(w *Response, r *http.Request)
| 284 | } |
| 285 | |
| 286 | func (s *Server) handleRefreshTokenRequest(w *Response, r *http.Request) *AccessRequest { |
| 287 | // get client authentication |
| 288 | auth := s.getClientAuth(w, r, s.Config.AllowClientSecretInParams) |
| 289 | if auth == nil { |
| 290 | return nil |
| 291 | } |
| 292 | |
| 293 | // generate access token |
| 294 | ret := &AccessRequest{ |
| 295 | Type: REFRESH_TOKEN, |
| 296 | Code: r.FormValue("refresh_token"), |
| 297 | Scope: r.FormValue("scope"), |
| 298 | GenerateRefresh: true, |
| 299 | Expiration: s.Config.AccessExpiration, |
| 300 | HttpRequest: r, |
| 301 | } |
| 302 | |
| 303 | // "refresh_token" is required |
| 304 | if ret.Code == "" { |
| 305 | s.setErrorAndLog(w, E_INVALID_GRANT, nil, "refresh_token=%s", "refresh_token is required") |
| 306 | return nil |
| 307 | } |
| 308 | |
| 309 | // must have a valid client |
| 310 | if ret.Client = s.getClient(auth, w.Storage, w); ret.Client == nil { |
| 311 | return nil |
| 312 | } |
| 313 | |
| 314 | // must be a valid refresh code |
| 315 | var err error |
| 316 | ret.AccessData, err = w.Storage.LoadRefresh(ret.Code) |
| 317 | if err != nil { |
| 318 | s.setErrorAndLog(w, E_INVALID_GRANT, err, "refresh_token=%s", "error loading access data") |
| 319 | return nil |
| 320 | } |
| 321 | if ret.AccessData == nil { |
| 322 | s.setErrorAndLog(w, E_UNAUTHORIZED_CLIENT, nil, "refresh_token=%s", "access data is nil") |
| 323 | return nil |
| 324 | } |
| 325 | if ret.AccessData.Client == nil { |
| 326 | s.setErrorAndLog(w, E_UNAUTHORIZED_CLIENT, nil, "refresh_token=%s", "access data client is nil") |
| 327 | return nil |
| 328 | } |
| 329 | if ret.AccessData.Client.GetRedirectUri() == "" { |
| 330 | s.setErrorAndLog(w, E_UNAUTHORIZED_CLIENT, nil, "refresh_token=%s", "access data client redirect uri is empty") |
| 331 | return nil |
| 332 | } |
| 333 | |
| 334 | // client must be the same as the previous token |
| 335 | if ret.AccessData.Client.GetId() != ret.Client.GetId() { |
| 336 | s.setErrorAndLog(w, E_INVALID_CLIENT, errors.New("Client id must be the same from previous token"), "refresh_token=%s, current=%v, previous=%v", "client mismatch", ret.Client.GetId(), ret.AccessData.Client.GetId()) |
| 337 | return nil |
| 338 | |
| 339 | } |
| 340 | |
| 341 | // set rest of data |
| 342 | ret.RedirectUri = ret.AccessData.RedirectUri |
| 343 | ret.UserData = ret.AccessData.UserData |
no test coverage detected