client: load full clients w/ LoadableClient

The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.

To that end, LoadableClient contains the full representation of a client
and associated entities.
This commit is contained in:
Bobby Rullo 2016-06-08 11:31:50 -07:00
parent a9d854e144
commit ca18efb1fe
14 changed files with 165 additions and 85 deletions

View file

@ -94,16 +94,24 @@ func ValidRedirectURL(rURL *url.URL, redirectURLs []url.URL) (url.URL, error) {
return url.URL{}, ErrorInvalidRedirectURL return url.URL{}, ErrorInvalidRedirectURL
} }
func ClientsFromReader(r io.Reader) ([]Client, error) { // LoadableClient contains sufficient information for creating a Client and its related entities.
type LoadableClient struct {
Client Client
TrustedPeers []string
}
func ClientsFromReader(r io.Reader) ([]LoadableClient, error) {
var c []struct { var c []struct {
ID string `json:"id"` ID string `json:"id"`
Secret string `json:"secret"` Secret string `json:"secret"`
RedirectURLs []string `json:"redirectURLs"` RedirectURLs []string `json:"redirectURLs"`
Admin bool `json:"admin"`
TrustedPeers []string `json:"trustedPeers"`
} }
if err := json.NewDecoder(r).Decode(&c); err != nil { if err := json.NewDecoder(r).Decode(&c); err != nil {
return nil, err return nil, err
} }
clients := make([]Client, len(c)) clients := make([]LoadableClient, len(c))
for i, client := range c { for i, client := range c {
if client.ID == "" { if client.ID == "" {
return nil, errors.New("clients must have an ID") return nil, errors.New("clients must have an ID")
@ -120,14 +128,18 @@ func ClientsFromReader(r io.Reader) ([]Client, error) {
redirectURIs[j] = *uri redirectURIs[j] = *uri
} }
clients[i] = Client{ clients[i] = LoadableClient{
Credentials: oidc.ClientCredentials{ Client: Client{
ID: client.ID, Credentials: oidc.ClientCredentials{
Secret: client.Secret, ID: client.ID,
}, Secret: client.Secret,
Metadata: oidc.ClientMetadata{ },
RedirectURIs: redirectURIs, Metadata: oidc.ClientMetadata{
RedirectURIs: redirectURIs,
},
Admin: client.Admin,
}, },
TrustedPeers: client.TrustedPeers,
} }
} }
return clients, nil return clients, nil

View file

@ -13,11 +13,13 @@ import (
var ( var (
goodSecret1 = base64.URLEncoding.EncodeToString([]byte("my_secret")) goodSecret1 = base64.URLEncoding.EncodeToString([]byte("my_secret"))
goodSecret2 = base64.URLEncoding.EncodeToString([]byte("my_other_secret")) goodSecret2 = base64.URLEncoding.EncodeToString([]byte("my_other_secret"))
goodSecret3 = base64.URLEncoding.EncodeToString([]byte("yet_another_secret"))
goodClient1 = `{ goodClient1 = `{
"id": "my_id", "id": "my_id",
"secret": "` + goodSecret1 + `", "secret": "` + goodSecret1 + `",
"redirectURLs": ["https://client.example.com"] "redirectURLs": ["https://client.example.com"],
"admin": true
}` }`
goodClient2 = `{ goodClient2 = `{
@ -26,6 +28,13 @@ var (
"redirectURLs": ["https://client2.example.com","https://client2_a.example.com"] "redirectURLs": ["https://client2.example.com","https://client2_a.example.com"]
}` }`
goodClient3 = `{
"id": "yet_another_id",
"secret": "` + goodSecret3 + `",
"redirectURLs": ["https://client3.example.com","https://client3_a.example.com"],
"trustedPeers":["goodClient1", "goodClient2"]
}`
badURLClient = `{ badURLClient = `{
"id": "my_id", "id": "my_id",
"secret": "` + goodSecret1 + `", "secret": "` + goodSecret1 + `",
@ -51,57 +60,85 @@ var (
func TestClientsFromReader(t *testing.T) { func TestClientsFromReader(t *testing.T) {
tests := []struct { tests := []struct {
json string json string
want []Client want []LoadableClient
wantErr bool wantErr bool
}{ }{
{ {
json: "[]", json: "[]",
want: []Client{}, want: []LoadableClient{},
}, },
{ {
json: "[" + goodClient1 + "]", json: "[" + goodClient1 + "]",
want: []Client{ want: []LoadableClient{
{ {
Credentials: oidc.ClientCredentials{ Client: Client{
ID: "my_id", Credentials: oidc.ClientCredentials{
Secret: goodSecret1, ID: "my_id",
}, Secret: goodSecret1,
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
mustParseURL(t, "https://client.example.com"),
}, },
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
mustParseURL(t, "https://client.example.com"),
},
},
Admin: true,
}, },
}, },
}, },
}, },
{ {
json: "[" + strings.Join([]string{goodClient1, goodClient2}, ",") + "]", json: "[" + strings.Join([]string{goodClient1, goodClient2}, ",") + "]",
want: []Client{ want: []LoadableClient{
{ {
Credentials: oidc.ClientCredentials{ Client: Client{
ID: "my_id", Credentials: oidc.ClientCredentials{
Secret: goodSecret1, ID: "my_id",
}, Secret: goodSecret1,
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
mustParseURL(t, "https://client.example.com"),
}, },
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
mustParseURL(t, "https://client.example.com"),
},
},
Admin: true,
}, },
}, },
{ {
Credentials: oidc.ClientCredentials{ Client: Client{
ID: "my_other_id", Credentials: oidc.ClientCredentials{
Secret: goodSecret2, ID: "my_other_id",
}, Secret: goodSecret2,
Metadata: oidc.ClientMetadata{ },
RedirectURIs: []url.URL{ Metadata: oidc.ClientMetadata{
mustParseURL(t, "https://client2.example.com"), RedirectURIs: []url.URL{
mustParseURL(t, "https://client2_a.example.com"), mustParseURL(t, "https://client2.example.com"),
mustParseURL(t, "https://client2_a.example.com"),
},
}, },
}, },
}, },
}, },
}, },
{
json: "[" + goodClient3 + "]",
want: []LoadableClient{
{
Client: Client{
Credentials: oidc.ClientCredentials{
ID: "yet_another_id",
Secret: goodSecret3,
},
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
mustParseURL(t, "https://client3.example.com"),
mustParseURL(t, "https://client3_a.example.com"),
},
},
},
TrustedPeers: []string{"goodClient1", "goodClient2"},
},
},
},
{ {
json: "[" + badURLClient + "]", json: "[" + badURLClient + "]",
wantErr: true, wantErr: true,

View file

@ -24,18 +24,20 @@ func makeTestFixtures() *testFixtures {
f := &testFixtures{} f := &testFixtures{}
dbMap := db.NewMemDB() dbMap := db.NewMemDB()
clients := []client.Client{ clients := []client.LoadableClient{
{ {
Credentials: oidc.ClientCredentials{ Client: client.Client{
ID: "client.example.com", Credentials: oidc.ClientCredentials{
Secret: goodSecret, ID: "client.example.com",
}, Secret: goodSecret,
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
{Scheme: "http", Host: "client.example.com", Path: "/"},
}, },
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
{Scheme: "http", Host: "client.example.com", Path: "/"},
},
},
Admin: true,
}, },
Admin: true,
}, },
} }
clientIDGenerator := func(hostport string) (string, error) { clientIDGenerator := func(hostport string) (string, error) {

View file

@ -212,14 +212,23 @@ func (r *clientRepo) All(tx repo.Transaction) ([]client.Client, error) {
return cs, nil return cs, nil
} }
func NewClientRepoFromClients(dbm *gorp.DbMap, cs []client.Client) (client.ClientRepo, error) { func NewClientRepoFromClients(dbm *gorp.DbMap, cs []client.LoadableClient) (client.ClientRepo, error) {
repo := NewClientRepo(dbm).(*clientRepo) repo := NewClientRepo(dbm).(*clientRepo)
for _, c := range cs { for _, c := range cs {
cm, err := newClientModel(c) cm, err := newClientModel(c.Client)
if err != nil { if err != nil {
return nil, err return nil, err
} }
err = repo.executor(nil).Insert(cm) err = repo.executor(nil).Insert(cm)
if err != nil {
return nil, err
}
err = repo.SetTrustedPeers(nil, c.Client.Credentials.ID, c.TrustedPeers)
if err != nil {
return nil, err
}
} }
return repo, nil return repo, nil
} }

View file

@ -27,14 +27,15 @@ func TestClientSample(t *testing.T) {
} }
memDB := db.NewMemDB() memDB := db.NewMemDB()
repo := db.NewClientRepo(memDB) repo, err := db.NewClientRepoFromClients(memDB, clients)
for _, c := range clients { if err != nil {
repo.New(nil, c) t.Fatalf("Error creating Clients: %v", err)
} }
mgr := manager.NewClientManager(repo, db.TransactionFactory(memDB), manager.ManagerOptions{}) mgr := manager.NewClientManager(repo, db.TransactionFactory(memDB), manager.ManagerOptions{})
for i, c := range clients { for i, c := range clients {
ok, err := mgr.Authenticate(c.Credentials) ok, err := mgr.Authenticate(c.Client.Credentials)
if !ok { if !ok {
t.Errorf("case %d: couldn't authenticate", i) t.Errorf("case %d: couldn't authenticate", i)
} }

View file

@ -25,7 +25,7 @@ func TestClientCreate(t *testing.T) {
}, },
}, },
} }
cis := []client.Client{ci} cis := []client.LoadableClient{{Client: ci}}
srv, err := mockServer(cis) srv, err := mockServer(cis)
if err != nil { if err != nil {

View file

@ -82,7 +82,7 @@ func makeUserObjects(users []user.UserWithRemoteIdentities, passwords []user.Pas
return dbMap, ur, pwr, um return dbMap, ur, pwr, um
} }
func makeClientRepoAndManager(dbMap *gorp.DbMap, clients []client.Client) (client.ClientRepo, *clientmanager.ClientManager, error) { func makeClientRepoAndManager(dbMap *gorp.DbMap, clients []client.LoadableClient) (client.ClientRepo, *clientmanager.ClientManager, error) {
clientIDGenerator := func(hostport string) (string, error) { clientIDGenerator := func(hostport string) (string, error) {
return hostport, nil return hostport, nil
} }

View file

@ -24,7 +24,7 @@ import (
"github.com/coreos/dex/user" "github.com/coreos/dex/user"
) )
func mockServer(cis []client.Client) (*server.Server, error) { func mockServer(cis []client.LoadableClient) (*server.Server, error) {
dbMap := db.NewMemDB() dbMap := db.NewMemDB()
k, err := key.GeneratePrivateKey() k, err := key.GeneratePrivateKey()
if err != nil { if err != nil {
@ -144,7 +144,10 @@ func TestHTTPExchangeTokenRefreshToken(t *testing.T) {
} }
dbMap := db.NewMemDB() dbMap := db.NewMemDB()
clientRepo, clientManager, err := makeClientRepoAndManager(dbMap, []client.Client{ci}) clientRepo, clientManager, err := makeClientRepoAndManager(dbMap,
[]client.LoadableClient{{
Client: ci,
}})
if err != nil { if err != nil {
t.Fatalf("Failed to create client identity manager: " + err.Error()) t.Fatalf("Failed to create client identity manager: " + err.Error())
} }
@ -300,7 +303,7 @@ func TestHTTPClientCredsToken(t *testing.T) {
}, },
}, },
} }
cis := []client.Client{ci} cis := []client.LoadableClient{{Client: ci}}
srv, err := mockServer(cis) srv, err := mockServer(cis)
if err != nil { if err != nil {

View file

@ -101,26 +101,30 @@ func makeUserAPITestFixtures() *userAPITestFixtures {
f := &userAPITestFixtures{} f := &userAPITestFixtures{}
dbMap, _, _, um := makeUserObjects(userUsers, userPasswords) dbMap, _, _, um := makeUserObjects(userUsers, userPasswords)
clients := []client.Client{ clients := []client.LoadableClient{
client.Client{ {
Credentials: oidc.ClientCredentials{ Client: client.Client{
ID: testClientID, Credentials: oidc.ClientCredentials{
Secret: testClientSecret, ID: testClientID,
}, Secret: testClientSecret,
Metadata: oidc.ClientMetadata{ },
RedirectURIs: []url.URL{ Metadata: oidc.ClientMetadata{
testRedirectURL, RedirectURIs: []url.URL{
testRedirectURL,
},
}, },
}, },
}, },
client.Client{ {
Credentials: oidc.ClientCredentials{ Client: client.Client{
ID: userBadClientID, Credentials: oidc.ClientCredentials{
Secret: base64.URLEncoding.EncodeToString([]byte("secret")), ID: userBadClientID,
}, Secret: base64.URLEncoding.EncodeToString([]byte("secret")),
Metadata: oidc.ClientMetadata{ },
RedirectURIs: []url.URL{ Metadata: oidc.ClientMetadata{
testBadRedirectURL, RedirectURIs: []url.URL{
testBadRedirectURL,
},
}, },
}, },
}, },

View file

@ -245,7 +245,7 @@ func TestList(t *testing.T) {
for i, tt := range tests { for i, tt := range tests {
f, err := makeTestFixturesWithOptions(testFixtureOptions{ f, err := makeTestFixturesWithOptions(testFixtureOptions{
clients: tt.cs, clients: clientsToLoadableClients(tt.cs),
}) })
if err != nil { if err != nil {
t.Fatalf("error making test fixtures: %v", err) t.Fatalf("error making test fixtures: %v", err)

View file

@ -222,7 +222,7 @@ func loadUsersFromReader(r io.Reader) (users []user.UserWithRemoteIdentities, pw
} }
// loadClients parses the clients.json file and returns a list of clients. // loadClients parses the clients.json file and returns a list of clients.
func loadClients(filepath string) ([]client.Client, error) { func loadClients(filepath string) ([]client.LoadableClient, error) {
f, err := os.Open(filepath) f, err := os.Open(filepath)
if err != nil { if err != nil {
return nil, err return nil, err

View file

@ -223,7 +223,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
}, },
} }
f, err := makeTestFixturesWithOptions(testFixtureOptions{ f, err := makeTestFixturesWithOptions(testFixtureOptions{
clients: clients, clients: clientsToLoadableClients(clients),
}) })
if err != nil { if err != nil {
t.Fatalf("error making test fixtures: %v", err) t.Fatalf("error making test fixtures: %v", err)

View file

@ -103,7 +103,7 @@ type testFixtures struct {
} }
type testFixtureOptions struct { type testFixtureOptions struct {
clients []client.Client clients []client.LoadableClient
} }
func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc { func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
@ -167,14 +167,16 @@ func makeTestFixturesWithOptions(options testFixtureOptions) (*testFixtures, err
return nil, err return nil, err
} }
var clients []client.Client var clients []client.LoadableClient
if options.clients == nil { if options.clients == nil {
clients = []client.Client{ clients = []client.LoadableClient{
client.Client{ {
Credentials: testClientCredentials, Client: client.Client{
Metadata: oidc.ClientMetadata{ Credentials: testClientCredentials,
RedirectURIs: []url.URL{ Metadata: oidc.ClientMetadata{
testRedirectURL, RedirectURIs: []url.URL{
testRedirectURL,
},
}, },
}, },
}, },
@ -258,3 +260,13 @@ func makeTestFixturesWithOptions(options testFixtureOptions) (*testFixtures, err
}, },
}, nil }, nil
} }
func clientsToLoadableClients(cs []client.Client) []client.LoadableClient {
lcs := make([]client.LoadableClient, len(cs), len(cs))
for i, c := range cs {
lcs[i] = client.LoadableClient{
Client: c,
}
}
return lcs
}

View file

@ -176,7 +176,7 @@ func makeTestFixtures() (*UsersAPI, *testEmailer) {
secGen := func() ([]byte, error) { secGen := func() ([]byte, error) {
return []byte("secret"), nil return []byte("secret"), nil
} }
clientRepo, err := db.NewClientRepoFromClients(dbMap, []client.Client{ci}) clientRepo, err := db.NewClientRepoFromClients(dbMap, []client.LoadableClient{{Client: ci}})
if err != nil { if err != nil {
panic("Failed to create client manager: " + err.Error()) panic("Failed to create client manager: " + err.Error())
} }