-
Notifications
You must be signed in to change notification settings - Fork 0
/
ohauth_test.go
73 lines (61 loc) · 1.7 KB
/
ohauth_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package ohauth
import (
"fmt"
"net/http"
"time"
"github.com/dgrijalva/jwt-go"
)
const authnKey = "MHcCAQEEIHG6obX5AhdkAjKdA2XhkoyHGyB3sdKlPK7BjGLTgPznoAoGCCqGSM49AwEHoUQDQgAEQQKD8BGFT1WBv2p9q2MbLFuTkRZnQYp8sBOp290kBv914R_M-pOEV2fdH8hCYhUYU31tv8qPog1z_a3771UaYA"
type TestAuthenticator struct {
URL *StrictURL
Key []byte
Tokenizer Tokenizer
}
func NewTestAuthenticator(u *StrictURL) (Authenticator, error) {
return &TestAuthenticator{u, []byte("monkeys"), NewJWTTokenizer(jwt.SigningMethodHS256)}, nil
}
func (a *TestAuthenticator) Verify(sig string, client *Client) (*TokenClaims, error) {
return a.Tokenizer.Parse(sig, a.Key)
}
func (a *TestAuthenticator) AuthenticateCredentials(username, password string, client *Client) (*TokenClaims, error) {
iat := time.Now()
exp := iat.Add(1 * time.Hour)
tc := NewTokenClaims(RoleIdentity, iat, exp)
tc.Issuer = a.URL.String()
tc.Subject = username
tc.Audience = client.ID
return tc, nil
}
func (a *TestAuthenticator) AuthenticateRequest(r *http.Request, client *Client) (*TokenClaims, error) {
c, err := r.Cookie("sid")
if err == http.ErrNoCookie {
return nil, nil
}
if err != nil {
return nil, err
}
if !c.HttpOnly || !c.Secure {
return nil, fmt.Errorf("unsafe session cookie cannot be used for authentication")
}
return a.Verify(c.Value, client)
}
var testProvider *Provider
func init() {
authz, err := ParseURL("https://authz.example.com")
if err != nil {
panic(err)
}
authn, err := ParseURL("https://authn.example.com")
if err != nil {
panic(err)
}
a, err := NewTestAuthenticator(authn)
if err != nil {
panic(err)
}
s, err := NewTestingStore()
if err != nil {
panic(err)
}
testProvider = NewProvider(authz, a, s)
}