Add api endpoint to list all authorized clients by user#954
Add api endpoint to list all authorized clients by user#954aeneasr merged 6 commits intoory:masterfrom
Conversation
kingjan1999
force-pushed
the
list-consents
branch
from
288bd4d to
46720ba
Compare
Resolves ory#953 Signed-off-by: Jan Beckmann <king-jan1999@hotmail.de>
kingjan1999
force-pushed
the
list-consents
branch
from
46720ba to
adbcc5f
Compare
| return | ||
| } | ||
|
|
||
| sessions, err := h.M.FindPreviouslyGrantedConsentRequestsByUser(user) |
There was a problem hiding this comment.
Thanks, I adapted it. However, I was a bit unsure in consent/manager_memory.go as FindPreviouslyGrantedConsentRequests depends now on the newly created FindPreviouslyGrantedConsentRequestsByUser (which requires a limit and offset now) and does not support limit and offset. As you'll see, I've used a little workaround that I'm personally not 100% satisfied with.
There was a problem hiding this comment.
I see, I don't think this solution will work with SQL as they don't support negative offset (I think).
There was a problem hiding this comment.
Oh sorry, I didn't see that you duplicated the other method. Then it will obviously work. I agree that it's not the cleanest solution but it does get the job done for now. So from my side, this is fine.
| var rs []HandledConsentRequest | ||
| filteredByUser, _ := m.FindPreviouslyGrantedConsentRequestsByUser(subject) | ||
| for _, c := range filteredByUser { | ||
| if client != c.ConsentRequest.Client.GetID() { |
There was a problem hiding this comment.
You can revert this logic to == and add rs = append(rs, c) in the loop, it is easier to read!
| RememberFor int `json:"remember_for"` | ||
|
|
||
| ConsentRequest *ConsentRequest `json:"-"` | ||
| ConsentRequest *ConsentRequest `json:"consent_request"` |
There was a problem hiding this comment.
The problem with exposing this is that acceptance of the consent request could overwrite this value and potentially mess stuff up. I haven't checked if that's actually the case but it could be an issue in some regression. I think it would be ok to copy this struct 1:1 and there set the consent_request value. If the order of the fields is the same, you can easily convert the type:
var foo HandledConsentRequest
var bar = NewTypeWithJSON(HandledConsentRequest)There was a problem hiding this comment.
I called it HandledConsentRequestResponse now but other suggestions are very welcome
There was a problem hiding this comment.
How about PreviousConsentSession? :)
aeneasr
left a comment
aeneasr
left a comment
There was a problem hiding this comment.
This looks very solid already. It is really important though that we have a test for the SDK as well (sdk_test.go) and check that the values are populated properly (and also check that e.g. client secrets are removed). Once that is done and the things are addressed, I think this is good to go!
|
I'm pinging you @kingjan1999 so this doesn't get lost in your notifications. This looks already very solid, just a few things which I mentioned during review :) |
Signed-off-by: Jan <king-jan1999@hotmail.de>
kingjan1999
force-pushed
the
list-consents
branch
from
31d14ba to
701e490
Compare
|
Thanks for your help @arekkas ! I hope I have implemented all your proposals. When Swagger generated the SDK, some files (concerning JSONWebKeys) appeared for unknown reasons, which I have now simply commited. |
|
The only thing left is the naming of the one struct and then this is good to get merged from my side! Thank you so much for your contribution :) |
Signed-off-by: Jan <king-jan1999@hotmail.de>
kingjan1999
force-pushed
the
list-consents
branch
from
5234a6d to
6857f36
Compare
|
Thanks for your naming suggestion @arekkas ! I've implemented it accordingly. |
|
Perfect! |
aeneasr
left a comment
aeneasr
left a comment
There was a problem hiding this comment.
I took another pass. Unfortunately, I have to nag you with some minor things (just newlines that were removed/added) and also some naming and error handling things.
Once those are addressed, I truly believe it's good to merge (unless I missed something).
Thank you, you're awesome! :)
|
|
||
| func (m *MemoryManager) FindPreviouslyGrantedConsentRequests(client string, subject string) ([]HandledConsentRequest, error) { | ||
| var rs []HandledConsentRequest | ||
| filteredByUser, _ := m.FindPreviouslyGrantedConsentRequestsByUser(subject, -1, -1) |
| } | ||
| return nil, sqlcon.HandleError(err) | ||
| } | ||
| aa, err := m.resolveHandledConsentRequests(a) |
There was a problem hiding this comment.
You can rewrite this to return m.resolveHandledConsentRequests(a)
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
| } | ||
|
|
||
| return aa, nil | ||
|
|
| if v.RememberFor > 0 && v.RequestedAt.Add(time.Duration(v.RememberFor)*time.Second).Before(time.Now().UTC()) { | ||
| continue | ||
| } | ||
|
|
| } | ||
| aa, err := m.resolveHandledConsentRequests(a) | ||
| return aa, err | ||
|
|
| if limit < 0 && offset < 0 { | ||
| return rs, nil | ||
| } | ||
| start, end := pagination.Index(limit, offset, len(rs)) |
There was a problem hiding this comment.
Add a newline on top of start, end := ..
| if len(rs) == 0 { | ||
| return []HandledConsentRequest{}, nil | ||
| } | ||
|
|
| w.WriteHeader(http.StatusNoContent) | ||
| } | ||
|
|
||
| // swagger:route GET /oauth2/auth/sessions/consent/{user} oAuth2 listUserClientConsentSessions |
There was a problem hiding this comment.
I think the naming should be listUserConsentSessions. With the current naming, I would expect the method to be like listUserClientConsentSessions(user, client string)
| LIMIT ? OFFSET ? | ||
| `), subject, limit, offset); err != nil { | ||
| if err == sql.ErrNoRows { | ||
| return nil, errors.WithStack(errNoPreviousConsentFound) |
There was a problem hiding this comment.
So one issue with this is that the HTTP handler function will return errNoPreviousConsentFound which is a "dumb" error (meaning it will return a 500 status code with no context in the API). On the same hand, this error is required to be returned for the consent_strategy to work. Since you duplicated the methods and this particular method is not used in the consent_strategy, you can remove the err == sql.ErrNoRows check and just return return nil, sqlcon.HandleError(err).
Please also add a test for this. It should check that sqlcon.ErrNoRows is returned when we expect that no session exist in the store. This will return a proper 404 error in the API which I think is to be expected here.
In the handler, you may want to choose to ignore the error of type sqlcon.ErrNoRows and instead just write an empty array. This will return [] instead of a 404 which might be a better suited response.
There was a problem hiding this comment.
Thanks for your help and your feedback! I have gladly implemented your suggestions.
However, I'm a little unsure at this point and need your help: Does db.Select really return an ErrNoRows error if no rows could be found? According to my understanding of SQLX / Go SQL documentation, this does not happen here. I have not been able to force such behaviour in my experiments.
Or did I misunderstand and the manager should generate and return an sqlcon.ErrNoRows?
Signed-off-by: Jan Beckmann <king-jan1999@hotmail.de>
kingjan1999
force-pushed
the
list-consents
branch
from
cb13791 to
8225b23
Compare
Signed-off-by: Jan Beckmann <king-jan1999@hotmail.de>
|
Thank you for the updates! The newly generated SDK breaks tests because the methods have been renamed: |
Signed-off-by: Jan Beckmann <king-jan1999@hotmail.de>
|
Thank you so much for your hard work! |
2 participants
Resolves #953
As already mentioned in #953, I'm rather beginner in Go, so I'm open to comments and suggestions for improvement and ask for leniency for possible mistakes.
Signed-off-by: Jan Beckmann king-jan1999@hotmail.de