Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
6d541cbfb9 | ||
|
|
1ebba7f2b7 | ||
|
|
428a0be3db | ||
|
|
02c0ebb9c4 | ||
|
|
9a284c03ca | ||
|
|
c8fe05eabc | ||
|
|
48344ffd4c |
@@ -61,7 +61,6 @@ const JSTConfigurations = ({
|
||||
|
||||
return (
|
||||
<div>
|
||||
{' '}
|
||||
<Flex
|
||||
borderRadius={5}
|
||||
width="100%"
|
||||
|
||||
@@ -18,7 +18,13 @@ import {
|
||||
FaTwitter,
|
||||
FaMicrosoft,
|
||||
} from 'react-icons/fa';
|
||||
import { TextInputType, HiddenInputType } from '../../constants';
|
||||
import {
|
||||
TextInputType,
|
||||
HiddenInputType,
|
||||
ResponseModes,
|
||||
ResponseTypes,
|
||||
SelectInputType,
|
||||
} from '../../constants';
|
||||
|
||||
const OAuthConfig = ({
|
||||
envVariables,
|
||||
@@ -70,6 +76,42 @@ const OAuthConfig = ({
|
||||
/>
|
||||
</Center>
|
||||
</Flex>
|
||||
<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
|
||||
<Flex w="30%" justifyContent="start" alignItems="center">
|
||||
<Text fontSize="sm">Default Response Type:</Text>
|
||||
</Flex>
|
||||
<Flex
|
||||
w={isNotSmallerScreen ? '70%' : '100%'}
|
||||
mt={isNotSmallerScreen ? '0' : '2'}
|
||||
>
|
||||
<InputField
|
||||
borderRadius={5}
|
||||
variables={envVariables}
|
||||
setVariables={setVariables}
|
||||
inputType={SelectInputType.DEFAULT_AUTHORIZE_RESPONSE_TYPE}
|
||||
value={SelectInputType}
|
||||
options={ResponseTypes}
|
||||
/>
|
||||
</Flex>
|
||||
</Flex>
|
||||
<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
|
||||
<Flex w="30%" justifyContent="start" alignItems="center">
|
||||
<Text fontSize="sm">Default Response Mode:</Text>
|
||||
</Flex>
|
||||
<Flex
|
||||
w={isNotSmallerScreen ? '70%' : '100%'}
|
||||
mt={isNotSmallerScreen ? '0' : '2'}
|
||||
>
|
||||
<InputField
|
||||
borderRadius={5}
|
||||
variables={envVariables}
|
||||
setVariables={setVariables}
|
||||
inputType={SelectInputType.DEFAULT_AUTHORIZE_RESPONSE_MODE}
|
||||
value={SelectInputType}
|
||||
options={ResponseModes}
|
||||
/>
|
||||
</Flex>
|
||||
</Flex>
|
||||
</Stack>
|
||||
<Divider mt={5} mb={2} color="blackAlpha.700" />
|
||||
<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={4}>
|
||||
|
||||
@@ -57,6 +57,8 @@ export const ArrayInputType = {
|
||||
export const SelectInputType = {
|
||||
JWT_TYPE: 'JWT_TYPE',
|
||||
GENDER: 'gender',
|
||||
DEFAULT_AUTHORIZE_RESPONSE_TYPE: 'DEFAULT_AUTHORIZE_RESPONSE_TYPE',
|
||||
DEFAULT_AUTHORIZE_RESPONSE_MODE: 'DEFAULT_AUTHORIZE_RESPONSE_MODE',
|
||||
};
|
||||
|
||||
export const MultiSelectInputType = {
|
||||
@@ -161,6 +163,8 @@ export interface envVarTypes {
|
||||
ACCESS_TOKEN_EXPIRY_TIME: string;
|
||||
DISABLE_MULTI_FACTOR_AUTHENTICATION: boolean;
|
||||
ENFORCE_MULTI_FACTOR_AUTHENTICATION: boolean;
|
||||
DEFAULT_AUTHORIZE_RESPONSE_TYPE: string;
|
||||
DEFAULT_AUTHORIZE_RESPONSE_MODE: string;
|
||||
}
|
||||
|
||||
export const envSubViews = {
|
||||
@@ -349,3 +353,16 @@ export enum EmailTemplateEditors {
|
||||
UNLAYER_EDITOR = 'unlayer_editor',
|
||||
PLAIN_HTML_EDITOR = 'plain_html_editor',
|
||||
}
|
||||
|
||||
export const ResponseTypes = {
|
||||
token: 'token',
|
||||
code: 'code',
|
||||
id_token: 'id_token',
|
||||
};
|
||||
|
||||
export const ResponseModes = {
|
||||
query: 'query',
|
||||
form_post: 'form_post',
|
||||
fragment: 'fragment',
|
||||
web_message: 'web_message',
|
||||
};
|
||||
|
||||
@@ -70,6 +70,8 @@ export const EnvVariablesQuery = `
|
||||
ACCESS_TOKEN_EXPIRY_TIME
|
||||
DISABLE_MULTI_FACTOR_AUTHENTICATION
|
||||
ENFORCE_MULTI_FACTOR_AUTHENTICATION
|
||||
DEFAULT_AUTHORIZE_RESPONSE_TYPE
|
||||
DEFAULT_AUTHORIZE_RESPONSE_MODE
|
||||
}
|
||||
}
|
||||
`;
|
||||
|
||||
@@ -90,6 +90,8 @@ const Environment = () => {
|
||||
ACCESS_TOKEN_EXPIRY_TIME: '',
|
||||
DISABLE_MULTI_FACTOR_AUTHENTICATION: false,
|
||||
ENFORCE_MULTI_FACTOR_AUTHENTICATION: false,
|
||||
DEFAULT_AUTHORIZE_RESPONSE_TYPE: '',
|
||||
DEFAULT_AUTHORIZE_RESPONSE_MODE: '',
|
||||
});
|
||||
|
||||
const [fieldVisibility, setFieldVisibility] = React.useState<
|
||||
|
||||
@@ -166,4 +166,12 @@ const (
|
||||
EnvKeyDefaultRoles = "DEFAULT_ROLES"
|
||||
// EnvKeyAllowedOrigins key for env variable ALLOWED_ORIGINS
|
||||
EnvKeyAllowedOrigins = "ALLOWED_ORIGINS"
|
||||
|
||||
// For oauth/openid/authorize
|
||||
// EnvKeyDefaultAuthorizeResponseType key for env variable DEFAULT_AUTHORIZE_RESPONSE_TYPE
|
||||
// This env is used for setting default response type in authorize handler
|
||||
EnvKeyDefaultAuthorizeResponseType = "DEFAULT_AUTHORIZE_RESPONSE_TYPE"
|
||||
// EnvKeyDefaultAuthorizeResponseMode key for env variable DEFAULT_AUTHORIZE_RESPONSE_MODE
|
||||
// This env is used for setting default response mode in authorize handler
|
||||
EnvKeyDefaultAuthorizeResponseMode = "DEFAULT_AUTHORIZE_RESPONSE_MODE"
|
||||
)
|
||||
|
||||
24
server/env/env.go
vendored
24
server/env/env.go
vendored
@@ -87,6 +87,8 @@ func InitAllEnv() error {
|
||||
osCouchbaseBucket := os.Getenv(constants.EnvCouchbaseBucket)
|
||||
osCouchbaseScope := os.Getenv(constants.EnvCouchbaseScope)
|
||||
osCouchbaseBucketRAMQuotaMB := os.Getenv(constants.EnvCouchbaseBucketRAMQuotaMB)
|
||||
osAuthorizeResponseType := os.Getenv(constants.EnvKeyDefaultAuthorizeResponseType)
|
||||
osAuthorizeResponseMode := os.Getenv(constants.EnvKeyDefaultAuthorizeResponseMode)
|
||||
|
||||
// os bool vars
|
||||
osAppCookieSecure := os.Getenv(constants.EnvKeyAppCookieSecure)
|
||||
@@ -735,6 +737,28 @@ func InitAllEnv() error {
|
||||
envData[constants.EnvKeyProtectedRoles] = osProtectedRoles
|
||||
}
|
||||
|
||||
if val, ok := envData[constants.EnvKeyDefaultAuthorizeResponseType]; !ok || val == "" {
|
||||
envData[constants.EnvKeyDefaultAuthorizeResponseType] = osAuthorizeResponseType
|
||||
// Set the default value to token type
|
||||
if envData[constants.EnvKeyDefaultAuthorizeResponseType] == "" {
|
||||
envData[constants.EnvKeyDefaultAuthorizeResponseType] = constants.ResponseTypeToken
|
||||
}
|
||||
}
|
||||
if osAuthorizeResponseType != "" && envData[constants.EnvKeyDefaultAuthorizeResponseType] != osAuthorizeResponseType {
|
||||
envData[constants.EnvKeyDefaultAuthorizeResponseType] = osAuthorizeResponseType
|
||||
}
|
||||
|
||||
if val, ok := envData[constants.EnvKeyDefaultAuthorizeResponseMode]; !ok || val == "" {
|
||||
envData[constants.EnvKeyDefaultAuthorizeResponseMode] = osAuthorizeResponseMode
|
||||
// Set the default value to token type
|
||||
if envData[constants.EnvKeyDefaultAuthorizeResponseMode] == "" {
|
||||
envData[constants.EnvKeyDefaultAuthorizeResponseMode] = constants.ResponseModeQuery
|
||||
}
|
||||
}
|
||||
if osAuthorizeResponseMode != "" && envData[constants.EnvKeyDefaultAuthorizeResponseMode] != osAuthorizeResponseMode {
|
||||
envData[constants.EnvKeyDefaultAuthorizeResponseMode] = osAuthorizeResponseMode
|
||||
}
|
||||
|
||||
err = memorystore.Provider.UpdateEnvStore(envData)
|
||||
if err != nil {
|
||||
log.Debug("Error while updating env store: ", err)
|
||||
|
||||
@@ -21,6 +21,7 @@ require (
|
||||
github.com/joho/godotenv v1.3.0
|
||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.0.5 // indirect
|
||||
github.com/redis/go-redis/v9 v9.0.3 // indirect
|
||||
github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f
|
||||
github.com/sirupsen/logrus v1.8.1
|
||||
github.com/stretchr/testify v1.8.0
|
||||
|
||||
@@ -58,11 +58,15 @@ github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 h1:mXoPYz/Ul5HYE
|
||||
github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932/go.mod h1:NOuUCSz6Q9T7+igc/hlvDOUdtWKryOrtFyIVABv/p7k=
|
||||
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
|
||||
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
|
||||
github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w=
|
||||
github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
|
||||
github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo=
|
||||
github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
|
||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||
github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
|
||||
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
|
||||
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
|
||||
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
|
||||
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
|
||||
@@ -295,6 +299,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/redis/go-redis/v9 v9.0.3 h1:+7mmR26M0IvyLxGZUHxu4GiBkJkVDid0Un+j4ScYu4k=
|
||||
github.com/redis/go-redis/v9 v9.0.3/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
|
||||
github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
|
||||
github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
|
||||
github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f h1:a7clxaGmmqtdNTXyvrp/lVO/Gnkzlhc/+dLs5v965GM=
|
||||
|
||||
@@ -88,6 +88,8 @@ type ComplexityRoot struct {
|
||||
DatabaseType func(childComplexity int) int
|
||||
DatabaseURL func(childComplexity int) int
|
||||
DatabaseUsername func(childComplexity int) int
|
||||
DefaultAuthorizeResponseMode func(childComplexity int) int
|
||||
DefaultAuthorizeResponseType func(childComplexity int) int
|
||||
DefaultRoles func(childComplexity int) int
|
||||
DisableBasicAuthentication func(childComplexity int) int
|
||||
DisableEmailVerification func(childComplexity int) int
|
||||
@@ -608,6 +610,20 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
|
||||
|
||||
return e.complexity.Env.DatabaseUsername(childComplexity), true
|
||||
|
||||
case "Env.DEFAULT_AUTHORIZE_RESPONSE_MODE":
|
||||
if e.complexity.Env.DefaultAuthorizeResponseMode == nil {
|
||||
break
|
||||
}
|
||||
|
||||
return e.complexity.Env.DefaultAuthorizeResponseMode(childComplexity), true
|
||||
|
||||
case "Env.DEFAULT_AUTHORIZE_RESPONSE_TYPE":
|
||||
if e.complexity.Env.DefaultAuthorizeResponseType == nil {
|
||||
break
|
||||
}
|
||||
|
||||
return e.complexity.Env.DefaultAuthorizeResponseType(childComplexity), true
|
||||
|
||||
case "Env.DEFAULT_ROLES":
|
||||
if e.complexity.Env.DefaultRoles == nil {
|
||||
break
|
||||
@@ -2203,6 +2219,8 @@ type Env {
|
||||
ORGANIZATION_LOGO: String
|
||||
APP_COOKIE_SECURE: Boolean!
|
||||
ADMIN_COOKIE_SECURE: Boolean!
|
||||
DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
|
||||
DEFAULT_AUTHORIZE_RESPONSE_MODE: String
|
||||
}
|
||||
|
||||
type ValidateJWTTokenResponse {
|
||||
@@ -2317,6 +2335,8 @@ input UpdateEnvInput {
|
||||
MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: String
|
||||
ORGANIZATION_NAME: String
|
||||
ORGANIZATION_LOGO: String
|
||||
DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
|
||||
DEFAULT_AUTHORIZE_RESPONSE_MODE: String
|
||||
}
|
||||
|
||||
input AdminLoginInput {
|
||||
@@ -6424,6 +6444,88 @@ func (ec *executionContext) fieldContext_Env_ADMIN_COOKIE_SECURE(ctx context.Con
|
||||
return fc, nil
|
||||
}
|
||||
|
||||
func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
|
||||
fc, err := ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx, field)
|
||||
if err != nil {
|
||||
return graphql.Null
|
||||
}
|
||||
ctx = graphql.WithFieldContext(ctx, fc)
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
ec.Error(ctx, ec.Recover(ctx, r))
|
||||
ret = graphql.Null
|
||||
}
|
||||
}()
|
||||
resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
|
||||
ctx = rctx // use context from middleware stack in children
|
||||
return obj.DefaultAuthorizeResponseType, nil
|
||||
})
|
||||
if err != nil {
|
||||
ec.Error(ctx, err)
|
||||
return graphql.Null
|
||||
}
|
||||
if resTmp == nil {
|
||||
return graphql.Null
|
||||
}
|
||||
res := resTmp.(*string)
|
||||
fc.Result = res
|
||||
return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
|
||||
}
|
||||
|
||||
func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
|
||||
fc = &graphql.FieldContext{
|
||||
Object: "Env",
|
||||
Field: field,
|
||||
IsMethod: false,
|
||||
IsResolver: false,
|
||||
Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
|
||||
return nil, errors.New("field of type String does not have child fields")
|
||||
},
|
||||
}
|
||||
return fc, nil
|
||||
}
|
||||
|
||||
func (ec *executionContext) _Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
|
||||
fc, err := ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field)
|
||||
if err != nil {
|
||||
return graphql.Null
|
||||
}
|
||||
ctx = graphql.WithFieldContext(ctx, fc)
|
||||
defer func() {
|
||||
if r := recover(); r != nil {
|
||||
ec.Error(ctx, ec.Recover(ctx, r))
|
||||
ret = graphql.Null
|
||||
}
|
||||
}()
|
||||
resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
|
||||
ctx = rctx // use context from middleware stack in children
|
||||
return obj.DefaultAuthorizeResponseMode, nil
|
||||
})
|
||||
if err != nil {
|
||||
ec.Error(ctx, err)
|
||||
return graphql.Null
|
||||
}
|
||||
if resTmp == nil {
|
||||
return graphql.Null
|
||||
}
|
||||
res := resTmp.(*string)
|
||||
fc.Result = res
|
||||
return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
|
||||
}
|
||||
|
||||
func (ec *executionContext) fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
|
||||
fc = &graphql.FieldContext{
|
||||
Object: "Env",
|
||||
Field: field,
|
||||
IsMethod: false,
|
||||
IsResolver: false,
|
||||
Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
|
||||
return nil, errors.New("field of type String does not have child fields")
|
||||
},
|
||||
}
|
||||
return fc, nil
|
||||
}
|
||||
|
||||
func (ec *executionContext) _Error_message(ctx context.Context, field graphql.CollectedField, obj *model.Error) (ret graphql.Marshaler) {
|
||||
fc, err := ec.fieldContext_Error_message(ctx, field)
|
||||
if err != nil {
|
||||
@@ -10104,6 +10206,10 @@ func (ec *executionContext) fieldContext_Query__env(ctx context.Context, field g
|
||||
return ec.fieldContext_Env_APP_COOKIE_SECURE(ctx, field)
|
||||
case "ADMIN_COOKIE_SECURE":
|
||||
return ec.fieldContext_Env_ADMIN_COOKIE_SECURE(ctx, field)
|
||||
case "DEFAULT_AUTHORIZE_RESPONSE_TYPE":
|
||||
return ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx, field)
|
||||
case "DEFAULT_AUTHORIZE_RESPONSE_MODE":
|
||||
return ec.fieldContext_Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field)
|
||||
}
|
||||
return nil, fmt.Errorf("no field named %q was found under type Env", field.Name)
|
||||
},
|
||||
@@ -16016,7 +16122,7 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
|
||||
asMap[k] = v
|
||||
}
|
||||
|
||||
fieldsInOrder := [...]string{"ACCESS_TOKEN_EXPIRY_TIME", "ADMIN_SECRET", "CUSTOM_ACCESS_TOKEN_SCRIPT", "OLD_ADMIN_SECRET", "SMTP_HOST", "SMTP_PORT", "SMTP_USERNAME", "SMTP_PASSWORD", "SMTP_LOCAL_NAME", "SENDER_EMAIL", "JWT_TYPE", "JWT_SECRET", "JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", "ALLOWED_ORIGINS", "APP_URL", "RESET_PASSWORD_URL", "APP_COOKIE_SECURE", "ADMIN_COOKIE_SECURE", "DISABLE_EMAIL_VERIFICATION", "DISABLE_BASIC_AUTHENTICATION", "DISABLE_MAGIC_LINK_LOGIN", "DISABLE_LOGIN_PAGE", "DISABLE_SIGN_UP", "DISABLE_REDIS_FOR_ENV", "DISABLE_STRONG_PASSWORD", "DISABLE_MULTI_FACTOR_AUTHENTICATION", "ENFORCE_MULTI_FACTOR_AUTHENTICATION", "ROLES", "PROTECTED_ROLES", "DEFAULT_ROLES", "JWT_ROLE_CLAIM", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET", "FACEBOOK_CLIENT_ID", "FACEBOOK_CLIENT_SECRET", "LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET", "APPLE_CLIENT_ID", "APPLE_CLIENT_SECRET", "TWITTER_CLIENT_ID", "TWITTER_CLIENT_SECRET", "MICROSOFT_CLIENT_ID", "MICROSOFT_CLIENT_SECRET", "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID", "ORGANIZATION_NAME", "ORGANIZATION_LOGO"}
|
||||
fieldsInOrder := [...]string{"ACCESS_TOKEN_EXPIRY_TIME", "ADMIN_SECRET", "CUSTOM_ACCESS_TOKEN_SCRIPT", "OLD_ADMIN_SECRET", "SMTP_HOST", "SMTP_PORT", "SMTP_USERNAME", "SMTP_PASSWORD", "SMTP_LOCAL_NAME", "SENDER_EMAIL", "JWT_TYPE", "JWT_SECRET", "JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", "ALLOWED_ORIGINS", "APP_URL", "RESET_PASSWORD_URL", "APP_COOKIE_SECURE", "ADMIN_COOKIE_SECURE", "DISABLE_EMAIL_VERIFICATION", "DISABLE_BASIC_AUTHENTICATION", "DISABLE_MAGIC_LINK_LOGIN", "DISABLE_LOGIN_PAGE", "DISABLE_SIGN_UP", "DISABLE_REDIS_FOR_ENV", "DISABLE_STRONG_PASSWORD", "DISABLE_MULTI_FACTOR_AUTHENTICATION", "ENFORCE_MULTI_FACTOR_AUTHENTICATION", "ROLES", "PROTECTED_ROLES", "DEFAULT_ROLES", "JWT_ROLE_CLAIM", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET", "FACEBOOK_CLIENT_ID", "FACEBOOK_CLIENT_SECRET", "LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET", "APPLE_CLIENT_ID", "APPLE_CLIENT_SECRET", "TWITTER_CLIENT_ID", "TWITTER_CLIENT_SECRET", "MICROSOFT_CLIENT_ID", "MICROSOFT_CLIENT_SECRET", "MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID", "ORGANIZATION_NAME", "ORGANIZATION_LOGO", "DEFAULT_AUTHORIZE_RESPONSE_TYPE", "DEFAULT_AUTHORIZE_RESPONSE_MODE"}
|
||||
for _, k := range fieldsInOrder {
|
||||
v, ok := asMap[k]
|
||||
if !ok {
|
||||
@@ -16415,6 +16521,22 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
|
||||
if err != nil {
|
||||
return it, err
|
||||
}
|
||||
case "DEFAULT_AUTHORIZE_RESPONSE_TYPE":
|
||||
var err error
|
||||
|
||||
ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DEFAULT_AUTHORIZE_RESPONSE_TYPE"))
|
||||
it.DefaultAuthorizeResponseType, err = ec.unmarshalOString2ᚖstring(ctx, v)
|
||||
if err != nil {
|
||||
return it, err
|
||||
}
|
||||
case "DEFAULT_AUTHORIZE_RESPONSE_MODE":
|
||||
var err error
|
||||
|
||||
ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("DEFAULT_AUTHORIZE_RESPONSE_MODE"))
|
||||
it.DefaultAuthorizeResponseMode, err = ec.unmarshalOString2ᚖstring(ctx, v)
|
||||
if err != nil {
|
||||
return it, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17329,6 +17451,14 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj
|
||||
if out.Values[i] == graphql.Null {
|
||||
invalids++
|
||||
}
|
||||
case "DEFAULT_AUTHORIZE_RESPONSE_TYPE":
|
||||
|
||||
out.Values[i] = ec._Env_DEFAULT_AUTHORIZE_RESPONSE_TYPE(ctx, field, obj)
|
||||
|
||||
case "DEFAULT_AUTHORIZE_RESPONSE_MODE":
|
||||
|
||||
out.Values[i] = ec._Env_DEFAULT_AUTHORIZE_RESPONSE_MODE(ctx, field, obj)
|
||||
|
||||
default:
|
||||
panic("unknown field " + strconv.Quote(field.Name))
|
||||
}
|
||||
|
||||
@@ -117,6 +117,8 @@ type Env struct {
|
||||
OrganizationLogo *string `json:"ORGANIZATION_LOGO"`
|
||||
AppCookieSecure bool `json:"APP_COOKIE_SECURE"`
|
||||
AdminCookieSecure bool `json:"ADMIN_COOKIE_SECURE"`
|
||||
DefaultAuthorizeResponseType *string `json:"DEFAULT_AUTHORIZE_RESPONSE_TYPE"`
|
||||
DefaultAuthorizeResponseMode *string `json:"DEFAULT_AUTHORIZE_RESPONSE_MODE"`
|
||||
}
|
||||
|
||||
type Error struct {
|
||||
@@ -353,6 +355,8 @@ type UpdateEnvInput struct {
|
||||
MicrosoftActiveDirectoryTenantID *string `json:"MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID"`
|
||||
OrganizationName *string `json:"ORGANIZATION_NAME"`
|
||||
OrganizationLogo *string `json:"ORGANIZATION_LOGO"`
|
||||
DefaultAuthorizeResponseType *string `json:"DEFAULT_AUTHORIZE_RESPONSE_TYPE"`
|
||||
DefaultAuthorizeResponseMode *string `json:"DEFAULT_AUTHORIZE_RESPONSE_MODE"`
|
||||
}
|
||||
|
||||
type UpdateProfileInput struct {
|
||||
|
||||
@@ -153,6 +153,8 @@ type Env {
|
||||
ORGANIZATION_LOGO: String
|
||||
APP_COOKIE_SECURE: Boolean!
|
||||
ADMIN_COOKIE_SECURE: Boolean!
|
||||
DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
|
||||
DEFAULT_AUTHORIZE_RESPONSE_MODE: String
|
||||
}
|
||||
|
||||
type ValidateJWTTokenResponse {
|
||||
@@ -267,6 +269,8 @@ input UpdateEnvInput {
|
||||
MICROSOFT_ACTIVE_DIRECTORY_TENANT_ID: String
|
||||
ORGANIZATION_NAME: String
|
||||
ORGANIZATION_LOGO: String
|
||||
DEFAULT_AUTHORIZE_RESPONSE_TYPE: String
|
||||
DEFAULT_AUTHORIZE_RESPONSE_MODE: String
|
||||
}
|
||||
|
||||
input AdminLoginInput {
|
||||
|
||||
@@ -83,7 +83,11 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
}
|
||||
|
||||
if responseMode == "" {
|
||||
responseMode = constants.ResponseModeQuery
|
||||
if val, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultAuthorizeResponseMode); err == nil {
|
||||
responseType = val
|
||||
} else {
|
||||
responseType = constants.ResponseModeQuery
|
||||
}
|
||||
}
|
||||
|
||||
if redirectURI == "" {
|
||||
@@ -91,7 +95,11 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
}
|
||||
|
||||
if responseType == "" {
|
||||
responseType = "token"
|
||||
if val, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultAuthorizeResponseType); err == nil {
|
||||
responseType = val
|
||||
} else {
|
||||
responseType = constants.ResponseTypeToken
|
||||
}
|
||||
}
|
||||
|
||||
if err := validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge); err != nil {
|
||||
@@ -186,7 +194,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
// rollover the session for security
|
||||
go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
|
||||
if responseType == constants.ResponseTypeCode {
|
||||
newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
|
||||
newSessionTokenData, newSessionToken, newSessionExpiresAt, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
|
||||
if err != nil {
|
||||
log.Debug("CreateSessionToken failed: ", err)
|
||||
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
|
||||
@@ -207,7 +215,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken); err != nil {
|
||||
if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken, newSessionExpiresAt); err != nil {
|
||||
log.Debug("SetUserSession failed: ", err)
|
||||
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
|
||||
return
|
||||
@@ -263,13 +271,13 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+nonce, authToken.FingerPrintHash); err != nil {
|
||||
if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+nonce, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt); err != nil {
|
||||
log.Debug("SetUserSession failed: ", err)
|
||||
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
|
||||
return
|
||||
}
|
||||
|
||||
if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+nonce, authToken.AccessToken.Token); err != nil {
|
||||
if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+nonce, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt); err != nil {
|
||||
log.Debug("SetUserSession failed: ", err)
|
||||
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
|
||||
return
|
||||
@@ -297,7 +305,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
||||
if authToken.RefreshToken != nil {
|
||||
res["refresh_token"] = authToken.RefreshToken.Token
|
||||
params += "&refresh_token=" + authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
if responseMode == constants.ResponseModeQuery {
|
||||
|
||||
@@ -47,7 +47,14 @@ func LogoutHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
memorystore.Provider.DeleteUserSession(sessionData.Subject, sessionData.Nonce)
|
||||
userID := sessionData.Subject
|
||||
loginMethod := sessionData.LoginMethod
|
||||
sessionToken := userID
|
||||
if loginMethod != "" {
|
||||
sessionToken = loginMethod + ":" + userID
|
||||
}
|
||||
|
||||
memorystore.Provider.DeleteUserSession(sessionToken, sessionData.Nonce)
|
||||
cookie.DeleteSession(gc)
|
||||
|
||||
if redirectURL != "" {
|
||||
|
||||
@@ -249,12 +249,12 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
||||
|
||||
sessionKey := provider + ":" + user.ID
|
||||
cookie.SetSession(ctx, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
params += `&refresh_token=` + authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
go func() {
|
||||
|
||||
@@ -247,8 +247,8 @@ func TokenHandler() gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||
|
||||
expiresIn := authToken.AccessToken.ExpiresAt - time.Now().Unix()
|
||||
@@ -266,7 +266,7 @@ func TokenHandler() gin.HandlerFunc {
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
res["refresh_token"] = authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
gc.JSON(http.StatusOK, res)
|
||||
|
||||
@@ -154,12 +154,12 @@ func VerifyEmailHandler() gin.HandlerFunc {
|
||||
|
||||
sessionKey := loginMethod + ":" + user.ID
|
||||
cookie.SetSession(c, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
params = params + `&refresh_token=` + authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
if redirectURL == "" {
|
||||
|
||||
14
server/memorystore/providers/inmemory/provider_test.go
Normal file
14
server/memorystore/providers/inmemory/provider_test.go
Normal file
@@ -0,0 +1,14 @@
|
||||
package inmemory
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/memorystore/providers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestInMemoryProvider(t *testing.T) {
|
||||
p, err := NewInMemoryProvider()
|
||||
assert.NoError(t, err)
|
||||
providers.ProviderTests(t, p)
|
||||
}
|
||||
@@ -8,45 +8,31 @@ import (
|
||||
)
|
||||
|
||||
// SetUserSession sets the user session for given user identifier in form recipe:user_id
|
||||
func (c *provider) SetUserSession(userId, key, token string) error {
|
||||
c.sessionStore.Set(userId, key, token)
|
||||
func (c *provider) SetUserSession(userId, key, token string, expiration int64) error {
|
||||
c.sessionStore.Set(userId, key, token, expiration)
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetAllUserSessions returns all the user sessions token from the in-memory store.
|
||||
func (c *provider) GetAllUserSessions(userId string) (map[string]string, error) {
|
||||
data := c.sessionStore.GetAll(userId)
|
||||
return data, nil
|
||||
}
|
||||
|
||||
// GetUserSession returns value for given session token
|
||||
func (c *provider) GetUserSession(userId, sessionToken string) (string, error) {
|
||||
return c.sessionStore.Get(userId, sessionToken), nil
|
||||
val := c.sessionStore.Get(userId, sessionToken)
|
||||
if val == "" {
|
||||
return "", fmt.Errorf("Not found")
|
||||
}
|
||||
return val, nil
|
||||
}
|
||||
|
||||
// DeleteAllUserSessions deletes all the user sessions from in-memory store.
|
||||
func (c *provider) DeleteAllUserSessions(userId string) error {
|
||||
namespaces := []string{
|
||||
constants.AuthRecipeMethodBasicAuth,
|
||||
constants.AuthRecipeMethodMagicLinkLogin,
|
||||
constants.AuthRecipeMethodApple,
|
||||
constants.AuthRecipeMethodFacebook,
|
||||
constants.AuthRecipeMethodGithub,
|
||||
constants.AuthRecipeMethodGoogle,
|
||||
constants.AuthRecipeMethodLinkedIn,
|
||||
constants.AuthRecipeMethodTwitter,
|
||||
constants.AuthRecipeMethodMicrosoft,
|
||||
}
|
||||
|
||||
for _, namespace := range namespaces {
|
||||
c.sessionStore.RemoveAll(namespace + ":" + userId)
|
||||
}
|
||||
c.sessionStore.RemoveAll(userId)
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeleteUserSession deletes the user session from the in-memory store.
|
||||
func (c *provider) DeleteUserSession(userId, sessionToken string) error {
|
||||
c.sessionStore.Remove(userId, sessionToken)
|
||||
c.sessionStore.Remove(userId, constants.TokenTypeSessionToken+"_"+sessionToken)
|
||||
c.sessionStore.Remove(userId, constants.TokenTypeAccessToken+"_"+sessionToken)
|
||||
c.sessionStore.Remove(userId, constants.TokenTypeRefreshToken+"_"+sessionToken)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -31,11 +31,15 @@ func (e *EnvStore) UpdateStore(store map[string]interface{}) {
|
||||
|
||||
// GetStore returns the env store
|
||||
func (e *EnvStore) GetStore() map[string]interface{} {
|
||||
e.mutex.Lock()
|
||||
defer e.mutex.Unlock()
|
||||
return e.store
|
||||
}
|
||||
|
||||
// Get returns the value of the key in evn store
|
||||
func (e *EnvStore) Get(key string) interface{} {
|
||||
e.mutex.Lock()
|
||||
defer e.mutex.Unlock()
|
||||
return e.store[key]
|
||||
}
|
||||
|
||||
|
||||
@@ -1,73 +1,140 @@
|
||||
package stores
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"sort"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
// Maximum entries to keep in session storage
|
||||
maxCacheSize = 1000
|
||||
// Cache clear interval
|
||||
clearInterval = 10 * time.Minute
|
||||
)
|
||||
|
||||
// SessionEntry is the struct for entry stored in store
|
||||
type SessionEntry struct {
|
||||
Value string
|
||||
ExpiresAt int64
|
||||
}
|
||||
|
||||
// SessionStore struct to store the env variables
|
||||
type SessionStore struct {
|
||||
wg sync.WaitGroup
|
||||
mutex sync.Mutex
|
||||
store map[string]map[string]string
|
||||
store map[string]*SessionEntry
|
||||
// stores expireTime: key to remove data when cache is full
|
||||
// map is sorted by key so older most entry can be deleted first
|
||||
keyIndex map[int64]string
|
||||
stop chan struct{}
|
||||
}
|
||||
|
||||
// NewSessionStore create a new session store
|
||||
func NewSessionStore() *SessionStore {
|
||||
return &SessionStore{
|
||||
mutex: sync.Mutex{},
|
||||
store: make(map[string]map[string]string),
|
||||
store := &SessionStore{
|
||||
mutex: sync.Mutex{},
|
||||
store: make(map[string]*SessionEntry),
|
||||
keyIndex: make(map[int64]string),
|
||||
stop: make(chan struct{}),
|
||||
}
|
||||
store.wg.Add(1)
|
||||
go func() {
|
||||
defer store.wg.Done()
|
||||
store.clean()
|
||||
}()
|
||||
return store
|
||||
}
|
||||
|
||||
func (s *SessionStore) clean() {
|
||||
t := time.NewTicker(clearInterval)
|
||||
defer t.Stop()
|
||||
for {
|
||||
select {
|
||||
case <-s.stop:
|
||||
return
|
||||
case <-t.C:
|
||||
s.mutex.Lock()
|
||||
currentTime := time.Now().Unix()
|
||||
for k, v := range s.store {
|
||||
if v.ExpiresAt < currentTime {
|
||||
delete(s.store, k)
|
||||
delete(s.keyIndex, v.ExpiresAt)
|
||||
}
|
||||
}
|
||||
s.mutex.Unlock()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Get returns the value of the key in state store
|
||||
func (s *SessionStore) Get(key, subKey string) string {
|
||||
return s.store[key][subKey]
|
||||
s.mutex.Lock()
|
||||
defer s.mutex.Unlock()
|
||||
currentTime := time.Now().Unix()
|
||||
k := fmt.Sprintf("%s:%s", key, subKey)
|
||||
if v, ok := s.store[k]; ok {
|
||||
if v.ExpiresAt > currentTime {
|
||||
return v.Value
|
||||
}
|
||||
// Delete expired items
|
||||
delete(s.store, k)
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
// Set sets the value of the key in state store
|
||||
func (s *SessionStore) Set(key string, subKey, value string) {
|
||||
func (s *SessionStore) Set(key string, subKey, value string, expiration int64) {
|
||||
s.mutex.Lock()
|
||||
defer s.mutex.Unlock()
|
||||
|
||||
if _, ok := s.store[key]; !ok {
|
||||
s.store[key] = make(map[string]string)
|
||||
k := fmt.Sprintf("%s:%s", key, subKey)
|
||||
if _, ok := s.store[k]; !ok {
|
||||
// check if there is enough space in cache
|
||||
// else delete entries based on FIFO
|
||||
if len(s.store) == maxCacheSize {
|
||||
// remove older most entry
|
||||
sortedKeys := []int64{}
|
||||
for ik := range s.keyIndex {
|
||||
sortedKeys = append(sortedKeys, ik)
|
||||
}
|
||||
sort.Slice(sortedKeys, func(i, j int) bool { return sortedKeys[i] < sortedKeys[j] })
|
||||
itemToRemove := sortedKeys[0]
|
||||
delete(s.store, s.keyIndex[itemToRemove])
|
||||
delete(s.keyIndex, itemToRemove)
|
||||
}
|
||||
}
|
||||
s.store[key][subKey] = value
|
||||
s.store[k] = &SessionEntry{
|
||||
Value: value,
|
||||
ExpiresAt: expiration,
|
||||
}
|
||||
s.keyIndex[expiration] = k
|
||||
}
|
||||
|
||||
// RemoveAll all values for given key
|
||||
func (s *SessionStore) RemoveAll(key string) {
|
||||
s.mutex.Lock()
|
||||
defer s.mutex.Unlock()
|
||||
|
||||
delete(s.store, key)
|
||||
for k := range s.store {
|
||||
if strings.Contains(k, key) {
|
||||
delete(s.store, k)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Remove value for given key and subkey
|
||||
func (s *SessionStore) Remove(key, subKey string) {
|
||||
s.mutex.Lock()
|
||||
defer s.mutex.Unlock()
|
||||
if _, ok := s.store[key]; ok {
|
||||
delete(s.store[key], subKey)
|
||||
}
|
||||
}
|
||||
|
||||
// Get all the values for given key
|
||||
func (s *SessionStore) GetAll(key string) map[string]string {
|
||||
s.mutex.Lock()
|
||||
defer s.mutex.Unlock()
|
||||
|
||||
if _, ok := s.store[key]; !ok {
|
||||
s.store[key] = make(map[string]string)
|
||||
}
|
||||
return s.store[key]
|
||||
k := fmt.Sprintf("%s:%s", key, subKey)
|
||||
delete(s.store, k)
|
||||
}
|
||||
|
||||
// RemoveByNamespace to delete session for a given namespace example google,github
|
||||
func (s *SessionStore) RemoveByNamespace(namespace string) error {
|
||||
s.mutex.Lock()
|
||||
defer s.mutex.Unlock()
|
||||
|
||||
for key := range s.store {
|
||||
if strings.Contains(key, namespace+":") {
|
||||
delete(s.store, key)
|
||||
|
||||
@@ -20,6 +20,8 @@ func NewStateStore() *StateStore {
|
||||
|
||||
// Get returns the value of the key in state store
|
||||
func (s *StateStore) Get(key string) string {
|
||||
s.mutex.Lock()
|
||||
defer s.mutex.Unlock()
|
||||
return s.store[key]
|
||||
}
|
||||
|
||||
|
||||
115
server/memorystore/providers/provider_tests.go
Normal file
115
server/memorystore/providers/provider_tests.go
Normal file
@@ -0,0 +1,115 @@
|
||||
package providers
|
||||
|
||||
import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
// ProviderTests runs all provider tests
|
||||
func ProviderTests(t *testing.T, p Provider) {
|
||||
|
||||
err := p.SetUserSession("auth_provider:123", "session_token_key", "test_hash123", time.Now().Add(60*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
err = p.SetUserSession("auth_provider:123", "access_token_key", "test_jwt123", time.Now().Add(60*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
// Same user multiple session
|
||||
err = p.SetUserSession("auth_provider:123", "session_token_key1", "test_hash1123", time.Now().Add(60*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
err = p.SetUserSession("auth_provider:123", "access_token_key1", "test_jwt1123", time.Now().Add(60*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
// Different user session
|
||||
err = p.SetUserSession("auth_provider:124", "session_token_key", "test_hash124", time.Now().Add(5*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
err = p.SetUserSession("auth_provider:124", "access_token_key", "test_jwt124", time.Now().Add(5*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
// Different provider session
|
||||
err = p.SetUserSession("auth_provider1:124", "session_token_key", "test_hash124", time.Now().Add(60*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
err = p.SetUserSession("auth_provider1:124", "access_token_key", "test_jwt124", time.Now().Add(60*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
// Different provider session
|
||||
err = p.SetUserSession("auth_provider1:123", "session_token_key", "test_hash1123", time.Now().Add(60*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
err = p.SetUserSession("auth_provider1:123", "access_token_key", "test_jwt1123", time.Now().Add(60*time.Second).Unix())
|
||||
assert.NoError(t, err)
|
||||
// Get session
|
||||
key, err := p.GetUserSession("auth_provider:123", "session_token_key")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, "test_hash123", key)
|
||||
key, err = p.GetUserSession("auth_provider:123", "access_token_key")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, "test_jwt123", key)
|
||||
key, err = p.GetUserSession("auth_provider:124", "session_token_key")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, "test_hash124", key)
|
||||
key, err = p.GetUserSession("auth_provider:124", "access_token_key")
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, "test_jwt124", key)
|
||||
// Expire some tokens and make sure they are empty
|
||||
time.Sleep(5 * time.Second)
|
||||
key, err = p.GetUserSession("auth_provider:124", "session_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:124", "access_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
// Delete user session
|
||||
err = p.DeleteUserSession("auth_provider:123", "key")
|
||||
assert.NoError(t, err)
|
||||
err = p.DeleteUserSession("auth_provider:123", "key")
|
||||
assert.NoError(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:123", "key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:123", "access_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
// Delete all user session
|
||||
err = p.DeleteAllUserSessions("123")
|
||||
assert.NoError(t, err)
|
||||
err = p.DeleteAllUserSessions("123")
|
||||
assert.NoError(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:123", "session_token_key1")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:123", "access_token_key1")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider1:123", "session_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider1:123", "access_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
// Delete namespace
|
||||
err = p.DeleteSessionForNamespace("auth_provider")
|
||||
assert.NoError(t, err)
|
||||
err = p.DeleteSessionForNamespace("auth_provider1")
|
||||
assert.NoError(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:123", "session_token_key1")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:123", "access_token_key1")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider1:123", "session_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider1:123", "access_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:124", "session_token_key1")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider:124", "access_token_key1")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider1:124", "session_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
key, err = p.GetUserSession("auth_provider1:124", "access_token_key")
|
||||
assert.Empty(t, key)
|
||||
assert.Error(t, err)
|
||||
}
|
||||
@@ -3,9 +3,7 @@ package providers
|
||||
// Provider defines current memory store provider
|
||||
type Provider interface {
|
||||
// SetUserSession sets the user session for given user identifier in form recipe:user_id
|
||||
SetUserSession(userId, key, token string) error
|
||||
// GetAllUserSessions returns all the user sessions from the session store
|
||||
GetAllUserSessions(userId string) (map[string]string, error)
|
||||
SetUserSession(userId, key, token string, expiration int64) error
|
||||
// GetUserSession returns the session token for given token
|
||||
GetUserSession(userId, key string) (string, error)
|
||||
// DeleteUserSession deletes the user session
|
||||
|
||||
@@ -5,7 +5,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-redis/redis/v8"
|
||||
"github.com/redis/go-redis/v9"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
@@ -17,10 +17,11 @@ type RedisClient interface {
|
||||
HMGet(ctx context.Context, key string, fields ...string) *redis.SliceCmd
|
||||
HSet(ctx context.Context, key string, values ...interface{}) *redis.IntCmd
|
||||
HGet(ctx context.Context, key, field string) *redis.StringCmd
|
||||
HGetAll(ctx context.Context, key string) *redis.StringStringMapCmd
|
||||
HGetAll(ctx context.Context, key string) *redis.MapStringStringCmd
|
||||
Set(ctx context.Context, key string, value interface{}, expiration time.Duration) *redis.StatusCmd
|
||||
Get(ctx context.Context, key string) *redis.StringCmd
|
||||
Scan(ctx context.Context, cursor uint64, match string, count int64) *redis.ScanCmd
|
||||
Keys(ctx context.Context, pattern string) *redis.StringSliceCmd
|
||||
}
|
||||
|
||||
type provider struct {
|
||||
@@ -31,7 +32,6 @@ type provider struct {
|
||||
// NewRedisProvider returns a new redis provider
|
||||
func NewRedisProvider(redisURL string) (*provider, error) {
|
||||
redisURLHostPortsList := strings.Split(redisURL, ",")
|
||||
|
||||
if len(redisURLHostPortsList) > 1 {
|
||||
opt, err := redis.ParseURL(redisURLHostPortsList[0])
|
||||
if err != nil {
|
||||
@@ -70,7 +70,6 @@ func NewRedisProvider(redisURL string) (*provider, error) {
|
||||
log.Debug("error connecting to redis: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &provider{
|
||||
ctx: ctx,
|
||||
store: rdb,
|
||||
|
||||
15
server/memorystore/providers/redis/provider_test.go
Normal file
15
server/memorystore/providers/redis/provider_test.go
Normal file
@@ -0,0 +1,15 @@
|
||||
package redis
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/memorystore/providers"
|
||||
)
|
||||
|
||||
func TestRedisProvider(t *testing.T) {
|
||||
p, err := NewRedisProvider("redis://127.0.0.1:6379")
|
||||
assert.NoError(t, err)
|
||||
providers.ProviderTests(t, p)
|
||||
}
|
||||
@@ -1,7 +1,9 @@
|
||||
package redis
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
log "github.com/sirupsen/logrus"
|
||||
@@ -15,29 +17,21 @@ var (
|
||||
)
|
||||
|
||||
// SetUserSession sets the user session for given user identifier in form recipe:user_id
|
||||
func (c *provider) SetUserSession(userId, key, token string) error {
|
||||
err := c.store.HSet(c.ctx, userId, key, token).Err()
|
||||
func (c *provider) SetUserSession(userId, key, token string, expiration int64) error {
|
||||
currentTime := time.Now()
|
||||
expireTime := time.Unix(expiration, 0)
|
||||
duration := expireTime.Sub(currentTime)
|
||||
err := c.store.Set(c.ctx, fmt.Sprintf("%s:%s", userId, key), token, duration).Err()
|
||||
if err != nil {
|
||||
log.Debug("Error saving to redis: ", err)
|
||||
log.Debug("Error saving user session to redis: ", err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetAllUserSessions returns all the user session token from the redis store.
|
||||
func (c *provider) GetAllUserSessions(userID string) (map[string]string, error) {
|
||||
data, err := c.store.HGetAll(c.ctx, userID).Result()
|
||||
if err != nil {
|
||||
log.Debug("error getting all user sessions from redis store: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return data, nil
|
||||
}
|
||||
|
||||
// GetUserSession returns the user session from redis store.
|
||||
func (c *provider) GetUserSession(userId, key string) (string, error) {
|
||||
data, err := c.store.HGet(c.ctx, userId, key).Result()
|
||||
data, err := c.store.Get(c.ctx, fmt.Sprintf("%s:%s", userId, key)).Result()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
@@ -46,39 +40,34 @@ func (c *provider) GetUserSession(userId, key string) (string, error) {
|
||||
|
||||
// DeleteUserSession deletes the user session from redis store.
|
||||
func (c *provider) DeleteUserSession(userId, key string) error {
|
||||
if err := c.store.HDel(c.ctx, userId, constants.TokenTypeSessionToken+"_"+key).Err(); err != nil {
|
||||
if err := c.store.Del(c.ctx, fmt.Sprintf("%s:%s", userId, constants.TokenTypeSessionToken+"_"+key)).Err(); err != nil {
|
||||
log.Debug("Error deleting user session from redis: ", err)
|
||||
return err
|
||||
// continue
|
||||
}
|
||||
if err := c.store.HDel(c.ctx, userId, constants.TokenTypeAccessToken+"_"+key).Err(); err != nil {
|
||||
if err := c.store.Del(c.ctx, fmt.Sprintf("%s:%s", userId, constants.TokenTypeAccessToken+"_"+key)).Err(); err != nil {
|
||||
log.Debug("Error deleting user session from redis: ", err)
|
||||
return err
|
||||
// continue
|
||||
}
|
||||
if err := c.store.HDel(c.ctx, userId, constants.TokenTypeRefreshToken+"_"+key).Err(); err != nil {
|
||||
if err := c.store.Del(c.ctx, fmt.Sprintf("%s:%s", userId, constants.TokenTypeRefreshToken+"_"+key)).Err(); err != nil {
|
||||
log.Debug("Error deleting user session from redis: ", err)
|
||||
return err
|
||||
// continue
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// DeleteAllUserSessions deletes all the user session from redis
|
||||
func (c *provider) DeleteAllUserSessions(userID string) error {
|
||||
namespaces := []string{
|
||||
constants.AuthRecipeMethodBasicAuth,
|
||||
constants.AuthRecipeMethodMagicLinkLogin,
|
||||
constants.AuthRecipeMethodApple,
|
||||
constants.AuthRecipeMethodFacebook,
|
||||
constants.AuthRecipeMethodGithub,
|
||||
constants.AuthRecipeMethodGoogle,
|
||||
constants.AuthRecipeMethodLinkedIn,
|
||||
constants.AuthRecipeMethodTwitter,
|
||||
constants.AuthRecipeMethodMicrosoft,
|
||||
res := c.store.Keys(c.ctx, fmt.Sprintf("*%s*", userID))
|
||||
if res.Err() != nil {
|
||||
log.Debug("Error getting all user sessions from redis: ", res.Err())
|
||||
return res.Err()
|
||||
}
|
||||
for _, namespace := range namespaces {
|
||||
err := c.store.Del(c.ctx, namespace+":"+userID).Err()
|
||||
keys := res.Val()
|
||||
for _, key := range keys {
|
||||
err := c.store.Del(c.ctx, key).Err()
|
||||
if err != nil {
|
||||
log.Debug("Error deleting all user sessions from redis: ", err)
|
||||
return err
|
||||
continue
|
||||
}
|
||||
}
|
||||
return nil
|
||||
@@ -86,27 +75,19 @@ func (c *provider) DeleteAllUserSessions(userID string) error {
|
||||
|
||||
// DeleteSessionForNamespace to delete session for a given namespace example google,github
|
||||
func (c *provider) DeleteSessionForNamespace(namespace string) error {
|
||||
var cursor uint64
|
||||
for {
|
||||
keys := []string{}
|
||||
keys, cursor, err := c.store.Scan(c.ctx, cursor, namespace+":*", 0).Result()
|
||||
res := c.store.Keys(c.ctx, fmt.Sprintf("%s:*", namespace))
|
||||
if res.Err() != nil {
|
||||
log.Debug("Error getting all user sessions from redis: ", res.Err())
|
||||
return res.Err()
|
||||
}
|
||||
keys := res.Val()
|
||||
for _, key := range keys {
|
||||
err := c.store.Del(c.ctx, key).Err()
|
||||
if err != nil {
|
||||
log.Debugf("Error scanning keys for %s namespace: %s", namespace, err.Error())
|
||||
return err
|
||||
}
|
||||
|
||||
for _, key := range keys {
|
||||
err := c.store.Del(c.ctx, key).Err()
|
||||
if err != nil {
|
||||
log.Debugf("Error deleting sessions for %s namespace: %s", namespace, err.Error())
|
||||
return err
|
||||
}
|
||||
}
|
||||
if cursor == 0 { // no more keys
|
||||
break
|
||||
log.Debug("Error deleting all user sessions from redis: ", err)
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -168,6 +168,12 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
|
||||
if val, ok := store[constants.EnvKeyOrganizationLogo]; ok {
|
||||
res.OrganizationLogo = refs.NewStringRef(val.(string))
|
||||
}
|
||||
if val, ok := store[constants.EnvKeyDefaultAuthorizeResponseType]; ok {
|
||||
res.DefaultAuthorizeResponseType = refs.NewStringRef(val.(string))
|
||||
}
|
||||
if val, ok := store[constants.EnvKeyDefaultAuthorizeResponseMode]; ok {
|
||||
res.DefaultAuthorizeResponseMode = refs.NewStringRef(val.(string))
|
||||
}
|
||||
|
||||
// string slice vars
|
||||
res.AllowedOrigins = strings.Split(store[constants.EnvKeyAllowedOrigins].(string), ",")
|
||||
|
||||
@@ -193,12 +193,12 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
|
||||
|
||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||
sessionStoreKey := constants.AuthRecipeMethodBasicAuth + ":" + user.ID
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
res.RefreshToken = &authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
go func() {
|
||||
|
||||
@@ -195,12 +195,12 @@ func MobileLoginResolver(ctx context.Context, params model.MobileLoginInput) (*m
|
||||
|
||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||
sessionStoreKey := constants.AuthRecipeMethodMobileBasicAuth + ":" + user.ID
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
res.RefreshToken = &authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionStoreKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
go func() {
|
||||
|
||||
@@ -249,12 +249,12 @@ func MobileSignupResolver(ctx context.Context, params *model.MobileSignUpInput)
|
||||
|
||||
sessionKey := constants.AuthRecipeMethodMobileBasicAuth + ":" + user.ID
|
||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
res.RefreshToken = &authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
go func() {
|
||||
|
||||
@@ -99,12 +99,12 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
|
||||
}
|
||||
|
||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
res.RefreshToken = &authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
@@ -91,7 +91,6 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
||||
}
|
||||
|
||||
inputRoles := []string{}
|
||||
|
||||
if len(params.Roles) > 0 {
|
||||
// check if roles exists
|
||||
rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
|
||||
@@ -293,12 +292,12 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
||||
|
||||
sessionKey := constants.AuthRecipeMethodBasicAuth + ":" + user.ID
|
||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
res.RefreshToken = &authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
go func() {
|
||||
|
||||
@@ -150,12 +150,12 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
|
||||
|
||||
sessionKey := loginMethod + ":" + user.ID
|
||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
res.RefreshToken = &authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
@@ -123,12 +123,12 @@ func VerifyOtpResolver(ctx context.Context, params model.VerifyOTPRequest) (*mod
|
||||
|
||||
sessionKey := loginMethod + ":" + user.ID
|
||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
res.RefreshToken = &authToken.RefreshToken.Token
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
@@ -55,11 +55,11 @@ func validateJwtTokenTest(t *testing.T, s TestSetup) {
|
||||
authToken, err := token.CreateAuthToken(gc, user, roles, scope, constants.AuthRecipeMethodBasicAuth, nonce, "")
|
||||
assert.NoError(t, err)
|
||||
assert.NotNil(t, authToken)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash, authToken.SessionTokenExpiresAt)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token, authToken.AccessToken.ExpiresAt)
|
||||
|
||||
if authToken.RefreshToken != nil {
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token)
|
||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+authToken.FingerPrint, authToken.RefreshToken.Token, authToken.RefreshToken.ExpiresAt)
|
||||
}
|
||||
|
||||
t.Run(`should validate the access token`, func(t *testing.T) {
|
||||
|
||||
@@ -30,11 +30,13 @@ type JWTToken struct {
|
||||
|
||||
// Token object to hold the finger print and refresh token information
|
||||
type Token struct {
|
||||
FingerPrint string `json:"fingerprint"`
|
||||
FingerPrintHash string `json:"fingerprint_hash"`
|
||||
RefreshToken *JWTToken `json:"refresh_token"`
|
||||
AccessToken *JWTToken `json:"access_token"`
|
||||
IDToken *JWTToken `json:"id_token"`
|
||||
FingerPrint string `json:"fingerprint"`
|
||||
// Session Token
|
||||
FingerPrintHash string `json:"fingerprint_hash"`
|
||||
SessionTokenExpiresAt int64 `json:"expires_at"`
|
||||
RefreshToken *JWTToken `json:"refresh_token"`
|
||||
AccessToken *JWTToken `json:"access_token"`
|
||||
IDToken *JWTToken `json:"id_token"`
|
||||
}
|
||||
|
||||
// SessionData
|
||||
@@ -51,7 +53,7 @@ type SessionData struct {
|
||||
// CreateAuthToken creates a new auth token when userlogs in
|
||||
func CreateAuthToken(gc *gin.Context, user models.User, roles, scope []string, loginMethod, nonce string, code string) (*Token, error) {
|
||||
hostname := parsers.GetHost(gc)
|
||||
_, fingerPrintHash, err := CreateSessionToken(user, nonce, roles, scope, loginMethod)
|
||||
_, fingerPrintHash, sessionTokenExpiresAt, err := CreateSessionToken(user, nonce, roles, scope, loginMethod)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -82,10 +84,11 @@ func CreateAuthToken(gc *gin.Context, user models.User, roles, scope []string, l
|
||||
}
|
||||
|
||||
res := &Token{
|
||||
FingerPrint: nonce,
|
||||
FingerPrintHash: fingerPrintHash,
|
||||
AccessToken: &JWTToken{Token: accessToken, ExpiresAt: accessTokenExpiresAt},
|
||||
IDToken: &JWTToken{Token: idToken, ExpiresAt: idTokenExpiresAt},
|
||||
FingerPrint: nonce,
|
||||
FingerPrintHash: fingerPrintHash,
|
||||
SessionTokenExpiresAt: sessionTokenExpiresAt,
|
||||
AccessToken: &JWTToken{Token: accessToken, ExpiresAt: accessTokenExpiresAt},
|
||||
IDToken: &JWTToken{Token: idToken, ExpiresAt: idTokenExpiresAt},
|
||||
}
|
||||
|
||||
if utils.StringSliceContains(scope, "offline_access") {
|
||||
@@ -101,7 +104,8 @@ func CreateAuthToken(gc *gin.Context, user models.User, roles, scope []string, l
|
||||
}
|
||||
|
||||
// CreateSessionToken creates a new session token
|
||||
func CreateSessionToken(user models.User, nonce string, roles, scope []string, loginMethod string) (*SessionData, string, error) {
|
||||
func CreateSessionToken(user models.User, nonce string, roles, scope []string, loginMethod string) (*SessionData, string, int64, error) {
|
||||
expiresAt := time.Now().AddDate(1, 0, 0).Unix()
|
||||
fingerPrintMap := &SessionData{
|
||||
Nonce: nonce,
|
||||
Roles: roles,
|
||||
@@ -109,15 +113,15 @@ func CreateSessionToken(user models.User, nonce string, roles, scope []string, l
|
||||
Scope: scope,
|
||||
LoginMethod: loginMethod,
|
||||
IssuedAt: time.Now().Unix(),
|
||||
ExpiresAt: time.Now().AddDate(1, 0, 0).Unix(),
|
||||
ExpiresAt: expiresAt,
|
||||
}
|
||||
fingerPrintBytes, _ := json.Marshal(fingerPrintMap)
|
||||
fingerPrintHash, err := crypto.EncryptAES(string(fingerPrintBytes))
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
return nil, "", 0, err
|
||||
}
|
||||
|
||||
return fingerPrintMap, fingerPrintHash, nil
|
||||
return fingerPrintMap, fingerPrintHash, expiresAt, nil
|
||||
}
|
||||
|
||||
// CreateRefreshToken util to create JWT token
|
||||
|
||||
Reference in New Issue
Block a user