Merge pull request #27 from daystram/dev

Dev
daystram · Jan 17, 2021 · ac45c7c · ac45c7c
2 parents 6e1bda6 + 1ee356e
commit ac45c7c
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 11 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -95,7 +95,7 @@ deploy dev ratify-fe:
     - echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
   script:
     - cd ratify-fe
-    - cp $VUE_ENV_FILE ./.env.development
+    - cp $VUE_ENV_FILE ./.env.production
     - docker build --tag $CI_REGISTRY_IMAGE:fe-dev .
     - docker push $CI_REGISTRY_IMAGE:fe-dev
   when: manual

diff --git a/ratify-be/controllers/oauth/token.go b/ratify-be/controllers/oauth/token.go
@@ -94,23 +94,23 @@ func POSTIntrospect(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, datatransfers.APIResponse{Error: err.Error()})
 		return
 	}
-	// retrieve details
-	// TODO: allow introspecting other token types
-	var tokenInfo datatransfers.TokenIntrospection
-	if tokenInfo, err = handlers.Handler.IntrospectAccessToken(introspectRequest.Token); err != nil || !tokenInfo.Active {
-		c.JSON(http.StatusOK, tokenInfo)
-		return
-	}
-	// verify client_secret
+	// verify client_id and client_secret
 	var application models.Application
-	if application, err = handlers.Handler.RetrieveApplication(tokenInfo.ClientID); err != nil {
+	if application, err = handlers.Handler.RetrieveApplication(introspectRequest.ClientID); err != nil {
 		c.JSON(http.StatusNotFound, datatransfers.APIResponse{Error: "application not found"})
 		return
 	}
 	if err = bcrypt.CompareHashAndPassword([]byte(application.ClientSecret), []byte(introspectRequest.ClientSecret)); err != nil {
 		c.JSON(http.StatusNotFound, datatransfers.APIResponse{Error: "invalid client_secret"})
 		return
 	}
+	// introspect
+	// TODO: allow introspecting other token types
+	var tokenInfo datatransfers.TokenIntrospection
+	if tokenInfo, err = handlers.Handler.IntrospectAccessToken(introspectRequest.Token); err != nil {
+		c.JSON(http.StatusInternalServerError, datatransfers.APIResponse{Error: "failed introspecting token"})
+		return
+	}
 	c.JSON(http.StatusOK, tokenInfo)
 	return
 }

diff --git a/ratify-be/handlers/application.go b/ratify-be/handlers/application.go
@@ -39,9 +39,13 @@ func (m *module) RegisterApplication(application datatransfers.ApplicationInfo,
 
 func (m *module) RenewApplicationClientSecret(clientID string) (clientSecret string, err error) {
 	clientSecret = utils.GenerateRandomString(constants.ClientSecretLength)
+	var hashedClientSecret []byte
+	if hashedClientSecret, err = bcrypt.GenerateFromPassword([]byte(clientSecret), bcrypt.DefaultCost); err != nil {
+		return "", errors.New("failed hashing client_secret")
+	}
 	if err = m.db.applicationOrmer.UpdateApplication(models.Application{
 		ClientID:     clientID,
-		ClientSecret: clientSecret,
+		ClientSecret: string(hashedClientSecret),
 	}); err != nil {
 		return "", fmt.Errorf("error renewing application client_secret. %v", err)
 	}