Skip to content
Permalink
Browse files

consent: Move to query parameters (#1375)

Previously, user and client were sent as path parameters on consent and
login lifecycle endpoints. This patch uses query parameters instead.
This allows developers to use users with slashes and dots without
causing issues with the URI path.

Signed-off-by: aeneasr <aeneas@ory.sh>
  • Loading branch information...
aeneasr committed Apr 20, 2019
1 parent e745aee commit 067e4983792e5527a9f024bda5255913fb2e4713
Showing with 3,367 additions and 3,077 deletions.
  1. +15 −0 UPGRADE.md
  2. +1 −1 cmd/server/handler.go
  3. +15 −19 consent/doc.go
  4. +112 −102 consent/handler.go
  5. +2 −2 consent/handler_test.go
  6. +15 −15 consent/manager.go
  7. +19 −19 consent/manager_memory.go
  8. +16 −16 consent/manager_sql.go
  9. +32 −32 consent/manager_test_helpers.go
  10. +10 −8 consent/sdk_test.go
  11. +8 −8 consent/strategy_default.go
  12. +2 −1 consent/types.go
  13. +3 −3 consent/x_manager_sql_migrations_test.go
  14. +130 −110 docs/api.swagger.json
  15. +0 −1 go.mod
  16. +1 −0 go.sum
  17. +1 −1 oauth2/fosite_store_helpers.go
  18. +2 −2 scripts/test-e2e.sh
  19. +55 −81 sdk/go/hydra/client/admin/admin_client.go
  20. +36 −0 sdk/go/hydra/client/admin/get_login_request_responses.go
  21. +137 −0 sdk/go/hydra/client/admin/list_subject_consent_sessions_parameters.go
  22. +173 −0 sdk/go/hydra/client/admin/list_subject_consent_sessions_responses.go
  23. +0 −133 sdk/go/hydra/client/admin/list_user_consent_sessions_parameters.go
  24. +0 −137 sdk/go/hydra/client/admin/list_user_consent_sessions_responses.go
  25. +0 −133 sdk/go/hydra/client/admin/revoke_all_user_consent_sessions_parameters.go
  26. +0 −132 sdk/go/hydra/client/admin/revoke_all_user_consent_sessions_responses.go
  27. +15 −11 sdk/go/hydra/client/admin/revoke_authentication_session_parameters.go
  28. +39 −3 sdk/go/hydra/client/admin/revoke_authentication_session_responses.go
  29. +172 −0 sdk/go/hydra/client/admin/revoke_consent_sessions_parameters.go
  30. +168 −0 sdk/go/hydra/client/admin/revoke_consent_sessions_responses.go
  31. +0 −151 sdk/go/hydra/client/admin/revoke_user_client_consent_sessions_parameters.go
  32. +0 −132 sdk/go/hydra/client/admin/revoke_user_client_consent_sessions_responses.go
  33. +7 −7 sdk/go/hydra/client/public/public_client.go
  34. +113 −0 sdk/go/hydra/client/public/revoke_subject_login_cookie_parameters.go
  35. +132 −0 sdk/go/hydra/client/public/revoke_subject_login_cookie_responses.go
  36. +0 −113 sdk/go/hydra/client/public/revoke_user_login_cookie_parameters.go
  37. +0 −132 sdk/go/hydra/client/public/revoke_user_login_cookie_responses.go
  38. +1 −1 sdk/go/hydra/models/authentication_request.go
  39. +5 −1 sdk/go/hydra/models/authentication_session.go
  40. +4 −21 sdk/go/hydra/models/client.go
  41. +1 −1 sdk/go/hydra/models/consent_request.go
  42. +1 −4 sdk/go/hydra/models/flush_inactive_o_auth2_tokens_request.go
  43. +1 −1 sdk/go/hydra/models/handled_authentication_request.go
  44. +1 −1 sdk/go/hydra/models/handled_consent_request.go
  45. +1 −1 sdk/go/hydra/models/introspection.go
  46. +1 −1 sdk/go/hydra/models/login_request.go
  47. +1 −1 sdk/go/hydra/models/open_id_connect_context.go
  48. +1 −1 sdk/go/hydra/models/previous_consent_session.go
  49. +1 −1 sdk/go/hydra/models/request_denied_error.go
  50. +5 −5 sdk/java/hydra-client-resttemplate/README.md
  51. +36 −81 sdk/java/hydra-client-resttemplate/docs/AdminApi.md
  52. +1 −1 sdk/java/hydra-client-resttemplate/docs/AuthenticationSession.md
  53. +3 −3 sdk/java/hydra-client-resttemplate/docs/Client.md
  54. +14 −0 sdk/java/hydra-client-resttemplate/docs/HandledAuthenticationRequest.md
  55. +1 −1 sdk/java/hydra-client-resttemplate/docs/PreviousConsentSession.md
  56. +8 −8 sdk/java/hydra-client-resttemplate/docs/PublicApi.md
  57. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/ApiClient.java
  58. +43 −87 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/api/AdminApi.java
  59. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/api/HealthApi.java
  60. +4 −4 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/api/PublicApi.java
  61. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/api/VersionApi.java
  62. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/auth/ApiKeyAuth.java
  63. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/auth/HttpBasicAuth.java
  64. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/auth/OAuth.java
  65. +1 −1 ...java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/AcceptConsentRequest.java
  66. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/AcceptLoginRequest.java
  67. +1 −1 ...ava/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/AuthenticationRequest.java
  68. +5 −5 ...ava/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/AuthenticationSession.java
  69. +7 −7 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/Client.java
  70. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/CompletedRequest.java
  71. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/ConsentRequest.java
  72. +1 −1 ...ava/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/ConsentRequestSession.java
  73. +1 −1 ...hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/ConsentRequestSessionData.java
  74. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/CreateRequest.java
  75. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/EmptyResponse.java
  76. +1 −1 ...lient-resttemplate/src/main/java/com/github/ory/hydra/model/FlushInactiveOAuth2TokensRequest.java
  77. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/GenericError.java
  78. +182 −0 ...ra-client-resttemplate/src/main/java/com/github/ory/hydra/model/HandledAuthenticationRequest.java
  79. +1 −1 ...ava/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/HandledConsentRequest.java
  80. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/HandledLoginRequest.java
  81. +1 −1 ...java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/HealthNotReadyStatus.java
  82. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/HealthStatus.java
  83. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/Introspection.java
  84. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/JSONWebKey.java
  85. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/JSONWebKeySet.java
  86. +1 −1 ...a-client-resttemplate/src/main/java/com/github/ory/hydra/model/JsonWebKeySetGeneratorRequest.java
  87. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/LoginRequest.java
  88. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/OAuth2Client.java
  89. +1 −1 .../hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/OAuth2TokenIntrospection.java
  90. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/Oauth2TokenResponse.java
  91. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/OauthTokenResponse.java
  92. +1 −1 ...java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/OpenIDConnectContext.java
  93. +8 −8 ...va/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/PreviousConsentSession.java
  94. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/RejectRequest.java
  95. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/RequestDeniedError.java
  96. +1 −1 ...va/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/RequestHandlerResponse.java
  97. +1 −1 ...lient-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerFlushInactiveAccessTokens.java
  98. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerHealthStatus.java
  99. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerJSONWebKey.java
  100. +1 −1 ...java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerJSONWebKeySet.java
  101. +1 −1 ...va/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerJsonWebKeyQuery.java
  102. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerJwkCreateSet.java
  103. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerJwkSetQuery.java
  104. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerJwkUpdateSet.java
  105. +1 −1 ...va/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerJwkUpdateSetKey.java
  106. +1 −1 ...ava/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerNotReadyStatus.java
  107. +1 −1 ...lient-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerOAuthIntrospectionRequest.java
  108. +1 −1 ...hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerOAuthTokenResponse.java
  109. +1 −1 ...ent-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerRevokeOAuth2TokenParameters.java
  110. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggerVersion.java
  111. +1 −1 ...ra-client-resttemplate/src/main/java/com/github/ory/hydra/model/Swaggeroauth2TokenParameters.java
  112. +1 −1 ...ydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/Swaggeroauth2TokenResponse.java
  113. +1 −1 ...-client-resttemplate/src/main/java/com/github/ory/hydra/model/SwaggeruserinfoResponsePayload.java
  114. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/UserinfoResponse.java
  115. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/Version.java
  116. +1 −1 sdk/java/hydra-client-resttemplate/src/main/java/com/github/ory/hydra/model/WellKnown.java
  117. +5 −5 sdk/js/swagger/README.md
  118. +36 −82 sdk/js/swagger/docs/AdminApi.md
  119. +1 −1 sdk/js/swagger/docs/AuthenticationSession.md
  120. +3 −3 sdk/js/swagger/docs/Client.md
  121. +12 −0 sdk/js/swagger/docs/HandledAuthenticationRequest.md
  122. +1 −1 sdk/js/swagger/docs/PreviousConsentSession.md
  123. +7 −7 sdk/js/swagger/docs/PublicApi.md
  124. +44 −92 sdk/js/swagger/src/api/AdminApi.js
  125. +6 −6 sdk/js/swagger/src/api/PublicApi.js
  126. +8 −3 sdk/js/swagger/src/index.js
  127. +2 −2 sdk/js/swagger/src/model/AuthenticationSession.js
  128. +3 −3 sdk/js/swagger/src/model/Client.js
  129. +119 −0 sdk/js/swagger/src/model/HandledAuthenticationRequest.js
  130. +7 −7 sdk/js/swagger/src/model/PreviousConsentSession.js
  131. +7 −7 sdk/php/swagger/README.md
  132. +3 −3 sdk/php/swagger/autoload.php
  133. +114 −159 sdk/php/swagger/docs/Api/AdminApi.md
  134. +7 −7 sdk/php/swagger/docs/Api/HealthApi.md
  135. +30 −30 sdk/php/swagger/docs/Api/PublicApi.md
  136. +4 −4 sdk/php/swagger/docs/Api/VersionApi.md
  137. +1 −1 sdk/php/swagger/docs/Model/AcceptConsentRequest.md
  138. +2 −2 sdk/php/swagger/docs/Model/AuthenticationRequest.md
  139. +1 −1 sdk/php/swagger/docs/Model/AuthenticationSession.md
  140. +4 −4 sdk/php/swagger/docs/Model/Client.md
  141. +2 −2 sdk/php/swagger/docs/Model/ConsentRequest.md
  142. +14 −0 sdk/php/swagger/docs/Model/HandledAuthenticationRequest.md
  143. +1 −1 sdk/php/swagger/docs/Model/HandledConsentRequest.md
  144. +1 −1 sdk/php/swagger/docs/Model/JSONWebKeySet.md
  145. +2 −2 sdk/php/swagger/docs/Model/LoginRequest.md
  146. +1 −1 sdk/php/swagger/docs/Model/OAuth2Client.md
  147. +2 −2 sdk/php/swagger/docs/Model/PreviousConsentSession.md
  148. +1 −1 sdk/php/swagger/docs/Model/SwaggerFlushInactiveAccessTokens.md
  149. +1 −1 sdk/php/swagger/docs/Model/SwaggerJSONWebKeySet.md
  150. +1 −1 sdk/php/swagger/docs/Model/SwaggerJwkCreateSet.md
  151. +1 −1 sdk/php/swagger/docs/Model/SwaggerJwkUpdateSet.md
  152. +1 −1 sdk/php/swagger/docs/Model/SwaggerJwkUpdateSetKey.md
  153. +287 −381 sdk/php/swagger/lib/Api/AdminApi.php
  154. +29 −29 sdk/php/swagger/lib/Api/HealthApi.php
  155. +67 −67 sdk/php/swagger/lib/Api/PublicApi.php
  156. +20 −20 sdk/php/swagger/lib/Api/VersionApi.php
  157. +6 −6 sdk/php/swagger/lib/ApiClient.php
  158. +3 −3 sdk/php/swagger/lib/ApiException.php
  159. +4 −4 sdk/php/swagger/lib/Configuration.php
  160. +8 −8 sdk/php/swagger/lib/Model/AcceptConsentRequest.php
  161. +5 −5 sdk/php/swagger/lib/Model/AcceptLoginRequest.php
  162. +11 −11 sdk/php/swagger/lib/Model/AuthenticationRequest.php
  163. +7 −7 sdk/php/swagger/lib/Model/AuthenticationSession.php
  164. +11 −11 sdk/php/swagger/lib/Model/Client.php
  165. +5 −5 sdk/php/swagger/lib/Model/CompletedRequest.php
  166. +11 −11 sdk/php/swagger/lib/Model/ConsentRequest.php
  167. +5 −5 sdk/php/swagger/lib/Model/ConsentRequestSession.php
  168. +5 −5 sdk/php/swagger/lib/Model/ConsentRequestSessionData.php
  169. +5 −5 sdk/php/swagger/lib/Model/CreateRequest.php
  170. +5 −5 sdk/php/swagger/lib/Model/EmptyResponse.php
  171. +5 −5 sdk/php/swagger/lib/Model/FlushInactiveOAuth2TokensRequest.php
  172. +5 −5 sdk/php/swagger/lib/Model/GenericError.php
  173. +356 −0 sdk/php/swagger/lib/Model/HandledAuthenticationRequest.php
  174. +8 −8 sdk/php/swagger/lib/Model/HandledConsentRequest.php
  175. +5 −5 sdk/php/swagger/lib/Model/HandledLoginRequest.php
  176. +5 −5 sdk/php/swagger/lib/Model/HealthNotReadyStatus.php
  177. +5 −5 sdk/php/swagger/lib/Model/HealthStatus.php
  178. +5 −5 sdk/php/swagger/lib/Model/Introspection.php
  179. +5 −5 sdk/php/swagger/lib/Model/JSONWebKey.php
  180. +8 −8 sdk/php/swagger/lib/Model/JSONWebKeySet.php
  181. +5 −5 sdk/php/swagger/lib/Model/JsonWebKeySetGeneratorRequest.php
  182. +11 −11 sdk/php/swagger/lib/Model/LoginRequest.php
  183. +8 −8 sdk/php/swagger/lib/Model/OAuth2Client.php
  184. +5 −5 sdk/php/swagger/lib/Model/OAuth2TokenIntrospection.php
  185. +5 −5 sdk/php/swagger/lib/Model/Oauth2TokenResponse.php
  186. +5 −5 sdk/php/swagger/lib/Model/OauthTokenResponse.php
  187. +5 −5 sdk/php/swagger/lib/Model/OpenIDConnectContext.php
  188. +12 −12 sdk/php/swagger/lib/Model/PreviousConsentSession.php
  189. +5 −5 sdk/php/swagger/lib/Model/RejectRequest.php
  190. +5 −5 sdk/php/swagger/lib/Model/RequestDeniedError.php
  191. +5 −5 sdk/php/swagger/lib/Model/RequestHandlerResponse.php
  192. +8 −8 sdk/php/swagger/lib/Model/SwaggerFlushInactiveAccessTokens.php
  193. +5 −5 sdk/php/swagger/lib/Model/SwaggerHealthStatus.php
  194. +5 −5 sdk/php/swagger/lib/Model/SwaggerJSONWebKey.php
  195. +8 −8 sdk/php/swagger/lib/Model/SwaggerJSONWebKeySet.php
  196. +5 −5 sdk/php/swagger/lib/Model/SwaggerJsonWebKeyQuery.php
  197. +8 −8 sdk/php/swagger/lib/Model/SwaggerJwkCreateSet.php
  198. +5 −5 sdk/php/swagger/lib/Model/SwaggerJwkSetQuery.php
  199. +8 −8 sdk/php/swagger/lib/Model/SwaggerJwkUpdateSet.php
  200. +8 −8 sdk/php/swagger/lib/Model/SwaggerJwkUpdateSetKey.php
  201. +5 −5 sdk/php/swagger/lib/Model/SwaggerNotReadyStatus.php
  202. +5 −5 sdk/php/swagger/lib/Model/SwaggerOAuthIntrospectionRequest.php
  203. +5 −5 sdk/php/swagger/lib/Model/SwaggerOAuthTokenResponse.php
  204. +5 −5 sdk/php/swagger/lib/Model/SwaggerRevokeOAuth2TokenParameters.php
  205. +5 −5 sdk/php/swagger/lib/Model/SwaggerVersion.php
  206. +5 −5 sdk/php/swagger/lib/Model/Swaggeroauth2TokenParameters.php
  207. +5 −5 sdk/php/swagger/lib/Model/Swaggeroauth2TokenResponse.php
  208. +5 −5 sdk/php/swagger/lib/Model/SwaggeruserinfoResponsePayload.php
  209. +5 −5 sdk/php/swagger/lib/Model/UserinfoResponse.php
  210. +5 −5 sdk/php/swagger/lib/Model/Version.php
  211. +5 −5 sdk/php/swagger/lib/Model/WellKnown.php
  212. +4 −4 sdk/php/swagger/lib/ObjectSerializer.php
@@ -131,6 +131,21 @@ Do you want the latest features and patches without work and hassle? Are you loo
secure deployment with zero effort? We can run it for you! If you're interested,
[contact us now](mailto:hi@ory.sh)!

## 1.0.0-rc.10

### Login and Consent Management

Orthogonal to the changes when accepting and rejection consent and login requests, the following endpoints
have been updated as well:

* DELETE /oauth2/auth/sessions/login/:subject ->DELETE /oauth2/auth/sessions/login?subject={subject}
* GET /oauth2/auth/sessions/consent/:subject -> GET /oauth2/auth/sessions/login?subject={subject}
* DELETE /oauth2/auth/sessions/consent/:subject -> DELETE /oauth2/auth/sessions/login?subject={subject}
* DELETE /oauth2/auth/sessions/consent/:subject/:client -> DELETE /oauth2/auth/sessions/login?subject={subject}&client={client}

While this does not include a security warning, this patch allows developers to use slashes in dots in their subject/user
IDs.

## 1.0.0-rc.9

### Go SDK
@@ -36,7 +36,7 @@ import (
"github.com/ory/x/logrusx"

"github.com/julienschmidt/httprouter"
"github.com/meatballhat/negroni-logrus"
negronilogrus "github.com/meatballhat/negroni-logrus"
"github.com/rs/cors"
"github.com/spf13/cobra"
"github.com/urfave/negroni"
@@ -27,36 +27,32 @@ type swaggerGetRequestByChallenge struct {
Challenge string `json:"challenge"`
}

// swagger:parameters revokeAllUserConsentSessions
type swaggerRevokeAllUserConsentSessionsPayload struct {
// in: path
// required: true
User string `json:"user"`
}

// swagger:parameters revokeUserClientConsentSessions
type swaggerRevokeUserClientConsentSessionsPayload struct {
// in: path
// swagger:parameters revokeConsentSessions
type swaggerRevokeConsentSessions struct {
// The subject (Subject) who's consent sessions should be deleted.
//
// in: query
// required: true
User string `json:"user"`
Subject string `json:"subject"`

// in: path
// required: true
// If set, deletes only those consent sessions by the Subject that have been granted to the specified OAuth 2.0 Client ID
//
// in: query
Client string `json:"client"`
}

// swagger:parameters listUserConsentSessions
type swaggerListUserConsentSessionsPayload struct {
// in: path
// swagger:parameters listSubjectConsentSessions
type swaggerListSubjectConsentSessionsPayload struct {
// in: query
// required: true
User string `json:"user"`
Subject string `json:"subject"`
}

// swagger:parameters revokeAuthenticationSession
type swaggerRevokeAuthenticationSessionPayload struct {
// in: path
// in: query
// required: true
User string `json:"user"`
Subject string `json:"subject"`
}

// swagger:parameters acceptLoginRequest

Large diffs are not rendered by default.

@@ -57,7 +57,7 @@ func TestLogout(t *testing.T) {

r.Handle("GET", "/login", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
cookie, _ := reg.CookieStore().Get(r, CookieAuthenticationName)
require.NoError(t, reg.ConsentManager().CreateAuthenticationSession(context.TODO(), &AuthenticationSession{
require.NoError(t, reg.ConsentManager().CreateLoginSession(context.TODO(), &SubjectSession{
ID: sid,
Subject: "foo",
AuthenticatedAt: time.Now(),
@@ -115,7 +115,7 @@ func TestGetLoginRequest(t *testing.T) {
reg := internal.NewRegistry(conf)

if tc.exists {
require.NoError(t, reg.ConsentManager().CreateAuthenticationRequest(context.TODO(), &LoginRequest{
require.NoError(t, reg.ConsentManager().CreateLoginRequest(context.TODO(), &LoginRequest{
Client: &client.Client{ClientID: "client" + key},
Challenge: challenge,
WasHandled: tc.handled,
@@ -22,7 +22,7 @@ package consent

import "context"

type ForcedObfuscatedAuthenticationSession struct {
type ForcedObfuscatedLoginSession struct {
ClientID string `db:"client_id"`
Subject string `db:"subject"`
SubjectObfuscated string `db:"subject_obfuscated"`
@@ -32,25 +32,25 @@ type Manager interface {
CreateConsentRequest(ctx context.Context, req *ConsentRequest) error
GetConsentRequest(ctx context.Context, challenge string) (*ConsentRequest, error)
HandleConsentRequest(ctx context.Context, challenge string, r *HandledConsentRequest) (*ConsentRequest, error)
RevokeUserConsentSession(ctx context.Context, user string) error
RevokeUserClientConsentSession(ctx context.Context, user, client string) error
RevokeSubjectConsentSession(ctx context.Context, user string) error
RevokeSubjectClientConsentSession(ctx context.Context, user, client string) error

VerifyAndInvalidateConsentRequest(ctx context.Context, verifier string) (*HandledConsentRequest, error)
FindGrantedAndRememberedConsentRequests(ctx context.Context, client, user string) ([]HandledConsentRequest, error)
FindSubjectsGrantedConsentRequests(ctx context.Context, user string, limit, offset int) ([]HandledConsentRequest, error)
CountSubjectsGrantedConsentRequests(ctx context.Context, user string) (int, error)

// Cookie management
GetAuthenticationSession(ctx context.Context, id string) (*AuthenticationSession, error)
CreateAuthenticationSession(ctx context.Context, session *AuthenticationSession) error
DeleteAuthenticationSession(ctx context.Context, id string) error
RevokeUserAuthenticationSession(ctx context.Context, user string) error

CreateAuthenticationRequest(ctx context.Context, req *LoginRequest) error
GetAuthenticationRequest(ctx context.Context, challenge string) (*LoginRequest, error)
HandleAuthenticationRequest(ctx context.Context, challenge string, r *HandledLoginRequest) (*LoginRequest, error)
VerifyAndInvalidateAuthenticationRequest(ctx context.Context, verifier string) (*HandledLoginRequest, error)

CreateForcedObfuscatedAuthenticationSession(ctx context.Context, session *ForcedObfuscatedAuthenticationSession) error
GetForcedObfuscatedAuthenticationSession(ctx context.Context, client, obfuscated string) (*ForcedObfuscatedAuthenticationSession, error)
GetLoginSession(ctx context.Context, id string) (*SubjectSession, error)
CreateLoginSession(ctx context.Context, session *SubjectSession) error
DeleteLoginSession(ctx context.Context, id string) error
RevokeSubjectLoginSession(ctx context.Context, user string) error

CreateLoginRequest(ctx context.Context, req *LoginRequest) error
GetLoginRequest(ctx context.Context, challenge string) (*LoginRequest, error)
HandleLoginRequest(ctx context.Context, challenge string, r *HandledLoginRequest) (*LoginRequest, error)
VerifyAndInvalidateLoginRequest(ctx context.Context, verifier string) (*HandledLoginRequest, error)

CreateForcedObfuscatedLoginSession(ctx context.Context, session *ForcedObfuscatedLoginSession) error
GetForcedObfuscatedLoginSession(ctx context.Context, client, obfuscated string) (*ForcedObfuscatedLoginSession, error)
}
@@ -37,8 +37,8 @@ type MemoryManager struct {
handledConsentRequests map[string]HandledConsentRequest
authRequests map[string]LoginRequest
handledAuthRequests map[string]HandledLoginRequest
authSessions map[string]AuthenticationSession
pairwise []ForcedObfuscatedAuthenticationSession
authSessions map[string]SubjectSession
pairwise []ForcedObfuscatedLoginSession
m map[string]*sync.RWMutex
r InternalRegistry
}
@@ -49,8 +49,8 @@ func NewMemoryManager(r InternalRegistry) *MemoryManager {
handledConsentRequests: map[string]HandledConsentRequest{},
authRequests: map[string]LoginRequest{},
handledAuthRequests: map[string]HandledLoginRequest{},
authSessions: map[string]AuthenticationSession{},
pairwise: []ForcedObfuscatedAuthenticationSession{},
authSessions: map[string]SubjectSession{},
pairwise: []ForcedObfuscatedLoginSession{},
r: r,
m: map[string]*sync.RWMutex{
"consentRequests": new(sync.RWMutex),
@@ -62,7 +62,7 @@ func NewMemoryManager(r InternalRegistry) *MemoryManager {
}
}

func (m *MemoryManager) CreateForcedObfuscatedAuthenticationSession(ctx context.Context, s *ForcedObfuscatedAuthenticationSession) error {
func (m *MemoryManager) CreateForcedObfuscatedLoginSession(ctx context.Context, s *ForcedObfuscatedLoginSession) error {
for k, v := range m.pairwise {
if v.Subject == s.Subject && v.ClientID == s.ClientID {
m.pairwise[k] = *s
@@ -74,7 +74,7 @@ func (m *MemoryManager) CreateForcedObfuscatedAuthenticationSession(ctx context.
return nil
}

func (m *MemoryManager) GetForcedObfuscatedAuthenticationSession(ctx context.Context, client, obfuscated string) (*ForcedObfuscatedAuthenticationSession, error) {
func (m *MemoryManager) GetForcedObfuscatedLoginSession(ctx context.Context, client, obfuscated string) (*ForcedObfuscatedLoginSession, error) {
for _, v := range m.pairwise {
if v.SubjectObfuscated == obfuscated && v.ClientID == client {
return &v, nil
@@ -84,11 +84,11 @@ func (m *MemoryManager) GetForcedObfuscatedAuthenticationSession(ctx context.Con
return nil, errors.WithStack(x.ErrNotFound)
}

func (m *MemoryManager) RevokeUserConsentSession(ctx context.Context, user string) error {
return m.RevokeUserClientConsentSession(ctx, user, "")
func (m *MemoryManager) RevokeSubjectConsentSession(ctx context.Context, user string) error {
return m.RevokeSubjectClientConsentSession(ctx, user, "")
}

func (m *MemoryManager) RevokeUserClientConsentSession(ctx context.Context, user, client string) error {
func (m *MemoryManager) RevokeSubjectClientConsentSession(ctx context.Context, user, client string) error {
m.m["handledConsentRequests"].Lock()
defer m.m["handledConsentRequests"].Unlock()

@@ -128,7 +128,7 @@ func (m *MemoryManager) RevokeUserClientConsentSession(ctx context.Context, user
return nil
}

func (m *MemoryManager) RevokeUserAuthenticationSession(ctx context.Context, user string) error {
func (m *MemoryManager) RevokeSubjectLoginSession(ctx context.Context, user string) error {
m.m["authSessions"].Lock()
defer m.m["authSessions"].Unlock()

@@ -324,7 +324,7 @@ func (m *MemoryManager) CountSubjectsGrantedConsentRequests(ctx context.Context,
return len(rs), nil
}

func (m *MemoryManager) GetAuthenticationSession(ctx context.Context, id string) (*AuthenticationSession, error) {
func (m *MemoryManager) GetLoginSession(ctx context.Context, id string) (*SubjectSession, error) {
m.m["authSessions"].RLock()
defer m.m["authSessions"].RUnlock()
if c, ok := m.authSessions[id]; ok {
@@ -333,7 +333,7 @@ func (m *MemoryManager) GetAuthenticationSession(ctx context.Context, id string)
return nil, errors.WithStack(x.ErrNotFound)
}

func (m *MemoryManager) CreateAuthenticationSession(ctx context.Context, a *AuthenticationSession) error {
func (m *MemoryManager) CreateLoginSession(ctx context.Context, a *SubjectSession) error {
m.m["authSessions"].Lock()
defer m.m["authSessions"].Unlock()
if _, ok := m.authSessions[a.ID]; ok {
@@ -343,14 +343,14 @@ func (m *MemoryManager) CreateAuthenticationSession(ctx context.Context, a *Auth
return nil
}

func (m *MemoryManager) DeleteAuthenticationSession(ctx context.Context, id string) error {
func (m *MemoryManager) DeleteLoginSession(ctx context.Context, id string) error {
m.m["authSessions"].Lock()
defer m.m["authSessions"].Unlock()
delete(m.authSessions, id)
return nil
}

func (m *MemoryManager) CreateAuthenticationRequest(ctx context.Context, a *LoginRequest) error {
func (m *MemoryManager) CreateLoginRequest(ctx context.Context, a *LoginRequest) error {
m.m["authRequests"].Lock()
defer m.m["authRequests"].Unlock()
if _, ok := m.authRequests[a.Challenge]; ok {
@@ -360,7 +360,7 @@ func (m *MemoryManager) CreateAuthenticationRequest(ctx context.Context, a *Logi
return nil
}

func (m *MemoryManager) GetAuthenticationRequest(ctx context.Context, challenge string) (*LoginRequest, error) {
func (m *MemoryManager) GetLoginRequest(ctx context.Context, challenge string) (*LoginRequest, error) {
m.m["authRequests"].RLock()
defer m.m["authRequests"].RUnlock()

@@ -378,14 +378,14 @@ func (m *MemoryManager) GetAuthenticationRequest(ctx context.Context, challenge
return &c, nil
}

func (m *MemoryManager) HandleAuthenticationRequest(ctx context.Context, challenge string, r *HandledLoginRequest) (*LoginRequest, error) {
func (m *MemoryManager) HandleLoginRequest(ctx context.Context, challenge string, r *HandledLoginRequest) (*LoginRequest, error) {
m.m["handledAuthRequests"].Lock()
m.handledAuthRequests[r.Challenge] = *r
m.m["handledAuthRequests"].Unlock()
return m.GetAuthenticationRequest(ctx, challenge)
return m.GetLoginRequest(ctx, challenge)
}

func (m *MemoryManager) VerifyAndInvalidateAuthenticationRequest(ctx context.Context, verifier string) (*HandledLoginRequest, error) {
func (m *MemoryManager) VerifyAndInvalidateLoginRequest(ctx context.Context, verifier string) (*HandledLoginRequest, error) {
for _, c := range m.authRequests {
if c.Verifier == verifier {
for _, h := range m.handledAuthRequests {
@@ -395,7 +395,7 @@ func (m *MemoryManager) VerifyAndInvalidateAuthenticationRequest(ctx context.Con
}

h.WasUsed = true
if _, err := m.HandleAuthenticationRequest(ctx, h.Challenge, &h); err != nil {
if _, err := m.HandleLoginRequest(ctx, h.Challenge, &h); err != nil {
return nil, err
}

0 comments on commit 067e498

Please sign in to comment.
You can’t perform that action at this time.