2014-05-14 23:09:20 +00:00
|
|
|
/*
|
Rename import paths from camlistore.org to perkeep.org.
Part of the project renaming, issue #981.
After this, users will need to mv their $GOPATH/src/camlistore.org to
$GOPATH/src/perkeep.org. Sorry.
This doesn't yet rename the tools like camlistored, camput, camget,
camtool, etc.
Also, this only moves the lru package to internal. More will move to
internal later.
Also, this doesn't yet remove the "/pkg/" directory. That'll likely
happen later.
This updates some docs, but not all.
devcam test now passes again, even with Go 1.10 (which requires vet
checks are clean too). So a bunch of vet tests are fixed in this CL
too, and a bunch of other broken tests are now fixed (introduced from
the past week of merging the CL backlog).
Change-Id: If580db1691b5b99f8ed6195070789b1f44877dd4
2018-01-01 22:41:41 +00:00
|
|
|
Copyright 2014 The Perkeep Authors
|
2014-05-14 23:09:20 +00:00
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package importer
|
|
|
|
|
|
|
|
import (
|
2017-11-26 09:05:38 +00:00
|
|
|
"context"
|
2014-05-14 23:09:20 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
"strings"
|
|
|
|
|
2016-04-20 23:43:47 +00:00
|
|
|
"github.com/garyburd/go-oauth/oauth"
|
2018-01-03 05:03:30 +00:00
|
|
|
"perkeep.org/internal/httputil"
|
Rename import paths from camlistore.org to perkeep.org.
Part of the project renaming, issue #981.
After this, users will need to mv their $GOPATH/src/camlistore.org to
$GOPATH/src/perkeep.org. Sorry.
This doesn't yet rename the tools like camlistored, camput, camget,
camtool, etc.
Also, this only moves the lru package to internal. More will move to
internal later.
Also, this doesn't yet remove the "/pkg/" directory. That'll likely
happen later.
This updates some docs, but not all.
devcam test now passes again, even with Go 1.10 (which requires vet
checks are clean too). So a bunch of vet tests are fixed in this CL
too, and a bunch of other broken tests are now fixed (introduced from
the past week of merging the CL backlog).
Change-Id: If580db1691b5b99f8ed6195070789b1f44877dd4
2018-01-01 22:41:41 +00:00
|
|
|
"perkeep.org/pkg/blob"
|
2015-12-16 00:22:48 +00:00
|
|
|
|
|
|
|
"go4.org/ctxutil"
|
2014-05-14 23:09:20 +00:00
|
|
|
)
|
|
|
|
|
2014-05-17 00:10:36 +00:00
|
|
|
const (
|
|
|
|
AcctAttrTempToken = "oauthTempToken"
|
|
|
|
AcctAttrTempSecret = "oauthTempSecret"
|
|
|
|
AcctAttrAccessToken = "oauthAccessToken"
|
|
|
|
AcctAttrAccessTokenSecret = "oauthAccessTokenSecret"
|
|
|
|
)
|
|
|
|
|
2014-05-14 23:09:20 +00:00
|
|
|
// OAuth1 provides methods that the importer implementations can use to
|
|
|
|
// help with OAuth authentication.
|
|
|
|
type OAuth1 struct{}
|
|
|
|
|
|
|
|
func (OAuth1) CallbackRequestAccount(r *http.Request) (blob.Ref, error) {
|
|
|
|
acctRef, ok := blob.Parse(r.FormValue("acct"))
|
|
|
|
if !ok {
|
|
|
|
return blob.Ref{}, errors.New("missing 'acct=' blobref param")
|
|
|
|
}
|
|
|
|
return acctRef, nil
|
|
|
|
}
|
|
|
|
|
2014-04-01 14:17:16 +00:00
|
|
|
func (OAuth1) CallbackURLParameters(acctRef blob.Ref) url.Values {
|
|
|
|
v := url.Values{}
|
|
|
|
v.Add("acct", acctRef.String())
|
|
|
|
return v
|
2014-05-14 23:09:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// OAuth2 provides methods that the importer implementations can use to
|
|
|
|
// help with OAuth2 authentication.
|
|
|
|
type OAuth2 struct{}
|
|
|
|
|
|
|
|
func (OAuth2) CallbackRequestAccount(r *http.Request) (blob.Ref, error) {
|
|
|
|
state := r.FormValue("state")
|
|
|
|
if state == "" {
|
|
|
|
return blob.Ref{}, errors.New("missing 'state' parameter")
|
|
|
|
}
|
|
|
|
if !strings.HasPrefix(state, "acct:") {
|
2017-12-10 09:13:00 +00:00
|
|
|
return blob.Ref{}, errors.New("wrong 'state' parameter value, missing 'acct:' prefix")
|
2014-05-14 23:09:20 +00:00
|
|
|
}
|
|
|
|
acctRef, ok := blob.Parse(strings.TrimPrefix(state, "acct:"))
|
|
|
|
if !ok {
|
|
|
|
return blob.Ref{}, errors.New("invalid account blobref in 'state' parameter")
|
|
|
|
}
|
|
|
|
return acctRef, nil
|
|
|
|
}
|
|
|
|
|
2014-04-01 14:17:16 +00:00
|
|
|
func (OAuth2) CallbackURLParameters(acctRef blob.Ref) url.Values {
|
|
|
|
v := url.Values{}
|
|
|
|
v.Set("state", "acct:"+acctRef.String())
|
|
|
|
return v
|
2014-05-14 23:09:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// RedirectURL returns the redirect URI that imp should set in an oauth.Config
|
|
|
|
// for the authorization phase of OAuth2 authentication.
|
|
|
|
func (OAuth2) RedirectURL(imp Importer, ctx *SetupContext) string {
|
|
|
|
// We strip our callback URL of its query component, because the Redirect URI
|
|
|
|
// we send during authorization has to match exactly the registered redirect
|
|
|
|
// URI(s). This query component should be stored in the "state" paremeter instead.
|
|
|
|
// See http://tools.ietf.org/html/rfc6749#section-3.1.2.2
|
|
|
|
fullCallback := ctx.CallbackURL()
|
|
|
|
queryPart := imp.CallbackURLParameters(ctx.AccountNode.PermanodeRef())
|
2014-04-01 14:17:16 +00:00
|
|
|
if len(queryPart) == 0 {
|
|
|
|
log.Printf("WARNING: callback URL %q has no query component", fullCallback)
|
|
|
|
}
|
|
|
|
u, _ := url.Parse(fullCallback)
|
|
|
|
v := u.Query()
|
|
|
|
// remove query params in CallbackURLParameters
|
|
|
|
for k := range queryPart {
|
|
|
|
v.Del(k)
|
|
|
|
}
|
|
|
|
u.RawQuery = v.Encode()
|
|
|
|
return u.String()
|
2014-05-14 23:09:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// RedirectState returns the "state" query parameter that should be used for the authorization
|
|
|
|
// phase of OAuth2 authentication. This parameter contains the query component of the redirection
|
|
|
|
// URI. See http://tools.ietf.org/html/rfc6749#section-3.1.2.2
|
|
|
|
func (OAuth2) RedirectState(imp Importer, ctx *SetupContext) (state string, err error) {
|
2014-04-01 14:17:16 +00:00
|
|
|
m := imp.CallbackURLParameters(ctx.AccountNode.PermanodeRef())
|
2014-05-14 23:09:20 +00:00
|
|
|
state = m.Get("state")
|
|
|
|
if state == "" {
|
|
|
|
return "", errors.New("\"state\" not found in callback parameters")
|
|
|
|
}
|
|
|
|
return state, nil
|
|
|
|
}
|
2014-04-01 14:17:16 +00:00
|
|
|
|
|
|
|
// IsAccountReady returns whether the account has been properly configured
|
|
|
|
// - whether the user ID and access token has been stored in the given account node.
|
|
|
|
func (OAuth2) IsAccountReady(acctNode *Object) (ok bool, err error) {
|
|
|
|
if acctNode.Attr(AcctAttrUserID) != "" &&
|
|
|
|
acctNode.Attr(AcctAttrAccessToken) != "" {
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// SummarizeAccount returns a summary for the account if it is configured,
|
|
|
|
// or an error string otherwise.
|
|
|
|
func (im OAuth2) SummarizeAccount(acct *Object) string {
|
|
|
|
ok, err := im.IsAccountReady(acct)
|
|
|
|
if err != nil {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
if !ok {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
if acct.Attr(AcctAttrGivenName) == "" &&
|
|
|
|
acct.Attr(AcctAttrFamilyName) == "" {
|
|
|
|
return fmt.Sprintf("userid %s", acct.Attr(AcctAttrUserID))
|
|
|
|
}
|
|
|
|
return fmt.Sprintf("userid %s (%s %s)",
|
|
|
|
acct.Attr(AcctAttrUserID),
|
|
|
|
acct.Attr(AcctAttrGivenName),
|
|
|
|
acct.Attr(AcctAttrFamilyName))
|
|
|
|
}
|
2014-08-01 17:39:49 +00:00
|
|
|
|
|
|
|
// OAuthContext wraps the OAuth1 state needed to perform API calls.
|
|
|
|
//
|
|
|
|
// It is used as a value type.
|
|
|
|
type OAuthContext struct {
|
2015-12-12 21:47:31 +00:00
|
|
|
Ctx context.Context
|
2014-08-01 17:39:49 +00:00
|
|
|
Client *oauth.Client
|
|
|
|
Creds *oauth.Credentials
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get fetches through octx the resource defined by url and the values in form.
|
|
|
|
func (octx OAuthContext) Get(url string, form url.Values) (*http.Response, error) {
|
|
|
|
if octx.Creds == nil {
|
2017-12-10 09:13:00 +00:00
|
|
|
return nil, errors.New("no OAuth credentials. Not logged in?")
|
2014-08-01 17:39:49 +00:00
|
|
|
}
|
|
|
|
if octx.Client == nil {
|
2017-12-10 09:13:00 +00:00
|
|
|
return nil, errors.New("no OAuth client")
|
2014-08-01 17:39:49 +00:00
|
|
|
}
|
2015-12-16 00:22:48 +00:00
|
|
|
res, err := octx.Client.Get(ctxutil.Client(octx.Ctx), octx.Creds, url, form)
|
2014-08-01 17:39:49 +00:00
|
|
|
if err != nil {
|
2017-12-10 09:13:00 +00:00
|
|
|
return nil, fmt.Errorf("error fetching %s: %v", url, err)
|
2014-08-01 17:39:49 +00:00
|
|
|
}
|
|
|
|
if res.StatusCode != http.StatusOK {
|
2017-12-10 09:13:00 +00:00
|
|
|
return nil, fmt.Errorf("get request on %s failed with: %s", url, res.Status)
|
2014-08-01 17:39:49 +00:00
|
|
|
}
|
|
|
|
return res, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// PopulateJSONFromURL makes a GET call at apiURL, using keyval as parameters of
|
|
|
|
// the associated form. The JSON response is decoded into result.
|
2017-12-11 02:07:07 +00:00
|
|
|
func (octx OAuthContext) PopulateJSONFromURL(result interface{}, apiURL string, keyval ...string) error {
|
2014-08-01 17:39:49 +00:00
|
|
|
if len(keyval)%2 == 1 {
|
2017-12-10 09:13:00 +00:00
|
|
|
return errors.New("incorrect number of keyval arguments. must be even")
|
2014-08-01 17:39:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
form := url.Values{}
|
|
|
|
for i := 0; i < len(keyval); i += 2 {
|
|
|
|
form.Set(keyval[i], keyval[i+1])
|
|
|
|
}
|
|
|
|
|
2017-12-11 02:07:07 +00:00
|
|
|
hres, err := octx.Get(apiURL, form)
|
2014-08-01 17:39:49 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
err = httputil.DecodeJSON(hres, result)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not parse response for %s: %v", apiURL, err)
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
2014-08-01 23:37:39 +00:00
|
|
|
|
|
|
|
// OAuthURIs holds the URIs needed to initialize an OAuth 1 client.
|
|
|
|
type OAuthURIs struct {
|
|
|
|
TemporaryCredentialRequestURI string
|
|
|
|
ResourceOwnerAuthorizationURI string
|
|
|
|
TokenRequestURI string
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewOAuthClient returns an oauth Client configured with uris and the
|
|
|
|
// credentials obtained from ctx.
|
|
|
|
func (ctx *SetupContext) NewOAuthClient(uris OAuthURIs) (*oauth.Client, error) {
|
2018-01-08 02:52:27 +00:00
|
|
|
clientID, secret, err := ctx.Credentials()
|
2014-08-01 23:37:39 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &oauth.Client{
|
|
|
|
TemporaryCredentialRequestURI: uris.TemporaryCredentialRequestURI,
|
|
|
|
ResourceOwnerAuthorizationURI: uris.ResourceOwnerAuthorizationURI,
|
|
|
|
TokenRequestURI: uris.TokenRequestURI,
|
|
|
|
Credentials: oauth.Credentials{
|
2018-01-08 02:52:27 +00:00
|
|
|
Token: clientID,
|
2014-08-01 23:37:39 +00:00
|
|
|
Secret: secret,
|
|
|
|
},
|
|
|
|
}, nil
|
|
|
|
}
|