session tokens converging with user tokens

This commit is contained in:
Brad Rydzewski 2015-04-12 21:35:16 -07:00
parent eda3cfbe4b
commit 0f60073adc
3 changed files with 39 additions and 29 deletions

View file

@ -105,13 +105,17 @@ func GetLogin(c *gin.Context) {
return return
} }
token, err := session.GenerateToken(c.Request, u) token := &common.Token{
// Expiry: settings.Session.Expires, // TODO add this
Login: u.Login,
}
tokenstr, err := session.GenerateToken(c.Request, token)
if err != nil { if err != nil {
log.Errorf("cannot create token for %s. %s", u.Login, err) log.Errorf("cannot create token for %s. %s", u.Login, err)
c.Redirect(303, "/login#error=internal_error") c.Redirect(303, "/login#error=internal_error")
return return
} }
c.Redirect(303, "/#access_token="+token) c.Redirect(303, "/#access_token="+tokenstr)
} }
// getLoginOauth2 is the default authorization implementation // getLoginOauth2 is the default authorization implementation

View file

@ -108,13 +108,13 @@ func SetSession(s session.Session) gin.HandlerFunc {
func SetUser(s session.Session) gin.HandlerFunc { func SetUser(s session.Session) gin.HandlerFunc {
return func(c *gin.Context) { return func(c *gin.Context) {
ds := ToDatastore(c) ds := ToDatastore(c)
login := s.GetLogin(c.Request) token := s.GetLogin(c.Request)
if len(login) == 0 { if token == nil {
c.Next() c.Next()
return return
} }
u, err := ds.GetUser(login) u, err := ds.GetUser(token.Login)
if err == nil { if err == nil {
c.Set("user", u) c.Set("user", u)
} }

View file

@ -7,14 +7,13 @@ import (
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
"github.com/drone/drone/common" "github.com/drone/drone/common"
"github.com/drone/drone/common/httputil"
"github.com/drone/drone/settings" "github.com/drone/drone/settings"
"github.com/gorilla/securecookie" "github.com/gorilla/securecookie"
) )
type Session interface { type Session interface {
GenerateToken(*http.Request, *common.User) (string, error) GenerateToken(*http.Request, *common.Token) (string, error)
GetLogin(*http.Request) string GetLogin(*http.Request) *common.Token
} }
type session struct { type session struct {
@ -38,42 +37,49 @@ func New(s *settings.Session) Session {
// GenerateToken generates a JWT token for the user session // GenerateToken generates a JWT token for the user session
// that can be appended to the #access_token segment to // that can be appended to the #access_token segment to
// facilitate client-based OAuth2. // facilitate client-based OAuth2.
func (s *session) GenerateToken(r *http.Request, user *common.User) (string, error) { func (s *session) GenerateToken(r *http.Request, t *common.Token) (string, error) {
token := jwt.New(jwt.GetSigningMethod("HS256")) token := jwt.New(jwt.GetSigningMethod("HS256"))
token.Claims["user_id"] = user.Login token.Claims["login"] = t.Login
token.Claims["audience"] = httputil.GetURL(r) token.Claims["expiry"] = t.Expiry
token.Claims["expires"] = time.Now().UTC().Add(s.expire).Unix()
// add optional repos that can be
// access from this session.
if len(t.Repos) != 0 {
token.Claims["repos"] = t.Repos
}
// add optional scopes that can be
// applied to this session.
if len(t.Scopes) != 0 {
token.Claims["scope"] = t.Scopes
}
return token.SignedString(s.secret) return token.SignedString(s.secret)
} }
// GetLogin gets the currently authenticated user for the // GetLogin gets the currently authenticated user for the
// http.Request. The user details will be stored as either // http.Request. The user details will be stored as either
// a simple API token or JWT bearer token. // a simple API token or JWT bearer token.
func (s *session) GetLogin(r *http.Request) (_ string) { func (s *session) GetLogin(r *http.Request) *common.Token {
token := getToken(r) t := getToken(r)
if len(token) == 0 { if len(t) == 0 {
return return nil
} }
claims := getClaims(token, s.secret) claims := getClaims(t, s.secret)
if claims == nil || claims["user_id"] == nil { if claims == nil || claims["login"] == nil {
return return nil
} }
userid, ok := claims["user_id"].(string) loginv, ok := claims["login"]
if !ok { if !ok {
return return nil
} }
// tokenid, ok := claims["token_id"].(string) loginstr, ok := loginv.(string)
// if ok { if !ok {
// _, err := datastore.GetToken(c, int64(tokenid)) return nil
// if err != nil { }
// return nil
// }
// }
return userid return &common.Token{Login: loginstr}
} }
// getToken is a helper function that extracts the token // getToken is a helper function that extracts the token