updates

Author: KenWilliamson

go.mod

@@ -4,10 +4,11 @@ go 1.12
 
 require (
 	github.com/Ulbora/dbinterface v1.0.5
-	github.com/Ulbora/dbinterface_mysql v1.0.5
-	github.com/gbrlsnchs/jwt/v3 v3.0.0-rc.0
+	github.com/Ulbora/dbinterface_mysql v1.0.6
+	github.com/gbrlsnchs/jwt/v3 v3.0.0-rc.1
 	github.com/gorilla/mux v1.7.3
 	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 // indirect
+	golang.org/x/sys v0.0.0-20190606165138-5da285871e9c // indirect
 	golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 // indirect
-	google.golang.org/appengine v1.6.3 // indirect
+	google.golang.org/appengine v1.6.5 // indirect
 )

go.sum

@@ -12,13 +12,18 @@ github.com/Ulbora/dbinterface_mysql v1.0.4 h1:LlpHjiE/dL+S/tiz6ZcXsAOwE2Ef6HyGbo
 github.com/Ulbora/dbinterface_mysql v1.0.4/go.mod h1:8XA1eoibXMbJNIfL5mvl7b77FZPSRewInYCNFRC65AQ=
 github.com/Ulbora/dbinterface_mysql v1.0.5 h1:tGPEBie+u4V6ob71ocy3e9XQ+mWkCCs8NbBvN8AzjoI=
 github.com/Ulbora/dbinterface_mysql v1.0.5/go.mod h1:8XA1eoibXMbJNIfL5mvl7b77FZPSRewInYCNFRC65AQ=
+github.com/Ulbora/dbinterface_mysql v1.0.6 h1:NBWVtCmz5VwqXLHPlYSg3Um3hTu9uSVFLIU3x0yT5+8=
+github.com/Ulbora/dbinterface_mysql v1.0.6/go.mod h1:8XA1eoibXMbJNIfL5mvl7b77FZPSRewInYCNFRC65AQ=
 github.com/gbrlsnchs/jwt v1.1.0 h1:Gh2CoXcIfk8/LxV8ks0GDOmUDCpVIrw8Oa34Ozmw/10=
 github.com/gbrlsnchs/jwt/v3 v3.0.0-rc.0 h1:7KeiSrO5puFH1+vdAdbpiie2TrNnkvFc/eOQzT60Z2k=
 github.com/gbrlsnchs/jwt/v3 v3.0.0-rc.0/go.mod h1:D1+3UtCYAJ1os1PI+zhTVEj6Tb+IHJvXjXKz83OstmM=
+github.com/gbrlsnchs/jwt/v3 v3.0.0-rc.1 h1:/opyYiz6HZoBVAU8ypemFOTtzuKFE9kiKstP6RYE1Z4=
+github.com/gbrlsnchs/jwt/v3 v3.0.0-rc.1/go.mod h1:JEL7eYb4ETfz9AYni+/4BV09MrMgGwju0G/k4XF8QMg=
 github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=
 github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
@@ -31,9 +36,11 @@ golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
 golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -53,7 +60,10 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190710153321-831012c29e42/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
+golang.org/x/tools v0.0.0-20190918214516-5a1a30219888/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools/gopls v0.1.3/go.mod h1:vrCQzOKxvuiZLjCKSmbbov04oeBQQOb4VQqwYK2PWIY=
+golang.org/x/tools/gopls v0.1.7/go.mod h1:PE3vTwT0ejw3a2L2fFgSJkxlEbA8Slbk+Lsy9hTmbG8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
@@ -64,3 +74,5 @@ google.golang.org/appengine v1.6.2 h1:j8RI1yW0SkI+paT6uGwMlrMI/6zwYA6/CFil8rxOzG
 google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.3 h1:hvZejVcIxAKHR8Pq2gXaDggf6CWT1QEqO+JEBeOKCG8=
 google.golang.org/appengine v1.6.3/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=

managers/accessTokenManager.go

@@ -0,0 +1,35 @@
+package managers
+
+/*
+ Copyright (C) 2019 Ulbora Labs LLC. (www.ulboralabs.com)
+ All rights reserved.
+
+ Copyright (C) 2019 Ken Williamson
+ All rights reserved.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+//GenerateAccessToken GenerateAccessToken
+func (m *OauthManager) GenerateAccessToken(pl *Payload) string {
+	var token string
+	key := m.Db.GetAccessTokenKey()
+	if key != "" {
+		pl.SecretKey = key
+		pl.Subject = pl.Grant
+		pl.Issuer = tokenIssuer
+		pl.Audience = tokenAudience
+		token = m.GenerateJwtToken(pl)
+	}
+	return token
+}

managers/accessTokenManager_test.go

@@ -0,0 +1,81 @@
+package managers
+
+import (
+	"fmt"
+	"testing"
+
+	db "github.com/Ulbora/dbinterface"
+	mdb "github.com/Ulbora/dbinterface_mysql"
+
+	msdb "github.com/Ulbora/GoAuth2/mysqldb"
+	odb "github.com/Ulbora/GoAuth2/oauth2database"
+)
+
+func TestOauthManagerAccessToken_GenerateAccessToken(t *testing.T) {
+
+	var dbAu db.Database
+	var odbAu odb.Oauth2DB
+	var mydb mdb.MyDBMock
+	mydb.Host = "localhost:3306"
+	mydb.User = "admin"
+	mydb.Password = "admin"
+	mydb.Database = "ulbora_oauth2_server"
+	dbAu = &mydb
+
+	var mTestRow db.DbRow
+	mTestRow.Row = []string{}
+	mydb.MockTestRow = &mTestRow
+
+	var mGetRow db.DbRow
+	mGetRow.Row = []string{"2", "6g651dfg6gf6"}
+	mydb.MockRow1 = &mGetRow
+
+	var moadb msdb.MySQLOauthDB
+	moadb.DB = dbAu
+
+	odbAu = &moadb
+
+	var m OauthManager
+	m.Db = odbAu
+	var pl Payload
+	pl.TokenType = codeGrantType
+	pl.UserID = "tester1"
+	pl.ClientID = 125
+	pl.Subject = "code"
+	//pl.Issuer = tokenIssuer
+	//pl.Audience = tokenAudience
+	pl.ExpiresInMinute = codeAccessTokenLifeInMinutes //(60 * time.Minute) => (60 * 60) => 3600 minutes => 1 hours
+	pl.Grant = codeGrantType
+	var ruList []RoleURI
+	var ru1 RoleURI
+	ru1.ClientRoleID = 1
+	ru1.Role = "user"
+	ru1.ClientAllowedURIID = 2
+	ru1.ClientAllowedURI = "test.com"
+	ru1.ClientID = 5
+	ruList = append(ruList, ru1)
+
+	var ru2 RoleURI
+	ru2.ClientRoleID = 12
+	ru2.Role = "user"
+	ru2.ClientAllowedURIID = 21
+	ru2.ClientAllowedURI = "test2.com"
+	ru2.ClientID = 5
+	ruList = append(ruList, ru2)
+
+	pl.RoleURIs = ruList
+
+	pl.ScopeList = []string{"web", "rest"}
+	//pl.SecretKey = rtk
+	token := m.GenerateAccessToken(&pl)
+	if token == "" {
+		t.Fail()
+	} else {
+		fmt.Println("accessToken in test: ", token)
+	}
+
+	valid, val := m.Validate(token, "6g651dfg6gf6")
+	if !valid || val.UserID != "tester1" {
+		t.Fail()
+	}
+}

managers/authorizationManager.go

@@ -1,6 +1,12 @@
 package managers
 
-import "fmt"
+import (
+	"fmt"
+	"time"
+
+	"github.com/Ulbora/GoAuth2/oauth2database"
+	odb "github.com/Ulbora/GoAuth2/oauth2database"
+)
 
 /*
  Copyright (C) 2019 Ulbora Labs LLC. (www.ulboralabs.com)
@@ -63,14 +69,54 @@ func (m *OauthManager) AuthorizeAuthCode(ac *AuthCode) (success bool, authCode i
 							break
 						}
 					}
+					var scopeStrList []string
 					fmt.Println("scopeFound: ", scopeFound)
+					for _, s := range *scopeList {
+						scopeStrList = append(scopeStrList, s.Scope)
+					}
 					if scopeFound {
 						acdel := m.Db.DeleteAuthorizationCode(ac.ClientID, ac.UserID)
 						fmt.Println("acdel: ", acdel)
 						if acdel {
 							//start here
 							//generate refresh token
 							//reKey := m.Db.GetRefreshTokenKey()
+							refToken := m.GenerateRefreshToken(ac.ClientID, ac.UserID, codeGrantType)
+							fmt.Println("refToken:", refToken)
+							if refToken != "" {
+								roleURIList := m.Db.GetClientRoleAllowedURIListByClientID(ac.ClientID)
+								fmt.Println("roleURIList", roleURIList)
+								var pl Payload
+								pl.TokenType = accessTokenType
+								pl.UserID = hashUser(ac.UserID)
+								pl.ClientID = ac.ClientID
+								pl.Subject = codeGrantType
+								pl.ExpiresInMinute = codeAccessTokenLifeInMinutes //(60 * time.Minute) => (60 * 60) => 3600 minutes => 1 hours
+								pl.Grant = codeGrantType
+								pl.RoleURIs = *m.populateRoleURLList(roleURIList)
+								pl.ScopeList = scopeStrList
+								accessToken := m.GenerateAccessToken(&pl)
+								fmt.Println("accessToken: ", accessToken)
+								if accessToken != "" {
+									var code odb.AuthorizationCode
+									code.ClientID = ac.ClientID
+									code.UserID = ac.UserID
+									code.RandonAuthCode = generateRandonAuthCode()
+									now := time.Now()
+									code.Expires = now.Add(time.Minute * authCodeLifeInMinutes)
+
+									var aToken odb.AccessToken
+									aToken.Token = accessToken
+									aToken.Expires = now.Add(time.Minute * codeAccessTokenLifeInMinutes)
+
+									var rToken odb.RefreshToken
+									rToken.Token = refToken
+									acSuc, acID := m.Db.AddAuthorizationCode(&code, &aToken, &rToken, &scopeStrList)
+									fmt.Println("acSuc: ", acSuc)
+									fmt.Println("acID: ", acID)
+
+								}
+							}
 						}
 					} else {
 
@@ -83,3 +129,17 @@ func (m *OauthManager) AuthorizeAuthCode(ac *AuthCode) (success bool, authCode i
 
 	return success, authCode, authCodeString
 }
+
+func (m *OauthManager) populateRoleURLList(rl *[]oauth2database.RoleURI) *[]RoleURI {
+	var rtn []RoleURI
+	for _, r := range *rl {
+		var ru RoleURI
+		ru.ClientRoleID = r.ClientRoleID
+		ru.Role = r.Role
+		ru.ClientAllowedURIID = r.ClientAllowedURIID
+		ru.ClientAllowedURI = r.ClientAllowedURI
+		ru.ClientID = r.ClientID
+		rtn = append(rtn, ru)
+	}
+	return &rtn
+}

managers/authorizationManager_test.go

@@ -74,12 +74,41 @@ func TestOauthManagerAuthCode_AuthorizeAuthCode(t *testing.T) {
 	mGetRow4.Row = []string{"2", "testUri"}
 	mydb.MockRow4 = &mGetRow4
 
+	var mGetRow5 db.DbRow
+	mGetRow5.Row = []string{"2", "6g651dfg6gf6"}
+	mydb.MockRow5 = &mGetRow5
+
+	var mGetRow6 db.DbRow
+	mGetRow6.Row = []string{"2", "6g651dfg6gf6"}
+	mydb.MockRow6 = &mGetRow6
+
 	mydb.MockDeleteSuccess1 = true
 	mydb.MockDeleteSuccess2 = true
 	mydb.MockDeleteSuccess3 = true
 	mydb.MockDeleteSuccess4 = true
 	mydb.MockDeleteSuccess5 = true
 
+	var rows5 [][]string
+	row5 := []string{"4", "somerole", "1", "someurl", "2"}
+	rows5 = append(rows5, row5)
+	var dbrows5 db.DbRows
+	dbrows5.Rows = rows5
+	mydb.MockRows5 = &dbrows5
+
+
+	mydb.MockInsertSuccess1 = true
+	mydb.MockInsertID1 = 2
+
+	mydb.MockInsertSuccess2 = true
+	mydb.MockInsertID2 = 2
+
+	mydb.MockInsertSuccess3 = true
+	mydb.MockInsertID3 = 2
+
+	mydb.MockInsertSuccess4 = true
+	mydb.MockInsertID4 = 22
+
+
 	var moadb msdb.MySQLOauthDB
 	moadb.DB = dbAu