Commit 546463ad authored by bobbyrullo's avatar bobbyrullo

Merge pull request #457 from bobbyrullo/client_manager_tweaks

Various client api tweaks
parents 9c260c76 182e8af4
......@@ -2,7 +2,6 @@ package manager
import (
"encoding/base64"
"fmt"
"errors"
......@@ -64,35 +63,6 @@ func NewClientManager(clientRepo client.ClientRepo, txnFactory repo.TransactionF
}
}
func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.TransactionFactory, clients []client.Client, options ManagerOptions) (*ClientManager, error) {
clientManager := NewClientManager(clientRepo, txnFactory, options)
tx, err := clientManager.begin()
if err != nil {
return nil, err
}
defer tx.Rollback()
for _, c := range clients {
if c.Credentials.Secret == "" {
return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
}
cli, err := clientManager.generateClientCredentials(c)
if err != nil {
return nil, err
}
_, err = clientRepo.New(tx, cli)
if err != nil {
return nil, err
}
}
if err := tx.Commit(); err != nil {
return nil, err
}
return clientManager, nil
}
func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error) {
tx, err := m.begin()
if err != nil {
......@@ -100,15 +70,15 @@ func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error)
}
defer tx.Rollback()
c, err := m.generateClientCredentials(cli)
err = m.addClientCredentials(&cli)
if err != nil {
return nil, err
}
creds := c.Credentials
creds := cli.Credentials
// Save Client
_, err = m.clientRepo.New(tx, c)
_, err = m.clientRepo.New(tx, cli)
if err != nil {
return nil, err
}
......@@ -189,25 +159,25 @@ func (m *ClientManager) Authenticate(creds oidc.ClientCredentials) (bool, error)
return ok, nil
}
func (m *ClientManager) generateClientCredentials(cli client.Client) (client.Client, error) {
func (m *ClientManager) addClientCredentials(cli *client.Client) error {
// Generate Client ID
if len(cli.Metadata.RedirectURIs) < 1 {
return cli, errors.New("no client redirect url given")
return errors.New("no client redirect url given")
}
clientID, err := m.clientIDGenerator(cli.Metadata.RedirectURIs[0].Host)
if err != nil {
return cli, err
return err
}
// Generate Secret
secret, err := m.secretGenerator()
if err != nil {
return cli, err
return err
}
clientSecret := base64.URLEncoding.EncodeToString(secret)
cli.Credentials = oidc.ClientCredentials{
ID: clientID,
Secret: clientSecret,
}
return cli, nil
return nil
}
......@@ -44,11 +44,14 @@ func makeTestFixtures() *testFixtures {
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
f.clientRepo = db.NewClientRepo(dbMap)
clientManager, err := NewClientManagerFromClients(f.clientRepo, db.TransactionFactory(dbMap), clients, ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
var err error
f.clientRepo, err = db.NewClientRepoFromClients(dbMap, clients)
if err != nil {
panic("Failed to create client manager: " + err.Error())
}
clientManager := NewClientManager(f.clientRepo, db.TransactionFactory(dbMap), ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
f.mgr = clientManager
return f
}
......
......@@ -199,6 +199,18 @@ func (r *clientRepo) All(tx repo.Transaction) ([]client.Client, error) {
return cs, nil
}
func NewClientRepoFromClients(dbm *gorp.DbMap, cs []client.Client) (client.ClientRepo, error) {
repo := NewClientRepo(dbm).(*clientRepo)
for _, c := range cs {
cm, err := newClientModel(c)
if err != nil {
return nil, err
}
err = repo.executor(nil).Insert(cm)
}
return repo, nil
}
func (r *clientRepo) get(tx repo.Transaction, clientID string) (client.Client, error) {
cm, err := r.getModel(tx, clientID)
if err != nil {
......
package config
import (
"os"
"testing"
"github.com/coreos/dex/client"
"github.com/coreos/dex/client/manager"
"github.com/coreos/dex/db"
)
const (
clientsFile = "../../static/fixtures/clients.json.sample"
)
// TestClientSample makes sure that the clients.json.sample file is valid and can be loaded properly.
func TestClientSample(t *testing.T) {
f, err := os.Open(clientsFile)
if err != nil {
t.Fatalf("could not open file %q: %v", clientsFile, err)
}
defer f.Close()
clients, err := client.ClientsFromReader(f)
if err != nil {
t.Fatalf("Error loading Clients: %v", err)
}
memDB := db.NewMemDB()
repo := db.NewClientRepo(memDB)
for _, c := range clients {
repo.New(nil, c)
}
mgr := manager.NewClientManager(repo, db.TransactionFactory(memDB), manager.ManagerOptions{})
for i, c := range clients {
ok, err := mgr.Authenticate(c.Credentials)
if !ok {
t.Errorf("case %d: couldn't authenticate", i)
}
if err != nil {
t.Errorf("case %d: error authenticating: %v", i, err)
}
}
}
......@@ -12,7 +12,6 @@ import (
"github.com/kylelemons/godebug/pretty"
"github.com/coreos/dex/client"
"github.com/coreos/dex/client/manager"
"github.com/coreos/dex/db"
"github.com/coreos/dex/refresh"
"github.com/coreos/dex/user"
......@@ -28,9 +27,7 @@ func newRefreshRepo(t *testing.T, users []user.UserWithRemoteIdentities, clients
if _, err := db.NewUserRepoFromUsers(dbMap, users); err != nil {
t.Fatalf("Unable to add users: %v", err)
}
if _, err := manager.NewClientManagerFromClients(db.NewClientRepo(dbMap), db.TransactionFactory(dbMap), clients, manager.ManagerOptions{}); err != nil {
t.Fatalf("Unable to add clients: %v", err)
}
return db.NewRefreshTokenRepo(dbMap)
}
......
......@@ -12,6 +12,8 @@ import (
"github.com/go-gorp/gorp"
"github.com/jonboulle/clockwork"
"github.com/coreos/dex/client"
clientmanager "github.com/coreos/dex/client/manager"
"github.com/coreos/dex/connector"
"github.com/coreos/dex/db"
"github.com/coreos/dex/user"
......@@ -79,3 +81,19 @@ func makeUserObjects(users []user.UserWithRemoteIdentities, passwords []user.Pas
um.Clock = clock
return dbMap, ur, pwr, um
}
func makeClientRepoAndManager(dbMap *gorp.DbMap, clients []client.Client) (client.ClientRepo, *clientmanager.ClientManager, error) {
clientIDGenerator := func(hostport string) (string, error) {
return hostport, nil
}
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
clientRepo, err := db.NewClientRepoFromClients(dbMap, clients)
if err != nil {
return nil, nil, err
}
clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbMap), clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
return clientRepo, clientManager, nil
}
......@@ -9,8 +9,12 @@ import (
"testing"
"time"
"github.com/coreos/go-oidc/jose"
"github.com/coreos/go-oidc/key"
"github.com/coreos/go-oidc/oauth2"
"github.com/coreos/go-oidc/oidc"
"github.com/coreos/dex/client"
clientmanager "github.com/coreos/dex/client/manager"
"github.com/coreos/dex/connector"
"github.com/coreos/dex/db"
phttp "github.com/coreos/dex/pkg/http"
......@@ -18,10 +22,6 @@ import (
"github.com/coreos/dex/server"
"github.com/coreos/dex/session/manager"
"github.com/coreos/dex/user"
"github.com/coreos/go-oidc/jose"
"github.com/coreos/go-oidc/key"
"github.com/coreos/go-oidc/oauth2"
"github.com/coreos/go-oidc/oidc"
)
func mockServer(cis []client.Client) (*server.Server, error) {
......@@ -37,14 +37,7 @@ func mockServer(cis []client.Client) (*server.Server, error) {
return nil, err
}
clientIDGenerator := func(hostport string) (string, error) {
return hostport, nil
}
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
clientRepo := db.NewClientRepo(dbMap)
clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), cis, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
clientRepo, clientManager, err := makeClientRepoAndManager(dbMap, cis)
if err != nil {
return nil, err
}
......@@ -150,18 +143,12 @@ func TestHTTPExchangeTokenRefreshToken(t *testing.T) {
},
}
clientIDGenerator := func(hostport string) (string, error) {
return hostport, nil
}
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
dbMap := db.NewMemDB()
clientRepo := db.NewClientRepo(dbMap)
clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), []client.Client{ci}, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
clientRepo, clientManager, err := makeClientRepoAndManager(dbMap, []client.Client{ci})
if err != nil {
t.Fatalf("Failed to create client identity manager: " + err.Error())
}
passwordInfoRepo, err := db.NewPasswordInfoRepoFromPasswordInfos(db.NewMemDB(), []user.PasswordInfo{passwordInfo})
if err != nil {
t.Fatalf("Failed to create password info repo: %v", err)
......
......@@ -18,7 +18,6 @@ import (
"google.golang.org/api/googleapi"
"github.com/coreos/dex/client"
"github.com/coreos/dex/client/manager"
"github.com/coreos/dex/db"
schema "github.com/coreos/dex/schema/workerschema"
"github.com/coreos/dex/server"
......@@ -126,14 +125,8 @@ func makeUserAPITestFixtures() *userAPITestFixtures {
},
},
}
clientIDGenerator := func(hostport string) (string, error) {
return hostport, nil
}
secGen := func() ([]byte, error) {
return []byte(testClientSecret), nil
}
clientRepo := db.NewClientRepo(dbMap)
clientManager, err := manager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), clients, manager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
_, clientManager, err := makeClientRepoAndManager(dbMap, clients)
if err != nil {
panic("Failed to create client identity manager: " + err.Error())
}
......
......@@ -188,7 +188,7 @@ func TestList(t *testing.T) {
}{
// empty repo
{
cs: nil,
cs: []client.Client{},
want: nil,
},
// single client
......@@ -244,20 +244,14 @@ func TestList(t *testing.T) {
}
for i, tt := range tests {
dbm := db.NewMemDB()
clientIDGenerator := func(hostport string) (string, error) {
return hostport, nil
}
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
clientRepo := db.NewClientRepo(dbm)
clientManager, err := manager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbm), tt.cs, manager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
f, err := makeTestFixturesWithOptions(testFixtureOptions{
clients: tt.cs,
})
if err != nil {
t.Fatalf("Failed to create client identity manager: %v", err)
continue
t.Fatalf("error making test fixtures: %v", err)
}
res := &clientResource{manager: clientManager}
res := &clientResource{manager: f.clientManager}
r, err := http.NewRequest("GET", "http://example.com/clients", nil)
if err != nil {
......
......@@ -116,10 +116,9 @@ func (cfg *SingleServerConfig) Configure(srv *Server) error {
return fmt.Errorf("unable to read clients from file %s: %v", cfg.ClientsFile, err)
}
clientRepo := db.NewClientRepo(dbMap)
for _, c := range clients {
clientRepo.New(nil, c)
clientRepo, err := db.NewClientRepoFromClients(dbMap, clients)
if err != nil {
return err
}
f, err := os.Open(cfg.ConnectorsFile)
......@@ -158,7 +157,7 @@ func (cfg *SingleServerConfig) Configure(srv *Server) error {
txnFactory := db.TransactionFactory(dbMap)
userManager := usermanager.NewUserManager(userRepo, pwiRepo, cfgRepo, txnFactory, usermanager.ManagerOptions{})
clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), clients, clientmanager.ManagerOptions{})
clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbMap), clientmanager.ManagerOptions{})
if err != nil {
return fmt.Errorf("Failed to create client identity manager: %v", err)
}
......
......@@ -17,10 +17,7 @@ import (
"github.com/jonboulle/clockwork"
"github.com/coreos/dex/client"
clientmanager "github.com/coreos/dex/client/manager"
"github.com/coreos/dex/connector"
"github.com/coreos/dex/db"
"github.com/coreos/dex/session/manager"
"github.com/coreos/go-oidc/jose"
"github.com/coreos/go-oidc/oauth2"
"github.com/coreos/go-oidc/oidc"
......@@ -76,38 +73,6 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
idpcs := []connector.Connector{
&fakeConnector{loginURL: "http://fake.example.com"},
}
dbm := db.NewMemDB()
clients := []client.Client{
client.Client{
Credentials: oidc.ClientCredentials{
ID: "client.example.com",
Secret: base64.URLEncoding.EncodeToString([]byte("secret")),
},
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
url.URL{Scheme: "http", Host: "client.example.com", Path: "/callback"},
},
},
},
}
clientIDGenerator := func(hostport string) (string, error) {
return hostport, nil
}
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
clientRepo := db.NewClientRepo(dbm)
clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbm), clients, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
if err != nil {
t.Fatalf("Failed to create client identity manager: %v", err)
}
srv := &Server{
IssuerURL: url.URL{Scheme: "http", Host: "server.example.com"},
SessionManager: manager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB())),
ClientRepo: clientRepo,
ClientManager: clientManager,
}
tests := []struct {
query url.Values
......@@ -118,7 +83,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
{
query: url.Values{
"response_type": []string{"code"},
"client_id": []string{"client.example.com"},
"client_id": []string{testClientID},
"connector_id": []string{"fake"},
"scope": []string{"openid"},
},
......@@ -210,7 +175,12 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
}
for i, tt := range tests {
hdlr := handleAuthFunc(srv, idpcs, nil, true)
f, err := makeTestFixtures()
if err != nil {
t.Fatalf("error making test fixtures: %v", err)
}
hdlr := handleAuthFunc(f.srv, idpcs, nil, true)
w := httptest.NewRecorder()
u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode())
req, err := http.NewRequest("GET", u, nil)
......@@ -237,7 +207,6 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
&fakeConnector{loginURL: "http://fake.example.com"},
}
dbm := db.NewMemDB()
clients := []client.Client{
client.Client{
Credentials: oidc.ClientCredentials{
......@@ -252,23 +221,11 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
},
},
}
clientIDGenerator := func(hostport string) (string, error) {
return hostport, nil
}
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
clientRepo := db.NewClientRepo(dbm)
clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbm), clients, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
f, err := makeTestFixturesWithOptions(testFixtureOptions{
clients: clients,
})
if err != nil {
t.Fatalf("Failed to create client identity manager: %v", err)
}
srv := &Server{
IssuerURL: url.URL{Scheme: "http", Host: "server.example.com"},
SessionManager: manager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB())),
ClientRepo: clientRepo,
ClientManager: clientManager,
t.Fatalf("error making test fixtures: %v", err)
}
tests := []struct {
......@@ -327,7 +284,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
}
for i, tt := range tests {
hdlr := handleAuthFunc(srv, idpcs, nil, true)
hdlr := handleAuthFunc(f.srv, idpcs, nil, true)
w := httptest.NewRecorder()
u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode())
req, err := http.NewRequest("GET", u, nil)
......
This diff is collapsed.
......@@ -26,21 +26,33 @@ const (
)
var (
testUserID1 = "ID-1"
testUserEmail1 = "Email-1@example.com"
testUserRemoteID1 = "RID-1"
testIssuerURL = url.URL{Scheme: "http", Host: "server.example.com"}
testClientID = "client.example.com"
testClientID = "client.example.com"
clientTestSecret = base64.URLEncoding.EncodeToString([]byte("secret"))
testClientCredentials = oidc.ClientCredentials{
ID: testClientID,
Secret: clientTestSecret,
}
testConnectorID1 = "IDPC-1"
testRedirectURL = url.URL{Scheme: "http", Host: "client.example.com", Path: "/callback"}
testUsers = []user.UserWithRemoteIdentities{
{
User: user.User{
ID: "ID-1",
Email: "Email-1@example.com",
ID: testUserID1,
Email: testUserEmail1,
},
RemoteIdentities: []user.RemoteIdentity{
{
ConnectorID: "IDPC-1",
ID: "RID-1",
ConnectorID: testConnectorID1,
ID: testUserRemoteID1,
},
},
},
......@@ -83,6 +95,10 @@ type testFixtures struct {
clientManager *clientmanager.ClientManager
}
type testFixtureOptions struct {
clients []client.Client
}
func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
x := 0
return func() (string, error) {
......@@ -92,6 +108,10 @@ func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
}
func makeTestFixtures() (*testFixtures, error) {
return makeTestFixturesWithOptions(testFixtureOptions{})
}
func makeTestFixturesWithOptions(options testFixtureOptions) (*testFixtures, error) {
dbMap := db.NewMemDB()
userRepo, err := db.NewUserRepoFromUsers(dbMap, testUsers)
if err != nil {
......@@ -138,18 +158,20 @@ func makeTestFixtures() (*testFixtures, error) {
return nil, err
}
clients := []client.Client{
client.Client{
Credentials: oidc.ClientCredentials{
ID: testClientID,
Secret: base64.URLEncoding.EncodeToString([]byte("secret")),
},
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
testRedirectURL,
var clients []client.Client
if options.clients == nil {
clients = []client.Client{
client.Client{
Credentials: testClientCredentials,
Metadata: oidc.ClientMetadata{
RedirectURIs: []url.URL{
testRedirectURL,
},
},
},
},
}
} else {
clients = options.clients
}
clientIDGenerator := func(hostport string) (string, error) {
......@@ -158,11 +180,13 @@ func makeTestFixtures() (*testFixtures, error) {
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
clientRepo := db.NewClientRepo(dbMap)
clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), clients, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
clientRepo, err := db.NewClientRepoFromClients(dbMap, clients)
if err != nil {
return nil, err
}
clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbMap), clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
km := key.NewPrivateKeyManager()
err = km.Set(key.NewPrivateKeySet([]*key.PrivateKey{testPrivKey}, time.Now().Add(time.Minute)))
if err != nil {
......
......@@ -18,7 +18,7 @@ if [ ! -d $GOPATH/pkg ]; then
echo "WARNING: No cached builds detected. Please run the ./build script to speed up future tests."
fi
TESTABLE="connector db integration pkg/crypto pkg/flag pkg/http pkg/time pkg/html functional/repo server session session/manager user user/api user/manager user/email email admin client client/manager"
TESTABLE="admin client client/manager connector db email functional/repo integration pkg/crypto pkg/flag pkg/http pkg/time pkg/html server session session/manager user user/api user/manager user/email"
FORMATTABLE="$TESTABLE cmd/dexctl cmd/dex-worker cmd/dex-overlord examples/app functional pkg/log"
# user has not provided PKG override
......
......@@ -4,3 +4,4 @@ source ./env
go test $@ github.com/coreos/dex/functional
go test $@ github.com/coreos/dex/functional/repo
go test $@ github.com/coreos/dex/functional/config
......@@ -176,11 +176,11 @@ func makeTestFixtures() (*UsersAPI, *testEmailer) {
secGen := func() ([]byte, error) {
return []byte("secret"), nil
}
clientRepo := db.NewClientRepo(dbMap)
clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), []client.Client{ci}, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
clientRepo, err := db.NewClientRepoFromClients(dbMap, []client.Client{ci})
if err != nil {
panic("Failed to create client manager: " + err.Error())
}
clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbMap), clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
// Used in TestRevokeRefreshToken test.
refreshTokens := []struct {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment