Esempio n. 1
0
func makeTestFixtures() *testFixtures {
	f := &testFixtures{}

	f.ur = user.NewUserRepoFromUsers([]user.UserWithRemoteIdentities{
		{
			User: user.User{
				ID:          "ID-1",
				Email:       "*****@*****.**",
				DisplayName: "Name-1",
			},
		},
		{
			User: user.User{
				ID:          "ID-2",
				Email:       "*****@*****.**",
				DisplayName: "Name-2",
			},
		},
	})
	f.pwr = user.NewPasswordInfoRepoFromPasswordInfos([]user.PasswordInfo{
		{
			UserID:   "ID-1",
			Password: []byte("hi."),
		},
	})
	ccr := connector.NewConnectorConfigRepoFromConfigs([]connector.ConnectorConfig{
		&connector.LocalConnectorConfig{ID: "local"},
	})
	f.mgr = manager.NewUserManager(f.ur, f.pwr, ccr, repo.InMemTransactionFactory, manager.ManagerOptions{})
	f.adAPI = NewAdminAPI(f.mgr, f.ur, f.pwr, "local")

	return f
}
Esempio n. 2
0
func TestConnectorLDAPConnectFail(t *testing.T) {
	var tx repo.Transaction
	var lf oidc.LoginFunc
	var ns url.URL

	templates := template.New(connector.LDAPLoginPageTemplateName)

	ccr := connector.NewConnectorConfigRepoFromConfigs(
		[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{
			ID:         "ldap",
			ServerHost: ldapHost,
			ServerPort: ldapPort + 1,
		}},
	)
	cc, err := ccr.GetConnectorByID(tx, "ldap")
	if err != nil {
		t.Fatal(err)
	}
	c, err := cc.Connector(ns, lf, templates)
	if err != nil {
		t.Fatal(err)
	}
	err = c.Healthy()
	if err == nil {
		t.Fatal(fmt.Errorf("LDAPConnector.Healty() supposed to fail, but succeeded!"))
	}
}
Esempio n. 3
0
func TestConnectorLDAPcaFilecertFileConnectSSL(t *testing.T) {
	var tx repo.Transaction
	var lf oidc.LoginFunc
	var ns url.URL

	templates := template.New(connector.LDAPLoginPageTemplateName)

	ccr := connector.NewConnectorConfigRepoFromConfigs(
		[]connector.ConnectorConfig{&connector.LDAPConnectorConfig{
			ID:         "ldap",
			ServerHost: ldapHost,
			ServerPort: ldapPort + 247, // 636
			UseSSL:     true,
			CertFile:   "/tmp/ldap.crt",
			KeyFile:    "/tmp/ldap.key",
			CaFile:     "/tmp/openldap-ca.pem",
		}},
	)
	cc, err := ccr.GetConnectorByID(tx, "ldap")
	if err != nil {
		t.Fatal(err)
	}
	c, err := cc.Connector(ns, lf, templates)
	if err != nil {
		t.Fatal(err)
	}
	err = c.Healthy()
	if err != nil {
		t.Fatal(err)
	}
}
Esempio n. 4
0
func (cfg *SingleServerConfig) Configure(srv *Server) error {
	k, err := key.GeneratePrivateKey()
	if err != nil {
		return err
	}

	ks := key.NewPrivateKeySet([]*key.PrivateKey{k}, time.Now().Add(24*time.Hour))
	kRepo := key.NewPrivateKeySetRepo()
	if err = kRepo.Set(ks); err != nil {
		return err
	}

	cf, err := os.Open(cfg.ClientsFile)
	if err != nil {
		return fmt.Errorf("unable to read clients from file %s: %v", cfg.ClientsFile, err)
	}
	defer cf.Close()
	ciRepo, err := client.NewClientIdentityRepoFromReader(cf)
	if err != nil {
		return fmt.Errorf("unable to read client identities from file %s: %v", cfg.ClientsFile, err)
	}

	f, err := os.Open(cfg.ConnectorsFile)
	if err != nil {
		return fmt.Errorf("opening connectors file: %v", err)
	}
	defer f.Close()
	cfgs, err := connector.ReadConfigs(f)
	if err != nil {
		return fmt.Errorf("decoding connector configs: %v", err)
	}
	cfgRepo := connector.NewConnectorConfigRepoFromConfigs(cfgs)

	sRepo := session.NewSessionRepo()
	skRepo := session.NewSessionKeyRepo()
	sm := session.NewSessionManager(sRepo, skRepo)

	userRepo, err := user.NewUserRepoFromFile(cfg.UsersFile)
	if err != nil {
		return fmt.Errorf("unable to read users from file: %v", err)
	}

	pwiRepo := user.NewPasswordInfoRepo()

	refTokRepo := refresh.NewRefreshTokenRepo()

	txnFactory := repo.InMemTransactionFactory
	userManager := manager.NewUserManager(userRepo, pwiRepo, cfgRepo, txnFactory, manager.ManagerOptions{})
	srv.ClientIdentityRepo = ciRepo
	srv.KeySetRepo = kRepo
	srv.ConnectorConfigRepo = cfgRepo
	srv.UserRepo = userRepo
	srv.UserManager = userManager
	srv.PasswordInfoRepo = pwiRepo
	srv.SessionManager = sm
	srv.RefreshTokenRepo = refTokRepo
	return nil

}
Esempio n. 5
0
func makeUserObjects(users []user.UserWithRemoteIdentities, passwords []user.PasswordInfo) (user.UserRepo, user.PasswordInfoRepo, *manager.UserManager) {
	ur := user.NewUserRepoFromUsers(users)
	pwr := user.NewPasswordInfoRepoFromPasswordInfos(passwords)

	ccr := connector.NewConnectorConfigRepoFromConfigs(
		[]connector.ConnectorConfig{&connector.LocalConnectorConfig{ID: "local"}},
	)
	um := manager.NewUserManager(ur, pwr, ccr, repo.InMemTransactionFactory, manager.ManagerOptions{})
	um.Clock = clock
	return ur, pwr, um
}
Esempio n. 6
0
func makeTestFixtures() *testFixtures {
	f := &testFixtures{}
	f.clock = clockwork.NewFakeClock()

	f.ur = user.NewUserRepoFromUsers([]user.UserWithRemoteIdentities{
		{
			User: user.User{
				ID:    "ID-1",
				Email: "*****@*****.**",
			},
			RemoteIdentities: []user.RemoteIdentity{
				{
					ConnectorID: "local",
					ID:          "1",
				},
			},
		}, {
			User: user.User{
				ID:            "ID-2",
				Email:         "*****@*****.**",
				EmailVerified: true,
			},
			RemoteIdentities: []user.RemoteIdentity{
				{
					ConnectorID: "local",
					ID:          "2",
				},
			},
		},
	})
	f.pwr = user.NewPasswordInfoRepoFromPasswordInfos([]user.PasswordInfo{
		{
			UserID:   "ID-1",
			Password: []byte("password-1"),
		},
		{
			UserID:   "ID-2",
			Password: []byte("password-2"),
		},
	})
	f.ccr = connector.NewConnectorConfigRepoFromConfigs([]connector.ConnectorConfig{
		&connector.LocalConnectorConfig{ID: "local"},
	})
	f.mgr = NewUserManager(f.ur, f.pwr, f.ccr, repo.InMemTransactionFactory, ManagerOptions{})
	f.mgr.Clock = f.clock
	return f
}
Esempio n. 7
0
func makeTestFixtures() (*testFixtures, error) {
	userRepo := user.NewUserRepoFromUsers(testUsers)
	pwRepo := user.NewPasswordInfoRepoFromPasswordInfos(testPasswordInfos)

	connConfigs := []connector.ConnectorConfig{
		&connector.OIDCConnectorConfig{
			ID:           "oidc",
			IssuerURL:    testIssuerURL.String(),
			ClientID:     "12345",
			ClientSecret: "567789",
		},
		&connector.OIDCConnectorConfig{
			ID:                   "oidc-trusted",
			IssuerURL:            testIssuerURL.String(),
			ClientID:             "12345-trusted",
			ClientSecret:         "567789-trusted",
			TrustedEmailProvider: true,
		},
		&connector.LocalConnectorConfig{
			ID: "local",
		},
	}
	connCfgRepo := connector.NewConnectorConfigRepoFromConfigs(connConfigs)

	manager := manager.NewUserManager(userRepo, pwRepo, connCfgRepo, repo.InMemTransactionFactory, manager.ManagerOptions{})

	sessionManager := session.NewSessionManager(session.NewSessionRepo(), session.NewSessionKeyRepo())
	sessionManager.GenerateCode = sequentialGenerateCodeFunc()

	emailer, err := email.NewTemplatizedEmailerFromGlobs(
		emailTemplatesLocation+"/*.txt",
		emailTemplatesLocation+"/*.html",
		&email.FakeEmailer{})
	if err != nil {
		return nil, err
	}

	clientIdentityRepo := client.NewClientIdentityRepo([]oidc.ClientIdentity{
		oidc.ClientIdentity{
			Credentials: oidc.ClientCredentials{
				ID:     "XXX",
				Secret: testClientSecret,
			},
			Metadata: oidc.ClientMetadata{
				RedirectURIs: []url.URL{
					testRedirectURL,
				},
			},
		},
	})

	km := key.NewPrivateKeyManager()
	err = km.Set(key.NewPrivateKeySet([]*key.PrivateKey{testPrivKey}, time.Now().Add(time.Minute)))
	if err != nil {
		return nil, err
	}

	tpl, err := getTemplates("dex",
		"https://coreos.com/assets/images/brand/coreos-mark-30px.png",
		true, templatesLocation)
	if err != nil {
		return nil, err
	}

	srv := &Server{
		IssuerURL:          testIssuerURL,
		SessionManager:     sessionManager,
		ClientIdentityRepo: clientIdentityRepo,
		Templates:          tpl,
		UserRepo:           userRepo,
		PasswordInfoRepo:   pwRepo,
		UserManager:        manager,
		KeyManager:         km,
	}

	err = setTemplates(srv, tpl)
	if err != nil {
		return nil, err
	}

	for _, config := range connConfigs {
		if err := srv.AddConnector(config); err != nil {
			return nil, err
		}
	}

	srv.UserEmailer = useremail.NewUserEmailer(srv.UserRepo,
		srv.PasswordInfoRepo,
		srv.KeyManager.Signer,
		srv.SessionManager.ValidityWindow,
		srv.IssuerURL,
		emailer,
		"*****@*****.**",
		srv.absURL(httpPathResetPassword),
		srv.absURL(httpPathEmailVerify),
		srv.absURL(httpPathAcceptInvitation),
	)

	return &testFixtures{
		srv:                srv,
		redirectURL:        testRedirectURL,
		userRepo:           userRepo,
		sessionManager:     sessionManager,
		emailer:            emailer,
		clientIdentityRepo: clientIdentityRepo,
	}, nil
}
Esempio n. 8
0
func makeTestFixtures() (*UsersAPI, *testEmailer) {
	ur := user.NewUserRepoFromUsers([]user.UserWithRemoteIdentities{
		{
			User: user.User{
				ID:        "ID-1",
				Email:     "*****@*****.**",
				Admin:     true,
				CreatedAt: clock.Now(),
			},
		}, {
			User: user.User{
				ID:        "ID-2",
				Email:     "*****@*****.**",
				CreatedAt: clock.Now(),
			},
		}, {
			User: user.User{
				ID:        "ID-3",
				Email:     "*****@*****.**",
				CreatedAt: clock.Now(),
			},
		}, {
			User: user.User{
				ID:        "ID-4",
				Email:     "*****@*****.**",
				CreatedAt: clock.Now(),
				Disabled:  true,
			},
		},
	})
	pwr := user.NewPasswordInfoRepoFromPasswordInfos([]user.PasswordInfo{
		{
			UserID:   "ID-1",
			Password: []byte("password-1"),
		},
		{
			UserID:   "ID-2",
			Password: []byte("password-2"),
		},
	})
	ccr := connector.NewConnectorConfigRepoFromConfigs([]connector.ConnectorConfig{
		&connector.LocalConnectorConfig{ID: "local"},
	})
	mgr := manager.NewUserManager(ur, pwr, ccr, repo.InMemTransactionFactory, manager.ManagerOptions{})
	mgr.Clock = clock
	ci := oidc.ClientIdentity{
		Credentials: oidc.ClientCredentials{
			ID:     "XXX",
			Secret: "secrete",
		},
		Metadata: oidc.ClientMetadata{
			RedirectURLs: []url.URL{
				validRedirURL,
			},
		},
	}
	cir := client.NewClientIdentityRepo([]oidc.ClientIdentity{ci})

	emailer := &testEmailer{}
	api := NewUsersAPI(mgr, cir, emailer, "local")
	return api, emailer

}