code review: contextualize config

ory · Sep 7, 2022 · 10c146b · 10c146b
1 parent 8eec85d
commit 10c146b
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 9 deletions.
diff --git a/client/handler.go b/client/handler.go
@@ -70,12 +70,10 @@ func (h *Handler) SetRoutes(ctx context.Context, admin *x.RouterAdmin, public *x
 	admin.DELETE(ClientsHandlerPath+"/:id", h.Delete)
 	admin.PUT(ClientsHandlerPath+"/:id/lifespans", h.UpdateLifespans)
 
-	if h.r.Config(ctx).PublicAllowDynamicRegistration() {
-		public.POST(DynClientsHandlerPath, h.CreateDynamicRegistration)
-		public.GET(DynClientsHandlerPath+"/:id", h.GetDynamicRegistration)
-		public.PUT(DynClientsHandlerPath+"/:id", h.UpdateDynamicRegistration)
-		public.DELETE(DynClientsHandlerPath+"/:id", h.DeleteDynamicRegistration)
-	}
+	public.POST(DynClientsHandlerPath, h.CreateDynamicRegistration)
+	public.GET(DynClientsHandlerPath+"/:id", h.GetDynamicRegistration)
+	public.PUT(DynClientsHandlerPath+"/:id", h.UpdateDynamicRegistration)
+	public.DELETE(DynClientsHandlerPath+"/:id", h.DeleteDynamicRegistration)
 }
 
 // swagger:route POST /clients admin createOAuth2Client
@@ -139,6 +137,10 @@ func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Pa
 //       201: oAuth2Client
 //       default: jsonError
 func (h *Handler) CreateDynamicRegistration(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	if err := h.requireDynamicAuth(r); err != nil {
+		h.r.Writer().WriteError(w, r, err)
+		return
+	}
 	c, err := h.CreateClient(r, h.r.ClientValidator(r.Context()).ValidateDynamicRegistration, true)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, errorsx.WithStack(err))
@@ -285,6 +287,10 @@ func (h *Handler) updateClient(ctx context.Context, c *Client, validator func(co
 //       default: jsonError
 //
 func (h *Handler) UpdateDynamicRegistration(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	if err := h.requireDynamicAuth(r); err != nil {
+		h.r.Writer().WriteError(w, r, err)
+		return
+	}
 	client, err := h.ValidDynamicAuth(r, ps)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
@@ -518,6 +524,10 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Para
 //       200: oAuth2Client
 //       default: jsonError
 func (h *Handler) GetDynamicRegistration(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	if err := h.requireDynamicAuth(r); err != nil {
+		h.r.Writer().WriteError(w, r, err)
+		return
+	}
 	client, err := h.ValidDynamicAuth(r, ps)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
@@ -643,6 +653,10 @@ func (h *Handler) UpdateLifespans(w http.ResponseWriter, r *http.Request, ps htt
 //       204: emptyResponse
 //       default: jsonError
 func (h *Handler) DeleteDynamicRegistration(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+	if err := h.requireDynamicAuth(r); err != nil {
+		h.r.Writer().WriteError(w, r, err)
+		return
+	}
 	client, err := h.ValidDynamicAuth(r, ps)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
@@ -685,3 +699,10 @@ func (h *Handler) ValidDynamicAuth(r *http.Request, ps httprouter.Params) (fosit
 
 	return c, nil
 }
+
+func (h *Handler) requireDynamicAuth(r *http.Request) *herodot.DefaultError {
+	if !h.r.Config(r.Context()).PublicAllowDynamicRegistration() {
+		return herodot.ErrNotFound.WithReason("Dynamic registration is not enabled.")
+	}
+	return nil
+}
diff --git a/client/handler_test.go b/client/handler_test.go
@@ -173,9 +173,22 @@ func TestHandler(t *testing.T) {
 	t.Run("selfservice disabled", func(t *testing.T) {
 		ts, hc := newServer(t, false)
 
-		for _, method := range []string{"GET", "POST", "PUT", "DELETE"} {
-			t.Run("method="+method, func(t *testing.T) {
-				req, err := http.NewRequest(method, ts.URL+client.DynClientsHandlerPath, nil)
+		trap := &client.Client{
+			OutfacingID: "dynamic-client-test-trap",
+		}
+		createClient(t, trap, ts, client.ClientsHandlerPath)
+
+		for _, tc := range []struct {
+			method string
+			path   string
+		}{
+			{method: "GET", path: ts.URL + client.DynClientsHandlerPath + "/" + trap.OutfacingID},
+			{method: "POST", path: ts.URL + client.DynClientsHandlerPath},
+			{method: "PUT", path: ts.URL + client.DynClientsHandlerPath + "/" + trap.OutfacingID},
+			{method: "DELETE", path: ts.URL + client.DynClientsHandlerPath + "/" + trap.OutfacingID},
+		} {
+			t.Run("method="+tc.method, func(t *testing.T) {
+				req, err := http.NewRequest(tc.method, tc.path, nil)
 				require.NoError(t, err)
 
 				res, err := hc.Do(req)