client manager: accept full client when creating

10 years ago · 73d9742c8b
8 changed files with 39 additions and 27 deletions
--- a/admin/api.go
+++ b/admin/api.go
@ -138,7 +138,7 @@ func (a *AdminAPI) CreateClient(req adminschema.ClientCreateRequest) (adminschem
 	}

 	// metadata is guaranteed to have at least one redirect_uri by earlier validation.
-	creds, err := a.clientManager.New(cli.Metadata)
+	creds, err := a.clientManager.New(cli)
 	if err != nil {
 		return adminschema.ClientCreateResponse{}, mapError(err)
 	}
--- a/client/manager/manager.go
+++ b/client/manager/manager.go
@ -77,11 +77,10 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T
 			return nil, fmt.Errorf("client %q has no secret", c.Credentials.ID)
 		}

-		cli, err := clientManager.clientFromMetadata(c.Metadata)
+		cli, err := clientManager.generateClientCredentials(c)
 		if err != nil {
 			return nil, err
 		}
-		cli.Admin = c.Admin

 		_, err = clientRepo.New(tx, cli)
 		if err != nil {
@ -94,22 +93,22 @@ func NewClientManagerFromClients(clientRepo client.ClientRepo, txnFactory repo.T
 	return clientManager, nil
 }

-func (m *ClientManager) New(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
+func (m *ClientManager) New(cli client.Client) (*oidc.ClientCredentials, error) {
 	tx, err := m.begin()
 	if err != nil {
 		return nil, err
 	}
 	defer tx.Rollback()

-	cli, err := m.clientFromMetadata(meta)
+	c, err := m.generateClientCredentials(cli)
 	if err != nil {
 		return nil, err
 	}

-	creds := cli.Credentials
+	creds := c.Credentials

 	// Save Client
-	_, err = m.clientRepo.New(tx, cli)
+	_, err = m.clientRepo.New(tx, c)
 	if err != nil {
 		return nil, err
 	}
@ -190,28 +189,25 @@ func (m *ClientManager) Authenticate(creds oidc.ClientCredentials) (bool, error)
 	return ok, nil
 }

-func (m *ClientManager) clientFromMetadata(meta oidc.ClientMetadata) (client.Client, error) {
+func (m *ClientManager) generateClientCredentials(cli client.Client) (client.Client, error) {
 	// Generate Client ID
-	if len(meta.RedirectURIs) < 1 {
-		return client.Client{}, errors.New("no client redirect url given")
+	if len(cli.Metadata.RedirectURIs) < 1 {
+		return cli, errors.New("no client redirect url given")
 	}
-	clientID, err := m.clientIDGenerator(meta.RedirectURIs[0].Host)
+	clientID, err := m.clientIDGenerator(cli.Metadata.RedirectURIs[0].Host)
 	if err != nil {
-		return client.Client{}, err
+		return cli, err
 	}

 	// Generate Secret
 	secret, err := m.secretGenerator()
 	if err != nil {
-		return client.Client{}, err
+		return cli, err
 	}
 	clientSecret := base64.URLEncoding.EncodeToString(secret)
-	cli := client.Client{
-		Credentials: oidc.ClientCredentials{
-			ID:     clientID,
-			Secret: clientSecret,
-		},
-		Metadata: meta,
+	cli.Credentials = oidc.ClientCredentials{
+		ID:     clientID,
+		Secret: clientSecret,
 	}
 	return cli, nil
 }
--- a/client/manager/manager_test.go
+++ b/client/manager/manager_test.go
@ -126,8 +126,10 @@ func TestAuthenticate(t *testing.T) {
 			url.URL{Scheme: "http", Host: "example.com", Path: "/cb"},
 		},
 	}
-
-	cc, err := f.mgr.New(cm)
+	cli := client.Client{
+		Metadata: cm,
+	}
+	cc, err := f.mgr.New(cli)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
--- a/cmd/dexctl/driver_db.go
+++ b/cmd/dexctl/driver_db.go
@ -1,6 +1,7 @@
 package main

 import (
+	"github.com/coreos/dex/client"
 	"github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/connector"
 	"github.com/coreos/dex/db"
@ -30,7 +31,10 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials,
 	if err := meta.Valid(); err != nil {
 		return nil, err
 	}
-	return d.ciManager.New(meta)
+	cli := client.Client{
+		Metadata: meta,
+	}
+	return d.ciManager.New(cli)
 }

 func (d *dbDriver) ConnectorConfigs() ([]connector.ConnectorConfig, error) {
--- a/functional/db_test.go
+++ b/functional/db_test.go
@ -313,8 +313,10 @@ func TestDBClientRepoAuthenticate(t *testing.T) {
 			url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
 		},
 	}
-
-	cc, err := m.New(cm)
+	cli := client.Client{
+		Metadata: cm,
+	}
+	cc, err := m.New(cli)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
--- a/server/auth_middleware_test.go
+++ b/server/auth_middleware_test.go
@ -8,6 +8,7 @@ import (
 	"testing"
 	"time"

+	"github.com/coreos/dex/client"
 	clientmanager "github.com/coreos/dex/client/manager"
 	"github.com/coreos/dex/db"
 	"github.com/coreos/go-oidc/jose"
@ -33,7 +34,10 @@ func TestClientToken(t *testing.T) {
 	dbm := db.NewMemDB()
 	clientRepo := db.NewClientRepo(dbm)
 	clientManager := clientmanager.NewClientManager(clientRepo, db.TransactionFactory(dbm), clientmanager.ManagerOptions{})
-	creds, err := clientManager.New(clientMetadata)
+	cli := client.Client{
+		Metadata: clientMetadata,
+	}
+	creds, err := clientManager.New(cli)
 	if err != nil {
 		t.Fatalf("Failed to create client: %v", err)
 	}
--- a/server/client_registration.go
+++ b/server/client_registration.go
@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"

+	"github.com/coreos/dex/client"
 	"github.com/coreos/dex/pkg/log"

 	"github.com/coreos/go-oidc/oauth2"
@ -38,7 +39,10 @@ func (s *Server) handleClientRegistrationRequest(r *http.Request) (*oidc.ClientR
 	}

 	// metadata is guarenteed to have at least one redirect_uri by earlier validation.
-	creds, err := s.ClientManager.New(clientMetadata)
+	cli := client.Client{
+		Metadata: clientMetadata,
+	}
+	creds, err := s.ClientManager.New(cli)
 	if err != nil {
 		log.Errorf("Failed to create new client identity: %v", err)
 		return nil, newAPIError(oauth2.ErrorServerError, "unable to save client metadata")
--- a/server/client_resource.go
+++ b/server/client_resource.go
@ -87,7 +87,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
 		writeAPIError(w, http.StatusBadRequest, newAPIError(errorInvalidClientMetadata, err.Error()))
 		return
 	}
-	creds, err := c.manager.New(ci.Metadata)
+	creds, err := c.manager.New(ci)

 	if err != nil {
 		log.Errorf("Failed creating client: %v", err)