mirror
/
dex
mirror of https://github.com/dexidp/dex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

*: add client registration endpoint to admin API

pull/392/head
Eric Chiang 10 years ago
parent
0445da2dfe
commit
b10645f58d
7 changed files with 119 additions and 21 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 49
      admin/api.go
  2. 2
      admin/api_test.go
  3. 4
      cmd/dex-overlord/main.go
  4. 53
      integration/admin_api_test.go
  5. 7
      integration/common_test.go
  6. 2
      integration/user_api_test.go
  7. 23
      server/admin.go

49
admin/api.go
Unescape View File

@ -4,6 +4,11 @@ package admin
import (
"net/http"
"github.com/coreos/go-oidc/oidc"
"github.com/go-gorp/gorp"
"github.com/coreos/dex/client"
"github.com/coreos/dex/db"
"github.com/coreos/dex/schema/adminschema"
"github.com/coreos/dex/user"
"github.com/coreos/dex/user/manager"
@ -11,22 +16,25 @@ import (
// AdminAPI provides the logic necessary to implement the Admin API.
type AdminAPI struct {
userManager *manager.UserManager
userRepo user.UserRepo
passwordInfoRepo user.PasswordInfoRepo
localConnectorID string
userManager *manager.UserManager
userRepo user.UserRepo
passwordInfoRepo user.PasswordInfoRepo
clientIdentityRepo client.ClientIdentityRepo
localConnectorID string
}
func NewAdminAPI(userManager *manager.UserManager, userRepo user.UserRepo, pwiRepo user.PasswordInfoRepo, localConnectorID string) *AdminAPI {
// TODO(ericchiang): Swap the DbMap for a storage interface. See #278
func NewAdminAPI(dbMap *gorp.DbMap, userManager *manager.UserManager, localConnectorID string) *AdminAPI {
if localConnectorID == "" {
panic("must specify non-blank localConnectorID")
}
return &AdminAPI{
userManager: userManager,
userRepo: userRepo,
passwordInfoRepo: pwiRepo,
localConnectorID: localConnectorID,
userManager: userManager,
userRepo: db.NewUserRepo(dbMap),
passwordInfoRepo: db.NewPasswordInfoRepo(dbMap),
clientIdentityRepo: db.NewClientIdentityRepo(dbMap),
localConnectorID: localConnectorID,
}
}
@ -108,6 +116,27 @@ func (a *AdminAPI) GetState() (adminschema.State, error) {
return state, nil
}
type ClientRegistrationRequest struct {
IsAdmin bool `json:"isAdmin"`
Client oidc.ClientMetadata `json:"client"`
}
func (a *AdminAPI) CreateClient(req ClientRegistrationRequest) (oidc.ClientRegistrationResponse, error) {
if err := req.Client.Valid(); err != nil {
return oidc.ClientRegistrationResponse{}, mapError(err)
}
// metadata is guarenteed to have at least one redirect_uri by earlier validation.
id, err := oidc.GenClientID(req.Client.RedirectURIs[0].Host)
if err != nil {
return oidc.ClientRegistrationResponse{}, mapError(err)
}
c, err := a.clientIdentityRepo.New(id, req.Client, req.IsAdmin)
if err != nil {
return oidc.ClientRegistrationResponse{}, mapError(err)
}
return oidc.ClientRegistrationResponse{ClientID: c.ID, ClientSecret: c.Secret, ClientMetadata: req.Client}, nil
}
func mapError(e error) error {
if mapped, ok := errorMap[e]; ok {
return mapped(e)

2
admin/api_test.go
Unescape View File

@ -69,7 +69,7 @@ func makeTestFixtures() *testFixtures {
}()
f.mgr = manager.NewUserManager(f.ur, f.pwr, ccr, db.TransactionFactory(dbMap), manager.ManagerOptions{})
f.adAPI = NewAdminAPI(f.mgr, f.ur, f.pwr, "local")
f.adAPI = NewAdminAPI(dbMap, f.mgr, "local")
return f
}

4
cmd/dex-overlord/main.go
Unescape View File

@ -113,13 +113,13 @@ func main() {
time.Sleep(sleep)
}
}
userRepo := db.NewUserRepo(dbc)
pwiRepo := db.NewPasswordInfoRepo(dbc)
connCfgRepo := db.NewConnectorConfigRepo(dbc)
userManager := manager.NewUserManager(userRepo,
pwiRepo, connCfgRepo, db.TransactionFactory(dbc), manager.ManagerOptions{})
adminAPI := admin.NewAdminAPI(userManager, userRepo, pwiRepo, *localConnectorID)
adminAPI := admin.NewAdminAPI(dbc, userManager, *localConnectorID)
kRepo, err := db.NewPrivateKeySetRepo(dbc, *useOldFormat, keySecrets.BytesSlice()...)
if err != nil {
log.Fatalf(err.Error())

53
integration/admin_api_test.go
Unescape View File

@ -1,8 +1,10 @@
package integration
import (
"errors"
"net/http"
"net/http/httptest"
"net/url"
"testing"
"github.com/kylelemons/godebug/pretty"
@ -12,6 +14,7 @@ import (
"github.com/coreos/dex/schema/adminschema"
"github.com/coreos/dex/server"
"github.com/coreos/dex/user"
"github.com/coreos/go-oidc/oidc"
)
const (
@ -74,10 +77,10 @@ func (a *adminAPITransport) RoundTrip(r *http.Request) (*http.Response, error) {
func makeAdminAPITestFixtures() *adminAPITestFixtures {
f := &adminAPITestFixtures{}
ur, pwr, um := makeUserObjects(adminUsers, adminPasswords)
dbMap, ur, pwr, um := makeUserObjects(adminUsers, adminPasswords)
f.ur = ur
f.pwr = pwr
f.adAPI = admin.NewAdminAPI(um, f.ur, f.pwr, "local")
f.adAPI = admin.NewAdminAPI(dbMap, um, "local")
f.adSrv = server.NewAdminServer(f.adAPI, nil, adminAPITestSecret)
f.hSrv = httptest.NewServer(f.adSrv.HTTPHandler())
f.hc = &http.Client{
@ -252,6 +255,52 @@ func TestCreateAdmin(t *testing.T) {
}
}
func TestCreateClient(t *testing.T) {
tests := []struct {
client oidc.ClientMetadata
wantError bool
}{
{
client: oidc.ClientMetadata{},
wantError: true,
},
{
client: oidc.ClientMetadata{
RedirectURIs: []url.URL{
{Scheme: "https", Host: "auth.example.com", Path: "/"},
},
},
},
}
for i, tt := range tests {
err := func() error {
f := makeAdminAPITestFixtures()
req := &adminschema.ClientCreateRequestClient{}
for _, redirectURI := range tt.client.RedirectURIs {
req.Redirect_uris = append(req.Redirect_uris, redirectURI.String())
}
resp, err := f.adClient.Client.Create(&adminschema.ClientCreateRequest{Client: req}).Do()
if err != nil {
if tt.wantError {
return nil
}
return err
}
if resp.Client_id == "" {
return errors.New("no client id returned")
}
if resp.Client_secret == "" {
return errors.New("no client secret returned")
}
return nil
}()
if err != nil {
t.Errorf("case %d: %v", i, err)
}
}
}
func TestGetState(t *testing.T) {
tests := []struct {
addUsers []user.User

7
integration/common_test.go
Unescape View File

@ -9,6 +9,7 @@ import (
"net/url"
"github.com/coreos/go-oidc/key"
"github.com/go-gorp/gorp"
"github.com/jonboulle/clockwork"
"github.com/coreos/dex/connector"
@ -45,7 +46,9 @@ func (t *tokenHandlerTransport) RoundTrip(r *http.Request) (*http.Response, erro
return &resp, nil
}
func makeUserObjects(users []user.UserWithRemoteIdentities, passwords []user.PasswordInfo) (user.UserRepo, user.PasswordInfoRepo, *manager.UserManager) {
// TODO(ericchiang): Replace DbMap with storage interface. See #278
func makeUserObjects(users []user.UserWithRemoteIdentities, passwords []user.PasswordInfo) (*gorp.DbMap, user.UserRepo, user.PasswordInfoRepo, *manager.UserManager) {
dbMap := db.NewMemDB()
ur := func() user.UserRepo {
repo, err := db.NewUserRepoFromUsers(dbMap, users)
@ -73,5 +76,5 @@ func makeUserObjects(users []user.UserWithRemoteIdentities, passwords []user.Pas
um := manager.NewUserManager(ur, pwr, ccr, db.TransactionFactory(dbMap), manager.ManagerOptions{})
um.Clock = clock
return ur, pwr, um
return dbMap, ur, pwr, um
}

2
integration/user_api_test.go
Unescape View File

@ -99,7 +99,7 @@ var (
func makeUserAPITestFixtures() *userAPITestFixtures {
f := &userAPITestFixtures{}
_, _, um := makeUserObjects(userUsers, userPasswords)
_, _, _, um := makeUserObjects(userUsers, userPasswords)
cir := func() client.ClientIdentityRepo {
repo, err := db.NewClientIdentityRepoFromClients(db.NewMemDB(), []oidc.ClientIdentity{

23
server/admin.go
Unescape View File

@ -20,9 +20,10 @@ const (
)
var (
AdminGetEndpoint = addBasePath("/admin/:id")
AdminCreateEndpoint = addBasePath("/admin")
AdminGetStateEndpoint = addBasePath("/state")
AdminGetEndpoint = addBasePath("/admin/:id")
AdminCreateEndpoint = addBasePath("/admin")
AdminGetStateEndpoint = addBasePath("/state")
AdminCreateClientEndpoint = addBasePath("/client")
)
// AdminServer serves the admin API.
@ -49,6 +50,7 @@ func (s *AdminServer) HTTPHandler() http.Handler {
r.GET(AdminGetEndpoint, s.getAdmin)
r.POST(AdminCreateEndpoint, s.createAdmin)
r.GET(AdminGetStateEndpoint, s.getState)
r.POST(AdminCreateClientEndpoint, s.createClient)
r.Handler("GET", httpPathHealth, s.checker)
r.HandlerFunc("GET", httpPathDebugVars, health.ExpvarHandler)
@ -113,6 +115,21 @@ func (s *AdminServer) getState(w http.ResponseWriter, r *http.Request, ps httpro
writeResponseWithBody(w, http.StatusOK, state)
}
func (s *AdminServer) createClient(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var req admin.ClientRegistrationRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
writeInvalidRequest(w, "cannot parse JSON body")
return
}
resp, err := s.adminAPI.CreateClient(req)
if err != nil {
s.writeError(w, err)
return
}
writeResponseWithBody(w, http.StatusOK, &resp)
}
func (s *AdminServer) writeError(w http.ResponseWriter, err error) {
log.Errorf("Error calling admin API: %v: ", err)
if adminErr, ok := err.(admin.Error); ok {

Write Preview
Loading…
Cancel
Save