OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | |
2 // for details. All rights reserved. Use of this source code is governed by a | |
3 // BSD-style license that can be found in the LICENSE file. | |
4 | |
5 library handle_access_token_response; | |
6 | |
7 import 'dart:io'; | |
8 import 'dart:json'; | |
9 import 'dart:uri'; | |
10 | |
11 import '../../../http/lib/http.dart' as http; | |
12 | |
13 import 'credentials.dart'; | |
14 import 'authorization_exception.dart'; | |
15 | |
16 /// The amount of time, in seconds, to add as a "grace period" for credential | |
17 /// expiration. This allows credential expiration checks to remain valid for a | |
18 /// reasonable amount of time. | |
19 final int _EXPIRATION_GRACE = 10; | |
Bob Nystrom
2012/11/16 19:53:30
"final int" -> "const".
nweiz
2012/11/17 01:06:27
Done.
| |
20 | |
21 /// Handles a response from the authorization server that contains an access | |
22 /// token. This response format is common across several different components of | |
23 /// the OAuth2 flow. | |
24 Credentials handleAccessTokenResponse( | |
25 http.Response response, | |
26 Uri tokenEndpoint, | |
27 Date startTime, | |
28 List<String> scopes) { | |
29 if (response.statusCode != 200) _handleErrorResponse(response, tokenEndpoint); | |
30 | |
31 var contentType = response.headers['content-type']; | |
32 if (contentType != null) { | |
33 contentType = new ContentType.fromString(contentType); | |
34 } | |
35 if (contentType == null || contentType.value != "application/json") { | |
36 throw new FormatException('Invalid OAuth response for ' | |
37 '"$tokenEndpoint": content-type was "$contentType", expected ' | |
38 '"application/json".'); | |
39 } | |
40 | |
41 var parameters; | |
42 try { | |
43 parameters = JSON.parse(response.body); | |
44 } catch (e) { | |
Bob Nystrom
2012/11/16 19:53:30
Restrict this:
} on FormatException catch (e) {
nweiz
2012/11/17 01:06:27
JSON.parse doesn't throw a FormatException :-/.
Bob Nystrom
2012/11/19 21:37:10
Restrict it to a JSONParseException? We definitely
nweiz
2012/11/19 22:20:11
It doesn't throw a JSONParseException either :-/.
| |
45 throw new FormatException('Invalid OAuth response for ' | |
46 '"$tokenEndpoint": invalid JSON.\n\n${response.body}'); | |
Bob Nystrom
2012/11/16 19:53:30
How about a helper function for all of these throw
nweiz
2012/11/17 01:06:27
Done.
| |
47 } | |
48 | |
49 for (var requiredParameter in ['access_token', 'token_type']) { | |
50 if (!parameters.containsKey(requiredParameter)) { | |
51 throw new FormatException('Invalid OAuth response for ' | |
52 '"$tokenEndpoint": did not contain required parameter ' | |
53 '"$requiredParameter".\n\n${response.body}'); | |
54 } else if (parameters[requiredParameter] is! String) { | |
55 throw new FormatException('Invalid OAuth response for ' | |
56 '"$tokenEndpoint": required parameter "$requiredParameter" was ' | |
57 'not a string, was "${parameters[requiredParameter]}".\n\n' | |
58 '${response.body}'); | |
59 } | |
60 } | |
61 | |
62 // TODO(nweiz): support the "mac" token type | |
63 // (http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01) | |
64 if (parameters['token_type'].toLowerCase() != 'bearer') { | |
65 throw new FormatException('Invalid OAuth response for ' | |
66 '"$tokenEndpoint": unknown token type ' | |
67 '"${parameters['token_type']}".\n\n${response.body}'); | |
68 } | |
69 | |
70 var expiresIn = parameters['expires_in']; | |
71 if (expiresIn != null && expiresIn is! int) { | |
72 throw new FormatException('Invalid OAuth response for ' | |
73 '"$tokenEndpoint": parameter "expires_in" was not an int, was ' | |
74 '"$expiresIn".\n\n${response.body}'); | |
75 } | |
76 | |
77 for (var name in ['refresh_token', 'scope']) { | |
78 var value = parameters[name]; | |
79 if (value == null || value is String) continue; | |
80 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": ' | |
81 'parameter "$name" was not a string, was "$value".\n\n' | |
82 '${response.body}'); | |
83 } | |
84 | |
85 var scope = parameters['scope']; | |
86 if (scope != null) scopes = scope.split(" "); | |
87 | |
88 var expiration = expiresIn == null ? null : | |
89 startTime.add(new Duration(seconds: expiresIn - _EXPIRATION_GRACE)); | |
90 | |
91 return new Credentials( | |
92 parameters['access_token'], | |
93 parameters['refresh_token'], | |
94 tokenEndpoint, | |
95 scopes, | |
96 expiration); | |
97 } | |
98 | |
99 /// Throws the appropriate exception for an error response from the | |
100 /// authorization server. | |
101 void _handleErrorResponse(http.Response response, Uri tokenEndpoint) { | |
102 // OAuth2 mandates a 400 or 401 response code for access token error | |
103 // responses. If it's not a 400 reponse, the server is either broken or | |
104 // off-spec. | |
105 if (response.statusCode != 400 && response.statusCode != 401) { | |
106 var reason = ''; | |
107 if (response.reasonPhrase != null && !response.reasonPhrase.isEmpty) { | |
108 ' ${response.reasonPhrase}'; | |
109 } | |
110 throw new FormatException('OAuth request for "$tokenEndpoint" failed ' | |
111 'with status ${response.statusCode}$reason.\n\n${response.body}'); | |
112 } | |
113 | |
114 var contentType = response.headers['content-type']; | |
115 if (contentType != null) { | |
116 contentType = new ContentType.fromString(contentType); | |
117 } | |
118 if (contentType == null || contentType.value != "application/json") { | |
119 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": ' | |
120 'content-type was "$contentType", expected "application/json".'); | |
121 } | |
122 | |
123 var parameters; | |
124 try { | |
125 parameters = JSON.parse(response.body); | |
126 } catch (e) { | |
127 throw new FormatException('Invalid OAuth response for ' | |
128 '"$tokenEndpoint": invalid JSON.\n\n${response.body}'); | |
129 } | |
130 | |
131 if (!parameters.containsKey('error')) { | |
132 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": ' | |
133 'did not contain required parameter "error".\n\n${response.body}'); | |
134 } else if (parameters["error"] is! String) { | |
135 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": ' | |
136 'required parameter "error" was not a string, was ' | |
137 '"${parameters["error"]}"\n\n${response.body}.'); | |
138 } | |
139 | |
140 for (var name in ['error_description', 'error_uri']) { | |
141 var value = parameters[name]; | |
142 if (value == null || value is String) continue; | |
143 throw new FormatException('Invalid OAuth response for "$tokenEndpoint": ' | |
144 'parameter "$name" was not a string, was "$value".\n\n' | |
145 '${response.body}'); | |
146 } | |
147 | |
148 var description = parameters['error_description']; | |
149 var uriString = parameters['error_uri']; | |
150 var uri = uriString == null ? null : new Uri.fromString(uriString); | |
151 throw new AuthorizationException(parameters['error'], description, uri); | |
152 } | |
OLD | NEW |