Added RequestAccessTokenViaAuthorizationCodeGrant command

Author: pdt256

authorization_code.go

@@ -0,0 +1,115 @@
+package goauth2
+
+import (
+	"github.com/inklabs/rangedb"
+	"github.com/inklabs/rangedb/pkg/clock"
+)
+
+type authorizationCode struct {
+	tokenGenerator        TokenGenerator
+	clock                 clock.Clock
+	IsLoaded              bool
+	ExpiresAt             int64
+	UserID                string
+	HasBeenPreviouslyUsed bool
+	PendingEvents         []rangedb.Event
+}
+
+func newAuthorizationCode(records <-chan *rangedb.Record, generator TokenGenerator, clock clock.Clock) *authorizationCode {
+	aggregate := &authorizationCode{
+		tokenGenerator: generator,
+		clock:          clock,
+	}
+
+	for record := range records {
+		if event, ok := record.Data.(rangedb.Event); ok {
+			aggregate.apply(event)
+		}
+	}
+
+	return aggregate
+}
+
+func (a *authorizationCode) apply(event rangedb.Event) {
+	switch e := event.(type) {
+
+	case *AuthorizationCodeWasIssuedToUser:
+		a.IsLoaded = true
+		a.ExpiresAt = e.ExpiresAt
+		a.UserID = e.UserID
+
+	case *AccessTokenWasIssuedToUserViaAuthorizationCodeGrant:
+		a.HasBeenPreviouslyUsed = true
+
+	case *RefreshTokenWasIssuedToUserViaAuthorizationCodeGrant:
+		a.HasBeenPreviouslyUsed = true
+
+	}
+}
+
+func (a *authorizationCode) Handle(command Command) {
+	switch c := command.(type) {
+
+	case RequestAccessTokenViaAuthorizationCodeGrant:
+		if !a.IsLoaded {
+			a.emit(RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToInvalidAuthorizationCode{
+				AuthorizationCode: c.AuthorizationCode,
+				ClientID:          c.ClientID,
+			})
+			return
+		}
+
+		if a.HasBeenPreviouslyUsed {
+			a.emit(RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToPreviouslyUsedAuthorizationCode{
+				AuthorizationCode: c.AuthorizationCode,
+				ClientID:          c.ClientID,
+			})
+			return
+		}
+
+		if a.isExpired() {
+			a.emit(RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToExpiredAuthorizationCode{
+				AuthorizationCode: c.AuthorizationCode,
+				ClientID:          c.ClientID,
+			})
+			return
+		}
+
+		refreshToken, err := a.tokenGenerator.New()
+		if err != nil {
+			// TODO: emit error
+			return
+		}
+
+		a.emit(
+			AccessTokenWasIssuedToUserViaAuthorizationCodeGrant{
+				AuthorizationCode: c.AuthorizationCode,
+				UserID:            a.UserID,
+				ClientID:          c.ClientID,
+			},
+			RefreshTokenWasIssuedToUserViaAuthorizationCodeGrant{
+				AuthorizationCode: c.AuthorizationCode,
+				UserID:            a.UserID,
+				ClientID:          c.ClientID,
+				RefreshToken:      refreshToken,
+			},
+		)
+
+	}
+}
+
+func (a *authorizationCode) emit(events ...rangedb.Event) {
+	for _, event := range events {
+		a.apply(event)
+	}
+
+	a.PendingEvents = append(a.PendingEvents, events...)
+}
+
+func (a *authorizationCode) GetPendingEvents() []rangedb.Event {
+	return a.PendingEvents
+}
+
+func (a *authorizationCode) isExpired() bool {
+	return a.clock.Now().Unix() > a.ExpiresAt
+}

authorization_code_commands.go

@@ -0,0 +1,11 @@
+package goauth2
+
+//go:generate go run gen/eventgenerator/main.go -package goauth2 -id AuthorizationCode -methodName CommandType -aggregateType authorization-code -inFile authorization_code_commands.go -outFile authorization_code_commands_gen.go
+
+type RequestAccessTokenViaAuthorizationCodeGrant struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	ClientID          string `json:"clientID"`
+	ClientSecret      string `json:"clientSecret"`
+	RedirectUri       string `json:"redirectUri"`
+	UserID            string `json:"userID"`
+}

authorization_code_events.go

@@ -0,0 +1,46 @@
+package goauth2
+
+//go:generate go run gen/eventgenerator/main.go -package goauth2 -id AuthorizationCode -methodName EventType -aggregateType authorization-code -inFile authorization_code_events.go -outFile authorization_code_events_gen.go
+
+// RequestAccessTokenViaAuthorizationCodeGrant events
+type AuthorizationCodeWasIssuedToUser struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	UserID            string `json:"userID"`
+	ExpiresAt         int64  `json:"expiresAt"`
+}
+type AccessTokenWasIssuedToUserViaAuthorizationCodeGrant struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	UserID            string `json:"userID"`
+	ClientID          string `json:"clientID"`
+}
+type RefreshTokenWasIssuedToUserViaAuthorizationCodeGrant struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	ClientID          string `json:"clientID"`
+	UserID            string `json:"userID"`
+	RefreshToken      string `json:"refreshToken"`
+}
+type RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToInvalidClientApplicationID struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	ClientID          string `json:"clientID"`
+}
+type RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToInvalidClientApplicationSecret struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	ClientID          string `json:"clientID"`
+}
+type RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToInvalidClientApplicationRedirectUri struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	ClientID          string `json:"clientID"`
+	RedirectUri       string `json:"redirectUri"`
+}
+type RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToInvalidAuthorizationCode struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	ClientID          string `json:"clientID"`
+}
+type RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToExpiredAuthorizationCode struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	ClientID          string `json:"clientID"`
+}
+type RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToPreviouslyUsedAuthorizationCode struct {
+	AuthorizationCode string `json:"authorizationCode"`
+	ClientID          string `json:"clientID"`
+}

authorization_command_handler.go

@@ -162,6 +162,34 @@ func (h *authorizationCommandHandler) Handle(command Command) bool {
 			return false
 		}
 
+	case RequestAccessTokenViaAuthorizationCodeGrant:
+		clientApplication := h.loadClientApplicationAggregate(c.ClientID)
+
+		if !clientApplication.IsOnBoarded {
+			h.emit(RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToInvalidClientApplicationID{
+				AuthorizationCode: c.AuthorizationCode,
+				ClientID:          c.ClientID,
+			})
+			return false
+		}
+
+		if clientApplication.ClientSecret != c.ClientSecret {
+			h.emit(RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToInvalidClientApplicationSecret{
+				AuthorizationCode: c.AuthorizationCode,
+				ClientID:          c.ClientID,
+			})
+			return false
+		}
+
+		if clientApplication.RedirectUri != c.RedirectUri {
+			h.emit(RequestAccessTokenViaAuthorizationCodeGrantWasRejectedDueToInvalidClientApplicationRedirectUri{
+				AuthorizationCode: c.AuthorizationCode,
+				ClientID:          c.ClientID,
+				RedirectUri:       c.RedirectUri,
+			})
+			return false
+		}
+
 	}
 
 	return true

events.go

@@ -4,7 +4,7 @@ import (
 	"github.com/inklabs/rangedb"
 )
 
-//go:generate go run github.com/inklabs/rangedb/gen/eventbinder -package goauth2 -files client_application_events.go,resource_owner_events.go,refresh_token_events.go
+//go:generate go run github.com/inklabs/rangedb/gen/eventbinder -package goauth2 -files client_application_events.go,resource_owner_events.go,refresh_token_events.go,authorization_code_events.go
 
 //PendingEvents is the interface for retrieving CQRS events that will be saved to the event store.
 type PendingEvents interface {

goauth2.go

@@ -98,6 +98,9 @@ func (a *App) Dispatch(command Command) []rangedb.Event {
 	case RequestAuthorizationCodeViaAuthorizationCodeGrant:
 		events = a.handleWithResourceOwnerAggregate(command)
 
+	case RequestAccessTokenViaAuthorizationCodeGrant:
+		events = a.handleWithAuthorizationCodeAggregate(command)
+
 	}
 
 	return events
@@ -128,6 +131,16 @@ func (a *App) handleWithRefreshTokenAggregate(command Command) []rangedb.Event {
 	return a.savePendingEvents(aggregate)
 }
 
+func (a *App) handleWithAuthorizationCodeAggregate(command Command) []rangedb.Event {
+	aggregate := newAuthorizationCode(
+		a.store.AllEventsByStream(rangedb.GetEventStream(command)),
+		a.tokenGenerator,
+		a.clock,
+	)
+	aggregate.Handle(command)
+	return a.savePendingEvents(aggregate)
+}
+
 func (a *App) savePendingEvents(events PendingEvents) []rangedb.Event {
 	pendingEvents := events.GetPendingEvents()
 	for _, event := range pendingEvents {