Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
D
dex
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
dex
Commits
6379403a
Unverified
Commit
6379403a
authored
Jul 22, 2019
by
Stephan Renatus
Committed by
GitHub
Jul 22, 2019
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #1486 from AlbanSeurat/tc/add-verify-password-api
Add VerifyPassword to API
parents
92920c86
dd84e73c
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
129 additions
and
3 deletions
+129
-3
api.pb.go
api/api.pb.go
+0
-0
api.proto
api/api.proto
+12
-0
README.md
examples/grpc-client/README.md
+2
-1
client.go
examples/grpc-client/client.go
+33
-0
api.go
server/api.go
+31
-0
api_test.go
server/api_test.go
+51
-2
No files found.
api/api.pb.go
View file @
6379403a
This diff is collapsed.
Click to expand it.
api/api.proto
View file @
6379403a
...
...
@@ -148,6 +148,16 @@ message RevokeRefreshResp {
bool
not_found
=
1
;
}
message
VerifyPasswordReq
{
string
email
=
1
;
string
password
=
2
;
}
message
VerifyPasswordResp
{
bool
verified
=
1
;
bool
not_found
=
2
;
}
// Dex represents the dex gRPC service.
service
Dex
{
// CreateClient creates a client.
...
...
@@ -172,4 +182,6 @@ service Dex {
//
// Note that each user-client pair can have only one refresh token at a time.
rpc
RevokeRefresh
(
RevokeRefreshReq
)
returns
(
RevokeRefreshResp
)
{};
// VerifyPassword returns whether a password matches a hash for a specific email or not.
rpc
VerifyPassword
(
VerifyPasswordReq
)
returns
(
VerifyPasswordResp
)
{};
}
examples/grpc-client/README.md
View file @
6379403a
...
...
@@ -48,7 +48,8 @@ Finally run the Dex client providing the CA certificate, client certificate and
Running the gRPC client will cause the following API calls to be made to the server
1.
CreatePassword
2.
ListPasswords
3.
DeletePassword
3.
VerifyPassword
4.
DeletePassword
## Cleaning up
...
...
examples/grpc-client/client.go
View file @
6379403a
...
...
@@ -76,6 +76,39 @@ func createPassword(cli api.DexClient) error {
log
.
Printf
(
"%+v"
,
pass
)
}
// Verifying correct and incorrect passwords
log
.
Print
(
"Verifying Password:
\n
"
)
verifyReq
:=
&
api
.
VerifyPasswordReq
{
Email
:
"test@example.com"
,
Password
:
"test1"
,
}
verifyResp
,
err
:=
cli
.
VerifyPassword
(
context
.
TODO
(),
verifyReq
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"failed to run VerifyPassword for correct password: %v"
,
err
)
}
if
!
verifyResp
.
Verified
{
return
fmt
.
Errorf
(
"failed to verify correct password: %v"
,
verifyResp
)
}
log
.
Printf
(
"properly verified correct password: %t
\n
"
,
verifyResp
.
Verified
)
badVerifyReq
:=
&
api
.
VerifyPasswordReq
{
Email
:
"test@example.com"
,
Password
:
"wrong_password"
,
}
badVerifyResp
,
err
:=
cli
.
VerifyPassword
(
context
.
TODO
(),
badVerifyReq
)
if
err
!=
nil
{
return
fmt
.
Errorf
(
"failed to run VerifyPassword for incorrect password: %v"
,
err
)
}
if
badVerifyResp
.
Verified
{
return
fmt
.
Errorf
(
"verify returned true for incorrect password: %v"
,
badVerifyResp
)
}
log
.
Printf
(
"properly failed to verify incorrect password: %t
\n
"
,
badVerifyResp
.
Verified
)
log
.
Print
(
"Listing Passwords:
\n
"
)
for
_
,
pass
:=
range
resp
.
Passwords
{
log
.
Printf
(
"%+v"
,
pass
)
}
deleteReq
:=
&
api
.
DeletePasswordReq
{
Email
:
p
.
Email
,
}
...
...
server/api.go
View file @
6379403a
...
...
@@ -254,6 +254,37 @@ func (d dexAPI) ListPasswords(ctx context.Context, req *api.ListPasswordReq) (*a
}
func
(
d
dexAPI
)
VerifyPassword
(
ctx
context
.
Context
,
req
*
api
.
VerifyPasswordReq
)
(
*
api
.
VerifyPasswordResp
,
error
)
{
if
req
.
Email
==
""
{
return
nil
,
errors
.
New
(
"no email supplied"
)
}
if
req
.
Password
==
""
{
return
nil
,
errors
.
New
(
"no password to verify supplied"
)
}
password
,
err
:=
d
.
s
.
GetPassword
(
req
.
Email
)
if
err
!=
nil
{
if
err
==
storage
.
ErrNotFound
{
return
&
api
.
VerifyPasswordResp
{
NotFound
:
true
,
},
nil
}
d
.
logger
.
Errorf
(
"api: there was an error retrieving the password: %v"
,
err
)
return
nil
,
fmt
.
Errorf
(
"verify password: %v"
,
err
)
}
if
err
:=
bcrypt
.
CompareHashAndPassword
(
password
.
Hash
,
[]
byte
(
req
.
Password
));
err
!=
nil
{
d
.
logger
.
Info
(
"api: password check failed : %v"
,
err
)
return
&
api
.
VerifyPasswordResp
{
Verified
:
false
,
},
nil
}
return
&
api
.
VerifyPasswordResp
{
Verified
:
true
,
},
nil
}
func
(
d
dexAPI
)
ListRefresh
(
ctx
context
.
Context
,
req
*
api
.
ListRefreshReq
)
(
*
api
.
ListRefreshResp
,
error
)
{
id
:=
new
(
internal
.
IDTokenSubject
)
if
err
:=
internal
.
Unmarshal
(
req
.
UserId
,
id
);
err
!=
nil
{
...
...
server/api_test.go
View file @
6379403a
...
...
@@ -69,8 +69,9 @@ func TestPassword(t *testing.T) {
defer
client
.
Close
()
ctx
:=
context
.
Background
()
email
:=
"test@example.com"
p
:=
api
.
Password
{
Email
:
"test@example.com"
,
Email
:
email
,
// bcrypt hash of the value "test1" with cost 10
Hash
:
[]
byte
(
"$2a$10$XVMN/Fid.Ks4CXgzo8fpR.iU1khOMsP5g9xQeXuBm1wXjRX8pjUtO"
),
Username
:
"test"
,
...
...
@@ -93,8 +94,56 @@ func TestPassword(t *testing.T) {
t
.
Fatalf
(
"Created password %s twice"
,
createReq
.
Password
.
Email
)
}
// Attempt to verify valid password and email
goodVerifyReq
:=
&
api
.
VerifyPasswordReq
{
Email
:
email
,
Password
:
"test1"
,
}
goodVerifyResp
,
err
:=
client
.
VerifyPassword
(
ctx
,
goodVerifyReq
)
if
err
!=
nil
{
t
.
Fatalf
(
"Unable to run verify password we expected to be valid for correct email: %v"
,
err
)
}
if
!
goodVerifyResp
.
Verified
{
t
.
Fatalf
(
"verify password failed for password expected to be valid for correct email. expected %t, found %t"
,
true
,
goodVerifyResp
.
Verified
)
}
if
goodVerifyResp
.
NotFound
{
t
.
Fatalf
(
"verify password failed to return not found response. expected %t, found %t"
,
false
,
goodVerifyResp
.
NotFound
)
}
// Check not found response for valid password with wrong email
badEmailVerifyReq
:=
&
api
.
VerifyPasswordReq
{
Email
:
"somewrongaddress@email.com"
,
Password
:
"test1"
,
}
badEmailVerifyResp
,
err
:=
client
.
VerifyPassword
(
ctx
,
badEmailVerifyReq
)
if
err
!=
nil
{
t
.
Fatalf
(
"Unable to run verify password for incorrect email: %v"
,
err
)
}
if
badEmailVerifyResp
.
Verified
{
t
.
Fatalf
(
"verify password passed for password expected to be not found. expected %t, found %t"
,
false
,
badEmailVerifyResp
.
Verified
)
}
if
!
badEmailVerifyResp
.
NotFound
{
t
.
Fatalf
(
"expected not found response for verify password with bad email. expected %t, found %t"
,
true
,
badEmailVerifyResp
.
NotFound
)
}
// Check that wrong password fails
badPassVerifyReq
:=
&
api
.
VerifyPasswordReq
{
Email
:
email
,
Password
:
"wrong_password"
,
}
badPassVerifyResp
,
err
:=
client
.
VerifyPassword
(
ctx
,
badPassVerifyReq
)
if
err
!=
nil
{
t
.
Fatalf
(
"Unable to run verify password for password we expected to be invalid: %v"
,
err
)
}
if
badPassVerifyResp
.
Verified
{
t
.
Fatalf
(
"verify password passed for password we expected to fail. expected %t, found %t"
,
false
,
badPassVerifyResp
.
Verified
)
}
if
badPassVerifyResp
.
NotFound
{
t
.
Fatalf
(
"did not expect expected not found response for verify password with bad email. expected %t, found %t"
,
false
,
badPassVerifyResp
.
NotFound
)
}
updateReq
:=
api
.
UpdatePasswordReq
{
Email
:
"test@example.com"
,
Email
:
email
,
NewUsername
:
"test1"
,
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment