forked from mystiq/dex
client: load full clients w/ LoadableClient
The Client object on its own doesn't fully express everything about a single client, and so when loading clients from a static configuration it's not enough to just (de)serialize clients. To that end, LoadableClient contains the full representation of a client and associated entities.
This commit is contained in:
parent
a9d854e144
commit
ca18efb1fe
14 changed files with 165 additions and 85 deletions
|
@ -94,16 +94,24 @@ func ValidRedirectURL(rURL *url.URL, redirectURLs []url.URL) (url.URL, error) {
|
||||||
return url.URL{}, ErrorInvalidRedirectURL
|
return url.URL{}, ErrorInvalidRedirectURL
|
||||||
}
|
}
|
||||||
|
|
||||||
func ClientsFromReader(r io.Reader) ([]Client, error) {
|
// LoadableClient contains sufficient information for creating a Client and its related entities.
|
||||||
|
type LoadableClient struct {
|
||||||
|
Client Client
|
||||||
|
TrustedPeers []string
|
||||||
|
}
|
||||||
|
|
||||||
|
func ClientsFromReader(r io.Reader) ([]LoadableClient, error) {
|
||||||
var c []struct {
|
var c []struct {
|
||||||
ID string `json:"id"`
|
ID string `json:"id"`
|
||||||
Secret string `json:"secret"`
|
Secret string `json:"secret"`
|
||||||
RedirectURLs []string `json:"redirectURLs"`
|
RedirectURLs []string `json:"redirectURLs"`
|
||||||
|
Admin bool `json:"admin"`
|
||||||
|
TrustedPeers []string `json:"trustedPeers"`
|
||||||
}
|
}
|
||||||
if err := json.NewDecoder(r).Decode(&c); err != nil {
|
if err := json.NewDecoder(r).Decode(&c); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
clients := make([]Client, len(c))
|
clients := make([]LoadableClient, len(c))
|
||||||
for i, client := range c {
|
for i, client := range c {
|
||||||
if client.ID == "" {
|
if client.ID == "" {
|
||||||
return nil, errors.New("clients must have an ID")
|
return nil, errors.New("clients must have an ID")
|
||||||
|
@ -120,14 +128,18 @@ func ClientsFromReader(r io.Reader) ([]Client, error) {
|
||||||
redirectURIs[j] = *uri
|
redirectURIs[j] = *uri
|
||||||
}
|
}
|
||||||
|
|
||||||
clients[i] = Client{
|
clients[i] = LoadableClient{
|
||||||
Credentials: oidc.ClientCredentials{
|
Client: Client{
|
||||||
ID: client.ID,
|
Credentials: oidc.ClientCredentials{
|
||||||
Secret: client.Secret,
|
ID: client.ID,
|
||||||
},
|
Secret: client.Secret,
|
||||||
Metadata: oidc.ClientMetadata{
|
},
|
||||||
RedirectURIs: redirectURIs,
|
Metadata: oidc.ClientMetadata{
|
||||||
|
RedirectURIs: redirectURIs,
|
||||||
|
},
|
||||||
|
Admin: client.Admin,
|
||||||
},
|
},
|
||||||
|
TrustedPeers: client.TrustedPeers,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return clients, nil
|
return clients, nil
|
||||||
|
|
|
@ -13,11 +13,13 @@ import (
|
||||||
var (
|
var (
|
||||||
goodSecret1 = base64.URLEncoding.EncodeToString([]byte("my_secret"))
|
goodSecret1 = base64.URLEncoding.EncodeToString([]byte("my_secret"))
|
||||||
goodSecret2 = base64.URLEncoding.EncodeToString([]byte("my_other_secret"))
|
goodSecret2 = base64.URLEncoding.EncodeToString([]byte("my_other_secret"))
|
||||||
|
goodSecret3 = base64.URLEncoding.EncodeToString([]byte("yet_another_secret"))
|
||||||
|
|
||||||
goodClient1 = `{
|
goodClient1 = `{
|
||||||
"id": "my_id",
|
"id": "my_id",
|
||||||
"secret": "` + goodSecret1 + `",
|
"secret": "` + goodSecret1 + `",
|
||||||
"redirectURLs": ["https://client.example.com"]
|
"redirectURLs": ["https://client.example.com"],
|
||||||
|
"admin": true
|
||||||
}`
|
}`
|
||||||
|
|
||||||
goodClient2 = `{
|
goodClient2 = `{
|
||||||
|
@ -26,6 +28,13 @@ var (
|
||||||
"redirectURLs": ["https://client2.example.com","https://client2_a.example.com"]
|
"redirectURLs": ["https://client2.example.com","https://client2_a.example.com"]
|
||||||
}`
|
}`
|
||||||
|
|
||||||
|
goodClient3 = `{
|
||||||
|
"id": "yet_another_id",
|
||||||
|
"secret": "` + goodSecret3 + `",
|
||||||
|
"redirectURLs": ["https://client3.example.com","https://client3_a.example.com"],
|
||||||
|
"trustedPeers":["goodClient1", "goodClient2"]
|
||||||
|
}`
|
||||||
|
|
||||||
badURLClient = `{
|
badURLClient = `{
|
||||||
"id": "my_id",
|
"id": "my_id",
|
||||||
"secret": "` + goodSecret1 + `",
|
"secret": "` + goodSecret1 + `",
|
||||||
|
@ -51,57 +60,85 @@ var (
|
||||||
func TestClientsFromReader(t *testing.T) {
|
func TestClientsFromReader(t *testing.T) {
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
json string
|
json string
|
||||||
want []Client
|
want []LoadableClient
|
||||||
wantErr bool
|
wantErr bool
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
json: "[]",
|
json: "[]",
|
||||||
want: []Client{},
|
want: []LoadableClient{},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
json: "[" + goodClient1 + "]",
|
json: "[" + goodClient1 + "]",
|
||||||
want: []Client{
|
want: []LoadableClient{
|
||||||
{
|
{
|
||||||
Credentials: oidc.ClientCredentials{
|
Client: Client{
|
||||||
ID: "my_id",
|
Credentials: oidc.ClientCredentials{
|
||||||
Secret: goodSecret1,
|
ID: "my_id",
|
||||||
},
|
Secret: goodSecret1,
|
||||||
Metadata: oidc.ClientMetadata{
|
|
||||||
RedirectURIs: []url.URL{
|
|
||||||
mustParseURL(t, "https://client.example.com"),
|
|
||||||
},
|
},
|
||||||
|
Metadata: oidc.ClientMetadata{
|
||||||
|
RedirectURIs: []url.URL{
|
||||||
|
mustParseURL(t, "https://client.example.com"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Admin: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
json: "[" + strings.Join([]string{goodClient1, goodClient2}, ",") + "]",
|
json: "[" + strings.Join([]string{goodClient1, goodClient2}, ",") + "]",
|
||||||
want: []Client{
|
want: []LoadableClient{
|
||||||
{
|
{
|
||||||
Credentials: oidc.ClientCredentials{
|
Client: Client{
|
||||||
ID: "my_id",
|
Credentials: oidc.ClientCredentials{
|
||||||
Secret: goodSecret1,
|
ID: "my_id",
|
||||||
},
|
Secret: goodSecret1,
|
||||||
Metadata: oidc.ClientMetadata{
|
|
||||||
RedirectURIs: []url.URL{
|
|
||||||
mustParseURL(t, "https://client.example.com"),
|
|
||||||
},
|
},
|
||||||
|
Metadata: oidc.ClientMetadata{
|
||||||
|
RedirectURIs: []url.URL{
|
||||||
|
mustParseURL(t, "https://client.example.com"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Admin: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Credentials: oidc.ClientCredentials{
|
Client: Client{
|
||||||
ID: "my_other_id",
|
Credentials: oidc.ClientCredentials{
|
||||||
Secret: goodSecret2,
|
ID: "my_other_id",
|
||||||
},
|
Secret: goodSecret2,
|
||||||
Metadata: oidc.ClientMetadata{
|
},
|
||||||
RedirectURIs: []url.URL{
|
Metadata: oidc.ClientMetadata{
|
||||||
mustParseURL(t, "https://client2.example.com"),
|
RedirectURIs: []url.URL{
|
||||||
mustParseURL(t, "https://client2_a.example.com"),
|
mustParseURL(t, "https://client2.example.com"),
|
||||||
|
mustParseURL(t, "https://client2_a.example.com"),
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
json: "[" + goodClient3 + "]",
|
||||||
|
want: []LoadableClient{
|
||||||
|
{
|
||||||
|
Client: Client{
|
||||||
|
Credentials: oidc.ClientCredentials{
|
||||||
|
ID: "yet_another_id",
|
||||||
|
Secret: goodSecret3,
|
||||||
|
},
|
||||||
|
Metadata: oidc.ClientMetadata{
|
||||||
|
RedirectURIs: []url.URL{
|
||||||
|
mustParseURL(t, "https://client3.example.com"),
|
||||||
|
mustParseURL(t, "https://client3_a.example.com"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
TrustedPeers: []string{"goodClient1", "goodClient2"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
json: "[" + badURLClient + "]",
|
json: "[" + badURLClient + "]",
|
||||||
wantErr: true,
|
wantErr: true,
|
||||||
|
|
|
@ -24,18 +24,20 @@ func makeTestFixtures() *testFixtures {
|
||||||
f := &testFixtures{}
|
f := &testFixtures{}
|
||||||
|
|
||||||
dbMap := db.NewMemDB()
|
dbMap := db.NewMemDB()
|
||||||
clients := []client.Client{
|
clients := []client.LoadableClient{
|
||||||
{
|
{
|
||||||
Credentials: oidc.ClientCredentials{
|
Client: client.Client{
|
||||||
ID: "client.example.com",
|
Credentials: oidc.ClientCredentials{
|
||||||
Secret: goodSecret,
|
ID: "client.example.com",
|
||||||
},
|
Secret: goodSecret,
|
||||||
Metadata: oidc.ClientMetadata{
|
|
||||||
RedirectURIs: []url.URL{
|
|
||||||
{Scheme: "http", Host: "client.example.com", Path: "/"},
|
|
||||||
},
|
},
|
||||||
|
Metadata: oidc.ClientMetadata{
|
||||||
|
RedirectURIs: []url.URL{
|
||||||
|
{Scheme: "http", Host: "client.example.com", Path: "/"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Admin: true,
|
||||||
},
|
},
|
||||||
Admin: true,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
clientIDGenerator := func(hostport string) (string, error) {
|
clientIDGenerator := func(hostport string) (string, error) {
|
||||||
|
|
13
db/client.go
13
db/client.go
|
@ -212,14 +212,23 @@ func (r *clientRepo) All(tx repo.Transaction) ([]client.Client, error) {
|
||||||
return cs, nil
|
return cs, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewClientRepoFromClients(dbm *gorp.DbMap, cs []client.Client) (client.ClientRepo, error) {
|
func NewClientRepoFromClients(dbm *gorp.DbMap, cs []client.LoadableClient) (client.ClientRepo, error) {
|
||||||
repo := NewClientRepo(dbm).(*clientRepo)
|
repo := NewClientRepo(dbm).(*clientRepo)
|
||||||
for _, c := range cs {
|
for _, c := range cs {
|
||||||
cm, err := newClientModel(c)
|
cm, err := newClientModel(c.Client)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
err = repo.executor(nil).Insert(cm)
|
err = repo.executor(nil).Insert(cm)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
err = repo.SetTrustedPeers(nil, c.Client.Credentials.ID, c.TrustedPeers)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
return repo, nil
|
return repo, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,14 +27,15 @@ func TestClientSample(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
memDB := db.NewMemDB()
|
memDB := db.NewMemDB()
|
||||||
repo := db.NewClientRepo(memDB)
|
repo, err := db.NewClientRepoFromClients(memDB, clients)
|
||||||
for _, c := range clients {
|
if err != nil {
|
||||||
repo.New(nil, c)
|
t.Fatalf("Error creating Clients: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
mgr := manager.NewClientManager(repo, db.TransactionFactory(memDB), manager.ManagerOptions{})
|
mgr := manager.NewClientManager(repo, db.TransactionFactory(memDB), manager.ManagerOptions{})
|
||||||
|
|
||||||
for i, c := range clients {
|
for i, c := range clients {
|
||||||
ok, err := mgr.Authenticate(c.Credentials)
|
ok, err := mgr.Authenticate(c.Client.Credentials)
|
||||||
if !ok {
|
if !ok {
|
||||||
t.Errorf("case %d: couldn't authenticate", i)
|
t.Errorf("case %d: couldn't authenticate", i)
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,7 +25,7 @@ func TestClientCreate(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
cis := []client.Client{ci}
|
cis := []client.LoadableClient{{Client: ci}}
|
||||||
|
|
||||||
srv, err := mockServer(cis)
|
srv, err := mockServer(cis)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -82,7 +82,7 @@ func makeUserObjects(users []user.UserWithRemoteIdentities, passwords []user.Pas
|
||||||
return dbMap, ur, pwr, um
|
return dbMap, ur, pwr, um
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeClientRepoAndManager(dbMap *gorp.DbMap, clients []client.Client) (client.ClientRepo, *clientmanager.ClientManager, error) {
|
func makeClientRepoAndManager(dbMap *gorp.DbMap, clients []client.LoadableClient) (client.ClientRepo, *clientmanager.ClientManager, error) {
|
||||||
clientIDGenerator := func(hostport string) (string, error) {
|
clientIDGenerator := func(hostport string) (string, error) {
|
||||||
return hostport, nil
|
return hostport, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,7 @@ import (
|
||||||
"github.com/coreos/dex/user"
|
"github.com/coreos/dex/user"
|
||||||
)
|
)
|
||||||
|
|
||||||
func mockServer(cis []client.Client) (*server.Server, error) {
|
func mockServer(cis []client.LoadableClient) (*server.Server, error) {
|
||||||
dbMap := db.NewMemDB()
|
dbMap := db.NewMemDB()
|
||||||
k, err := key.GeneratePrivateKey()
|
k, err := key.GeneratePrivateKey()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -144,7 +144,10 @@ func TestHTTPExchangeTokenRefreshToken(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
dbMap := db.NewMemDB()
|
dbMap := db.NewMemDB()
|
||||||
clientRepo, clientManager, err := makeClientRepoAndManager(dbMap, []client.Client{ci})
|
clientRepo, clientManager, err := makeClientRepoAndManager(dbMap,
|
||||||
|
[]client.LoadableClient{{
|
||||||
|
Client: ci,
|
||||||
|
}})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create client identity manager: " + err.Error())
|
t.Fatalf("Failed to create client identity manager: " + err.Error())
|
||||||
}
|
}
|
||||||
|
@ -300,7 +303,7 @@ func TestHTTPClientCredsToken(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
cis := []client.Client{ci}
|
cis := []client.LoadableClient{{Client: ci}}
|
||||||
|
|
||||||
srv, err := mockServer(cis)
|
srv, err := mockServer(cis)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -101,26 +101,30 @@ func makeUserAPITestFixtures() *userAPITestFixtures {
|
||||||
f := &userAPITestFixtures{}
|
f := &userAPITestFixtures{}
|
||||||
|
|
||||||
dbMap, _, _, um := makeUserObjects(userUsers, userPasswords)
|
dbMap, _, _, um := makeUserObjects(userUsers, userPasswords)
|
||||||
clients := []client.Client{
|
clients := []client.LoadableClient{
|
||||||
client.Client{
|
{
|
||||||
Credentials: oidc.ClientCredentials{
|
Client: client.Client{
|
||||||
ID: testClientID,
|
Credentials: oidc.ClientCredentials{
|
||||||
Secret: testClientSecret,
|
ID: testClientID,
|
||||||
},
|
Secret: testClientSecret,
|
||||||
Metadata: oidc.ClientMetadata{
|
},
|
||||||
RedirectURIs: []url.URL{
|
Metadata: oidc.ClientMetadata{
|
||||||
testRedirectURL,
|
RedirectURIs: []url.URL{
|
||||||
|
testRedirectURL,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
client.Client{
|
{
|
||||||
Credentials: oidc.ClientCredentials{
|
Client: client.Client{
|
||||||
ID: userBadClientID,
|
Credentials: oidc.ClientCredentials{
|
||||||
Secret: base64.URLEncoding.EncodeToString([]byte("secret")),
|
ID: userBadClientID,
|
||||||
},
|
Secret: base64.URLEncoding.EncodeToString([]byte("secret")),
|
||||||
Metadata: oidc.ClientMetadata{
|
},
|
||||||
RedirectURIs: []url.URL{
|
Metadata: oidc.ClientMetadata{
|
||||||
testBadRedirectURL,
|
RedirectURIs: []url.URL{
|
||||||
|
testBadRedirectURL,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -245,7 +245,7 @@ func TestList(t *testing.T) {
|
||||||
|
|
||||||
for i, tt := range tests {
|
for i, tt := range tests {
|
||||||
f, err := makeTestFixturesWithOptions(testFixtureOptions{
|
f, err := makeTestFixturesWithOptions(testFixtureOptions{
|
||||||
clients: tt.cs,
|
clients: clientsToLoadableClients(tt.cs),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("error making test fixtures: %v", err)
|
t.Fatalf("error making test fixtures: %v", err)
|
||||||
|
|
|
@ -222,7 +222,7 @@ func loadUsersFromReader(r io.Reader) (users []user.UserWithRemoteIdentities, pw
|
||||||
}
|
}
|
||||||
|
|
||||||
// loadClients parses the clients.json file and returns a list of clients.
|
// loadClients parses the clients.json file and returns a list of clients.
|
||||||
func loadClients(filepath string) ([]client.Client, error) {
|
func loadClients(filepath string) ([]client.LoadableClient, error) {
|
||||||
f, err := os.Open(filepath)
|
f, err := os.Open(filepath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -223,7 +223,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
f, err := makeTestFixturesWithOptions(testFixtureOptions{
|
f, err := makeTestFixturesWithOptions(testFixtureOptions{
|
||||||
clients: clients,
|
clients: clientsToLoadableClients(clients),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("error making test fixtures: %v", err)
|
t.Fatalf("error making test fixtures: %v", err)
|
||||||
|
|
|
@ -103,7 +103,7 @@ type testFixtures struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type testFixtureOptions struct {
|
type testFixtureOptions struct {
|
||||||
clients []client.Client
|
clients []client.LoadableClient
|
||||||
}
|
}
|
||||||
|
|
||||||
func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
|
func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
|
||||||
|
@ -167,14 +167,16 @@ func makeTestFixturesWithOptions(options testFixtureOptions) (*testFixtures, err
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
var clients []client.Client
|
var clients []client.LoadableClient
|
||||||
if options.clients == nil {
|
if options.clients == nil {
|
||||||
clients = []client.Client{
|
clients = []client.LoadableClient{
|
||||||
client.Client{
|
{
|
||||||
Credentials: testClientCredentials,
|
Client: client.Client{
|
||||||
Metadata: oidc.ClientMetadata{
|
Credentials: testClientCredentials,
|
||||||
RedirectURIs: []url.URL{
|
Metadata: oidc.ClientMetadata{
|
||||||
testRedirectURL,
|
RedirectURIs: []url.URL{
|
||||||
|
testRedirectURL,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -258,3 +260,13 @@ func makeTestFixturesWithOptions(options testFixtureOptions) (*testFixtures, err
|
||||||
},
|
},
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func clientsToLoadableClients(cs []client.Client) []client.LoadableClient {
|
||||||
|
lcs := make([]client.LoadableClient, len(cs), len(cs))
|
||||||
|
for i, c := range cs {
|
||||||
|
lcs[i] = client.LoadableClient{
|
||||||
|
Client: c,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return lcs
|
||||||
|
}
|
||||||
|
|
|
@ -176,7 +176,7 @@ func makeTestFixtures() (*UsersAPI, *testEmailer) {
|
||||||
secGen := func() ([]byte, error) {
|
secGen := func() ([]byte, error) {
|
||||||
return []byte("secret"), nil
|
return []byte("secret"), nil
|
||||||
}
|
}
|
||||||
clientRepo, err := db.NewClientRepoFromClients(dbMap, []client.Client{ci})
|
clientRepo, err := db.NewClientRepoFromClients(dbMap, []client.LoadableClient{{Client: ci}})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic("Failed to create client manager: " + err.Error())
|
panic("Failed to create client manager: " + err.Error())
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue