forked from mystiq/dex
*: add isAdmin option to client repo when creating a client
This commit is contained in:
parent
eb6dceadfd
commit
6120f7ac05
6 changed files with 12 additions and 11 deletions
|
@ -33,7 +33,7 @@ type ClientIdentityRepo interface {
|
|||
// New registers a ClientIdentity with the repo for the given metadata.
|
||||
// An unused ID must be provided. A corresponding secret will be returned
|
||||
// in a ClientCredentials struct along with the provided ID.
|
||||
New(id string, meta oidc.ClientMetadata) (*oidc.ClientCredentials, error)
|
||||
New(id string, meta oidc.ClientMetadata, admin bool) (*oidc.ClientCredentials, error)
|
||||
|
||||
SetDexAdmin(clientID string, isAdmin bool) error
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials,
|
|||
return nil, err
|
||||
}
|
||||
|
||||
return d.ciRepo.New(clientID, meta)
|
||||
return d.ciRepo.New(clientID, meta, false)
|
||||
}
|
||||
|
||||
func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) {
|
||||
|
|
|
@ -234,7 +234,7 @@ func isAlreadyExistsErr(err error) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
|
||||
func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata, admin bool) (*oidc.ClientCredentials, error) {
|
||||
secret, err := pcrypto.RandBytes(maxSecretLength)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -244,6 +244,7 @@ func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata) (*oidc.Cli
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cim.DexAdmin = admin
|
||||
|
||||
if err := r.executor(nil).Insert(cim); err != nil {
|
||||
if isAlreadyExistsErr(err) {
|
||||
|
|
|
@ -191,7 +191,7 @@ func TestDBClientIdentityRepoMetadata(t *testing.T) {
|
|||
},
|
||||
}
|
||||
|
||||
_, err := r.New("foo", cm)
|
||||
_, err := r.New("foo", cm, false)
|
||||
if err != nil {
|
||||
t.Fatalf(err.Error())
|
||||
}
|
||||
|
@ -227,7 +227,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) {
|
|||
},
|
||||
}
|
||||
|
||||
if _, err := r.New("foo", meta1); err != nil {
|
||||
if _, err := r.New("foo", meta1, false); err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
||||
|
@ -237,7 +237,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) {
|
|||
},
|
||||
}
|
||||
|
||||
if _, err := r.New("foo", meta2); err == nil {
|
||||
if _, err := r.New("foo", meta2, false); err == nil {
|
||||
t.Fatalf("expected non-nil error")
|
||||
}
|
||||
}
|
||||
|
@ -251,7 +251,7 @@ func TestDBClientIdentityRepoAuthenticate(t *testing.T) {
|
|||
},
|
||||
}
|
||||
|
||||
cc, err := r.New("baz", cm)
|
||||
cc, err := r.New("baz", cm, false)
|
||||
if err != nil {
|
||||
t.Fatalf(err.Error())
|
||||
}
|
||||
|
@ -299,7 +299,7 @@ func TestDBClientIdentityAll(t *testing.T) {
|
|||
},
|
||||
}
|
||||
|
||||
_, err := r.New("foo", cm)
|
||||
_, err := r.New("foo", cm, false)
|
||||
if err != nil {
|
||||
t.Fatalf(err.Error())
|
||||
}
|
||||
|
@ -322,7 +322,7 @@ func TestDBClientIdentityAll(t *testing.T) {
|
|||
url.URL{Scheme: "http", Host: "foo.com", Path: "/cb"},
|
||||
},
|
||||
}
|
||||
_, err = r.New("bar", cm)
|
||||
_, err = r.New("bar", cm, false)
|
||||
if err != nil {
|
||||
t.Fatalf(err.Error())
|
||||
}
|
||||
|
|
|
@ -43,7 +43,7 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR
|
|||
return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
|
||||
}
|
||||
|
||||
creds, err := s.ClientIdentityRepo.New(id, clientMetadata)
|
||||
creds, err := s.ClientIdentityRepo.New(id, clientMetadata, false)
|
||||
if err != nil {
|
||||
log.Errorf("Failed to create new client identity: %v", err)
|
||||
return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
|
||||
|
|
|
@ -96,7 +96,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
creds, err := c.repo.New(clientID, ci.Metadata)
|
||||
creds, err := c.repo.New(clientID, ci.Metadata, false)
|
||||
if err != nil {
|
||||
log.Errorf("Failed creating client: %v", err)
|
||||
writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to create client"))
|
||||
|
|
Loading…
Reference in a new issue