Skip to content

Commit

Permalink
get impersonate token
Browse files Browse the repository at this point in the history
  • Loading branch information
@BeautifuLie
BeautifuLie committed Jul 18, 2023
1 parent 9ea9a93 commit 40a7443
Showing 1 changed file with 76 additions and 0 deletions.
76 changes: 76 additions & 0 deletions web/api/login.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,3 +383,79 @@ func (ar *Router) loginFlow(app model.AppData, user model.User, requestedScopes
result.User = user
return result, nil
}

type impersonateData struct {
login
DeviceToken string `json:"device_token,omitempty"`
Scopes []string `json:"scopes,omitempty"`
}

// GetImpersonateToken returns a token that allows to impersonate a user.
func (ar *Router) GetImpersonateToken() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
locale := r.Header.Get("Accept-Language")

ld := impersonateData{}
if ar.MustParseJSON(w, r, &ld) != nil {
return
}

if err := ld.validate(); err != nil {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorAPIRequestBodyInvalidError, err)
return
}

if err := ar.checkSupportedWays(ld.login); err != nil {
ar.Error(w, locale, http.StatusBadRequest, l.APIAPPUsernameLoginNotSupported)
return
}

var err error
var user model.User

if len(ld.Email) > 0 {
user, err = ar.server.Storages().User.UserByEmail(ld.Email)
if err != nil {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorAPIRequestIncorrectLoginOrPassword)
return
}
} else {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorAPIRequestBodyEmailInvalid)
return
}

app := middleware.AppFromContext(r.Context())
if len(app.ID) == 0 {
ar.Error(w, locale, http.StatusBadRequest, l.ErrorAPIAPPNoAPPInContext)
return
}

impersonateToken, err := ar.getImpersonateAccessToken(user, ld.Scopes, app)
if err != nil {
ar.Error(w, locale, http.StatusInternalServerError, l.ErrorAPILoginError, err)
return
}

ar.ServeJSON(w, locale, http.StatusOK, impersonateToken)
}
}

// getImpersonateAccessToken creates and returns access token for a user.
func (ar *Router) getImpersonateAccessToken(user model.User, scopes []string, app model.AppData) (string, error) {
tokenPayload, err := ar.getTokenPayloadForApp(app, user.ID)
if err != nil {
return "", err
}

token, err := ar.server.Services().Token.NewAccessToken(user, scopes, app, false, tokenPayload)
if err != nil {
return "", err
}

accessTokenString, err := ar.server.Services().Token.String(token)
if err != nil {
return "", err
}

return accessTokenString, nil
}

0 comments on commit 40a7443

Please sign in to comment.