Commit 73d9742c authored by Evan Cordell's avatar Evan Cordell

client manager: accept full client when creating

parent a418e1c4
......@@ -138,7 +138,7 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem
}
// metadata is guaranteed to have at least one redirect_uri by earlier validation.
creds, err := a.clientManager.New(cli.Metadata)
creds, err := a.clientManager.New(cli)
if err != nil {
return adminschema.ClientCreateResponse{}, mapError(err)
}
......
......@@ -77,11 +77,10 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T
return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
}
cli, err := clientManager.clientFromMetadata(c.Metadata)
cli, err := clientManager.generateClientCredentials(c)
if err != nil {
return nil, err
}
cli.Admin = c.Admin
_, err = clientRepo.New(tx, cli)
if err != nil {
......@@ -94,22 +93,22 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T
return clientManager, nil
}
func (m *ClientManager) New(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error) {
tx, err := m.begin()
if err != nil {
return nil, err
}
defer tx.Rollback()
cli, err := m.clientFromMetadata(meta)
c, err := m.generateClientCredentials(cli)
if err != nil {
return nil, err
}
creds := cli.Credentials
creds := c.Credentials
// Save Client
_, err = m.clientRepo.New(tx, cli)
_, err = m.clientRepo.New(tx, c)
if err != nil {
return nil, err
}
......@@ -190,28 +189,25 @@ func (m *ClientManager) Authenticate(creds oidc.ClientCredentials) (bool, error)
return ok, nil
}
func (m *ClientManager) clientFromMetadata(meta oidc.ClientMetadata) (client.Client, error) {
func (m *ClientManager) generateClientCredentials(cli client.Client) (client.Client, error) {
// Generate Client ID
if len(meta.RedirectURIs) < 1 {
return client.Client{}, errors.New("no client redirect url given")
if len(cli.Metadata.RedirectURIs) < 1 {
return cli, errors.New("no client redirect url given")
}
clientID, err := m.clientIDGenerator(meta.RedirectURIs[0].Host)
clientID, err := m.clientIDGenerator(cli.Metadata.RedirectURIs[0].Host)
if err != nil {
return client.Client{}, err
return cli, err
}
// Generate Secret
secret, err := m.secretGenerator()
if err != nil {
return client.Client{}, err
return cli, err
}
clientSecret := base64.URLEncoding.EncodeToString(secret)
cli := client.Client{
Credentials: oidc.ClientCredentials{
ID: clientID,
Secret: clientSecret,
},
Metadata: meta,
cli.Credentials = oidc.ClientCredentials{
ID: clientID,
Secret: clientSecret,
}
return cli, nil
}
......@@ -126,8 +126,10 @@ func TestAuthenticate(t *testing.T) {
url.URL{Scheme: "http", Host: "example.com", Path: "/cb"},
},
}
cc, err := f.mgr.New(cm)
cli := client.Client{
Metadata: cm,
}
cc, err := f.mgr.New(cli)
if err != nil {
t.Fatalf(err.Error())
}
......
package main
import (
"github.com/coreos/dex/client"
"github.com/coreos/dex/client/manager"
"github.com/coreos/dex/connector"
"github.com/coreos/dex/db"
......@@ -30,7 +31,10 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials,
if err := meta.Valid(); err != nil {
return nil, err
}
return d.ciManager.New(meta)
cli := client.Client{
Metadata: meta,
}
return d.ciManager.New(cli)
}
func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) {
......
......@@ -313,8 +313,10 @@ func TestDBClientRepoAuthenticate(t *testing.T) {
url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
},
}
cc, err := m.New(cm)
cli := client.Client{
Metadata: cm,
}
cc, err := m.New(cli)
if err != nil {
t.Fatalf(err.Error())
}
......
......@@ -8,6 +8,7 @@ import (
"testing"
"time"
"github.com/coreos/dex/client"
clientmanager "github.com/coreos/dex/client/manager"
"github.com/coreos/dex/db"
"github.com/coreos/go-oidc/jose"
......@@ -33,7 +34,10 @@ func TestClientToken(t *testing.T) {
dbm := db.NewMemDB()
clientRepo := db.NewClientRepo(dbm)
clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbm), clientmanager.ManagerOptions{})
creds, err := clientManager.New(clientMetadata)
cli := client.Client{
Metadata: clientMetadata,
}
creds, err := clientManager.New(cli)
if err != nil {
t.Fatalf("Failed to create client: %v", err)
}
......
......@@ -4,6 +4,7 @@ import (
"encoding/json"
"net/http"
"github.com/coreos/dex/client"
"github.com/coreos/dex/pkg/log"
"github.com/coreos/go-oidc/oauth2"
......@@ -38,7 +39,10 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR
}
// metadata is guarenteed to have at least one redirect_uri by earlier validation.
creds, err := s.ClientManager.New(clientMetadata)
cli := client.Client{
Metadata: clientMetadata,
}
creds, err := s.ClientManager.New(cli)
if err != nil {
log.Errorf("Failed to create new client identity: %v", err)
return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
......
......@@ -87,7 +87,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, err.Error()))
return
}
creds, err := c.manager.New(ci.Metadata)
creds, err := c.manager.New(ci)
if err != nil {
log.Errorf("Failed creating client: %v", err)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment