-
-
Notifications
You must be signed in to change notification settings - Fork 367
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: improve dependency injection capabilities (#816)
This PR addresses improvements to the OAuth2 package, making it easier to inject custom strategies. As part of this change, the HMAC strategy has been split into a prefixed and unprefixed strategy. Due to this, the instantiation of `HMACSHAStrategy` has changed. This patch addresses improvements over #813 which has been reverted and fixed here. BREAKING CHANGES: Going forward, please instantiate the HMACSHAStrategy using `oauth2.NewHMACSHAStrategy()`: ```patch -var hmacshaStrategy = oauth2.HMACSHAStrategy{ - Enigma: &hmac.HMACStrategy{Config: &fosite.Config{GlobalSecret: []byte("foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar")}}, - Config: &fosite.Config{ - AccessTokenLifespan: time.Hour * 24, - AuthorizeCodeLifespan: time.Hour * 24, - }, -} +var hmacshaStrategy = oauth2.NewHMACSHAStrategy( + &hmac.HMACStrategy{Config: &fosite.Config{GlobalSecret: []byte("foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar")}}, + &fosite.Config{ + AccessTokenLifespan: time.Hour * 24, + AuthorizeCodeLifespan: time.Hour * 24, + }, +) ```
- Loading branch information
Showing
13 changed files
with
253 additions
and
167 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// Copyright © 2024 Ory Corp | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
package oauth2 | ||
|
||
import "github.com/ory/fosite" | ||
|
||
type LifespanConfigProvider interface { | ||
fosite.AccessTokenLifespanProvider | ||
fosite.RefreshTokenLifespanProvider | ||
fosite.AuthorizeCodeLifespanProvider | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
// Copyright © 2024 Ory Corp | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
package oauth2 | ||
|
||
import ( | ||
"context" | ||
"time" | ||
|
||
"github.com/ory/x/errorsx" | ||
|
||
"github.com/ory/fosite" | ||
enigma "github.com/ory/fosite/token/hmac" | ||
) | ||
|
||
var _ CoreStrategy = (*HMACSHAStrategyUnPrefixed)(nil) | ||
|
||
type HMACSHAStrategyUnPrefixed struct { | ||
Enigma *enigma.HMACStrategy | ||
Config LifespanConfigProvider | ||
} | ||
|
||
func NewHMACSHAStrategyUnPrefixed( | ||
enigma *enigma.HMACStrategy, | ||
config LifespanConfigProvider, | ||
) *HMACSHAStrategyUnPrefixed { | ||
return &HMACSHAStrategyUnPrefixed{ | ||
Enigma: enigma, | ||
Config: config, | ||
} | ||
} | ||
|
||
func (h *HMACSHAStrategyUnPrefixed) AccessTokenSignature(ctx context.Context, token string) string { | ||
return h.Enigma.Signature(token) | ||
} | ||
func (h *HMACSHAStrategyUnPrefixed) RefreshTokenSignature(ctx context.Context, token string) string { | ||
return h.Enigma.Signature(token) | ||
} | ||
func (h *HMACSHAStrategyUnPrefixed) AuthorizeCodeSignature(ctx context.Context, token string) string { | ||
return h.Enigma.Signature(token) | ||
} | ||
|
||
func (h *HMACSHAStrategyUnPrefixed) GenerateAccessToken(ctx context.Context, _ fosite.Requester) (token string, signature string, err error) { | ||
token, sig, err := h.Enigma.Generate(ctx) | ||
if err != nil { | ||
return "", "", err | ||
} | ||
|
||
return token, sig, nil | ||
} | ||
|
||
func (h *HMACSHAStrategyUnPrefixed) ValidateAccessToken(ctx context.Context, r fosite.Requester, token string) (err error) { | ||
var exp = r.GetSession().GetExpiresAt(fosite.AccessToken) | ||
if exp.IsZero() && r.GetRequestedAt().Add(h.Config.GetAccessTokenLifespan(ctx)).Before(time.Now().UTC()) { | ||
return errorsx.WithStack(fosite.ErrTokenExpired.WithHintf("Access token expired at '%s'.", r.GetRequestedAt().Add(h.Config.GetAccessTokenLifespan(ctx)))) | ||
} | ||
|
||
if !exp.IsZero() && exp.Before(time.Now().UTC()) { | ||
return errorsx.WithStack(fosite.ErrTokenExpired.WithHintf("Access token expired at '%s'.", exp)) | ||
} | ||
|
||
return h.Enigma.Validate(ctx, token) | ||
} | ||
|
||
func (h *HMACSHAStrategyUnPrefixed) GenerateRefreshToken(ctx context.Context, _ fosite.Requester) (token string, signature string, err error) { | ||
token, sig, err := h.Enigma.Generate(ctx) | ||
if err != nil { | ||
return "", "", err | ||
} | ||
|
||
return token, sig, nil | ||
} | ||
|
||
func (h *HMACSHAStrategyUnPrefixed) ValidateRefreshToken(ctx context.Context, r fosite.Requester, token string) (err error) { | ||
var exp = r.GetSession().GetExpiresAt(fosite.RefreshToken) | ||
if exp.IsZero() { | ||
// Unlimited lifetime | ||
return h.Enigma.Validate(ctx, token) | ||
} | ||
|
||
if !exp.IsZero() && exp.Before(time.Now().UTC()) { | ||
return errorsx.WithStack(fosite.ErrTokenExpired.WithHintf("Refresh token expired at '%s'.", exp)) | ||
} | ||
|
||
return h.Enigma.Validate(ctx, token) | ||
} | ||
|
||
func (h *HMACSHAStrategyUnPrefixed) GenerateAuthorizeCode(ctx context.Context, _ fosite.Requester) (token string, signature string, err error) { | ||
token, sig, err := h.Enigma.Generate(ctx) | ||
if err != nil { | ||
return "", "", err | ||
} | ||
|
||
return token, sig, nil | ||
} | ||
|
||
func (h *HMACSHAStrategyUnPrefixed) ValidateAuthorizeCode(ctx context.Context, r fosite.Requester, token string) (err error) { | ||
var exp = r.GetSession().GetExpiresAt(fosite.AuthorizeCode) | ||
if exp.IsZero() && r.GetRequestedAt().Add(h.Config.GetAuthorizeCodeLifespan(ctx)).Before(time.Now().UTC()) { | ||
return errorsx.WithStack(fosite.ErrTokenExpired.WithHintf("Authorize code expired at '%s'.", r.GetRequestedAt().Add(h.Config.GetAuthorizeCodeLifespan(ctx)))) | ||
} | ||
|
||
if !exp.IsZero() && exp.Before(time.Now().UTC()) { | ||
return errorsx.WithStack(fosite.ErrTokenExpired.WithHintf("Authorize code expired at '%s'.", exp)) | ||
} | ||
|
||
return h.Enigma.Validate(ctx, token) | ||
} |
Oops, something went wrong.