Merge pull request #457 from bobbyrullo/client_manager_tweaks

Various client api tweaks

Merge pull request #457 from bobbyrullo/client_manager_tweaks
Various client api tweaks
546463ad · bobbyrullo · 9c260c76 · 182e8af4 · 546463ad · 546463ad
Commit 546463ad authored Jun 08, 2016 by bobbyrullo
16 changed files
--- a/client/manager/manager.go
+++ b/client/manager/manager.go
@@ -2,7 +2,6 @@ package manager

 import (
 	"encoding/base64"
-	"fmt"

 	"errors"

@@ -64,35 +63,6 @@ func NewClientManager(clientRepo client.ClientRepo, txnFactory repo.TransactionF
 	}
 }

-func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.TransactionFactory, clients []client.Client, options ManagerOptions) (*ClientManager, error) {
-	clientManager := NewClientManager(clientRepo, txnFactory, options)
-	tx, err := clientManager.begin()
-	if err != nil {
-		return nil, err
-	}
-	defer tx.Rollback()
-
-	for _, c := range clients {
-		if c.Credentials.Secret == "" {
-			return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
-		}
-
-		cli, err := clientManager.generateClientCredentials(c)
-		if err != nil {
-			return nil, err
-		}
-
-		_, err = clientRepo.New(tx, cli)
-		if err != nil {
-			return nil, err
-		}
-	}
-	if err := tx.Commit(); err != nil {
-		return nil, err
-	}
-	return clientManager, nil
-}
-
 func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error) {
 	tx, err := m.begin()
 	if err != nil {
@@ -100,15 +70,15 @@ func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error)
 	}
 	defer tx.Rollback()

-	c, err := m.generateClientCredentials(cli)
+	err = m.addClientCredentials(&cli)
 	if err != nil {
 		return nil, err
 	}

-	creds := c.Credentials
+	creds := cli.Credentials

 	// Save Client
-	_, err = m.clientRepo.New(tx, c)
+	_, err = m.clientRepo.New(tx, cli)
 	if err != nil {
 		return nil, err
 	}
@@ -189,25 +159,25 @@ func (m *ClientManager) Authenticate(creds oidc.ClientCredentials) (bool, error)
 	return ok, nil
 }

-func (m *ClientManager) generateClientCredentials(cli client.Client) (client.Client, error) {
+func (m *ClientManager) addClientCredentials(cli *client.Client) error {
 	// Generate Client ID
 	if len(cli.Metadata.RedirectURIs) < 1 {
-		return cli, errors.New("no client redirect url given")
+		return errors.New("no client redirect url given")
 	}
 	clientID, err := m.clientIDGenerator(cli.Metadata.RedirectURIs[0].Host)
 	if err != nil {
-		return cli, err
+		return err
 	}

 	// Generate Secret
 	secret, err := m.secretGenerator()
 	if err != nil {
-		return cli, err
+		return err
 	}
 	clientSecret := base64.URLEncoding.EncodeToString(secret)
 	cli.Credentials = oidc.ClientCredentials{
 		ID:     clientID,
 		Secret: clientSecret,
 	}
-	return cli, nil
+	return nil
 }
--- a/client/manager/manager_test.go
+++ b/client/manager/manager_test.go
@@ -44,11 +44,14 @@ func makeTestFixtures() *testFixtures {
 	secGen := func() ([]byte, error) {
 		return []byte("secret"), nil
 	}
-	f.clientRepo = db.NewClientRepo(dbMap)
-	clientManager, err := NewClientManagerFromClients(f.clientRepo, db.TransactionFactory(dbMap), clients, ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+
+	var err error
+	f.clientRepo, err = db.NewClientRepoFromClients(dbMap, clients)
 	if err != nil {
 		panic("Failed to create client manager: " + err.Error())
 	}
+
+	clientManager := NewClientManager(f.clientRepo, db.TransactionFactory(dbMap), ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
 	f.mgr = clientManager
 	return f
 }

--- a/db/client.go
+++ b/db/client.go
@@ -199,6 +199,18 @@ func (r *clientRepo) All(tx repo.Transaction) ([]client.Client, error) {
 	return cs, nil
 }

+func NewClientRepoFromClients(dbm *gorp.DbMap, cs []client.Client) (client.ClientRepo, error) {
+	repo := NewClientRepo(dbm).(*clientRepo)
+	for _, c := range cs {
+		cm, err := newClientModel(c)
+		if err != nil {
+			return nil, err
+		}
+		err = repo.executor(nil).Insert(cm)
+	}
+	return repo, nil
+}
+
 func (r *clientRepo) get(tx repo.Transaction, clientID string) (client.Client, error) {
 	cm, err := r.getModel(tx, clientID)
 	if err != nil {

--- a/functional/config/config_sample_test.go
+++ b/functional/config/config_sample_test.go
+package config
+
+import (
+	"os"
+	"testing"
+
+	"github.com/coreos/dex/client"
+	"github.com/coreos/dex/client/manager"
+	"github.com/coreos/dex/db"
+)
+
+const (
+	clientsFile = "../../static/fixtures/clients.json.sample"
+)
+
+// TestClientSample makes sure that the clients.json.sample file is valid and can be loaded properly.
+func TestClientSample(t *testing.T) {
+	f, err := os.Open(clientsFile)
+	if err != nil {
+		t.Fatalf("could not open file %q: %v", clientsFile, err)
+	}
+	defer f.Close()
+
+	clients, err := client.ClientsFromReader(f)
+	if err != nil {
+		t.Fatalf("Error loading Clients: %v", err)
+	}
+
+	memDB := db.NewMemDB()
+	repo := db.NewClientRepo(memDB)
+	for _, c := range clients {
+		repo.New(nil, c)
+	}
+	mgr := manager.NewClientManager(repo, db.TransactionFactory(memDB), manager.ManagerOptions{})
+
+	for i, c := range clients {
+		ok, err := mgr.Authenticate(c.Credentials)
+		if !ok {
+			t.Errorf("case %d: couldn't authenticate", i)
+		}
+		if err != nil {
+			t.Errorf("case %d: error authenticating: %v", i, err)
+		}
+	}
+
+}
--- a/functional/repo/refresh_repo_test.go
+++ b/functional/repo/refresh_repo_test.go
@@ -12,7 +12,6 @@ import (
 	"github.com/kylelemons/godebug/pretty"

 	"github.com/coreos/dex/client"
-	"github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/db"
 	"github.com/coreos/dex/refresh"
 	"github.com/coreos/dex/user"
@@ -28,9 +27,7 @@ func newRefreshRepo(t *testing.T, users []user.UserWithRemoteIdentities, clients
 	if _, err := db.NewUserRepoFromUsers(dbMap, users); err != nil {
 		t.Fatalf("Unable to add users: %v", err)
 	}
-	if _, err := manager.NewClientManagerFromClients(db.NewClientRepo(dbMap), db.TransactionFactory(dbMap), clients, manager.ManagerOptions{}); err != nil {
-		t.Fatalf("Unable to add clients: %v", err)
-	}
+
 	return db.NewRefreshTokenRepo(dbMap)
 }


--- a/integration/common_test.go
+++ b/integration/common_test.go
@@ -12,6 +12,8 @@ import (
 	"github.com/go-gorp/gorp"
 	"github.com/jonboulle/clockwork"

+	"github.com/coreos/dex/client"
+	clientmanager "github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/connector"
 	"github.com/coreos/dex/db"
 	"github.com/coreos/dex/user"
@@ -79,3 +81,19 @@ func makeUserObjects(users []user.UserWithRemoteIdentities, passwords []user.Pas
 	um.Clock = clock
 	return dbMap, ur, pwr, um
 }
+
+func makeClientRepoAndManager(dbMap *gorp.DbMap, clients []client.Client) (client.ClientRepo, *clientmanager.ClientManager, error) {
+	clientIDGenerator := func(hostport string) (string, error) {
+		return hostport, nil
+	}
+	secGen := func() ([]byte, error) {
+		return []byte("secret"), nil
+	}
+	clientRepo, err := db.NewClientRepoFromClients(dbMap, clients)
+	if err != nil {
+		return nil, nil, err
+	}
+	clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbMap), clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+	return clientRepo, clientManager, nil
+
+}
--- a/integration/oidc_test.go
+++ b/integration/oidc_test.go
@@ -9,8 +9,12 @@ import (
 	"testing"
 	"time"

+	"github.com/coreos/go-oidc/jose"
+	"github.com/coreos/go-oidc/key"
+	"github.com/coreos/go-oidc/oauth2"
+	"github.com/coreos/go-oidc/oidc"
+
 	"github.com/coreos/dex/client"
-	clientmanager "github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/connector"
 	"github.com/coreos/dex/db"
 	phttp "github.com/coreos/dex/pkg/http"
@@ -18,10 +22,6 @@ import (
 	"github.com/coreos/dex/server"
 	"github.com/coreos/dex/session/manager"
 	"github.com/coreos/dex/user"
-	"github.com/coreos/go-oidc/jose"
-	"github.com/coreos/go-oidc/key"
-	"github.com/coreos/go-oidc/oauth2"
-	"github.com/coreos/go-oidc/oidc"
 )

 func mockServer(cis []client.Client) (*server.Server, error) {
@@ -37,14 +37,7 @@ func mockServer(cis []client.Client) (*server.Server, error) {
 		return nil, err
 	}

-	clientIDGenerator := func(hostport string) (string, error) {
-		return hostport, nil
-	}
-	secGen := func() ([]byte, error) {
-		return []byte("secret"), nil
-	}
-	clientRepo := db.NewClientRepo(dbMap)
-	clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), cis, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+	clientRepo, clientManager, err := makeClientRepoAndManager(dbMap, cis)
 	if err != nil {
 		return nil, err
 	}
@@ -150,18 +143,12 @@ func TestHTTPExchangeTokenRefreshToken(t *testing.T) {
 		},
 	}

-	clientIDGenerator := func(hostport string) (string, error) {
-		return hostport, nil
-	}
-	secGen := func() ([]byte, error) {
-		return []byte("secret"), nil
-	}
 	dbMap := db.NewMemDB()
-	clientRepo := db.NewClientRepo(dbMap)
-	clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), []client.Client{ci}, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+	clientRepo, clientManager, err := makeClientRepoAndManager(dbMap, []client.Client{ci})
 	if err != nil {
 		t.Fatalf("Failed to create client identity manager: " + err.Error())
 	}
+
 	passwordInfoRepo, err := db.NewPasswordInfoRepoFromPasswordInfos(db.NewMemDB(), []user.PasswordInfo{passwordInfo})
 	if err != nil {
 		t.Fatalf("Failed to create password info repo: %v", err)

--- a/integration/user_api_test.go
+++ b/integration/user_api_test.go
@@ -18,7 +18,6 @@ import (
 	"google.golang.org/api/googleapi"

 	"github.com/coreos/dex/client"
-	"github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/db"
 	schema "github.com/coreos/dex/schema/workerschema"
 	"github.com/coreos/dex/server"
@@ -126,14 +125,8 @@ func makeUserAPITestFixtures() *userAPITestFixtures {
 			},
 		},
 	}
-	clientIDGenerator := func(hostport string) (string, error) {
-		return hostport, nil
-	}
-	secGen := func() ([]byte, error) {
-		return []byte(testClientSecret), nil
-	}
-	clientRepo := db.NewClientRepo(dbMap)
-	clientManager, err := manager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), clients, manager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+
+	_, clientManager, err := makeClientRepoAndManager(dbMap, clients)
 	if err != nil {
 		panic("Failed to create client identity manager: " + err.Error())
 	}

--- a/server/client_resource_test.go
+++ b/server/client_resource_test.go
@@ -188,7 +188,7 @@ func TestList(t *testing.T) {
 	}{
 		// empty repo
 		{
-			cs:   nil,
+			cs:   []client.Client{},
 			want: nil,
 		},
 		// single client
@@ -244,20 +244,14 @@ func TestList(t *testing.T) {
 	}

 	for i, tt := range tests {
-		dbm := db.NewMemDB()
-		clientIDGenerator := func(hostport string) (string, error) {
-			return hostport, nil
-		}
-		secGen := func() ([]byte, error) {
-			return []byte("secret"), nil
-		}
-		clientRepo := db.NewClientRepo(dbm)
-		clientManager, err := manager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbm), tt.cs, manager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+		f, err := makeTestFixturesWithOptions(testFixtureOptions{
+			clients: tt.cs,
+		})
 		if err != nil {
-			t.Fatalf("Failed to create client identity manager: %v", err)
-			continue
+			t.Fatalf("error making test fixtures: %v", err)
 		}
-		res := &clientResource{manager: clientManager}
+
+		res := &clientResource{manager: f.clientManager}

 		r, err := http.NewRequest("GET", "http://example.com/clients", nil)
 		if err != nil {

--- a/server/config.go
+++ b/server/config.go
@@ -116,10 +116,9 @@ func (cfg *SingleServerConfig) Configure(srv *Server) error {
 		return fmt.Errorf("unable to read clients from file %s: %v", cfg.ClientsFile, err)
 	}

-	clientRepo := db.NewClientRepo(dbMap)
-
-	for _, c := range clients {
-		clientRepo.New(nil, c)
+	clientRepo, err := db.NewClientRepoFromClients(dbMap, clients)
+	if err != nil {
+		return err
 	}

 	f, err := os.Open(cfg.ConnectorsFile)
@@ -158,7 +157,7 @@ func (cfg *SingleServerConfig) Configure(srv *Server) error {

 	txnFactory := db.TransactionFactory(dbMap)
 	userManager := usermanager.NewUserManager(userRepo, pwiRepo, cfgRepo, txnFactory, usermanager.ManagerOptions{})
-	clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), clients, clientmanager.ManagerOptions{})
+	clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbMap), clientmanager.ManagerOptions{})
 	if err != nil {
 		return fmt.Errorf("Failed to create client identity manager: %v", err)
 	}

--- a/server/http_test.go
+++ b/server/http_test.go
@@ -17,10 +17,7 @@ import (
 	"github.com/jonboulle/clockwork"

 	"github.com/coreos/dex/client"
-	clientmanager "github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/connector"
-	"github.com/coreos/dex/db"
-	"github.com/coreos/dex/session/manager"
 	"github.com/coreos/go-oidc/jose"
 	"github.com/coreos/go-oidc/oauth2"
 	"github.com/coreos/go-oidc/oidc"
@@ -76,38 +73,6 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
 	idpcs := []connector.Connector{
 		&fakeConnector{loginURL: "http://fake.example.com"},
 	}
-	dbm := db.NewMemDB()
-	clients := []client.Client{
-		client.Client{
-			Credentials: oidc.ClientCredentials{
-				ID:     "client.example.com",
-				Secret: base64.URLEncoding.EncodeToString([]byte("secret")),
-			},
-			Metadata: oidc.ClientMetadata{
-				RedirectURIs: []url.URL{
-					url.URL{Scheme: "http", Host: "client.example.com", Path: "/callback"},
-				},
-			},
-		},
-	}
-
-	clientIDGenerator := func(hostport string) (string, error) {
-		return hostport, nil
-	}
-	secGen := func() ([]byte, error) {
-		return []byte("secret"), nil
-	}
-	clientRepo := db.NewClientRepo(dbm)
-	clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbm), clients, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
-	if err != nil {
-		t.Fatalf("Failed to create client identity manager: %v", err)
-	}
-	srv := &Server{
-		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
-		SessionManager: manager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB())),
-		ClientRepo:     clientRepo,
-		ClientManager:  clientManager,
-	}

 	tests := []struct {
 		query        url.Values
@@ -118,7 +83,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
 		{
 			query: url.Values{
 				"response_type": []string{"code"},
-				"client_id":     []string{"client.example.com"},
+				"client_id":     []string{testClientID},
 				"connector_id":  []string{"fake"},
 				"scope":         []string{"openid"},
 			},
@@ -210,7 +175,12 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
 	}

 	for i, tt := range tests {
-		hdlr := handleAuthFunc(srv, idpcs, nil, true)
+		f, err := makeTestFixtures()
+		if err != nil {
+			t.Fatalf("error making test fixtures: %v", err)
+		}
+
+		hdlr := handleAuthFunc(f.srv, idpcs, nil, true)
 		w := httptest.NewRecorder()
 		u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode())
 		req, err := http.NewRequest("GET", u, nil)
@@ -237,7 +207,6 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
 		&fakeConnector{loginURL: "http://fake.example.com"},
 	}

-	dbm := db.NewMemDB()
 	clients := []client.Client{
 		client.Client{
 			Credentials: oidc.ClientCredentials{
@@ -252,23 +221,11 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
 			},
 		},
 	}
-
-	clientIDGenerator := func(hostport string) (string, error) {
-		return hostport, nil
-	}
-	secGen := func() ([]byte, error) {
-		return []byte("secret"), nil
-	}
-	clientRepo := db.NewClientRepo(dbm)
-	clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbm), clients, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+	f, err := makeTestFixturesWithOptions(testFixtureOptions{
+		clients: clients,
+	})
 	if err != nil {
-		t.Fatalf("Failed to create client identity manager: %v", err)
-	}
-	srv := &Server{
-		IssuerURL:      url.URL{Scheme: "http", Host: "server.example.com"},
-		SessionManager: manager.NewSessionManager(db.NewSessionRepo(db.NewMemDB()), db.NewSessionKeyRepo(db.NewMemDB())),
-		ClientRepo:     clientRepo,
-		ClientManager:  clientManager,
+		t.Fatalf("error making test fixtures: %v", err)
 	}

 	tests := []struct {
@@ -327,7 +284,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
 	}

 	for i, tt := range tests {
-		hdlr := handleAuthFunc(srv, idpcs, nil, true)
+		hdlr := handleAuthFunc(f.srv, idpcs, nil, true)
 		w := httptest.NewRecorder()
 		u := fmt.Sprintf("http://server.example.com?%s", tt.query.Encode())
 		req, err := http.NewRequest("GET", u, nil)

--- a/server/server_test.go
+++ b/server/server_test.go
--- a/server/testutil.go
+++ b/server/testutil.go
@@ -26,21 +26,33 @@ const (
 )

 var (
+	testUserID1       = "ID-1"
+	testUserEmail1    = "Email-1@example.com"
+	testUserRemoteID1 = "RID-1"
+
 	testIssuerURL = url.URL{Scheme: "http", Host: "server.example.com"}
+
 	testClientID          = "client.example.com"
+	clientTestSecret      = base64.URLEncoding.EncodeToString([]byte("secret"))
+	testClientCredentials = oidc.ClientCredentials{
+		ID:     testClientID,
+		Secret: clientTestSecret,
+	}
+
+	testConnectorID1 = "IDPC-1"

 	testRedirectURL = url.URL{Scheme: "http", Host: "client.example.com", Path: "/callback"}

 	testUsers = []user.UserWithRemoteIdentities{
 		{
 			User: user.User{
-				ID:    "ID-1",
-				Email: "Email-1@example.com",
+				ID:    testUserID1,
+				Email: testUserEmail1,
 			},
 			RemoteIdentities: []user.RemoteIdentity{
 				{
-					ConnectorID: "IDPC-1",
-					ID:          "RID-1",
+					ConnectorID: testConnectorID1,
+					ID:          testUserRemoteID1,
 				},
 			},
 		},
@@ -83,6 +95,10 @@ type testFixtures struct {
 	clientManager  *clientmanager.ClientManager
 }

+type testFixtureOptions struct {
+	clients []client.Client
+}
+
 func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
 	x := 0
 	return func() (string, error) {
@@ -92,6 +108,10 @@ func sequentialGenerateCodeFunc() sessionmanager.GenerateCodeFunc {
 }

 func makeTestFixtures() (*testFixtures, error) {
+	return makeTestFixturesWithOptions(testFixtureOptions{})
+}
+
+func makeTestFixturesWithOptions(options testFixtureOptions) (*testFixtures, error) {
 	dbMap := db.NewMemDB()
 	userRepo, err := db.NewUserRepoFromUsers(dbMap, testUsers)
 	if err != nil {
@@ -138,12 +158,11 @@ func makeTestFixtures() (*testFixtures, error) {
 		return nil, err
 	}

-	clients := []client.Client{
+	var clients []client.Client
+	if options.clients == nil {
+		clients = []client.Client{
 			client.Client{
-			Credentials: oidc.ClientCredentials{
-				ID:     testClientID,
-				Secret: base64.URLEncoding.EncodeToString([]byte("secret")),
-			},
+				Credentials: testClientCredentials,
 				Metadata: oidc.ClientMetadata{
 					RedirectURIs: []url.URL{
 						testRedirectURL,
@@ -151,6 +170,9 @@ func makeTestFixtures() (*testFixtures, error) {
 				},
 			},
 		}
+	} else {
+		clients = options.clients
+	}

 	clientIDGenerator := func(hostport string) (string, error) {
 		return hostport, nil
@@ -158,11 +180,13 @@ func makeTestFixtures() (*testFixtures, error) {
 	secGen := func() ([]byte, error) {
 		return []byte("secret"), nil
 	}
-	clientRepo := db.NewClientRepo(dbMap)
-	clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), clients, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+	clientRepo, err := db.NewClientRepoFromClients(dbMap, clients)
 	if err != nil {
 		return nil, err
 	}
+
+	clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbMap), clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+
 	km := key.NewPrivateKeyManager()
 	err = km.Set(key.NewPrivateKeySet([]*key.PrivateKey{testPrivKey}, time.Now().Add(time.Minute)))
 	if err != nil {

--- a/test
+++ b/test
@@ -18,7 +18,7 @@ if [ ! -d $GOPATH/pkg ]; then
 	echo "WARNING: No cached builds detected. Please run the ./build script to speed up future tests."
 fi

-TESTABLE="connector db integration pkg/crypto pkg/flag pkg/http pkg/time pkg/html functional/repo server session session/manager user user/api user/manager user/email email admin client client/manager"
+TESTABLE="admin client client/manager connector db email functional/repo integration pkg/crypto pkg/flag pkg/http pkg/time pkg/html server session session/manager user user/api user/manager user/email"
 FORMATTABLE="$TESTABLE cmd/dexctl cmd/dex-worker cmd/dex-overlord examples/app functional pkg/log"

 # user has not provided PKG override

--- a/test-functional
+++ b/test-functional
@@ -4,3 +4,4 @@ source ./env

 go test $@ github.com/coreos/dex/functional
 go test $@ github.com/coreos/dex/functional/repo
+go test $@ github.com/coreos/dex/functional/config
--- a/user/api/api_test.go
+++ b/user/api/api_test.go
@@ -176,11 +176,11 @@ func makeTestFixtures() (*UsersAPI, *testEmailer) {
 	secGen := func() ([]byte, error) {
 		return []byte("secret"), nil
 	}
-	clientRepo := db.NewClientRepo(dbMap)
-	clientManager, err := clientmanager.NewClientManagerFromClients(clientRepo, db.TransactionFactory(dbMap), []client.Client{ci}, clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})
+	clientRepo, err := db.NewClientRepoFromClients(dbMap, []client.Client{ci})
 	if err != nil {
 		panic("Failed to create client manager: " + err.Error())
 	}
+	clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbMap), clientmanager.ManagerOptions{ClientIDGenerator: clientIDGenerator, SecretGenerator: secGen})

 	// Used in TestRevokeRefreshToken test.
 	refreshTokens := []struct {