100644 --- a/storage/kubernetes/garbage_collection_test.go +++ b/storage/kubernetes/garbage_collection_test.go @@ -22,8 +22,8 @@ func TestGCAuthRequests(t *testing.T) { now := time.Now() cli.now = func() time.Time { return now } - expiredID := storage.NewNonce() - goodID := storage.NewNonce() + expiredID := storage.NewID() + goodID := storage.NewID() must(cli.CreateAuthRequest(storage.AuthRequest{ ID: expiredID, @@ -58,8 +58,8 @@ func TestGCAuthCodes(t *testing.T) { now := time.Now() cli.now = func() time.Time { return now } - expiredID := storage.NewNonce() - goodID := storage.NewNonce() + expiredID := storage.NewID() + goodID := storage.NewID() must(cli.CreateAuthCode(storage.AuthCode{ ID: expiredID, diff --git a/storage/kubernetes/storage.go b/storage/kubernetes/storage.go index 63b292cc..8cadb3f3 100644 --- a/storage/kubernetes/storage.go +++ b/storage/kubernetes/storage.go @@ -109,8 +109,8 @@ func (cli *client) CreateAuthCode(c storage.AuthCode) error { return cli.post(resourceAuthCode, cli.fromStorageAuthCode(c)) } -func (cli *client) CreateRefresh(r storage.Refresh) error { - refresh := Refresh{ +func (cli *client) CreateRefresh(r storage.RefreshToken) error { + refresh := RefreshToken{ TypeMeta: k8sapi.TypeMeta{ Kind: kindRefreshToken, APIVersion: cli.apiVersionForResource(resourceRefreshToken), @@ -123,7 +123,7 @@ func (cli *client) CreateRefresh(r storage.Refresh) error { ConnectorID: r.ConnectorID, Scopes: r.Scopes, Nonce: r.Nonce, - Identity: fromStorageIdentity(r.Identity), + Claims: fromStorageClaims(r.Claims), } return cli.post(resourceRefreshToken, refresh) } @@ -160,18 +160,18 @@ func (cli *client) GetKeys() (storage.Keys, error) { return toStorageKeys(keys), nil } -func (cli *client) GetRefresh(id string) (storage.Refresh, error) { - var r Refresh +func (cli *client) GetRefresh(id string) (storage.RefreshToken, error) { + var r RefreshToken if err := cli.get(resourceRefreshToken, id, &r); err != nil { - return storage.Refresh{}, err + return storage.RefreshToken{}, err } - return storage.Refresh{ + return storage.RefreshToken{ RefreshToken: r.ObjectMeta.Name, ClientID: r.ClientID, ConnectorID: r.ConnectorID, Scopes: r.Scopes, Nonce: r.Nonce, - Identity: toStorageIdentity(r.Identity), + Claims: toStorageClaims(r.Claims), }, nil } @@ -179,7 +179,7 @@ func (cli *client) ListClients() ([]storage.Client, error) { return nil, errors.New("not implemented") } -func (cli *client) ListRefreshTokens() ([]storage.Refresh, error) { +func (cli *client) ListRefreshTokens() ([]storage.RefreshToken, error) { return nil, errors.New("not implemented") } diff --git a/storage/kubernetes/types.go b/storage/kubernetes/types.go index f9f4a0f3..5e243ddc 100644 --- a/storage/kubernetes/types.go +++ b/storage/kubernetes/types.go @@ -70,8 +70,8 @@ func toStorageClient(c Client) storage.Client { } } -// Identity is a mirrored struct from storage with JSON struct tags. -type Identity struct { +// Claims is a mirrored struct from storage with JSON struct tags. +type Claims struct { UserID string `json:"userID"` Username string `json:"username"` Email string `json:"email"` @@ -79,8 +79,8 @@ type Identity struct { Groups []string `json:"groups,omitempty"` } -func fromStorageIdentity(i storage.Identity) Identity { - return Identity{ +func fromStorageClaims(i storage.Claims) Claims { + return Claims{ UserID: i.UserID, Username: i.Username, Email: i.Email, @@ -89,8 +89,8 @@ func fromStorageIdentity(i storage.Identity) Identity { } } -func toStorageIdentity(i Identity) storage.Identity { - return storage.Identity{ +func toStorageClaims(i Claims) storage.Claims { + return storage.Claims{ UserID: i.UserID, Username: i.Username, Email: i.Email, @@ -120,7 +120,7 @@ type AuthRequest struct { // The identity of the end user. Generally nil until the user authenticates // with a backend. - Identity *Identity `json:"identity,omitempty"` + Claims *Claims `json:"claims,omitempty"` // The connector used to login the user. Set when the user authenticates. ConnectorID string `json:"connectorID,omitempty"` ConnectorData []byte `json:"connectorData,omitempty"` @@ -149,9 +149,9 @@ func toStorageAuthRequest(req AuthRequest) storage.AuthRequest { ConnectorData: req.ConnectorData, Expiry: req.Expiry, } - if req.Identity != nil { - i := toStorageIdentity(*req.Identity) - a.Identity = &i + if req.Claims != nil { + i := toStorageClaims(*req.Claims) + a.Claims = &i } return a } @@ -177,9 +177,9 @@ func (cli *client) fromStorageAuthRequest(a storage.AuthRequest) AuthRequest { ConnectorData: a.ConnectorData, Expiry: a.Expiry, } - if a.Identity != nil { - i := fromStorageIdentity(*a.Identity) - req.Identity = &i + if a.Claims != nil { + i := fromStorageClaims(*a.Claims) + req.Claims = &i } return req } @@ -197,7 +197,7 @@ type AuthCode struct { Nonce string `json:"nonce,omitempty"` State string `json:"state,omitempty"` - Identity Identity `json:"identity,omitempty"` + Claims Claims `json:"claims,omitempty"` ConnectorID string `json:"connectorID,omitempty"` ConnectorData []byte `json:"connectorData,omitempty"` @@ -228,7 +228,7 @@ func (cli *client) fromStorageAuthCode(a storage.AuthCode) AuthCode { ConnectorData: a.ConnectorData, Nonce: a.Nonce, Scopes: a.Scopes, - Identity: fromStorageIdentity(a.Identity), + Claims: fromStorageClaims(a.Claims), Expiry: a.Expiry, } } @@ -242,14 +242,14 @@ func toStorageAuthCode(a AuthCode) storage.AuthCode { ConnectorData: a.ConnectorData, Nonce: a.Nonce, Scopes: a.Scopes, - Identity: toStorageIdentity(a.Identity), + Claims: toStorageClaims(a.Claims), Expiry: a.Expiry, } } -// Refresh is a mirrored struct from storage with JSON struct tags and +// RefreshToken is a mirrored struct from storage with JSON struct tags and // Kubernetes type metadata. -type Refresh struct { +type RefreshToken struct { k8sapi.TypeMeta `json:",inline"` k8sapi.ObjectMeta `json:"metadata,omitempty"` @@ -258,15 +258,15 @@ type Refresh struct { Nonce string `json:"nonce,omitempty"` - Identity Identity `json:"identity,omitempty"` - ConnectorID string `json:"connectorID,omitempty"` + Claims Claims `json:"claims,omitempty"` + ConnectorID string `json:"connectorID,omitempty"` } // RefreshList is a list of refresh tokens. type RefreshList struct { k8sapi.TypeMeta `json:",inline"` k8sapi.ListMeta `json:"metadata,omitempty"` - RefreshTokens []Refresh `json:"items"` + RefreshTokens []RefreshToken `json:"items"` } // Keys is a mirrored struct from storage with JSON struct tags and Kubernetes diff --git a/storage/memory/memory.go b/storage/memory/memory.go index beaad6c7..748e9528 100644 --- a/storage/memory/memory.go +++ b/storage/memory/memory.go @@ -13,7 +13,7 @@ func New() storage.Storage { return &memStorage{ clients: make(map[string]storage.Client), authCodes: make(map[string]storage.AuthCode), - refreshTokens: make(map[string]storage.Refresh), + refreshTokens: make(map[string]storage.RefreshToken), authReqs: make(map[string]storage.AuthRequest), } } @@ -23,7 +23,7 @@ type memStorage struct { clients map[string]storage.Client authCodes map[string]storage.AuthCode - refreshTokens map[string]storage.Refresh + refreshTokens map[string]storage.RefreshToken authReqs map[string]storage.AuthRequest keys storage.Keys @@ -49,7 +49,7 @@ func (s *memStorage) CreateAuthCode(c storage.AuthCode) error { return nil } -func (s *memStorage) CreateRefresh(r storage.Refresh) error { +func (s *memStorage) CreateRefresh(r storage.RefreshToken) error { s.tx(func() { s.refreshTokens[r.RefreshToken] = r }) return nil } @@ -74,7 +74,7 @@ func (s *memStorage) GetKeys() (keys storage.Keys, err error) { return } -func (s *memStorage) GetRefresh(token string) (tok storage.Refresh, err error) { +func (s *memStorage) GetRefresh(token string) (tok storage.RefreshToken, err error) { s.tx(func() { var ok bool if tok, ok = s.refreshTokens[token]; !ok { @@ -105,7 +105,7 @@ func (s *memStorage) ListClients() (clients []storage.Client, err error) { return } -func (s *memStorage) ListRefreshTokens() (tokens []storage.Refresh, err error) { +func (s *memStorage) ListRefreshTokens() (tokens []storage.RefreshToken, err error) { s.tx(func() { for _, refresh := range s.refreshTokens { tokens = append(tokens, refresh) @@ -180,7 +180,7 @@ func (s *memStorage) ClaimCode(id string) (err error) { return } -func (s *memStorage) ClaimRefresh(refreshToken string) (token storage.Refresh, err error) { +func (s *memStorage) ClaimRefresh(refreshToken string) (token storage.RefreshToken, err error) { s.tx(func() { var ok bool if token, ok = s.refreshTokens[refreshToken]; !ok { diff --git a/storage/storage.go b/storage/storage.go index 536d9a96..88b11542 100644 --- a/storage/storage.go +++ b/storage/storage.go @@ -28,8 +28,8 @@ var ErrNotFound = errors.New("not found") // TODO(ericchiang): refactor ID creation onto the storage. var encoding = base32.NewEncoding("abcdefghijklmnopqrstuvwxyz234567") -// NewNonce returns a new ID for the objects. -func NewNonce() string { +// NewID returns a random string which can be used as an ID for objects. +func NewID() string { buff := make([]byte, 8) // 64 bit random ID. if _, err := io.ReadFull(rand.Reader, buff); err != nil { panic(err) @@ -50,7 +50,7 @@ type Storage interface { CreateAuthRequest(a AuthRequest) error CreateClient(c Client) error CreateAuthCode(c AuthCode) error - CreateRefresh(r Refresh) error + CreateRefresh(r RefreshToken) error // TODO(ericchiang): return (T, bool, error) so we can indicate not found // requests that way instead of using ErrNotFound. @@ -58,10 +58,10 @@ type Storage interface { GetAuthCode(id string) (AuthCode, error) GetClient(id string) (Client, error) GetKeys() (Keys, error) - GetRefresh(id string) (Refresh, error) + GetRefresh(id string) (RefreshToken, error) ListClients() ([]Client, error) - ListRefreshTokens() ([]Refresh, error) + ListRefreshTokens() ([]RefreshToken, error) // Delete methods MUST be atomic. DeleteAuthRequest(id string) error @@ -96,8 +96,8 @@ type Client struct { LogoURL string } -// Identity represents the ID Token claims supported by the server. -type Identity struct { +// Claims represents the ID Token claims supported by the server. +type Claims struct { UserID string Username string Email string @@ -126,7 +126,7 @@ type AuthRequest struct { // The identity of the end user. Generally nil until the user authenticates // with a backend. - Identity *Identity + Claims *Claims // The connector used to login the user and any data the connector wishes to persists. // Set when the user authenticates. @@ -150,13 +150,13 @@ type AuthCode struct { Scopes []string - Identity Identity + Claims Claims Expiry time.Time } -// Refresh is an OAuth2 refresh token. -type Refresh struct { +// RefreshToken is an OAuth2 refresh token. +type RefreshToken struct { // The actual refresh token. RefreshToken string @@ -173,7 +173,7 @@ type Refresh struct { Nonce string - Identity Identity + Claims Claims } // VerificationKey is a rotated signing key which can still be used to verify diff --git a/storage/storagetest/storagetest.go b/storage/storagetest/storagetest.go index 24e016de..f3c55124 100644 --- a/storage/storagetest/storagetest.go +++ b/storage/storagetest/storagetest.go @@ -21,7 +21,7 @@ func RunTestSuite(t *testing.T, s storage.Storage) { func testUpdateAuthRequest(t *testing.T, s storage.Storage) { a := storage.AuthRequest{ - ID: storage.NewNonce(), + ID: storage.NewID(), ClientID: "foobar", ResponseTypes: []string{"code"}, Scopes: []string{"openid", "email"}, @@ -29,13 +29,13 @@ func testUpdateAuthRequest(t *testing.T, s storage.Storage) { Expiry: neverExpire, } - identity := storage.Identity{Email: "foobar"} + identity := storage.Claims{Email: "foobar"} if err := s.CreateAuthRequest(a); err != nil { t.Fatalf("failed creating auth request: %v", err) } if err := s.UpdateAuthRequest(a.ID, func(old storage.AuthRequest) (storage.AuthRequest, error) { - old.Identity = &identity + old.Claims = &identity old.ConnectorID = "connID" return old, nil }); err != nil { @@ -46,17 +46,17 @@ func testUpdateAuthRequest(t *testing.T, s storage.Storage) { if err != nil { t.Fatalf("failed to get auth req: %v", err) } - if got.Identity == nil { + if got.Claims == nil { t.Fatalf("no identity in auth request") } - if !reflect.DeepEqual(*got.Identity, identity) { - t.Fatalf("update failed, wanted identity=%#v got %#v", identity, *got.Identity) + if !reflect.DeepEqual(*got.Claims, identity) { + t.Fatalf("update failed, wanted identity=%#v got %#v", identity, *got.Claims) } } func testCreateRefresh(t *testing.T, s storage.Storage) { - id := storage.NewNonce() - refresh := storage.Refresh{ + id := storage.NewID() + refresh := storage.RefreshToken{ RefreshToken: id, ClientID: "client_id", ConnectorID: "client_secret",