Merge pull request #57 from LyricTian/develop

LyricTian · web-flow · commit 5e9ac5390465 · 2017-09-08T13:47:06.000+08:00
fixed the token check
diff --git a/README.md b/README.md
@@ -1,12 +1,12 @@
 # Golang OAuth 2.0
 
->  An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.
+> An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.
 
-[![License][License-Image]][License-Url] [![ReportCard][ReportCard-Image]][ReportCard-Url] [![Build][Build-Status-Image]][Build-Status-Url] [![Coverage][Coverage-Image]][Coverage-Url] [![GoDoc][GoDoc-Image]][GoDoc-Url] [![Release][Release-Image]][Release-Url] 
+[![License][License-Image]][License-Url] [![ReportCard][ReportCard-Image]][ReportCard-Url] [![Build][Build-Status-Image]][Build-Status-Url] [![Coverage][Coverage-Image]][Coverage-Url] [![GoDoc][GoDoc-Image]][GoDoc-Url]
 
 ## Protocol Flow
 
-```
+``` text
      +--------+                               +---------------+
      |        |--(A)- Authorization Request ->|   Resource    |
      |        |                               |     Owner     |
@@ -31,7 +31,7 @@
 ### Download and install
 
 ``` bash
-$ go get -u gopkg.in/oauth2.v3/...
+go get -u -v gopkg.in/oauth2.v3/...
 ```
 
 ### Create file `server.go`
@@ -96,15 +96,14 @@ func main() {
 ### Build and run
 
 ``` bash
-$ go build server.go
-$ ./server
+go build server.go
+
+./server
 ```
 
 ### Open in your web browser
 
-```
-http://localhost:9096/token?grant_type=client_credentials&client_id=000000&client_secret=999999&scope=read
-```
+[http://localhost:9096/token?grant_type=client_credentials&client_id=000000&client_secret=999999&scope=read](http://localhost:9096/token?grant_type=client_credentials&client_id=000000&client_secret=999999&scope=read)
 
 ``` json
 {
@@ -138,16 +137,12 @@ Simulation examples of authorization code model, please check [example](/example
 
 ## MIT License
 
-```
-Copyright (c) 2016 Lyric
-```
+  Copyright (c) 2016 Lyric
 
 [License-Url]: http://opensource.org/licenses/MIT
 [License-Image]: https://img.shields.io/npm/l/express.svg
 [Build-Status-Url]: https://travis-ci.org/go-oauth2/oauth2
 [Build-Status-Image]: https://travis-ci.org/go-oauth2/oauth2.svg?branch=master
-[Release-Url]: https://github.com/go-oauth2/oauth2/releases/tag/v3.7.0
-[Release-image]: http://img.shields.io/badge/release-v3.7.0-1eb0fc.svg
 [ReportCard-Url]: https://goreportcard.com/report/gopkg.in/oauth2.v3
 [ReportCard-Image]: https://goreportcard.com/badge/gopkg.in/oauth2.v3
 [GoDoc-Url]: https://godoc.org/gopkg.in/oauth2.v3
diff --git a/manage/manage_test.go b/manage/manage_test.go
@@ -73,6 +73,14 @@ func testManager(tgr *oauth2.TokenGenerateRequest, manager oauth2.Manager) {
 	So(err, ShouldBeNil)
 	So(ainfo.GetClientID(), ShouldEqual, atParams.ClientID)
 
+	arinfo, err := manager.LoadRefreshToken(accessToken)
+	So(err, ShouldNotBeNil)
+	So(arinfo, ShouldBeNil)
+
+	rainfo, err := manager.LoadAccessToken(refreshToken)
+	So(err, ShouldNotBeNil)
+	So(rainfo, ShouldBeNil)
+
 	rinfo, err := manager.LoadRefreshToken(refreshToken)
 	So(err, ShouldBeNil)
 	So(rinfo.GetClientID(), ShouldEqual, atParams.ClientID)
diff --git a/manage/manager.go b/manage/manager.go
@@ -220,7 +220,7 @@ func (m *Manager) GenerateAuthToken(rt oauth2.ResponseType, tgr *oauth2.TokenGen
 				ti.SetRefreshExpiresIn(icfg.RefreshTokenExp)
 			}
 		}
-		
+
 		err = stor.Create(ti)
 		if err != nil {
 			return
@@ -240,7 +240,7 @@ func (m *Manager) getAuthorizationCode(code string) (info oauth2.TokenInfo, err
 		if terr != nil {
 			err = terr
 			return
-		} else if ti == nil || ti.GetCodeCreateAt().Add(ti.GetCodeExpiresIn()).Before(time.Now()) {
+		} else if ti == nil || ti.GetCode() != code || ti.GetCodeCreateAt().Add(ti.GetCodeExpiresIn()).Before(time.Now()) {
 			err = errors.ErrInvalidAuthorizeCode
 			return
 		}
@@ -474,7 +474,7 @@ func (m *Manager) LoadAccessToken(access string) (info oauth2.TokenInfo, err err
 		if terr != nil {
 			err = terr
 			return
-		} else if ti == nil {
+		} else if ti == nil || ti.GetAccess() != access {
 			err = errors.ErrInvalidAccessToken
 			return
 		} else if ti.GetRefresh() != "" && ti.GetRefreshCreateAt().Add(ti.GetRefreshExpiresIn()).Before(ct) {
@@ -502,7 +502,7 @@ func (m *Manager) LoadRefreshToken(refresh string) (info oauth2.TokenInfo, err e
 		if terr != nil {
 			err = terr
 			return
-		} else if ti == nil {
+		} else if ti == nil || ti.GetRefresh() != refresh {
 			err = errors.ErrInvalidRefreshToken
 			return
 		} else if ti.GetRefreshCreateAt().Add(ti.GetRefreshExpiresIn()).Before(time.Now()) {
