forked from mystiq/dex
return 409 for duplicate client ids
This commit is contained in:
parent
c0eb36c14b
commit
f899cbaea8
5 changed files with 38 additions and 3 deletions
|
@ -79,6 +79,7 @@ var (
|
|||
client.ErrorPublicClientMissingName: errorMaker("bad_request", "Public clients require a ClientName", http.StatusBadRequest),
|
||||
|
||||
client.ErrorInvalidClientSecret: errorMaker("bad_request", "Secret must be a base64 encoded string", http.StatusBadRequest),
|
||||
client.ErrorDuplicateClientID: errorMaker("bad_request", "Client ID already exists.", http.StatusConflict),
|
||||
|
||||
user.ErrorNotFound: errorMaker("resource_not_found", "Resource could not be found.", http.StatusNotFound),
|
||||
user.ErrorDuplicateEmail: errorMaker("bad_request", "Email already in use.", http.StatusConflict),
|
||||
|
|
|
@ -20,6 +20,8 @@ var (
|
|||
|
||||
ErrorInvalidClientSecret = errors.New("not a valid client Secret")
|
||||
|
||||
ErrorDuplicateClientID = errors.New("client ID already exists")
|
||||
|
||||
ErrorInvalidRedirectURL = errors.New("not a valid redirect url for the given client")
|
||||
ErrorCantChooseRedirectURL = errors.New("must provide a redirect url; client has many")
|
||||
ErrorNoValidRedirectURLs = errors.New("no valid redirect URLs for this client.")
|
||||
|
|
|
@ -196,7 +196,7 @@ func (r *clientRepo) New(tx repo.Transaction, cli client.Client) (*oidc.ClientCr
|
|||
|
||||
if err := r.executor(tx).Insert(cim); err != nil {
|
||||
if isAlreadyExistsErr(err) {
|
||||
err = errors.New("client ID already exists")
|
||||
return nil, client.ErrorDuplicateClientID
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ import "github.com/mattn/go-sqlite3"
|
|||
|
||||
func init() {
|
||||
registerAlreadyExistsChecker(func(err error) bool {
|
||||
sqlErr, ok := err.(*sqlite3.Error)
|
||||
sqlErr, ok := err.(sqlite3.Error)
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
|
|
|
@ -68,6 +68,22 @@ var (
|
|||
Password: []byte("hi."),
|
||||
},
|
||||
}
|
||||
|
||||
clients = []client.Client{
|
||||
{
|
||||
Credentials: oidc.ClientCredentials{
|
||||
ID: "client-1",
|
||||
Secret: "Zm9vYmFy", // "foobar"
|
||||
},
|
||||
Metadata: oidc.ClientMetadata{
|
||||
RedirectURIs: []url.URL{
|
||||
url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
|
||||
url.URL{Scheme: "https", Host: "example.com", Path: "/callback"},
|
||||
},
|
||||
},
|
||||
Admin: true,
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
type adminAPITransport struct {
|
||||
|
@ -94,6 +110,12 @@ func makeAdminAPITestFixtures() *adminAPITestFixtures {
|
|||
clientIDGenerator := func(hostport string) (string, error) {
|
||||
return fmt.Sprintf("client_%v", hostport), nil
|
||||
}
|
||||
for _, client := range clients {
|
||||
_, err := cr.New(nil, client)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
}
|
||||
cm := manager.NewClientManager(cr, db.TransactionFactory(dbMap), manager.ManagerOptions{SecretGenerator: secGen, ClientIDGenerator: clientIDGenerator})
|
||||
ccr := db.NewConnectorConfigRepo(dbMap)
|
||||
|
||||
|
@ -563,6 +585,16 @@ func TestCreateClient(t *testing.T) {
|
|||
Client: &adminClientBadSecret,
|
||||
},
|
||||
wantError: http.StatusBadRequest,
|
||||
}, {
|
||||
// Client ID already exists
|
||||
req: adminschema.ClientCreateRequest{
|
||||
Client: &adminschema.Client{
|
||||
Id: "client-1",
|
||||
Secret: "Zm9vYmFy",
|
||||
RedirectURIs: []string{"https://auth.example.com/"},
|
||||
},
|
||||
},
|
||||
wantError: http.StatusConflict,
|
||||
},
|
||||
}
|
||||
|
||||
|
@ -597,7 +629,7 @@ func TestCreateClient(t *testing.T) {
|
|||
continue
|
||||
}
|
||||
if aErr.Code != tt.wantError {
|
||||
t.Errorf("case %d: want aErr.Code=%v, got %v", i, tt.wantError, aErr.Code)
|
||||
t.Errorf("case %d: want aErr.Code=%v, got %v: %v", i, tt.wantError, aErr.Code, aErr)
|
||||
continue
|
||||
}
|
||||
continue
|
||||
|
|
Loading…
Reference in a new issue