forked from mystiq/dex
client manager: accept full client when creating
This commit is contained in:
parent
a418e1c4e7
commit
73d9742c8b
8 changed files with 39 additions and 27 deletions
|
@ -138,7 +138,7 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem
|
||||||
}
|
}
|
||||||
|
|
||||||
// metadata is guaranteed to have at least one redirect_uri by earlier validation.
|
// metadata is guaranteed to have at least one redirect_uri by earlier validation.
|
||||||
creds, err := a.clientManager.New(cli.Metadata)
|
creds, err := a.clientManager.New(cli)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return adminschema.ClientCreateResponse{}, mapError(err)
|
return adminschema.ClientCreateResponse{}, mapError(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,11 +77,10 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T
|
||||||
return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
|
return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
cli, err := clientManager.clientFromMetadata(c.Metadata)
|
cli, err := clientManager.generateClientCredentials(c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
cli.Admin = c.Admin
|
|
||||||
|
|
||||||
_, err = clientRepo.New(tx, cli)
|
_, err = clientRepo.New(tx, cli)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -94,22 +93,22 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T
|
||||||
return clientManager, nil
|
return clientManager, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *ClientManager) New(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
|
func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error) {
|
||||||
tx, err := m.begin()
|
tx, err := m.begin()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
defer tx.Rollback()
|
defer tx.Rollback()
|
||||||
|
|
||||||
cli, err := m.clientFromMetadata(meta)
|
c, err := m.generateClientCredentials(cli)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
creds := cli.Credentials
|
creds := c.Credentials
|
||||||
|
|
||||||
// Save Client
|
// Save Client
|
||||||
_, err = m.clientRepo.New(tx, cli)
|
_, err = m.clientRepo.New(tx, c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -190,28 +189,25 @@ func (m *ClientManager) Authenticate(creds oidc.ClientCredentials) (bool, error)
|
||||||
return ok, nil
|
return ok, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *ClientManager) clientFromMetadata(meta oidc.ClientMetadata) (client.Client, error) {
|
func (m *ClientManager) generateClientCredentials(cli client.Client) (client.Client, error) {
|
||||||
// Generate Client ID
|
// Generate Client ID
|
||||||
if len(meta.RedirectURIs) < 1 {
|
if len(cli.Metadata.RedirectURIs) < 1 {
|
||||||
return client.Client{}, errors.New("no client redirect url given")
|
return cli, errors.New("no client redirect url given")
|
||||||
}
|
}
|
||||||
clientID, err := m.clientIDGenerator(meta.RedirectURIs[0].Host)
|
clientID, err := m.clientIDGenerator(cli.Metadata.RedirectURIs[0].Host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return client.Client{}, err
|
return cli, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate Secret
|
// Generate Secret
|
||||||
secret, err := m.secretGenerator()
|
secret, err := m.secretGenerator()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return client.Client{}, err
|
return cli, err
|
||||||
}
|
}
|
||||||
clientSecret := base64.URLEncoding.EncodeToString(secret)
|
clientSecret := base64.URLEncoding.EncodeToString(secret)
|
||||||
cli := client.Client{
|
cli.Credentials = oidc.ClientCredentials{
|
||||||
Credentials: oidc.ClientCredentials{
|
|
||||||
ID: clientID,
|
ID: clientID,
|
||||||
Secret: clientSecret,
|
Secret: clientSecret,
|
||||||
},
|
|
||||||
Metadata: meta,
|
|
||||||
}
|
}
|
||||||
return cli, nil
|
return cli, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -126,8 +126,10 @@ func TestAuthenticate(t *testing.T) {
|
||||||
url.URL{Scheme: "http", Host: "example.com", Path: "/cb"},
|
url.URL{Scheme: "http", Host: "example.com", Path: "/cb"},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
cli := client.Client{
|
||||||
cc, err := f.mgr.New(cm)
|
Metadata: cm,
|
||||||
|
}
|
||||||
|
cc, err := f.mgr.New(cli)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf(err.Error())
|
t.Fatalf(err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"github.com/coreos/dex/client"
|
||||||
"github.com/coreos/dex/client/manager"
|
"github.com/coreos/dex/client/manager"
|
||||||
"github.com/coreos/dex/connector"
|
"github.com/coreos/dex/connector"
|
||||||
"github.com/coreos/dex/db"
|
"github.com/coreos/dex/db"
|
||||||
|
@ -30,7 +31,10 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials,
|
||||||
if err := meta.Valid(); err != nil {
|
if err := meta.Valid(); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return d.ciManager.New(meta)
|
cli := client.Client{
|
||||||
|
Metadata: meta,
|
||||||
|
}
|
||||||
|
return d.ciManager.New(cli)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) {
|
func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) {
|
||||||
|
|
|
@ -313,8 +313,10 @@ func TestDBClientRepoAuthenticate(t *testing.T) {
|
||||||
url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
|
url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
cli := client.Client{
|
||||||
cc, err := m.New(cm)
|
Metadata: cm,
|
||||||
|
}
|
||||||
|
cc, err := m.New(cli)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf(err.Error())
|
t.Fatalf(err.Error())
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/coreos/dex/client"
|
||||||
clientmanager "github.com/coreos/dex/client/manager"
|
clientmanager "github.com/coreos/dex/client/manager"
|
||||||
"github.com/coreos/dex/db"
|
"github.com/coreos/dex/db"
|
||||||
"github.com/coreos/go-oidc/jose"
|
"github.com/coreos/go-oidc/jose"
|
||||||
|
@ -33,7 +34,10 @@ func TestClientToken(t *testing.T) {
|
||||||
dbm := db.NewMemDB()
|
dbm := db.NewMemDB()
|
||||||
clientRepo := db.NewClientRepo(dbm)
|
clientRepo := db.NewClientRepo(dbm)
|
||||||
clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbm), clientmanager.ManagerOptions{})
|
clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbm), clientmanager.ManagerOptions{})
|
||||||
creds, err := clientManager.New(clientMetadata)
|
cli := client.Client{
|
||||||
|
Metadata: clientMetadata,
|
||||||
|
}
|
||||||
|
creds, err := clientManager.New(cli)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create client: %v", err)
|
t.Fatalf("Failed to create client: %v", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/coreos/dex/client"
|
||||||
"github.com/coreos/dex/pkg/log"
|
"github.com/coreos/dex/pkg/log"
|
||||||
|
|
||||||
"github.com/coreos/go-oidc/oauth2"
|
"github.com/coreos/go-oidc/oauth2"
|
||||||
|
@ -38,7 +39,10 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR
|
||||||
}
|
}
|
||||||
|
|
||||||
// metadata is guarenteed to have at least one redirect_uri by earlier validation.
|
// metadata is guarenteed to have at least one redirect_uri by earlier validation.
|
||||||
creds, err := s.ClientManager.New(clientMetadata)
|
cli := client.Client{
|
||||||
|
Metadata: clientMetadata,
|
||||||
|
}
|
||||||
|
creds, err := s.ClientManager.New(cli)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Failed to create new client identity: %v", err)
|
log.Errorf("Failed to create new client identity: %v", err)
|
||||||
return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
|
return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
|
||||||
|
|
|
@ -87,7 +87,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
|
||||||
writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, err.Error()))
|
writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, err.Error()))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
creds, err := c.manager.New(ci.Metadata)
|
creds, err := c.manager.New(ci)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Failed creating client: %v", err)
|
log.Errorf("Failed creating client: %v", err)
|
||||||
|
|
Loading…
Reference in a new issue