return 409 for duplicate client ids

This commit is contained in:
Eric Chiang 2016-06-28 16:09:20 -07:00
parent c0eb36c14b
commit f899cbaea8
5 changed files with 38 additions and 3 deletions

View file

@ -79,6 +79,7 @@ var (
client.ErrorPublicClientMissingName: errorMaker("bad_request", "Public clients require a ClientName", http.StatusBadRequest), client.ErrorPublicClientMissingName: errorMaker("bad_request", "Public clients require a ClientName", http.StatusBadRequest),
client.ErrorInvalidClientSecret: errorMaker("bad_request", "Secret must be a base64 encoded string", http.StatusBadRequest), client.ErrorInvalidClientSecret: errorMaker("bad_request", "Secret must be a base64 encoded string", http.StatusBadRequest),
client.ErrorDuplicateClientID: errorMaker("bad_request", "Client ID already exists.", http.StatusConflict),
user.ErrorNotFound: errorMaker("resource_not_found", "Resource could not be found.", http.StatusNotFound), user.ErrorNotFound: errorMaker("resource_not_found", "Resource could not be found.", http.StatusNotFound),
user.ErrorDuplicateEmail: errorMaker("bad_request", "Email already in use.", http.StatusConflict), user.ErrorDuplicateEmail: errorMaker("bad_request", "Email already in use.", http.StatusConflict),

View file

@ -20,6 +20,8 @@ var (
ErrorInvalidClientSecret = errors.New("not a valid client Secret") ErrorInvalidClientSecret = errors.New("not a valid client Secret")
ErrorDuplicateClientID = errors.New("client ID already exists")
ErrorInvalidRedirectURL = errors.New("not a valid redirect url for the given client") ErrorInvalidRedirectURL = errors.New("not a valid redirect url for the given client")
ErrorCantChooseRedirectURL = errors.New("must provide a redirect url; client has many") ErrorCantChooseRedirectURL = errors.New("must provide a redirect url; client has many")
ErrorNoValidRedirectURLs = errors.New("no valid redirect URLs for this client.") ErrorNoValidRedirectURLs = errors.New("no valid redirect URLs for this client.")

View file

@ -196,7 +196,7 @@ func (r *clientRepo) New(tx repo.Transaction, cli client.Client) (*oidc.ClientCr
if err := r.executor(tx).Insert(cim); err != nil { if err := r.executor(tx).Insert(cim); err != nil {
if isAlreadyExistsErr(err) { if isAlreadyExistsErr(err) {
err = errors.New("client ID already exists") return nil, client.ErrorDuplicateClientID
} }
return nil, err return nil, err
} }

View file

@ -8,7 +8,7 @@ import "github.com/mattn/go-sqlite3"
func init() { func init() {
registerAlreadyExistsChecker(func(err error) bool { registerAlreadyExistsChecker(func(err error) bool {
sqlErr, ok := err.(*sqlite3.Error) sqlErr, ok := err.(sqlite3.Error)
if !ok { if !ok {
return false return false
} }

View file

@ -68,6 +68,22 @@ var (
Password: []byte("hi."), Password: []byte("hi."),
}, },
} }
clients = []client.Client{
{
Credentials: oidc.ClientCredentials{
ID: "client-1",
Secret: "Zm9vYmFy", // "foobar"
},
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
url.URL{Scheme: "https", Host: "example.com", Path: "/callback"},
},
},
Admin: true,
},
}
) )
type adminAPITransport struct { type adminAPITransport struct {
@ -94,6 +110,12 @@ func makeAdminAPITestFixtures() *adminAPITestFixtures {
clientIDGenerator := func(hostport string) (string, error) { clientIDGenerator := func(hostport string) (string, error) {
return fmt.Sprintf("client_%v", hostport), nil return fmt.Sprintf("client_%v", hostport), nil
} }
for _, client := range clients {
_, err := cr.New(nil, client)
if err != nil {
panic(err)
}
}
cm := manager.NewClientManager(cr, db.TransactionFactory(dbMap), manager.ManagerOptions{SecretGenerator: secGen, ClientIDGenerator: clientIDGenerator}) cm := manager.NewClientManager(cr, db.TransactionFactory(dbMap), manager.ManagerOptions{SecretGenerator: secGen, ClientIDGenerator: clientIDGenerator})
ccr := db.NewConnectorConfigRepo(dbMap) ccr := db.NewConnectorConfigRepo(dbMap)
@ -563,6 +585,16 @@ func TestCreateClient(t *testing.T) {
Client: &adminClientBadSecret, Client: &adminClientBadSecret,
}, },
wantError: http.StatusBadRequest, wantError: http.StatusBadRequest,
}, {
// Client ID already exists
req: adminschema.ClientCreateRequest{
Client: &adminschema.Client{
Id: "client-1",
Secret: "Zm9vYmFy",
RedirectURIs: []string{"https://auth.example.com/"},
},
},
wantError: http.StatusConflict,
}, },
} }
@ -597,7 +629,7 @@ func TestCreateClient(t *testing.T) {
continue continue
} }
if aErr.Code != tt.wantError { if aErr.Code != tt.wantError {
t.Errorf("case %d: want aErr.Code=%v, got %v", i, tt.wantError, aErr.Code) t.Errorf("case %d: want aErr.Code=%v, got %v: %v", i, tt.wantError, aErr.Code, aErr)
continue continue
} }
continue continue