Mainflux.mainflux/authn/service.go

// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0

package authn

import (
	"context"
	"errors"
	"time"
)

const (
	loginDuration    = 10 * time.Hour
	recoveryDuration = 5 * time.Minute
	issuerName       = "mainflux.authn"
)

var (
	// ErrUnauthorizedAccess represents unauthorized access.
	ErrUnauthorizedAccess = errors.New("unauthorized access")

	// ErrMalformedEntity indicates malformed entity specification (e.g.
	// invalid owner or ID).
	ErrMalformedEntity = errors.New("malformed entity specification")

	// ErrNotFound indicates a non-existing entity request.
	ErrNotFound = errors.New("entity not found")

	// ErrConflict indicates that entity already exists.
	ErrConflict = errors.New("entity already exists")
)

// Service specifies an API that must be fullfiled by the domain service
// implementation, and all of its decorators (e.g. logging & metrics).
type Service interface {
	// Issue issues a new Key.
	Issue(context.Context, string, Key) (Key, error)

	// Revoke removes the Key with the provided id that is
	// issued by the user identified by the provided key.
	Revoke(context.Context, string, string) error

	// Retrieve retrieves data for the Key identified by the provided
	// ID, that is issued by the user identified by the provided key.
	Retrieve(context.Context, string, string) (Key, error)

	// Identify validates token token. If token is valid, content
	// is returned. If token is invalid, or invocation failed for some
	// other reason, non-nil error value is returned in response.
	Identify(context.Context, string) (string, error)
}

var _ Service = (*service)(nil)

type service struct {
	keys      KeyRepository
	idp       IdentityProvider
	tokenizer Tokenizer
}

// New instantiates the auth service implementation.
func New(keys KeyRepository, idp IdentityProvider, tokenizer Tokenizer) Service {
	return &service{
		tokenizer: tokenizer,
		keys:      keys,
		idp:       idp,
	}
}

func (svc service) Issue(ctx context.Context, issuer string, key Key) (Key, error) {
	if key.IssuedAt.IsZero() {
		return Key{}, ErrInvalidKeyIssuedAt
	}
	switch key.Type {
	case APIKey:
		return svc.userKey(ctx, issuer, key)
	case RecoveryKey:
		return svc.tmpKey(issuer, recoveryDuration, key)
	default:
		return svc.tmpKey(issuer, loginDuration, key)
	}
}

func (svc service) Revoke(ctx context.Context, issuer, id string) error {
	email, err := svc.login(issuer)
	if err != nil {
		return err
	}

	return svc.keys.Remove(ctx, email, id)
}

func (svc service) Retrieve(ctx context.Context, issuer, id string) (Key, error) {
	email, err := svc.login(issuer)
	if err != nil {
		return Key{}, err
	}

	return svc.keys.Retrieve(ctx, email, id)
}

func (svc service) Identify(ctx context.Context, token string) (string, error) {
	c, err := svc.tokenizer.Parse(token)
	if err != nil {
		return "", err
	}

	switch c.Type {
	case APIKey:
		k, err := svc.keys.Retrieve(ctx, c.Issuer, c.ID)
		if err != nil {
			return "", err
		}
		// Auto revoke expired key.
		if k.Expired() {
			svc.keys.Remove(ctx, c.Issuer, c.ID)
			return "", ErrKeyExpired
		}
		return c.Issuer, nil
	case RecoveryKey, UserKey:
		if c.Issuer != issuerName {
			return "", ErrUnauthorizedAccess
		}
		return c.Secret, nil
	default:
		return "", ErrUnauthorizedAccess
	}
}

func (svc service) tmpKey(issuer string, duration time.Duration, key Key) (Key, error) {
	key.Secret = issuer
	key.Issuer = issuerName
	key.ExpiresAt = key.IssuedAt.Add(duration)
	val, err := svc.tokenizer.Issue(key)
	if err != nil {
		return Key{}, err
	}

	key.Secret = val
	return key, nil
}

func (svc service) userKey(ctx context.Context, issuer string, key Key) (Key, error) {
	email, err := svc.login(issuer)
	if err != nil {
		return Key{}, err
	}
	key.Issuer = email

	id, err := svc.idp.ID()
	if err != nil {
		return Key{}, err
	}
	key.ID = id

	value, err := svc.tokenizer.Issue(key)
	if err != nil {
		return Key{}, err
	}
	key.Secret = value

	if _, err := svc.keys.Save(ctx, key); err != nil {
		return Key{}, err
	}

	return key, nil
}

func (svc service) login(token string) (string, error) {
	c, err := svc.tokenizer.Parse(token)
	if err != nil {
		return "", err
	}
	// Only user key token is valid for login.
	if c.Type != UserKey {
		return "", ErrUnauthorizedAccess
	}

	if c.Secret == "" {
		return "", ErrUnauthorizedAccess
	}
	return c.Secret, nil
}
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 23:22:09 +08:00			`// Copyright (c) Mainflux`
			`// SPDX-License-Identifier: Apache-2.0`

			`package authn`

			`import (`
			`"context"`
			`"errors"`
			`"time"`
			`)`

			`const (`
Fix issuing recovery key (#1007) Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2020-01-17 01:43:06 +08:00			`loginDuration = 10 * time.Hour`
			`recoveryDuration = 5 * time.Minute`
			`issuerName = "mainflux.authn"`
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 23:22:09 +08:00			`)`

			`var (`
			`// ErrUnauthorizedAccess represents unauthorized access.`
			`ErrUnauthorizedAccess = errors.New("unauthorized access")`

			`// ErrMalformedEntity indicates malformed entity specification (e.g.`
			`// invalid owner or ID).`
			`ErrMalformedEntity = errors.New("malformed entity specification")`

			`// ErrNotFound indicates a non-existing entity request.`
			`ErrNotFound = errors.New("entity not found")`

			`// ErrConflict indicates that entity already exists.`
			`ErrConflict = errors.New("entity already exists")`
			`)`

			`// Service specifies an API that must be fullfiled by the domain service`
			`// implementation, and all of its decorators (e.g. logging & metrics).`
			`type Service interface {`
			`// Issue issues a new Key.`
			`Issue(context.Context, string, Key) (Key, error)`

			`// Revoke removes the Key with the provided id that is`
			`// issued by the user identified by the provided key.`
			`Revoke(context.Context, string, string) error`

			`// Retrieve retrieves data for the Key identified by the provided`
			`// ID, that is issued by the user identified by the provided key.`
			`Retrieve(context.Context, string, string) (Key, error)`

			`// Identify validates token token. If token is valid, content`
			`// is returned. If token is invalid, or invocation failed for some`
			`// other reason, non-nil error value is returned in response.`
			`Identify(context.Context, string) (string, error)`
			`}`

			`var _ Service = (*service)(nil)`

			`type service struct {`
			`keys KeyRepository`
			`idp IdentityProvider`
			`tokenizer Tokenizer`
			`}`

			`// New instantiates the auth service implementation.`
			`func New(keys KeyRepository, idp IdentityProvider, tokenizer Tokenizer) Service {`
			`return &service{`
			`tokenizer: tokenizer,`
			`keys: keys,`
			`idp: idp,`
			`}`
			`}`

			`func (svc service) Issue(ctx context.Context, issuer string, key Key) (Key, error) {`
			`if key.IssuedAt.IsZero() {`
			`return Key{}, ErrInvalidKeyIssuedAt`
			`}`
			`switch key.Type {`
			`case APIKey:`
			`return svc.userKey(ctx, issuer, key)`
			`case RecoveryKey:`
Fix issuing recovery key (#1007) Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2020-01-17 01:43:06 +08:00			`return svc.tmpKey(issuer, recoveryDuration, key)`
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 23:22:09 +08:00			`default:`
Fix issuing recovery key (#1007) Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2020-01-17 01:43:06 +08:00			`return svc.tmpKey(issuer, loginDuration, key)`
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 23:22:09 +08:00			`}`
			`}`

			`func (svc service) Revoke(ctx context.Context, issuer, id string) error {`
			`email, err := svc.login(issuer)`
			`if err != nil {`
			`return err`
			`}`

			`return svc.keys.Remove(ctx, email, id)`
			`}`

			`func (svc service) Retrieve(ctx context.Context, issuer, id string) (Key, error) {`
			`email, err := svc.login(issuer)`
			`if err != nil {`
			`return Key{}, err`
			`}`

			`return svc.keys.Retrieve(ctx, email, id)`
			`}`

			`func (svc service) Identify(ctx context.Context, token string) (string, error) {`
			`c, err := svc.tokenizer.Parse(token)`
			`if err != nil {`
			`return "", err`
			`}`

			`switch c.Type {`
			`case APIKey:`
			`k, err := svc.keys.Retrieve(ctx, c.Issuer, c.ID)`
			`if err != nil {`
			`return "", err`
			`}`
			`// Auto revoke expired key.`
			`if k.Expired() {`
			`svc.keys.Remove(ctx, c.Issuer, c.ID)`
			`return "", ErrKeyExpired`
			`}`
			`return c.Issuer, nil`
			`case RecoveryKey, UserKey:`
			`if c.Issuer != issuerName {`
			`return "", ErrUnauthorizedAccess`
			`}`
			`return c.Secret, nil`
			`default:`
			`return "", ErrUnauthorizedAccess`
			`}`
			`}`

Fix issuing recovery key (#1007) Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2020-01-17 01:43:06 +08:00			`func (svc service) tmpKey(issuer string, duration time.Duration, key Key) (Key, error) {`
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 23:22:09 +08:00			`key.Secret = issuer`
			`key.Issuer = issuerName`
			`key.ExpiresAt = key.IssuedAt.Add(duration)`
			`val, err := svc.tokenizer.Issue(key)`
			`if err != nil {`
			`return Key{}, err`
			`}`

			`key.Secret = val`
			`return key, nil`
			`}`

			`func (svc service) userKey(ctx context.Context, issuer string, key Key) (Key, error) {`
			`email, err := svc.login(issuer)`
			`if err != nil {`
			`return Key{}, err`
			`}`
			`key.Issuer = email`

			`id, err := svc.idp.ID()`
			`if err != nil {`
			`return Key{}, err`
			`}`
			`key.ID = id`

			`value, err := svc.tokenizer.Issue(key)`
			`if err != nil {`
			`return Key{}, err`
			`}`
			`key.Secret = value`

			`if _, err := svc.keys.Save(ctx, key); err != nil {`
			`return Key{}, err`
			`}`

			`return key, nil`
			`}`

			`func (svc service) login(token string) (string, error) {`
			`c, err := svc.tokenizer.Parse(token)`
			`if err != nil {`
			`return "", err`
			`}`
			`// Only user key token is valid for login.`
			`if c.Type != UserKey {`
			`return "", ErrUnauthorizedAccess`
			`}`

			`if c.Secret == "" {`
			`return "", ErrUnauthorizedAccess`
			`}`
			`return c.Secret, nil`
			`}`