dex/server/testutil.go

package server

import (
	"encoding/base64"
	"fmt"
	"net/url"
	"time"

	"github.com/coreos/go-oidc/key"
	"github.com/coreos/go-oidc/oidc"

	"github.com/coreos/dex/client"
	clientmanager "github.com/coreos/dex/client/manager"
	"github.com/coreos/dex/connector"
	"github.com/coreos/dex/db"
	"github.com/coreos/dex/email"
	sessionmanager "github.com/coreos/dex/session/manager"
	"github.com/coreos/dex/user"
	useremail "github.com/coreos/dex/user/email"
	usermanager "github.com/coreos/dex/user/manager"
)

const (
	templatesLocation      = "../static/html"
	emailTemplatesLocation = "../static/email"
)

var (
	testIssuerURL = url.URL{Scheme: "http", Host: "server.example.com"}
	testClientID  = "client.example.com"

	testRedirectURL = url.URL{Scheme: "http", Host: "client.example.com", Path: "/callback"}

	testUsers = []user.UserWithRemoteIdentities{
		{
			User: user.User{
				ID:    "ID-1",
				Email: "Email-1@example.com",
			},
			RemoteIdentities: []user.RemoteIdentity{
				{
					ConnectorID: "IDPC-1",
					ID:          "RID-1",
				},
			},
		},
		{
			User: user.User{
				ID:            "ID-Verified",
				Email:         "Email-Verified@example.com",
				EmailVerified: true,
			},
			RemoteIdentities: []user.RemoteIdentity{
				{
					ConnectorID: "IDPC-1",
					ID:          "RID-2",
				},
			},
		},
	}

	testPasswordInfos = []user.PasswordInfo{
		{
			UserID:   "ID-1",
			Password: []byte("password"),
		},
		{
			UserID:   "ID-Verified",
			Password: []byte("password"),
		},
	}

	testPrivKey, _ = key.GeneratePrivateKey()
)

type testFixtures struct {
	srv            *Server
	userRepo       user.UserRepo
	sessionManager *sessionmanager.SessionManager
	emailer        *email.TemplatizedEmailer
	redirectURL    url.URL
	clientRepo     client.ClientRepo
	clientManager  *clientmanager.ClientManager
}

func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
	x := 0
	return func() (string, error) {
		x += 1
		return fmt.Sprintf("code-%d", x), nil
	}
}

func makeTestFixtures() (*testFixtures, error) {
	dbMap := db.NewMemDB()
	userRepo, err := db.NewUserRepoFromUsers(dbMap, testUsers)
	if err != nil {
		return nil, err
	}
	pwRepo, err := db.NewPasswordInfoRepoFromPasswordInfos(dbMap, testPasswordInfos)
	if err != nil {
		return nil, err
	}

	connConfigs := []connector.ConnectorConfig{
		&connector.OIDCConnectorConfig{
			ID:           "oidc",
			IssuerURL:    testIssuerURL.String(),
			ClientID:     "12345",
			ClientSecret: "567789",
		},
		&connector.OIDCConnectorConfig{
			ID:                   "oidc-trusted",
			IssuerURL:            testIssuerURL.String(),
			ClientID:             "12345-trusted",
			ClientSecret:         "567789-trusted",
			TrustedEmailProvider: true,
		},
		&connector.LocalConnectorConfig{
			ID: "local",
		},
	}
	connCfgRepo := db.NewConnectorConfigRepo(dbMap)
	if err := connCfgRepo.Set(connConfigs); err != nil {
		return nil, err
	}

	userManager := usermanager.NewUserManager(userRepo, pwRepo, connCfgRepo, db.TransactionFactory(dbMap), usermanager.ManagerOptions{})

	sessionManager := sessionmanager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB()))
	sessionManager.GenerateCode = sequentialGenerateCodeFunc()

	emailer, err := email.NewTemplatizedEmailerFromGlobs(
		emailTemplatesLocation+"/*.txt",
		emailTemplatesLocation+"/*.html",
		&email.FakeEmailer{})
	if err != nil {
		return nil, err
	}

	clients := []client.Client{
		client.Client{
			Credentials: oidc.ClientCredentials{
				ID:     testClientID,
				Secret: base64.URLEncoding.EncodeToString([]byte("secret")),
			},
			Metadata: oidc.ClientMetadata{
				RedirectURIs: []url.URL{
					testRedirectURL,
				},
			},
		},
	}

	clientIDGenerator := func(hostport string) (string, error) {
		return hostport, nil
	}
	secGen := func() ([]byte, error) {
		return []byte("secret"), nil
	}
	clientRepo := db.NewClientRepo(dbMap)
	clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), clients, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
	if err != nil {
		return nil, err
	}
	km := key.NewPrivateKeyManager()
	err = km.Set(key.NewPrivateKeySet([]*key.PrivateKey{testPrivKey}, time.Now().Add(time.Minute)))
	if err != nil {
		return nil, err
	}

	tpl, err := getTemplates("dex",
		"https://coreos.com/assets/images/brand/coreos-mark-30px.png",
		true, templatesLocation)
	if err != nil {
		return nil, err
	}

	srv := &Server{
		IssuerURL:        testIssuerURL,
		SessionManager:   sessionManager,
		ClientRepo:       clientRepo,
		Templates:        tpl,
		UserRepo:         userRepo,
		PasswordInfoRepo: pwRepo,
		UserManager:      userManager,
		ClientManager:    clientManager,
		KeyManager:       km,
	}

	err = setTemplates(srv, tpl)
	if err != nil {
		return nil, err
	}

	for _, config := range connConfigs {
		if err := srv.AddConnector(config); err != nil {
			return nil, err
		}
	}

	srv.UserEmailer = useremail.NewUserEmailer(srv.UserRepo,
		srv.PasswordInfoRepo,
		srv.KeyManager.Signer,
		srv.SessionManager.ValidityWindow,
		srv.IssuerURL,
		emailer,
		"noreply@example.com",
		srv.absURL(httpPathResetPassword),
		srv.absURL(httpPathEmailVerify),
		srv.absURL(httpPathAcceptInvitation),
	)

	return &testFixtures{
		srv:            srv,
		redirectURL:    testRedirectURL,
		userRepo:       userRepo,
		sessionManager: sessionManager,
		emailer:        emailer,
		clientRepo:     clientRepo,
		clientManager:  clientManager,
	}, nil
}
*: move original project to dex 2015-08-18 05:57:27 +05:30			`package server`

			`import (`
*: remove in memory client repo The DB implementation expects secrets to be base64 encoded blobs. Because of this a bunch of tests broke moving to sqlite. A lot of this commit is fixing those tests. 2016-02-10 04:36:07 +05:30			`"encoding/base64"`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`"fmt"`
			`"net/url"`
			`"time"`

			`"github.com/coreos/go-oidc/key"`
			`"github.com/coreos/go-oidc/oidc"`

			`"github.com/coreos/dex/client"`
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`clientmanager "github.com/coreos/dex/client/manager"`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`"github.com/coreos/dex/connector"`
*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3. 2016-02-10 00:40:28 +05:30			`"github.com/coreos/dex/db"`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`"github.com/coreos/dex/email"`
*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3. 2016-02-10 00:40:28 +05:30			`sessionmanager "github.com/coreos/dex/session/manager"`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`"github.com/coreos/dex/user"`
			`useremail "github.com/coreos/dex/user/email"`
*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3. 2016-02-10 00:40:28 +05:30			`usermanager "github.com/coreos/dex/user/manager"`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`)`

			`const (`
			`templatesLocation = "../static/html"`
			`emailTemplatesLocation = "../static/email"`
			`)`

			`var (`
*: remove in memory client repo The DB implementation expects secrets to be base64 encoded blobs. Because of this a bunch of tests broke moving to sqlite. A lot of this commit is fixing those tests. 2016-02-10 04:36:07 +05:30			`testIssuerURL = url.URL{Scheme: "http", Host: "server.example.com"}`
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`testClientID = "client.example.com"`
*: move original project to dex 2015-08-18 05:57:27 +05:30
			`testRedirectURL = url.URL{Scheme: "http", Host: "client.example.com", Path: "/callback"}`

			`testUsers = []user.UserWithRemoteIdentities{`
			`{`
			`User: user.User{`
			`ID: "ID-1",`
			`Email: "Email-1@example.com",`
			`},`
			`RemoteIdentities: []user.RemoteIdentity{`
			`{`
			`ConnectorID: "IDPC-1",`
			`ID: "RID-1",`
			`},`
			`},`
			`},`
server: endpoint and system for sending invitations to dex An invitation allows users to both verify their email address and set a new password. 2015-11-10 04:05:11 +05:30			`{`
			`User: user.User{`
			`ID: "ID-Verified",`
			`Email: "Email-Verified@example.com",`
			`EmailVerified: true,`
			`},`
			`RemoteIdentities: []user.RemoteIdentity{`
			`{`
			`ConnectorID: "IDPC-1",`
			`ID: "RID-2",`
			`},`
			`},`
			`},`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`}`

			`testPasswordInfos = []user.PasswordInfo{`
			`{`
			`UserID: "ID-1",`
			`Password: []byte("password"),`
			`},`
server: endpoint and system for sending invitations to dex An invitation allows users to both verify their email address and set a new password. 2015-11-10 04:05:11 +05:30			`{`
			`UserID: "ID-Verified",`
			`Password: []byte("password"),`
			`},`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`}`

			`testPrivKey, _ = key.GeneratePrivateKey()`
			`)`

			`type testFixtures struct {`
*: ClientIdentityXXX -> ClientXXX Get rid of all outdated "ClientIdentity" terminology. 2016-04-15 04:57:57 +05:30			`srv *Server`
			`userRepo user.UserRepo`
			`sessionManager *sessionmanager.SessionManager`
			`emailer *email.TemplatizedEmailer`
			`redirectURL url.URL`
			`clientRepo client.ClientRepo`
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`clientManager *clientmanager.ClientManager`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`}`

*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3. 2016-02-10 00:40:28 +05:30			`func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`x := 0`
			`return func() (string, error) {`
			`x += 1`
			`return fmt.Sprintf("code-%d", x), nil`
			`}`
			`}`

			`func makeTestFixtures() (*testFixtures, error) {`
*: remove in memory user repo 2016-02-10 01:52:40 +05:30			`dbMap := db.NewMemDB()`
			`userRepo, err := db.NewUserRepoFromUsers(dbMap, testUsers)`
			`if err != nil {`
			`return nil, err`
			`}`
*: remove in memory password info repo 2016-02-10 02:27:42 +05:30			`pwRepo, err := db.NewPasswordInfoRepoFromPasswordInfos(dbMap, testPasswordInfos)`
			`if err != nil {`
			`return nil, err`
			`}`
*: move original project to dex 2015-08-18 05:57:27 +05:30
			`connConfigs := []connector.ConnectorConfig{`
			`&connector.OIDCConnectorConfig{`
			`ID: "oidc",`
			`IssuerURL: testIssuerURL.String(),`
			`ClientID: "12345",`
			`ClientSecret: "567789",`
			`},`
			`&connector.OIDCConnectorConfig{`
			`ID: "oidc-trusted",`
			`IssuerURL: testIssuerURL.String(),`
			`ClientID: "12345-trusted",`
			`ClientSecret: "567789-trusted",`
			`TrustedEmailProvider: true,`
			`},`
			`&connector.LocalConnectorConfig{`
			`ID: "local",`
			`},`
			`}`
*: remove in memory connector config repo 2016-02-10 05:14:38 +05:30			`connCfgRepo := db.NewConnectorConfigRepo(dbMap)`
			`if err := connCfgRepo.Set(connConfigs); err != nil {`
			`return nil, err`
			`}`
user/manager: connector must exists when creating remote identity Add ConnectorConfigRepo to UserManager. When trying to create a RemoteIdentity, validate that the connector ID exists. Fixes #198 2015-12-08 06:49:55 +05:30
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`userManager := usermanager.NewUserManager(userRepo, pwRepo, connCfgRepo, db.TransactionFactory(dbMap), usermanager.ManagerOptions{})`
*: move original project to dex 2015-08-18 05:57:27 +05:30
*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3. 2016-02-10 00:40:28 +05:30			`sessionManager := sessionmanager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB()))`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`sessionManager.GenerateCode = sequentialGenerateCodeFunc()`

			`emailer, err := email.NewTemplatizedEmailerFromGlobs(`
			`emailTemplatesLocation+"/*.txt",`
			`emailTemplatesLocation+"/*.html",`
			`&email.FakeEmailer{})`
			`if err != nil {`
			`return nil, err`
			`}`

client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`clients := []client.Client{`
*: Client Repo now deals with custom Client object This is instead of oidc.ClientIdentity. This makes it easier to add new fields custom to dex to the client. 2016-04-15 04:27:53 +05:30			`client.Client{`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`Credentials: oidc.ClientCredentials{`
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`ID: testClientID,`
			`Secret: base64.URLEncoding.EncodeToString([]byte("secret")),`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`},`
			`Metadata: oidc.ClientMetadata{`
*: update all to accommodate changes to go-oidc Update dex to comply with the changes to fieldnames and types of the client and provider metadata structs in coreos/go-oidc. 2016-01-13 06:46:28 +05:30			`RedirectURIs: []url.URL{`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`testRedirectURL,`
			`},`
			`},`
			`},`
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`}`

			`clientIDGenerator := func(hostport string) (string, error) {`
			`return hostport, nil`
			`}`
			`secGen := func() ([]byte, error) {`
			`return []byte("secret"), nil`
			`}`
			`clientRepo := db.NewClientRepo(dbMap)`
			`clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), clients, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})`
*: remove in memory client repo The DB implementation expects secrets to be base64 encoded blobs. Because of this a bunch of tests broke moving to sqlite. A lot of this commit is fixing those tests. 2016-02-10 04:36:07 +05:30			`if err != nil {`
			`return nil, err`
			`}`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`km := key.NewPrivateKeyManager()`
			`err = km.Set(key.NewPrivateKeySet([]*key.PrivateKey{testPrivKey}, time.Now().Add(time.Minute)))`
			`if err != nil {`
			`return nil, err`
			`}`

server: better UX when remote ID already exists Instead of cryptic message with nowhere to, give them the choice to login with that account or register. 2015-12-24 00:18:20 +05:30			`tpl, err := getTemplates("dex",`
			`"https://coreos.com/assets/images/brand/coreos-mark-30px.png",`
server,cmd: Add flag for disabling registation For situations where admins add users. 2015-10-01 05:05:58 +05:30			`true, templatesLocation)`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`if err != nil {`
			`return nil, err`
			`}`

			`srv := &Server{`
*: ClientIdentityXXX -> ClientXXX Get rid of all outdated "ClientIdentity" terminology. 2016-04-15 04:57:57 +05:30			`IssuerURL: testIssuerURL,`
			`SessionManager: sessionManager,`
			`ClientRepo: clientRepo,`
			`Templates: tpl,`
			`UserRepo: userRepo,`
			`PasswordInfoRepo: pwRepo,`
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`UserManager: userManager,`
			`ClientManager: clientManager,`
*: ClientIdentityXXX -> ClientXXX Get rid of all outdated "ClientIdentity" terminology. 2016-04-15 04:57:57 +05:30			`KeyManager: km,`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`}`

			`err = setTemplates(srv, tpl)`
			`if err != nil {`
			`return nil, err`
			`}`

			`for _, config := range connConfigs {`
			`if err := srv.AddConnector(config); err != nil {`
			`return nil, err`
			`}`
			`}`

			`srv.UserEmailer = useremail.NewUserEmailer(srv.UserRepo,`
			`srv.PasswordInfoRepo,`
			`srv.KeyManager.Signer,`
			`srv.SessionManager.ValidityWindow,`
			`srv.IssuerURL,`
			`emailer,`
			`"noreply@example.com",`
			`srv.absURL(httpPathResetPassword),`
server: endpoint and system for sending invitations to dex An invitation allows users to both verify their email address and set a new password. 2015-11-10 04:05:11 +05:30			`srv.absURL(httpPathEmailVerify),`
			`srv.absURL(httpPathAcceptInvitation),`
			`)`
*: move original project to dex 2015-08-18 05:57:27 +05:30
			`return &testFixtures{`
*: ClientIdentityXXX -> ClientXXX Get rid of all outdated "ClientIdentity" terminology. 2016-04-15 04:57:57 +05:30			`srv: srv,`
			`redirectURL: testRedirectURL,`
			`userRepo: userRepo,`
			`sessionManager: sessionManager,`
			`emailer: emailer,`
			`clientRepo: clientRepo,`
client: add client manager adds a client manager to handle business logic, leaving the repo for basic crud operations. Also adds client to the test script 2016-05-12 22:23:01 +05:30			`clientManager: clientManager,`
*: move original project to dex 2015-08-18 05:57:27 +05:30			`}, nil`
			`}`