oauth2: correctly populate token expiry data
* Populate the field when needed * Convert it to a time instead of a duration
This commit is contained in:
parent
52bcf096c7
commit
95e73e66a0
|
@ -18,6 +18,7 @@ import (
|
|||
"encoding/json"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sorintlab/agola/internal/db"
|
||||
|
@ -133,9 +134,10 @@ func (h *CreateUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||
RemoteSourceName: req.CreateUserLARequest.RemoteSourceName,
|
||||
RemoteUserID: req.CreateUserLARequest.RemoteUserID,
|
||||
RemoteUserName: req.CreateUserLARequest.RemoteUserName,
|
||||
UserAccessToken: req.CreateUserLARequest.UserAccessToken,
|
||||
Oauth2AccessToken: req.CreateUserLARequest.Oauth2AccessToken,
|
||||
Oauth2RefreshToken: req.CreateUserLARequest.Oauth2RefreshToken,
|
||||
UserAccessToken: req.CreateUserLARequest.UserAccessToken,
|
||||
Oauth2AccessTokenExpiresAt: req.CreateUserLARequest.Oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -305,6 +307,7 @@ type CreateUserLARequest struct {
|
|||
UserAccessToken string `json:"user_access_token"`
|
||||
Oauth2AccessToken string `json:"oauth2_access_token"`
|
||||
Oauth2RefreshToken string `json:"oauth2_refresh_token"`
|
||||
Oauth2AccessTokenExpiresAt time.Time `json:"oauth_2_access_token_expires_at"`
|
||||
}
|
||||
|
||||
type CreateUserLAHandler struct {
|
||||
|
@ -333,9 +336,10 @@ func (h *CreateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
|
|||
RemoteSourceName: req.RemoteSourceName,
|
||||
RemoteUserID: req.RemoteUserID,
|
||||
RemoteUserName: req.RemoteUserName,
|
||||
UserAccessToken: req.UserAccessToken,
|
||||
Oauth2AccessToken: req.Oauth2AccessToken,
|
||||
Oauth2RefreshToken: req.Oauth2RefreshToken,
|
||||
UserAccessToken: req.UserAccessToken,
|
||||
Oauth2AccessTokenExpiresAt: req.Oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
user, err := h.ch.CreateUserLA(ctx, creq)
|
||||
if httpError(w, err) {
|
||||
|
@ -378,6 +382,7 @@ type UpdateUserLARequest struct {
|
|||
UserAccessToken string `json:"user_access_token"`
|
||||
Oauth2AccessToken string `json:"oauth2_access_token"`
|
||||
Oauth2RefreshToken string `json:"oauth2_refresh_token"`
|
||||
Oauth2AccessTokenExpiresAt time.Time `json:"oauth_2_access_token_expires_at"`
|
||||
}
|
||||
|
||||
type UpdateUserLAHandler struct {
|
||||
|
@ -407,9 +412,10 @@ func (h *UpdateUserLAHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
|
|||
LinkedAccountID: linkedAccountID,
|
||||
RemoteUserID: req.RemoteUserID,
|
||||
RemoteUserName: req.RemoteUserName,
|
||||
UserAccessToken: req.UserAccessToken,
|
||||
Oauth2AccessToken: req.Oauth2AccessToken,
|
||||
Oauth2RefreshToken: req.Oauth2RefreshToken,
|
||||
UserAccessToken: req.UserAccessToken,
|
||||
Oauth2AccessTokenExpiresAt: req.Oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
user, err := h.ch.UpdateUserLA(ctx, creq)
|
||||
if httpError(w, err) {
|
||||
|
|
|
@ -18,6 +18,7 @@ import (
|
|||
"context"
|
||||
"encoding/json"
|
||||
"path"
|
||||
"time"
|
||||
|
||||
"github.com/sorintlab/agola/internal/datamanager"
|
||||
"github.com/sorintlab/agola/internal/db"
|
||||
|
@ -316,6 +317,7 @@ func (s *CommandHandler) CreateUser(ctx context.Context, req *CreateUserRequest)
|
|||
UserAccessToken: req.CreateUserLARequest.UserAccessToken,
|
||||
Oauth2AccessToken: req.CreateUserLARequest.Oauth2AccessToken,
|
||||
Oauth2RefreshToken: req.CreateUserLARequest.Oauth2RefreshToken,
|
||||
Oauth2AccessTokenExpiresAt: req.CreateUserLARequest.Oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
|
||||
user.LinkedAccounts[la.ID] = la
|
||||
|
@ -407,6 +409,7 @@ type CreateUserLARequest struct {
|
|||
UserAccessToken string
|
||||
Oauth2AccessToken string
|
||||
Oauth2RefreshToken string
|
||||
Oauth2AccessTokenExpiresAt time.Time
|
||||
}
|
||||
|
||||
func (s *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequest) (*types.LinkedAccount, error) {
|
||||
|
@ -473,6 +476,7 @@ func (s *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequ
|
|||
UserAccessToken: req.UserAccessToken,
|
||||
Oauth2AccessToken: req.Oauth2AccessToken,
|
||||
Oauth2RefreshToken: req.Oauth2RefreshToken,
|
||||
Oauth2AccessTokenExpiresAt: req.Oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
|
||||
user.LinkedAccounts[la.ID] = la
|
||||
|
@ -562,6 +566,7 @@ type UpdateUserLARequest struct {
|
|||
UserAccessToken string
|
||||
Oauth2AccessToken string
|
||||
Oauth2RefreshToken string
|
||||
Oauth2AccessTokenExpiresAt time.Time
|
||||
}
|
||||
|
||||
func (s *CommandHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequest) (*types.LinkedAccount, error) {
|
||||
|
@ -617,6 +622,7 @@ func (s *CommandHandler) UpdateUserLA(ctx context.Context, req *UpdateUserLARequ
|
|||
la.UserAccessToken = req.UserAccessToken
|
||||
la.Oauth2AccessToken = req.Oauth2AccessToken
|
||||
la.Oauth2RefreshToken = req.Oauth2RefreshToken
|
||||
la.Oauth2AccessTokenExpiresAt = req.Oauth2AccessTokenExpiresAt
|
||||
|
||||
userj, err := json.Marshal(user)
|
||||
if err != nil {
|
||||
|
|
|
@ -17,6 +17,7 @@ package command
|
|||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"time"
|
||||
|
||||
gitsource "github.com/sorintlab/agola/internal/gitsources"
|
||||
csapi "github.com/sorintlab/agola/internal/services/configstore/api"
|
||||
|
@ -102,9 +103,10 @@ func (c *CommandHandler) CreateUserToken(ctx context.Context, req *CreateUserTok
|
|||
type CreateUserLARequest struct {
|
||||
UserName string
|
||||
RemoteSourceName string
|
||||
RemoteSourceUserAccessToken string
|
||||
RemoteSourceOauth2AccessToken string
|
||||
RemoteSourceOauth2RefreshToken string
|
||||
UserAccessToken string
|
||||
Oauth2AccessToken string
|
||||
Oauth2RefreshToken string
|
||||
Oauth2AccessTokenExpiresAt time.Time
|
||||
}
|
||||
|
||||
func (c *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequest) (*types.LinkedAccount, error) {
|
||||
|
@ -130,7 +132,7 @@ func (c *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequ
|
|||
return nil, util.NewErrBadRequest(errors.Errorf("user %q already have a linked account for remote source %q", userName, rs.Name))
|
||||
}
|
||||
|
||||
accessToken, err := common.GetAccessToken(rs.AuthType, req.RemoteSourceUserAccessToken, req.RemoteSourceOauth2AccessToken)
|
||||
accessToken, err := common.GetAccessToken(rs.AuthType, req.UserAccessToken, req.Oauth2AccessToken)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -151,9 +153,10 @@ func (c *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequ
|
|||
RemoteSourceName: req.RemoteSourceName,
|
||||
RemoteUserID: remoteUserInfo.ID,
|
||||
RemoteUserName: remoteUserInfo.LoginName,
|
||||
Oauth2AccessToken: req.RemoteSourceOauth2AccessToken,
|
||||
Oauth2RefreshToken: req.RemoteSourceOauth2RefreshToken,
|
||||
UserAccessToken: req.RemoteSourceUserAccessToken,
|
||||
UserAccessToken: req.UserAccessToken,
|
||||
Oauth2AccessToken: req.Oauth2AccessToken,
|
||||
Oauth2RefreshToken: req.Oauth2RefreshToken,
|
||||
Oauth2AccessTokenExpiresAt: req.Oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
|
||||
c.log.Infof("creating linked account")
|
||||
|
@ -169,9 +172,10 @@ func (c *CommandHandler) CreateUserLA(ctx context.Context, req *CreateUserLARequ
|
|||
type RegisterUserRequest struct {
|
||||
UserName string
|
||||
RemoteSourceName string
|
||||
RemoteSourceUserAccessToken string
|
||||
RemoteSourceOauth2AccessToken string
|
||||
RemoteSourceOauth2RefreshToken string
|
||||
UserAccessToken string
|
||||
Oauth2AccessToken string
|
||||
Oauth2RefreshToken string
|
||||
Oauth2AccessTokenExpiresAt time.Time
|
||||
}
|
||||
|
||||
func (c *CommandHandler) RegisterUser(ctx context.Context, req *RegisterUserRequest) (*types.User, error) {
|
||||
|
@ -188,7 +192,7 @@ func (c *CommandHandler) RegisterUser(ctx context.Context, req *RegisterUserRequ
|
|||
}
|
||||
c.log.Infof("rs: %s", util.Dump(rs))
|
||||
|
||||
accessToken, err := common.GetAccessToken(rs.AuthType, req.RemoteSourceUserAccessToken, req.RemoteSourceOauth2AccessToken)
|
||||
accessToken, err := common.GetAccessToken(rs.AuthType, req.UserAccessToken, req.Oauth2AccessToken)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -211,9 +215,10 @@ func (c *CommandHandler) RegisterUser(ctx context.Context, req *RegisterUserRequ
|
|||
RemoteSourceName: req.RemoteSourceName,
|
||||
RemoteUserID: remoteUserInfo.ID,
|
||||
RemoteUserName: remoteUserInfo.LoginName,
|
||||
Oauth2AccessToken: req.RemoteSourceOauth2AccessToken,
|
||||
Oauth2RefreshToken: req.RemoteSourceOauth2RefreshToken,
|
||||
UserAccessToken: req.RemoteSourceUserAccessToken,
|
||||
UserAccessToken: req.UserAccessToken,
|
||||
Oauth2AccessToken: req.Oauth2AccessToken,
|
||||
Oauth2RefreshToken: req.Oauth2RefreshToken,
|
||||
Oauth2AccessTokenExpiresAt: req.Oauth2AccessTokenExpiresAt,
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -229,9 +234,10 @@ func (c *CommandHandler) RegisterUser(ctx context.Context, req *RegisterUserRequ
|
|||
|
||||
type LoginUserRequest struct {
|
||||
RemoteSourceName string
|
||||
RemoteSourceUserAccessToken string
|
||||
RemoteSourceOauth2AccessToken string
|
||||
RemoteSourceOauth2RefreshToken string
|
||||
UserAccessToken string
|
||||
Oauth2AccessToken string
|
||||
Oauth2RefreshToken string
|
||||
Oauth2AccessTokenExpiresAt time.Time
|
||||
}
|
||||
|
||||
type LoginUserResponse struct {
|
||||
|
@ -246,7 +252,7 @@ func (c *CommandHandler) LoginUser(ctx context.Context, req *LoginUserRequest) (
|
|||
}
|
||||
c.log.Infof("rs: %s", util.Dump(rs))
|
||||
|
||||
accessToken, err := common.GetAccessToken(rs.AuthType, req.RemoteSourceUserAccessToken, req.RemoteSourceOauth2AccessToken)
|
||||
accessToken, err := common.GetAccessToken(rs.AuthType, req.UserAccessToken, req.Oauth2AccessToken)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -281,20 +287,21 @@ func (c *CommandHandler) LoginUser(ctx context.Context, req *LoginUserRequest) (
|
|||
}
|
||||
|
||||
// Update oauth tokens if they have changed since the getuserinfo request may have updated them
|
||||
if la.Oauth2AccessToken != req.RemoteSourceOauth2AccessToken ||
|
||||
la.Oauth2RefreshToken != req.RemoteSourceOauth2RefreshToken ||
|
||||
la.UserAccessToken != req.RemoteSourceUserAccessToken {
|
||||
if la.Oauth2AccessToken != req.Oauth2AccessToken ||
|
||||
la.Oauth2RefreshToken != req.Oauth2RefreshToken ||
|
||||
la.UserAccessToken != req.UserAccessToken {
|
||||
|
||||
la.Oauth2AccessToken = req.RemoteSourceOauth2AccessToken
|
||||
la.Oauth2RefreshToken = req.RemoteSourceOauth2RefreshToken
|
||||
la.UserAccessToken = req.RemoteSourceUserAccessToken
|
||||
la.Oauth2AccessToken = req.Oauth2AccessToken
|
||||
la.Oauth2RefreshToken = req.Oauth2RefreshToken
|
||||
la.UserAccessToken = req.UserAccessToken
|
||||
|
||||
creq := &csapi.UpdateUserLARequest{
|
||||
RemoteUserID: la.RemoteUserID,
|
||||
RemoteUserName: la.RemoteUserName,
|
||||
UserAccessToken: la.UserAccessToken,
|
||||
Oauth2AccessToken: la.Oauth2AccessToken,
|
||||
Oauth2RefreshToken: la.Oauth2RefreshToken,
|
||||
UserAccessToken: la.UserAccessToken,
|
||||
Oauth2AccessTokenExpiresAt: la.Oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
|
||||
c.log.Infof("updating user %q linked account", user.UserName)
|
||||
|
@ -318,9 +325,10 @@ func (c *CommandHandler) LoginUser(ctx context.Context, req *LoginUserRequest) (
|
|||
|
||||
type AuthorizeRequest struct {
|
||||
RemoteSourceName string
|
||||
RemoteSourceUserAccessToken string
|
||||
RemoteSourceOauth2AccessToken string
|
||||
RemoteSourceOauth2RefreshToken string
|
||||
UserAccessToken string
|
||||
Oauth2AccessToken string
|
||||
Oauth2RefreshToken string
|
||||
Oauth2AccessTokenExpiresAt time.Time
|
||||
}
|
||||
|
||||
type AuthorizeResponse struct {
|
||||
|
@ -335,7 +343,7 @@ func (c *CommandHandler) Authorize(ctx context.Context, req *AuthorizeRequest) (
|
|||
}
|
||||
c.log.Infof("rs: %s", util.Dump(rs))
|
||||
|
||||
accessToken, err := common.GetAccessToken(rs.AuthType, req.RemoteSourceUserAccessToken, req.RemoteSourceOauth2AccessToken)
|
||||
accessToken, err := common.GetAccessToken(rs.AuthType, req.UserAccessToken, req.Oauth2AccessToken)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -433,7 +441,7 @@ func (c *CommandHandler) HandleRemoteSourceAuth(ctx context.Context, remoteSourc
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cres, err := c.HandleRemoteSourceAuthRequest(ctx, requestType, string(requestj), accessToken, "", "")
|
||||
cres, err := c.HandleRemoteSourceAuthRequest(ctx, requestType, string(requestj), accessToken, "", "", time.Time{})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -464,7 +472,7 @@ type CreateUserLAResponse struct {
|
|||
LinkedAccount *types.LinkedAccount
|
||||
}
|
||||
|
||||
func (c *CommandHandler) HandleRemoteSourceAuthRequest(ctx context.Context, requestType RemoteSourceRequestType, requestString string, userAccessToken, Oauth2AccessToken, Oauth2RefreshToken string) (*RemoteSourceAuthResult, error) {
|
||||
func (c *CommandHandler) HandleRemoteSourceAuthRequest(ctx context.Context, requestType RemoteSourceRequestType, requestString string, userAccessToken, oauth2AccessToken, oauth2RefreshToken string, oauth2AccessTokenExpiresAt time.Time) (*RemoteSourceAuthResult, error) {
|
||||
switch requestType {
|
||||
case RemoteSourceRequestTypeCreateUserLA:
|
||||
var req *CreateUserLARequest
|
||||
|
@ -475,9 +483,10 @@ func (c *CommandHandler) HandleRemoteSourceAuthRequest(ctx context.Context, requ
|
|||
creq := &CreateUserLARequest{
|
||||
UserName: req.UserName,
|
||||
RemoteSourceName: req.RemoteSourceName,
|
||||
RemoteSourceUserAccessToken: userAccessToken,
|
||||
RemoteSourceOauth2AccessToken: Oauth2AccessToken,
|
||||
RemoteSourceOauth2RefreshToken: Oauth2RefreshToken,
|
||||
UserAccessToken: userAccessToken,
|
||||
Oauth2AccessToken: oauth2AccessToken,
|
||||
Oauth2RefreshToken: oauth2RefreshToken,
|
||||
Oauth2AccessTokenExpiresAt: oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
la, err := c.CreateUserLA(ctx, creq)
|
||||
if err != nil {
|
||||
|
@ -490,6 +499,29 @@ func (c *CommandHandler) HandleRemoteSourceAuthRequest(ctx context.Context, requ
|
|||
},
|
||||
}, nil
|
||||
|
||||
case RemoteSourceRequestTypeRegisterUser:
|
||||
var req *RegisterUserRequest
|
||||
if err := json.Unmarshal([]byte(requestString), &req); err != nil {
|
||||
return nil, errors.Errorf("failed to unmarshal request")
|
||||
}
|
||||
|
||||
creq := &RegisterUserRequest{
|
||||
UserName: req.UserName,
|
||||
RemoteSourceName: req.RemoteSourceName,
|
||||
UserAccessToken: userAccessToken,
|
||||
Oauth2AccessToken: oauth2AccessToken,
|
||||
Oauth2RefreshToken: oauth2RefreshToken,
|
||||
Oauth2AccessTokenExpiresAt: oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
cresp, err := c.RegisterUser(ctx, creq)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &RemoteSourceAuthResult{
|
||||
RequestType: requestType,
|
||||
Response: cresp,
|
||||
}, nil
|
||||
|
||||
case RemoteSourceRequestTypeLoginUser:
|
||||
var req *LoginUserRequest
|
||||
if err := json.Unmarshal([]byte(requestString), &req); err != nil {
|
||||
|
@ -498,9 +530,10 @@ func (c *CommandHandler) HandleRemoteSourceAuthRequest(ctx context.Context, requ
|
|||
|
||||
creq := &LoginUserRequest{
|
||||
RemoteSourceName: req.RemoteSourceName,
|
||||
RemoteSourceUserAccessToken: userAccessToken,
|
||||
RemoteSourceOauth2AccessToken: Oauth2AccessToken,
|
||||
RemoteSourceOauth2RefreshToken: Oauth2RefreshToken,
|
||||
UserAccessToken: userAccessToken,
|
||||
Oauth2AccessToken: oauth2AccessToken,
|
||||
Oauth2RefreshToken: oauth2RefreshToken,
|
||||
Oauth2AccessTokenExpiresAt: oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
cresp, err := c.LoginUser(ctx, creq)
|
||||
if err != nil {
|
||||
|
@ -519,9 +552,10 @@ func (c *CommandHandler) HandleRemoteSourceAuthRequest(ctx context.Context, requ
|
|||
|
||||
creq := &AuthorizeRequest{
|
||||
RemoteSourceName: req.RemoteSourceName,
|
||||
RemoteSourceUserAccessToken: userAccessToken,
|
||||
RemoteSourceOauth2AccessToken: Oauth2AccessToken,
|
||||
RemoteSourceOauth2RefreshToken: Oauth2RefreshToken,
|
||||
UserAccessToken: userAccessToken,
|
||||
Oauth2AccessToken: oauth2AccessToken,
|
||||
Oauth2RefreshToken: oauth2RefreshToken,
|
||||
Oauth2AccessTokenExpiresAt: oauth2AccessTokenExpiresAt,
|
||||
}
|
||||
cresp, err := c.Authorize(ctx, creq)
|
||||
if err != nil {
|
||||
|
@ -532,28 +566,6 @@ func (c *CommandHandler) HandleRemoteSourceAuthRequest(ctx context.Context, requ
|
|||
Response: cresp,
|
||||
}, nil
|
||||
|
||||
case RemoteSourceRequestTypeRegisterUser:
|
||||
var req *RegisterUserRequest
|
||||
if err := json.Unmarshal([]byte(requestString), &req); err != nil {
|
||||
return nil, errors.Errorf("failed to unmarshal request")
|
||||
}
|
||||
|
||||
creq := &RegisterUserRequest{
|
||||
UserName: req.UserName,
|
||||
RemoteSourceName: req.RemoteSourceName,
|
||||
RemoteSourceUserAccessToken: userAccessToken,
|
||||
RemoteSourceOauth2AccessToken: Oauth2AccessToken,
|
||||
RemoteSourceOauth2RefreshToken: Oauth2RefreshToken,
|
||||
}
|
||||
cresp, err := c.RegisterUser(ctx, creq)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &RemoteSourceAuthResult{
|
||||
RequestType: requestType,
|
||||
Response: cresp,
|
||||
}, nil
|
||||
|
||||
default:
|
||||
return nil, errors.Errorf("unknown request")
|
||||
}
|
||||
|
@ -603,5 +615,5 @@ func (c *CommandHandler) HandleOauth2Callback(ctx context.Context, code, state s
|
|||
return nil, err
|
||||
}
|
||||
|
||||
return c.HandleRemoteSourceAuthRequest(ctx, requestType, requestString, "", oauth2Token.AccessToken, oauth2Token.RefreshToken)
|
||||
return c.HandleRemoteSourceAuthRequest(ctx, requestType, requestString, "", oauth2Token.AccessToken, oauth2Token.RefreshToken, oauth2Token.Expiry)
|
||||
}
|
||||
|
|
|
@ -129,7 +129,7 @@ type LinkedAccount struct {
|
|||
|
||||
Oauth2AccessToken string `json:"oauth2_access_token,omitempty"`
|
||||
Oauth2RefreshToken string `json:"oauth2_refresh_token,omitempty"`
|
||||
Oauth2Expire time.Duration `json:"oauth2_expire,omitempty"`
|
||||
Oauth2AccessTokenExpiresAt time.Time `json:"oauth_2_access_token_expires_at,omitempty"`
|
||||
}
|
||||
|
||||
type Project struct {
|
||||
|
|
Loading…
Reference in New Issue