2022-11-13 03:26:10 +00:00
package oidc
import (
"context"
"fmt"
"strings"
"time"
"github.com/ory/fosite"
"github.com/ory/fosite/token/hmac"
"github.com/ory/x/errorsx"
)
// HMACCoreStrategy implements oauth2.CoreStrategy. It's a copy of the oauth2.HMACSHAStrategy.
type HMACCoreStrategy struct {
Enigma * hmac . HMACStrategy
Config interface {
fosite . AccessTokenLifespanProvider
fosite . RefreshTokenLifespanProvider
fosite . AuthorizeCodeLifespanProvider
}
}
// AccessTokenSignature implements oauth2.AccessTokenStrategy.
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) AccessTokenSignature ( ctx context . Context , tokenString string ) string {
return h . Enigma . Signature ( tokenString )
2022-11-13 03:26:10 +00:00
}
// GenerateAccessToken implements oauth2.AccessTokenStrategy.
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) GenerateAccessToken ( ctx context . Context , _ fosite . Requester ) ( tokenString string , sig string , err error ) {
if tokenString , sig , err = h . Enigma . Generate ( ctx ) ; err != nil {
2022-11-13 03:26:10 +00:00
return "" , "" , err
}
2023-04-19 04:27:10 +00:00
return h . setPrefix ( tokenString , TokenPrefixPartAccessToken ) , sig , nil
2022-11-13 03:26:10 +00:00
}
// ValidateAccessToken implements oauth2.AccessTokenStrategy.
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) ValidateAccessToken ( ctx context . Context , r fosite . Requester , tokenString string ) ( err error ) {
2022-11-13 03:26:10 +00:00
var exp = r . GetSession ( ) . GetExpiresAt ( fosite . AccessToken )
if exp . IsZero ( ) && r . GetRequestedAt ( ) . Add ( h . Config . GetAccessTokenLifespan ( ctx ) ) . Before ( time . Now ( ) . UTC ( ) ) {
return errorsx . WithStack ( fosite . ErrTokenExpired . WithHintf ( "Access token expired at '%s'." , r . GetRequestedAt ( ) . Add ( h . Config . GetAccessTokenLifespan ( ctx ) ) ) )
}
if ! exp . IsZero ( ) && exp . Before ( time . Now ( ) . UTC ( ) ) {
return errorsx . WithStack ( fosite . ErrTokenExpired . WithHintf ( "Access token expired at '%s'." , exp ) )
}
2023-04-19 04:27:10 +00:00
return h . Enigma . Validate ( ctx , h . trimPrefix ( tokenString , TokenPrefixPartAccessToken ) )
2022-11-13 03:26:10 +00:00
}
// RefreshTokenSignature implements oauth2.RefreshTokenStrategy.
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) RefreshTokenSignature ( ctx context . Context , tokenString string ) string {
return h . Enigma . Signature ( tokenString )
2022-11-13 03:26:10 +00:00
}
// GenerateRefreshToken implements oauth2.RefreshTokenStrategy.
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) GenerateRefreshToken ( ctx context . Context , _ fosite . Requester ) ( tokenString string , sig string , err error ) {
if tokenString , sig , err = h . Enigma . Generate ( ctx ) ; err != nil {
2022-11-13 03:26:10 +00:00
return "" , "" , err
}
2023-04-19 04:27:10 +00:00
return h . setPrefix ( tokenString , TokenPrefixPartRefreshToken ) , sig , nil
2022-11-13 03:26:10 +00:00
}
// ValidateRefreshToken implements oauth2.RefreshTokenStrategy.
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) ValidateRefreshToken ( ctx context . Context , r fosite . Requester , tokenString string ) ( err error ) {
2022-11-13 03:26:10 +00:00
var exp = r . GetSession ( ) . GetExpiresAt ( fosite . RefreshToken )
2023-01-06 23:28:53 +00:00
2022-11-13 03:26:10 +00:00
if exp . IsZero ( ) {
2023-04-19 04:27:10 +00:00
return h . Enigma . Validate ( ctx , h . trimPrefix ( tokenString , TokenPrefixPartRefreshToken ) )
2022-11-13 03:26:10 +00:00
}
2023-01-06 23:28:53 +00:00
if exp . Before ( time . Now ( ) . UTC ( ) ) {
2022-11-13 03:26:10 +00:00
return errorsx . WithStack ( fosite . ErrTokenExpired . WithHintf ( "Refresh token expired at '%s'." , exp ) )
}
2023-04-19 04:27:10 +00:00
return h . Enigma . Validate ( ctx , h . trimPrefix ( tokenString , TokenPrefixPartRefreshToken ) )
2022-11-13 03:26:10 +00:00
}
// AuthorizeCodeSignature implements oauth2.AuthorizeCodeStrategy.
func ( h * HMACCoreStrategy ) AuthorizeCodeSignature ( ctx context . Context , token string ) string {
return h . Enigma . Signature ( token )
}
// GenerateAuthorizeCode implements oauth2.AuthorizeCodeStrategy.
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) GenerateAuthorizeCode ( ctx context . Context , _ fosite . Requester ) ( tokenString string , sig string , err error ) {
if tokenString , sig , err = h . Enigma . Generate ( ctx ) ; err != nil {
2022-11-13 03:26:10 +00:00
return "" , "" , err
}
2023-04-19 04:27:10 +00:00
return h . setPrefix ( tokenString , TokenPrefixPartAuthorizeCode ) , sig , nil
2022-11-13 03:26:10 +00:00
}
// ValidateAuthorizeCode implements oauth2.AuthorizeCodeStrategy.
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) ValidateAuthorizeCode ( ctx context . Context , r fosite . Requester , tokenString string ) ( err error ) {
2022-11-13 03:26:10 +00:00
var exp = r . GetSession ( ) . GetExpiresAt ( fosite . AuthorizeCode )
2023-01-06 23:28:53 +00:00
2022-11-13 03:26:10 +00:00
if exp . IsZero ( ) && r . GetRequestedAt ( ) . Add ( h . Config . GetAuthorizeCodeLifespan ( ctx ) ) . Before ( time . Now ( ) . UTC ( ) ) {
return errorsx . WithStack ( fosite . ErrTokenExpired . WithHintf ( "Authorize code expired at '%s'." , r . GetRequestedAt ( ) . Add ( h . Config . GetAuthorizeCodeLifespan ( ctx ) ) ) )
}
if ! exp . IsZero ( ) && exp . Before ( time . Now ( ) . UTC ( ) ) {
return errorsx . WithStack ( fosite . ErrTokenExpired . WithHintf ( "Authorize code expired at '%s'." , exp ) )
}
2023-04-19 04:27:10 +00:00
return h . Enigma . Validate ( ctx , h . trimPrefix ( tokenString , TokenPrefixPartAuthorizeCode ) )
2022-11-13 03:26:10 +00:00
}
func ( h * HMACCoreStrategy ) getPrefix ( part string ) string {
2023-03-06 03:58:50 +00:00
return h . getCustomPrefix ( tokenPrefixOrgAutheliaFmt , part )
}
2022-11-13 03:26:10 +00:00
2023-03-06 03:58:50 +00:00
func ( h * HMACCoreStrategy ) getCustomPrefix ( tokenPrefixFmt , part string ) string {
return fmt . Sprintf ( tokenPrefixFmt , part )
2022-11-13 03:26:10 +00:00
}
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) setPrefix ( tokenString , part string ) string {
return h . getPrefix ( part ) + tokenString
2022-11-13 03:26:10 +00:00
}
2023-01-06 23:28:53 +00:00
2023-04-19 04:27:10 +00:00
func ( h * HMACCoreStrategy ) trimPrefix ( tokenString , part string ) string {
if strings . HasPrefix ( tokenString , h . getCustomPrefix ( tokenPrefixOrgOryFmt , part ) ) {
return strings . TrimPrefix ( tokenString , h . getCustomPrefix ( tokenPrefixOrgOryFmt , part ) )
2023-03-06 03:58:50 +00:00
}
2023-04-19 04:27:10 +00:00
return strings . TrimPrefix ( tokenString , h . getPrefix ( part ) )
2023-01-06 23:28:53 +00:00
}