Device flow token code exchange (#2)

* Added /device/token handler with associated business logic and storage tests. Perform user code exchange, flag the device code as complete. Moved device handler code into its own file for cleanliness. Cleanup * Removed PKCE code * Rate limiting for /device/token endpoint based on ietf standards * Configurable Device expiry Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
2020-01-28 14:14:30 -05:00
parent 0d1a0e4129
commit 9bbdc721d5
20 changed files with 777 additions and 274 deletions
--- a/storage/kubernetes/storage.go
+++ b/storage/kubernetes/storage.go
@@ -638,6 +638,14 @@ func (cli *client) CreateDeviceRequest(d storage.DeviceRequest) error {
 	return cli.post(resourceDeviceRequest, cli.fromStorageDeviceRequest(d))
 }

+func (cli *client) GetDeviceRequest(userCode string) (storage.DeviceRequest, error) {
+	var req DeviceRequest
+	if err := cli.get(resourceDeviceRequest, strings.ToLower(userCode), &req); err != nil {
+		return storage.DeviceRequest{}, err
+	}
+	return toStorageDeviceRequest(req), nil
+}
+
 func (cli *client) CreateDeviceToken(t storage.DeviceToken) error {
 	return cli.post(resourceDeviceToken, cli.fromStorageDeviceToken(t))
 }
@@ -649,3 +657,24 @@ func (cli *client) GetDeviceToken(deviceCode string) (storage.DeviceToken, error
 	}
 	return toStorageDeviceToken(token), nil
 }
+
+func (cli *client) getDeviceToken(deviceCode string) (t DeviceToken, err error) {
+	err = cli.get(resourceDeviceToken, deviceCode, &t)
+	return
+}
+
+func (cli *client) UpdateDeviceToken(deviceCode string, updater func(old storage.DeviceToken) (storage.DeviceToken, error)) error {
+	r, err := cli.getDeviceToken(deviceCode)
+	if err != nil {
+		return err
+	}
+	updated, err := updater(toStorageDeviceToken(r))
+	if err != nil {
+		return err
+	}
+	updated.DeviceCode = deviceCode
+
+	newToken := cli.fromStorageDeviceToken(updated)
+	newToken.ObjectMeta = r.ObjectMeta
+	return cli.put(resourceDeviceToken, r.ObjectMeta.Name, newToken)
+}
--- a/storage/kubernetes/types.go
+++ b/storage/kubernetes/types.go
@@ -672,11 +672,10 @@ type DeviceRequest struct {
 	k8sapi.TypeMeta   `json:",inline"`
 	k8sapi.ObjectMeta `json:"metadata,omitempty"`

-	DeviceCode   string    `json:"device_code,omitempty"`
-	CLientID     string    `json:"client_id,omitempty"`
-	Scopes       []string  `json:"scopes,omitempty"`
-	PkceVerifier string    `json:"pkce_verifier,omitempty"`
-	Expiry       time.Time `json:"expiry"`
+	DeviceCode string    `json:"device_code,omitempty"`
+	CLientID   string    `json:"client_id,omitempty"`
+	Scopes     []string  `json:"scopes,omitempty"`
+	Expiry     time.Time `json:"expiry"`
 }

 // AuthRequestList is a list of AuthRequests.
@@ -696,24 +695,35 @@ func (cli *client) fromStorageDeviceRequest(a storage.DeviceRequest) DeviceReque
 			Name:      strings.ToLower(a.UserCode),
 			Namespace: cli.namespace,
 		},
-		DeviceCode:   a.DeviceCode,
-		CLientID:     a.ClientID,
-		Scopes:       a.Scopes,
-		PkceVerifier: a.PkceVerifier,
-		Expiry:       a.Expiry,
+		DeviceCode: a.DeviceCode,
+		CLientID:   a.ClientID,
+		Scopes:     a.Scopes,
+		Expiry:     a.Expiry,
 	}
 	return req
 }

+func toStorageDeviceRequest(req DeviceRequest) storage.DeviceRequest {
+	return storage.DeviceRequest{
+		UserCode:   strings.ToUpper(req.ObjectMeta.Name),
+		DeviceCode: req.DeviceCode,
+		ClientID:   req.CLientID,
+		Scopes:     req.Scopes,
+		Expiry:     req.Expiry,
+	}
+}
+
 // DeviceToken is a mirrored struct from storage with JSON struct tags and
 // Kubernetes type metadata.
 type DeviceToken struct {
 	k8sapi.TypeMeta   `json:",inline"`
 	k8sapi.ObjectMeta `json:"metadata,omitempty"`

-	Status string    `json:"status,omitempty"`
-	Token  string    `json:"token,omitempty"`
-	Expiry time.Time `json:"expiry"`
+	Status              string    `json:"status,omitempty"`
+	Token               string    `json:"token,omitempty"`
+	Expiry              time.Time `json:"expiry"`
+	LastRequestTime     time.Time `json:"last_request"`
+	PollIntervalSeconds int       `json:"poll_interval"`
 }

 // DeviceTokenList is a list of DeviceTokens.
@@ -733,18 +743,22 @@ func (cli *client) fromStorageDeviceToken(t storage.DeviceToken) DeviceToken {
 			Name:      t.DeviceCode,
 			Namespace: cli.namespace,
 		},
-		Status: t.Status,
-		Token:  t.Token,
-		Expiry: t.Expiry,
+		Status:              t.Status,
+		Token:               t.Token,
+		Expiry:              t.Expiry,
+		LastRequestTime:     t.LastRequestTime,
+		PollIntervalSeconds: t.PollIntervalSeconds,
 	}
 	return req
 }

 func toStorageDeviceToken(t DeviceToken) storage.DeviceToken {
 	return storage.DeviceToken{
-		DeviceCode: t.ObjectMeta.Name,
-		Status:     t.Status,
-		Token:      t.Token,
-		Expiry:     t.Expiry,
+		DeviceCode:          t.ObjectMeta.Name,
+		Status:              t.Status,
+		Token:               t.Token,
+		Expiry:              t.Expiry,
+		LastRequestTime:     t.LastRequestTime,
+		PollIntervalSeconds: t.PollIntervalSeconds,
 	}
 }