2016-08-05 22:19:38 +05:30
|
|
|
package storage
|
|
|
|
|
2016-10-06 05:20:02 +05:30
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"strings"
|
2017-08-24 05:13:01 +05:30
|
|
|
|
2019-02-22 17:49:23 +05:30
|
|
|
"github.com/dexidp/dex/pkg/log"
|
2016-10-06 05:20:02 +05:30
|
|
|
)
|
2016-08-05 22:19:38 +05:30
|
|
|
|
|
|
|
// Tests for this code are in the "memory" package, since this package doesn't
|
|
|
|
// define a concrete storage implementation.
|
|
|
|
|
|
|
|
// staticClientsStorage is a storage that only allow read-only actions on clients.
|
|
|
|
// All read actions return from the list of clients stored in memory, not the
|
|
|
|
// underlying
|
|
|
|
type staticClientsStorage struct {
|
|
|
|
Storage
|
|
|
|
|
|
|
|
// A read-only set of clients.
|
|
|
|
clients []Client
|
|
|
|
clientsByID map[string]Client
|
|
|
|
}
|
|
|
|
|
2017-03-16 05:26:47 +05:30
|
|
|
// WithStaticClients adds a read-only set of clients to the underlying storages.
|
2016-08-05 22:19:38 +05:30
|
|
|
func WithStaticClients(s Storage, staticClients []Client) Storage {
|
|
|
|
clientsByID := make(map[string]Client, len(staticClients))
|
|
|
|
for _, client := range staticClients {
|
|
|
|
clientsByID[client.ID] = client
|
|
|
|
}
|
2017-08-24 05:13:01 +05:30
|
|
|
|
2016-08-05 22:19:38 +05:30
|
|
|
return staticClientsStorage{s, staticClients, clientsByID}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticClientsStorage) GetClient(id string) (Client, error) {
|
|
|
|
if client, ok := s.clientsByID[id]; ok {
|
|
|
|
return client, nil
|
|
|
|
}
|
2017-03-16 05:26:47 +05:30
|
|
|
return s.Storage.GetClient(id)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticClientsStorage) isStatic(id string) bool {
|
|
|
|
_, ok := s.clientsByID[id]
|
|
|
|
return ok
|
2016-08-05 22:19:38 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticClientsStorage) ListClients() ([]Client, error) {
|
2017-03-16 05:26:47 +05:30
|
|
|
clients, err := s.Storage.ListClients()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
n := 0
|
|
|
|
for _, client := range clients {
|
|
|
|
// If a client in the backing storage has the same ID as a static client
|
|
|
|
// prefer the static client.
|
|
|
|
if !s.isStatic(client.ID) {
|
|
|
|
clients[n] = client
|
|
|
|
n++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return append(clients[:n], s.clients...), nil
|
2016-08-05 22:19:38 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticClientsStorage) CreateClient(c Client) error {
|
2017-03-16 05:26:47 +05:30
|
|
|
if s.isStatic(c.ID) {
|
|
|
|
return errors.New("static clients: read-only cannot create client")
|
|
|
|
}
|
|
|
|
return s.Storage.CreateClient(c)
|
2016-08-05 22:19:38 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticClientsStorage) DeleteClient(id string) error {
|
2017-03-16 05:26:47 +05:30
|
|
|
if s.isStatic(id) {
|
|
|
|
return errors.New("static clients: read-only cannot delete client")
|
|
|
|
}
|
|
|
|
return s.Storage.DeleteClient(id)
|
2016-08-05 22:19:38 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticClientsStorage) UpdateClient(id string, updater func(old Client) (Client, error)) error {
|
2017-03-16 05:26:47 +05:30
|
|
|
if s.isStatic(id) {
|
|
|
|
return errors.New("static clients: read-only cannot update client")
|
|
|
|
}
|
|
|
|
return s.Storage.UpdateClient(id, updater)
|
2016-08-05 22:19:38 +05:30
|
|
|
}
|
2016-10-06 05:20:02 +05:30
|
|
|
|
|
|
|
type staticPasswordsStorage struct {
|
|
|
|
Storage
|
|
|
|
|
2016-11-17 04:27:27 +05:30
|
|
|
// A read-only set of passwords.
|
2017-08-24 05:13:01 +05:30
|
|
|
passwords []Password
|
|
|
|
// A map of passwords that is indexed by lower-case email ids
|
2016-10-06 05:20:02 +05:30
|
|
|
passwordsByEmail map[string]Password
|
2017-08-24 05:13:01 +05:30
|
|
|
|
2019-02-22 17:49:23 +05:30
|
|
|
logger log.Logger
|
2016-10-06 05:20:02 +05:30
|
|
|
}
|
|
|
|
|
2017-08-24 05:13:01 +05:30
|
|
|
// WithStaticPasswords returns a storage with a read-only set of passwords.
|
2019-02-22 17:49:23 +05:30
|
|
|
func WithStaticPasswords(s Storage, staticPasswords []Password, logger log.Logger) Storage {
|
2016-10-06 05:20:02 +05:30
|
|
|
passwordsByEmail := make(map[string]Password, len(staticPasswords))
|
|
|
|
for _, p := range staticPasswords {
|
2020-10-18 03:24:27 +05:30
|
|
|
// Enable case insensitive email comparison.
|
2017-08-24 05:13:01 +05:30
|
|
|
lowerEmail := strings.ToLower(p.Email)
|
|
|
|
if _, ok := passwordsByEmail[lowerEmail]; ok {
|
|
|
|
logger.Errorf("Attempting to create StaticPasswords with the same email id: %s", p.Email)
|
|
|
|
}
|
|
|
|
passwordsByEmail[lowerEmail] = p
|
2016-10-06 05:20:02 +05:30
|
|
|
}
|
2017-08-24 05:13:01 +05:30
|
|
|
|
|
|
|
return staticPasswordsStorage{s, staticPasswords, passwordsByEmail, logger}
|
2016-10-06 05:20:02 +05:30
|
|
|
}
|
|
|
|
|
2017-03-16 05:26:47 +05:30
|
|
|
func (s staticPasswordsStorage) isStatic(email string) bool {
|
|
|
|
_, ok := s.passwordsByEmail[strings.ToLower(email)]
|
|
|
|
return ok
|
|
|
|
}
|
|
|
|
|
2016-10-06 05:20:02 +05:30
|
|
|
func (s staticPasswordsStorage) GetPassword(email string) (Password, error) {
|
2017-03-16 05:26:47 +05:30
|
|
|
// TODO(ericchiang): BLAH. We really need to figure out how to handle
|
|
|
|
// lower cased emails better.
|
|
|
|
email = strings.ToLower(email)
|
|
|
|
if password, ok := s.passwordsByEmail[email]; ok {
|
2016-10-06 05:20:02 +05:30
|
|
|
return password, nil
|
|
|
|
}
|
2017-03-16 05:26:47 +05:30
|
|
|
return s.Storage.GetPassword(email)
|
2016-10-06 05:20:02 +05:30
|
|
|
}
|
|
|
|
|
2016-11-17 04:27:27 +05:30
|
|
|
func (s staticPasswordsStorage) ListPasswords() ([]Password, error) {
|
2017-03-16 05:26:47 +05:30
|
|
|
passwords, err := s.Storage.ListPasswords()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
n := 0
|
|
|
|
for _, password := range passwords {
|
|
|
|
// If an entry has the same email as those provided in the static
|
|
|
|
// values, prefer the static value.
|
|
|
|
if !s.isStatic(password.Email) {
|
|
|
|
passwords[n] = password
|
|
|
|
n++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return append(passwords[:n], s.passwords...), nil
|
2016-11-17 04:27:27 +05:30
|
|
|
}
|
|
|
|
|
2016-10-06 05:20:02 +05:30
|
|
|
func (s staticPasswordsStorage) CreatePassword(p Password) error {
|
2017-03-16 05:26:47 +05:30
|
|
|
if s.isStatic(p.Email) {
|
|
|
|
return errors.New("static passwords: read-only cannot create password")
|
|
|
|
}
|
|
|
|
return s.Storage.CreatePassword(p)
|
2016-10-06 05:20:02 +05:30
|
|
|
}
|
|
|
|
|
2017-03-16 05:26:47 +05:30
|
|
|
func (s staticPasswordsStorage) DeletePassword(email string) error {
|
|
|
|
if s.isStatic(email) {
|
2017-03-30 00:02:02 +05:30
|
|
|
return errors.New("static passwords: read-only cannot delete password")
|
2017-03-16 05:26:47 +05:30
|
|
|
}
|
|
|
|
return s.Storage.DeletePassword(email)
|
2016-10-06 05:20:02 +05:30
|
|
|
}
|
|
|
|
|
2017-03-16 05:26:47 +05:30
|
|
|
func (s staticPasswordsStorage) UpdatePassword(email string, updater func(old Password) (Password, error)) error {
|
|
|
|
if s.isStatic(email) {
|
|
|
|
return errors.New("static passwords: read-only cannot update password")
|
|
|
|
}
|
|
|
|
return s.Storage.UpdatePassword(email, updater)
|
2016-10-06 05:20:02 +05:30
|
|
|
}
|
2017-04-18 04:11:41 +05:30
|
|
|
|
|
|
|
// staticConnectorsStorage represents a storage with read-only set of connectors.
|
|
|
|
type staticConnectorsStorage struct {
|
|
|
|
Storage
|
|
|
|
|
|
|
|
// A read-only set of connectors.
|
|
|
|
connectors []Connector
|
|
|
|
connectorsByID map[string]Connector
|
|
|
|
}
|
|
|
|
|
|
|
|
// WithStaticConnectors returns a storage with a read-only set of Connectors. Write actions,
|
|
|
|
// such as updating existing Connectors, will fail.
|
|
|
|
func WithStaticConnectors(s Storage, staticConnectors []Connector) Storage {
|
|
|
|
connectorsByID := make(map[string]Connector, len(staticConnectors))
|
|
|
|
for _, c := range staticConnectors {
|
|
|
|
connectorsByID[c.ID] = c
|
|
|
|
}
|
|
|
|
return staticConnectorsStorage{s, staticConnectors, connectorsByID}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticConnectorsStorage) isStatic(id string) bool {
|
|
|
|
_, ok := s.connectorsByID[id]
|
|
|
|
return ok
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticConnectorsStorage) GetConnector(id string) (Connector, error) {
|
|
|
|
if connector, ok := s.connectorsByID[id]; ok {
|
|
|
|
return connector, nil
|
|
|
|
}
|
|
|
|
return s.Storage.GetConnector(id)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticConnectorsStorage) ListConnectors() ([]Connector, error) {
|
|
|
|
connectors, err := s.Storage.ListConnectors()
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
n := 0
|
|
|
|
for _, connector := range connectors {
|
|
|
|
// If an entry has the same id as those provided in the static
|
|
|
|
// values, prefer the static value.
|
|
|
|
if !s.isStatic(connector.ID) {
|
|
|
|
connectors[n] = connector
|
|
|
|
n++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return append(connectors[:n], s.connectors...), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticConnectorsStorage) CreateConnector(c Connector) error {
|
|
|
|
if s.isStatic(c.ID) {
|
|
|
|
return errors.New("static connectors: read-only cannot create connector")
|
|
|
|
}
|
|
|
|
return s.Storage.CreateConnector(c)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticConnectorsStorage) DeleteConnector(id string) error {
|
|
|
|
if s.isStatic(id) {
|
|
|
|
return errors.New("static connectors: read-only cannot delete connector")
|
|
|
|
}
|
|
|
|
return s.Storage.DeleteConnector(id)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s staticConnectorsStorage) UpdateConnector(id string, updater func(old Connector) (Connector, error)) error {
|
|
|
|
if s.isStatic(id) {
|
|
|
|
return errors.New("static connectors: read-only cannot update connector")
|
|
|
|
}
|
|
|
|
return s.Storage.UpdateConnector(id, updater)
|
|
|
|
}
|