Change User to be interface

Author: divoxx

assertion_jwt_grant_type.go

@@ -38,7 +38,7 @@ func (gt *AssertionJWTGrantType) SetPersistenceBackend(p PersistenceBackend) {
 	gt.persistence = p
 }
 
-func (gt AssertionJWTGrantType) AuthzHandler(c *Client, u *User, scope string, req *http.Request) (url.Values, error) {
+func (gt AssertionJWTGrantType) AuthzHandler(c *Client, u User, scope string, req *http.Request) (url.Values, error) {
 	return nil, nil
 }
 

authorization_code_grant_type.go

@@ -35,7 +35,7 @@ func (gt *AuthorizationCodeGrantType) SetPersistenceBackend(p PersistenceBackend
 	gt.persistence = p
 }
 
-func (gt AuthorizationCodeGrantType) AuthzHandler(c *Client, u *User, scope string, req *http.Request) (url.Values, error) {
+func (gt AuthorizationCodeGrantType) AuthzHandler(c *Client, u User, scope string, req *http.Request) (url.Values, error) {
 	auth, err := NewAuthorization(c, u, scope, true, true)
 	if err != nil {
 		log.Println(err)

backend.go

@@ -52,12 +52,12 @@ type PersistenceBackend interface {
 	//*
 	// User persistence
 	//*
-	GetUserByUsername(username string) (*User, error)
+	GetUserByUsername(username string) (User, error)
 }
 
 type AuthorizationPageData struct {
 	Client *Client
-	User   *User
+	User   User
 	Scopes []*Scope
 }
 
@@ -77,5 +77,5 @@ type HTTPBackend interface {
 	// the current logged in user or generate a response that will allow the
 	// user to login, such as a redirect. If the later happens, both User and
 	// error should be nil.
-	AuthenticateRequest(c *Client, w http.ResponseWriter, req *http.Request) (*User, error)
+	AuthenticateRequest(c *Client, w http.ResponseWriter, req *http.Request) (User, error)
 }

client_credentials_grant_type.go

@@ -35,7 +35,7 @@ func (gt *ClientCredentialsGrantType) SetPersistenceBackend(p PersistenceBackend
 	gt.persistence = p
 }
 
-func (gt ClientCredentialsGrantType) AuthzHandler(c *Client, u *User, scope string, req *http.Request) (url.Values, error) {
+func (gt ClientCredentialsGrantType) AuthzHandler(c *Client, u User, scope string, req *http.Request) (url.Values, error) {
 	return nil, nil
 }
 

common.go

@@ -25,9 +25,9 @@ import (
 	"time"
 )
 
-type User struct {
-	Username string
-	Password string
+type User interface {
+	GetUsername() string
+	CheckPassword(password string) bool
 }
 
 type Client struct {
@@ -69,7 +69,7 @@ type Scope struct {
 
 type Authorization struct {
 	Client *Client `json:"-"`
-	User   *User   `json:"-"`
+	User   User    `json:"-"`
 
 	Code         string    `json:"-"`
 	CreatedAt    time.Time `json:"-"`
@@ -80,7 +80,7 @@ type Authorization struct {
 	Scope        string    `json:"scope"`
 }
 
-func NewAuthorization(c *Client, u *User, scope string, refresh bool, code bool) (*Authorization, error) {
+func NewAuthorization(c *Client, u User, scope string, refresh bool, code bool) (*Authorization, error) {
 	a := Authorization{
 		Client:    c,
 		User:      u,

in_memory_persistence.go

@@ -18,7 +18,7 @@ package oauth2
 
 type inMemoryAuthKey struct {
 	Client *Client
-	User   *User
+	User   User
 }
 
 // InMemoryPersistence is a simple backend implementation that keeps all data
@@ -33,7 +33,7 @@ type InMemoryPersistence struct {
 
 	// users holds the references to existing users in the system,
 	// indexed by their login
-	users map[string]*User
+	users map[string]User
 
 	// authorizations holds the existing authorizations indexed by
 	// access token
@@ -47,7 +47,7 @@ func NewInMemoryPersistence(validPassword string) *InMemoryPersistence {
 	return &InMemoryPersistence{
 		validPassword:  validPassword,
 		clients:        make(map[string]*Client),
-		users:          make(map[string]*User),
+		users:          make(map[string]User),
 		authorizations: make(map[inMemoryAuthKey]*Authorization),
 		scopes:         make(map[string]*Scope),
 	}
@@ -134,27 +134,17 @@ func (b *InMemoryPersistence) SaveScope(s *Scope) error {
 }
 
 // GetUserByUsername lookup the user that matches the login
-func (b *InMemoryPersistence) GetUserByUsername(username string) (*User, error) {
+func (b *InMemoryPersistence) GetUserByUsername(username string) (User, error) {
 	u, exst := b.users[username]
 	if !exst {
 		return nil, ErrNotFound
 	}
 	return u, nil
 }
 
-// GetUserByCredentials lookup the user that matches the username and password
-func (b *InMemoryPersistence) GetUserByCredentials(username, password string) (*User, error) {
-	u, exst := b.users[username]
-	if !exst || password != "validpassword" {
-		return nil, ErrAccessDenied
-	}
-
-	return u, nil
-}
-
 // SaveUser persists the user in the backend, it's not part of the Backend interface
 // but we need a way to add users to the Backend.
-func (b *InMemoryPersistence) SaveUser(u *User) error {
-	b.users[u.Username] = u
+func (b *InMemoryPersistence) SaveUser(u User) error {
+	b.users[u.GetUsername()] = u
 	return nil
 }

integration_test.go

@@ -67,11 +67,24 @@ var (
 `))
 )
 
+type User struct {
+	Username string
+	Password string
+}
+
+func (u User) GetUsername() string {
+	return u.Username
+}
+
+func (u User) CheckPassword(password string) bool {
+	return u.Password == password
+}
+
 type testHTTPBackend struct {
-	AutoLogin *oauth2.User
+	AutoLogin *User
 }
 
-func (b *testHTTPBackend) AuthenticateRequest(c *oauth2.Client, w http.ResponseWriter, req *http.Request) (*oauth2.User, error) {
+func (b *testHTTPBackend) AuthenticateRequest(c *oauth2.Client, w http.ResponseWriter, req *http.Request) (oauth2.User, error) {
 	return b.AutoLogin, nil
 }
 
@@ -95,7 +108,7 @@ func setupProvider() (oauth2.PersistenceBackend, *oauth2.ClientAgent, *httptest.
 		panic(err)
 	}
 
-	user := oauth2.User{Username: "username"}
+	user := User{Username: "username", Password: "validpassword"}
 	if err := inMemory.SaveUser(&user); err != nil {
 		panic(err)
 	}
@@ -168,7 +181,7 @@ func TestAuthorizationCodeGrantType(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if persistedAuth.Client.ID != clt.ID || persistedAuth.User.Username != "username" {
+	if persistedAuth.Client.ID != clt.ID || persistedAuth.User.GetUsername() != "username" {
 		t.Errorf("Authorization does not match client or user")
 	}
 
@@ -192,7 +205,7 @@ func TestAuthorizationCodeGrantType(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if refreshedPersistedAuth.Client.ID != clt.ID || refreshedPersistedAuth.User.Username != "username" {
+	if refreshedPersistedAuth.Client.ID != clt.ID || refreshedPersistedAuth.User.GetUsername() != "username" {
 		t.Errorf("Authorization does not match client or user")
 	}
 
@@ -247,7 +260,7 @@ func TestPasswordGrantType(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if a2.Client.ID != clt.ID || a2.User.Username != "username" {
+	if a2.Client.ID != clt.ID || a2.User.GetUsername() != "username" {
 		t.Errorf("Authorization does not match client or user")
 	}
 
@@ -282,7 +295,7 @@ func TestAssertionGrantType(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if a2.Client.ID != clt.ID || a2.User.Username != "username" {
+	if a2.Client.ID != clt.ID || a2.User.GetUsername() != "username" {
 		t.Errorf("Authorization does not match client or user")
 	}
 

provider.go

@@ -27,7 +27,7 @@ import (
 type GrantType interface {
 	RegistrationInfo() (string, string)
 	SetPersistenceBackend(PersistenceBackend)
-	AuthzHandler(c *Client, u *User, scope string, req *http.Request) (url.Values, error)
+	AuthzHandler(c *Client, u User, scope string, req *http.Request) (url.Values, error)
 	TokenHandler(c *Client, ew *EncoderResponseWriter, req *http.Request)
 }
 

refresh_token_grant_type.go

@@ -34,7 +34,7 @@ func (gt *RefreshTokenGrantType) SetPersistenceBackend(p PersistenceBackend) {
 	gt.persistence = p
 }
 
-func (gt RefreshTokenGrantType) AuthzHandler(c *Client, u *User, scope string, req *http.Request) (url.Values, error) {
+func (gt RefreshTokenGrantType) AuthzHandler(c *Client, u User, scope string, req *http.Request) (url.Values, error) {
 	return nil, nil
 }
 

resource_owner_credentials_grant_type.go

@@ -34,7 +34,7 @@ func (gt *ResourceOwnerCredentialsGrantType) SetPersistenceBackend(p Persistence
 	gt.persistence = p
 }
 
-func (gt ResourceOwnerCredentialsGrantType) AuthzHandler(c *Client, u *User, scope string, req *http.Request) (url.Values, error) {
+func (gt ResourceOwnerCredentialsGrantType) AuthzHandler(c *Client, u User, scope string, req *http.Request) (url.Values, error) {
 	return nil, nil
 }
 
@@ -63,7 +63,7 @@ func (gt ResourceOwnerCredentialsGrantType) TokenHandler(c *Client, ew *EncoderR
 		ew.Encode(ErrAccessDenied)
 		return
 	}
-	if !secureCompare([]byte(username), []byte(u.Username)) {
+	if !u.CheckPassword(password) {
 		log.Println("invalid password")
 		ew.Encode(ErrAccessDenied)
 		return