Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
307c6f7d15 | ||
|
|
bbc6394cf3 | ||
|
|
63c8e2e55f | ||
|
|
b224892a39 |
@@ -26,7 +26,6 @@ func NewProvider() (*provider, error) {
|
|||||||
config := aws.Config{
|
config := aws.Config{
|
||||||
MaxRetries: aws.Int(3),
|
MaxRetries: aws.Int(3),
|
||||||
CredentialsChainVerboseErrors: aws.Bool(true), // for full error logs
|
CredentialsChainVerboseErrors: aws.Bool(true), // for full error logs
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if awsRegion != "" {
|
if awsRegion != "" {
|
||||||
|
|||||||
@@ -154,6 +154,7 @@ func TokenHandler() gin.HandlerFunc {
|
|||||||
"error": "invalid_refresh_token",
|
"error": "invalid_refresh_token",
|
||||||
"error_description": "The refresh token is invalid",
|
"error_description": "The refresh token is invalid",
|
||||||
})
|
})
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
claims, err := token.ValidateRefreshToken(gc, refreshToken)
|
claims, err := token.ValidateRefreshToken(gc, refreshToken)
|
||||||
@@ -163,9 +164,10 @@ func TokenHandler() gin.HandlerFunc {
|
|||||||
"error": "unauthorized",
|
"error": "unauthorized",
|
||||||
"error_description": err.Error(),
|
"error_description": err.Error(),
|
||||||
})
|
})
|
||||||
|
return
|
||||||
}
|
}
|
||||||
userID = claims["sub"].(string)
|
userID = claims["sub"].(string)
|
||||||
loginMethod := claims["login_method"]
|
claimLoginMethod := claims["login_method"]
|
||||||
rolesInterface := claims["roles"].([]interface{})
|
rolesInterface := claims["roles"].([]interface{})
|
||||||
scopeInterface := claims["scope"].([]interface{})
|
scopeInterface := claims["scope"].([]interface{})
|
||||||
for _, v := range rolesInterface {
|
for _, v := range rolesInterface {
|
||||||
@@ -176,9 +178,11 @@ func TokenHandler() gin.HandlerFunc {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sessionKey = userID
|
sessionKey = userID
|
||||||
if loginMethod != nil && loginMethod != "" {
|
if claimLoginMethod != nil && claimLoginMethod != "" {
|
||||||
sessionKey = loginMethod.(string) + ":" + sessionKey
|
sessionKey = claimLoginMethod.(string) + ":" + sessionKey
|
||||||
|
loginMethod = claimLoginMethod.(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
// remove older refresh token and rotate it for security
|
// remove older refresh token and rotate it for security
|
||||||
go memorystore.Provider.DeleteUserSession(sessionKey, claims["nonce"].(string))
|
go memorystore.Provider.DeleteUserSession(sessionKey, claims["nonce"].(string))
|
||||||
}
|
}
|
||||||
@@ -211,6 +215,7 @@ func TokenHandler() gin.HandlerFunc {
|
|||||||
})
|
})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
|
||||||
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
|
||||||
cookie.SetSession(gc, authToken.FingerPrintHash)
|
cookie.SetSession(gc, authToken.FingerPrintHash)
|
||||||
|
|||||||
@@ -256,7 +256,6 @@ func ValidateRefreshToken(gc *gin.Context, refreshToken string) (map[string]inte
|
|||||||
if loginMethod != nil && loginMethod != "" {
|
if loginMethod != nil && loginMethod != "" {
|
||||||
sessionKey = loginMethod.(string) + ":" + userID
|
sessionKey = loginMethod.(string) + ":" + userID
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+nonce)
|
token, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+nonce)
|
||||||
if nonce == "" || err != nil {
|
if nonce == "" || err != nil {
|
||||||
return res, fmt.Errorf(`unauthorized`)
|
return res, fmt.Errorf(`unauthorized`)
|
||||||
|
|||||||
Reference in New Issue
Block a user