From 73d9742c8b429f008563ccfae94e3705c4cc5c1a Mon Sep 17 00:00:00 2001 From: Evan Cordell Date: Thu, 19 May 2016 17:10:42 -0700 Subject: [PATCH] client manager: accept full client when creating --- admin/api.go | 2 +- client/manager/manager.go | 32 ++++++++++++++------------------ client/manager/manager_test.go | 6 ++++-- cmd/dexctl/driver_db.go | 6 +++++- functional/db_test.go | 6 ++++-- server/auth_middleware_test.go | 6 +++++- server/client_registration.go | 6 +++++- server/client_resource.go | 2 +- 8 files changed, 39 insertions(+), 27 deletions(-) diff --git a/admin/api.go b/admin/api.go index 6371a85b..d27bfe58 100644 --- a/admin/api.go +++ b/admin/api.go @@ -138,7 +138,7 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem } // metadata is guaranteed to have at least one redirect_uri by earlier validation. - creds, err := a.clientManager.New(cli.Metadata) + creds, err := a.clientManager.New(cli) if err != nil { return adminschema.ClientCreateResponse{}, mapError(err) } diff --git a/client/manager/manager.go b/client/manager/manager.go index 4eb930da..7435cf2c 100644 --- a/client/manager/manager.go +++ b/client/manager/manager.go @@ -77,11 +77,10 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID) } - cli, err := clientManager.clientFromMetadata(c.Metadata) + cli, err := clientManager.generateClientCredentials(c) if err != nil { return nil, err } - cli.Admin = c.Admin _, err = clientRepo.New(tx, cli) if err != nil { @@ -94,22 +93,22 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T return clientManager, nil } -func (m *ClientManager) New(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) { +func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error) { tx, err := m.begin() if err != nil { return nil, err } defer tx.Rollback() - cli, err := m.clientFromMetadata(meta) + c, err := m.generateClientCredentials(cli) if err != nil { return nil, err } - creds := cli.Credentials + creds := c.Credentials // Save Client - _, err = m.clientRepo.New(tx, cli) + _, err = m.clientRepo.New(tx, c) if err != nil { return nil, err } @@ -190,28 +189,25 @@ func (m *ClientManager) Authenticate(creds oidc.ClientCredentials) (bool, error) return ok, nil } -func (m *ClientManager) clientFromMetadata(meta oidc.ClientMetadata) (client.Client, error) { +func (m *ClientManager) generateClientCredentials(cli client.Client) (client.Client, error) { // Generate Client ID - if len(meta.RedirectURIs) < 1 { - return client.Client{}, errors.New("no client redirect url given") + if len(cli.Metadata.RedirectURIs) < 1 { + return cli, errors.New("no client redirect url given") } - clientID, err := m.clientIDGenerator(meta.RedirectURIs[0].Host) + clientID, err := m.clientIDGenerator(cli.Metadata.RedirectURIs[0].Host) if err != nil { - return client.Client{}, err + return cli, err } // Generate Secret secret, err := m.secretGenerator() if err != nil { - return client.Client{}, err + return cli, err } clientSecret := base64.URLEncoding.EncodeToString(secret) - cli := client.Client{ - Credentials: oidc.ClientCredentials{ - ID: clientID, - Secret: clientSecret, - }, - Metadata: meta, + cli.Credentials = oidc.ClientCredentials{ + ID: clientID, + Secret: clientSecret, } return cli, nil } diff --git a/client/manager/manager_test.go b/client/manager/manager_test.go index 73501d18..62c4c520 100644 --- a/client/manager/manager_test.go +++ b/client/manager/manager_test.go @@ -126,8 +126,10 @@ func TestAuthenticate(t *testing.T) { url.URL{Scheme: "http", Host: "example.com", Path: "/cb"}, }, } - - cc, err := f.mgr.New(cm) + cli := client.Client{ + Metadata: cm, + } + cc, err := f.mgr.New(cli) if err != nil { t.Fatalf(err.Error()) } diff --git a/cmd/dexctl/driver_db.go b/cmd/dexctl/driver_db.go index 3e434d3b..19bfc9f1 100644 --- a/cmd/dexctl/driver_db.go +++ b/cmd/dexctl/driver_db.go @@ -1,6 +1,7 @@ package main import ( + "github.com/coreos/dex/client" "github.com/coreos/dex/client/manager" "github.com/coreos/dex/connector" "github.com/coreos/dex/db" @@ -30,7 +31,10 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials, if err := meta.Valid(); err != nil { return nil, err } - return d.ciManager.New(meta) + cli := client.Client{ + Metadata: meta, + } + return d.ciManager.New(cli) } func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) { diff --git a/functional/db_test.go b/functional/db_test.go index 0163c235..c8322afd 100644 --- a/functional/db_test.go +++ b/functional/db_test.go @@ -313,8 +313,10 @@ func TestDBClientRepoAuthenticate(t *testing.T) { url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"}, }, } - - cc, err := m.New(cm) + cli := client.Client{ + Metadata: cm, + } + cc, err := m.New(cli) if err != nil { t.Fatalf(err.Error()) } diff --git a/server/auth_middleware_test.go b/server/auth_middleware_test.go index 7abe6eca..568f0564 100644 --- a/server/auth_middleware_test.go +++ b/server/auth_middleware_test.go @@ -8,6 +8,7 @@ import ( "testing" "time" + "github.com/coreos/dex/client" clientmanager "github.com/coreos/dex/client/manager" "github.com/coreos/dex/db" "github.com/coreos/go-oidc/jose" @@ -33,7 +34,10 @@ func TestClientToken(t *testing.T) { dbm := db.NewMemDB() clientRepo := db.NewClientRepo(dbm) clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbm), clientmanager.ManagerOptions{}) - creds, err := clientManager.New(clientMetadata) + cli := client.Client{ + Metadata: clientMetadata, + } + creds, err := clientManager.New(cli) if err != nil { t.Fatalf("Failed to create client: %v", err) } diff --git a/server/client_registration.go b/server/client_registration.go index 608f0d37..0de3490a 100644 --- a/server/client_registration.go +++ b/server/client_registration.go @@ -4,6 +4,7 @@ import ( "encoding/json" "net/http" + "github.com/coreos/dex/client" "github.com/coreos/dex/pkg/log" "github.com/coreos/go-oidc/oauth2" @@ -38,7 +39,10 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR } // metadata is guarenteed to have at least one redirect_uri by earlier validation. - creds, err := s.ClientManager.New(clientMetadata) + cli := client.Client{ + Metadata: clientMetadata, + } + creds, err := s.ClientManager.New(cli) if err != nil { log.Errorf("Failed to create new client identity: %v", err) return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata") diff --git a/server/client_resource.go b/server/client_resource.go index c38cacfa..b00cbee9 100644 --- a/server/client_resource.go +++ b/server/client_resource.go @@ -87,7 +87,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) { writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, err.Error())) return } - creds, err := c.manager.New(ci.Metadata) + creds, err := c.manager.New(ci) if err != nil { log.Errorf("Failed creating client: %v", err)