forked from mystiq/dex
server: add more validation to --no-db static file parsing
In #393 the format of the static user file in --no-db mode changed. However, the old format loads without error, which has caused issues for developers with existing user files. Add an explicit check to ensure the file is not using the old format. If they are, print a better error message.
This commit is contained in:
parent
ed89be44ef
commit
7858da565f
2 changed files with 38 additions and 2 deletions
|
@ -184,6 +184,10 @@ func loadUsersFromReader(r io.Reader) (users []user.UserWithRemoteIdentities, pw
|
||||||
user.User
|
user.User
|
||||||
Password string `json:"password"`
|
Password string `json:"password"`
|
||||||
RemoteIdentities []user.RemoteIdentity `json:"remoteIdentities"`
|
RemoteIdentities []user.RemoteIdentity `json:"remoteIdentities"`
|
||||||
|
|
||||||
|
// The old format stored all user data under the "user" key.
|
||||||
|
// Attempt to detect that, and print an better error.
|
||||||
|
OldUserFields map[string]string `json:"user"`
|
||||||
}
|
}
|
||||||
if err := json.NewDecoder(r).Decode(&configUsers); err != nil {
|
if err := json.NewDecoder(r).Decode(&configUsers); err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
|
@ -193,6 +197,10 @@ func loadUsersFromReader(r io.Reader) (users []user.UserWithRemoteIdentities, pw
|
||||||
pwis = make([]user.PasswordInfo, len(configUsers))
|
pwis = make([]user.PasswordInfo, len(configUsers))
|
||||||
|
|
||||||
for i, u := range configUsers {
|
for i, u := range configUsers {
|
||||||
|
if u.OldUserFields != nil {
|
||||||
|
return nil, nil, fmt.Errorf("Static user file is using an outdated format. Please refer to example in static/fixtures.")
|
||||||
|
}
|
||||||
|
|
||||||
users[i] = user.UserWithRemoteIdentities{
|
users[i] = user.UserWithRemoteIdentities{
|
||||||
User: u.User,
|
User: u.User,
|
||||||
RemoteIdentities: u.RemoteIdentities,
|
RemoteIdentities: u.RemoteIdentities,
|
||||||
|
|
|
@ -15,6 +15,8 @@ func TestLoadUsers(t *testing.T) {
|
||||||
expUsers []user.UserWithRemoteIdentities
|
expUsers []user.UserWithRemoteIdentities
|
||||||
// userid -> plaintext password
|
// userid -> plaintext password
|
||||||
expPasswds map[string]string
|
expPasswds map[string]string
|
||||||
|
|
||||||
|
wantErr bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
raw: `[
|
raw: `[
|
||||||
|
@ -50,13 +52,39 @@ func TestLoadUsers(t *testing.T) {
|
||||||
"elroy-id": "bones",
|
"elroy-id": "bones",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
// using old format.
|
||||||
|
raw: `[
|
||||||
|
{
|
||||||
|
"user": {
|
||||||
|
"id": "elroy-id",
|
||||||
|
"email": "elroy77@example.com",
|
||||||
|
"displayName": "Elroy Jonez",
|
||||||
|
"password": "bones"
|
||||||
|
},
|
||||||
|
"remoteIdentities": [
|
||||||
|
{
|
||||||
|
"connectorId": "local",
|
||||||
|
"id": "elroy-id"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]`,
|
||||||
|
wantErr: true,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for i, tt := range tests {
|
for i, tt := range tests {
|
||||||
users, pwInfos, err := loadUsersFromReader(strings.NewReader(tt.raw))
|
users, pwInfos, err := loadUsersFromReader(strings.NewReader(tt.raw))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("case %d: failed to load user: %v", i, err)
|
if !tt.wantErr {
|
||||||
return
|
t.Errorf("case %d: failed to load user: %v", i, err)
|
||||||
|
}
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if tt.wantErr {
|
||||||
|
t.Errorf("case %d: wanted parsing error, didn't get one", i)
|
||||||
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if diff := pretty.Compare(tt.expUsers, users); diff != "" {
|
if diff := pretty.Compare(tt.expUsers, users); diff != "" {
|
||||||
|
|
Loading…
Reference in a new issue