func (h *Handler) createRootIfNewInstall(c *config.Config) {
ctx := c.Context()
clients, err := h.Clients.Manager.GetClients()
pkg.Must(err, "Could not fetch client list: %s", err)
if len(clients) != 0 {
return
}
rs, err := pkg.GenerateSecret(16)
pkg.Must(err, "Could notgenerate secret because %s", err)
secret := []byte(string(rs))
logrus.Warn("No clients were found. Creating a temporary root client...")
root := &fosite.DefaultClient{
Name: "This temporary client is generated by hydra and is granted all of hydra's administrative privileges. It must be removed when everything is set up.",
GrantTypes: []string{"client_credentials", "authorization_code"},
ResponseTypes: []string{"token", "code"},
GrantedScopes: []string{"hydra", "core"},
RedirectURIs: []string{"http://localhost:4445/callback"},
Secret: secret,
}
err = h.Clients.Manager.CreateClient(root)
pkg.Must(err, "Could not create temporary root because %s", err)
err = ctx.LadonManager.Create(&ladon.DefaultPolicy{
Description: "This is a policy created by hydra and issued to the first client. It grants all of hydra's administrative privileges to the client and enables the client_credentials response type.",
Subjects: []string{root.GetID()},
Effect: ladon.AllowAccess,
Resources: []string{"rn:hydra:<.*>"},
Actions: []string{"<.*>"},
})
pkg.Must(err, "Could not create admin policy because %s", err)
c.Lock()
c.ClientID = root.ID
c.ClientSecret = string(secret)
c.Unlock()
logrus.Warn("Temporary root client created.")
logrus.Warnf("client_id: %s", root.GetID())
logrus.Warnf("client_secret: %s", string(secret))
logrus.Warn("The root client must be removed in production. The root's credentials could be accidentally logged.")
}
func (c *Config) GetSystemSecret() []byte {
c.Lock()
defer c.Unlock()
if len(c.SystemSecret) >= 16 {
hash := sha256.Sum256(c.SystemSecret)
c.SystemSecret = hash[:]
return c.SystemSecret
}
logrus.Warnf("Expected system secret to be at least %d characters long but only got %d characters.", 32, len(c.SystemSecret))
logrus.Warnln("Generating a random system secret...")
var err error
c.SystemSecret, err = pkg.GenerateSecret(32)
pkg.Must(err, "Could not generate global secret: %s", err)
logrus.Warnf("Generated system secret: %s", c.SystemSecret)
logrus.Warnln("Do not auto-generate system secrets in production.")
hash := sha256.Sum256(c.SystemSecret)
c.SystemSecret = hash[:]
return c.SystemSecret
}
func (h *ClientHandler) CreateClient(cmd *cobra.Command, args []string) {
var err error
h.M.Dry = *h.Config.Dry
h.M.Endpoint = h.Config.Resolve("/clients")
h.M.Client = h.Config.OAuth2Client(cmd)
responseTypes, _ := cmd.Flags().GetStringSlice("response-types")
grantTypes, _ := cmd.Flags().GetStringSlice("grant-types")
allowedScopes, _ := cmd.Flags().GetStringSlice("allowed-scopes")
callbacks, _ := cmd.Flags().GetStringSlice("callbacks")
name, _ := cmd.Flags().GetString("name")
id, _ := cmd.Flags().GetString("id")
secret, err := pkg.GenerateSecret(26)
pkg.Must(err, "Could not generate secret: %s", err)
client := &fosite.DefaultClient{
ID: id,
Secret: secret,
ResponseTypes: responseTypes,
GrantedScopes: allowedScopes,
GrantTypes: grantTypes,
RedirectURIs: callbacks,
Name: name,
}
err = h.M.CreateClient(client)
if h.M.Dry {
fmt.Printf("%s\n", err)
return
}
pkg.Must(err, "Could not create client: %s", err)
fmt.Printf("Client ID: %s\n", client.ID)
fmt.Printf("Client Secret: %s\n", secret)
}
