From 233c8df1b9d8ccb39411dcc54ebb77df1b5a7c37 Mon Sep 17 00:00:00 2001 From: Patrik Date: Fri, 8 Sep 2023 17:21:24 +0200 Subject: [PATCH] WIP --- client/client.go | 14 +- client/client_test.go | 2 +- client/handler.go | 8 +- client/handler_test.go | 20 +- client/manager_test_helpers.go | 34 ++- client/validator_test.go | 59 +++-- cmd/cmd_get_client_test.go | 4 +- cmd/cmd_perform_client_credentials_test.go | 2 +- cmd/cmd_update_client_test.go | 4 +- consent/handler_test.go | 8 +- consent/manager_test_helpers.go | 20 +- consent/strategy_default.go | 11 +- consent/strategy_default_test.go | 2 +- consent/strategy_oauth_test.go | 2 +- driver/registry_sql_test.go | 2 +- internal/fosite_store.go | 24 +- internal/testhelpers/janitor_test_helper.go | 24 +- internal/testhelpers/uuid/uuid.go | 15 +- oauth2/fosite_store_helpers.go | 20 +- oauth2/fosite_store_test.go | 2 +- oauth2/handler_test.go | 10 +- oauth2/oauth2_auth_code_test.go | 16 +- oauth2/oauth2_refresh_token_test.go | 4 +- .../sql/migratest/assertion_helpers.go | 4 +- .../fixtures/hydra_client/client-0001.json | 3 +- .../fixtures/hydra_client/client-0002.json | 3 +- .../fixtures/hydra_client/client-0003.json | 3 +- .../fixtures/hydra_client/client-0004.json | 3 +- .../fixtures/hydra_client/client-0005.json | 3 +- .../fixtures/hydra_client/client-0006.json | 3 +- .../fixtures/hydra_client/client-0007.json | 3 +- .../fixtures/hydra_client/client-0008.json | 3 +- .../fixtures/hydra_client/client-0009.json | 3 +- .../fixtures/hydra_client/client-0010.json | 3 +- .../fixtures/hydra_client/client-0011.json | 3 +- .../fixtures/hydra_client/client-0012.json | 3 +- .../fixtures/hydra_client/client-0013.json | 3 +- .../fixtures/hydra_client/client-0014.json | 3 +- .../fixtures/hydra_client/client-0015.json | 3 +- .../fixtures/hydra_client/client-20.json | 3 +- .../fixtures/hydra_client/client-2005.json | 3 +- .../fixtures/hydra_client/client-21.json | 3 +- persistence/sql/migratest/migration_test.go | 32 ++- ...000000_drop_internal_id.cockroach.down.sql | 1 + ...43000000_drop_internal_id.cockroach.up.sql | 1 + ...0908104443000000_drop_internal_id.down.sql | 5 + ...4443000000_drop_internal_id.mysql.down.sql | 14 ++ ...104443000000_drop_internal_id.mysql.up.sql | 3 + ...443000000_drop_internal_id.sqlite.down.sql | 160 ++++++++++++ ...04443000000_drop_internal_id.sqlite.up.sql | 155 ++++++++++++ ...230908104443000000_drop_internal_id.up.sql | 5 + ...000001_drop_internal_id.cockroach.down.sql | 1 + ...43000001_drop_internal_id.cockroach.up.sql | 1 + ...0908104443000001_drop_internal_id.down.sql | 1 + ...230908104443000001_drop_internal_id.up.sql | 1 + persistence/sql/persister.go | 2 +- persistence/sql/persister_client.go | 21 +- persistence/sql/persister_migration.go | 8 +- persistence/sql/persister_nid_test.go | 235 +++++++++--------- x/oauth2cors/cors_test.go | 28 +-- 60 files changed, 680 insertions(+), 359 deletions(-) create mode 100644 persistence/sql/migrations/20230908104443000000_drop_internal_id.cockroach.down.sql create mode 100644 persistence/sql/migrations/20230908104443000000_drop_internal_id.cockroach.up.sql create mode 100644 persistence/sql/migrations/20230908104443000000_drop_internal_id.down.sql create mode 100644 persistence/sql/migrations/20230908104443000000_drop_internal_id.mysql.down.sql create mode 100644 persistence/sql/migrations/20230908104443000000_drop_internal_id.mysql.up.sql create mode 100644 persistence/sql/migrations/20230908104443000000_drop_internal_id.sqlite.down.sql create mode 100644 persistence/sql/migrations/20230908104443000000_drop_internal_id.sqlite.up.sql create mode 100644 persistence/sql/migrations/20230908104443000000_drop_internal_id.up.sql create mode 100644 persistence/sql/migrations/20230908104443000001_drop_internal_id.cockroach.down.sql create mode 100644 persistence/sql/migrations/20230908104443000001_drop_internal_id.cockroach.up.sql create mode 100644 persistence/sql/migrations/20230908104443000001_drop_internal_id.down.sql create mode 100644 persistence/sql/migrations/20230908104443000001_drop_internal_id.up.sql diff --git a/client/client.go b/client/client.go index a8a956d372c..40707e02fa3 100644 --- a/client/client.go +++ b/client/client.go @@ -10,12 +10,11 @@ import ( "github.com/twmb/murmur3" - "github.com/ory/hydra/v2/driver/config" - "github.com/ory/x/stringsx" - "github.com/gobuffalo/pop/v6" "github.com/gofrs/uuid" + "github.com/ory/hydra/v2/driver/config" + "github.com/go-jose/go-jose/v3" "github.com/ory/fosite" @@ -35,13 +34,12 @@ var ( // // swagger:model oAuth2Client type Client struct { - ID uuid.UUID `json:"-" db:"pk"` NID uuid.UUID `db:"nid" faker:"-" json:"-"` // OAuth 2.0 Client ID // - // The ID is autogenerated and immutable. - LegacyClientID string `json:"client_id" db:"id"` + // The ID is immutable. If no ID is provided, a UUID4 will be generated. + ID string `json:"client_id" db:"id"` // DEPRECATED: This field is deprecated and will be removed. It serves // no purpose except the database not complaining. @@ -409,7 +407,7 @@ func (c *Client) BeforeSave(_ *pop.Connection) error { } func (c *Client) GetID() string { - return stringsx.Coalesce(c.LegacyClientID, c.ID.String()) + return c.ID } func (c *Client) GetRedirectURIs() []string { @@ -421,7 +419,7 @@ func (c *Client) GetHashedSecret() []byte { } func (c *Client) GetScopes() fosite.Arguments { - return fosite.Arguments(strings.Fields(c.Scope)) + return strings.Fields(c.Scope) } func (c *Client) GetAudience() fosite.Arguments { diff --git a/client/client_test.go b/client/client_test.go index b51527a050c..d4cad720614 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -16,7 +16,7 @@ var _ fosite.Client = new(Client) func TestClient(t *testing.T) { c := &Client{ - LegacyClientID: "foo", + ID: "foo", RedirectURIs: []string{"foo"}, Scope: "foo bar", TokenEndpointAuthMethod: "none", diff --git a/client/handler.go b/client/handler.go index 2b4f6aa2482..8fac902ba7e 100644 --- a/client/handler.go +++ b/client/handler.go @@ -164,10 +164,10 @@ func (h *Handler) CreateClient(r *http.Request, validator func(context.Context, if c.Secret != "" { return nil, errorsx.WithStack(herodot.ErrBadRequest.WithReasonf("It is not allowed to choose your own OAuth2 Client secret.")) } + // We do not allow to set the client ID for dynamic clients. + c.ID = uuidx.NewV4().String() } - c.ID = uuidx.NewV4() - if len(c.Secret) == 0 { secretb, err := x.GenerateSecret(26) if err != nil { @@ -254,7 +254,7 @@ func (h *Handler) setOAuth2Client(w http.ResponseWriter, r *http.Request, ps htt return } - c.LegacyClientID = ps.ByName("id") + c.ID = ps.ByName("id") if err := h.updateClient(r.Context(), &c, h.r.ClientValidator().Validate); err != nil { h.r.Writer().WriteError(w, r, err) return @@ -367,7 +367,7 @@ func (h *Handler) setOidcDynamicClient(w http.ResponseWriter, r *http.Request, p c.RegistrationAccessToken = token c.RegistrationAccessTokenSignature = signature - c.LegacyClientID = client.GetID() + c.ID = client.GetID() if err := h.updateClient(r.Context(), &c, h.r.ClientValidator().ValidateDynamicRegistration); err != nil { h.r.Writer().WriteError(w, r, err) return diff --git a/client/handler_test.go b/client/handler_test.go index 814660e49c2..fbed537c12e 100644 --- a/client/handler_test.go +++ b/client/handler_test.go @@ -311,9 +311,9 @@ func TestHandler(t *testing.T) { { d: "non-uuid works", payload: &client.Client{ - LegacyClientID: "not-a-uuid", - Secret: "averylongsecret", - RedirectURIs: []string{"http://localhost:3000/cb"}, + ID: "not-a-uuid", + Secret: "averylongsecret", + RedirectURIs: []string{"http://localhost:3000/cb"}, }, path: client.ClientsHandlerPath, statusCode: http.StatusCreated, @@ -321,9 +321,9 @@ func TestHandler(t *testing.T) { { d: "setting client id as uuid works", payload: &client.Client{ - LegacyClientID: "98941dac-f963-4468-8a23-9483b1e04e3c", - Secret: "not too short", - RedirectURIs: []string{"http://localhost:3000/cb"}, + ID: "98941dac-f963-4468-8a23-9483b1e04e3c", + Secret: "not too short", + RedirectURIs: []string{"http://localhost:3000/cb"}, }, path: client.ClientsHandlerPath, statusCode: http.StatusCreated, @@ -359,9 +359,9 @@ func TestHandler(t *testing.T) { { d: "basic dynamic client registration", payload: &client.Client{ - LegacyClientID: "ead800c5-a316-4d0c-bf00-d25666ba72cf", - Secret: "averylongsecret", - RedirectURIs: []string{"http://localhost:3000/cb"}, + ID: "ead800c5-a316-4d0c-bf00-d25666ba72cf", + Secret: "averylongsecret", + RedirectURIs: []string{"http://localhost:3000/cb"}, }, path: client.DynClientsHandlerPath, statusCode: http.StatusBadRequest, @@ -383,7 +383,7 @@ func TestHandler(t *testing.T) { if tc.path == client.DynClientsHandlerPath { exclude = append(exclude, "client_id", "client_secret", "registration_client_uri") } - if tc.payload.LegacyClientID == "" { + if tc.payload.ID == "" { exclude = append(exclude, "client_id", "registration_client_uri") assert.NotEqual(t, uuid.Nil.String(), gjson.Get(body, "client_id").String(), body) } diff --git a/client/manager_test_helpers.go b/client/manager_test_helpers.go index dbfc3523773..2f88ae06ddc 100644 --- a/client/manager_test_helpers.go +++ b/client/manager_test_helpers.go @@ -33,12 +33,12 @@ func TestHelperClientAutoGenerateKey(k string, m Storage) func(t *testing.T) { RedirectURIs: []string{"http://redirect"}, TermsOfServiceURI: "foo", } - assert.NoError(t, m.CreateClient(ctx, c)) + require.NoError(t, m.CreateClient(ctx, c)) dbClient, err := m.GetClient(ctx, c.GetID()) - assert.NoError(t, err) + require.NoError(t, err) dbClientConcrete, ok := dbClient.(*Client) - assert.True(t, ok) - testhelpersuuid.AssertUUID(t, &dbClientConcrete.ID) + require.True(t, ok) + testhelpersuuid.AssertUUID(t, dbClientConcrete.ID) assert.NoError(t, m.DeleteClient(ctx, c.GetID())) } } @@ -47,9 +47,9 @@ func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) { return func(t *testing.T) { ctx := context.TODO() require.NoError(t, m.CreateClient(ctx, &Client{ - LegacyClientID: "1234321", - Secret: "secret", - RedirectURIs: []string{"http://redirect"}, + ID: "1234321", + Secret: "secret", + RedirectURIs: []string{"http://redirect"}, })) c, err := m.Authenticate(ctx, "1234321", []byte("secret1")) @@ -80,7 +80,7 @@ func testHelperUpdateClient(t *testing.T, ctx context.Context, network Storage, d, err := network.GetClient(ctx, "1234") assert.NoError(t, err) err = network.UpdateClient(ctx, &Client{ - LegacyClientID: "2-1234", + ID: "2-1234", Name: "name-new", Secret: "secret-new", RedirectURIs: []string{"http://redirect/new"}, @@ -164,7 +164,7 @@ func TestHelperCreateGetUpdateDeleteClientNext(t *testing.T, m Storage, networks for _, expected := range clients { c, err := m.GetClient(ctx, expected.GetID()) if check != original { - t.Run(fmt.Sprintf("case=must not find client %s", expected.ID), func(t *testing.T) { + t.Run(fmt.Sprintf("case=must not find client %s", expected.GetID()), func(t *testing.T) { require.ErrorIs(t, err, sqlcon.ErrNoRows) }) } else { @@ -206,8 +206,7 @@ func TestHelperCreateGetUpdateDeleteClient(k string, connection *pop.Connection, require.Error(t, err) t1c1 := &Client{ - ID: uuid.FromStringOrNil("96bfe52e-af88-4cba-ab00-ae7a8b082228"), - LegacyClientID: "1234", + ID: "1234", Name: "name", Secret: "secret", RedirectURIs: []string{"http://redirect", "http://redirect1"}, @@ -243,15 +242,12 @@ func TestHelperCreateGetUpdateDeleteClient(k string, connection *pop.Connection, { t2c1 := *t1c1 require.Error(t, connection.Create(&t2c1), "should not be able to create the same client in other manager/network; are they backed by the same database?") - t2c1.ID = uuid.Nil - require.NoError(t, t2.CreateClient(ctx, &t2c1), "we should be able to create a client with the same GetID() but different ID in other network") + require.NoError(t, t2.CreateClient(ctx, &t2c1), "we should be able to create a client with the same ID in other network") } t2c3 := *t1c1 { - pk, _ := uuid.NewV4() - t2c3.ID = pk - t2c3.LegacyClientID = "t2c2-1234" + t2c3.ID = "t2c2-1234" require.NoError(t, t2.CreateClient(ctx, &t2c3)) require.Error(t, t2.CreateClient(ctx, &t2c3)) } @@ -261,8 +257,7 @@ func TestHelperCreateGetUpdateDeleteClient(k string, connection *pop.Connection, } c2Template := &Client{ - ID: uuid.FromStringOrNil("a6bfe52e-af88-4cba-ab00-ae7a8b082228"), - LegacyClientID: "2-1234", + ID: "2-1234", Name: "name2", Secret: "secret", RedirectURIs: []string{"http://redirect"}, @@ -270,14 +265,13 @@ func TestHelperCreateGetUpdateDeleteClient(k string, connection *pop.Connection, SecretExpiresAt: 1, } assert.NoError(t, t1.CreateClient(ctx, c2Template)) - c2Template.ID = uuid.Nil assert.NoError(t, t2.CreateClient(ctx, c2Template)) d, err := t1.GetClient(ctx, "1234") require.NoError(t, err) cc := d.(*Client) - testhelpersuuid.AssertUUID(t, &cc.NID) + testhelpersuuid.AssertUUID(t, cc.NID) compare(t, t1c1, d, k) diff --git a/client/validator_test.go b/client/validator_test.go index 3a551c00010..70980f26fd6 100644 --- a/client/validator_test.go +++ b/client/validator_test.go @@ -18,8 +18,6 @@ import ( "github.com/ory/hydra/v2/driver" "github.com/ory/x/httpx" - "github.com/gofrs/uuid" - jose "github.com/go-jose/go-jose/v3" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -55,42 +53,41 @@ func TestValidate(t *testing.T) { { in: new(Client), check: func(t *testing.T, c *Client) { - assert.Equal(t, uuid.Nil.String(), c.GetID()) - assert.EqualValues(t, c.GetID(), c.ID.String()) - assert.Empty(t, c.LegacyClientID) + assert.Zero(t, c.GetID()) + assert.EqualValues(t, c.GetID(), c.ID) }, }, { - in: &Client{LegacyClientID: "foo"}, + in: &Client{ID: "foo"}, check: func(t *testing.T, c *Client) { - assert.EqualValues(t, c.GetID(), c.LegacyClientID) + assert.EqualValues(t, c.GetID(), c.ID) }, }, { - in: &Client{LegacyClientID: "foo"}, + in: &Client{ID: "foo"}, check: func(t *testing.T, c *Client) { - assert.EqualValues(t, c.GetID(), c.LegacyClientID) + assert.EqualValues(t, c.GetID(), c.ID) }, }, { - in: &Client{LegacyClientID: "foo", UserinfoSignedResponseAlg: "foo"}, + in: &Client{ID: "foo", UserinfoSignedResponseAlg: "foo"}, assertErr: assert.Error, }, { - in: &Client{LegacyClientID: "foo", TokenEndpointAuthMethod: "private_key_jwt"}, + in: &Client{ID: "foo", TokenEndpointAuthMethod: "private_key_jwt"}, assertErr: assert.Error, }, { - in: &Client{LegacyClientID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, JSONWebKeysURI: "asdf", TokenEndpointAuthMethod: "private_key_jwt"}, + in: &Client{ID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, JSONWebKeysURI: "asdf", TokenEndpointAuthMethod: "private_key_jwt"}, assertErr: assert.Error, }, { - in: &Client{LegacyClientID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, TokenEndpointAuthMethod: "private_key_jwt", TokenEndpointAuthSigningAlgorithm: "HS256"}, + in: &Client{ID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, TokenEndpointAuthMethod: "private_key_jwt", TokenEndpointAuthSigningAlgorithm: "HS256"}, assertErr: assert.Error, }, { - in: &Client{LegacyClientID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, JSONWebKeysURI: "https://example.org/jwks.json"}, - assertErr: func(_ assert.TestingT, err error, msg ...interface{}) bool { + in: &Client{ID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: new(jose.JSONWebKeySet)}, JSONWebKeysURI: "https://example.org/jwks.json"}, + assertErr: func(t assert.TestingT, err error, msg ...interface{}) bool { e := new(fosite.RFC6749Error) assert.ErrorAs(t, err, &e) assert.Contains(t, e.HintField, "jwks and jwks_uri can not both be set") @@ -98,7 +95,7 @@ func TestValidate(t *testing.T) { }, }, { - in: &Client{LegacyClientID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: &goodJWKS}}, + in: &Client{ID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: &goodJWKS}}, check: func(t *testing.T, c *Client) { assert.Len(t, c.JSONWebKeys.Keys, 2) assert.Equal(t, c.JSONWebKeys.Keys[0].KeyID, "1") @@ -106,8 +103,8 @@ func TestValidate(t *testing.T) { }, }, { - in: &Client{LegacyClientID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: &jose.JSONWebKeySet{Keys: []jose.JSONWebKey{{}}}}}, - assertErr: func(_ assert.TestingT, err error, msg ...interface{}) bool { + in: &Client{ID: "foo", JSONWebKeys: &x.JoseJSONWebKeySet{JSONWebKeySet: &jose.JSONWebKeySet{Keys: []jose.JSONWebKey{{}}}}}, + assertErr: func(t assert.TestingT, err error, msg ...interface{}) bool { e := new(fosite.RFC6749Error) assert.ErrorAs(t, err, &e) assert.Contains(t, e.HintField, "Invalid JSON web key in set") @@ -115,25 +112,25 @@ func TestValidate(t *testing.T) { }, }, { - in: &Client{LegacyClientID: "foo", PostLogoutRedirectURIs: []string{"https://bar/"}, RedirectURIs: []string{"https://foo/"}}, + in: &Client{ID: "foo", PostLogoutRedirectURIs: []string{"https://bar/"}, RedirectURIs: []string{"https://foo/"}}, assertErr: assert.Error, }, { - in: &Client{LegacyClientID: "foo", PostLogoutRedirectURIs: []string{"http://foo/"}, RedirectURIs: []string{"https://foo/"}}, + in: &Client{ID: "foo", PostLogoutRedirectURIs: []string{"http://foo/"}, RedirectURIs: []string{"https://foo/"}}, assertErr: assert.Error, }, { - in: &Client{LegacyClientID: "foo", PostLogoutRedirectURIs: []string{"https://foo:1234/"}, RedirectURIs: []string{"https://foo/"}}, + in: &Client{ID: "foo", PostLogoutRedirectURIs: []string{"https://foo:1234/"}, RedirectURIs: []string{"https://foo/"}}, assertErr: assert.Error, }, { - in: &Client{LegacyClientID: "foo", PostLogoutRedirectURIs: []string{"https://foo/"}, RedirectURIs: []string{"https://foo/"}}, + in: &Client{ID: "foo", PostLogoutRedirectURIs: []string{"https://foo/"}, RedirectURIs: []string{"https://foo/"}}, check: func(t *testing.T, c *Client) { assert.Equal(t, []string{"https://foo/"}, []string(c.PostLogoutRedirectURIs)) }, }, { - in: &Client{LegacyClientID: "foo"}, + in: &Client{ID: "foo"}, check: func(t *testing.T, c *Client) { assert.Equal(t, "public", c.SubjectType) }, @@ -143,19 +140,19 @@ func TestValidate(t *testing.T) { c.MustSet(ctx, config.KeySubjectTypesSupported, []string{"pairwise"}) return NewValidator(reg) }, - in: &Client{LegacyClientID: "foo"}, + in: &Client{ID: "foo"}, check: func(t *testing.T, c *Client) { assert.Equal(t, "pairwise", c.SubjectType) }, }, { - in: &Client{LegacyClientID: "foo", SubjectType: "pairwise"}, + in: &Client{ID: "foo", SubjectType: "pairwise"}, check: func(t *testing.T, c *Client) { assert.Equal(t, "pairwise", c.SubjectType) }, }, { - in: &Client{LegacyClientID: "foo", SubjectType: "foo"}, + in: &Client{ID: "foo", SubjectType: "foo"}, assertErr: assert.Error, }, } { @@ -303,7 +300,7 @@ func TestValidateDynamicRegistration(t *testing.T) { }{ { in: &Client{ - LegacyClientID: "foo", + ID: "foo", PostLogoutRedirectURIs: []string{"https://foo/"}, RedirectURIs: []string{"https://foo/"}, Metadata: []byte("{\"access_token_ttl\":10}"), @@ -312,7 +309,7 @@ func TestValidateDynamicRegistration(t *testing.T) { }, { in: &Client{ - LegacyClientID: "foo", + ID: "foo", PostLogoutRedirectURIs: []string{"https://foo/"}, RedirectURIs: []string{"https://foo/"}, Metadata: []byte("{\"id_token_ttl\":10}"), @@ -321,7 +318,7 @@ func TestValidateDynamicRegistration(t *testing.T) { }, { in: &Client{ - LegacyClientID: "foo", + ID: "foo", PostLogoutRedirectURIs: []string{"https://foo/"}, RedirectURIs: []string{"https://foo/"}, Metadata: []byte("{\"anything\":10}"), @@ -330,12 +327,12 @@ func TestValidateDynamicRegistration(t *testing.T) { }, { in: &Client{ - LegacyClientID: "foo", + ID: "foo", PostLogoutRedirectURIs: []string{"https://foo/"}, RedirectURIs: []string{"https://foo/"}, }, check: func(t *testing.T, c *Client) { - assert.EqualValues(t, "foo", c.LegacyClientID) + assert.EqualValues(t, "foo", c.ID) }, }, } { diff --git a/cmd/cmd_get_client_test.go b/cmd/cmd_get_client_test.go index 505c45bc6cb..5586452548f 100644 --- a/cmd/cmd_get_client_test.go +++ b/cmd/cmd_get_client_test.go @@ -24,7 +24,7 @@ func TestGetClient(t *testing.T) { expected := createClient(t, reg, nil) t.Run("case=gets client", func(t *testing.T) { - actual := gjson.Parse(cmdx.ExecNoErr(t, c, expected.ID.String())) + actual := gjson.Parse(cmdx.ExecNoErr(t, c, expected.GetID())) assert.NotEmpty(t, actual.Get("client_id").String()) assert.Empty(t, actual.Get("client_secret").String()) @@ -36,7 +36,7 @@ func TestGetClient(t *testing.T) { }) t.Run("case=gets multiple clients", func(t *testing.T) { - actual := gjson.Parse(cmdx.ExecNoErr(t, c, expected.ID.String(), expected.ID.String())) + actual := gjson.Parse(cmdx.ExecNoErr(t, c, expected.GetID(), expected.ID)) snapshotx.SnapshotT(t, json.RawMessage(actual.Raw), snapshotExcludedClientFields...) }) } diff --git a/cmd/cmd_perform_client_credentials_test.go b/cmd/cmd_perform_client_credentials_test.go index 7d6c72952f1..4415c06cea2 100644 --- a/cmd/cmd_perform_client_credentials_test.go +++ b/cmd/cmd_perform_client_credentials_test.go @@ -22,7 +22,7 @@ func TestPerformClientCredentialsGrant(t *testing.T) { expected := createClientCredentialsClient(t, reg) t.Run("case=exchanges for access token", func(t *testing.T) { - result := cmdx.ExecNoErr(t, c, "--client-id", expected.ID.String(), "--client-secret", expected.Secret) + result := cmdx.ExecNoErr(t, c, "--client-id", expected.GetID(), "--client-secret", expected.Secret) actual := gjson.Parse(result) assert.Equal(t, "bearer", actual.Get("token_type").String(), result) assert.NotEmpty(t, actual.Get("access_token").String(), result) diff --git a/cmd/cmd_update_client_test.go b/cmd/cmd_update_client_test.go index 08969358de5..c21aa0277bc 100644 --- a/cmd/cmd_update_client_test.go +++ b/cmd/cmd_update_client_test.go @@ -24,7 +24,7 @@ func TestUpdateClient(t *testing.T) { original := createClient(t, reg, nil) t.Run("case=creates successfully", func(t *testing.T) { - actual := gjson.Parse(cmdx.ExecNoErr(t, c, "--grant-type", "implicit", original.ID.String())) + actual := gjson.Parse(cmdx.ExecNoErr(t, c, "--grant-type", "implicit", original.GetID())) expected, err := reg.ClientManager().GetClient(ctx, actual.Get("client_id").String()) require.NoError(t, err) @@ -35,7 +35,7 @@ func TestUpdateClient(t *testing.T) { t.Run("case=supports encryption", func(t *testing.T) { actual := gjson.Parse(cmdx.ExecNoErr(t, c, - original.ID.String(), + original.GetID(), "--secret", "some-userset-secret", "--pgp-key", base64EncodedPGPPublicKey(t), )) diff --git a/consent/handler_test.go b/consent/handler_test.go index 47496fa0bf5..d5dfe5254ad 100644 --- a/consent/handler_test.go +++ b/consent/handler_test.go @@ -46,7 +46,7 @@ func TestGetLogoutRequest(t *testing.T) { reg := internal.NewRegistryMemory(t, conf, &contextx.Default{}) if tc.exists { - cl := &client.Client{LegacyClientID: "client" + key} + cl := &client.Client{ID: "client" + key} require.NoError(t, reg.ClientManager().CreateClient(ctx, cl)) require.NoError(t, reg.ConsentManager().CreateLogoutRequest(context.TODO(), &flow.LogoutRequest{ Client: cl, @@ -101,7 +101,7 @@ func TestGetLoginRequest(t *testing.T) { reg := internal.NewRegistryMemory(t, conf, &contextx.Default{}) if tc.exists { - cl := &client.Client{LegacyClientID: "client" + key} + cl := &client.Client{ID: "client" + key} require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cl)) f, err := reg.ConsentManager().CreateLoginRequest(context.Background(), &flow.LoginRequest{ Client: cl, @@ -167,7 +167,7 @@ func TestGetConsentRequest(t *testing.T) { reg := internal.NewRegistryMemory(t, conf, &contextx.Default{}) if tc.exists { - cl := &client.Client{LegacyClientID: "client" + key} + cl := &client.Client{ID: "client" + key} require.NoError(t, reg.ClientManager().CreateClient(ctx, cl)) lr := &flow.LoginRequest{ ID: "login-" + challenge, @@ -241,7 +241,7 @@ func TestGetLoginRequestWithDuplicateAccept(t *testing.T) { conf := internal.NewConfigurationWithDefaults() reg := internal.NewRegistryMemory(t, conf, &contextx.Default{}) - cl := &client.Client{LegacyClientID: "client"} + cl := &client.Client{ID: "client"} require.NoError(t, reg.ClientManager().CreateClient(ctx, cl)) f, err := reg.ConsentManager().CreateLoginRequest(ctx, &flow.LoginRequest{ Client: cl, diff --git a/consent/manager_test_helpers.go b/consent/manager_test_helpers.go index 588aef92174..dbc53c0d7c4 100644 --- a/consent/manager_test_helpers.go +++ b/consent/manager_test_helpers.go @@ -40,7 +40,7 @@ func MockConsentRequest(key string, remember bool, rememberFor int, hasError boo UILocales: []string{"fr" + key, "de" + key}, Display: "popup" + key, }, - Client: &client.Client{LegacyClientID: "fk-client-" + key}, + Client: &client.Client{ID: "fk-client-" + key}, RequestURL: "https://request-url/path" + key, LoginChallenge: sqlxx.NullString(makeID(loginChallengeBase, network, key)), LoginSessionID: sqlxx.NullString(makeID("fk-login-session", network, key)), @@ -109,7 +109,7 @@ func MockLogoutRequest(key string, withClient bool, network string) (c *flow.Log var cl *client.Client if withClient { cl = &client.Client{ - LegacyClientID: "fk-client-" + key, + ID: "fk-client-" + key, } } return &flow.LogoutRequest{ @@ -134,7 +134,7 @@ func MockAuthRequest(key string, authAt bool, network string) (c *flow.LoginRequ Display: "popup" + key, }, RequestedAt: time.Now().UTC().Add(-time.Minute), - Client: &client.Client{LegacyClientID: "fk-client-" + key}, + Client: &client.Client{ID: "fk-client-" + key}, Subject: "subject" + key, RequestURL: "https://request-url/path" + key, Skip: true, @@ -276,7 +276,7 @@ func TestHelperNID(r interface { client.ManagerProvider FlowCipher() *aead.XChaCha20Poly1305 }, t1ValidNID Manager, t2InvalidNID Manager) func(t *testing.T) { - testClient := client.Client{LegacyClientID: "2022-03-11-client-nid-test-1"} + testClient := client.Client{ID: "2022-03-11-client-nid-test-1"} testLS := flow.LoginSession{ ID: "2022-03-11-ls-nid-test-1", Subject: "2022-03-11-test-1-sub", @@ -286,7 +286,7 @@ func TestHelperNID(r interface { Subject: "2022-03-11-test-1-sub", Verifier: "2022-03-11-test-1-ver", RequestedAt: time.Now(), - Client: &client.Client{LegacyClientID: "2022-03-11-client-nid-test-1"}, + Client: &client.Client{ID: "2022-03-11-client-nid-test-1"}, } testHLR := flow.HandledLoginRequest{ LoginRequest: &testLR, @@ -348,7 +348,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana ctx := context.Background() t.Run("case=init-fks", func(t *testing.T) { for _, k := range []string{"1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "rv1", "rv2"} { - require.NoError(t, clientManager.CreateClient(ctx, &client.Client{LegacyClientID: fmt.Sprintf("fk-client-%s", k)})) + require.NoError(t, clientManager.CreateClient(ctx, &client.Client{ID: fmt.Sprintf("fk-client-%s", k)})) loginSession := &flow.LoginSession{ ID: makeID("fk-login-session", network, k), @@ -363,7 +363,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana Subject: fmt.Sprintf("subject%s", k), SessionID: sqlxx.NullString(makeID("fk-login-session", network, k)), Verifier: makeID("fk-login-verifier", network, k), - Client: &client.Client{LegacyClientID: fmt.Sprintf("fk-client-%s", k)}, + Client: &client.Client{ID: fmt.Sprintf("fk-client-%s", k)}, AuthenticatedAt: sqlxx.NullTime(time.Now()), RequestedAt: time.Now(), } @@ -916,7 +916,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana require.NoError(t, m.CreateLoginSession(ctx, ls)) require.NoError(t, m.ConfirmLoginSession(ctx, ls, ls.ID, time.Now(), ls.Subject, true)) - cl := &client.Client{LegacyClientID: uuid.New().String()} + cl := &client.Client{ID: uuid.New().String()} switch k % 4 { case 0: cl.FrontChannelLogoutURI = "http://some-url.com/" @@ -1043,7 +1043,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana }) t.Run("case=foreign key regression", func(t *testing.T) { - cl := &client.Client{LegacyClientID: uuid.New().String()} + cl := &client.Client{ID: uuid.New().String()} require.NoError(t, clientManager.CreateClient(ctx, cl)) subject := uuid.New().String() @@ -1074,7 +1074,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana Subject: subject, OpenIDConnectContext: nil, Client: cl, - ClientID: cl.LegacyClientID, + ClientID: cl.ID, RequestURL: "", LoginChallenge: sqlxx.NullString(lr.ID), LoginSessionID: sqlxx.NullString(s.ID), diff --git a/consent/strategy_default.go b/consent/strategy_default.go index 22e0384ebb1..688cacba896 100644 --- a/consent/strategy_default.go +++ b/consent/strategy_default.go @@ -5,6 +5,7 @@ package consent import ( "context" + stderrs "errors" "fmt" "net/http" "net/url" @@ -57,10 +58,10 @@ func NewStrategy( } } -var ErrAbortOAuth2Request = errors.New("the OAuth 2.0 Authorization request must be aborted") -var ErrNoPreviousConsentFound = errors.New("no previous OAuth 2.0 Consent could be found for this access request") -var ErrNoAuthenticationSessionFound = errors.New("no previous login session was found") -var ErrHintDoesNotMatchAuthentication = errors.New("subject from hint does not match subject from session") +var ErrAbortOAuth2Request = stderrs.New("the OAuth 2.0 Authorization request must be aborted") +var ErrNoPreviousConsentFound = stderrs.New("no previous OAuth 2.0 Consent could be found for this access request") +var ErrNoAuthenticationSessionFound = stderrs.New("no previous login session was found") +var ErrHintDoesNotMatchAuthentication = stderrs.New("subject from hint does not match subject from session") func (s *DefaultStrategy) matchesValueFromSession(ctx context.Context, c fosite.Client, hintSubject string, sessionSubject string) error { obfuscatedUserID, err := s.ObfuscateSubjectIdentifier(ctx, c, sessionSubject, "") @@ -763,7 +764,7 @@ func (s *DefaultStrategy) executeBackChannelLogout(r *http.Request, subject, sid t, _, err := s.r.OpenIDJWTStrategy().Generate(ctx, jwt.MapClaims{ "iss": s.c.IssuerURL(ctx).String(), - "aud": []string{c.LegacyClientID}, + "aud": []string{c.ID}, "iat": time.Now().UTC().Unix(), "jti": uuid.New(), "events": map[string]struct{}{"http://schemas.openid.net/event/backchannel-logout": {}}, diff --git a/consent/strategy_default_test.go b/consent/strategy_default_test.go index 75c7682ded3..5a38c859ef8 100644 --- a/consent/strategy_default_test.go +++ b/consent/strategy_default_test.go @@ -76,7 +76,7 @@ func createClient(t *testing.T, reg driver.Registry, c *client.Client) *client.C secret := uuid.New().String() c.Secret = secret c.Scope = "openid offline" - c.LegacyClientID = uuid.New().String() + c.ID = uuid.New().String() require.NoError(t, reg.ClientManager().CreateClient(context.Background(), c)) c.Secret = secret return c diff --git a/consent/strategy_oauth_test.go b/consent/strategy_oauth_test.go index 70a4ecee93a..a6529565216 100644 --- a/consent/strategy_oauth_test.go +++ b/consent/strategy_oauth_test.go @@ -575,7 +575,7 @@ func TestStrategyLoginConsentNext(t *testing.T) { // - This should fail because prompt=none, client is public, and redirection scheme is not HTTPS but a custom scheme // - This should pass because prompt=none, client is public, redirection scheme is HTTP and host is localhost - c := &client.Client{LegacyClientID: uuidx.NewV4().String(), TokenEndpointAuthMethod: "none", + c := &client.Client{ID: uuidx.NewV4().String(), TokenEndpointAuthMethod: "none", RedirectURIs: []string{ testhelpers.NewCallbackURL(t, "callback", testhelpers.HTTPServerNotImplementedHandler), "custom://redirection-scheme/path", diff --git a/driver/registry_sql_test.go b/driver/registry_sql_test.go index 218ad46b100..d4a88ef0b9d 100644 --- a/driver/registry_sql_test.go +++ b/driver/registry_sql_test.go @@ -52,7 +52,7 @@ func TestDbUnknownTableColumns(t *testing.T) { require.NoError(t, reg.Persister().Connection(ctx).RawQuery(statement).Exec()) cl := &client.Client{ - LegacyClientID: strconv.Itoa(rand.Int()), + ID: strconv.Itoa(rand.Int()), } require.NoError(t, reg.Persister().CreateClient(ctx, cl)) getClients := func(reg Registry) ([]client.Client, error) { diff --git a/internal/fosite_store.go b/internal/fosite_store.go index 6f92fe3f008..49405ef7e7a 100644 --- a/internal/fosite_store.go +++ b/internal/fosite_store.go @@ -13,20 +13,20 @@ import ( func AddFositeExamples(r driver.Registry) { for _, c := range []client.Client{ { - LegacyClientID: "my-client", - Secret: "foobar", - RedirectURIs: []string{"http://localhost:3846/callback"}, - ResponseTypes: []string{"id_token", "code", "token"}, - GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, - Scope: "fosite,openid,photos,offline", + ID: "my-client", + Secret: "foobar", + RedirectURIs: []string{"http://localhost:3846/callback"}, + ResponseTypes: []string{"id_token", "code", "token"}, + GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, + Scope: "fosite,openid,photos,offline", }, { - LegacyClientID: "encoded:client", - Secret: "encoded&password", - RedirectURIs: []string{"http://localhost:3846/callback"}, - ResponseTypes: []string{"id_token", "code", "token"}, - GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, - Scope: "fosite,openid,photos,offline", + ID: "encoded:client", + Secret: "encoded&password", + RedirectURIs: []string{"http://localhost:3846/callback"}, + ResponseTypes: []string{"id_token", "code", "token"}, + GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, + Scope: "fosite,openid,photos,offline", }, } { // #nosec G601 diff --git a/internal/testhelpers/janitor_test_helper.go b/internal/testhelpers/janitor_test_helper.go index 8f4f76ba56c..f70d7c27495 100644 --- a/internal/testhelpers/janitor_test_helper.go +++ b/internal/testhelpers/janitor_test_helper.go @@ -682,7 +682,7 @@ func getAccessRequests(uniqueName string, lifespan time.Duration) []*fosite.Requ { ID: fmt.Sprintf("%s_flush-access-1", uniqueName), RequestedAt: time.Now().Round(time.Second), - Client: &client.Client{LegacyClientID: fmt.Sprintf("%s_flush-access-1", uniqueName)}, + Client: &client.Client{ID: fmt.Sprintf("%s_flush-access-1", uniqueName)}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -691,7 +691,7 @@ func getAccessRequests(uniqueName string, lifespan time.Duration) []*fosite.Requ { ID: fmt.Sprintf("%s_flush-access-2", uniqueName), RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Minute)), - Client: &client.Client{LegacyClientID: fmt.Sprintf("%s_flush-access-2", uniqueName)}, + Client: &client.Client{ID: fmt.Sprintf("%s_flush-access-2", uniqueName)}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -700,7 +700,7 @@ func getAccessRequests(uniqueName string, lifespan time.Duration) []*fosite.Requ { ID: fmt.Sprintf("%s_flush-access-3", uniqueName), RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Hour)), - Client: &client.Client{LegacyClientID: fmt.Sprintf("%s_flush-access-3", uniqueName)}, + Client: &client.Client{ID: fmt.Sprintf("%s_flush-access-3", uniqueName)}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -719,7 +719,7 @@ func getRefreshRequests(uniqueName string, lifespan time.Duration) []*fosite.Acc Request: fosite.Request{ RequestedAt: time.Now().Round(time.Second), ID: fmt.Sprintf("%s_flush-refresh-1", uniqueName), - Client: &client.Client{LegacyClientID: fmt.Sprintf("%s_flush-refresh-1", uniqueName)}, + Client: &client.Client{ID: fmt.Sprintf("%s_flush-refresh-1", uniqueName)}, RequestedScope: []string{"offline"}, GrantedScope: []string{"offline"}, Session: &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "bar"}}, @@ -735,7 +735,7 @@ func getRefreshRequests(uniqueName string, lifespan time.Duration) []*fosite.Acc Request: fosite.Request{ RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Minute)), ID: fmt.Sprintf("%s_flush-refresh-2", uniqueName), - Client: &client.Client{LegacyClientID: fmt.Sprintf("%s_flush-refresh-2", uniqueName)}, + Client: &client.Client{ID: fmt.Sprintf("%s_flush-refresh-2", uniqueName)}, RequestedScope: []string{"offline"}, GrantedScope: []string{"offline"}, Session: &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "bar"}}, @@ -751,7 +751,7 @@ func getRefreshRequests(uniqueName string, lifespan time.Duration) []*fosite.Acc Request: fosite.Request{ RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Hour)), ID: fmt.Sprintf("%s_flush-refresh-3", uniqueName), - Client: &client.Client{LegacyClientID: fmt.Sprintf("%s_flush-refresh-3", uniqueName)}, + Client: &client.Client{ID: fmt.Sprintf("%s_flush-refresh-3", uniqueName)}, RequestedScope: []string{"offline"}, GrantedScope: []string{"offline"}, Session: &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "bar"}}, @@ -770,8 +770,8 @@ func genLoginRequests(uniqueName string, lifespan time.Duration) []*flow.LoginRe RequestedScope: []string{"foo", "bar"}, Subject: fmt.Sprintf("%s_flush-login-1", uniqueName), Client: &client.Client{ - LegacyClientID: fmt.Sprintf("%s_flush-login-consent-1", uniqueName), - RedirectURIs: []string{"http://redirect"}, + ID: fmt.Sprintf("%s_flush-login-consent-1", uniqueName), + RedirectURIs: []string{"http://redirect"}, }, RequestURL: "http://redirect", RequestedAt: time.Now().Round(time.Second), @@ -783,8 +783,8 @@ func genLoginRequests(uniqueName string, lifespan time.Duration) []*flow.LoginRe RequestedScope: []string{"foo", "bar"}, Subject: fmt.Sprintf("%s_flush-login-2", uniqueName), Client: &client.Client{ - LegacyClientID: fmt.Sprintf("%s_flush-login-consent-2", uniqueName), - RedirectURIs: []string{"http://redirect"}, + ID: fmt.Sprintf("%s_flush-login-consent-2", uniqueName), + RedirectURIs: []string{"http://redirect"}, }, RequestURL: "http://redirect", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + 10*time.Minute)), @@ -796,8 +796,8 @@ func genLoginRequests(uniqueName string, lifespan time.Duration) []*flow.LoginRe RequestedScope: []string{"foo", "bar"}, Subject: fmt.Sprintf("%s_flush-login-3", uniqueName), Client: &client.Client{ - LegacyClientID: fmt.Sprintf("%s_flush-login-consent-3", uniqueName), - RedirectURIs: []string{"http://redirect"}, + ID: fmt.Sprintf("%s_flush-login-consent-3", uniqueName), + RedirectURIs: []string{"http://redirect"}, }, RequestURL: "http://redirect", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Hour)), diff --git a/internal/testhelpers/uuid/uuid.go b/internal/testhelpers/uuid/uuid.go index 8fae25139ab..b8800b384e5 100644 --- a/internal/testhelpers/uuid/uuid.go +++ b/internal/testhelpers/uuid/uuid.go @@ -11,7 +11,16 @@ import ( ) // AssertUUID helper requires that a UUID is non-zero, common version/variant used in Hydra. -func AssertUUID(t *testing.T, id *uuid.UUID) { - require.Equal(t, id.Version(), uuid.V4) - require.Equal(t, id.Variant(), uuid.VariantRFC4122) +func AssertUUID[T string | uuid.UUID](t *testing.T, id T) { + var uid uuid.UUID + switch idt := any(id).(type) { + case uuid.UUID: + uid = idt + case string: + var err error + uid, err = uuid.FromString(idt) + require.NoError(t, err) + } + require.Equal(t, uid.Version(), uuid.V4) + require.Equal(t, uid.Variant(), uuid.VariantRFC4122) } diff --git a/oauth2/fosite_store_helpers.go b/oauth2/fosite_store_helpers.go index d39e62d00c1..f1c403ca34f 100644 --- a/oauth2/fosite_store_helpers.go +++ b/oauth2/fosite_store_helpers.go @@ -79,7 +79,7 @@ type AssertionJWTReader interface { var defaultRequest = fosite.Request{ ID: "blank", RequestedAt: time.Now().UTC().Round(time.Second), - Client: &client.Client{LegacyClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, RequestedAudience: fosite.Arguments{"ad1", "ad2"}, @@ -93,7 +93,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-1", RequestedAt: time.Now().Round(time.Second), - Client: &client.Client{LegacyClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -102,7 +102,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-2", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Minute)), - Client: &client.Client{LegacyClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -111,7 +111,7 @@ var flushRequests = []*fosite.Request{ { ID: "flush-3", RequestedAt: time.Now().Round(time.Second).Add(-(lifespan + time.Hour)), - Client: &client.Client{LegacyClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -120,7 +120,7 @@ var flushRequests = []*fosite.Request{ } func mockRequestForeignKey(t *testing.T, id string, x InternalRegistry, createClient bool) { - cl := &client.Client{LegacyClientID: "foobar"} + cl := &client.Client{ID: "foobar"} cr := &flow.OAuth2ConsentRequest{ Client: cl, OpenIDConnectContext: new(flow.OAuth2ConsentRequestOpenIDConnectContext), @@ -203,7 +203,7 @@ func testHelperRequestIDMultiples(m InternalRegistry, _ string) func(t *testing. return func(t *testing.T) { requestId := uuid.New() mockRequestForeignKey(t, requestId, m, true) - cl := &client.Client{LegacyClientID: "foobar"} + cl := &client.Client{ID: "foobar"} fositeRequest := &fosite.Request{ ID: requestId, @@ -290,14 +290,14 @@ func testHelperRevokeRefreshToken(x InternalRegistry) func(t *testing.T) { err = m.CreateRefreshTokenSession(ctx, "1111", &fosite.Request{ ID: reqIdOne, - Client: &client.Client{LegacyClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &Session{}}) require.NoError(t, err) err = m.CreateRefreshTokenSession(ctx, "1122", &fosite.Request{ ID: reqIdTwo, - Client: &client.Client{LegacyClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedAt: time.Now().UTC().Round(time.Second), Session: &Session{}}) require.NoError(t, err) @@ -353,7 +353,7 @@ func testHelperCreateGetDeleteAuthorizeCodes(x InternalRegistry) func(t *testing func testHelperNilAccessToken(x InternalRegistry) func(t *testing.T) { return func(t *testing.T) { m := x.OAuth2Storage() - c := &client.Client{LegacyClientID: "nil-request-client-id-123"} + c := &client.Client{ID: "nil-request-client-id-123"} require.NoError(t, x.ClientManager().CreateClient(context.Background(), c)) err := m.CreateAccessTokenSession(context.TODO(), "nil-request-id", &fosite.Request{ ID: "", @@ -1085,7 +1085,7 @@ func createTestRequest(id string) *fosite.Request { return &fosite.Request{ ID: id, RequestedAt: time.Now().UTC().Round(time.Second), - Client: &client.Client{LegacyClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, RequestedAudience: fosite.Arguments{"ad1", "ad2"}, diff --git a/oauth2/fosite_store_test.go b/oauth2/fosite_store_test.go index f1e0a03c65a..2a48a52f8e7 100644 --- a/oauth2/fosite_store_test.go +++ b/oauth2/fosite_store_test.go @@ -70,7 +70,7 @@ func TestManagers(t *testing.T) { t.Run("suite="+tc.name, func(t *testing.T) { setupRegistries(t) - require.NoError(t, registries["memory"].ClientManager().CreateClient(context.Background(), &client.Client{LegacyClientID: "foobar"})) // this is a workaround because the client is not being created for memory store by test helpers. + require.NoError(t, registries["memory"].ClientManager().CreateClient(context.Background(), &client.Client{ID: "foobar"})) // this is a workaround because the client is not being created for memory store by test helpers. for k, store := range registries { net := &networkx.Network{} diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go index cc10d429127..95249eb8632 100644 --- a/oauth2/handler_test.go +++ b/oauth2/handler_test.go @@ -57,7 +57,7 @@ func TestHandlerDeleteHandler(t *testing.T) { deleteRequest := &fosite.Request{ ID: "del-1", RequestedAt: time.Now().Round(time.Second), - Client: &client.Client{LegacyClientID: "foobar"}, + Client: &client.Client{ID: "foobar"}, RequestedScope: fosite.Arguments{"fa", "ba"}, GrantedScope: fosite.Arguments{"fa", "ba"}, Form: url.Values{"foo": []string{"bar", "baz"}}, @@ -162,7 +162,7 @@ func TestUserinfo(t *testing.T) { return fosite.AccessToken, &fosite.AccessRequest{ Request: fosite.Request{ Client: &client.Client{ - LegacyClientID: "foobar", + ID: "foobar", }, Session: session, }, @@ -196,7 +196,7 @@ func TestUserinfo(t *testing.T) { return fosite.AccessToken, &fosite.AccessRequest{ Request: fosite.Request{ Client: &client.Client{ - LegacyClientID: "foobar", + ID: "foobar", }, Session: session, }, @@ -231,7 +231,7 @@ func TestUserinfo(t *testing.T) { return fosite.AccessToken, &fosite.AccessRequest{ Request: fosite.Request{ Client: &client.Client{ - LegacyClientID: "foobar", + ID: "foobar", UserinfoSignedResponseAlg: "none", }, Session: session, @@ -293,7 +293,7 @@ func TestUserinfo(t *testing.T) { return fosite.AccessToken, &fosite.AccessRequest{ Request: fosite.Request{ Client: &client.Client{ - LegacyClientID: "foobar-client", + ID: "foobar-client", UserinfoSignedResponseAlg: "RS256", }, Session: session, diff --git a/oauth2/oauth2_auth_code_test.go b/oauth2/oauth2_auth_code_test.go index 3d1c68273ab..b2bf4897295 100644 --- a/oauth2/oauth2_auth_code_test.go +++ b/oauth2/oauth2_auth_code_test.go @@ -529,7 +529,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { if !q.Has("login_verifier") { return nil } - q.Set("client_id", otherClient.ID.String()) + q.Set("client_id", otherClient.GetID()) req.URL.RawQuery = q.Encode() return nil }, @@ -544,7 +544,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { if !q.Has("consent_verifier") { return nil } - q.Set("client_id", otherClient.ID.String()) + q.Set("client_id", otherClient.GetID()) req.URL.RawQuery = q.Encode() return nil }, @@ -1297,12 +1297,12 @@ func TestAuthCodeWithMockStrategy(t *testing.T) { var mutex sync.Mutex require.NoError(t, reg.ClientManager().CreateClient(context.TODO(), &client.Client{ - LegacyClientID: "app-client", - Secret: "secret", - RedirectURIs: []string{ts.URL + "/callback"}, - ResponseTypes: []string{"id_token", "code", "token"}, - GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, - Scope: "hydra.* offline openid", + ID: "app-client", + Secret: "secret", + RedirectURIs: []string{ts.URL + "/callback"}, + ResponseTypes: []string{"id_token", "code", "token"}, + GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, + Scope: "hydra.* offline openid", })) oauthConfig := &oauth2.Config{ diff --git a/oauth2/oauth2_refresh_token_test.go b/oauth2/oauth2_refresh_token_test.go index 208fb20f78b..849fae06460 100644 --- a/oauth2/oauth2_refresh_token_test.go +++ b/oauth2/oauth2_refresh_token_test.go @@ -52,7 +52,7 @@ func TestCreateRefreshTokenSessionStress(t *testing.T) { token := "234c678fed33c1d2025537ae464a1ebf7d23fc4a" //nolint:gosec tokenSignature := "4c7c7e8b3a77ad0c3ec846a21653c48b45dbfa31" //nolint:gosec testClient := hc.Client{ - ID: uuid.Must(uuid.NewV4()), + ID: uuid.Must(uuid.NewV4()).String(), Secret: "secret", ResponseTypes: []string{"id_token", "code", "token"}, GrantTypes: []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}, @@ -68,7 +68,7 @@ func TestCreateRefreshTokenSessionStress(t *testing.T) { RequestedAt: time.Now(), ID: uuid.Must(uuid.NewV4()).String(), Client: &hc.Client{ - ID: uuid.FromStringOrNil(testClient.GetID()), + ID: testClient.GetID(), }, RequestedScope: []string{"offline"}, GrantedScope: []string{"offline"}, diff --git a/persistence/sql/migratest/assertion_helpers.go b/persistence/sql/migratest/assertion_helpers.go index 36f512a2cca..6cfa2764ec6 100644 --- a/persistence/sql/migratest/assertion_helpers.go +++ b/persistence/sql/migratest/assertion_helpers.go @@ -16,13 +16,13 @@ import ( ) func fixturizeFlow(t *testing.T, f *flow.Flow) { - testhelpersuuid.AssertUUID(t, &f.NID) + testhelpersuuid.AssertUUID(t, f.NID) f.NID = uuid.Nil require.NotZero(t, f.ClientID) f.ClientID = "" require.NotNil(t, f.Client) f.Client = nil - recently := time.Now().Add(-time.Minute) + recently := time.Now().Add(-2 * time.Minute) require.Greater(t, time.Time(f.LoginInitializedAt).UnixNano(), recently.UnixNano()) f.LoginInitializedAt = sqlxx.NullTime{} require.True(t, f.RequestedAt.After(recently)) diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0001.json b/persistence/sql/migratest/fixtures/hydra_client/client-0001.json index 33713a340ed..df0b583f248 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0001.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0001.json @@ -14,12 +14,11 @@ "GrantTypes": [ "grant-0001_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0001", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "", - "LegacyClientID": "client-0001", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0002.json b/persistence/sql/migratest/fixtures/hydra_client/client-0002.json index b3e16401409..738b044af2d 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0002.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0002.json @@ -14,12 +14,11 @@ "GrantTypes": [ "grant-0002_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0002", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "", - "LegacyClientID": "client-0002", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0003.json b/persistence/sql/migratest/fixtures/hydra_client/client-0003.json index 0eb0b43cf68..415a2bc158d 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0003.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0003.json @@ -14,12 +14,11 @@ "GrantTypes": [ "grant-0003_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0003", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "", - "LegacyClientID": "client-0003", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0004.json b/persistence/sql/migratest/fixtures/hydra_client/client-0004.json index e3fc88fbe47..c396e893a7c 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0004.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0004.json @@ -14,12 +14,11 @@ "GrantTypes": [ "grant-0004_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0004", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0004", - "LegacyClientID": "client-0004", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0005.json b/persistence/sql/migratest/fixtures/hydra_client/client-0005.json index ba07cc735a0..e8269c1a045 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0005.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0005.json @@ -14,12 +14,11 @@ "GrantTypes": [ "grant-0005_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0005", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0005", - "LegacyClientID": "client-0005", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0006.json b/persistence/sql/migratest/fixtures/hydra_client/client-0006.json index d08542f9a51..6c1fe930b6a 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0006.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0006.json @@ -14,12 +14,11 @@ "GrantTypes": [ "grant-0006_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0006", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0006", - "LegacyClientID": "client-0006", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0007.json b/persistence/sql/migratest/fixtures/hydra_client/client-0007.json index 8bbf0323d04..21a20a8ce51 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0007.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0007.json @@ -14,12 +14,11 @@ "GrantTypes": [ "grant-0007_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0007", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0007", - "LegacyClientID": "client-0007", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0008.json b/persistence/sql/migratest/fixtures/hydra_client/client-0008.json index ae16fada489..de3ae8e4fca 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0008.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0008.json @@ -16,12 +16,11 @@ "GrantTypes": [ "grant-0008_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0008", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0008", - "LegacyClientID": "client-0008", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0009.json b/persistence/sql/migratest/fixtures/hydra_client/client-0009.json index 5f2ff7982c0..d018033b05e 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0009.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0009.json @@ -16,12 +16,11 @@ "GrantTypes": [ "grant-0009_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0009", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0009", - "LegacyClientID": "client-0009", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0010.json b/persistence/sql/migratest/fixtures/hydra_client/client-0010.json index 068652477f5..7fcdb238f18 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0010.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0010.json @@ -16,12 +16,11 @@ "GrantTypes": [ "grant-0010_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0010", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0010", - "LegacyClientID": "client-0010", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0011.json b/persistence/sql/migratest/fixtures/hydra_client/client-0011.json index e00ad3f01a0..11d59c9dbd6 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0011.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0011.json @@ -18,12 +18,11 @@ "GrantTypes": [ "grant-0011_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0011", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0011", - "LegacyClientID": "client-0011", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0012.json b/persistence/sql/migratest/fixtures/hydra_client/client-0012.json index 9c24d678248..8cb4349d2e9 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0012.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0012.json @@ -18,12 +18,11 @@ "GrantTypes": [ "grant-0012_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0012", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0012", - "LegacyClientID": "client-0012", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0013.json b/persistence/sql/migratest/fixtures/hydra_client/client-0013.json index 0697a711a40..5407ac453b6 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0013.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0013.json @@ -18,12 +18,11 @@ "GrantTypes": [ "grant-0013_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0013", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0013", - "LegacyClientID": "client-0013", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0014.json b/persistence/sql/migratest/fixtures/hydra_client/client-0014.json index 2f1e71c0536..3590793a4d1 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0014.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0014.json @@ -18,12 +18,11 @@ "GrantTypes": [ "grant-0014_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0014", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0014", - "LegacyClientID": "client-0014", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0015.json b/persistence/sql/migratest/fixtures/hydra_client/client-0015.json index 97cb7aca0b6..ce069fbbaca 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-0015.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-0015.json @@ -18,12 +18,11 @@ "GrantTypes": [ "grant-0015_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-0015", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/0015", - "LegacyClientID": "client-0015", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 151000000000, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-20.json b/persistence/sql/migratest/fixtures/hydra_client/client-20.json index 752e717c85a..936150e6b4f 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-20.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-20.json @@ -18,12 +18,11 @@ "GrantTypes": [ "grant-20_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-20", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/20", - "LegacyClientID": "client-20", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-2005.json b/persistence/sql/migratest/fixtures/hydra_client/client-2005.json index 1d23fc8b982..4740bab8bd0 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-2005.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-2005.json @@ -18,12 +18,11 @@ "GrantTypes": [ "grant-2005_1" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-2005", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/2005", - "LegacyClientID": "client-2005", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-21.json b/persistence/sql/migratest/fixtures/hydra_client/client-21.json index 80a8d7c4533..7029a4db224 100644 --- a/persistence/sql/migratest/fixtures/hydra_client/client-21.json +++ b/persistence/sql/migratest/fixtures/hydra_client/client-21.json @@ -22,12 +22,11 @@ "grant-21_1", "grant-21_2" ], - "ID": "00000000-0000-0000-0000-000000000000", + "ID": "client-21", "JSONWebKeys": { "JSONWebKeySet": null }, "JSONWebKeysURI": "http://jwks/21", - "LegacyClientID": "client-21", "Lifespans": { "AuthorizationCodeGrantAccessTokenLifespan": { "Duration": 0, diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go index 02047008c1f..0f26c39ba70 100644 --- a/persistence/sql/migratest/migration_test.go +++ b/persistence/sql/migratest/migration_test.go @@ -91,7 +91,7 @@ func TestMigrations(t *testing.T) { l := logrusx.New("", "", logrusx.ForceLevel(logrus.DebugLevel)) tm, err := popx.NewMigrationBox( - os.DirFS("../migrations"), + sql.Migrations, popx.NewMigrator(c, l, nil, 1*time.Minute), popx.WithTestdata(t, os.DirFS("./testdata"))) require.NoError(t, err) @@ -107,11 +107,9 @@ func TestMigrations(t *testing.T) { require.False(t, c.UpdatedAt.IsZero()) c.CreatedAt = time.Time{} // Some CreatedAt and UpdatedAt values are generated during migrations so we zero them in the fixtures c.UpdatedAt = time.Time{} - testhelpersuuid.AssertUUID(t, &c.ID) - testhelpersuuid.AssertUUID(t, &c.NID) - c.ID = uuid.Nil + testhelpersuuid.AssertUUID(t, c.NID) c.NID = uuid.Nil - CompareWithFixture(t, structs.Map(c), "hydra_client", c.LegacyClientID) + CompareWithFixture(t, structs.Map(c), "hydra_client", c.ID) } }) @@ -120,8 +118,8 @@ func TestMigrations(t *testing.T) { require.NoError(t, c.All(&js)) require.Equal(t, 7, len(js)) for _, j := range js { - testhelpersuuid.AssertUUID(t, &j.ID) - testhelpersuuid.AssertUUID(t, &j.NID) + testhelpersuuid.AssertUUID(t, j.ID) + testhelpersuuid.AssertUUID(t, j.NID) j.ID = uuid.Nil // Some IDs are generated at migration time so we zero them in the fixtures j.NID = uuid.Nil require.False(t, j.CreatedAt.IsZero()) @@ -147,7 +145,7 @@ func TestMigrations(t *testing.T) { require.Equal(t, 17, len(ss)) for _, s := range ss { - testhelpersuuid.AssertUUID(t, &s.NID) + testhelpersuuid.AssertUUID(t, s.NID) s.NID = uuid.Nil s.AuthenticatedAt = sqlxx.NullTime(time.Time{}) CompareWithFixture(t, s, "hydra_oauth2_authentication_session", s.ID) @@ -160,7 +158,7 @@ func TestMigrations(t *testing.T) { require.Equal(t, 13, len(ss)) for _, s := range ss { - testhelpersuuid.AssertUUID(t, &s.NID) + testhelpersuuid.AssertUUID(t, s.NID) s.NID = uuid.Nil CompareWithFixture(t, s, "hydra_oauth2_obfuscated_authentication_session", fmt.Sprintf("%s_%s", s.Subject, s.ClientID)) } @@ -172,7 +170,7 @@ func TestMigrations(t *testing.T) { require.Equal(t, 6, len(lrs)) for _, s := range lrs { - testhelpersuuid.AssertUUID(t, &s.NID) + testhelpersuuid.AssertUUID(t, s.NID) s.NID = uuid.Nil s.Client = nil CompareWithFixture(t, s, "hydra_oauth2_logout_request", s.ID) @@ -184,7 +182,7 @@ func TestMigrations(t *testing.T) { c.All(&bjtis) require.Equal(t, 1, len(bjtis)) for _, bjti := range bjtis { - testhelpersuuid.AssertUUID(t, &bjti.NID) + testhelpersuuid.AssertUUID(t, bjti.NID) bjti.NID = uuid.Nil bjti.Expiry = time.Time{} CompareWithFixture(t, bjti, "hydra_oauth2_jti_blacklist", bjti.ID) @@ -197,7 +195,7 @@ func TestMigrations(t *testing.T) { require.Equal(t, 13, len(as)) for _, a := range as { - testhelpersuuid.AssertUUID(t, &a.NID) + testhelpersuuid.AssertUUID(t, a.NID) a.NID = uuid.Nil require.False(t, a.RequestedAt.IsZero()) a.RequestedAt = time.Time{} @@ -213,7 +211,7 @@ func TestMigrations(t *testing.T) { require.Equal(t, 13, len(rs)) for _, r := range rs { - testhelpersuuid.AssertUUID(t, &r.NID) + testhelpersuuid.AssertUUID(t, r.NID) r.NID = uuid.Nil require.False(t, r.RequestedAt.IsZero()) r.RequestedAt = time.Time{} @@ -229,7 +227,7 @@ func TestMigrations(t *testing.T) { require.Equal(t, 13, len(cs)) for _, c := range cs { - testhelpersuuid.AssertUUID(t, &c.NID) + testhelpersuuid.AssertUUID(t, c.NID) c.NID = uuid.Nil require.False(t, c.RequestedAt.IsZero()) c.RequestedAt = time.Time{} @@ -245,7 +243,7 @@ func TestMigrations(t *testing.T) { require.Equal(t, 13, len(os)) for _, o := range os { - testhelpersuuid.AssertUUID(t, &o.NID) + testhelpersuuid.AssertUUID(t, o.NID) o.NID = uuid.Nil require.False(t, o.RequestedAt.IsZero()) o.RequestedAt = time.Time{} @@ -261,7 +259,7 @@ func TestMigrations(t *testing.T) { require.Equal(t, 11, len(ps)) for _, p := range ps { - testhelpersuuid.AssertUUID(t, &p.NID) + testhelpersuuid.AssertUUID(t, p.NID) p.NID = uuid.Nil require.False(t, p.RequestedAt.IsZero()) p.RequestedAt = time.Time{} @@ -276,7 +274,7 @@ func TestMigrations(t *testing.T) { c.RawQuery("SELECT * FROM networks").All(&ns) require.Equal(t, 1, len(ns)) for _, n := range ns { - testhelpersuuid.AssertUUID(t, &n.ID) + testhelpersuuid.AssertUUID(t, n.ID) require.NotZero(t, n.CreatedAt) require.NotZero(t, n.UpdatedAt) } diff --git a/persistence/sql/migrations/20230908104443000000_drop_internal_id.cockroach.down.sql b/persistence/sql/migrations/20230908104443000000_drop_internal_id.cockroach.down.sql new file mode 100644 index 00000000000..e0325012a57 --- /dev/null +++ b/persistence/sql/migrations/20230908104443000000_drop_internal_id.cockroach.down.sql @@ -0,0 +1 @@ +ALTER TABLE hydra_client ALTER PRIMARY KEY USING COLUMNS (pk); diff --git a/persistence/sql/migrations/20230908104443000000_drop_internal_id.cockroach.up.sql b/persistence/sql/migrations/20230908104443000000_drop_internal_id.cockroach.up.sql new file mode 100644 index 00000000000..10d68872706 --- /dev/null +++ b/persistence/sql/migrations/20230908104443000000_drop_internal_id.cockroach.up.sql @@ -0,0 +1 @@ +ALTER TABLE hydra_client ALTER PRIMARY KEY USING COLUMNS (id, nid) USING HASH; diff --git a/persistence/sql/migrations/20230908104443000000_drop_internal_id.down.sql b/persistence/sql/migrations/20230908104443000000_drop_internal_id.down.sql new file mode 100644 index 00000000000..98a660d3434 --- /dev/null +++ b/persistence/sql/migrations/20230908104443000000_drop_internal_id.down.sql @@ -0,0 +1,5 @@ +ALTER TABLE hydra_client DROP CONSTRAINT hydra_client_pkey; + +ALTER TABLE hydra_client ADD COLUMN pk UUID NOT NULL DEFAULT gen_random_uuid(); + +ALTER TABLE hydra_client ADD PRIMARY KEY (pk); diff --git a/persistence/sql/migrations/20230908104443000000_drop_internal_id.mysql.down.sql b/persistence/sql/migrations/20230908104443000000_drop_internal_id.mysql.down.sql new file mode 100644 index 00000000000..497d26a6948 --- /dev/null +++ b/persistence/sql/migrations/20230908104443000000_drop_internal_id.mysql.down.sql @@ -0,0 +1,14 @@ +ALTER TABLE hydra_client ADD COLUMN pk CHAR(36); + +-- UUIDv4 generation based on https://stackoverflow.com/a/66868340/12723442 +UPDATE hydra_client SET pk = (SELECT LOWER(CONCAT( + HEX(RANDOM_BYTES(4)), + '-', HEX(RANDOM_BYTES(2)), + '-4', SUBSTR(HEX(RANDOM_BYTES(2)), 2, 3), + '-', CONCAT(HEX(FLOOR(ASCII(RANDOM_BYTES(1)) / 64)+8),SUBSTR(HEX(RANDOM_BYTES(2)), 2, 3)), + '-', HEX(RANDOM_BYTES(6)) + ))); + +ALTER TABLE hydra_client CHANGE COLUMN pk pk CHAR(36) NOT NULL; + +ALTER TABLE hydra_client DROP PRIMARY KEY, ADD PRIMARY KEY (pk); diff --git a/persistence/sql/migrations/20230908104443000000_drop_internal_id.mysql.up.sql b/persistence/sql/migrations/20230908104443000000_drop_internal_id.mysql.up.sql new file mode 100644 index 00000000000..c6c91ce1f3a --- /dev/null +++ b/persistence/sql/migrations/20230908104443000000_drop_internal_id.mysql.up.sql @@ -0,0 +1,3 @@ +ALTER TABLE hydra_client DROP PRIMARY KEY, ADD PRIMARY KEY (id, nid); + +ALTER TABLE hydra_client DROP COLUMN pk; diff --git a/persistence/sql/migrations/20230908104443000000_drop_internal_id.sqlite.down.sql b/persistence/sql/migrations/20230908104443000000_drop_internal_id.sqlite.down.sql new file mode 100644 index 00000000000..78bbd7ee9f3 --- /dev/null +++ b/persistence/sql/migrations/20230908104443000000_drop_internal_id.sqlite.down.sql @@ -0,0 +1,160 @@ +CREATE TABLE "_hydra_client_tmp" +( + id VARCHAR(255) NOT NULL, + client_name TEXT NOT NULL, + client_secret TEXT NOT NULL, + redirect_uris TEXT NOT NULL, + grant_types TEXT NOT NULL, + response_types TEXT NOT NULL, + scope TEXT NOT NULL, + owner TEXT NOT NULL, + policy_uri TEXT NOT NULL, + tos_uri TEXT NOT NULL, + client_uri TEXT NOT NULL, + logo_uri TEXT NOT NULL, + contacts TEXT NOT NULL, + client_secret_expires_at INTEGER NOT NULL DEFAULT 0, + sector_identifier_uri TEXT NOT NULL, + jwks TEXT NOT NULL, + jwks_uri TEXT NOT NULL, + request_uris TEXT NOT NULL, + token_endpoint_auth_method VARCHAR(25) NOT NULL DEFAULT '', + request_object_signing_alg VARCHAR(10) NOT NULL DEFAULT '', + userinfo_signed_response_alg VARCHAR(10) NOT NULL DEFAULT '', + subject_type VARCHAR(15) NOT NULL DEFAULT '', + allowed_cors_origins TEXT NOT NULL, + pk TEXT PRIMARY KEY NOT NULL, + pk_deprecated INTEGER NULL DEFAULT NULL, + audience TEXT NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + frontchannel_logout_uri TEXT NOT NULL DEFAULT '', + frontchannel_logout_session_required INTEGER NOT NULL DEFAULT false, + post_logout_redirect_uris TEXT NOT NULL DEFAULT '', + backchannel_logout_uri TEXT NOT NULL DEFAULT '', + backchannel_logout_session_required INTEGER NOT NULL DEFAULT false, + metadata TEXT NOT NULL DEFAULT '{}', + token_endpoint_auth_signing_alg VARCHAR(10) NOT NULL DEFAULT '', + registration_access_token_signature VARCHAR(128) NOT NULL DEFAULT '', + access_token_strategy VARCHAR(10) NOT NULL DEFAULT '', + authorization_code_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + authorization_code_grant_id_token_lifespan BIGINT NULL DEFAULT NULL, + authorization_code_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL, + client_credentials_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + implicit_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + implicit_grant_id_token_lifespan BIGINT NULL DEFAULT NULL, + jwt_bearer_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + password_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + password_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL, + refresh_token_grant_id_token_lifespan BIGINT NULL DEFAULT NULL, + refresh_token_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + refresh_token_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL, + skip_consent BOOLEAN NOT NULL DEFAULT false, + nid CHAR(36) NOT NULL, + PRIMARY KEY (id, nid) +); +INSERT INTO "_hydra_client_tmp" (id, + client_name, + client_secret, + redirect_uris, + grant_types, + response_types, + scope, + owner, + policy_uri, + tos_uri, + client_uri, + logo_uri, + contacts, + client_secret_expires_at, + sector_identifier_uri, + jwks, + jwks_uri, + request_uris, + token_endpoint_auth_method, + request_object_signing_alg, + userinfo_signed_response_alg, + subject_type, + allowed_cors_origins, + pk, + pk_deprecated, + audience, + created_at, + updated_at, + frontchannel_logout_uri, + frontchannel_logout_session_required, + post_logout_redirect_uris, + backchannel_logout_uri, + backchannel_logout_session_required, + metadata, + token_endpoint_auth_signing_alg, + access_token_strategy, + registration_access_token_signature, + authorization_code_grant_access_token_lifespan, + authorization_code_grant_id_token_lifespan, + authorization_code_grant_refresh_token_lifespan, + client_credentials_grant_access_token_lifespan, + implicit_grant_access_token_lifespan, + implicit_grant_id_token_lifespan, + jwt_bearer_grant_access_token_lifespan, + password_grant_access_token_lifespan, + password_grant_refresh_token_lifespan, + refresh_token_grant_id_token_lifespan, + refresh_token_grant_access_token_lifespan, + refresh_token_grant_refresh_token_lifespan, + skip_consent, + nid) +SELECT id, + client_name, + client_secret, + redirect_uris, + grant_types, + response_types, + scope, + owner, + policy_uri, + tos_uri, + client_uri, + logo_uri, + contacts, + client_secret_expires_at, + sector_identifier_uri, + jwks, + jwks_uri, + request_uris, + token_endpoint_auth_method, + request_object_signing_alg, + userinfo_signed_response_alg, + subject_type, + allowed_cors_origins, + id, + pk_deprecated, + audience, + created_at, + updated_at, + frontchannel_logout_uri, + frontchannel_logout_session_required, + post_logout_redirect_uris, + backchannel_logout_uri, + backchannel_logout_session_required, + metadata, + token_endpoint_auth_signing_alg, + access_token_strategy, + registration_access_token_signature, + authorization_code_grant_access_token_lifespan, + authorization_code_grant_id_token_lifespan, + authorization_code_grant_refresh_token_lifespan, + client_credentials_grant_access_token_lifespan, + implicit_grant_access_token_lifespan, + implicit_grant_id_token_lifespan, + jwt_bearer_grant_access_token_lifespan, + password_grant_access_token_lifespan, + password_grant_refresh_token_lifespan, + refresh_token_grant_id_token_lifespan, + refresh_token_grant_access_token_lifespan, + refresh_token_grant_refresh_token_lifespan, + skip_consent, + nid +FROM "hydra_client"; +DROP TABLE "hydra_client"; +ALTER TABLE "_hydra_client_tmp" RENAME TO "hydra_client"; diff --git a/persistence/sql/migrations/20230908104443000000_drop_internal_id.sqlite.up.sql b/persistence/sql/migrations/20230908104443000000_drop_internal_id.sqlite.up.sql new file mode 100644 index 00000000000..8e8e268e00a --- /dev/null +++ b/persistence/sql/migrations/20230908104443000000_drop_internal_id.sqlite.up.sql @@ -0,0 +1,155 @@ +CREATE TABLE "_hydra_client_tmp" +( + id VARCHAR(255) NOT NULL, + client_name TEXT NOT NULL, + client_secret TEXT NOT NULL, + redirect_uris TEXT NOT NULL, + grant_types TEXT NOT NULL, + response_types TEXT NOT NULL, + scope TEXT NOT NULL, + owner TEXT NOT NULL, + policy_uri TEXT NOT NULL, + tos_uri TEXT NOT NULL, + client_uri TEXT NOT NULL, + logo_uri TEXT NOT NULL, + contacts TEXT NOT NULL, + client_secret_expires_at INTEGER NOT NULL DEFAULT 0, + sector_identifier_uri TEXT NOT NULL, + jwks TEXT NOT NULL, + jwks_uri TEXT NOT NULL, + request_uris TEXT NOT NULL, + token_endpoint_auth_method VARCHAR(25) NOT NULL DEFAULT '', + request_object_signing_alg VARCHAR(10) NOT NULL DEFAULT '', + userinfo_signed_response_alg VARCHAR(10) NOT NULL DEFAULT '', + subject_type VARCHAR(15) NOT NULL DEFAULT '', + allowed_cors_origins TEXT NOT NULL, + pk_deprecated INTEGER NULL DEFAULT NULL, + audience TEXT NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + frontchannel_logout_uri TEXT NOT NULL DEFAULT '', + frontchannel_logout_session_required INTEGER NOT NULL DEFAULT false, + post_logout_redirect_uris TEXT NOT NULL DEFAULT '', + backchannel_logout_uri TEXT NOT NULL DEFAULT '', + backchannel_logout_session_required INTEGER NOT NULL DEFAULT false, + metadata TEXT NOT NULL DEFAULT '{}', + token_endpoint_auth_signing_alg VARCHAR(10) NOT NULL DEFAULT '', + registration_access_token_signature VARCHAR(128) NOT NULL DEFAULT '', + access_token_strategy VARCHAR(10) NOT NULL DEFAULT '', + authorization_code_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + authorization_code_grant_id_token_lifespan BIGINT NULL DEFAULT NULL, + authorization_code_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL, + client_credentials_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + implicit_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + implicit_grant_id_token_lifespan BIGINT NULL DEFAULT NULL, + jwt_bearer_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + password_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + password_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL, + refresh_token_grant_id_token_lifespan BIGINT NULL DEFAULT NULL, + refresh_token_grant_access_token_lifespan BIGINT NULL DEFAULT NULL, + refresh_token_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL, + skip_consent BOOLEAN NOT NULL DEFAULT false, + nid CHAR(36) NOT NULL, + PRIMARY KEY (id, nid) +); +INSERT INTO "_hydra_client_tmp" (id, + client_name, + client_secret, + redirect_uris, + grant_types, + response_types, + scope, + owner, + policy_uri, + tos_uri, + client_uri, + logo_uri, + contacts, + client_secret_expires_at, + sector_identifier_uri, + jwks, + jwks_uri, + request_uris, + token_endpoint_auth_method, + request_object_signing_alg, + userinfo_signed_response_alg, + subject_type, + allowed_cors_origins, + pk_deprecated, + audience, + created_at, + updated_at, + frontchannel_logout_uri, + frontchannel_logout_session_required, + post_logout_redirect_uris, + backchannel_logout_uri, + backchannel_logout_session_required, + metadata, + token_endpoint_auth_signing_alg, + registration_access_token_signature, + authorization_code_grant_access_token_lifespan, + authorization_code_grant_id_token_lifespan, + authorization_code_grant_refresh_token_lifespan, + client_credentials_grant_access_token_lifespan, + implicit_grant_access_token_lifespan, + implicit_grant_id_token_lifespan, + jwt_bearer_grant_access_token_lifespan, + password_grant_access_token_lifespan, + password_grant_refresh_token_lifespan, + refresh_token_grant_id_token_lifespan, + refresh_token_grant_access_token_lifespan, + refresh_token_grant_refresh_token_lifespan, + skip_consent, + nid) +SELECT id, + client_name, + client_secret, + redirect_uris, + grant_types, + response_types, + scope, + owner, + policy_uri, + tos_uri, + client_uri, + logo_uri, + contacts, + client_secret_expires_at, + sector_identifier_uri, + jwks, + jwks_uri, + request_uris, + token_endpoint_auth_method, + request_object_signing_alg, + userinfo_signed_response_alg, + subject_type, + allowed_cors_origins, + pk_deprecated, + audience, + created_at, + updated_at, + frontchannel_logout_uri, + frontchannel_logout_session_required, + post_logout_redirect_uris, + backchannel_logout_uri, + backchannel_logout_session_required, + metadata, + token_endpoint_auth_signing_alg, + registration_access_token_signature, + authorization_code_grant_access_token_lifespan, + authorization_code_grant_id_token_lifespan, + authorization_code_grant_refresh_token_lifespan, + client_credentials_grant_access_token_lifespan, + implicit_grant_access_token_lifespan, + implicit_grant_id_token_lifespan, + jwt_bearer_grant_access_token_lifespan, + password_grant_access_token_lifespan, + password_grant_refresh_token_lifespan, + refresh_token_grant_id_token_lifespan, + refresh_token_grant_access_token_lifespan, + refresh_token_grant_refresh_token_lifespan, + skip_consent, + nid +FROM "hydra_client"; +DROP TABLE "hydra_client"; +ALTER TABLE "_hydra_client_tmp" RENAME TO "hydra_client"; diff --git a/persistence/sql/migrations/20230908104443000000_drop_internal_id.up.sql b/persistence/sql/migrations/20230908104443000000_drop_internal_id.up.sql new file mode 100644 index 00000000000..ccaed0740ea --- /dev/null +++ b/persistence/sql/migrations/20230908104443000000_drop_internal_id.up.sql @@ -0,0 +1,5 @@ +ALTER TABLE hydra_client DROP CONSTRAINT hydra_client_pkey; + +ALTER TABLE hydra_client DROP COLUMN pk; + +ALTER TABLE hydra_client ADD PRIMARY KEY (id, nid); diff --git a/persistence/sql/migrations/20230908104443000001_drop_internal_id.cockroach.down.sql b/persistence/sql/migrations/20230908104443000001_drop_internal_id.cockroach.down.sql new file mode 100644 index 00000000000..07a18b4664e --- /dev/null +++ b/persistence/sql/migrations/20230908104443000001_drop_internal_id.cockroach.down.sql @@ -0,0 +1 @@ +ALTER TABLE hydra_client ADD COLUMN pk UUID NOT NULL DEFAULT gen_random_uuid(); diff --git a/persistence/sql/migrations/20230908104443000001_drop_internal_id.cockroach.up.sql b/persistence/sql/migrations/20230908104443000001_drop_internal_id.cockroach.up.sql new file mode 100644 index 00000000000..8d4b7219014 --- /dev/null +++ b/persistence/sql/migrations/20230908104443000001_drop_internal_id.cockroach.up.sql @@ -0,0 +1 @@ +ALTER TABLE hydra_client DROP COLUMN pk; diff --git a/persistence/sql/migrations/20230908104443000001_drop_internal_id.down.sql b/persistence/sql/migrations/20230908104443000001_drop_internal_id.down.sql new file mode 100644 index 00000000000..baec243f694 --- /dev/null +++ b/persistence/sql/migrations/20230908104443000001_drop_internal_id.down.sql @@ -0,0 +1 @@ +-- only cockroach diff --git a/persistence/sql/migrations/20230908104443000001_drop_internal_id.up.sql b/persistence/sql/migrations/20230908104443000001_drop_internal_id.up.sql new file mode 100644 index 00000000000..baec243f694 --- /dev/null +++ b/persistence/sql/migrations/20230908104443000001_drop_internal_id.up.sql @@ -0,0 +1 @@ +-- only cockroach diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go index 69ee151cd6c..908a4884b8d 100644 --- a/persistence/sql/persister.go +++ b/persistence/sql/persister.go @@ -107,7 +107,7 @@ func (p *Persister) Rollback(ctx context.Context) (err error) { func NewPersister(ctx context.Context, c *pop.Connection, r Dependencies, config *config.DefaultProvider, extraMigrations []fs.FS, goMigrations []popx.Migration) (*Persister, error) { mb, err := popx.NewMigrationBox( - fsx.Merge(append([]fs.FS{migrations}, extraMigrations...)...), + fsx.Merge(append([]fs.FS{Migrations}, extraMigrations...)...), popx.NewMigrator(c, r.Logger(), r.Tracer(ctx), 0), popx.WithGoMigrations(goMigrations)) if err != nil { diff --git a/persistence/sql/persister_client.go b/persistence/sql/persister_client.go index f6c0c500061..34846ca1220 100644 --- a/persistence/sql/persister_client.go +++ b/persistence/sql/persister_client.go @@ -53,11 +53,9 @@ func (p *Persister) UpdateClient(ctx context.Context, cl *client.Client) (err er } cl.Secret = string(h) } - // set the internal primary key - cl.ID = o.ID - // Set the legacy client ID - cl.LegacyClientID = o.LegacyClientID + // Ensure ID is the same + cl.ID = o.ID if err = cl.BeforeSave(c); err != nil { return sqlcon.HandleError(err) @@ -71,7 +69,7 @@ func (p *Persister) UpdateClient(ctx context.Context, cl *client.Client) (err er } events.Trace(ctx, events.ClientUpdated, - events.WithClientID(cl.ID.String()), + events.WithClientID(cl.ID), events.WithClientName(cl.Name)) return sqlcon.HandleError(err) @@ -104,18 +102,15 @@ func (p *Persister) CreateClient(ctx context.Context, c *client.Client) (err err } c.Secret = string(h) - if c.ID == uuid.Nil { - c.ID = uuid.Must(uuid.NewV4()) - } - if c.LegacyClientID == "" { - c.LegacyClientID = c.ID.String() + if c.ID == "" { + c.ID = uuid.Must(uuid.NewV4()).String() } if err := sqlcon.HandleError(p.CreateWithNetwork(ctx, c)); err != nil { return err } events.Trace(ctx, events.ClientCreated, - events.WithClientID(c.ID.String()), + events.WithClientID(c.ID), events.WithClientName(c.Name)) return nil @@ -135,7 +130,7 @@ func (p *Persister) DeleteClient(ctx context.Context, id string) (err error) { } events.Trace(ctx, events.ClientDeleted, - events.WithClientID(c.ID.String()), + events.WithClientID(c.ID), events.WithClientName(c.Name)) return nil @@ -149,7 +144,7 @@ func (p *Persister) GetClients(ctx context.Context, filters client.Filter) (_ [] query := p.QueryWithNetwork(ctx). Paginate(filters.Offset/filters.Limit+1, filters.Limit). - Order("pk") + Order("id") if filters.Name != "" { query.Where("client_name = ?", filters.Name) diff --git a/persistence/sql/persister_migration.go b/persistence/sql/persister_migration.go index f82605c90b4..153b6036f66 100644 --- a/persistence/sql/persister_migration.go +++ b/persistence/sql/persister_migration.go @@ -21,7 +21,7 @@ import ( ) //go:embed migrations/*.sql -var migrations embed.FS +var Migrations embed.FS func (p *Persister) MigrationStatus(ctx context.Context) (popx.MigrationStatuses, error) { if p.mbs != nil { @@ -89,7 +89,7 @@ func (p *Persister) migrateOldMigrationTables() error { return errorsx.WithStack(err) } - // in this order the migrations only depend on already done ones + // in this order the Migrations only depend on already done ones for i, table := range []oldTableName{clientMigrationTableName, jwkMigrationTableName, consentMigrationTableName, oauth2MigrationTableName} { // If table does not exist, we will skip it. Previously, we created a stub table here which // caused the cached statements to fail, see: @@ -97,7 +97,7 @@ func (p *Persister) migrateOldMigrationTables() error { // https://github.com/flynn/flynn/pull/2306/files // https://github.com/jackc/pgx/issues/110 // https://github.com/flynn/flynn/issues/2235 - // get old migrations + // get old Migrations var migrations []OldMigrationRecord /* #nosec G201 table is static */ @@ -108,7 +108,7 @@ func (p *Persister) migrateOldMigrationTables() error { return err } - // translate migrations + // translate Migrations for _, m := range migrations { // mark the migration as run for fizz // fizz standard version pattern: YYYYMMDDhhmmss diff --git a/persistence/sql/persister_nid_test.go b/persistence/sql/persister_nid_test.go index 807656aa2d4..28e9d7b9be8 100644 --- a/persistence/sql/persister_nid_test.go +++ b/persistence/sql/persister_nid_test.go @@ -155,7 +155,7 @@ func (s *PersisterTestSuite) TestAuthenticate() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id", Secret: "secret"} + client := &client.Client{ID: "client-id", Secret: "secret"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) actual, err := r.Persister().Authenticate(s.t2, "client-id", []byte("secret")) @@ -290,9 +290,9 @@ func (s *PersisterTestSuite) TestCountSubjectsGrantedConsentRequests() { sessionID := uuid.Must(uuid.NewV4()).String() persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) - f := newFlow(s.t1NID, client.LegacyClientID, sub, sqlxx.NullString(sessionID)) + f := newFlow(s.t1NID, client.ID, sub, sqlxx.NullString(sessionID)) f.ConsentSkip = false f.ConsentError = &flow.RequestDeniedError{} f.State = flow.FlowStateConsentUnused @@ -313,14 +313,14 @@ func (s *PersisterTestSuite) TestCreateAccessTokenSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - c1 := &client.Client{LegacyClientID: "client-id"} + c1 := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, c1)) - c2 := &client.Client{LegacyClientID: "client-id"} + c2 := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t2, c2)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() - fr.Client = &fosite.DefaultClient{ID: c1.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: c1.ID} require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr)) actual := persistencesql.OAuth2RequestSQL{Table: "access"} require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig))) @@ -333,13 +333,13 @@ func (s *PersisterTestSuite) TestCreateAuthorizeCodeSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - c1 := &client.Client{LegacyClientID: "client-id"} + c1 := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, c1)) - c2 := &client.Client{LegacyClientID: "client-id"} + c2 := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t2, c2)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() - fr.Client = &fosite.DefaultClient{ID: c1.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: c1.ID} require.NoError(t, r.Persister().CreateAuthorizeCodeSession(s.t1, sig, fr)) actual := persistencesql.OAuth2RequestSQL{Table: "code"} require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, sig)) @@ -352,7 +352,7 @@ func (s *PersisterTestSuite) TestCreateClient() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - expected := &client.Client{LegacyClientID: "client-id"} + expected := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, expected)) actual := client.Client{} require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, expected.ID)) @@ -366,8 +366,8 @@ func (s *PersisterTestSuite) TestCreateConsentRequest() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - client := &client.Client{LegacyClientID: "client-id"} - f := newFlow(s.t1NID, client.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + client := &client.Client{ID: "client-id"} + f := newFlow(s.t1NID, client.ID, "sub", sqlxx.NullString(sessionID)) persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) require.NoError(t, r.Persister().CreateClient(s.t1, client)) require.NoError(t, r.Persister().Connection(context.Background()).Create(f)) @@ -392,11 +392,11 @@ func (s *PersisterTestSuite) TestCreateForcedObfuscatedLoginSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} - session := &consent.ForcedObfuscatedLoginSession{ClientID: client.LegacyClientID} + client := &client.Client{ID: "client-id"} + session := &consent.ForcedObfuscatedLoginSession{ClientID: client.ID} require.NoError(t, r.Persister().CreateClient(s.t1, client)) require.NoError(t, r.Persister().CreateForcedObfuscatedLoginSession(s.t1, session)) - actual, err := r.Persister().GetForcedObfuscatedLoginSession(s.t1, client.LegacyClientID, "") + actual, err := r.Persister().GetForcedObfuscatedLoginSession(s.t1, client.ID, "") require.NoError(t, err) require.Equal(t, s.t1NID, actual.NID) }) @@ -426,8 +426,8 @@ func (s *PersisterTestSuite) TestCreateLoginRequest() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} - lr := flow.LoginRequest{ID: "lr-id", ClientID: client.LegacyClientID, RequestedAt: time.Now()} + client := &client.Client{ID: "client-id"} + lr := flow.LoginRequest{ID: "lr-id", ClientID: client.ID, RequestedAt: time.Now()} require.NoError(t, r.Persister().CreateClient(s.t1, client)) f, err := r.ConsentManager().CreateLoginRequest(s.t1, &lr) @@ -454,11 +454,11 @@ func (s *PersisterTestSuite) TestCreateLogoutRequest() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} lr := flow.LogoutRequest{ // TODO there is not FK for SessionID so we don't need it here; TODO make sure the missing FK is intentional ID: uuid.Must(uuid.NewV4()).String(), - ClientID: sql.NullString{Valid: true, String: client.LegacyClientID}, + ClientID: sql.NullString{Valid: true, String: client.ID}, } require.NoError(t, r.Persister().CreateClient(s.t1, client)) @@ -474,7 +474,7 @@ func (s *PersisterTestSuite) TestCreateOpenIDConnectSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) request := fosite.NewRequest() @@ -494,7 +494,7 @@ func (s *PersisterTestSuite) TestCreatePKCERequestSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) request := fosite.NewRequest() @@ -515,7 +515,7 @@ func (s *PersisterTestSuite) TestCreateRefreshTokenSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) request := fosite.NewRequest() @@ -535,7 +535,7 @@ func (s *PersisterTestSuite) TestCreateWithNetwork() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - expected := &client.Client{LegacyClientID: "client-id"} + expected := &client.Client{ID: "client-id"} store, ok := r.OAuth2Storage().(*persistencesql.Persister) if !ok { t.Fatal("type assertion failed") @@ -543,7 +543,7 @@ func (s *PersisterTestSuite) TestCreateWithNetwork() { store.CreateWithNetwork(s.t1, expected) actual := &client.Client{} - require.NoError(t, r.Persister().Connection(context.Background()).Where("id = ?", expected.LegacyClientID).First(actual)) + require.NoError(t, r.Persister().Connection(context.Background()).Where("id = ?", expected.ID).First(actual)) require.Equal(t, s.t1NID, actual.NID) }) } @@ -553,11 +553,11 @@ func (s *PersisterTestSuite) DeleteAccessTokenSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() - fr.Client = &fosite.DefaultClient{ID: client.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: client.ID} require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr)) require.NoError(t, r.Persister().DeleteAccessTokenSession(s.t2, sig)) @@ -575,19 +575,19 @@ func (s *PersisterTestSuite) TestDeleteAccessTokens() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() - fr.Client = &fosite.DefaultClient{ID: client.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: client.ID} require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr)) - require.NoError(t, r.Persister().DeleteAccessTokens(s.t2, client.LegacyClientID)) + require.NoError(t, r.Persister().DeleteAccessTokens(s.t2, client.ID)) actual := persistencesql.OAuth2RequestSQL{Table: "access"} require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig))) require.Equal(t, s.t1NID, actual.NID) - require.NoError(t, r.Persister().DeleteAccessTokens(s.t1, client.LegacyClientID)) + require.NoError(t, r.Persister().DeleteAccessTokens(s.t1, client.ID)) require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig))) }) } @@ -597,12 +597,12 @@ func (s *PersisterTestSuite) TestDeleteClient() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - c := &client.Client{LegacyClientID: "client-id"} + c := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, c)) actual := client.Client{} - require.Error(t, r.Persister().DeleteClient(s.t2, c.LegacyClientID)) + require.Error(t, r.Persister().DeleteClient(s.t2, c.ID)) require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, c.ID)) - require.NoError(t, r.Persister().DeleteClient(s.t1, c.LegacyClientID)) + require.NoError(t, r.Persister().DeleteClient(s.t1, c.ID)) require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, c.ID)) }) } @@ -660,7 +660,7 @@ func (s *PersisterTestSuite) TestDeleteOpenIDConnectSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) request := fosite.NewRequest() @@ -683,7 +683,7 @@ func (s *PersisterTestSuite) TestDeletePKCERequestSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) request := fosite.NewRequest() @@ -706,7 +706,7 @@ func (s *PersisterTestSuite) TestDeleteRefreshTokenSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) request := fosite.NewRequest() @@ -748,8 +748,8 @@ func (s *PersisterTestSuite) TestFindGrantedAndRememberedConsentRequests() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - client := &client.Client{LegacyClientID: "client-id"} - f := newFlow(s.t1NID, client.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + client := &client.Client{ID: "client-id"} + f := newFlow(s.t1NID, client.ID, "sub", sqlxx.NullString(sessionID)) persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) require.NoError(t, r.Persister().CreateClient(s.t1, client)) @@ -771,11 +771,11 @@ func (s *PersisterTestSuite) TestFindGrantedAndRememberedConsentRequests() { require.NoError(t, err) require.NoError(t, r.Persister().Connection(context.Background()).Create(f)) - actual, err := r.Persister().FindGrantedAndRememberedConsentRequests(s.t2, client.LegacyClientID, f.Subject) + actual, err := r.Persister().FindGrantedAndRememberedConsentRequests(s.t2, client.ID, f.Subject) require.Error(t, err) require.Equal(t, 0, len(actual)) - actual, err = r.Persister().FindGrantedAndRememberedConsentRequests(s.t1, client.LegacyClientID, f.Subject) + actual, err = r.Persister().FindGrantedAndRememberedConsentRequests(s.t1, client.ID, f.Subject) require.NoError(t, err) require.Equal(t, 1, len(actual)) }) @@ -787,8 +787,8 @@ func (s *PersisterTestSuite) TestFindSubjectsGrantedConsentRequests() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - client := &client.Client{LegacyClientID: "client-id"} - f := newFlow(s.t1NID, client.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + client := &client.Client{ID: "client-id"} + f := newFlow(s.t1NID, client.ID, "sub", sqlxx.NullString(sessionID)) persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) require.NoError(t, r.Persister().CreateClient(s.t1, client)) require.NoError(t, r.Persister().Connection(context.Background()).Create(f)) @@ -825,12 +825,12 @@ func (s *PersisterTestSuite) TestFlushInactiveAccessTokens() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() fr.RequestedAt = time.Now().UTC().Add(-24 * time.Hour) - fr.Client = &fosite.DefaultClient{ID: client.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: client.ID} require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr)) actual := persistencesql.OAuth2RequestSQL{Table: "access"} @@ -889,8 +889,8 @@ func (s *PersisterTestSuite) TestFlushInactiveLoginConsentRequests() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - client := &client.Client{LegacyClientID: "client-id"} - f := newFlow(s.t1NID, client.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + client := &client.Client{ID: "client-id"} + f := newFlow(s.t1NID, client.ID, "sub", sqlxx.NullString(sessionID)) f.RequestedAt = time.Now().Add(-24 * time.Hour) persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) require.NoError(t, r.Persister().CreateClient(s.t1, client)) @@ -910,7 +910,7 @@ func (s *PersisterTestSuite) TestFlushInactiveRefreshTokens() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} request := fosite.NewRequest() request.RequestedAt = time.Now().Add(-240 * 365 * time.Hour) request.Client = &fosite.DefaultClient{ID: "client-id"} @@ -933,11 +933,11 @@ func (s *PersisterTestSuite) TestGetAccessTokenSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() - fr.Client = &fosite.DefaultClient{ID: client.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: client.ID} require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr)) actual, err := r.Persister().GetAccessTokenSession(s.t2, sig, &fosite.DefaultSession{}) @@ -954,11 +954,11 @@ func (s *PersisterTestSuite) TestGetAuthorizeCodeSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() - fr.Client = &fosite.DefaultClient{ID: client.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: client.ID} require.NoError(t, r.Persister().CreateAuthorizeCodeSession(s.t1, sig, fr)) actual, err := r.Persister().GetAuthorizeCodeSession(s.t2, sig, &fosite.DefaultSession{}) @@ -975,15 +975,15 @@ func (s *PersisterTestSuite) TestGetClient() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - expected := &client.Client{LegacyClientID: "client-id"} + expected := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, expected)) - actual, err := r.Persister().GetClient(s.t2, expected.LegacyClientID) + actual, err := r.Persister().GetClient(s.t2, expected.ID) require.Error(t, err) require.Nil(t, actual) - actual, err = r.Persister().GetClient(s.t1, expected.LegacyClientID) + actual, err = r.Persister().GetClient(s.t1, expected.ID) require.NoError(t, err) - require.Equal(t, expected.LegacyClientID, actual.GetID()) + require.Equal(t, expected.ID, actual.GetID()) }) } } @@ -1011,7 +1011,7 @@ func (s *PersisterTestSuite) TestGetClients() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - c := &client.Client{LegacyClientID: "client-id"} + c := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, c)) actual, err := r.Persister().GetClients(s.t2, client.Filter{Offset: 0, Limit: 100}) @@ -1028,15 +1028,15 @@ func (s *PersisterTestSuite) TestGetConcreteClient() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - expected := &client.Client{LegacyClientID: "client-id"} + expected := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, expected)) - actual, err := r.Persister().GetConcreteClient(s.t2, expected.LegacyClientID) + actual, err := r.Persister().GetConcreteClient(s.t2, expected.ID) require.Error(t, err) require.Nil(t, actual) - actual, err = r.Persister().GetConcreteClient(s.t1, expected.LegacyClientID) + actual, err = r.Persister().GetConcreteClient(s.t1, expected.ID) require.NoError(t, err) - require.Equal(t, expected.LegacyClientID, actual.GetID()) + require.Equal(t, expected.ID, actual.GetID()) }) } } @@ -1070,8 +1070,8 @@ func (s *PersisterTestSuite) TestGetConsentRequest() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - client := &client.Client{LegacyClientID: "client-id"} - f := newFlow(s.t1NID, client.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + client := &client.Client{ID: "client-id"} + f := newFlow(s.t1NID, client.ID, "sub", sqlxx.NullString(sessionID)) persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) require.NoError(t, r.Persister().CreateClient(s.t1, client)) require.NoError(t, r.Persister().Connection(context.Background()).Create(f)) @@ -1101,8 +1101,8 @@ func (s *PersisterTestSuite) TestGetFlow() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - client := &client.Client{LegacyClientID: "client-id"} - f := newFlow(s.t1NID, client.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + client := &client.Client{ID: "client-id"} + f := newFlow(s.t1NID, client.ID, "sub", sqlxx.NullString(sessionID)) persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) require.NoError(t, r.Persister().CreateClient(s.t1, client)) require.NoError(t, r.Persister().Connection(context.Background()).Create(f)) @@ -1126,8 +1126,8 @@ func (s *PersisterTestSuite) TestGetFlowByConsentChallenge() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - client := &client.Client{LegacyClientID: "client-id"} - f := newFlow(s.t1NID, client.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + client := &client.Client{ID: "client-id"} + f := newFlow(s.t1NID, client.ID, "sub", sqlxx.NullString(sessionID)) require.NoError(t, r.Persister().CreateLoginSession(s.t1, &flow.LoginSession{ID: sessionID})) require.NoError(t, r.Persister().CreateClient(s.t1, client)) @@ -1151,16 +1151,16 @@ func (s *PersisterTestSuite) TestGetForcedObfuscatedLoginSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} - session := &consent.ForcedObfuscatedLoginSession{ClientID: client.LegacyClientID} + client := &client.Client{ID: "client-id"} + session := &consent.ForcedObfuscatedLoginSession{ClientID: client.ID} require.NoError(t, r.Persister().CreateClient(s.t1, client)) require.NoError(t, r.Persister().CreateForcedObfuscatedLoginSession(s.t1, session)) - actual, err := r.Persister().GetForcedObfuscatedLoginSession(s.t2, client.LegacyClientID, "") + actual, err := r.Persister().GetForcedObfuscatedLoginSession(s.t2, client.ID, "") require.Error(t, err) require.Nil(t, actual) - actual, err = r.Persister().GetForcedObfuscatedLoginSession(s.t1, client.LegacyClientID, "") + actual, err = r.Persister().GetForcedObfuscatedLoginSession(s.t1, client.ID, "") require.NoError(t, err) require.NotNil(t, actual) }) @@ -1195,8 +1195,8 @@ func (s *PersisterTestSuite) TestGetLoginRequest() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} - lr := flow.LoginRequest{ID: "lr-id", ClientID: client.LegacyClientID, RequestedAt: time.Now()} + client := &client.Client{ID: "client-id"} + lr := flow.LoginRequest{ID: "lr-id", ClientID: client.ID, RequestedAt: time.Now()} require.NoError(t, r.Persister().CreateClient(s.t1, client)) f, err := r.ConsentManager().CreateLoginRequest(s.t1, &lr) @@ -1220,10 +1220,10 @@ func (s *PersisterTestSuite) TestGetLogoutRequest() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} lr := flow.LogoutRequest{ ID: uuid.Must(uuid.NewV4()).String(), - ClientID: sql.NullString{Valid: true, String: client.LegacyClientID}, + ClientID: sql.NullString{Valid: true, String: client.ID}, } require.NoError(t, r.Persister().CreateClient(s.t1, client)) @@ -1244,7 +1244,7 @@ func (s *PersisterTestSuite) TestGetOpenIDConnectSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} request := fosite.NewRequest() request.SetID("request-id") request.Client = &fosite.DefaultClient{ID: "client-id"} @@ -1267,7 +1267,7 @@ func (s *PersisterTestSuite) TestGetPKCERequestSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} request := fosite.NewRequest() request.SetID("request-id") request.Client = &fosite.DefaultClient{ID: "client-id"} @@ -1363,7 +1363,7 @@ func (s *PersisterTestSuite) TestGetRefreshTokenSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} request := fosite.NewRequest() request.SetID("request-id") request.Client = &fosite.DefaultClient{ID: "client-id"} @@ -1405,11 +1405,10 @@ func (s *PersisterTestSuite) TestHandleConsentRequest() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - c1 := &client.Client{LegacyClientID: uuidx.NewV4().String()} - f := newFlow(s.t1NID, c1.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + c1 := &client.Client{ID: uuidx.NewV4().String()} + f := newFlow(s.t1NID, c1.ID, "sub", sqlxx.NullString(sessionID)) persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) require.NoError(t, r.Persister().CreateClient(s.t1, c1)) - c1.ID = uuid.Nil require.NoError(t, r.Persister().CreateClient(s.t2, c1)) req := &flow.OAuth2ConsentRequest{ @@ -1430,7 +1429,7 @@ func (s *PersisterTestSuite) TestHandleConsentRequest() { actualCR, err := r.Persister().HandleConsentRequest(s.t2, f, hcr) require.Error(t, err) require.Nil(t, actualCR) - actual, err := r.Persister().FindGrantedAndRememberedConsentRequests(s.t1, c1.LegacyClientID, f.Subject) + actual, err := r.Persister().FindGrantedAndRememberedConsentRequests(s.t1, c1.ID, f.Subject) require.Error(t, err) require.Equal(t, 0, len(actual)) @@ -1438,7 +1437,7 @@ func (s *PersisterTestSuite) TestHandleConsentRequest() { require.NoError(t, err) require.NotNil(t, actualCR) require.NoError(t, r.Persister().Connection(context.Background()).Create(f)) - actual, err = r.Persister().FindGrantedAndRememberedConsentRequests(s.t1, c1.LegacyClientID, f.Subject) + actual, err = r.Persister().FindGrantedAndRememberedConsentRequests(s.t1, c1.ID, f.Subject) require.NoError(t, err) require.Equal(t, 1, len(actual)) }) @@ -1449,13 +1448,13 @@ func (s *PersisterTestSuite) TestInvalidateAuthorizeCodeSession() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: uuidx.NewV4().String()} - require.NoError(t, r.Persister().CreateClient(s.t1, client)) - client.ID = uuid.Nil - require.NoError(t, r.Persister().CreateClient(s.t2, client)) + cl := &client.Client{ID: uuidx.NewV4().String()} + require.NoError(t, r.Persister().CreateClient(s.t1, cl)) + cl.ID = "" + require.NoError(t, r.Persister().CreateClient(s.t2, cl)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() - fr.Client = &fosite.DefaultClient{ID: client.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: cl.ID} require.NoError(t, r.Persister().CreateAuthorizeCodeSession(s.t1, sig, fr)) require.NoError(t, r.Persister().InvalidateAuthorizeCodeSession(s.t2, sig)) @@ -1493,24 +1492,24 @@ func (s *PersisterTestSuite) TestListUserAuthenticatedClientsWithBackChannelLogo t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - c1 := &client.Client{LegacyClientID: "client-1", BackChannelLogoutURI: "not-null"} - c2 := &client.Client{LegacyClientID: "client-2", BackChannelLogoutURI: "not-null"} + c1 := &client.Client{ID: "client-1", BackChannelLogoutURI: "not-null"} + c2 := &client.Client{ID: "client-2", BackChannelLogoutURI: "not-null"} require.NoError(t, r.Persister().CreateClient(s.t1, c1)) - c1.ID = uuid.Nil + c1.ID = "" require.NoError(t, r.Persister().CreateClient(s.t2, c1)) require.NoError(t, r.Persister().CreateClient(s.t2, c2)) - t1f1 := newFlow(s.t1NID, c1.LegacyClientID, "sub", sqlxx.NullString(uuid.Must(uuid.NewV4()).String())) + t1f1 := newFlow(s.t1NID, c1.ID, "sub", sqlxx.NullString(uuid.Must(uuid.NewV4()).String())) t1f1.ConsentChallengeID = "t1f1-consent-challenge" t1f1.LoginVerifier = "t1f1-login-verifier" t1f1.ConsentVerifier = "t1f1-consent-verifier" - t2f1 := newFlow(s.t2NID, c1.LegacyClientID, "sub", t1f1.SessionID) + t2f1 := newFlow(s.t2NID, c1.ID, "sub", t1f1.SessionID) t2f1.ConsentChallengeID = "t2f1-consent-challenge" t2f1.LoginVerifier = "t2f1-login-verifier" t2f1.ConsentVerifier = "t2f1-consent-verifier" - t2f2 := newFlow(s.t2NID, c2.LegacyClientID, "sub", t1f1.SessionID) + t2f2 := newFlow(s.t2NID, c2.ID, "sub", t1f1.SessionID) t2f2.ConsentChallengeID = "t2f2-consent-challenge" t2f2.LoginVerifier = "t2f2-login-verifier" t2f2.ConsentVerifier = "t2f2-consent-verifier" @@ -1577,24 +1576,24 @@ func (s *PersisterTestSuite) TestListUserAuthenticatedClientsWithFrontChannelLog t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - c1 := &client.Client{LegacyClientID: "client-1", FrontChannelLogoutURI: "not-null"} - c2 := &client.Client{LegacyClientID: "client-2", FrontChannelLogoutURI: "not-null"} + c1 := &client.Client{ID: "client-1", FrontChannelLogoutURI: "not-null"} + c2 := &client.Client{ID: "client-2", FrontChannelLogoutURI: "not-null"} require.NoError(t, r.Persister().CreateClient(s.t1, c1)) - c1.ID = uuid.Nil + c1.ID = "" require.NoError(t, r.Persister().CreateClient(s.t2, c1)) require.NoError(t, r.Persister().CreateClient(s.t2, c2)) - t1f1 := newFlow(s.t1NID, c1.LegacyClientID, "sub", sqlxx.NullString(uuid.Must(uuid.NewV4()).String())) + t1f1 := newFlow(s.t1NID, c1.ID, "sub", sqlxx.NullString(uuid.Must(uuid.NewV4()).String())) t1f1.ConsentChallengeID = "t1f1-consent-challenge" t1f1.LoginVerifier = "t1f1-login-verifier" t1f1.ConsentVerifier = "t1f1-consent-verifier" - t2f1 := newFlow(s.t2NID, c1.LegacyClientID, "sub", t1f1.SessionID) + t2f1 := newFlow(s.t2NID, c1.ID, "sub", t1f1.SessionID) t2f1.ConsentChallengeID = "t2f1-consent-challenge" t2f1.LoginVerifier = "t2f1-login-verifier" t2f1.ConsentVerifier = "t2f1-consent-verifier" - t2f2 := newFlow(s.t2NID, c2.LegacyClientID, "sub", t1f1.SessionID) + t2f2 := newFlow(s.t2NID, c2.ID, "sub", t1f1.SessionID) t2f2.ConsentChallengeID = "t2f2-consent-challenge" t2f2.LoginVerifier = "t2f2-login-verifier" t2f2.ConsentVerifier = "t2f2-consent-verifier" @@ -1686,7 +1685,7 @@ func (s *PersisterTestSuite) TestQueryWithNetwork() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - r.Persister().CreateClient(s.t1, &client.Client{LegacyClientID: "client-1", FrontChannelLogoutURI: "not-null"}) + r.Persister().CreateClient(s.t1, &client.Client{ID: "client-1", FrontChannelLogoutURI: "not-null"}) store, ok := r.Persister().(*persistencesql.Persister) if !ok { @@ -1726,11 +1725,11 @@ func (s *PersisterTestSuite) TestRevokeAccessToken() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) sig := uuid.Must(uuid.NewV4()).String() fr := fosite.NewRequest() - fr.Client = &fosite.DefaultClient{ID: client.LegacyClientID} + fr.Client = &fosite.DefaultClient{ID: client.ID} require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr)) require.NoError(t, r.Persister().RevokeAccessToken(s.t2, fr.ID)) @@ -1748,7 +1747,7 @@ func (s *PersisterTestSuite) TestRevokeRefreshToken() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) request := fosite.NewRequest() @@ -1773,7 +1772,7 @@ func (s *PersisterTestSuite) TestRevokeRefreshTokenMaybeGracePeriod() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) request := fosite.NewRequest() @@ -1804,8 +1803,8 @@ func (s *PersisterTestSuite) TestRevokeSubjectClientConsentSession() { for k, r := range s.registries { t.Run(k, func(t *testing.T) { sessionID := uuid.Must(uuid.NewV4()).String() - client := &client.Client{LegacyClientID: "client-id"} - f := newFlow(s.t1NID, client.LegacyClientID, "sub", sqlxx.NullString(sessionID)) + client := &client.Client{ID: "client-id"} + f := newFlow(s.t1NID, client.ID, "sub", sqlxx.NullString(sessionID)) f.RequestedAt = time.Now().Add(-24 * time.Hour) persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) require.NoError(t, r.Persister().CreateClient(s.t1, client)) @@ -1813,9 +1812,9 @@ func (s *PersisterTestSuite) TestRevokeSubjectClientConsentSession() { actual := flow.Flow{} - require.Error(t, r.Persister().RevokeSubjectClientConsentSession(s.t2, "sub", client.LegacyClientID)) + require.Error(t, r.Persister().RevokeSubjectClientConsentSession(s.t2, "sub", client.ID)) require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, f.ID)) - require.NoError(t, r.Persister().RevokeSubjectClientConsentSession(s.t1, "sub", client.LegacyClientID)) + require.NoError(t, r.Persister().RevokeSubjectClientConsentSession(s.t1, "sub", client.ID)) require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, f.ID)) }) } @@ -1858,8 +1857,8 @@ func (s *PersisterTestSuite) TestUpdateClient() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - t1c1 := &client.Client{LegacyClientID: "client-id", Name: "original", Secret: "original-secret"} - t2c1 := &client.Client{LegacyClientID: "client-id", Name: "original", Secret: "original-secret"} + t1c1 := &client.Client{ID: "client-id", Name: "original", Secret: "original-secret"} + t2c1 := &client.Client{ID: "client-id", Name: "original", Secret: "original-secret"} require.NoError(t, r.Persister().CreateClient(s.t1, t1c1)) require.NoError(t, r.Persister().CreateClient(s.t2, t2c1)) expectedHash := t1c1.Secret @@ -1947,8 +1946,8 @@ func (s *PersisterTestSuite) TestUpdateWithNetwork() { t := s.T() for k, r := range s.registries { t.Run(k, func(t *testing.T) { - t1c1 := &client.Client{LegacyClientID: "client-id", Name: "original", Secret: "original-secret"} - t2c1 := &client.Client{LegacyClientID: "client-id", Name: "original", Secret: "original-secret", Owner: "erase-me"} + t1c1 := &client.Client{ID: "client-id", Name: "original", Secret: "original-secret"} + t2c1 := &client.Client{ID: "client-id", Name: "original", Secret: "original-secret", Owner: "erase-me"} require.NoError(t, r.Persister().CreateClient(s.t1, t1c1)) require.NoError(t, r.Persister().CreateClient(s.t2, t2c1)) @@ -1957,7 +1956,7 @@ func (s *PersisterTestSuite) TestUpdateWithNetwork() { t.Fatal("type assertion failed") } - count, err := store.UpdateWithNetwork(s.t1, &client.Client{ID: t1c1.ID, LegacyClientID: "client-id", Name: "updated", Secret: "original-secret"}) + count, err := store.UpdateWithNetwork(s.t1, &client.Client{ID: "client-id", Name: "updated", Secret: "original-secret"}) require.NoError(t, err) require.Equal(t, int64(1), count) actualt1, err := store.GetConcreteClient(s.t1, "client-id") @@ -1979,9 +1978,9 @@ func (s *PersisterTestSuite) TestVerifyAndInvalidateConsentRequest() { sub := uuid.Must(uuid.NewV4()).String() sessionID := uuid.Must(uuid.NewV4()).String() persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) - f := newFlow(s.t1NID, client.LegacyClientID, sub, sqlxx.NullString(sessionID)) + f := newFlow(s.t1NID, client.ID, sub, sqlxx.NullString(sessionID)) f.ConsentSkip = false f.GrantedScope = sqlxx.StringSliceJSONFormat{} f.ConsentRemember = false @@ -2014,9 +2013,9 @@ func (s *PersisterTestSuite) TestVerifyAndInvalidateLoginRequest() { sub := uuid.Must(uuid.NewV4()).String() sessionID := uuid.Must(uuid.NewV4()).String() persistLoginSession(s.t1, t, r.Persister(), &flow.LoginSession{ID: sessionID}) - client := &client.Client{LegacyClientID: "client-id"} + client := &client.Client{ID: "client-id"} require.NoError(t, r.Persister().CreateClient(s.t1, client)) - f := newFlow(s.t1NID, client.LegacyClientID, sub, sqlxx.NullString(sessionID)) + f := newFlow(s.t1NID, client.ID, sub, sqlxx.NullString(sessionID)) f.State = flow.FlowStateLoginUnused loginVerifier := x.Must(f.ToLoginVerifier(s.t1, r)) @@ -2089,7 +2088,7 @@ func TestPersisterTestSuite(t *testing.T) { func newClient() *client.Client { return &client.Client{ - ID: uuid.Must(uuid.NewV4()), + ID: uuid.Must(uuid.NewV4()).String(), } } diff --git a/x/oauth2cors/cors_test.go b/x/oauth2cors/cors_test.go index 62b57d29ff1..d450fe308ab 100644 --- a/x/oauth2cors/cors_test.go +++ b/x/oauth2cors/cors_test.go @@ -67,7 +67,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"http://not-test-domain.com"}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-2", Secret: "bar", AllowedCORSOrigins: []string{"http://not-foobar.com"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-2", Secret: "bar", AllowedCORSOrigins: []string{"http://not-foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Content-Type": {"application/x-www-form-urlencoded"}}, @@ -82,7 +82,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"http://not-test-domain.com"}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-3", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-3", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Content-Type": {"application/x-www-form-urlencoded"}}, @@ -97,7 +97,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"http://not-test-domain.com"}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-2", Secret: "bar", AllowedCORSOrigins: []string{"http://not-foobar.com"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-2", Secret: "bar", AllowedCORSOrigins: []string{"http://not-foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-2", "bar"))}}, @@ -109,7 +109,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.enabled", true) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-3", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-3", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-3", "bar"))}}, @@ -122,7 +122,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-3", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-3", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-3", "bar"))}}, @@ -135,7 +135,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-4", Secret: "bar", AllowedCORSOrigins: []string{"http://*.foobar.com"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-4", Secret: "bar", AllowedCORSOrigins: []string{"http://*.foobar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foo.foobar.com"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-4", "bar"))}}, @@ -148,7 +148,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-4", Secret: "bar", AllowedCORSOrigins: []string{"http://*"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-4", Secret: "bar", AllowedCORSOrigins: []string{"http://*"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foo.foobar.com"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-4", "bar"))}}, @@ -161,7 +161,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"*"}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-5", Secret: "bar", AllowedCORSOrigins: []string{"http://barbar.com"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-5", Secret: "bar", AllowedCORSOrigins: []string{"http://barbar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"*"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-5", "bar"))}}, @@ -174,7 +174,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"http://*.foobar.com"}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-6", Secret: "bar", AllowedCORSOrigins: []string{"http://barbar.com"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-6", Secret: "bar", AllowedCORSOrigins: []string{"http://barbar.com"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foo.foobar.com"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-6", "bar"))}}, @@ -187,7 +187,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"http://not-test-domain.com"}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-7", Secret: "bar", AllowedCORSOrigins: []string{"*"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-7", Secret: "bar", AllowedCORSOrigins: []string{"*"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://foobar.com"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-7", "bar"))}}, @@ -222,7 +222,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { sess := oauth2.NewSession("foo-9") sess.SetExpiresAt(fosite.AccessToken, time.Now().Add(time.Hour)) ar := fosite.NewAccessRequest(sess) - cl := &client.Client{LegacyClientID: "foo-9", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}} + cl := &client.Client{ID: "foo-9", Secret: "bar", AllowedCORSOrigins: []string{"http://foobar.com"}} ar.Client = cl // Ignore unique violations @@ -239,7 +239,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.enabled", true) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-11", Secret: "bar", AllowedCORSOrigins: []string{"*"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-11", Secret: "bar", AllowedCORSOrigins: []string{"*"}}) r.Config().MustSet(ctx, "serve.public.cors.enabled", true) r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"http://*", "https://*"}) }, @@ -254,7 +254,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"http://**.example.com"}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-12", Secret: "bar", AllowedCORSOrigins: []string{"http://myapp.example.biz"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-12", Secret: "bar", AllowedCORSOrigins: []string{"http://myapp.example.biz"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://myapp.example.biz"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-12", "bar"))}}, @@ -267,7 +267,7 @@ func TestOAuth2AwareCORSMiddleware(t *testing.T) { r.Config().MustSet(ctx, "serve.public.cors.allowed_origins", []string{"http://**.example.com"}) // Ignore unique violations - _ = r.ClientManager().CreateClient(ctx, &client.Client{LegacyClientID: "foo-13", Secret: "bar", AllowedCORSOrigins: []string{"http://myapp.example.biz"}}) + _ = r.ClientManager().CreateClient(ctx, &client.Client{ID: "foo-13", Secret: "bar", AllowedCORSOrigins: []string{"http://myapp.example.biz"}}) }, code: http.StatusNotImplemented, header: http.Header{"Origin": {"http://client-app.example.com"}, "Authorization": {fmt.Sprintf("Basic %s", x.BasicAuth("foo-13", "bar"))}},