llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: add independent error message in token endpoint (#662)

Browse Source 
* fix: add independent error message in token endpoint

Signed-off-by: Steve0x2a <stevesough@gmail.com>

* fix: reduced use of variables

Signed-off-by: Steve0x2a <stevesough@gmail.com>

* fix: error messages use the same variable

Signed-off-by: Steve0x2a <stevesough@gmail.com>
This commit is contained in:
Yi Zhan 2022-04-14 10:22:56 +08:00 committed by GitHub
parent b178be9aef
commit 9877174780
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 57 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
object/token.go
View File

@ -58,6 +58,7 @@ type TokenWrapper struct {
TokenType string `json:"token_type"` TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"` ExpiresIn int `json:"expires_in"`
Scope string `json:"scope"` Scope string `json:"scope"`
Error string `json:"error,omitempty"`
} }
type IntrospectionResponse struct { type IntrospectionResponse struct {
@ -306,23 +307,28 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
} }
func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string) *TokenWrapper { func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string) *TokenWrapper {
var errString string
application := GetApplicationByClientId(clientId) application := GetApplicationByClientId(clientId)
if application == nil { if application == nil {
errString = "error: invalid client_id"
return &TokenWrapper{ return &TokenWrapper{
AccessToken: "error: invalid client_id", AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
//Check if grantType is allowed in the current application //Check if grantType is allowed in the current application
if !IsGrantTypeValid(grantType, application.GrantTypes) { if !IsGrantTypeValid(grantType, application.GrantTypes) {
errString = fmt.Sprintf("error: grant_type: %s is not supported in this application", grantType)
return &TokenWrapper{ return &TokenWrapper{
AccessToken: fmt.Sprintf("error: grant_type: %s is not supported in this application", grantType), AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
@ -338,11 +344,13 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
} }
if err != nil { if err != nil {
errString = err.Error()
return &TokenWrapper{ return &TokenWrapper{
AccessToken: err.Error(), AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
@ -361,62 +369,75 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
} }
func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) *TokenWrapper { func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) *TokenWrapper {
var errString string
// check parameters // check parameters
if grantType != "refresh_token" { if grantType != "refresh_token" {
errString = "error: grant_type should be \"refresh_token\""
return &TokenWrapper{ return &TokenWrapper{
AccessToken: "error: grant_type should be \"refresh_token\"", AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
application := GetApplicationByClientId(clientId) application := GetApplicationByClientId(clientId)
if application == nil { if application == nil {
errString = "error: invalid client_id"
return &TokenWrapper{ return &TokenWrapper{
AccessToken: "error: invalid client_id", AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
if clientSecret != "" && application.ClientSecret != clientSecret { if clientSecret != "" && application.ClientSecret != clientSecret {
errString = "error: invalid client_secret"
return &TokenWrapper{ return &TokenWrapper{
AccessToken: "error: invalid client_secret", AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
// check whether the refresh token is valid, and has not expired. // check whether the refresh token is valid, and has not expired.
token := Token{RefreshToken: refreshToken} token := Token{RefreshToken: refreshToken}
existed, err := adapter.Engine.Get(&token) existed, err := adapter.Engine.Get(&token)
if err != nil || !existed { if err != nil || !existed {
errString = "error: invalid refresh_token"
return &TokenWrapper{ return &TokenWrapper{
AccessToken: "error: invalid refresh_token", AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
cert := getCertByApplication(application) cert := getCertByApplication(application)
_, err = ParseJwtToken(refreshToken, cert) _, err = ParseJwtToken(refreshToken, cert)
if err != nil { if err != nil {
errString := fmt.Sprintf("error: %s", err.Error())
return &TokenWrapper{ return &TokenWrapper{
AccessToken: fmt.Sprintf("error: %s", err.Error()), AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
// generate a new token // generate a new token
user := getUser(application.Organization, token.User) user := getUser(application.Organization, token.User)
if user.IsForbidden { if user.IsForbidden {
errString = "error: the user is forbidden to sign in, please contact the administrator"
return &TokenWrapper{ return &TokenWrapper{
AccessToken: "error: the user is forbidden to sign in, please contact the administrator", AccessToken: errString,
TokenType: "", TokenType: "",
ExpiresIn: 0, ExpiresIn: 0,
Scope: "", Scope: "",
Error: errString,
} }
} }
newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "", scope, host) newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "", scope, host)

21
swagger/swagger.json
View File

@ -2797,11 +2797,11 @@
} }
}, },
"definitions": { "definitions": {
"2026.0xc000380de0.false": { "2127.0xc00036c600.false": {
"title": "false", "title": "false",
"type": "object" "type": "object"
}, },
"2060.0xc000380e10.false": { "2161.0xc00036c630.false": {
"title": "false", "title": "false",
"type": "object" "type": "object"
}, },
@ -2818,10 +2818,10 @@
"type": "object", "type": "object",
"properties": { "properties": {
"data": { "data": {
"$ref": "#/definitions/2026.0xc000380de0.false" "$ref": "#/definitions/2127.0xc00036c600.false"
}, },
"data2": { "data2": {
"$ref": "#/definitions/2060.0xc000380e10.false" "$ref": "#/definitions/2161.0xc00036c630.false"
}, },
"msg": { "msg": {
"type": "string" "type": "string"
@ -2842,10 +2842,10 @@
"type": "object", "type": "object",
"properties": { "properties": {
"data": { "data": {
"$ref": "#/definitions/2026.0xc000380de0.false" "$ref": "#/definitions/2127.0xc00036c600.false"
}, },
"data2": { "data2": {
"$ref": "#/definitions/2060.0xc000380e10.false" "$ref": "#/definitions/2161.0xc00036c630.false"
}, },
"msg": { "msg": {
"type": "string" "type": "string"
@ -3648,6 +3648,9 @@
"access_token": { "access_token": {
"type": "string" "type": "string"
}, },
"error": {
"type": "string"
},
"expires_in": { "expires_in": {
"type": "integer", "type": "integer",
"format": "int64" "format": "int64"
@ -3682,6 +3685,9 @@
"affiliation": { "affiliation": {
"type": "string" "type": "string"
}, },
"alipay": {
"type": "string"
},
"apple": { "apple": {
"type": "string" "type": "string"
}, },
@ -3721,6 +3727,9 @@
"email": { "email": {
"type": "string" "type": "string"
}, },
"emailVerified": {
"type": "boolean"
},
"facebook": { "facebook": {
"type": "string" "type": "string"
}, },

18
swagger/swagger.yml
View File

@ -1831,10 +1831,10 @@ paths:
schema: schema:
$ref: '#/definitions/object.Userinfo' $ref: '#/definitions/object.Userinfo'
definitions: definitions:
2026.0xc000380de0.false: 2127.0xc00036c600.false:
title: "false" title: "false"
type: object type: object
2060.0xc000380e10.false: 2161.0xc00036c630.false:
title: "false" title: "false"
type: object type: object
RequestForm: RequestForm:
@ -1848,9 +1848,9 @@ definitions:
type: object type: object
properties: properties:
data: data:
$ref: '#/definitions/2026.0xc000380de0.false' $ref: '#/definitions/2127.0xc00036c600.false'
data2: data2:
$ref: '#/definitions/2060.0xc000380e10.false' $ref: '#/definitions/2161.0xc00036c630.false'
msg: msg:
type: string type: string
name: name:
@ -1864,9 +1864,9 @@ definitions:
type: object type: object
properties: properties:
data: data:
$ref: '#/definitions/2026.0xc000380de0.false' $ref: '#/definitions/2127.0xc00036c600.false'
data2: data2:
$ref: '#/definitions/2060.0xc000380e10.false' $ref: '#/definitions/2161.0xc00036c630.false'
msg: msg:
type: string type: string
name: name:
@ -2407,6 +2407,8 @@ definitions:
properties: properties:
access_token: access_token:
type: string type: string
error:
type: string
expires_in: expires_in:
type: integer type: integer
format: int64 format: int64
@ -2430,6 +2432,8 @@ definitions:
type: string type: string
affiliation: affiliation:
type: string type: string
alipay:
type: string
apple: apple:
type: string type: string
avatar: avatar:
@ -2456,6 +2460,8 @@ definitions:
type: string type: string
email: email:
type: string type: string
emailVerified:
type: boolean
facebook: facebook:
type: string type: string
firstName: firstName: