Skip to content

Commit

Permalink
only set expiration times from default values when existing is zero
Browse files Browse the repository at this point in the history 
This commit fixes an issue where the the various flows would override
previously set expiration times unconditionally.

closes ory#211
  • Loading branch information
@kujenga
kujenga committed Nov 15, 2017
1 parent dd9398e commit 0b10d8f
Show file tree
Hide file tree
Showing 6 changed files with 18 additions and 6 deletions.
4 changes: 3 additions & 1 deletion handler/oauth2/flow_authorize_code_auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,9 @@ func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context,
return errors.Wrap(fosite.ErrServerError, err.Error())
}

ar.GetSession().SetExpiresAt(fosite.AuthorizeCode, time.Now().Add(c.AuthCodeLifespan))
if ar.GetSession().GetExpiresAt(fosite.AuthorizeCode).IsZero() {
ar.GetSession().SetExpiresAt(fosite.AuthorizeCode, time.Now().Add(c.AuthCodeLifespan))
}
if err := c.CoreStorage.CreateAuthorizeCodeSession(ctx, signature, ar); err != nil {
return errors.Wrap(fosite.ErrServerError, err.Error())
}
Expand Down
4 changes: 3 additions & 1 deletion handler/oauth2/flow_authorize_code_token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,9 @@ func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.C
// client MUST authenticate with the authorization server as described
// in Section 3.2.1.
request.SetSession(authorizeRequest.GetSession())
request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
if request.GetSession().GetExpiresAt(fosite.AccessToken).IsZero() {
request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
}
return nil
}

Expand Down
4 changes: 3 additions & 1 deletion handler/oauth2/flow_authorize_implicit.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,9 @@ func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx c
}

func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error {
ar.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
if ar.GetSession().GetExpiresAt(fosite.AccessToken).IsZero() {
ar.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
}

// Generate the code
token, signature, err := c.AccessTokenStrategy.GenerateAccessToken(ctx, ar)
Expand Down
4 changes: 3 additions & 1 deletion handler/oauth2/flow_client_credentials.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,9 @@ func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Con
}
// if the client is not public, he has already been authenticated by the access request handler.

request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
if request.GetSession().GetExpiresAt(fosite.AccessToken).IsZero() {
request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
}
return nil
}

Expand Down
4 changes: 3 additions & 1 deletion handler/oauth2/flow_refresh.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,9 @@ func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Contex
request.GrantScope(scope)
}

request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
if request.GetSession().GetExpiresAt(fosite.AccessToken).IsZero() {
request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
}
return nil
}

Expand Down
4 changes: 3 additions & 1 deletion handler/oauth2/flow_resource_owner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,9 @@ func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointReques
// Credentials must not be passed around, potentially leaking to the database!
delete(request.GetRequestForm(), "password")

request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
if request.GetSession().GetExpiresAt(fosite.AccessToken).IsZero() {
request.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().Add(c.AccessTokenLifespan))
}
return nil
}

Expand Down

0 comments on commit 0b10d8f

Please sign in to comment.