Skip to content
Snippets Groups Projects
Commit f6055194 authored by Nicolas Pernoud's avatar Nicolas Pernoud
Browse files

chore: refactored tokens

parent 2b74657f
No related branches found
No related tags found
No related merge requests found
......@@ -106,7 +106,7 @@ func CreateOIDCServer() *http.ServeMux {
// Store the client data in a cookie
rd.State = query.Get("state")
rd.Sirent = query.Get("sirent")
tokens.Manager.StoreData(rd, "localhost", "clientRequestData", 600*time.Second, w) // TODO : 60 seconds
tokens.CreateCookie(rd, "localhost", "clientRequestData", 600*time.Second, w) // TODO : 60 seconds
// Redirect to France Connect with the callback as parameter
// TODO : France Connect parameters as env variables
......@@ -180,7 +180,7 @@ func CreateOIDCServer() *http.ServeMux {
// Get back the redirect url from the cookie
rd := clientRequestData{}
_, err = tokens.Manager.ExtractAndValidateToken(r, "clientRequestData", &rd, false)
_, err = tokens.ExtractAndValidateToken(r, "clientRequestData", &rd, false)
fmt.Printf("Request Data:%v\n", rd)
if err != nil {
http.Error(w, "could not get the initial client request data from cookie", http.StatusInternalServerError)
......@@ -215,7 +215,7 @@ func CreateOIDCServer() *http.ServeMux {
Id: i,
E: s,
}
code, err := tokens.Manager.CreateToken(tokenData, time.Now().Add(60*time.Second))
code, err := tokens.CreateToken(tokenData, time.Now().Add(60*time.Second))
if err != nil {
http.Error(w, "could not create an authorisation code", http.StatusInternalServerError)
return
......@@ -249,7 +249,7 @@ func CreateOIDCServer() *http.ServeMux {
}
// Get and decode the autorisation code
var id GLCId
_, err := tokens.Manager.ExtractAndValidateToken(r, "", &id, false)
_, err := tokens.ExtractAndValidateToken(r, "", &id, false)
if err != nil {
http.Error(w, "authorization code is invalid: "+err.Error(), http.StatusBadRequest)
return
......
......@@ -22,8 +22,8 @@ import (
var (
now = time.Now
// Manager is the current token manager
Manager manager
// m is the current token manager
m manager
)
// manager manages tokens
......@@ -34,7 +34,7 @@ type manager struct {
// Init inits the main token manager
func init() {
Manager = newManager()
m = newManager()
}
// newManager creates a manager
......@@ -54,8 +54,7 @@ func newManager() manager {
}
log.Logger.Printf("Token signing key set : %v\n", string(keyConfig.Key))
return manager{
key: keyConfig.Key,
debugMode: common.BoolValueFromEnv("DEBUG_MODE", false),
key: keyConfig.Key,
}
}
......@@ -66,10 +65,10 @@ type Token struct {
Data []byte
}
// StoreData creates a token with the given data and returns it in a cookie
func (m manager) StoreData(data interface{}, hostName string, cookieName string, duration time.Duration, w http.ResponseWriter) {
// CreateCookie creates a token with the given data and returns it in a cookie
func CreateCookie(data interface{}, hostName string, cookieName string, duration time.Duration, w http.ResponseWriter) {
expiration := now().Add(duration)
value, err := m.CreateToken(data, expiration)
value, err := CreateToken(data, expiration)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
......@@ -79,7 +78,7 @@ func (m manager) StoreData(data interface{}, hostName string, cookieName string,
}
// CreateToken creates a token with the given data
func (m manager) CreateToken(data interface{}, expiration time.Time) (string, error) {
func CreateToken(data interface{}, expiration time.Time) (string, error) {
// Marshall the data
d, err := json.Marshal(data)
if err != nil {
......@@ -97,7 +96,10 @@ func (m manager) CreateToken(data interface{}, expiration time.Time) (string, er
}
// Compress with deflate
var csToken bytes.Buffer
c, err := flate.NewWriter(&csToken, flate.BestCompression)
var c *flate.Writer
if c, err = flate.NewWriter(&csToken, flate.BestCompression); err != nil {
return "", err
}
if _, err := c.Write(sToken); err != nil {
return "", err
}
......@@ -112,7 +114,7 @@ func (m manager) CreateToken(data interface{}, expiration time.Time) (string, er
}
// ExtractAndValidateToken extracts the token from the request, validates it, and return the data n the value pointed to by v
func (m manager) ExtractAndValidateToken(r *http.Request, cookieName string, v interface{}, checkXSRF bool) (bool, error) {
func ExtractAndValidateToken(r *http.Request, cookieName string, v interface{}, checkXSRF bool) (bool, error) {
becsToken, checkXSRF, err := func(r *http.Request, checkXSRF bool) (string, bool, error) {
// Try to extract from the cookie
cookie, err := r.Cookie(cookieName)
......@@ -128,13 +130,13 @@ func (m manager) ExtractAndValidateToken(r *http.Request, cookieName string, v i
}(r, checkXSRF)
if err == nil {
return checkXSRF, m.unstoreData(becsToken, v)
return checkXSRF, unstoreData(becsToken, v)
}
return false, err
}
// unstoreData decrypt, uncompress, unserialize the token, and returns the data n the value pointed to by v
func (m manager) unstoreData(becsToken string, v interface{}) error {
func unstoreData(becsToken string, v interface{}) error {
// Decrypt the token
ecsToken, err := base64.StdEncoding.DecodeString(becsToken)
if err != nil {
......@@ -167,6 +169,10 @@ func (m manager) unstoreData(becsToken string, v interface{}) error {
}
// Update the data
err = json.Unmarshal(token.Data, v)
if err != nil {
return fmt.Errorf("failed to unmarshall data")
}
// Return no error if everything is fine
return nil
}
......
......@@ -43,14 +43,14 @@ func TestManagerCreateTokenUnStoreData(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
m := manager{
m = manager{
key: tt.fields.encryptKey,
debugMode: tt.fields.debugMode,
}
token, _ := m.CreateToken(tt.args.data, tt.args.expiration)
token, _ := CreateToken(tt.args.data, tt.args.expiration)
m.key = tt.fields.decryptKey
v := user{}
err := m.unstoreData(token, &v)
err := unstoreData(token, &v)
got := tt.args.data == v
if (err != nil) != tt.wantErr {
t.Errorf("manager.(un)storeData() error = %v, wantErr %v", err, tt.wantErr)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment