|
|
|
|
@ -108,20 +108,20 @@ func (c *conn) CreateAuthRequest(a storage.AuthRequest) error {
|
|
|
|
|
insert into auth_request ( |
|
|
|
|
id, client_id, response_types, scopes, redirect_uri, nonce, state, |
|
|
|
|
force_approval_prompt, logged_in, |
|
|
|
|
claims_user_id, claims_username, claims_preferred_username,
|
|
|
|
|
claims_user_id, claims_username, claims_preferred_username, |
|
|
|
|
claims_email, claims_email_verified, claims_groups, |
|
|
|
|
connector_id, connector_data, |
|
|
|
|
connector_id, |
|
|
|
|
expiry |
|
|
|
|
) |
|
|
|
|
values ( |
|
|
|
|
$1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18 |
|
|
|
|
$1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17 |
|
|
|
|
); |
|
|
|
|
`, |
|
|
|
|
a.ID, a.ClientID, encoder(a.ResponseTypes), encoder(a.Scopes), a.RedirectURI, a.Nonce, a.State, |
|
|
|
|
a.ForceApprovalPrompt, a.LoggedIn, |
|
|
|
|
a.Claims.UserID, a.Claims.Username, a.Claims.PreferredUsername, |
|
|
|
|
a.Claims.Email, a.Claims.EmailVerified, encoder(a.Claims.Groups), |
|
|
|
|
a.ConnectorID, a.ConnectorData, |
|
|
|
|
a.ConnectorID, |
|
|
|
|
a.Expiry, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
@ -152,16 +152,16 @@ func (c *conn) UpdateAuthRequest(id string, updater func(a storage.AuthRequest)
|
|
|
|
|
claims_user_id = $9, claims_username = $10, claims_preferred_username = $11, |
|
|
|
|
claims_email = $12, claims_email_verified = $13, |
|
|
|
|
claims_groups = $14, |
|
|
|
|
connector_id = $15, connector_data = $16, |
|
|
|
|
expiry = $17 |
|
|
|
|
where id = $18; |
|
|
|
|
connector_id = $15, |
|
|
|
|
expiry = $16 |
|
|
|
|
where id = $17; |
|
|
|
|
`, |
|
|
|
|
a.ClientID, encoder(a.ResponseTypes), encoder(a.Scopes), a.RedirectURI, a.Nonce, a.State, |
|
|
|
|
a.ForceApprovalPrompt, a.LoggedIn, |
|
|
|
|
a.Claims.UserID, a.Claims.Username, a.Claims.PreferredUsername, |
|
|
|
|
a.Claims.Email, a.Claims.EmailVerified, |
|
|
|
|
encoder(a.Claims.Groups), |
|
|
|
|
a.ConnectorID, a.ConnectorData, |
|
|
|
|
a.ConnectorID, |
|
|
|
|
a.Expiry, r.ID, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
@ -178,12 +178,12 @@ func (c *conn) GetAuthRequest(id string) (storage.AuthRequest, error) {
|
|
|
|
|
|
|
|
|
|
func getAuthRequest(q querier, id string) (a storage.AuthRequest, err error) { |
|
|
|
|
err = q.QueryRow(` |
|
|
|
|
select
|
|
|
|
|
select |
|
|
|
|
id, client_id, response_types, scopes, redirect_uri, nonce, state, |
|
|
|
|
force_approval_prompt, logged_in, |
|
|
|
|
claims_user_id, claims_username, claims_preferred_username, |
|
|
|
|
claims_email, claims_email_verified, claims_groups, |
|
|
|
|
connector_id, connector_data, expiry |
|
|
|
|
connector_id, expiry |
|
|
|
|
from auth_request where id = $1; |
|
|
|
|
`, id).Scan( |
|
|
|
|
&a.ID, &a.ClientID, decoder(&a.ResponseTypes), decoder(&a.Scopes), &a.RedirectURI, &a.Nonce, &a.State, |
|
|
|
|
@ -191,7 +191,7 @@ func getAuthRequest(q querier, id string) (a storage.AuthRequest, err error) {
|
|
|
|
|
&a.Claims.UserID, &a.Claims.Username, &a.Claims.PreferredUsername, |
|
|
|
|
&a.Claims.Email, &a.Claims.EmailVerified, |
|
|
|
|
decoder(&a.Claims.Groups), |
|
|
|
|
&a.ConnectorID, &a.ConnectorData, &a.Expiry, |
|
|
|
|
&a.ConnectorID, &a.Expiry, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
if err == sql.ErrNoRows { |
|
|
|
|
@ -208,14 +208,14 @@ func (c *conn) CreateAuthCode(a storage.AuthCode) error {
|
|
|
|
|
id, client_id, scopes, nonce, redirect_uri, |
|
|
|
|
claims_user_id, claims_username, claims_preferred_username, |
|
|
|
|
claims_email, claims_email_verified, claims_groups, |
|
|
|
|
connector_id, connector_data, |
|
|
|
|
connector_id, |
|
|
|
|
expiry |
|
|
|
|
) |
|
|
|
|
values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14); |
|
|
|
|
values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13); |
|
|
|
|
`, |
|
|
|
|
a.ID, a.ClientID, encoder(a.Scopes), a.Nonce, a.RedirectURI, a.Claims.UserID, |
|
|
|
|
a.Claims.Username, a.Claims.PreferredUsername, a.Claims.Email, a.Claims.EmailVerified, |
|
|
|
|
encoder(a.Claims.Groups), a.ConnectorID, a.ConnectorData, a.Expiry, |
|
|
|
|
encoder(a.Claims.Groups), a.ConnectorID, a.Expiry, |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
@ -233,13 +233,13 @@ func (c *conn) GetAuthCode(id string) (a storage.AuthCode, err error) {
|
|
|
|
|
id, client_id, scopes, nonce, redirect_uri, |
|
|
|
|
claims_user_id, claims_username, claims_preferred_username, |
|
|
|
|
claims_email, claims_email_verified, claims_groups, |
|
|
|
|
connector_id, connector_data, |
|
|
|
|
connector_id, |
|
|
|
|
expiry |
|
|
|
|
from auth_code where id = $1; |
|
|
|
|
`, id).Scan( |
|
|
|
|
&a.ID, &a.ClientID, decoder(&a.Scopes), &a.Nonce, &a.RedirectURI, &a.Claims.UserID, |
|
|
|
|
&a.Claims.Username, &a.Claims.PreferredUsername, &a.Claims.Email, &a.Claims.EmailVerified, |
|
|
|
|
decoder(&a.Claims.Groups), &a.ConnectorID, &a.ConnectorData, &a.Expiry, |
|
|
|
|
decoder(&a.Claims.Groups), &a.ConnectorID, &a.Expiry, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
if err == sql.ErrNoRows { |
|
|
|
|
@ -256,16 +256,16 @@ func (c *conn) CreateRefresh(r storage.RefreshToken) error {
|
|
|
|
|
id, client_id, scopes, nonce, |
|
|
|
|
claims_user_id, claims_username, claims_preferred_username, |
|
|
|
|
claims_email, claims_email_verified, claims_groups, |
|
|
|
|
connector_id, connector_data, |
|
|
|
|
connector_id, |
|
|
|
|
token, created_at, last_used |
|
|
|
|
) |
|
|
|
|
values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15); |
|
|
|
|
values ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14); |
|
|
|
|
`, |
|
|
|
|
r.ID, r.ClientID, encoder(r.Scopes), r.Nonce, |
|
|
|
|
r.Claims.UserID, r.Claims.Username, r.Claims.PreferredUsername, |
|
|
|
|
r.Claims.Email, r.Claims.EmailVerified, |
|
|
|
|
encoder(r.Claims.Groups), |
|
|
|
|
r.ConnectorID, r.ConnectorData, |
|
|
|
|
r.ConnectorID, |
|
|
|
|
r.Token, r.CreatedAt, r.LastUsed, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
@ -299,18 +299,17 @@ func (c *conn) UpdateRefreshToken(id string, updater func(old storage.RefreshTok
|
|
|
|
|
claims_email_verified = $8, |
|
|
|
|
claims_groups = $9, |
|
|
|
|
connector_id = $10, |
|
|
|
|
connector_data = $11, |
|
|
|
|
token = $12, |
|
|
|
|
created_at = $13, |
|
|
|
|
last_used = $14 |
|
|
|
|
token = $11, |
|
|
|
|
created_at = $12, |
|
|
|
|
last_used = $13 |
|
|
|
|
where |
|
|
|
|
id = $15 |
|
|
|
|
id = $14 |
|
|
|
|
`, |
|
|
|
|
r.ClientID, encoder(r.Scopes), r.Nonce, |
|
|
|
|
r.Claims.UserID, r.Claims.Username, r.Claims.PreferredUsername, |
|
|
|
|
r.Claims.Email, r.Claims.EmailVerified, |
|
|
|
|
encoder(r.Claims.Groups), |
|
|
|
|
r.ConnectorID, r.ConnectorData, |
|
|
|
|
r.ConnectorID, |
|
|
|
|
r.Token, r.CreatedAt, r.LastUsed, id, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
@ -370,7 +369,7 @@ func scanRefresh(s scanner) (r storage.RefreshToken, err error) {
|
|
|
|
|
&r.Claims.UserID, &r.Claims.Username, &r.Claims.PreferredUsername, |
|
|
|
|
&r.Claims.Email, &r.Claims.EmailVerified, |
|
|
|
|
decoder(&r.Claims.Groups), |
|
|
|
|
&r.ConnectorID, &r.ConnectorData, |
|
|
|
|
&r.ConnectorID, |
|
|
|
|
&r.Token, &r.CreatedAt, &r.LastUsed, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
@ -417,7 +416,7 @@ func (c *conn) UpdateKeys(updater func(old storage.Keys) (storage.Keys, error))
|
|
|
|
|
} else { |
|
|
|
|
_, err = tx.Exec(` |
|
|
|
|
update keys |
|
|
|
|
set
|
|
|
|
|
set |
|
|
|
|
verification_keys = $1, |
|
|
|
|
signing_key = $2, |
|
|
|
|
signing_key_pub = $3, |
|
|
|
|
@ -655,13 +654,13 @@ func scanPassword(s scanner) (p storage.Password, err error) {
|
|
|
|
|
func (c *conn) CreateOfflineSessions(s storage.OfflineSessions) error { |
|
|
|
|
_, err := c.Exec(` |
|
|
|
|
insert into offline_session ( |
|
|
|
|
user_id, conn_id, refresh |
|
|
|
|
user_id, conn_id, refresh, connector_data |
|
|
|
|
) |
|
|
|
|
values ( |
|
|
|
|
$1, $2, $3 |
|
|
|
|
$1, $2, $3, $4 |
|
|
|
|
); |
|
|
|
|
`, |
|
|
|
|
s.UserID, s.ConnID, encoder(s.Refresh), |
|
|
|
|
s.UserID, s.ConnID, encoder(s.Refresh), s.ConnectorData, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
if c.alreadyExistsCheck(err) { |
|
|
|
|
@ -687,9 +686,10 @@ func (c *conn) UpdateOfflineSessions(userID string, connID string, updater func(
|
|
|
|
|
update offline_session |
|
|
|
|
set |
|
|
|
|
refresh = $1 |
|
|
|
|
where user_id = $2 AND conn_id = $3; |
|
|
|
|
connector_data = $2 |
|
|
|
|
where user_id = $3 AND conn_id = $4; |
|
|
|
|
`, |
|
|
|
|
encoder(newSession.Refresh), s.UserID, s.ConnID, |
|
|
|
|
encoder(newSession.Refresh), s.ConnectorData, s.UserID, s.ConnID, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
return fmt.Errorf("update offline session: %v", err) |
|
|
|
|
@ -705,7 +705,7 @@ func (c *conn) GetOfflineSessions(userID string, connID string) (storage.Offline
|
|
|
|
|
func getOfflineSessions(q querier, userID string, connID string) (storage.OfflineSessions, error) { |
|
|
|
|
return scanOfflineSessions(q.QueryRow(` |
|
|
|
|
select |
|
|
|
|
user_id, conn_id, refresh |
|
|
|
|
user_id, conn_id, refresh, connector_data |
|
|
|
|
from offline_session |
|
|
|
|
where user_id = $1 AND conn_id = $2; |
|
|
|
|
`, userID, connID)) |
|
|
|
|
@ -713,7 +713,7 @@ func getOfflineSessions(q querier, userID string, connID string) (storage.Offlin
|
|
|
|
|
|
|
|
|
|
func scanOfflineSessions(s scanner) (o storage.OfflineSessions, err error) { |
|
|
|
|
err = s.Scan( |
|
|
|
|
&o.UserID, &o.ConnID, decoder(&o.Refresh), |
|
|
|
|
&o.UserID, &o.ConnID, decoder(&o.Refresh), &o.ConnectorData, |
|
|
|
|
) |
|
|
|
|
if err != nil { |
|
|
|
|
if err == sql.ErrNoRows { |
|
|
|
|
@ -757,7 +757,7 @@ func (c *conn) UpdateConnector(id string, updater func(s storage.Connector) (sto
|
|
|
|
|
} |
|
|
|
|
_, err = tx.Exec(` |
|
|
|
|
update connector |
|
|
|
|
set
|
|
|
|
|
set |
|
|
|
|
type = $1, |
|
|
|
|
name = $2, |
|
|
|
|
resource_version = $3, |
|
|
|
|
|
Joel Speed
8 years ago