Resolve issues with warden and client api (#120)

* warden: fix firewall settings close #118

* client: do not base64 encode client secrets on http api close #119

* vendor: glide up

client/client.go

@@ -0,0 +1,65 @@
+package client
+
+import "github.com/ory-am/fosite"
+
+type Client struct {
+	ID                string   `json:"id" gorethink:"id"`
+	Name              string   `json:"client_name" gorethink:"client_name"`
+	Secret            string   `json:"client_secret,omitempty" gorethink:"client_secret"`
+	RedirectURIs      []string `json:"redirect_uris" gorethink:"redirect_uris"`
+	GrantTypes        []string `json:"grant_types" gorethink:"grant_types"`
+	ResponseTypes     []string `json:"response_types" gorethink:"response_types"`
+	GrantedScopes     []string `json:"granted_scopes" gorethink:"granted_scopes"`
+	Owner             string   `json:"owner" gorethink:"owner"`
+	PolicyURI         string   `json:"policy_uri" gorethink:"policy_uri"`
+	TermsOfServiceURI string   `json:"tos_uri" gorethink:"tos_uri"`
+	ClientURI         string   `json:"client_uri" gorethink:"client_uri"`
+	LogoURI           string   `json:"logo_uri" gorethink:"logo_uri"`
+	Contacts          []string `json:"contacts" gorethink:"contacts"`
+}
+
+func (c *Client) GetID() string {
+	return c.ID
+}
+
+func (c *Client) GetRedirectURIs() []string {
+	return c.RedirectURIs
+}
+
+func (c *Client) GetHashedSecret() []byte {
+	return []byte(c.Secret)
+}
+
+func (c *Client) GetGrantedScopes() fosite.Scopes {
+	return &fosite.DefaultScopes{
+		Scopes: c.GrantedScopes,
+	}
+}
+
+func (c *Client) GetGrantTypes() fosite.Arguments {
+	// https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
+	//
+	// JSON array containing a list of the OAuth 2.0 Grant Types that the Client is declaring
+	// that it will restrict itself to using.
+	// If omitted, the default is that the Client will use only the authorization_code Grant Type.
+	if len(c.GrantTypes) == 0 {
+		return fosite.Arguments{"authorization_code"}
+	}
+	return fosite.Arguments(c.GrantTypes)
+}
+
+func (c *Client) GetResponseTypes() fosite.Arguments {
+	// https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
+	//
+	// <JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring
+	// that it will restrict itself to using. If omitted, the default is that the Client will use
+	// only the code Response Type.
+	if len(c.ResponseTypes) == 0 {
+		return fosite.Arguments{"code"}
+	}
+	return fosite.Arguments(c.ResponseTypes)
+}
+
+func (c *Client) GetOwner() string {
+	return c.Owner
+}

client/handler.go

@@ -8,7 +8,6 @@ import (
 	"github.com/go-errors/errors"
 	"github.com/julienschmidt/httprouter"
 	"github.com/ory-am/common/rand/sequence"
-	"github.com/ory-am/fosite"
 	"github.com/ory-am/hydra/firewall"
 	"github.com/ory-am/hydra/herodot"
 	"github.com/ory-am/ladon"
@@ -38,7 +37,7 @@ func (h *Handler) SetRoutes(r *httprouter.Router) {
 }
 
 func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	var c fosite.DefaultClient
+	var c Client
 	var ctx = herodot.NewContext()
 
 	if err := json.NewDecoder(r.Body).Decode(&c); err != nil {
@@ -57,16 +56,18 @@ func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Pa
 		return
 	}
 
-	if len(c.Secret) < 6 {
+	if len(c.Secret) == 0 {
 		secret, err := sequence.RuneSequence(12, []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_-.,:;$%!&/()=?+*#<>"))
 		if err != nil {
 			h.H.WriteError(ctx, w, r, errors.New(err))
 			return
 		}
-		c.Secret = []byte(string(secret))
+		c.Secret = string(secret)
+	} else if len(c.Secret) < 6 {
+		h.H.WriteError(ctx, w, r, errors.New("The client secret must be at least 6 characters long"))
 	}
-	secret := c.Secret
 
+	secret := c.Secret
 	if err := h.Manager.CreateClient(&c); err != nil {
 		h.H.WriteError(ctx, w, r, err)
 		return
@@ -94,7 +95,7 @@ func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request, ps httprouter.P
 	}
 
 	for k, cc := range c {
-		cc.Secret = []byte{}
+		cc.Secret = ""
 		c[k] = cc
 	}
 
@@ -122,7 +123,7 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Para
 		return
 	}
 
-	c.(*fosite.DefaultClient).Secret = []byte{}
+	c.(*Client).Secret = ""
 	h.H.Write(ctx, w, r, c)
 }
 

client/manager.go

@@ -7,15 +7,15 @@ import (
 type Manager interface {
 	Storage
 
-	Authenticate(id string, secret []byte) (*fosite.DefaultClient, error)
+	Authenticate(id string, secret []byte) (*Client, error)
 }
 
 type Storage interface {
 	fosite.Storage
 
-	CreateClient(c *fosite.DefaultClient) error
+	CreateClient(c *Client) error
 
 	DeleteClient(id string) error
 
-	GetClients() (map[string]*fosite.DefaultClient, error)
+	GetClients() (map[string]*Client, error)
 }

client/manager_http.go

@@ -15,7 +15,7 @@ type HTTPManager struct {
 }
 
 func (m *HTTPManager) GetClient(id string) (fosite.Client, error) {
-	var c fosite.DefaultClient
+	var c Client
 	var r = pkg.NewSuperAgent(pkg.JoinURL(m.Endpoint, id).String())
 	r.Client = m.Client
 	r.Dry = m.Dry
@@ -26,7 +26,7 @@ func (m *HTTPManager) GetClient(id string) (fosite.Client, error) {
 	return &c, nil
 }
 
-func (m *HTTPManager) CreateClient(c *fosite.DefaultClient) error {
+func (m *HTTPManager) CreateClient(c *Client) error {
 	var r = pkg.NewSuperAgent(m.Endpoint.String())
 	r.Client = m.Client
 	r.Dry = m.Dry
@@ -40,8 +40,8 @@ func (m *HTTPManager) DeleteClient(id string) error {
 	return r.Delete()
 }
 
-func (m *HTTPManager) GetClients() (map[string]*fosite.DefaultClient, error) {
-	cs := make(map[string]*fosite.DefaultClient)
+func (m *HTTPManager) GetClients() (map[string]*Client, error) {
+	cs := make(map[string]*Client)
 	var r = pkg.NewSuperAgent(m.Endpoint.String())
 	r.Client = m.Client
 	r.Dry = m.Dry

client/manager_memory.go

@@ -11,7 +11,7 @@ import (
 )
 
 type MemoryManager struct {
-	Clients map[string]fosite.DefaultClient
+	Clients map[string]Client
 	Hasher  hash.Hasher
 	sync.RWMutex
 }
@@ -24,11 +24,10 @@ func (m *MemoryManager) GetClient(id string) (fosite.Client, error) {
 	if !ok {
 		return nil, errors.New(pkg.ErrNotFound)
 	}
-
 	return &c, nil
 }
 
-func (m *MemoryManager) Authenticate(id string, secret []byte) (*fosite.DefaultClient, error) {
+func (m *MemoryManager) Authenticate(id string, secret []byte) (*Client, error) {
 	m.Lock()
 	defer m.Unlock()
 
@@ -44,19 +43,19 @@ func (m *MemoryManager) Authenticate(id string, secret []byte) (*fosite.DefaultC
 	return &c, nil
 }
 
-func (m *MemoryManager) CreateClient(c *fosite.DefaultClient) error {
+func (m *MemoryManager) CreateClient(c *Client) error {
 	m.Lock()
 	defer m.Unlock()
 
 	if c.ID == "" {
 		c.ID = uuid.New()
 	}
 
-	hash, err := m.Hasher.Hash(c.Secret)
+	hash, err := m.Hasher.Hash([]byte(c.Secret))
 	if err != nil {
 		return errors.New(err)
 	}
-	c.Secret = hash
+	c.Secret = string(hash)
 
 	m.Clients[c.GetID()] = *c
 	return nil
@@ -70,10 +69,10 @@ func (m *MemoryManager) DeleteClient(id string) error {
 	return nil
 }
 
-func (m *MemoryManager) GetClients() (clients map[string]*fosite.DefaultClient, err error) {
+func (m *MemoryManager) GetClients() (clients map[string]*Client, err error) {
 	m.Lock()
 	defer m.Unlock()
-	clients = make(map[string]*fosite.DefaultClient)
+	clients = make(map[string]*Client)
 	for _, c := range m.Clients {
 		clients[c.ID] = &c
 	}

client/manager_rethinkdb.go

@@ -2,7 +2,6 @@ package client
 
 import (
 	"sync"
-
 	"time"
 
 	"github.com/go-errors/errors"
@@ -19,7 +18,7 @@ type RethinkManager struct {
 	Table   r.Term
 	sync.RWMutex
 
-	Clients map[string]fosite.DefaultClient
+	Clients map[string]Client
 	Hasher  hash.Hasher
 }
 
@@ -34,7 +33,7 @@ func (m *RethinkManager) GetClient(id string) (fosite.Client, error) {
 	return &c, nil
 }
 
-func (m *RethinkManager) Authenticate(id string, secret []byte) (*fosite.DefaultClient, error) {
+func (m *RethinkManager) Authenticate(id string, secret []byte) (*Client, error) {
 	m.Lock()
 	defer m.Unlock()
 
@@ -50,16 +49,16 @@ func (m *RethinkManager) Authenticate(id string, secret []byte) (*fosite.Default
 	return &c, nil
 }
 
-func (m *RethinkManager) CreateClient(c *fosite.DefaultClient) error {
+func (m *RethinkManager) CreateClient(c *Client) error {
 	if c.ID == "" {
 		c.ID = uuid.New()
 	}
 
-	hash, err := m.Hasher.Hash(c.Secret)
+	hash, err := m.Hasher.Hash([]byte(c.Secret))
 	if err != nil {
 		return errors.New(err)
 	}
-	c.Secret = hash
+	c.Secret = string(hash)
 
 	if err := m.publishCreate(c); err != nil {
 		return err
@@ -76,10 +75,10 @@ func (m *RethinkManager) DeleteClient(id string) error {
 	return nil
 }
 
-func (m *RethinkManager) GetClients() (clients map[string]*fosite.DefaultClient, err error) {
+func (m *RethinkManager) GetClients() (clients map[string]*Client, err error) {
 	m.Lock()
 	defer m.Unlock()
-	clients = make(map[string]*fosite.DefaultClient)
+	clients = make(map[string]*Client)
 	for _, c := range m.Clients {
 		clients[c.ID] = &c
 	}
@@ -88,13 +87,13 @@ func (m *RethinkManager) GetClients() (clients map[string]*fosite.DefaultClient,
 }
 
 func (m *RethinkManager) ColdStart() error {
-	m.Clients = map[string]fosite.DefaultClient{}
+	m.Clients = map[string]Client{}
 	clients, err := m.Table.Run(m.Session)
 	if err != nil {
 		return errors.New(err)
 	}
 
-	var client fosite.DefaultClient
+	var client Client
 	m.Lock()
 	defer m.Unlock()
 	for clients.Next(&client) {
@@ -104,7 +103,7 @@ func (m *RethinkManager) ColdStart() error {
 	return nil
 }
 
-func (m *RethinkManager) publishCreate(client *fosite.DefaultClient) error {
+func (m *RethinkManager) publishCreate(client *Client) error {
 	if _, err := m.Table.Insert(client).RunWrite(m.Session); err != nil {
 		return errors.New(err)
 	}
@@ -126,7 +125,7 @@ func (m *RethinkManager) Watch(ctx context.Context) {
 		}
 		defer clients.Close()
 
-		var update map[string]*fosite.DefaultClient
+		var update map[string]*Client
 		for clients.Next(&update) {
 			newVal := update["new_val"]
 			oldVal := update["old_val"]