From 50978054737e7ae7c54adf5ec9ee478e9feb174f Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Mon, 22 Jun 2020 16:22:40 +0200 Subject: [PATCH] fix: bump pop to v5.2 (#1922) Closes #1892 --- .schema/api.swagger.json | 4 +- client/client.go | 6 +- client/client_test.go | 2 +- client/handler.go | 2 +- client/manager_test_helpers.go | 14 +-- client/validator.go | 2 +- client/validator_test.go | 36 +++---- cmd/cli/handler_migrate.go | 4 +- consent/handler_test.go | 6 +- consent/manager_memory.go | 14 +-- consent/manager_test_helpers.go | 18 ++-- consent/strategy_default.go | 6 +- consent/strategy_default_test.go | 96 +++++++++---------- .../subject_identifier_algorithm_pairwise.go | 4 +- consent/types.go | 6 +- driver/cors_test.go | 16 ++-- driver/registry.go | 3 +- go.mod | 4 +- go.sum | 15 ++- internal/driver.go | 4 +- internal/fizzmigrate/client/migrator.go | 5 +- .../fizzmigrate/compare_migrations_test.go | 10 +- internal/fizzmigrate/consent/migrator.go | 5 +- .../consent/x_manager_sql_migrations_test.go | 2 +- internal/fizzmigrate/jwk/migrator.go | 11 ++- internal/fizzmigrate/oauth2/migrator.go | 5 +- internal/fosite_store.go | 4 +- internal/httpclient/models/o_auth2_client.go | 2 +- .../models/o_auth2_token_introspection.go | 2 +- oauth2/fosite_store_helpers.go | 20 ++-- oauth2/fosite_store_sql.go | 3 +- oauth2/fosite_store_test.go | 2 +- oauth2/handler_test.go | 6 +- oauth2/introspector.go | 2 +- oauth2/oauth2_auth_code_test.go | 4 +- oauth2/oauth2_client_credentials_test.go | 2 +- oauth2/oauth2_refresh_token_test.go | 4 +- persistence/sql/migratest/exptected_data.go | 2 +- persistence/sql/migratest/migration_test.go | 4 +- persistence/sql/persister.go | 75 +++++++-------- tracing/tracer_test.go | 10 +- x/audit_test.go | 3 +- x/errors_test.go | 3 +- x/registry.go | 1 + 44 files changed, 236 insertions(+), 213 deletions(-) diff --git a/.schema/api.swagger.json b/.schema/api.swagger.json index efd8ecfadc..e7e24abace 100755 --- a/.schema/api.swagger.json +++ b/.schema/api.swagger.json @@ -2676,7 +2676,7 @@ "type": "string" }, "client_id": { - "description": "ClientID is the id for this client.", + "description": "ID is the id for this client.", "type": "string" }, "client_name": { @@ -2809,7 +2809,7 @@ } }, "client_id": { - "description": "ClientID is aclient identifier for the OAuth 2.0 client that\nrequested this token.", + "description": "ID is aclient identifier for the OAuth 2.0 client that\nrequested this token.", "type": "string" }, "exp": { diff --git a/client/client.go b/client/client.go index 98fb562bb9..7b9a46a596 100644 --- a/client/client.go +++ b/client/client.go @@ -37,8 +37,8 @@ import ( type Client struct { PK int64 `json:"-" db:"pk"` - // ClientID is the id for this client. - ClientID string `json:"client_id" db:"id"` + // ID is the id for this client. + ID string `json:"client_id" db:"id"` // Name is the human-readable string name of the client to be presented to the // end-user during authorization. @@ -203,7 +203,7 @@ func (Client) TableName() string { } func (c *Client) GetID() string { - return c.ClientID + return c.ID } func (c *Client) GetRedirectURIs() []string { diff --git a/client/client_test.go b/client/client_test.go index f09183606b..599dbe12cf 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -33,7 +33,7 @@ var _ fosite.Client = new(Client) func TestClient(t *testing.T) { c := &Client{ - ClientID: "foo", + ID: "foo", RedirectURIs: []string{"foo"}, Scope: "foo bar", TokenEndpointAuthMethod: "none", diff --git a/client/handler.go b/client/handler.go index d7f4c2fdde..68b076baef 100644 --- a/client/handler.go +++ b/client/handler.go @@ -149,7 +149,7 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request, ps httprouter.P secret = c.Secret } - c.ClientID = ps.ByName("id") + c.ID = ps.ByName("id") if err := h.r.ClientValidator().Validate(&c); err != nil { h.r.Writer().WriteError(w, r, err) return diff --git a/client/manager_test_helpers.go b/client/manager_test_helpers.go index 6242958424..017e5ec8e9 100644 --- a/client/manager_test_helpers.go +++ b/client/manager_test_helpers.go @@ -39,7 +39,7 @@ func TestHelperClientAutoGenerateKey(k string, m Storage) func(t *testing.T) { return func(t *testing.T) { ctx := context.TODO() c := &Client{ - ClientID: "foo", + ID: "foo", Secret: "secret", RedirectURIs: []string{"http://redirect"}, TermsOfServiceURI: "foo", @@ -54,7 +54,7 @@ func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) { return func(t *testing.T) { ctx := context.TODO() require.NoError(t, m.CreateClient(ctx, &Client{ - ClientID: "1234321", + ID: "1234321", Secret: "secret", RedirectURIs: []string{"http://redirect"}, })) @@ -75,7 +75,7 @@ func TestHelperCreateGetUpdateDeleteClient(k string, m Storage) func(t *testing. assert.NotNil(t, err) c := &Client{ - ClientID: "1234", + ID: "1234", Name: "name", Secret: "secret", RedirectURIs: []string{"http://redirect", "http://redirect1"}, @@ -114,7 +114,7 @@ func TestHelperCreateGetUpdateDeleteClient(k string, m Storage) func(t *testing. } assert.NoError(t, m.CreateClient(ctx, &Client{ - ClientID: "2-1234", + ID: "2-1234", Name: "name", Secret: "secret", RedirectURIs: []string{"http://redirect"}, @@ -130,8 +130,8 @@ func TestHelperCreateGetUpdateDeleteClient(k string, m Storage) func(t *testing. ds, err := m.GetClients(ctx, 100, 0) assert.NoError(t, err) assert.Len(t, ds, 2) - assert.NotEqual(t, ds[0].ClientID, ds[1].ClientID) - assert.NotEqual(t, ds[0].ClientID, ds[1].ClientID) + assert.NotEqual(t, ds[0].ID, ds[1].ID) + assert.NotEqual(t, ds[0].ID, ds[1].ID) // test if SecretExpiresAt was set properly assert.Equal(t, ds[0].SecretExpiresAt, 0) assert.Equal(t, ds[1].SecretExpiresAt, 1) @@ -144,7 +144,7 @@ func TestHelperCreateGetUpdateDeleteClient(k string, m Storage) func(t *testing. assert.NoError(t, err) err = m.UpdateClient(ctx, &Client{ - ClientID: "2-1234", + ID: "2-1234", Name: "name-new", Secret: "secret-new", RedirectURIs: []string{"http://redirect/new"}, diff --git a/client/validator.go b/client/validator.go index 55629a2a01..f8d8f8e7cd 100644 --- a/client/validator.go +++ b/client/validator.go @@ -70,7 +70,7 @@ func NewValidatorWithClient(conf Configuration, client *http.Client) *Validator func (v *Validator) Validate(c *Client) error { id := uuid.New() - c.ClientID = stringsx.Coalesce(c.ClientID, id) + c.ID = stringsx.Coalesce(c.ID, id) if c.TokenEndpointAuthMethod == "" { c.TokenEndpointAuthMethod = "client_secret_basic" diff --git a/client/validator_test.go b/client/validator_test.go index 79f1c483e3..c0c7040c9f 100644 --- a/client/validator_test.go +++ b/client/validator_test.go @@ -53,59 +53,59 @@ func TestValidate(t *testing.T) { { in: new(Client), check: func(t *testing.T, c *Client) { - assert.NotEmpty(t, c.ClientID) + assert.NotEmpty(t, c.ID) assert.NotEmpty(t, c.GetID()) - assert.Equal(t, c.GetID(), c.ClientID) + assert.Equal(t, c.GetID(), c.ID) }, }, { - in: &Client{ClientID: "foo"}, + in: &Client{ID: "foo"}, check: func(t *testing.T, c *Client) { - assert.Equal(t, c.GetID(), c.ClientID) + assert.Equal(t, c.GetID(), c.ID) }, }, { - in: &Client{ClientID: "foo"}, + in: &Client{ID: "foo"}, check: func(t *testing.T, c *Client) { - assert.Equal(t, c.GetID(), c.ClientID) + assert.Equal(t, c.GetID(), c.ID) }, }, { - in: &Client{ClientID: "foo", UserinfoSignedResponseAlg: "foo"}, + in: &Client{ID: "foo", UserinfoSignedResponseAlg: "foo"}, expectErr: true, }, { - in: &Client{ClientID: "foo", TokenEndpointAuthMethod: "private_key_jwt"}, + in: &Client{ID: "foo", TokenEndpointAuthMethod: "private_key_jwt"}, expectErr: true, }, { - in: &Client{ClientID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, JSONWebKeysURI: "asdf", TokenEndpointAuthMethod: "private_key_jwt"}, + in: &Client{ID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, JSONWebKeysURI: "asdf", TokenEndpointAuthMethod: "private_key_jwt"}, expectErr: true, }, { - in: &Client{ClientID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, TokenEndpointAuthMethod: "private_key_jwt", TokenEndpointAuthSigningAlgorithm: "HS256"}, + in: &Client{ID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, TokenEndpointAuthMethod: "private_key_jwt", TokenEndpointAuthSigningAlgorithm: "HS256"}, expectErr: true, }, { - in: &Client{ClientID: "foo", PostLogoutRedirectURIs: []string{"https://bar/"}, RedirectURIs: []string{"https://foo/"}}, + in: &Client{ID: "foo", PostLogoutRedirectURIs: []string{"https://bar/"}, RedirectURIs: []string{"https://foo/"}}, expectErr: true, }, { - in: &Client{ClientID: "foo", PostLogoutRedirectURIs: []string{"http://foo/"}, RedirectURIs: []string{"https://foo/"}}, + in: &Client{ID: "foo", PostLogoutRedirectURIs: []string{"http://foo/"}, RedirectURIs: []string{"https://foo/"}}, expectErr: true, }, { - in: &Client{ClientID: "foo", PostLogoutRedirectURIs: []string{"https://foo:1234/"}, RedirectURIs: []string{"https://foo/"}}, + in: &Client{ID: "foo", PostLogoutRedirectURIs: []string{"https://foo:1234/"}, RedirectURIs: []string{"https://foo/"}}, expectErr: true, }, { - in: &Client{ClientID: "foo", PostLogoutRedirectURIs: []string{"https://foo/"}, RedirectURIs: []string{"https://foo/"}}, + in: &Client{ID: "foo", PostLogoutRedirectURIs: []string{"https://foo/"}, RedirectURIs: []string{"https://foo/"}}, check: func(t *testing.T, c *Client) { assert.Equal(t, []string{"https://foo/"}, []string(c.PostLogoutRedirectURIs)) }, }, { - in: &Client{ClientID: "foo"}, + in: &Client{ID: "foo"}, check: func(t *testing.T, c *Client) { assert.Equal(t, "public", c.SubjectType) }, @@ -115,19 +115,19 @@ func TestValidate(t *testing.T) { viper.Set(configuration.ViperKeySubjectTypesSupported, []string{"pairwise"}) return NewValidator(c) }, - in: &Client{ClientID: "foo"}, + in: &Client{ID: "foo"}, check: func(t *testing.T, c *Client) { assert.Equal(t, "pairwise", c.SubjectType) }, }, { - in: &Client{ClientID: "foo", SubjectType: "pairwise"}, + in: &Client{ID: "foo", SubjectType: "pairwise"}, check: func(t *testing.T, c *Client) { assert.Equal(t, "pairwise", c.SubjectType) }, }, { - in: &Client{ClientID: "foo", SubjectType: "foo"}, + in: &Client{ID: "foo", SubjectType: "foo"}, expectErr: true, }, } { diff --git a/cmd/cli/handler_migrate.go b/cmd/cli/handler_migrate.go index 99dc2e1310..34c4c9aacd 100644 --- a/cmd/cli/handler_migrate.go +++ b/cmd/cli/handler_migrate.go @@ -27,7 +27,7 @@ func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) { var d driver.Driver if flagx.MustGetBool(cmd, "read-from-env") { - d = driver.NewDefaultDriver(logrusx.New("",""), false, nil, "", "", "", false) + d = driver.NewDefaultDriver(logrusx.New("", ""), false, nil, "", "", "", false) if len(d.Configuration().DSN()) == 0 { fmt.Println(cmd.UsageString()) fmt.Println("") @@ -42,7 +42,7 @@ func (h *MigrateHandler) MigrateSQL(cmd *cobra.Command, args []string) { return } viper.Set(configuration.ViperKeyDSN, args[0]) - d = driver.NewDefaultDriver(logrusx.New("",""), false, nil, "", "", "", false) + d = driver.NewDefaultDriver(logrusx.New("", ""), false, nil, "", "", "", false) } p := d.Registry().Persister() diff --git a/consent/handler_test.go b/consent/handler_test.go index b7e96a8946..794ba58f4b 100644 --- a/consent/handler_test.go +++ b/consent/handler_test.go @@ -107,7 +107,7 @@ func TestGetLogoutRequest(t *testing.T) { if tc.exists { require.NoError(t, reg.ConsentManager().CreateLogoutRequest(context.TODO(), &LogoutRequest{ - Client: &client.Client{ClientID: "client" + key}, + Client: &client.Client{ID: "client" + key}, Challenge: challenge, WasUsed: tc.used, })) @@ -146,7 +146,7 @@ func TestGetLoginRequest(t *testing.T) { if tc.exists { require.NoError(t, reg.ConsentManager().CreateLoginRequest(context.TODO(), &LoginRequest{ - Client: &client.Client{ClientID: "client" + key}, + Client: &client.Client{ID: "client" + key}, Challenge: challenge, WasHandled: tc.handled, })) @@ -185,7 +185,7 @@ func TestGetConsentRequest(t *testing.T) { if tc.exists { require.NoError(t, reg.ConsentManager().CreateConsentRequest(context.TODO(), &ConsentRequest{ - Client: &client.Client{ClientID: "client" + key}, + Client: &client.Client{ID: "client" + key}, Challenge: challenge, WasHandled: tc.handled, })) diff --git a/consent/manager_memory.go b/consent/manager_memory.go index ee4dcd2e21..088bc2d6cd 100644 --- a/consent/manager_memory.go +++ b/consent/manager_memory.go @@ -181,7 +181,7 @@ func (m *MemoryManager) GetConsentRequest(ctx context.Context, challenge string) } m.m["handledConsentRequests"].RUnlock() - c.Client.ClientID = c.Client.GetID() + c.Client.ID = c.Client.GetID() return &c, nil } @@ -210,7 +210,7 @@ func (m *MemoryManager) VerifyAndInvalidateConsentRequest(ctx context.Context, v return nil, err } - c.Client.ClientID = c.Client.GetID() + c.Client.ID = c.Client.GetID() h.ConsentRequest = &c return &h, nil } @@ -260,7 +260,7 @@ func (m *MemoryManager) FindGrantedAndRememberedConsentRequests(ctx context.Cont continue } - cr.Client.ClientID = cr.Client.GetID() + cr.Client.ID = cr.Client.GetID() c.ConsentRequest = cr rs = append(rs, c) } @@ -301,7 +301,7 @@ func (m *MemoryManager) FindSubjectsGrantedConsentRequests(ctx context.Context, continue } - cr.Client.ClientID = cr.Client.GetID() + cr.Client.ID = cr.Client.GetID() c.ConsentRequest = cr rs = append(rs, c) } @@ -343,7 +343,7 @@ func (m *MemoryManager) CountSubjectsGrantedConsentRequests(ctx context.Context, continue } - cr.Client.ClientID = cr.Client.GetID() + cr.Client.ID = cr.Client.GetID() c.ConsentRequest = cr rs = append(rs, c) } @@ -420,7 +420,7 @@ func (m *MemoryManager) GetLoginRequest(ctx context.Context, challenge string) ( } m.m["handledAuthRequests"].Unlock() - c.Client.ClientID = c.Client.GetID() + c.Client.ID = c.Client.GetID() return &c, nil } @@ -450,7 +450,7 @@ func (m *MemoryManager) VerifyAndInvalidateLoginRequest(ctx context.Context, ver return nil, err } - c.Client.ClientID = c.Client.GetID() + c.Client.ID = c.Client.GetID() h.LoginRequest = &c return &h, nil } diff --git a/consent/manager_test_helpers.go b/consent/manager_test_helpers.go index 409c6443d2..e212db7db6 100644 --- a/consent/manager_test_helpers.go +++ b/consent/manager_test_helpers.go @@ -50,7 +50,7 @@ func MockConsentRequest(key string, remember bool, rememberFor int, hasError boo UILocales: []string{"fr" + key, "de" + key}, Display: "popup" + key, }, - Client: &client.Client{ClientID: "fk-client-" + key}, + Client: &client.Client{ID: "fk-client-" + key}, RequestURL: "https://request-url/path" + key, LoginChallenge: sqlxx.NullString("fk-login-challenge-" + key), LoginSessionID: sqlxx.NullString("fk-login-session-" + key), @@ -102,7 +102,7 @@ func MockLogoutRequest(key string, withClient bool) (c *LogoutRequest) { var cl *client.Client if withClient { cl = &client.Client{ - ClientID: "fk-client-" + key, + ID: "fk-client-" + key, } } return &LogoutRequest{ @@ -127,7 +127,7 @@ func MockAuthRequest(key string, authAt bool) (c *LoginRequest, h *HandledLoginR Display: "popup" + key, }, RequestedAt: time.Now().UTC().Add(-time.Hour), - Client: &client.Client{ClientID: "fk-client-" + key}, + Client: &client.Client{ID: "fk-client-" + key}, Subject: "subject" + key, RequestURL: "https://request-url/path" + key, Skip: true, @@ -261,7 +261,7 @@ func ManagerTests(m Manager, clientManager client.Manager, fositeManager x.Fosit return func(t *testing.T) { t.Run("case=init-fks", func(t *testing.T) { for _, k := range []string{"1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "rv1", "rv2"} { - require.NoError(t, clientManager.CreateClient(context.TODO(), &client.Client{ClientID: fmt.Sprintf("fk-client-%s", k)})) + require.NoError(t, clientManager.CreateClient(context.TODO(), &client.Client{ID: fmt.Sprintf("fk-client-%s", k)})) require.NoError(t, m.CreateLoginSession(context.TODO(), &LoginSession{ ID: fmt.Sprintf("fk-login-session-%s", k), @@ -272,7 +272,7 @@ func ManagerTests(m Manager, clientManager client.Manager, fositeManager x.Fosit require.NoError(t, m.CreateLoginRequest(context.TODO(), &LoginRequest{ Challenge: fmt.Sprintf("fk-login-challenge-%s", k), Verifier: fmt.Sprintf("fk-login-verifier-%s", k), - Client: &client.Client{ClientID: fmt.Sprintf("fk-client-%s", k)}, + Client: &client.Client{ID: fmt.Sprintf("fk-client-%s", k)}, AuthenticatedAt: sqlxx.NullTime(time.Now()), RequestedAt: time.Now(), })) @@ -635,7 +635,7 @@ func ManagerTests(m Manager, clientManager client.Manager, fositeManager x.Fosit require.NoError(t, err) for _, consent := range consents { assert.Contains(t, tc.challenges, consent.Challenge) - assert.Contains(t, tc.clients, consent.ConsentRequest.Client.ClientID) + assert.Contains(t, tc.clients, consent.ConsentRequest.Client.ID) } } @@ -699,7 +699,7 @@ func ManagerTests(m Manager, clientManager client.Manager, fositeManager x.Fosit } require.NoError(t, m.CreateLoginSession(context.Background(), ls)) - cl := &client.Client{ClientID: uuid.New().String()} + cl := &client.Client{ID: uuid.New().String()} switch k % 4 { case 0: cl.FrontChannelLogoutURI = "http://some-url.com/" @@ -735,10 +735,10 @@ func ManagerTests(m Manager, clientManager client.Manager, fositeManager x.Fosit for _, e := range es { var found bool for _, a := range actual { - if e.ClientID == a.ClientID { + if e.ID == a.ID { found = true } - assert.Equal(t, e.ClientID, a.ClientID) + assert.Equal(t, e.ID, a.ID) assert.Equal(t, e.FrontChannelLogoutURI, a.FrontChannelLogoutURI) assert.Equal(t, e.BackChannelLogoutURI, a.BackChannelLogoutURI) } diff --git a/consent/strategy_default.go b/consent/strategy_default.go index 66206690c5..bb62e88d63 100644 --- a/consent/strategy_default.go +++ b/consent/strategy_default.go @@ -317,7 +317,7 @@ func (s *DefaultStrategy) obfuscateSubjectIdentifier(cl fosite.Client, subject, if c, ok := cl.(*client.Client); ok && c.SubjectType == "pairwise" { algorithm, ok := s.r.SubjectIdentifierAlgorithm()[c.SubjectType] if !ok { - return "", errors.WithStack(fosite.ErrInvalidRequest.WithHint(fmt.Sprintf(`Subject Identifier Algorithm "%s" was requested by OAuth 2.0 Client "%s", but is not configured.`, c.SubjectType, c.ClientID))) + return "", errors.WithStack(fosite.ErrInvalidRequest.WithHint(fmt.Sprintf(`Subject Identifier Algorithm "%s" was requested by OAuth 2.0 Client "%s", but is not configured.`, c.SubjectType, c.ID))) } if len(forcedIdentifier) > 0 { @@ -664,7 +664,7 @@ func (s *DefaultStrategy) executeBackChannelLogout(ctx context.Context, subject, t, _, err := s.r.OpenIDJWTStrategy().Generate(ctx, jwtgo.MapClaims{ "iss": s.c.IssuerURL().String(), - "aud": []string{c.ClientID}, + "aud": []string{c.ID}, "iat": time.Now().UTC().Unix(), "jti": uuid.New(), "events": map[string]struct{}{"http://schemas.openid.net/event/backchannel-logout": {}}, @@ -676,7 +676,7 @@ func (s *DefaultStrategy) executeBackChannelLogout(ctx context.Context, subject, return err } - tasks = append(tasks, task{url: c.BackChannelLogoutURI, clientID: c.ClientID, token: t}) + tasks = append(tasks, task{url: c.BackChannelLogoutURI, clientID: c.ID, token: t}) } var wg sync.WaitGroup diff --git a/consent/strategy_default_test.go b/consent/strategy_default_test.go index b8a1b5a3a1..7fb6b47479 100644 --- a/consent/strategy_default_test.go +++ b/consent/strategy_default_test.go @@ -224,7 +224,7 @@ func TestStrategyLogout(t *testing.T) { viper.Set(configuration.ViperKeyLogoutURL, logoutProviderServer.URL) viper.Set(configuration.ViperKeyLogoutRedirectURL, defaultRedirServer.URL) - defaultClient := &client.Client{ClientID: uuid.New(), PostLogoutRedirectURIs: []string{defaultRedirServer.URL + "/custom"}} + defaultClient := &client.Client{ID: uuid.New(), PostLogoutRedirectURIs: []string{defaultRedirServer.URL + "/custom"}} require.NoError(t, reg.ClientManager().CreateClient(context.TODO(), defaultClient)) jar1 := newValidAuthCookieJar(t, reg, logoutServer.URL, "logout-session-1", "logout-subject-1") @@ -326,7 +326,7 @@ func TestStrategyLogout(t *testing.T) { "state": {"1234"}, "post_logout_redirect_uri": {defaultRedirServer.URL + "/custom"}, "id_token_hint": {genIDToken(t, reg, jwtgo.MapClaims{ - "aud": defaultClient.ClientID, + "aud": defaultClient.ID, "sub": "logout-subject-temp1", "sid": "logout-session-temp1", "exp": time.Now().Add(-time.Hour).Unix(), @@ -344,7 +344,7 @@ func TestStrategyLogout(t *testing.T) { "state": {"1234"}, "post_logout_redirect_uri": {defaultRedirServer.URL + "/custom"}, "id_token_hint": {genIDToken(t, reg, jwtgo.MapClaims{ - "aud": defaultClient.ClientID, + "aud": defaultClient.ID, "iss": "some-issuer", "sub": "logout-subject-temp2", "sid": "logout-session-temp2", @@ -363,7 +363,7 @@ func TestStrategyLogout(t *testing.T) { "state": {"1234"}, "post_logout_redirect_uri": {defaultRedirServer.URL + "/custom"}, "id_token_hint": {genIDToken(t, reg, jwtgo.MapClaims{ - "aud": defaultClient.ClientID, + "aud": defaultClient.ID, "iss": conf.IssuerURL().String(), "sub": "logout-subject-temp3", "sid": "logout-session-temp3", @@ -382,7 +382,7 @@ func TestStrategyLogout(t *testing.T) { "state": {"1234"}, "post_logout_redirect_uri": {"https://this-is-not-a-valid-redirect-url/custom"}, "id_token_hint": {genIDToken(t, reg, jwtgo.MapClaims{ - "aud": defaultClient.ClientID, + "aud": defaultClient.ID, "iss": conf.IssuerURL().String(), "sub": "logout-subject-temp4", "sid": "logout-session-temp4", @@ -401,7 +401,7 @@ func TestStrategyLogout(t *testing.T) { "state": {"1234"}, "post_logout_redirect_uri": {defaultRedirServer.URL + "/custom"}, "id_token_hint": {genIDToken(t, reg, jwtgo.MapClaims{ - "aud": defaultClient.ClientID, + "aud": defaultClient.ID, "iss": conf.IssuerURL().String(), "sub": "logout-subject-temp5", "sid": "logout-session-temp5", @@ -420,7 +420,7 @@ func TestStrategyLogout(t *testing.T) { "state": {"1234"}, "post_logout_redirect_uri": {defaultRedirServer.URL + "/custom"}, "id_token_hint": {genIDToken(t, reg, jwtgo.MapClaims{ - "aud": []string{defaultClient.ClientID}, // make sure this works with string slices too + "aud": []string{defaultClient.ID}, // make sure this works with string slices too "iss": conf.IssuerURL().String(), "sub": "logout-subject-3", "sid": "logout-session-3", @@ -446,7 +446,7 @@ func TestStrategyLogout(t *testing.T) { "state": {"1234"}, "post_logout_redirect_uri": {defaultRedirServer.URL + "/custom"}, "id_token_hint": {genIDToken(t, reg, jwtgo.MapClaims{ - "aud": []string{defaultClient.ClientID}, // make sure this works with string slices too + "aud": []string{defaultClient.ID}, // make sure this works with string slices too "iss": conf.IssuerURL().String(), "sub": "logout-subject-3", "sid": "i-do-not-exist", @@ -567,7 +567,7 @@ func TestStrategyLoginConsent(t *testing.T) { }{ { d: "This should fail because a login verifier was given that doesn't exist in the store", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}}}, lv: "invalid", expectErrType: []error{fosite.ErrAccessDenied}, expectErr: []bool{true}, @@ -575,7 +575,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should fail because a consent verifier was given but no login verifier", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}}}, lv: "", cv: "invalid", expectErrType: []error{fosite.ErrAccessDenied}, @@ -586,7 +586,7 @@ func TestStrategyLoginConsent(t *testing.T) { d: "This should fail because the request was redirected but the login endpoint doesn't do anything (like redirecting back)", req: fosite.AuthorizeRequest{ Request: fosite.Request{ - Client: &client.Client{ClientID: "client-id"}, + Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}, }, }, @@ -614,7 +614,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should fail because the request was redirected but the login endpoint rejected the request", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { vr, err := apiClient.Admin.RejectLoginRequest(admin.NewRejectLoginRequestParams(). @@ -639,7 +639,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should fail because no cookie jar / invalid csrf", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, lph: passAuthentication(apiClient, false), cph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -654,7 +654,7 @@ func TestStrategyLoginConsent(t *testing.T) { { d: "This should fail because consent endpoints idles after login was granted - but consent endpoint should be called because cookie jar exists", jar: newCookieJar(t), - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, lph: passAuthentication(apiClient, false), other: "display=page&ui_locales=de+en&acr_values=1+2", cph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -684,14 +684,14 @@ func TestStrategyLoginConsent(t *testing.T) { d: "This should fail because consent verifier was set but does not exist", jar: newCookieJar(t), cv: "invalid", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, expectFinalStatusCode: http.StatusForbidden, expectErrType: []error{fosite.ErrAccessDenied}, expectErr: []bool{true}, }, { d: "This should fail because consent endpoints denies the request after login was granted", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: newCookieJar(t), lph: passAuthentication(apiClient, false), cph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -719,7 +719,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass because login and consent have been granted", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: newCookieJar(t), lph: passAuthentication(apiClient, false), cph: passAuthorization(apiClient, false), @@ -739,7 +739,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass and set acr values properly", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: newCookieJar(t), lph: passAuthentication(apiClient, false), cph: passAuthorization(apiClient, false), @@ -759,7 +759,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass because login and consent have been granted, this time we remember the decision", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, lph: passAuthentication(apiClient, true), cph: passAuthorization(apiClient, true), @@ -779,7 +779,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass because login and consent have been granted, this time we remember the decision", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -813,7 +813,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass because login and consent have been granted, this time we remember the decision", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -847,7 +847,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass because login was remembered and session id should be set and session context should also work", - req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -904,7 +904,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should fail because prompt=none, client is public, and redirection scheme is not HTTPS but a custom scheme and acustom domain", - req: fosite.AuthorizeRequest{RedirectURI: mustParseURL(t, "custom://redirection-scheme/path"), Request: fosite.Request{Client: &client.Client{TokenEndpointAuthMethod: "none", ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{RedirectURI: mustParseURL(t, "custom://redirection-scheme/path"), Request: fosite.Request{Client: &client.Client{TokenEndpointAuthMethod: "none", ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, prompt: "none", jar: persistentCJ, lph: passAuthentication(apiClient, false), @@ -914,7 +914,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should fail because prompt=none, client is public, and redirection scheme is not HTTPS but a custom scheme", - req: fosite.AuthorizeRequest{RedirectURI: mustParseURL(t, "custom://localhost/path"), Request: fosite.Request{Client: &client.Client{TokenEndpointAuthMethod: "none", ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{RedirectURI: mustParseURL(t, "custom://localhost/path"), Request: fosite.Request{Client: &client.Client{TokenEndpointAuthMethod: "none", ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, prompt: "none", jar: persistentCJ, lph: passAuthentication(apiClient, false), @@ -924,7 +924,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass because prompt=none, client is public, redirection scheme is HTTP and host is localhost", - req: fosite.AuthorizeRequest{RedirectURI: mustParseURL(t, "http://localhost/path"), Request: fosite.Request{Client: &client.Client{TokenEndpointAuthMethod: "none", ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{RedirectURI: mustParseURL(t, "http://localhost/path"), Request: fosite.Request{Client: &client.Client{TokenEndpointAuthMethod: "none", ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, prompt: "none", jar: persistentCJ, lph: passAuthentication(apiClient, true), @@ -946,7 +946,7 @@ func TestStrategyLoginConsent(t *testing.T) { // This test is disabled because it breaks OIDC Conformity Tests // { // d: "This should pass but require consent because it's not an authorization_code flow", - // req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + // req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, // jar: persistentCJ, // lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { // return func(w http.ResponseWriter, r *http.Request) { @@ -974,7 +974,7 @@ func TestStrategyLoginConsent(t *testing.T) { // require.NoError(t, err) // require.EqualValues(t, http.StatusOK, res.StatusCode) // assert.False(t, rr.Skip) - // assert.Equal(t, "client-id", rr.Client.ClientID) + // assert.Equal(t, "client-id", rr.Client.ID) // assert.Equal(t, "user", rr.Subject) // // v, res, err := apiClient.AcceptConsentRequest(r.URL.Query().Get("consent_challenge"), swagger.AcceptConsentRequest{ @@ -1008,7 +1008,7 @@ func TestStrategyLoginConsent(t *testing.T) { // }, { d: "This should fail at login screen because subject from accept does not match subject from session", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -1038,7 +1038,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass and confirm previous authentication and consent because it is a authorization_code", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id", Secret: "should-not-be-included"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id", Secret: "should-not-be-included"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -1094,7 +1094,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass and require re-authentication although session is set (because prompt=login)", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, prompt: "login+consent", lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -1157,7 +1157,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass and require re-authentication although session is set (because max_age=1)", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, maxAge: "1", setup: func() { @@ -1211,7 +1211,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should fail because max_age=1 but prompt=none", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, setup: func() { time.Sleep(time.Second * 2) @@ -1225,7 +1225,7 @@ func TestStrategyLoginConsent(t *testing.T) { { d: "This should fail because prompt is none but no auth session exists", prompt: "none", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: newCookieJar(t), expectFinalStatusCode: http.StatusBadRequest, expectErrType: []error{fosite.ErrLoginRequired}, @@ -1234,7 +1234,7 @@ func TestStrategyLoginConsent(t *testing.T) { { d: "This should fail because prompt is none and consent is missing a permission which requires re-authorization of the app", prompt: "none", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a", "this-scope-has-not-been-granted-before"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a", "this-scope-has-not-been-granted-before"}}}, jar: persistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -1265,7 +1265,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This pass and properly require authentication as well as authorization because prompt is set to login and consent - although previous session exists", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, prompt: "login+consent", lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -1306,7 +1306,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should fail because id_token_hint does not match authentication session and prompt is none", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, prompt: "none", idTokenHint: fooUserIDToken, @@ -1316,7 +1316,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass and require authentication because id_token_hint does not match subject from session", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, idTokenHint: fooUserIDToken, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -1347,7 +1347,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass and require authentication because id_token_hint does not match subject from session", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"code"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ, idTokenHint: fooUserIDToken, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -1413,7 +1413,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass as regularly even though id_token_hint is expired", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, jar: newCookieJar(t), idTokenHint: genIDToken(t, reg, jwt.IDTokenClaims{ Subject: "user", @@ -1430,7 +1430,7 @@ func TestStrategyLoginConsent(t *testing.T) { // Pairwise auth { d: "This should pass as regularly and create a new session with pairwise subject set by hydra", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id", SubjectType: "pairwise", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id", SubjectType: "pairwise", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ3, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -1463,7 +1463,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, // these tests depend on one another { d: "This should pass as regularly and create a new session with pairwise subject and also with the ID token set", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id", SubjectType: "pairwise", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id", SubjectType: "pairwise", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ3, idTokenHint: genIDToken(t, reg, jwt.IDTokenClaims{ Subject: "c737d5e1fec8896d096d49f6b1a73eb45ac7becb87de9ac3f0a350bad2a9c9fd", @@ -1502,7 +1502,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass as regularly and create a new session with pairwise subject set login request", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id", SubjectType: "pairwise", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id", SubjectType: "pairwise", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ4, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -1536,7 +1536,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, // these tests depend on one another { d: "This should pass as regularly and create a new session with pairwise subject set on login request and also with the ID token set", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id", SubjectType: "pairwise", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id", SubjectType: "pairwise", SectorIdentifierURI: "foo"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ3, idTokenHint: genIDToken(t, reg, jwt.IDTokenClaims{ Subject: "forced-auth-user", @@ -1577,7 +1577,7 @@ func TestStrategyLoginConsent(t *testing.T) { // checks revoking sessions { d: "This should pass as regularly and create a new session and forward data", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ2, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -1600,7 +1600,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should pass and also revoke the session cookie", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ2, prompt: "login", lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { @@ -1624,7 +1624,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, // these two tests depend on one another { d: "This should require re-authentication because the session was revoked in the previous test", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: persistentCJ2, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -1653,7 +1653,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should require re-authentication because the session does not exist in the store", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: nonexistentCJ, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) { @@ -1682,7 +1682,7 @@ func TestStrategyLoginConsent(t *testing.T) { }, { d: "This should fail because the user from the ID token does not match the user from the accept login request", - req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ClientID: "client-id"}, RequestedScope: []string{"scope-a"}}}, + req: fosite.AuthorizeRequest{ResponseTypes: fosite.Arguments{"token", "code", "id_token"}, Request: fosite.Request{Client: &client.Client{ID: "client-id"}, RequestedScope: []string{"scope-a"}}}, jar: newCookieJar(t), idTokenHint: fooUserIDToken, lph: func(t *testing.T) func(w http.ResponseWriter, r *http.Request) { diff --git a/consent/subject_identifier_algorithm_pairwise.go b/consent/subject_identifier_algorithm_pairwise.go index 8e301bf00b..8bfaadcd40 100644 --- a/consent/subject_identifier_algorithm_pairwise.go +++ b/consent/subject_identifier_algorithm_pairwise.go @@ -43,9 +43,9 @@ func (g *SubjectIdentifierAlgorithmPairwise) Obfuscate(subject string, client *c // sub = SHA-256 ( sector_identifier || local_account_id || salt ). var id string if len(client.SectorIdentifierURI) == 0 && len(client.RedirectURIs) > 1 { - return "", errors.WithStack(fosite.ErrInvalidRequest.WithHint(fmt.Sprintf("OAuth 2.0 Client %s has multiple redirect_uris but no sector_identifier_uri was set which is not allowed when performing using subject type pairwise. Please reconfigure the OAuth 2.0 client properly.", client.ClientID))) + return "", errors.WithStack(fosite.ErrInvalidRequest.WithHint(fmt.Sprintf("OAuth 2.0 Client %s has multiple redirect_uris but no sector_identifier_uri was set which is not allowed when performing using subject type pairwise. Please reconfigure the OAuth 2.0 client properly.", client.ID))) } else if len(client.SectorIdentifierURI) == 0 && len(client.RedirectURIs) == 0 { - return "", errors.WithStack(fosite.ErrInvalidRequest.WithHint(fmt.Sprintf("OAuth 2.0 Client %s neither specifies a sector_identifier_uri nor a redirect_uri which is not allowed when performing using subject type pairwise. Please reconfigure the OAuth 2.0 client properly.", client.ClientID))) + return "", errors.WithStack(fosite.ErrInvalidRequest.WithHint(fmt.Sprintf("OAuth 2.0 Client %s neither specifies a sector_identifier_uri nor a redirect_uri which is not allowed when performing using subject type pairwise. Please reconfigure the OAuth 2.0 client properly.", client.ID))) } else if len(client.SectorIdentifierURI) > 0 { id = client.SectorIdentifierURI } else { diff --git a/consent/types.go b/consent/types.go index 031dbd6bcd..539d1590ee 100644 --- a/consent/types.go +++ b/consent/types.go @@ -392,7 +392,7 @@ func (r *LogoutRequest) prepareSQL() *LogoutRequest { if r.Client != nil { r.ClientID = sql.NullString{ Valid: true, - String: r.Client.ClientID, + String: r.Client.ID, } } return r @@ -465,7 +465,7 @@ func (r *LoginRequest) prepareSQL() *LoginRequest { if r.Client == nil { return r } - r.ClientID = r.Client.ClientID + r.ClientID = r.Client.ID return r } @@ -536,7 +536,7 @@ func (r *ConsentRequest) prepareSQL() *ConsentRequest { if r.Client == nil { return r } - r.ClientID = r.Client.ClientID + r.ClientID = r.Client.ID return r } diff --git a/driver/cors_test.go b/driver/cors_test.go index a8380c10d2..f781ab4297 100644 --- a/driver/cors_test.go +++ b/driver/cors_test.go @@ -74,7 +74,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { { d: "should reject when basic auth client exists but origin not allowed", prep: func() { - r.ClientManager().CreateClient(context.Background(), &client.Client{ClientID: "foo-2", Secret: "bar", AllowedCORSOrigins: []string{"http://not-foobar.com"}}) + r.ClientManager().CreateClient(context.Background(), &client.Client{ID: "foo-2", Secret: "bar", AllowedCORSOrigins: []string{"http://not-foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Authorization": {"Basic Zm9vLTI6YmFy"}}, @@ -83,7 +83,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { { d: "should accept when basic auth client exists and origin allowed", prep: func() { - r.ClientManager().CreateClient(context.Background(), &client.Client{ClientID: "foo-3", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}}) + r.ClientManager().CreateClient(context.Background(), &client.Client{ID: "foo-3", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Authorization": {"Basic Zm9vLTM6YmFy"}}, @@ -92,7 +92,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { { d: "should accept when basic auth client exists and origin (with partial wildcard) is allowed per client", prep: func() { - r.ClientManager().CreateClient(context.Background(), &client.Client{ClientID: "foo-4", Secret: "bar", AllowedCORSOrigins: []string{"http://*.foobar.com"}}) + r.ClientManager().CreateClient(context.Background(), &client.Client{ID: "foo-4", Secret: "bar", AllowedCORSOrigins: []string{"http://*.foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foo.foobar.com"}, "Authorization": {"Basic Zm9vLTQ6YmFy"}}, @@ -102,7 +102,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { d: "should accept when basic auth client exists and origin (with full wildcard) is allowed globally", prep: func() { viper.Set("serve.public.cors.allowed_origins", []string{"*"}) - r.ClientManager().CreateClient(context.Background(), &client.Client{ClientID: "foo-5", Secret: "bar", AllowedCORSOrigins: []string{"http://barbar.com"}}) + r.ClientManager().CreateClient(context.Background(), &client.Client{ID: "foo-5", Secret: "bar", AllowedCORSOrigins: []string{"http://barbar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"*"}, "Authorization": {"Basic Zm9vLTU6YmFy"}}, @@ -112,7 +112,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { d: "should accept when basic auth client exists and origin (with partial wildcard) is allowed globally", prep: func() { viper.Set("serve.public.cors.allowed_origins", []string{"http://*.foobar.com"}) - r.ClientManager().CreateClient(context.Background(), &client.Client{ClientID: "foo-6", Secret: "bar", AllowedCORSOrigins: []string{"http://barbar.com"}}) + r.ClientManager().CreateClient(context.Background(), &client.Client{ID: "foo-6", Secret: "bar", AllowedCORSOrigins: []string{"http://barbar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foo.foobar.com"}, "Authorization": {"Basic Zm9vLTY6YmFy"}}, @@ -122,7 +122,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { d: "should accept when basic auth client exists and origin (with full wildcard) allowed per client", prep: func() { viper.Set("serve.public.cors.allowed_origins", []string{"http://not-test-domain.com"}) - r.ClientManager().CreateClient(context.Background(), &client.Client{ClientID: "foo-7", Secret: "bar", AllowedCORSOrigins: []string{"*"}}) + r.ClientManager().CreateClient(context.Background(), &client.Client{ID: "foo-7", Secret: "bar", AllowedCORSOrigins: []string{"*"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Authorization": {"Basic Zm9vLTc6YmFy"}}, @@ -144,7 +144,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { sess := oauth2.NewSession("foo-9") sess.SetExpiresAt(fosite.AccessToken, time.Now().Add(time.Hour)) ar := fosite.NewAccessRequest(sess) - cl := &client.Client{ClientID: "foo-9", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}} + cl := &client.Client{ID: "foo-9", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}} ar.Client = cl if err := r.OAuth2Storage().CreateAccessTokenSession(nil, signature, ar); err != nil { panic(err) @@ -160,7 +160,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { { d: "should accept any allowed specified origin protocol", prep: func() { - r.ClientManager().CreateClient(context.Background(), &client.Client{ClientID: "foo-11", Secret: "bar", AllowedCORSOrigins: []string{"*"}}) + r.ClientManager().CreateClient(context.Background(), &client.Client{ID: "foo-11", Secret: "bar", AllowedCORSOrigins: []string{"*"}}) viper.Set("serve.public.cors.enabled", true) viper.Set("serve.public.cors.allowed_origins", []string{"http://*", "https://*"}) }, diff --git a/driver/registry.go b/driver/registry.go index 1b05993eec..a037e2b6bd 100644 --- a/driver/registry.go +++ b/driver/registry.go @@ -1,9 +1,10 @@ package driver import ( - "github.com/ory/x/logrusx" "github.com/pkg/errors" + "github.com/ory/x/logrusx" + "github.com/ory/hydra/persistence" "github.com/ory/x/cmdx" diff --git a/go.mod b/go.mod index 512b57c90c..ede5a49066 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/go-swagger/go-swagger v0.22.1-0.20200306221957-4aad3a5f78b8 github.com/gobuffalo/packr v1.24.0 // indirect github.com/gobuffalo/packr/v2 v2.7.1 - github.com/gobuffalo/pop/v5 v5.1.3 + github.com/gobuffalo/pop/v5 v5.2.0 github.com/gobwas/glob v0.2.3 github.com/golang/mock v1.4.3 github.com/google/uuid v1.1.1 @@ -22,7 +22,7 @@ require ( github.com/gorilla/sessions v1.2.0 github.com/gorilla/websocket v1.4.2 github.com/gtank/cryptopasta v0.0.0-20170601214702-1f550f6f2f69 - github.com/jackc/pgx/v4 v4.4.1 + github.com/jackc/pgx/v4 v4.6.0 github.com/jmoiron/sqlx v1.2.0 github.com/julienschmidt/httprouter v1.3.0 github.com/mattn/go-runewidth v0.0.4 // indirect diff --git a/go.sum b/go.sum index c5e18ee326..03f9917e5f 100644 --- a/go.sum +++ b/go.sum @@ -283,6 +283,8 @@ github.com/gobuffalo/events v1.4.1/go.mod h1:SjXgWKpeSuvQDvGhgMz5IXx3Czu+IbL+XPL github.com/gobuffalo/fizz v1.0.12/go.mod h1:C0sltPxpYK8Ftvf64kbsQa2yiCZY4RZviurNxXdAKwc= github.com/gobuffalo/fizz v1.9.8 h1:K0uXVQ/hF1NaETpW++bTvK4A+42GCioKzpvdtSfkiRM= github.com/gobuffalo/fizz v1.9.8/go.mod h1:w1FEn1yKNVCc49KnADGyYGRPH7jFON3ak4Bj1yUudHo= +github.com/gobuffalo/fizz v1.10.0 h1:I8vad0PnmR+CLjSnZ5L5jlhBm4S88UIGOoZZL3/3e24= +github.com/gobuffalo/fizz v1.10.0/go.mod h1:J2XGPO0AfJ1zKw7+2BA+6FEGAkyEsdCOLvN93WCT2WI= github.com/gobuffalo/flect v0.0.0-20180907193754-dc14d8acaf9f/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA= github.com/gobuffalo/flect v0.0.0-20181002182613-4571df4b1daf/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA= github.com/gobuffalo/flect v0.0.0-20181007231023-ae7ed6bfe683/go.mod h1:rCiQgmAE4axgBNl3jZWzS5rETRYTGOsrixTRaCPzNdA= @@ -448,6 +450,7 @@ github.com/gobuffalo/plush v3.7.32+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5s github.com/gobuffalo/plush v3.8.2+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI= github.com/gobuffalo/plush v3.8.3+incompatible h1:kzvUTnFPhwyfPEsx7U7LI05/IIslZVGnAlMA1heWub8= github.com/gobuffalo/plush v3.8.3+incompatible/go.mod h1:rQ4zdtUUyZNqULlc6bqd5scsPfLKfT0+TGMChgduDvI= +github.com/gobuffalo/plush/v4 v4.0.0 h1:ZHdmfr2R7DQ77XzWZK2PGKJOXm9NRy21EZ6Rw7FhuNw= github.com/gobuffalo/plush/v4 v4.0.0/go.mod h1:ErFS3UxKqEb8fpFJT7lYErfN/Nw6vHGiDMTjxpk5bQ0= github.com/gobuffalo/plushgen v0.0.0-20181128164830-d29dcb966cb2/go.mod h1:r9QwptTFnuvSaSRjpSp4S2/4e2D3tJhARYbvEBcKSb4= github.com/gobuffalo/plushgen v0.0.0-20181203163832-9fc4964505c2/go.mod h1:opEdT33AA2HdrIwK1aibqnTJDVVKXC02Bar/GT1YRVs= @@ -460,8 +463,8 @@ github.com/gobuffalo/pop v4.8.4+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVD github.com/gobuffalo/pop v4.13.1+incompatible h1:AhbqPxNOBN/DBb2DBaiBqzOXIBQXxEYzngHHJ+ytP4g= github.com/gobuffalo/pop v4.13.1+incompatible/go.mod h1:DwBz3SD5SsHpTZiTubcsFWcVDpJWGsxjVjMPnkiThWg= github.com/gobuffalo/pop/v5 v5.0.11/go.mod h1:mZJHJbA3cy2V18abXYuVop2ldEJ8UZ2DK6qOekC5u5g= -github.com/gobuffalo/pop/v5 v5.1.3 h1:XwXm2sJScNqc6dJOaMTAILECw6nqsf3cooNdleEcoWw= -github.com/gobuffalo/pop/v5 v5.1.3/go.mod h1:fzUpBhQE48+kPczDbuJIuOCSS7OMqChoaGR6wj2j7Nc= +github.com/gobuffalo/pop/v5 v5.2.0 h1:b5WDmlv5ZnOj0ZQ6SShBpwrolPCdbOXHM+SzRE//Nzs= +github.com/gobuffalo/pop/v5 v5.2.0/go.mod h1:Hj586Cr7FoTFNmvzyNdUcajv3r0A+W+bkil4RIX/zKo= github.com/gobuffalo/release v1.0.35/go.mod h1:VtHFAKs61vO3wboCec5xr9JPTjYyWYcvaM3lclkc4x4= github.com/gobuffalo/release v1.0.38/go.mod h1:VtHFAKs61vO3wboCec5xr9JPTjYyWYcvaM3lclkc4x4= github.com/gobuffalo/release v1.0.42/go.mod h1:RPs7EtafH4oylgetOJpGP0yCZZUiO4vqHfTHJjSdpug= @@ -636,6 +639,8 @@ github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsU github.com/jackc/pgconn v1.3.2/go.mod h1:LvCquS3HbBKwgl7KbX9KyqEIumJAbm1UMcTvGaIf3bM= github.com/jackc/pgconn v1.5.0 h1:oFSOilzIZkyg787M1fEmyMfOUUvwj0daqYMfaWwNL4o= github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI= +github.com/jackc/pgconn v1.6.0 h1:8FiBxMxS/Z0eQ9BeE1HhL6pzPL1R5x+ZuQ+T86WgZ4I= +github.com/jackc/pgconn v1.6.0/go.mod h1:yeseQo4xhQbgyJs2c87RAXOH2i624N0Fh1KSPJya7qo= github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE= github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2 h1:JVX6jT/XfzNqIjye4717ITLaNwV9mWbJx0dLCpcRzdA= @@ -650,6 +655,8 @@ github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvW github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= github.com/jackc/pgproto3/v2 v2.0.1 h1:Rdjp4NFjwHnEslx2b66FfCI2S0LhO4itac3hXz6WX9M= github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.0.2 h1:q1Hsy66zh4vuNsajBUF2PNqfAMMfxU5mk594lPE9vjY= +github.com/jackc/pgproto3/v2 v2.0.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8 h1:Q3tB+ExeflWUW7AFcAhXqk40s9mnNYLk1nOkKNZ5GnU= github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= @@ -657,6 +664,8 @@ github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCM github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.2.0 h1:JuOJqN8dtahBO+jqvtAdMiY32NI5obiZRWa+C17Vd4s= github.com/jackc/pgtype v1.2.0/go.mod h1:5m2OfMh1wTK7x+Fk952IDmI4nw3nPrvtQdM0ZT4WpC0= +github.com/jackc/pgtype v1.3.0 h1:l8JvKrby3RI7Kg3bYEeU9TA4vqC38QDpFCfcrC7KuN0= +github.com/jackc/pgtype v1.3.0/go.mod h1:b0JqxHvPmljG+HQ5IsvQ0yqeSi4nGcDTVjFoiLDb0Ik= github.com/jackc/pgx v3.2.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= github.com/jackc/pgx v3.6.2+incompatible h1:2zP5OD7kiyR3xzRYMhOcXVvkDZsImVXfj+yIyTQf3/o= github.com/jackc/pgx v3.6.2+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= @@ -665,6 +674,8 @@ github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9 github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.4.1 h1:OBZhZFlzBMC9yUD6wAFzlFFuxfZTV+YvloSPO1k+puA= github.com/jackc/pgx/v4 v4.4.1/go.mod h1:6iSW+JznC0YT+SgBn7rNxoEBsBgSmnC5FwyCekOGUiE= +github.com/jackc/pgx/v4 v4.6.0 h1:Fh0O9GdlG4gYpjpwOqjdEodJUQM9jzN3Hdv7PN0xmm0= +github.com/jackc/pgx/v4 v4.6.0/go.mod h1:vPh43ZzxijXUVJ+t/EmXBtFmbFVO72cuneCT9oAlxAg= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= diff --git a/internal/driver.go b/internal/driver.go index b81cf9a70a..33d1dc934a 100644 --- a/internal/driver.go +++ b/internal/driver.go @@ -64,12 +64,12 @@ func resetConfig() { func NewConfigurationWithDefaults() *configuration.ViperProvider { resetConfig() - return configuration.NewViperProvider(logrusx.New("",""), true, nil).(*configuration.ViperProvider) + return configuration.NewViperProvider(logrusx.New("", ""), true, nil).(*configuration.ViperProvider) } func NewConfigurationWithDefaultsAndHTTPS() *configuration.ViperProvider { resetConfig() - return configuration.NewViperProvider(logrusx.New("",""), false, nil).(*configuration.ViperProvider) + return configuration.NewViperProvider(logrusx.New("", ""), false, nil).(*configuration.ViperProvider) } func NewRegistryMemory(c *configuration.ViperProvider) *driver.RegistryMemory { diff --git a/internal/fizzmigrate/client/migrator.go b/internal/fizzmigrate/client/migrator.go index d8641df5e1..a598b6fbd2 100644 --- a/internal/fizzmigrate/client/migrator.go +++ b/internal/fizzmigrate/client/migrator.go @@ -2,10 +2,11 @@ package client import ( "github.com/jmoiron/sqlx" - "github.com/ory/x/dbal" - "github.com/ory/x/logrusx" "github.com/pkg/errors" migrate "github.com/rubenv/sql-migrate" + + "github.com/ory/x/dbal" + "github.com/ory/x/logrusx" ) var Migrations = map[string]*dbal.PackrMigrationSource{ diff --git a/internal/fizzmigrate/compare_migrations_test.go b/internal/fizzmigrate/compare_migrations_test.go index d596d26b8c..32604cf21b 100644 --- a/internal/fizzmigrate/compare_migrations_test.go +++ b/internal/fizzmigrate/compare_migrations_test.go @@ -5,7 +5,6 @@ package fizzmigrate import ( "context" "fmt" - migrate "github.com/rubenv/sql-migrate" "os/exec" "regexp" "strings" @@ -13,17 +12,20 @@ import ( "time" "github.com/gobuffalo/pop/v5" + "github.com/gobuffalo/pop/v5/logging" "github.com/jmoiron/sqlx" + migrate "github.com/rubenv/sql-migrate" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/ory/x/sqlcon/dockertest" + "github.com/ory/hydra/internal/fizzmigrate/client" "github.com/ory/hydra/internal/fizzmigrate/consent" "github.com/ory/hydra/internal/fizzmigrate/jwk" "github.com/ory/hydra/internal/fizzmigrate/oauth2" "github.com/ory/hydra/persistence/sql" "github.com/ory/hydra/x" - "github.com/ory/x/sqlcon/dockertest" ) type migrator interface { @@ -161,6 +163,10 @@ func TestCompareMigrations(t *testing.T) { func TestMixMigrations(t *testing.T) { for db, connect := range dbConnections { t.Run("db="+db, func(t *testing.T) { + pop.SetLogger(func(lvl logging.Level, s string, args ...interface{}) { + t.Logf("Running SQL Query: %s", fmt.Sprintf(s,args...)) + }) + c, dbx := connect(t) persister, err := sql.NewPersister(c) require.NoError(t, err) diff --git a/internal/fizzmigrate/consent/migrator.go b/internal/fizzmigrate/consent/migrator.go index 9f4497f855..c76eb81d1b 100644 --- a/internal/fizzmigrate/consent/migrator.go +++ b/internal/fizzmigrate/consent/migrator.go @@ -2,10 +2,11 @@ package consent import ( "github.com/jmoiron/sqlx" - "github.com/ory/x/dbal" - "github.com/ory/x/logrusx" "github.com/pkg/errors" migrate "github.com/rubenv/sql-migrate" + + "github.com/ory/x/dbal" + "github.com/ory/x/logrusx" ) var Migrations = map[string]*dbal.PackrMigrationSource{ diff --git a/internal/fizzmigrate/consent/x_manager_sql_migrations_test.go b/internal/fizzmigrate/consent/x_manager_sql_migrations_test.go index 48783b15f3..fa64ae49dc 100644 --- a/internal/fizzmigrate/consent/x_manager_sql_migrations_test.go +++ b/internal/fizzmigrate/consent/x_manager_sql_migrations_test.go @@ -32,7 +32,7 @@ func TestXXMigrations(t *testing.T) { var clients []client.Client for k := range migrateClient.Migrations[dbal.DriverMySQL].Box.List() { - clients = append(clients, client.Client{ClientID: fmt.Sprintf("%d-client", k+1)}) + clients = append(clients, client.Client{ID: fmt.Sprintf("%d-client", k+1)}) } migratest.RunPackrMigrationTests( diff --git a/internal/fizzmigrate/jwk/migrator.go b/internal/fizzmigrate/jwk/migrator.go index e004761456..46b9cd0881 100644 --- a/internal/fizzmigrate/jwk/migrator.go +++ b/internal/fizzmigrate/jwk/migrator.go @@ -2,22 +2,23 @@ package jwk import ( "github.com/jmoiron/sqlx" - "github.com/ory/x/dbal" - "github.com/ory/x/logrusx" "github.com/pkg/errors" migrate "github.com/rubenv/sql-migrate" + + "github.com/ory/x/dbal" + "github.com/ory/x/logrusx" ) var Migrations = map[string]*dbal.PackrMigrationSource{ - dbal.DriverMySQL: dbal.NewMustPackerMigrationSource(logrusx.New("",""), AssetNames(), Asset, []string{ + dbal.DriverMySQL: dbal.NewMustPackerMigrationSource(logrusx.New("", ""), AssetNames(), Asset, []string{ "migrations/sql/shared", "migrations/sql/mysql", }, true), - dbal.DriverPostgreSQL: dbal.NewMustPackerMigrationSource(logrusx.New("",""), AssetNames(), Asset, []string{ + dbal.DriverPostgreSQL: dbal.NewMustPackerMigrationSource(logrusx.New("", ""), AssetNames(), Asset, []string{ "migrations/sql/shared", "migrations/sql/postgres", }, true), - dbal.DriverCockroachDB: dbal.NewMustPackerMigrationSource(logrusx.New("",""), AssetNames(), Asset, []string{ + dbal.DriverCockroachDB: dbal.NewMustPackerMigrationSource(logrusx.New("", ""), AssetNames(), Asset, []string{ "migrations/sql/cockroach", }, true), } diff --git a/internal/fizzmigrate/oauth2/migrator.go b/internal/fizzmigrate/oauth2/migrator.go index bd1e25f4ec..8874bbb271 100644 --- a/internal/fizzmigrate/oauth2/migrator.go +++ b/internal/fizzmigrate/oauth2/migrator.go @@ -2,10 +2,11 @@ package oauth2 import ( "github.com/jmoiron/sqlx" - "github.com/ory/x/dbal" - "github.com/ory/x/logrusx" "github.com/pkg/errors" migrate "github.com/rubenv/sql-migrate" + + "github.com/ory/x/dbal" + "github.com/ory/x/logrusx" ) var Migrations = map[string]*dbal.PackrMigrationSource{ diff --git a/internal/fosite_store.go b/internal/fosite_store.go index dadd775346..114923f226 100644 --- a/internal/fosite_store.go +++ b/internal/fosite_store.go @@ -10,7 +10,7 @@ import ( func AddFositeExamples(r driver.Registry) { for _, c := range []client.Client{ { - ClientID: "my-client", + ID: "my-client", Secret: "foobar", RedirectURIs: []string{"http://localhost:3846/callback"}, ResponseTypes: []string{"id_token", "code", "token"}, @@ -18,7 +18,7 @@ func AddFositeExamples(r driver.Registry) { Scope: "fosite,openid,photos,offline", }, { - ClientID: "encoded:client", + ID: "encoded:client", Secret: "encoded&password", RedirectURIs: []string{"http://localhost:3846/callback"}, ResponseTypes: []string{"id_token", "code", "token"}, diff --git a/internal/httpclient/models/o_auth2_client.go b/internal/httpclient/models/o_auth2_client.go index 45c4e5109e..0324fb28be 100644 --- a/internal/httpclient/models/o_auth2_client.go +++ b/internal/httpclient/models/o_auth2_client.go @@ -31,7 +31,7 @@ type OAuth2Client struct { // RP URL that will cause the RP to log itself out when sent a Logout Token by the OP. BackchannelLogoutURI string `json:"backchannel_logout_uri,omitempty"` - // ClientID is the id for this client. + // ID is the id for this client. ClientID string `json:"client_id,omitempty"` // Name is the human-readable string name of the client to be presented to the diff --git a/internal/httpclient/models/o_auth2_token_introspection.go b/internal/httpclient/models/o_auth2_token_introspection.go index 9e560a6a8e..ad643df9fd 100644 --- a/internal/httpclient/models/o_auth2_token_introspection.go +++ b/internal/httpclient/models/o_auth2_token_introspection.go @@ -34,7 +34,7 @@ type OAuth2TokenIntrospection struct { // Audience contains a list of the token's intended audiences. Aud []string `json:"aud"` - // ClientID is aclient identifier for the OAuth 2.0 client that + // ID is aclient identifier for the OAuth 2.0 client that // requested this token. ClientID string `json:"client_id,omitempty"` diff --git a/oauth2/fosite_store_helpers.go b/oauth2/fosite_store_helpers.go index 14aab2d11f..00892b2289 100644 --- a/oauth2/fosite_store_helpers.go +++ b/oauth2/fosite_store_helpers.go @@ -81,7 +81,7 @@ type assertionJWTReader interface { var defaultRequest = fosite.Request{ ID: "blank", RequestedAt: time.Now().UTC().Round(time.Second), - Client: &client.Client{ClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, RequestedAudience: fosite.Arguments{"ad1", "ad2"}, @@ -95,7 +95,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-1", RequestedAt: time.Now().Round(time.Second), - Client: &client.Client{ClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -104,7 +104,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-2", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Minute)), - Client: &client.Client{ClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -113,7 +113,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-3", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Hour)), - Client: &client.Client{ClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -122,7 +122,7 @@ var flushRequests = []*fosite.Request{ } func mockRequestForeignKey(t *testing.T, id string, x InternalRegistry, createClient bool) { - cl := &client.Client{ClientID: "foobar"} + cl := &client.Client{ID: "foobar"} cr := &consent.ConsentRequest{ Client: cl, OpenIDConnectContext: new(consent.OpenIDConnectContext), LoginChallenge: sqlxx.NullString(id), Challenge: id, Verifier: id, AuthenticatedAt: sqlxx.NullTime(time.Now()), RequestedAt: time.Now(), @@ -187,7 +187,7 @@ func testHelperUniqueConstraints(m InternalRegistry, storageType string) func(t requestId := uuid.New() mockRequestForeignKey(t, requestId, m, true) - cl := &client.Client{ClientID: "foobar"} + cl := &client.Client{ID: "foobar"} signatureOne := uuid.New() signatureTwo := uuid.New() @@ -273,10 +273,10 @@ func testHelperRevokeRefreshToken(x InternalRegistry) func(t *testing.T) { mockRequestForeignKey(t, reqIdOne, x, false) mockRequestForeignKey(t, reqIdTwo, x, false) - err = m.CreateRefreshTokenSession(ctx, "1111", &fosite.Request{ID: reqIdOne, Client: &client.Client{ClientID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &Session{}}) + err = m.CreateRefreshTokenSession(ctx, "1111", &fosite.Request{ID: reqIdOne, Client: &client.Client{ID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &Session{}}) require.NoError(t, err) - err = m.CreateRefreshTokenSession(ctx, "1122", &fosite.Request{ID: reqIdTwo, Client: &client.Client{ClientID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &Session{}}) + err = m.CreateRefreshTokenSession(ctx, "1122", &fosite.Request{ID: reqIdTwo, Client: &client.Client{ID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &Session{}}) require.NoError(t, err) _, err = m.GetRefreshTokenSession(ctx, "1111", &Session{}) @@ -328,7 +328,7 @@ func testHelperCreateGetDeleteAuthorizeCodes(x InternalRegistry) func(t *testing func testHelperNilAccessToken(x InternalRegistry) func(t *testing.T) { return func(t *testing.T) { m := x.OAuth2Storage() - c := &client.Client{ClientID: "nil-request-client-id-123"} + c := &client.Client{ID: "nil-request-client-id-123"} require.NoError(t, x.ClientManager().CreateClient(context.Background(), c)) err := m.CreateAccessTokenSession(context.TODO(), "nil-request-id", &fosite.Request{ ID: "", @@ -734,7 +734,7 @@ func createTestRequest(id string) *fosite.Request { return &fosite.Request{ ID: id, RequestedAt: time.Now().UTC().Round(time.Second), - Client: &client.Client{ClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, RequestedAudience: fosite.Arguments{"ad1", "ad2"}, diff --git a/oauth2/fosite_store_sql.go b/oauth2/fosite_store_sql.go index 9f28b46b9f..8cfc95c68c 100644 --- a/oauth2/fosite_store_sql.go +++ b/oauth2/fosite_store_sql.go @@ -31,10 +31,11 @@ import ( "time" "github.com/jmoiron/sqlx" - "github.com/ory/x/logrusx" "github.com/pkg/errors" "github.com/tidwall/gjson" + "github.com/ory/x/logrusx" + "github.com/ory/herodot" "github.com/ory/fosite" diff --git a/oauth2/fosite_store_test.go b/oauth2/fosite_store_test.go index 268906d242..c571ccdd76 100644 --- a/oauth2/fosite_store_test.go +++ b/oauth2/fosite_store_test.go @@ -85,7 +85,7 @@ func TestManagers(t *testing.T) { for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { setupRegistries(t) - require.NoError(t, registries["memory"].ClientManager().CreateClient(context.Background(), &client.Client{ClientID: "foobar"})) // this is a workaround because the client is not being created for memory store by test helpers. + require.NoError(t, registries["memory"].ClientManager().CreateClient(context.Background(), &client.Client{ID: "foobar"})) // this is a workaround because the client is not being created for memory store by test helpers. viper.Set(configuration.ViperKeyEncryptSessionData, tc.enableSessionEncrypted) diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go index 5bd3c1f047..ebf4ca3ba6 100644 --- a/oauth2/handler_test.go +++ b/oauth2/handler_test.go @@ -65,7 +65,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-1", RequestedAt: time.Now().Round(time.Second), - Client: &client.Client{ClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -74,7 +74,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-2", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Minute)), - Client: &client.Client{ClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -83,7 +83,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-3", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Hour)), - Client: &client.Client{ClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, diff --git a/oauth2/introspector.go b/oauth2/introspector.go index 21ca6cd6bf..9efc16520d 100644 --- a/oauth2/introspector.go +++ b/oauth2/introspector.go @@ -41,7 +41,7 @@ type Introspection struct { // scopes associated with this token. Scope string `json:"scope,omitempty"` - // ClientID is aclient identifier for the OAuth 2.0 client that + // ID is aclient identifier for the OAuth 2.0 client that // requested this token. ClientID string `json:"client_id,omitempty"` diff --git a/oauth2/oauth2_auth_code_test.go b/oauth2/oauth2_auth_code_test.go index e715c96656..1fe5d690c0 100644 --- a/oauth2/oauth2_auth_code_test.go +++ b/oauth2/oauth2_auth_code_test.go @@ -201,7 +201,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { viper.Set(configuration.ViperKeyConsentRequestMaxAge, time.Hour) client := hc.Client{ - ClientID: "e2e-app-client" + km + strat.d, Secret: "secret", RedirectURIs: []string{ts.URL + "/callback"}, + ID: "e2e-app-client" + km + strat.d, Secret: "secret", RedirectURIs: []string{ts.URL + "/callback"}, ResponseTypes: []string{"id_token", "code", "token"}, GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, Scope: "hydra offline openid", @@ -1154,7 +1154,7 @@ func TestAuthCodeWithMockStrategy(t *testing.T) { var mutex sync.Mutex require.NoError(t, reg.ClientManager().CreateClient(context.TODO(), &hc.Client{ - ClientID: "app-client", + ID: "app-client", Secret: "secret", RedirectURIs: []string{ts.URL + "/callback"}, ResponseTypes: []string{"id_token", "code", "token"}, diff --git a/oauth2/oauth2_client_credentials_test.go b/oauth2/oauth2_client_credentials_test.go index 782f83bc9d..4a408ddd68 100644 --- a/oauth2/oauth2_client_credentials_test.go +++ b/oauth2/oauth2_client_credentials_test.go @@ -65,7 +65,7 @@ func TestClientCredentials(t *testing.T) { }) require.NoError(t, reg.ClientManager().CreateClient(context.TODO(), &hc.Client{ - ClientID: "app-client", + ID: "app-client", Secret: "secret", RedirectURIs: []string{ts.URL + "/callback"}, ResponseTypes: []string{"token"}, diff --git a/oauth2/oauth2_refresh_token_test.go b/oauth2/oauth2_refresh_token_test.go index 59d01e01ee..ac4dcb7641 100644 --- a/oauth2/oauth2_refresh_token_test.go +++ b/oauth2/oauth2_refresh_token_test.go @@ -45,7 +45,7 @@ func TestCreateRefreshTokenSessionStress(t *testing.T) { token := "234c678fed33c1d2025537ae464a1ebf7d23fc4a" tokenSignature := "4c7c7e8b3a77ad0c3ec846a21653c48b45dbfa31" testClient := hc.Client{ - ClientID: uuid.New(), + ID: uuid.New(), Secret: "secret", ResponseTypes: []string{"id_token", "code", "token"}, GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, @@ -61,7 +61,7 @@ func TestCreateRefreshTokenSessionStress(t *testing.T) { RequestedAt: time.Now(), ID: uuid.New(), Client: &hc.Client{ - ClientID: testClient.ClientID, + ID: testClient.ID, }, RequestedScope: []string{"offline"}, GrantedScope: []string{"offline"}, diff --git a/persistence/sql/migratest/exptected_data.go b/persistence/sql/migratest/exptected_data.go index 45e44bca4b..af835ffe73 100644 --- a/persistence/sql/migratest/exptected_data.go +++ b/persistence/sql/migratest/exptected_data.go @@ -17,7 +17,7 @@ import ( func expectedClient(i int) *client.Client { c := &client.Client{ PK: int64(i), - ClientID: fmt.Sprintf("client-%04d", i), + ID: fmt.Sprintf("client-%04d", i), Name: fmt.Sprintf("Client %04d", i), Secret: fmt.Sprintf("secret-%04d", i), RedirectURIs: []string{fmt.Sprintf("http://redirect/%04d_1", i)}, diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go index 7983647e10..6102a1a6dd 100644 --- a/persistence/sql/migratest/migration_test.go +++ b/persistence/sql/migratest/migration_test.go @@ -79,7 +79,7 @@ func TestMigrations(t *testing.T) { t.Run(fmt.Sprintf("case=client migration %d", i), func(t *testing.T) { expected := expectedClient(i) actual := &client.Client{} - require.NoError(t, c.Find(actual, expected.ClientID)) + require.NoError(t, c.Find(actual, expected.ID)) assertEqualClients(t, expected, actual) lastClient = actual }) @@ -126,7 +126,7 @@ func TestMigrations(t *testing.T) { assertEqualHandledLoginRequests(t, ehlr, ahlr) if efols != nil { - afols, err := d.Registry().ConsentManager().GetForcedObfuscatedLoginSession(context.Background(), lastClient.ClientID, efols.SubjectObfuscated) + afols, err := d.Registry().ConsentManager().GetForcedObfuscatedLoginSession(context.Background(), lastClient.ID, efols.SubjectObfuscated) require.NoError(t, err) assertEqualForcedObfucscatedLoginSessions(t, efols, afols) } diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go index ed6fe2bd8a..ab7b856399 100644 --- a/persistence/sql/persister.go +++ b/persistence/sql/persister.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "strconv" + "strings" "time" "github.com/ory/x/sqlcon" @@ -93,53 +94,47 @@ func (p *Persister) migrateOldMigrationTables() error { return errors.WithStack(err) } - return errors.WithStack(p.c.Transaction(func(tx *pop.Connection) error { - // in this order the migrations only depend on already done ones - for i, table := range []oldTableName{clientMigrationTableName, jwkMigrationTableName, consentMigrationTableName, oauth2MigrationTableName} { - // in some cases the tables might not exist, so we just add empty ones - /* #nosec G201 table is static */ - err := errors.WithStack( - tx.RawQuery(fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s (id varchar(1));", table)). - Exec()) - if err != nil { - return err + // in this order the migrations only depend on already done ones + for i, table := range []oldTableName{clientMigrationTableName, jwkMigrationTableName, consentMigrationTableName, oauth2MigrationTableName} { + // If table does not exist, we will skip it. Previously, we created a stub table here which + // caused the cached statements to fail, see: + // + // https://github.com/flynn/flynn/pull/2306/files + // https://github.com/jackc/pgx/issues/110 + // https://github.com/flynn/flynn/issues/2235 + // get old migrations + var migrations []OldMigrationRecord + + /* #nosec G201 table is static */ + if err := p.c.RawQuery(fmt.Sprintf("SELECT * FROM %s", table)).All(&migrations); err != nil { + if strings.Contains(err.Error(), string(table)) { + continue } + return err + } - // get old migrations - var migrations []OldMigrationRecord - - /* #nosec G201 table is static */ - err = errors.WithStack( - tx.RawQuery(fmt.Sprintf("SELECT * FROM %s", table)). - Eager(). - All(&migrations)) + // translate migrations + for _, m := range migrations { + // mark the migration as run for fizz + // fizz standard version pattern: YYYYMMDDhhmmss + migrationNumber, err := strconv.ParseInt(m.ID, 10, 0) if err != nil { - return err + return errors.WithStack(err) } - // translate migrations - for _, m := range migrations { - // mark the migration as run for fizz - // fizz standard version pattern: YYYYMMDDhhmmss - migrationNumber, err := strconv.ParseInt(m.ID, 10, 0) - if err != nil { - return errors.WithStack(err) - } - - /* #nosec G201 - i is static (0..3) and migrationNumber is from the database */ - if err := tx.RawQuery( - fmt.Sprintf("INSERT INTO schema_migration (version) VALUES ('2019%02d%08d')", i+1, migrationNumber)). - Exec(); err != nil { - return errors.WithStack(err) - } + /* #nosec G201 - i is static (0..3) and migrationNumber is from the database */ + if err := p.c.RawQuery( + fmt.Sprintf("INSERT INTO schema_migration (version) VALUES ('2019%02d%08d')", i+1, migrationNumber)). + Exec(); err != nil { + return errors.WithStack(err) } + } - // delete old migration table - if err := tx.RawQuery(fmt.Sprintf("DROP TABLE %s", table)).Exec(); err != nil { - return sqlcon.HandleError(err) - } + // delete old migration table + if err := p.c.RawQuery(fmt.Sprintf("DROP TABLE %s", table)).Exec(); err != nil { + return sqlcon.HandleError(err) } + } - return nil - })) + return nil } diff --git a/tracing/tracer_test.go b/tracing/tracer_test.go index bd2d9817c0..356ac870e6 100644 --- a/tracing/tracer_test.go +++ b/tracing/tracer_test.go @@ -2,15 +2,17 @@ package tracing_test import ( "encoding/json" - "github.com/opentracing/opentracing-go" - "github.com/ory/x/logrusx" - "github.com/ory/x/tracing" - "github.com/stretchr/testify/assert" "io/ioutil" "net/http" "net/http/httptest" "testing" "time" + + "github.com/opentracing/opentracing-go" + "github.com/stretchr/testify/assert" + + "github.com/ory/x/logrusx" + "github.com/ory/x/tracing" ) type zipkinSpanRequest struct { diff --git a/x/audit_test.go b/x/audit_test.go index f078af5dd3..252abe5699 100644 --- a/x/audit_test.go +++ b/x/audit_test.go @@ -6,10 +6,11 @@ import ( "net/http" "testing" - "github.com/ory/x/logrusx" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" + + "github.com/ory/x/logrusx" ) func TestLogAudit(t *testing.T) { diff --git a/x/errors_test.go b/x/errors_test.go index fbd9dea07b..6437295e44 100644 --- a/x/errors_test.go +++ b/x/errors_test.go @@ -26,10 +26,11 @@ import ( "strings" "testing" - "github.com/ory/x/logrusx" "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" + + "github.com/ory/x/logrusx" ) type errStackTracer struct{} diff --git a/x/registry.go b/x/registry.go index 79cca3bb42..555e8a9f53 100644 --- a/x/registry.go +++ b/x/registry.go @@ -2,6 +2,7 @@ package x import ( "github.com/gorilla/sessions" + "github.com/ory/herodot" "github.com/ory/x/logrusx" )