diff --git a/client/client.go b/client/client.go index e8d8b194..20531603 100644 --- a/client/client.go +++ b/client/client.go @@ -33,7 +33,7 @@ type ClientIdentityRepo interface { // New registers a ClientIdentity with the repo for the given metadata. // An unused ID must be provided. A corresponding secret will be returned // in a ClientCredentials struct along with the provided ID. - New(id string, meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) + New(id string, meta oidc.ClientMetadata, admin bool) (*oidc.ClientCredentials, error) SetDexAdmin(clientID string, isAdmin bool) error diff --git a/cmd/dexctl/driver_db.go b/cmd/dexctl/driver_db.go index 7f61092a..fe918aa1 100644 --- a/cmd/dexctl/driver_db.go +++ b/cmd/dexctl/driver_db.go @@ -36,7 +36,7 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials, return nil, err } - return d.ciRepo.New(clientID, meta) + return d.ciRepo.New(clientID, meta, false) } func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) { diff --git a/db/client.go b/db/client.go index 6754368a..62187034 100644 --- a/db/client.go +++ b/db/client.go @@ -234,7 +234,7 @@ func isAlreadyExistsErr(err error) bool { return false } -func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) { +func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata, admin bool) (*oidc.ClientCredentials, error) { secret, err := pcrypto.RandBytes(maxSecretLength) if err != nil { return nil, err @@ -244,6 +244,7 @@ func (r *clientIdentityRepo) New(id string, meta oidc.ClientMetadata) (*oidc.Cli if err != nil { return nil, err } + cim.DexAdmin = admin if err := r.executor(nil).Insert(cim); err != nil { if isAlreadyExistsErr(err) { diff --git a/functional/db_test.go b/functional/db_test.go index 29a7ae7c..97efdfe5 100644 --- a/functional/db_test.go +++ b/functional/db_test.go @@ -191,7 +191,7 @@ func TestDBClientIdentityRepoMetadata(t *testing.T) { }, } - _, err := r.New("foo", cm) + _, err := r.New("foo", cm, false) if err != nil { t.Fatalf(err.Error()) } @@ -227,7 +227,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) { }, } - if _, err := r.New("foo", meta1); err != nil { + if _, err := r.New("foo", meta1, false); err != nil { t.Fatalf("unexpected error: %v", err) } @@ -237,7 +237,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) { }, } - if _, err := r.New("foo", meta2); err == nil { + if _, err := r.New("foo", meta2, false); err == nil { t.Fatalf("expected non-nil error") } } @@ -251,7 +251,7 @@ func TestDBClientIdentityRepoAuthenticate(t *testing.T) { }, } - cc, err := r.New("baz", cm) + cc, err := r.New("baz", cm, false) if err != nil { t.Fatalf(err.Error()) } @@ -299,7 +299,7 @@ func TestDBClientIdentityAll(t *testing.T) { }, } - _, err := r.New("foo", cm) + _, err := r.New("foo", cm, false) if err != nil { t.Fatalf(err.Error()) } @@ -322,7 +322,7 @@ func TestDBClientIdentityAll(t *testing.T) { url.URL{Scheme: "http", Host: "foo.com", Path: "/cb"}, }, } - _, err = r.New("bar", cm) + _, err = r.New("bar", cm, false) if err != nil { t.Fatalf(err.Error()) } diff --git a/server/client_registration.go b/server/client_registration.go index f53cc90d..13dacbeb 100644 --- a/server/client_registration.go +++ b/server/client_registration.go @@ -43,7 +43,7 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata") } - creds, err := s.ClientIdentityRepo.New(id, clientMetadata) + creds, err := s.ClientIdentityRepo.New(id, clientMetadata, false) if err != nil { log.Errorf("Failed to create new client identity: %v", err) return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata") diff --git a/server/client_resource.go b/server/client_resource.go index 45f7027b..c5134779 100644 --- a/server/client_resource.go +++ b/server/client_resource.go @@ -96,7 +96,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) { return } - creds, err := c.repo.New(clientID, ci.Metadata) + creds, err := c.repo.New(clientID, ci.Metadata, false) if err != nil { log.Errorf("Failed creating client: %v", err) writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to create client"))