add client check for code and refresh token lookup

divoxx · divoxx · commit 7c8355eb1153 · 2017-05-15T09:53:26.000-07:00
diff --git a/authorization_code_grant_type.go b/authorization_code_grant_type.go
@@ -69,7 +69,7 @@ func (gt AuthorizationCodeGrantType) TokenHandler(c *Client, ew *EncoderResponse
 		return
 	}
 
-	auth, err := gt.persistence.GetAuthorizationByCode(code)
+	auth, err := gt.persistence.GetAuthorizationByCode(c, code)
 	if err != nil {
 		log.Println("couldn't find authorization for code:", err)
 		ew.Encode(ErrInvalidGrant)
diff --git a/backend.go b/backend.go
@@ -33,9 +33,9 @@ type PersistenceBackend interface {
 	//*
 	// Authorization persistence
 	//*
-	GetAuthorizationByCode(code string) (*Authorization, error)
+	GetAuthorizationByCode(c *Client, code string) (*Authorization, error)
+	GetAuthorizationByRefreshToken(c *Client, refreshToken string) (*Authorization, error)
 	GetAuthorizationByAccessToken(accessToken string) (*Authorization, error)
-	GetAuthorizationByRefreshToken(refreshToken string) (*Authorization, error)
 	SaveAuthorization(a *Authorization) error
 
 	//*
diff --git a/in_memory_persistence.go b/in_memory_persistence.go
@@ -61,33 +61,33 @@ func (b *InMemoryPersistence) SaveAuthorization(a *Authorization) error {
 }
 
 // GetAuthorizationByCode takes a code and look it up
-func (b *InMemoryPersistence) GetAuthorizationByCode(code string) (*Authorization, error) {
+func (b *InMemoryPersistence) GetAuthorizationByCode(c *Client, code string) (*Authorization, error) {
 	for _, a := range b.authorizations {
-		if a.Code == code {
+		if a.Client == c && a.Code == code {
 			return a, nil
 		}
 	}
 
 	return nil, ErrNotFound
 }
 
-// GetAuthorizationByAccessToken takes an access token and returns the authorization
+// GetAuthorizationByRefreshToken takes an access token and returns the authorization
 // it represents, if exists.
-func (b *InMemoryPersistence) GetAuthorizationByAccessToken(accessToken string) (*Authorization, error) {
+func (b *InMemoryPersistence) GetAuthorizationByRefreshToken(c *Client, refreshToken string) (*Authorization, error) {
 	for _, a := range b.authorizations {
-		if a.AccessToken == accessToken {
+		if a.Client == c && a.RefreshToken == refreshToken {
 			return a, nil
 		}
 	}
 
 	return nil, ErrNotFound
 }
 
-// GetAuthorizationByRefreshToken takes an access token and returns the authorization
+// GetAuthorizationByAccessToken takes an access token and returns the authorization
 // it represents, if exists.
-func (b *InMemoryPersistence) GetAuthorizationByRefreshToken(refreshToken string) (*Authorization, error) {
+func (b *InMemoryPersistence) GetAuthorizationByAccessToken(accessToken string) (*Authorization, error) {
 	for _, a := range b.authorizations {
-		if a.RefreshToken == refreshToken {
+		if a.AccessToken == accessToken {
 			return a, nil
 		}
 	}
diff --git a/refresh_token_grant_type.go b/refresh_token_grant_type.go
@@ -52,7 +52,7 @@ func (gt RefreshTokenGrantType) TokenHandler(c *Client, ew *EncoderResponseWrite
 		return
 	}
 
-	auth, err := gt.persistence.GetAuthorizationByRefreshToken(refreshToken)
+	auth, err := gt.persistence.GetAuthorizationByRefreshToken(c, refreshToken)
 	if err != nil {
 		log.Println("invalid refresh token:", refreshToken)
 		ew.Encode(ErrInvalidGrant)

Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ func (gt AuthorizationCodeGrantType) TokenHandler(c Client, ew EncoderResponse`
`69`	`69`	`return`
`70`	`70`	`}`
`71`	`71`
`72`		`- auth, err := gt.persistence.GetAuthorizationByCode(code)`
	`72`	`+ auth, err := gt.persistence.GetAuthorizationByCode(c, code)`
`73`	`73`	`if err != nil {`
`74`	`74`	`log.Println("couldn't find authorization for code:", err)`
`75`	`75`	`ew.Encode(ErrInvalidGrant)`
Original file line number	Diff line number	Diff line change
`@@ -61,33 +61,33 @@ func (b InMemoryPersistence) SaveAuthorization(a Authorization) error {`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`// GetAuthorizationByCode takes a code and look it up`
`64`		`-func (b InMemoryPersistence) GetAuthorizationByCode(code string) (Authorization, error) {`
	`64`	`+func (b InMemoryPersistence) GetAuthorizationByCode(c Client, code string) (*Authorization, error) {`
`65`	`65`	`for _, a := range b.authorizations {`
`66`		`- if a.Code == code {`
	`66`	`+ if a.Client == c && a.Code == code {`
`67`	`67`	`return a, nil`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`return nil, ErrNotFound`
`72`	`72`	`}`
`73`	`73`
`74`		`-// GetAuthorizationByAccessToken takes an access token and returns the authorization`
	`74`	`+// GetAuthorizationByRefreshToken takes an access token and returns the authorization`
`75`	`75`	`// it represents, if exists.`
`76`		`-func (b InMemoryPersistence) GetAuthorizationByAccessToken(accessToken string) (Authorization, error) {`
	`76`	`+func (b InMemoryPersistence) GetAuthorizationByRefreshToken(c Client, refreshToken string) (*Authorization, error) {`
`77`	`77`	`for _, a := range b.authorizations {`
`78`		`- if a.AccessToken == accessToken {`
	`78`	`+ if a.Client == c && a.RefreshToken == refreshToken {`
`79`	`79`	`return a, nil`
`80`	`80`	`}`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`return nil, ErrNotFound`
`84`	`84`	`}`
`85`	`85`
`86`		`-// GetAuthorizationByRefreshToken takes an access token and returns the authorization`
	`86`	`+// GetAuthorizationByAccessToken takes an access token and returns the authorization`
`87`	`87`	`// it represents, if exists.`
`88`		`-func (b InMemoryPersistence) GetAuthorizationByRefreshToken(refreshToken string) (Authorization, error) {`
	`88`	`+func (b InMemoryPersistence) GetAuthorizationByAccessToken(accessToken string) (Authorization, error) {`
`89`	`89`	`for _, a := range b.authorizations {`
`90`		`- if a.RefreshToken == refreshToken {`
	`90`	`+ if a.AccessToken == accessToken {`
`91`	`91`	`return a, nil`
`92`	`92`	`}`
`93`	`93`	`}`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ func (gt RefreshTokenGrantType) TokenHandler(c Client, ew EncoderResponseWrite`
`52`	`52`	`return`
`53`	`53`	`}`
`54`	`54`
`55`		`- auth, err := gt.persistence.GetAuthorizationByRefreshToken(refreshToken)`
	`55`	`+ auth, err := gt.persistence.GetAuthorizationByRefreshToken(c, refreshToken)`
`56`	`56`	`if err != nil {`
`57`	`57`	`log.Println("invalid refresh token:", refreshToken)`
`58`	`58`	`ew.Encode(ErrInvalidGrant)`