llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: add independent error message in token endpoint (#662)

Browse Source 
* fix: add independent error message in token endpoint

Signed-off-by: Steve0x2a <stevesough@gmail.com>

* fix: reduced use of variables

Signed-off-by: Steve0x2a <stevesough@gmail.com>

* fix: error messages use the same variable

Signed-off-by: Steve0x2a <stevesough@gmail.com>
This commit is contained in:
Yi Zhan 2022-04-14 10:22:56 +08:00 committed by GitHub
parent b178be9aef
commit 9877174780
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 57 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
object/token.go
View File

@ -58,6 +58,7 @@ type TokenWrapper struct {
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
Scope string `json:"scope"`
Error string `json:"error,omitempty"`
}
type IntrospectionResponse struct {
@ -306,23 +307,28 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
}
func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string) *TokenWrapper {
var errString string
application := GetApplicationByClientId(clientId)
if application == nil {
errString = "error: invalid client_id"
return &TokenWrapper{
AccessToken: "error: invalid client_id",
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
//Check if grantType is allowed in the current application
if !IsGrantTypeValid(grantType, application.GrantTypes) {
errString = fmt.Sprintf("error: grant_type: %s is not supported in this application", grantType)
return &TokenWrapper{
AccessToken: fmt.Sprintf("error: grant_type: %s is not supported in this application", grantType),
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
@ -338,11 +344,13 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
}
if err != nil {
errString = err.Error()
return &TokenWrapper{
AccessToken: err.Error(),
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
@ -361,62 +369,75 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
}
func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) *TokenWrapper {
var errString string
// check parameters
if grantType != "refresh_token" {
errString = "error: grant_type should be \"refresh_token\""
return &TokenWrapper{
AccessToken: "error: grant_type should be \"refresh_token\"",
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
application := GetApplicationByClientId(clientId)
if application == nil {
errString = "error: invalid client_id"
return &TokenWrapper{
AccessToken: "error: invalid client_id",
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
if clientSecret != "" && application.ClientSecret != clientSecret {
errString = "error: invalid client_secret"
return &TokenWrapper{
AccessToken: "error: invalid client_secret",
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
// check whether the refresh token is valid, and has not expired.
token := Token{RefreshToken: refreshToken}
existed, err := adapter.Engine.Get(&token)
if err != nil || !existed {
errString = "error: invalid refresh_token"
return &TokenWrapper{
AccessToken: "error: invalid refresh_token",
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
cert := getCertByApplication(application)
_, err = ParseJwtToken(refreshToken, cert)
if err != nil {
errString := fmt.Sprintf("error: %s", err.Error())
return &TokenWrapper{
AccessToken: fmt.Sprintf("error: %s", err.Error()),
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
// generate a new token
user := getUser(application.Organization, token.User)
if user.IsForbidden {
errString = "error: the user is forbidden to sign in, please contact the administrator"
return &TokenWrapper{
AccessToken: "error: the user is forbidden to sign in, please contact the administrator",
AccessToken: errString,
TokenType: "",
ExpiresIn: 0,
Scope: "",
Error: errString,
}
}
newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "", scope, host)

21
swagger/swagger.json
View File

@ -2797,11 +2797,11 @@
}
},
"definitions": {
"2026.0xc000380de0.false": {
"2127.0xc00036c600.false": {
"title": "false",
"type": "object"
},
"2060.0xc000380e10.false": {
"2161.0xc00036c630.false": {
"title": "false",
"type": "object"
},
@ -2818,10 +2818,10 @@
"type": "object",
"properties": {
"data": {
"$ref": "#/definitions/2026.0xc000380de0.false"
"$ref": "#/definitions/2127.0xc00036c600.false"
},
"data2": {
"$ref": "#/definitions/2060.0xc000380e10.false"
"$ref": "#/definitions/2161.0xc00036c630.false"
},
"msg": {
"type": "string"
@ -2842,10 +2842,10 @@
"type": "object",
"properties": {
"data": {
"$ref": "#/definitions/2026.0xc000380de0.false"
"$ref": "#/definitions/2127.0xc00036c600.false"
},
"data2": {
"$ref": "#/definitions/2060.0xc000380e10.false"
"$ref": "#/definitions/2161.0xc00036c630.false"
},
"msg": {
"type": "string"
@ -3648,6 +3648,9 @@
"access_token": {
"type": "string"
},
"error": {
"type": "string"
},
"expires_in": {
"type": "integer",
"format": "int64"
@ -3682,6 +3685,9 @@
"affiliation": {
"type": "string"
},
"alipay": {
"type": "string"
},
"apple": {
"type": "string"
},
@ -3721,6 +3727,9 @@
"email": {
"type": "string"
},
"emailVerified": {
"type": "boolean"
},
"facebook": {
"type": "string"
},

18
swagger/swagger.yml
View File

@ -1831,10 +1831,10 @@ paths:
schema:
$ref: '#/definitions/object.Userinfo'
definitions:
2026.0xc000380de0.false:
2127.0xc00036c600.false:
title: "false"
type: object
2060.0xc000380e10.false:
2161.0xc00036c630.false:
title: "false"
type: object
RequestForm:
@ -1848,9 +1848,9 @@ definitions:
type: object
properties:
data:
$ref: '#/definitions/2026.0xc000380de0.false'
$ref: '#/definitions/2127.0xc00036c600.false'
data2:
$ref: '#/definitions/2060.0xc000380e10.false'
$ref: '#/definitions/2161.0xc00036c630.false'
msg:
type: string
name:
@ -1864,9 +1864,9 @@ definitions:
type: object
properties:
data:
$ref: '#/definitions/2026.0xc000380de0.false'
$ref: '#/definitions/2127.0xc00036c600.false'
data2:
$ref: '#/definitions/2060.0xc000380e10.false'
$ref: '#/definitions/2161.0xc00036c630.false'
msg:
type: string
name:
@ -2407,6 +2407,8 @@ definitions:
properties:
access_token:
type: string
error:
type: string
expires_in:
type: integer
format: int64
@ -2430,6 +2432,8 @@ definitions:
type: string
affiliation:
type: string
alipay:
type: string
apple:
type: string
avatar:
@ -2456,6 +2460,8 @@ definitions:
type: string
email:
type: string
emailVerified:
type: boolean
facebook:
type: string
firstName: