👽 Format and update exist domains due InideAuth spec changes
This commit is contained in:
parent
7069f63a72
commit
bdd633bc8d
|
@ -1,9 +1,9 @@
|
||||||
package domain
|
package domain
|
||||||
|
|
||||||
type App struct {
|
type App struct {
|
||||||
Name []string
|
|
||||||
Logo []*URL
|
Logo []*URL
|
||||||
URL []*URL
|
URL []*URL
|
||||||
|
Name []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetName safe returns first name, if any.
|
// GetName safe returns first name, if any.
|
||||||
|
@ -12,16 +12,16 @@ func (a App) GetName() string {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
return a.Name[len(a.Name)-1]
|
return a.Name[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetURL safe returns first uRL, if any.
|
// GetURL safe returns first URL, if any.
|
||||||
func (a App) GetURL() *URL {
|
func (a App) GetURL() *URL {
|
||||||
if len(a.URL) == 0 {
|
if len(a.URL) == 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return a.URL[len(a.URL)-1]
|
return a.URL[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetLogo safe returns first logo, if any.
|
// GetLogo safe returns first logo, if any.
|
||||||
|
@ -30,5 +30,5 @@ func (a App) GetLogo() *URL {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return a.Logo[len(a.Logo)-1]
|
return a.Logo[0]
|
||||||
}
|
}
|
||||||
|
|
|
@ -96,7 +96,7 @@ func (c Client) GetName() string {
|
||||||
return c.Name[0]
|
return c.Name[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetURL safe returns first uRL, if any.
|
// GetURL safe returns first URL, if any.
|
||||||
func (c Client) GetURL() *URL {
|
func (c Client) GetURL() *URL {
|
||||||
if len(c.URL) == 0 {
|
if len(c.URL) == 0 {
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -48,16 +48,16 @@ type (
|
||||||
}
|
}
|
||||||
|
|
||||||
ConfigJWT struct {
|
ConfigJWT struct {
|
||||||
Expiry time.Duration `yaml:"expiry"` // 1h
|
Expiry time.Duration `yaml:"expiry"` // 1h
|
||||||
|
Algorithm string `yaml:"algorithm"` // HS256
|
||||||
Secret string `yaml:"secret"`
|
Secret string `yaml:"secret"`
|
||||||
Algorithm string `yaml:"algorithm"` // HS256
|
|
||||||
NonceLength int `yaml:"nonceLength"` // 22
|
NonceLength int `yaml:"nonceLength"` // 22
|
||||||
}
|
}
|
||||||
|
|
||||||
ConfigIndieAuth struct {
|
ConfigIndieAuth struct {
|
||||||
Enabled bool `yaml:"enabled"` // true
|
|
||||||
Username string `yaml:"username"`
|
|
||||||
Password string `yaml:"password"`
|
Password string `yaml:"password"`
|
||||||
|
Username string `yaml:"username"`
|
||||||
|
Enabled bool `yaml:"enabled"` // true
|
||||||
}
|
}
|
||||||
|
|
||||||
ConfigTicketAuth struct {
|
ConfigTicketAuth struct {
|
||||||
|
@ -66,14 +66,14 @@ type (
|
||||||
}
|
}
|
||||||
|
|
||||||
ConfigRelMeAuth struct {
|
ConfigRelMeAuth struct {
|
||||||
Enabled bool `yaml:"enabled"` // true
|
|
||||||
Providers []ConfigRelMeAuthProvider `yaml:"providers"`
|
Providers []ConfigRelMeAuthProvider `yaml:"providers"`
|
||||||
|
Enabled bool `yaml:"enabled"` // true
|
||||||
}
|
}
|
||||||
|
|
||||||
ConfigRelMeAuthProvider struct {
|
ConfigRelMeAuthProvider struct {
|
||||||
Type string `yaml:"type"`
|
|
||||||
ID string `yaml:"id"`
|
ID string `yaml:"id"`
|
||||||
Secret string `yaml:"secret"`
|
Secret string `yaml:"secret"`
|
||||||
|
Type string `yaml:"type"`
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
//nolint: dupl
|
|
||||||
package domain
|
package domain
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
@ -19,6 +18,7 @@ type GrantType struct {
|
||||||
var (
|
var (
|
||||||
GrantTypeUndefined = GrantType{uid: ""}
|
GrantTypeUndefined = GrantType{uid: ""}
|
||||||
GrantTypeAuthorizationCode = GrantType{uid: "authorization_code"}
|
GrantTypeAuthorizationCode = GrantType{uid: "authorization_code"}
|
||||||
|
GrantTypeRefreshToken = GrantType{uid: "refresh_token"}
|
||||||
|
|
||||||
// TicketAuth extension.
|
// TicketAuth extension.
|
||||||
GrantTypeTicket = GrantType{uid: "ticket"}
|
GrantTypeTicket = GrantType{uid: "ticket"}
|
||||||
|
@ -30,13 +30,17 @@ var ErrGrantTypeUnknown error = NewError(
|
||||||
"",
|
"",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
//nolint: gochecknoglobals // maps cannot be constants
|
||||||
|
var uidsGrantTypes = map[string]GrantType{
|
||||||
|
GrantTypeAuthorizationCode.uid: GrantTypeAuthorizationCode,
|
||||||
|
GrantTypeRefreshToken.uid: GrantTypeRefreshToken,
|
||||||
|
GrantTypeTicket.uid: GrantTypeTicket,
|
||||||
|
}
|
||||||
|
|
||||||
// ParseGrantType parse grant_type value as GrantType struct enum.
|
// ParseGrantType parse grant_type value as GrantType struct enum.
|
||||||
func ParseGrantType(uid string) (GrantType, error) {
|
func ParseGrantType(uid string) (GrantType, error) {
|
||||||
switch strings.ToLower(uid) {
|
if grantType, ok := uidsGrantTypes[strings.ToLower(uid)]; ok {
|
||||||
case GrantTypeAuthorizationCode.uid:
|
return grantType, nil
|
||||||
return GrantTypeAuthorizationCode, nil
|
|
||||||
case GrantTypeTicket.uid:
|
|
||||||
return GrantTypeTicket, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return GrantTypeUndefined, fmt.Errorf("%w: %s", ErrGrantTypeUnknown, uid)
|
return GrantTypeUndefined, fmt.Errorf("%w: %s", ErrGrantTypeUnknown, uid)
|
||||||
|
|
|
@ -2,7 +2,6 @@ package domain
|
||||||
|
|
||||||
import "testing"
|
import "testing"
|
||||||
|
|
||||||
//nolint: tagliatelle // https://indieauth.net/source/#indieauth-server-metadata
|
|
||||||
type Metadata struct {
|
type Metadata struct {
|
||||||
// The server's issuer identifier. The issuer identifier is a URL that
|
// The server's issuer identifier. The issuer identifier is a URL that
|
||||||
// uses the "https" scheme and has no query or fragment components. The
|
// uses the "https" scheme and has no query or fragment components. The
|
||||||
|
@ -12,55 +11,66 @@ type Metadata struct {
|
||||||
// issuer URL could be https://example.com/, or for a metadata URL of
|
// issuer URL could be https://example.com/, or for a metadata URL of
|
||||||
// https://example.com/wp-json/indieauth/1.0/metadata, the issuer URL
|
// https://example.com/wp-json/indieauth/1.0/metadata, the issuer URL
|
||||||
// could be https://example.com/wp-json/indieauth/1.0
|
// could be https://example.com/wp-json/indieauth/1.0
|
||||||
Issuer *ClientID `json:"issuer"`
|
Issuer *ClientID
|
||||||
|
|
||||||
// The Authorization Endpoint.
|
// The Authorization Endpoint.
|
||||||
AuthorizationEndpoint *URL `json:"authorization_endpoint"`
|
AuthorizationEndpoint *URL
|
||||||
|
|
||||||
// The Token Endpoint.
|
// The Token Endpoint.
|
||||||
TokenEndpoint *URL `json:"token_endpoint"`
|
TokenEndpoint *URL
|
||||||
|
|
||||||
// JSON array containing scope values supported by the IndieAuth server.
|
// The Ticket Endpoint.
|
||||||
// Servers MAY choose not to advertise some supported scope values even
|
TicketEndpoint *URL
|
||||||
// when this parameter is used.
|
|
||||||
ScopesSupported Scopes `json:"scopes_supported,omitempty"`
|
|
||||||
|
|
||||||
// JSON array containing the response_type values supported. This
|
// The Micropub Endpoint.
|
||||||
// differs from RFC8414 in that this parameter is OPTIONAL and that, if
|
MicropubEndpoint *URL
|
||||||
// omitted, the default is code.
|
|
||||||
ResponseTypesSupported []ResponseType `json:"response_types_supported,omitempty"`
|
|
||||||
|
|
||||||
// JSON array containing grant type values supported. If omitted, the
|
// The Microsub Endpoint.
|
||||||
// default value differs from RFC8414 and is authorization_code.
|
MicrosubEndpoint *URL
|
||||||
GrantTypesSupported []GrantType `json:"grant_types_supported,omitempty"`
|
|
||||||
|
// The Introspection Endpoint.
|
||||||
|
IntrospectionEndpoint *URL
|
||||||
|
|
||||||
|
// The Revocation Endpoint.
|
||||||
|
RevocationEndpoint *URL
|
||||||
|
|
||||||
|
// The User Info Endpoint.
|
||||||
|
UserinfoEndpoint *URL
|
||||||
|
|
||||||
// URL of a page containing human-readable information that developers
|
// URL of a page containing human-readable information that developers
|
||||||
// might need to know when using the server. This might be a link to the
|
// might need to know when using the server. This might be a link to the
|
||||||
// IndieAuth spec or something more personal to your implementation.
|
// IndieAuth spec or something more personal to your implementation.
|
||||||
ServiceDocumentation *URL `json:"service_documentation,omitempty"`
|
ServiceDocumentation *URL
|
||||||
|
|
||||||
|
// JSON array containing scope values supported by the IndieAuth server.
|
||||||
|
// Servers MAY choose not to advertise some supported scope values even
|
||||||
|
// when this parameter is used.
|
||||||
|
ScopesSupported Scopes
|
||||||
|
|
||||||
|
// JSON array containing the response_type values supported. This
|
||||||
|
// differs from RFC8414 in that this parameter is OPTIONAL and that, if
|
||||||
|
// omitted, the default is code.
|
||||||
|
ResponseTypesSupported []ResponseType
|
||||||
|
|
||||||
|
// JSON array containing grant type values supported. If omitted, the
|
||||||
|
// default value differs from RFC8414 and is authorization_code.
|
||||||
|
GrantTypesSupported []GrantType
|
||||||
|
|
||||||
// JSON array containing the methods supported for PKCE. This parameter
|
// JSON array containing the methods supported for PKCE. This parameter
|
||||||
// parameter differs from RFC8414 in that it is not optional as PKCE is
|
// parameter differs from RFC8414 in that it is not optional as PKCE is
|
||||||
// REQUIRED.
|
// REQUIRED.
|
||||||
CodeChallengeMethodsSupported []CodeChallengeMethod `json:"code_challenge_methods_supported"`
|
CodeChallengeMethodsSupported []CodeChallengeMethod
|
||||||
|
|
||||||
|
// List of client authentication methods supported by this introspection endpoint.
|
||||||
|
IntrospectionEndpointAuthMethodsSupported []string // ["Bearer"]
|
||||||
|
|
||||||
|
RevocationEndpointAuthMethodsSupported []string // ["none"]
|
||||||
|
|
||||||
// Boolean parameter indicating whether the authorization server
|
// Boolean parameter indicating whether the authorization server
|
||||||
// provides the iss parameter. If omitted, the default value is false.
|
// provides the iss parameter. If omitted, the default value is false.
|
||||||
// As the iss parameter is REQUIRED, this is provided for compatibility
|
// As the iss parameter is REQUIRED, this is provided for compatibility
|
||||||
// with OAuth 2.0 servers implementing the parameter.
|
// with OAuth 2.0 servers implementing the parameter.
|
||||||
AuthorizationResponseIssParameterSupported bool `json:"authorization_response_iss_parameter_supported,omitempty"` //nolint: lll
|
AuthorizationResponseIssParameterSupported bool
|
||||||
|
|
||||||
// The Ticket Endpoint.
|
|
||||||
// WARN(toby3d): experimental
|
|
||||||
TicketEndpoint *URL `json:"ticket_endpoint,omitempty"`
|
|
||||||
|
|
||||||
// The Micropub Endpoint.
|
|
||||||
// WARN(toby3d): experimental
|
|
||||||
Micropub *URL `json:"micropub,omitempty"`
|
|
||||||
|
|
||||||
// The Microsub Endpoint.
|
|
||||||
// WARN(toby3d): experimental
|
|
||||||
Microsub *URL `json:"microsub,omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestMetadata returns valid random generated Metadata for tests.
|
// TestMetadata returns valid random generated Metadata for tests.
|
||||||
|
@ -71,6 +81,13 @@ func TestMetadata(tb testing.TB) *Metadata {
|
||||||
Issuer: TestClientID(tb),
|
Issuer: TestClientID(tb),
|
||||||
AuthorizationEndpoint: TestURL(tb, "https://indieauth.example.com/auth"),
|
AuthorizationEndpoint: TestURL(tb, "https://indieauth.example.com/auth"),
|
||||||
TokenEndpoint: TestURL(tb, "https://indieauth.example.com/token"),
|
TokenEndpoint: TestURL(tb, "https://indieauth.example.com/token"),
|
||||||
|
TicketEndpoint: TestURL(tb, "https://auth.example.org/ticket"),
|
||||||
|
MicropubEndpoint: TestURL(tb, "https://micropub.example.com/"),
|
||||||
|
MicrosubEndpoint: TestURL(tb, "https://microsub.example.com/"),
|
||||||
|
IntrospectionEndpoint: TestURL(tb, "https://indieauth.example.com/introspect"),
|
||||||
|
RevocationEndpoint: TestURL(tb, "https://indieauth.example.com/revocation"),
|
||||||
|
UserinfoEndpoint: TestURL(tb, "https://indieauth.example.com/userinfo"),
|
||||||
|
ServiceDocumentation: TestURL(tb, "https://indieauth.net/draft/"),
|
||||||
ScopesSupported: Scopes{
|
ScopesSupported: Scopes{
|
||||||
ScopeBlock,
|
ScopeBlock,
|
||||||
ScopeChannels,
|
ScopeChannels,
|
||||||
|
@ -93,7 +110,6 @@ func TestMetadata(tb testing.TB) *Metadata {
|
||||||
GrantTypeAuthorizationCode,
|
GrantTypeAuthorizationCode,
|
||||||
GrantTypeTicket,
|
GrantTypeTicket,
|
||||||
},
|
},
|
||||||
ServiceDocumentation: TestURL(tb, "https://indieauth.net/draft/"),
|
|
||||||
CodeChallengeMethodsSupported: []CodeChallengeMethod{
|
CodeChallengeMethodsSupported: []CodeChallengeMethod{
|
||||||
CodeChallengeMethodMD5,
|
CodeChallengeMethodMD5,
|
||||||
CodeChallengeMethodPLAIN,
|
CodeChallengeMethodPLAIN,
|
||||||
|
@ -101,9 +117,8 @@ func TestMetadata(tb testing.TB) *Metadata {
|
||||||
CodeChallengeMethodS256,
|
CodeChallengeMethodS256,
|
||||||
CodeChallengeMethodS512,
|
CodeChallengeMethodS512,
|
||||||
},
|
},
|
||||||
|
IntrospectionEndpointAuthMethodsSupported: []string{"Bearer"},
|
||||||
|
RevocationEndpointAuthMethodsSupported: []string{"none"},
|
||||||
AuthorizationResponseIssParameterSupported: true,
|
AuthorizationResponseIssParameterSupported: true,
|
||||||
TicketEndpoint: TestURL(tb, "https://auth.example.org/ticket"),
|
|
||||||
Micropub: TestURL(tb, "https://example.com/micropub"),
|
|
||||||
Microsub: TestURL(tb, "https://example.com/microsub"),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,8 +10,9 @@ type Session struct {
|
||||||
ClientID *ClientID
|
ClientID *ClientID
|
||||||
RedirectURI *URL
|
RedirectURI *URL
|
||||||
Me *Me
|
Me *Me
|
||||||
CodeChallengeMethod CodeChallengeMethod
|
Profile *Profile
|
||||||
Scope Scopes
|
Scope Scopes
|
||||||
|
CodeChallengeMethod CodeChallengeMethod
|
||||||
CodeChallenge string
|
CodeChallenge string
|
||||||
Code string
|
Code string
|
||||||
}
|
}
|
||||||
|
@ -31,6 +32,7 @@ func TestSession(tb testing.TB) *Session {
|
||||||
Code: code,
|
Code: code,
|
||||||
CodeChallenge: "hackme",
|
CodeChallenge: "hackme",
|
||||||
CodeChallengeMethod: CodeChallengeMethodPLAIN,
|
CodeChallengeMethod: CodeChallengeMethodPLAIN,
|
||||||
|
Profile: TestProfile(tb),
|
||||||
Me: TestMe(tb, "https://user.example.net/"),
|
Me: TestMe(tb, "https://user.example.net/"),
|
||||||
RedirectURI: TestURL(tb, "https://example.com/callback"),
|
RedirectURI: TestURL(tb, "https://example.com/callback"),
|
||||||
Scope: Scopes{
|
Scope: Scopes{
|
||||||
|
|
|
@ -5,14 +5,14 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Ticket struct {
|
type Ticket struct {
|
||||||
// A random string that can be redeemed for an access token.
|
|
||||||
Ticket string
|
|
||||||
|
|
||||||
// The access token will work at this URL.
|
// The access token will work at this URL.
|
||||||
Resource *URL
|
Resource *URL
|
||||||
|
|
||||||
// The access token should be used when acting on behalf of this URL.
|
// The access token should be used when acting on behalf of this URL.
|
||||||
Subject *Me
|
Subject *Me
|
||||||
|
|
||||||
|
// A random string that can be redeemed for an access token.
|
||||||
|
Ticket string
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestTicket returns valid random generated ticket for tests.
|
// TestTicket returns valid random generated ticket for tests.
|
||||||
|
|
|
@ -20,8 +20,8 @@ func TestUser(tb testing.TB) *User {
|
||||||
tb.Helper()
|
tb.Helper()
|
||||||
|
|
||||||
return &User{
|
return &User{
|
||||||
Me: TestMe(tb, "https://user.example.net/"),
|
|
||||||
Profile: TestProfile(tb),
|
Profile: TestProfile(tb),
|
||||||
|
Me: TestMe(tb, "https://user.example.net/"),
|
||||||
AuthorizationEndpoint: TestURL(tb, "https://example.org/auth"),
|
AuthorizationEndpoint: TestURL(tb, "https://example.org/auth"),
|
||||||
IndieAuthMetadata: TestURL(tb, "https://example.org/.well-known/oauth-authorization-server"),
|
IndieAuthMetadata: TestURL(tb, "https://example.org/.well-known/oauth-authorization-server"),
|
||||||
Micropub: TestURL(tb, "https://microsub.example.org/"),
|
Micropub: TestURL(tb, "https://microsub.example.org/"),
|
||||||
|
|
Loading…
Reference in New Issue