1 package oauth2
2
3 import (
4 "errors"
5
6 "github.com/gin-gonic/gin"
7 "github.com/gorilla/sessions"
8 )
9
10 func getChallenge(ctx *gin.Context) (string, bool) {
11 return ctx.GetQuery("challenge")
12 }
13
14 func getContinuation(session *sessions.Session) (string, bool) {
15
16 continuation, ok := session.Values["continuation"].(string)
17 return continuation, ok
18 }
19
20 func getClientID(session *sessions.Session) (string, bool) {
21
22 clientID, ok := session.Values["client_id"].(string)
23 return clientID, ok
24 }
25
26 func ValidateChallenge(ctx *gin.Context, givenClientID string, session *sessions.Session) error {
27 givenChallenge, wasGivenChallenge := getChallenge(ctx)
28 sessionChallenge, haveContinuationInSession := getContinuation(session)
29 sessionClientID, haveClientIDInSession := getClientID(session)
30
31 if wasGivenChallenge && !haveContinuationInSession {
32 return errors.New("dont have a matchting continuation in storage")
33 }
34
35 if wasGivenChallenge && !haveClientIDInSession {
36 return errors.New("if you we're challenged, i need to know you")
37 }
38
39 if wasGivenChallenge && (givenClientID != sessionClientID) {
40 return errors.New("not the right client")
41 }
42
43 if wasGivenChallenge && (givenChallenge != sessionChallenge) {
44 return errors.New("challenge mismatch")
45 }
46
47 if !wasGivenChallenge && haveContinuationInSession {
48 return errors.New("you need to challenge me")
49 }
50
51 return nil
52 }
53
View as plain text