mystiq/dex
Archived
4
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

server,cmd: Add flag for disabling registation

Browse source 
For situations where admins add users.
This commit is contained in:
Bobby Rullo 2015-09-30 16:35:58 -07:00
parent ac78c8f4ab
commit bf9517fdaa
7 changed files with 45 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
cmd/dex-worker/main.go
View file

@ -44,6 +44,8 @@ func main() {
emailFrom := fs.String("email-from", "no-reply@coreos.com", "emails sent from dex will come from this address") emailFrom := fs.String("email-from", "no-reply@coreos.com", "emails sent from dex will come from this address")
emailConfig := fs.String("email-cfg", "./static/fixtures/emailer.json", "configures emailer.") emailConfig := fs.String("email-cfg", "./static/fixtures/emailer.json", "configures emailer.")
enableRegistration := fs.Bool("enable-registration", true, "Allows users to self-register")
noDB := fs.Bool("no-db", false, "manage entities in-process w/o any encryption, used only for single-node testing") noDB := fs.Bool("no-db", false, "manage entities in-process w/o any encryption, used only for single-node testing")
// UI-related: // UI-related:
@ -113,13 +115,14 @@ func main() {
} }
scfg := server.ServerConfig{ scfg := server.ServerConfig{
IssuerURL: *issuer, IssuerURL: *issuer,
TemplateDir: *templates, TemplateDir: *templates,
EmailTemplateDirs: emailTemplateDirs, EmailTemplateDirs: emailTemplateDirs,
EmailFromAddress: *emailFrom, EmailFromAddress: *emailFrom,
EmailerConfigFile: *emailConfig, EmailerConfigFile: *emailConfig,
IssuerName: *issuerName, IssuerName: *issuerName,
IssuerLogoURL: *issuerLogoURL, IssuerLogoURL: *issuerLogoURL,
EnableRegistration: *enableRegistration,
} }
if *noDB { if *noDB {

27
server/config.go
View file

@ -25,14 +25,15 @@ import (
) )
type ServerConfig struct { type ServerConfig struct {
IssuerURL string IssuerURL string
IssuerName string IssuerName string
IssuerLogoURL string IssuerLogoURL string
TemplateDir string TemplateDir string
EmailTemplateDirs []string EmailTemplateDirs []string
EmailFromAddress string EmailFromAddress string
EmailerConfigFile string EmailerConfigFile string
StateConfig StateConfigurer StateConfig StateConfigurer
EnableRegistration bool
} }
type StateConfigurer interface { type StateConfigurer interface {
@ -56,7 +57,7 @@ func (cfg *ServerConfig) Server() (*Server, error) {
return nil, err return nil, err
} }
tpl, err := getTemplates(cfg.IssuerName, cfg.IssuerLogoURL, cfg.TemplateDir) tpl, err := getTemplates(cfg.IssuerName, cfg.IssuerLogoURL, cfg.EnableRegistration, cfg.TemplateDir)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -69,6 +70,8 @@ func (cfg *ServerConfig) Server() (*Server, error) {
HealthChecks: []health.Checkable{km}, HealthChecks: []health.Checkable{km},
Connectors: []connector.Connector{}, Connectors: []connector.Connector{},
EnableRegistration: cfg.EnableRegistration,
} }
err = cfg.StateConfig.Configure(&srv) err = cfg.StateConfig.Configure(&srv)
@ -183,7 +186,8 @@ func (cfg *MultiServerConfig) Configure(srv *Server) error {
return nil return nil
} }
func getTemplates(issuerName, issuerLogoURL string, dir string) (*template.Template, error) { func getTemplates(issuerName,
issuerLogoURL string, enableRegister bool, dir string) (*template.Template, error) {
tpl := template.New("").Funcs(map[string]interface{}{ tpl := template.New("").Funcs(map[string]interface{}{
"issuerName": func() string { "issuerName": func() string {
return issuerName return issuerName
@ -191,6 +195,9 @@ func getTemplates(issuerName, issuerLogoURL string, dir string) (*template.Templ
"issuerLogoURL": func() string { "issuerLogoURL": func() string {
return issuerLogoURL return issuerLogoURL
}, },
"enableRegister": func() bool {
return enableRegister
},
}) })
return tpl.ParseGlob(dir + "/*.html") return tpl.ParseGlob(dir + "/*.html")

4
server/http.go
View file

@ -254,7 +254,7 @@ func renderLoginPage(w http.ResponseWriter, r *http.Request, srv OIDCServer, idp
execTemplate(w, tpl, td) execTemplate(w, tpl, td)
} }
func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.Template) http.HandlerFunc { func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.Template, registrationEnabled bool) http.HandlerFunc {
idx := makeConnectorMap(idpcs) idx := makeConnectorMap(idpcs)
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
if r.Method != "GET" { if r.Method != "GET" {
@ -264,7 +264,7 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
} }
q := r.URL.Query() q := r.URL.Query()
register := q.Get("register") == "1" register := q.Get("register") == "1" && registrationEnabled
e := q.Get("error") e := q.Get("error")
if e != "" { if e != "" {
sessionKey := q.Get("state") sessionKey := q.Get("state")

6
server/http_test.go
View file

@ -51,7 +51,7 @@ func (c *fakeConnector) TrustedEmailProvider() bool {
func TestHandleAuthFuncMethodNotAllowed(t *testing.T) { func TestHandleAuthFuncMethodNotAllowed(t *testing.T) {
for _, m := range []string{"POST", "PUT", "DELETE"} { for _, m := range []string{"POST", "PUT", "DELETE"} {
hdlr := handleAuthFunc(nil, nil, nil) hdlr := handleAuthFunc(nil, nil, nil, true)
req, err := http.NewRequest(m, "http://example.com", nil) req, err := http.NewRequest(m, "http://example.com", nil)
if err != nil { if err != nil {
t.Errorf("case %s: unable to create HTTP request: %v", m, err) t.Errorf("case %s: unable to create HTTP request: %v", m, err)
@ -170,7 +170,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
} }
for i, tt := range tests { for i, tt := range tests {
hdlr := handleAuthFunc(srv, idpcs, nil) hdlr := handleAuthFunc(srv, idpcs, nil, true)
w := httptest.NewRecorder() w := httptest.NewRecorder()
u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode()) u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode())
req, err := http.NewRequest("GET", u, nil) req, err := http.NewRequest("GET", u, nil)
@ -271,7 +271,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
} }
for i, tt := range tests { for i, tt := range tests {
hdlr := handleAuthFunc(srv, idpcs, nil) hdlr := handleAuthFunc(srv, idpcs, nil, true)
w := httptest.NewRecorder() w := httptest.NewRecorder()
u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode()) u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode())
req, err := http.NewRequest("GET", u, nil) req, err := http.NewRequest("GET", u, nil)

9
server/server.go
View file

@ -72,6 +72,7 @@ type Server struct {
PasswordInfoRepo user.PasswordInfoRepo PasswordInfoRepo user.PasswordInfoRepo
RefreshTokenRepo refresh.RefreshTokenRepo RefreshTokenRepo refresh.RefreshTokenRepo
UserEmailer *useremail.UserEmailer UserEmailer *useremail.UserEmailer
EnableRegistration bool
localConnectorID string localConnectorID string
} }
@ -198,11 +199,15 @@ func (s *Server) HTTPHandler() http.Handler {
clock := clockwork.NewRealClock() clock := clockwork.NewRealClock()
mux := http.NewServeMux() mux := http.NewServeMux()
mux.HandleFunc(httpPathDiscovery, handleDiscoveryFunc(s.ProviderConfig())) mux.HandleFunc(httpPathDiscovery, handleDiscoveryFunc(s.ProviderConfig()))
mux.HandleFunc(httpPathAuth, handleAuthFunc(s, s.Connectors, s.LoginTemplate)) mux.HandleFunc(httpPathAuth, handleAuthFunc(s, s.Connectors, s.LoginTemplate, s.EnableRegistration))
mux.HandleFunc(httpPathToken, handleTokenFunc(s)) mux.HandleFunc(httpPathToken, handleTokenFunc(s))
mux.HandleFunc(httpPathKeys, handleKeysFunc(s.KeyManager, clock)) mux.HandleFunc(httpPathKeys, handleKeysFunc(s.KeyManager, clock))
mux.Handle(httpPathHealth, makeHealthHandler(checks)) mux.Handle(httpPathHealth, makeHealthHandler(checks))
mux.HandleFunc(httpPathRegister, handleRegisterFunc(s))
if s.EnableRegistration {
mux.HandleFunc(httpPathRegister, handleRegisterFunc(s))
}
mux.HandleFunc(httpPathEmailVerify, handleEmailVerifyFunc(s.VerifyEmailTemplate, mux.HandleFunc(httpPathEmailVerify, handleEmailVerifyFunc(s.VerifyEmailTemplate,
s.IssuerURL, s.KeyManager.PublicKeys, s.UserManager)) s.IssuerURL, s.KeyManager.PublicKeys, s.UserManager))

3
server/testutil.go
View file

@ -126,7 +126,8 @@ func makeTestFixtures() (*testFixtures, error) {
return nil, err return nil, err
} }
tpl, err := getTemplates("dex", "https://coreos.com/assets/images/brand/coreos-mark-30px.png", templatesLocation) tpl, err := getTemplates("dex", "https://coreos.com/assets/images/brand/coreos-mark-30px.png",
true, templatesLocation)
if err != nil { if err != nil {
return nil, err return nil, err
} }

6
static/html/login.html
View file

@ -68,9 +68,11 @@
{{ if not .Error }} {{ if not .Error }}
<div class="footer subtle-text"> <div class="footer subtle-text">
{{ if .Register }} {{ if .Register }}
Already have an account? <a href="{{ .RegisterOrLoginURL }}">Log in</a> Already have an account? <a href="{{ .RegisterOrLoginURL }}">Log in</a>
{{ else }} {{ else }}
Don't have an account yet? <a href="{{ .RegisterOrLoginURL }}">Register</a> {{ if enableRegister }}
Don't have an account yet? <a href="{{ .RegisterOrLoginURL }}">Register</a>
{{ end }}
{{ end }} {{ end }}
</div> </div>
{{ end }} {{ end }}