diff --git a/.travis.yml b/.circleci/.travis.yml similarity index 75% rename from .travis.yml rename to .circleci/.travis.yml index 4332b0f550b..2c20f819723 100644 --- a/.travis.yml +++ b/.circleci/.travis.yml @@ -1,39 +1,33 @@ sudo: required -go_import_path: github.com/ory/hydra +language: go -cache: - directories: - - ./vendor/ +go: + - 1.9 -before_cache: +go_import_path: github.com/ory/hydra services: - docker env: - - DOCKER_BIND_LOCALHOST=true DATABASE_URL=memory - -language: go - -go: - - 1.9 + - DOCKER_BIND_LOCALHOST=true DATABASE_URL=memory DEP_VERSION="0.3.2" before_install: + - curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep + - chmod +x $GOPATH/bin/dep - sudo apt-get install curl install: - - go get -u github.com/go-swagger/go-swagger/cmd/swagger github.com/bradfitz/goimports github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/Masterminds/glide github.com/mitchellh/gox github.com/ory/go-acc + - go get -u github.com/go-swagger/go-swagger/cmd/swagger github.com/bradfitz/goimports github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/mitchellh/gox github.com/ory/go-acc - git clone https://github.com/docker-library/official-images.git ~/official-images - - glide install - - go install github.com/ory/hydra - - glide update + - dep ensure - go install github.com/ory/hydra script: - ./scripts/test-format.sh - - go-acc -o coverage.txt $(glide novendor) - - go test -race -short $(glide novendor | grep -v cmd) + - go-acc -o coverage.txt ./... + - go test -race -short $(go list ./... | grep -v cmd) - docker build -t hydra-travis-ci -f Dockerfile-without-telemetry . - docker run -d hydra-travis-ci - DATABASE_URL=memory hydra host --dangerous-auto-logon --dangerous-force-http --disable-telemetry & diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000000..60f922087bc --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,181 @@ +# Golang CircleCI 2.0 configuration file +# +# Check https://circleci.com/docs/2.0/language-go/ for more details +version: 2 +jobs: + format: + docker: + - image: circleci/golang:1.9 + working_directory: /go/src/github.com/ory/hydra + steps: + - checkout + - run: curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep + - run: go get -u golang.org/x/tools/cmd/goimports + - run: dep ensure -vendor-only + - run: ./scripts/test-format.sh + + test: + docker: + - image: circleci/golang:1.9 + environment: + - TEST_DATABASE_POSTGRESQL=postgres://test:test@localhost:5432/hydra?sslmode=disable + - TEST_DATABASE_MYSQL=root:test@(localhost:3306)/mysql?parseTime=true + - image: postgres:9.5 + environment: + - POSTGRES_USER=test + - POSTGRES_PASSWORD=test + - POSTGRES_DB=hydra + - image: mysql:5.7 + environment: + - MYSQL_ROOT_PASSWORD=test + working_directory: /go/src/github.com/ory/hydra + steps: + - checkout + - run: curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep + - run: go get -u github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/ory/go-acc + - run: dep ensure -vendor-only + - run: go install github.com/ory/hydra + - run: go-acc -o coverage.txt ./... + - run: go test -race -short $(go list ./... | grep -v cmd) + - run: ./scripts/test-e2e.sh + - run: goveralls -service=circle-ci -coverprofile=coverage.txt -repotoken=$COVERALLS_REPO_TOKEN + + swagger: + docker: + - image: circleci/golang:1.9 + working_directory: /go/src/github.com/ory/hydra + steps: + - checkout + - run: curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep + - run: go get -u github.com/go-swagger/go-swagger/cmd/swagger golang.org/x/tools/cmd/goimports + - run: dep ensure -vendor-only + - run: curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - + - run: sudo apt-get install -y default-jre nodejs + - run: sudo npm i -g yarn + - run: yarn + - run: ./scripts/test-sdk.sh + + build-docker-default: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -f Dockerfile . + + build-docker-http: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -f Dockerfile-http . + + build-docker-demo: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -f Dockerfile-demo . + + build-docker-automigrate: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -f Dockerfile-automigrate . + + build-docker-without-telemetry: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -t hydra-travis-ci -f Dockerfile-without-telemetry . + - run: docker run -d hydra-travis-ci + + build: + docker: + - image: circleci/golang:1.9 + working_directory: /go/src/github.com/ory/hydra + steps: + - checkout + - run: curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep + - run: go get -u github.com/mitchellh/gox github.com/tcnksm/ghr + - run: dep ensure -vendor-only + - run: sudo apt-get install -y nodejs + - run: ./scripts/run-deploy.sh + - run: ghr -t $GITHUB_TOKEN -u $CIRCLE_PROJECT_USERNAME -r $CIRCLE_PROJECT_REPONAME --replace `git describe --tags` dist/ + - run: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + - run: npm publish + +workflows: + version: 2 + "test, build, push, and deploy": + jobs: + - format: + filters: + tags: + only: /.*/ + - test: + filters: + tags: + only: /.*/ + - swagger: + filters: + tags: + only: /.*/ + - build-docker-default: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build-docker-http: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build-docker-demo: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build-docker-automigrate: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build-docker-without-telemetry: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build: + requires: + - build-docker-without-telemetry + - build-docker-demo + - build-docker-automigrate + - build-docker-http + - build-docker-default + filters: + tags: + only: /.*/ + branches: + ignore: /.*/ diff --git a/Dockerfile b/Dockerfile index 5a6f4384420..2d00036d657 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,18 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +RUN apk add --no-cache git build-base curl +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . ENTRYPOINT /go/bin/hydra host -EXPOSE 4444 \ No newline at end of file +EXPOSE 4444 diff --git a/Dockerfile-automigrate b/Dockerfile-automigrate index 7870063ba65..aaee8dab3c8 100644 --- a/Dockerfile-automigrate +++ b/Dockerfile-automigrate @@ -1,12 +1,15 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +RUN apk add --no-cache git build-base curl +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/Dockerfile-demo b/Dockerfile-demo index 888f5cd5b55..560f1ad23bd 100644 --- a/Dockerfile-demo +++ b/Dockerfile-demo @@ -1,12 +1,15 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +RUN apk add --no-cache git build-base curl +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/Dockerfile-http b/Dockerfile-http index 577cb23e49f..7edaa9c4fda 100644 --- a/Dockerfile-http +++ b/Dockerfile-http @@ -1,12 +1,15 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +RUN apk add --no-cache git build-base curl +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/Dockerfile-without-telemetry b/Dockerfile-without-telemetry index d51d6ff6448..9109c4ca56b 100644 --- a/Dockerfile-without-telemetry +++ b/Dockerfile-without-telemetry @@ -1,12 +1,15 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +RUN apk add --no-cache git build-base curl +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/Gopkg.lock b/Gopkg.lock new file mode 100644 index 00000000000..67417f3a362 --- /dev/null +++ b/Gopkg.lock @@ -0,0 +1,435 @@ +# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. + + +[[projects]] + branch = "master" + name = "github.com/Azure/go-ansiterm" + packages = [".","winterm"] + revision = "d6e3b3328b783f23731bc4d058875b0371ff8109" + +[[projects]] + name = "github.com/Microsoft/go-winio" + packages = ["."] + revision = "78439966b38d69bf38227fbf57ac8a6fee70f69a" + version = "v0.4.5" + +[[projects]] + branch = "master" + name = "github.com/Nvveen/Gotty" + packages = ["."] + revision = "cd527374f1e5bff4938207604a14f2e38a9cf512" + +[[projects]] + name = "github.com/asaskevich/govalidator" + packages = ["."] + revision = "73945b6115bfbbcc57d89b7316e28109364124e1" + version = "v7" + +[[projects]] + name = "github.com/cenk/backoff" + packages = ["."] + revision = "61153c768f31ee5f130071d08fc82b85208528de" + version = "v1.1.0" + +[[projects]] + branch = "master" + name = "github.com/containerd/continuity" + packages = ["pathdriver"] + revision = "1bed1ecb1dc42d8f4d2ac8c23e5cac64749e82c9" + +[[projects]] + name = "github.com/davecgh/go-spew" + packages = ["spew"] + revision = "346938d642f2ec3594ed81d874461961cd0faa76" + version = "v1.1.0" + +[[projects]] + name = "github.com/dgrijalva/jwt-go" + packages = ["."] + revision = "dbeaa9332f19a944acb5736b4456cfcc02140e29" + version = "v3.1.0" + +[[projects]] + branch = "master" + name = "github.com/docker/docker" + packages = ["api/types","api/types/blkiodev","api/types/container","api/types/filters","api/types/mount","api/types/network","api/types/registry","api/types/strslice","api/types/swarm","api/types/swarm/runtime","api/types/versions","opts","pkg/archive","pkg/fileutils","pkg/homedir","pkg/idtools","pkg/ioutils","pkg/jsonmessage","pkg/longpath","pkg/mount","pkg/pools","pkg/stdcopy","pkg/system","pkg/term","pkg/term/windows"] + revision = "d85f5e73203a1f8537b7db02e1eadcb6d75798b2" + +[[projects]] + name = "github.com/docker/go-connections" + packages = ["nat"] + revision = "3ede32e2033de7505e6500d6c868c2b9ed9f169d" + version = "v0.3.0" + +[[projects]] + name = "github.com/docker/go-units" + packages = ["."] + revision = "0dadbb0345b35ec7ef35e228dabb8de89a65bf52" + version = "v0.3.2" + +[[projects]] + name = "github.com/fsnotify/fsnotify" + packages = ["."] + revision = "629574ca2a5df945712d3079857300b5e4da0236" + version = "v1.4.2" + +[[projects]] + branch = "master" + name = "github.com/fsouza/go-dockerclient" + packages = ["."] + revision = "5c271fbf9db00b7011f28131e150e29725b8a1a6" + +[[projects]] + name = "github.com/go-resty/resty" + packages = ["."] + revision = "9ac9c42358f7c3c69ac9f8610e8790d7c338e85d" + version = "v1.0" + +[[projects]] + name = "github.com/go-sql-driver/mysql" + packages = ["."] + revision = "a0583e0143b1624142adab07e0e97fe106d99561" + version = "v1.3" + +[[projects]] + name = "github.com/gogo/protobuf" + packages = ["proto"] + revision = "342cbe0a04158f6dcb03ca0079991a51a4248c02" + version = "v0.5" + +[[projects]] + branch = "master" + name = "github.com/golang/protobuf" + packages = ["proto"] + revision = "1643683e1b54a9e88ad26d98f81400c8c9d9f4f9" + +[[projects]] + name = "github.com/gorilla/context" + packages = ["."] + revision = "1ea25387ff6f684839d82767c1733ff4d4d15d0a" + version = "v1.1" + +[[projects]] + name = "github.com/gorilla/securecookie" + packages = ["."] + revision = "667fe4e3466a040b780561fe9b51a83a3753eefc" + version = "v1.1" + +[[projects]] + name = "github.com/gorilla/sessions" + packages = ["."] + revision = "ca9ada44574153444b00d3fd9c8559e4cc95f896" + version = "v1.1" + +[[projects]] + branch = "master" + name = "github.com/gtank/cryptopasta" + packages = ["."] + revision = "1f550f6f2f69009f6ae57347c188e0a67cd4e500" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/golang-lru" + packages = [".","simplelru"] + revision = "0a025b7e63adc15a622f29b0b2c4c3848243bbf6" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/hcl" + packages = [".","hcl/ast","hcl/parser","hcl/scanner","hcl/strconv","hcl/token","json/parser","json/scanner","json/token"] + revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8" + +[[projects]] + name = "github.com/imdario/mergo" + packages = ["."] + revision = "7fe0c75c13abdee74b09fcacef5ea1c6bba6a874" + version = "0.2.4" + +[[projects]] + name = "github.com/inconshreveable/mousetrap" + packages = ["."] + revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" + version = "v1.0" + +[[projects]] + branch = "master" + name = "github.com/jehiah/go-strftime" + packages = ["."] + revision = "2efbe75097a505e2789f7e39cb9da067b5be8e3e" + +[[projects]] + branch = "master" + name = "github.com/jmoiron/sqlx" + packages = [".","reflectx"] + revision = "3379e5993990b1f927fc8db926485e6f6becf2d2" + +[[projects]] + name = "github.com/julienschmidt/httprouter" + packages = ["."] + revision = "8c199fb6259ffc1af525cc3ad52ee60ba8359669" + version = "v1.1" + +[[projects]] + branch = "master" + name = "github.com/lib/pq" + packages = [".","oid"] + revision = "b609790bd85edf8e9ab7e0f8912750a786177bcf" + +[[projects]] + name = "github.com/magiconair/properties" + packages = ["."] + revision = "be5ece7dd465ab0765a9682137865547526d1dfb" + version = "v1.7.3" + +[[projects]] + branch = "master" + name = "github.com/meatballhat/negroni-logrus" + packages = ["."] + revision = "31067281800f66f57548a7a32d9c6c5f963fef83" + +[[projects]] + branch = "master" + name = "github.com/mitchellh/mapstructure" + packages = ["."] + revision = "06020f85339e21b2478f756a78e295255ffa4d6a" + +[[projects]] + branch = "master" + name = "github.com/mohae/deepcopy" + packages = ["."] + revision = "c48cc78d482608239f6c4c92a4abd87eb8761c90" + +[[projects]] + name = "github.com/oleiade/reflections" + packages = ["."] + revision = "2b6ec3da648e3e834dc41bad8d9ed7f2dc6a9496" + version = "v1.0.0" + +[[projects]] + name = "github.com/opencontainers/go-digest" + packages = ["."] + revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf" + version = "v1.0.0-rc1" + +[[projects]] + name = "github.com/opencontainers/image-spec" + packages = ["specs-go","specs-go/v1"] + revision = "ab7389ef9f50030c9b245bc16b981c7ddf192882" + version = "v1.0.0" + +[[projects]] + name = "github.com/opencontainers/runc" + packages = ["libcontainer/system","libcontainer/user"] + revision = "baf6536d6259209c3edfa2b22237af82942d3dfa" + version = "v0.1.1" + +[[projects]] + name = "github.com/ory/dockertest" + packages = ["."] + revision = "6d57cd43b964e928111542771659af6a3a58521f" + version = "3.0.9" + +[[projects]] + name = "github.com/ory/fosite" + packages = [".","compose","handler/oauth2","handler/openid","storage","token/hmac","token/jwt"] + revision = "ec43e3a05da49d45ebe8a98b28b14f8817c507f4" + version = "v0.13.0" + +[[projects]] + name = "github.com/ory/graceful" + packages = ["."] + revision = "3d30c83329259f53a904d428b38d8cb8fba7bd77" + version = "v0.1.0" + +[[projects]] + name = "github.com/ory/herodot" + packages = ["."] + revision = "5bb399b8a5aa583343a2108e723b990432b4a1b4" + version = "v0.1.1" + +[[projects]] + name = "github.com/ory/ladon" + packages = [".","compiler","manager/memory","manager/sql"] + revision = "4223d97b7a16808bc1213cc641d529e764e67eea" + version = "v0.8.3" + +[[projects]] + name = "github.com/pborman/uuid" + packages = ["."] + revision = "e790cca94e6cc75c7064b1332e63811d4aae1a53" + version = "v1.1" + +[[projects]] + name = "github.com/pelletier/go-toml" + packages = ["."] + revision = "16398bac157da96aa88f98a2df640c7f32af1da2" + version = "v1.0.1" + +[[projects]] + name = "github.com/pkg/errors" + packages = ["."] + revision = "645ef00459ed84a119197bfb8d8205042c6df63d" + version = "v0.8.0" + +[[projects]] + name = "github.com/pkg/profile" + packages = ["."] + revision = "5b67d428864e92711fcbd2f8629456121a56d91f" + version = "v1.2.1" + +[[projects]] + name = "github.com/pmezard/go-difflib" + packages = ["difflib"] + revision = "792786c7400a136282c1664665ae0a8db921c6c2" + version = "v1.0.0" + +[[projects]] + branch = "master" + name = "github.com/rubenv/sql-migrate" + packages = [".","sqlparse"] + revision = "79fe99e24311fa42469fb2ca23eb3f8f065e6155" + +[[projects]] + name = "github.com/segmentio/analytics-go" + packages = ["."] + revision = "2d840d861c322bdf5346ba7917af1c2285e653d3" + version = "2.1.1" + +[[projects]] + branch = "master" + name = "github.com/segmentio/backo-go" + packages = ["."] + revision = "204274ad699c0983a70203a566887f17a717fef4" + +[[projects]] + name = "github.com/sirupsen/logrus" + packages = ["."] + revision = "f006c2ac4710855cf0f916dd6b77acf6b048dc6e" + version = "v1.0.3" + +[[projects]] + branch = "master" + name = "github.com/spf13/afero" + packages = [".","mem"] + revision = "5660eeed305fe5f69c8fc6cf899132a459a97064" + +[[projects]] + name = "github.com/spf13/cast" + packages = ["."] + revision = "acbeb36b902d72a7a4c18e8f3241075e7ab763e4" + version = "v1.1.0" + +[[projects]] + name = "github.com/spf13/cobra" + packages = ["."] + revision = "7b2c5ac9fc04fc5efafb60700713d4fa609b777b" + version = "v0.0.1" + +[[projects]] + branch = "master" + name = "github.com/spf13/jwalterweatherman" + packages = ["."] + revision = "12bd96e66386c1960ab0f74ced1362f66f552f7b" + +[[projects]] + name = "github.com/spf13/pflag" + packages = ["."] + revision = "e57e3eeb33f795204c1ca35f56c44f83227c6e66" + version = "v1.0.0" + +[[projects]] + name = "github.com/spf13/viper" + packages = ["."] + revision = "25b30aa063fc18e48662b86996252eabdcf2f0c7" + version = "v1.0.0" + +[[projects]] + name = "github.com/square/go-jose" + packages = [".","json"] + revision = "f8f38de21b4dcd69d0413faf231983f5fd6634b1" + version = "v2.1.3" + +[[projects]] + name = "github.com/stretchr/testify" + packages = ["assert","require"] + revision = "69483b4bd14f5845b5a1e55bca19e954e827f1d0" + version = "v1.1.4" + +[[projects]] + name = "github.com/toqueteos/webbrowser" + packages = ["."] + revision = "21fc9f95c83442fd164094666f7cb4f9fdd56cd6" + version = "v1.0" + +[[projects]] + name = "github.com/urfave/negroni" + packages = ["."] + revision = "fde5e16d32adc7ad637e9cd9ad21d4ebc6192535" + version = "v0.2.0" + +[[projects]] + branch = "master" + name = "github.com/xtgo/uuid" + packages = ["."] + revision = "a0b114877d4caeffbd7f87e3757c17fce570fea7" + +[[projects]] + branch = "master" + name = "golang.org/x/crypto" + packages = ["bcrypt","blowfish","ed25519","ed25519/internal/edwards25519","ssh/terminal"] + revision = "2509b142fb2b797aa7587dad548f113b2c0f20ce" + +[[projects]] + branch = "master" + name = "golang.org/x/net" + packages = ["context","context/ctxhttp","idna","publicsuffix"] + revision = "4b14673ba32bee7f5ac0f990a48f033919fd418b" + +[[projects]] + branch = "master" + name = "golang.org/x/oauth2" + packages = [".","clientcredentials","internal"] + revision = "bb50c06baba3d0c76f9d125c0719093e315b5b44" + +[[projects]] + branch = "master" + name = "golang.org/x/sys" + packages = ["unix","windows"] + revision = "e82597366816b6fa799040628e95490bbf6e6b2b" + +[[projects]] + branch = "master" + name = "golang.org/x/text" + packages = ["collate","collate/build","internal/colltab","internal/gen","internal/tag","internal/triegen","internal/ucd","language","secure/bidirule","transform","unicode/bidi","unicode/cldr","unicode/norm","unicode/rangetable"] + revision = "6eab0e8f74e86c598ec3b6fad4888e0c11482d48" + +[[projects]] + name = "google.golang.org/appengine" + packages = ["internal","internal/base","internal/datastore","internal/log","internal/remote_api","internal/urlfetch","urlfetch"] + revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a" + version = "v1.0.0" + +[[projects]] + name = "gopkg.in/gorp.v1" + packages = ["."] + revision = "c87af80f3cc5036b55b83d77171e156791085e2e" + version = "v1.7.1" + +[[projects]] + name = "gopkg.in/square/go-jose.v2" + packages = ["cipher","json"] + revision = "f8f38de21b4dcd69d0413faf231983f5fd6634b1" + version = "v2.1.3" + +[[projects]] + branch = "v2" + name = "gopkg.in/yaml.v2" + packages = ["."] + revision = "eb3733d160e74a9c7e442f435eb3bea458e1d19f" + +[solve-meta] + analyzer-name = "dep" + analyzer-version = 1 + inputs-digest = "bd4e4e49a90e5ae6c9c2eab26a2873ad73904748258fd27f09cf1a7d911dbfe6" + solver-name = "gps-cdcl" + solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml new file mode 100644 index 00000000000..35062c72746 --- /dev/null +++ b/Gopkg.toml @@ -0,0 +1,146 @@ + +# Gopkg.toml example +# +# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md +# for detailed Gopkg.toml documentation. +# +# required = ["github.com/user/thing/cmd/thing"] +# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] +# +# [[constraint]] +# name = "github.com/user/project" +# version = "1.0.0" +# +# [[constraint]] +# name = "github.com/user/project2" +# branch = "dev" +# source = "github.com/myfork/project2" +# +# [[override]] +# name = "github.com/x/y" +# version = "2.4.0" + + +[[constraint]] + name = "github.com/go-resty/resty" + version = "1.0.0" + +[[constraint]] + name = "github.com/go-sql-driver/mysql" + version = "1.3.0" + +[[constraint]] + name = "github.com/gorilla/context" + version = "1.1.0" + +[[constraint]] + name = "github.com/gorilla/sessions" + version = "1.1.0" + +[[constraint]] + branch = "master" + name = "github.com/gtank/cryptopasta" + +[[constraint]] + name = "github.com/imdario/mergo" + version = "0.2.4" + +[[constraint]] + branch = "master" + name = "github.com/jmoiron/sqlx" + +[[constraint]] + name = "github.com/julienschmidt/httprouter" + version = "1.1.0" + +[[constraint]] + branch = "master" + name = "github.com/lib/pq" + +[[constraint]] + branch = "master" + name = "github.com/meatballhat/negroni-logrus" + +[[constraint]] + branch = "master" + name = "github.com/mohae/deepcopy" + +[[constraint]] + name = "github.com/oleiade/reflections" + version = "1.0.0" + +[[constraint]] + name = "github.com/ory/dockertest" + version = "3.0.9" + +[[constraint]] + name = "github.com/ory/fosite" + version = "0.13.0" + +[[constraint]] + name = "github.com/ory/graceful" + version = "0.1.0" + +[[constraint]] + name = "github.com/ory/herodot" + version = "0.1.1" + +[[constraint]] + name = "github.com/ory/ladon" + version = "0.8.3" + +[[constraint]] + name = "github.com/pborman/uuid" + version = "1.1.0" + +[[constraint]] + name = "github.com/pkg/errors" + version = "0.8.0" + +[[constraint]] + name = "github.com/pkg/profile" + version = "1.2.1" + +[[constraint]] + branch = "master" + name = "github.com/rubenv/sql-migrate" + +[[constraint]] + name = "github.com/segmentio/analytics-go" + version = "2.1.1" + +[[constraint]] + name = "github.com/sirupsen/logrus" + version = "1.0.3" + +[[constraint]] + name = "github.com/spf13/cobra" + version = "0.0.1" + +[[constraint]] + name = "github.com/spf13/viper" + version = "1.0.0" + +[[constraint]] + name = "github.com/square/go-jose" + version = "2.1.3" + +[[constraint]] + name = "github.com/stretchr/testify" + version = "1.1.4" + +[[constraint]] + name = "github.com/toqueteos/webbrowser" + version = "1.0.0" + +[[constraint]] + name = "github.com/urfave/negroni" + version = "0.2.0" + +[[constraint]] + branch = "master" + name = "golang.org/x/oauth2" + +[[constraint]] + branch = "v2" + name = "gopkg.in/yaml.v2" diff --git a/HISTORY.md b/HISTORY.md index ab10a5cbd2f..4c6b4a080db 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,8 +1,97 @@ # History -This list makes you aware of (breaking) changes. For patch notes, please check the [releases tab](https://github.com/ory/hydra/releases). +This list makes you aware of any breaking and substantial non-breaking changes. + + + + +- [0.10.0-alpha.9](#0100-alpha9) + - [Breaking changes](#breaking-changes) + - [AES-GCM nonce storage](#aes-gcm-nonce-storage) + - [Other changes](#other-changes) + - [Token signature algorithm changed from HMAC-SHA256 to HMAC-SHA512](#token-signature-algorithm-changed-from-hmac-sha256-to-hmac-sha512) + - [RS256 JWK Generator now uses all 256 bit](#rs256-jwk-generator-now-uses-all-256-bit) +- [0.10.0-alpha.1](#0100-alpha1) + - [Breaking changes](#breaking-changes-1) + - [New consent flow](#new-consent-flow) + - [Audience](#audience) + - [Response payload changes to `/warden/token/allowed`](#response-payload-changes-to-wardentokenallowed) + - [Go SDK](#go-sdk) + - [Health endpoints](#health-endpoints) + - [Group endpoints](#group-endpoints) + - [Replacing hierarchical scope strategy with wildcard scope strategy](#replacing-hierarchical-scope-strategy-with-wildcard-scope-strategy) + - [Non-breaking changes](#non-breaking-changes) + - [Refreshing OpenID Connect ID Token using `refresh_token` grant type](#refreshing-openid-connect-id-token-using-refresh_token-grant-type) +- [0.9.0](#090) +- [0.8.0](#080) + - [Breaking changes](#breaking-changes-2) + - [Ladon updated to 0.6.0](#ladon-updated-to-060) + - [Redis and RethinkDB deprecated](#redis-and-rethinkdb-deprecated) + - [Moved to ory namespace](#moved-to-ory-namespace) + - [SDK](#sdk) + - [JWK](#jwk) + - [Migrations are no longer automatically applied](#migrations-are-no-longer-automatically-applied) + - [Changes](#changes) + - [Log format: json](#log-format-json) + - [SQL Connection Control](#sql-connection-control) + - [REST API Docs are now generated from source code](#rest-api-docs-are-now-generated-from-source-code) + - [Documentation on scopes](#documentation-on-scopes) + - [New response writer library](#new-response-writer-library) + - [Graceful http handling](#graceful-http-handling) + - [Best practice HTTP server config](#best-practice-http-server-config) + + + +## 0.10.0-alpha.9 + +This release focuses on cryptographic security by leveraging best practices that emerged within the last one and a +half years. Before upgrading to this version, make a back up of the JWK table in your SQL database. -## 0.10.0-alpha1 +### Breaking changes + +#### AES-GCM nonce storage + +Our use of `crypto/aes`'s AES-GCM was replaced in favor of [`cryptopasta/encrypt`](https://github.com/gtank/cryptopasta/blob/master/encrypt.go). +As this includes a change of how nonces are appended to the ciphertext, ORY Hydra will be unable to decipher existing +databases. + +There are two paths to migrate this change: +1. If you have not added any keys to the JWK store: + 1. Stop all Hydra instances. + 2. Drop all rows from the `hydra_jwk` table. + 3. Start **one** Hydra instance and wait for it to boot. + 4. Restart all remaining Hydra instances. +2. If you added keys to the JWK store: + 1. If you can afford to re-generate those keys: + 1. Write down all key ids you generated. + 2. Stop all Hydra instances. + 3. Drop all rows from the `hydra_jwk` table. + 4. Start **one** Hydra instance and wait for it to boot. + 5. Restart all remaining Hydra instances. + 6. Regenerate the keys and use the key ids you wrote down. + 2. If you can not afford to re-generate the keys: + 1. Export said keys using the REST API. + 2. Stop all Hydra instances. + 3. Drop all rows from the `hydra_jwk` table. + 4. Start **one** Hydra instance and wait for it to boot. + 5. Restart all remaining Hydra instances. + 6. Import said keys using the REST API. + +### Other changes + +#### Token signature algorithm changed from HMAC-SHA256 to HMAC-SHA512 + +The signature algorithm used to generate authorize codes, access tokens, and refresh tokens has been upgraded +from HMAC-SHA256 to HMAC-SHA512. With upgrading to alpha.9, all previously issued authorize codes, access tokens, and refresh will thus be +rendered invalid. Apart from some re-authorization procedures, which are usually automated, this should not have any +significant impact on your installation. + +#### RS256 JWK Generator now uses all 256 bit + +The RS256 JWK Generator now uses the full 256 bit range to generate secrets instead of a predefined rune sequence. +This change only affects keys generated in the future. + +## 0.10.0-alpha.1 **Warning: This version introduces breaking changes and is not suited for production use yet.** @@ -14,7 +103,9 @@ Please also note that the new scope strategy might render your administrative cl Set the environment variable `SCOPE_STRATEGY=DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY` to temporarily use the previous scope strategy and migrate the scopes manually. You may append `.*` to all scopes. For example, `hydra` is now `hydra hydra.*` -## New consent flow +### Breaking changes + +#### New consent flow Previously, the consent flow looked roughly like this: @@ -59,7 +150,7 @@ is now enough to confirm a consent request: Learn more on how the new consent flow works in the guide: https://ory.gitbooks.io/hydra/content/oauth2.html#consent-flow -## Audience +#### Audience Previously, the audience terminology was used as a synonym for OAuth2 client IDs. This is no longer the case. The audience is typically a URL identifying the endpoint(s) the token is intended for. For example, if a client requires access to @@ -71,30 +162,25 @@ renamed to `clientId` (where previously named `audience`) and `cid` (where previ **IMPORTANT NOTE:** This does **not** apply to OpenID Connect ID tokens. There, the `aud` claim **MUST** match the `client_id`. This discrepancy between OpenID Connect and OAuth 2.0 is what caused the confusion with the OAuth 2.0 audience terminology. -## Response payload changes to `/warden/token/allowed` +#### Response payload changes to `/warden/token/allowed` Previously, the response of the warden endpoint contained shorthands like `aud`, `iss`, and so on. Those have now been changed to their full names. For example, `iss` is now `issuer`. Additionally, `aud` is now named `clientId`. -## Go SDK +#### Go SDK The Go SDK was completely replaced in favor of a SDK based on `swagger-codegen`. Read more on it here: https://ory.gitbooks.io/hydra/content/sdk/go.html -## Health endpoints +#### Health endpoints * `GET /health` is now `GET /health/status` * `GET /health/stats` is now `GET /health/metrics` -## Group endpoints +#### Group endpoints * `GET /warden/groups` now returns a list of groups, not just a group id -## Refreshing OpenID Connect ID Token using `refresh_token` grant type - -1. It is now possible to refresh openid connect tokens using the refresh_token grant. An ID Token is issued if the scope -`openid` was requested, and the client is allowed to receive an ID Token. - -## Replacing hierarchical scope strategy with wildcard scope strategy +#### Replacing hierarchical scope strategy with wildcard scope strategy The previous scope matching strategy has been replaced in favor of a wildcard-based matching strategy. Read more on this strategy [here](https://ory.gitbooks.io/hydra/content/oauth2.html#oauth2-scopes). @@ -102,6 +188,13 @@ on this strategy [here](https://ory.gitbooks.io/hydra/content/oauth2.html#oauth2 To fall back to hierarchical scope matching, set the environment variable `SCOPE_STRATEGY=DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY`. This feature *might* be fully removed in the final 1.0.0 version. +### Non-breaking changes + +#### Refreshing OpenID Connect ID Token using `refresh_token` grant type + +1. It is now possible to refresh openid connect tokens using the refresh_token grant. An ID Token is issued if the scope +`openid` was requested, and the client is allowed to receive an ID Token. + ## 0.9.0 This version adds performance metrics to `/health` and sends anonymous usage statistics to our servers, [click here](https://ory.gitbooks.io/hydra/content/telemetry.html) for more diff --git a/README.md b/README.md index c43cfc3808f..f1588ede252 100644 --- a/README.md +++ b/README.md @@ -163,14 +163,13 @@ Hydra is a twelve factor OAuth2 and OpenID Connect provider #### Building from source -If you wish to compile ORY Hydra yourself, you need to install and set up [Go 1.8+](https://golang.org/) and add `$GOPATH/bin` -to your `$PATH`. To do so, run the following commands in a shell (bash, sh, cmd.exe, ...): +If you wish to compile ORY Hydra yourself, you need to install and set up [Go 1.9+](https://golang.org/) and add `$GOPATH/bin` +to your `$PATH` as well as [golang/dep](http://github.com/golang/dep). To do so, run the following commands in a shell (bash, sh, cmd.exe, ...): ``` go get -d -u github.com/ory/hydra -go get github.com/Masterminds/glide cd $GOPATH/src/github.com/ory/hydra -glide install +dep ensure go install github.com/ory/hydra hydra ``` @@ -253,10 +252,9 @@ Developing with ORY Hydra is as easy as: ``` go get -d -u github.com/ory/hydra -go get github.com/Masterminds/glide cd $GOPATH/src/github.com/ory/hydra -glide install -go test $(glide novendor) +dep ensure +go test ./... ``` Then run it with in-memory database: diff --git a/client/manager_test_helpers.go b/client/manager_test_helpers.go index 3291c7c9c48..de1992ee092 100644 --- a/client/manager_test_helpers.go +++ b/client/manager_test_helpers.go @@ -10,6 +10,7 @@ import ( func TestHelperClientAutoGenerateKey(k string, m Storage) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() c := &Client{ Secret: "secret", RedirectURIs: []string{"http://redirect"}, @@ -23,6 +24,7 @@ func TestHelperClientAutoGenerateKey(k string, m Storage) func(t *testing.T) { func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() m.CreateClient(&Client{ ID: "1234321", Secret: "secret", @@ -40,6 +42,7 @@ func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) { func TestHelperCreateGetDeleteClient(k string, m Storage) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() _, err := m.GetClient(nil, "4321") assert.NotNil(t, err) diff --git a/cmd/server/helper_cert.go b/cmd/server/helper_cert.go index bd09d2761ed..da6835ddf67 100644 --- a/cmd/server/helper_cert.go +++ b/cmd/server/helper_cert.go @@ -84,8 +84,8 @@ func getOrCreateTLSCertificate(cmd *cobra.Command, c *config.Config) tls.Certifi private := jwk.First(keys.Key("private")) private.Certificates = []*x509.Certificate{cert} - keys = &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + keys = &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ *private, *jwk.First(keys.Key("public")), }, diff --git a/config/backend_sql_test.go b/config/backend_sql_test.go index 7e94366df5c..b795a310d96 100644 --- a/config/backend_sql_test.go +++ b/config/backend_sql_test.go @@ -1,6 +1,7 @@ package config import ( + "flag" "fmt" "log" "net/url" @@ -9,9 +10,9 @@ import ( "testing" "time" - "flag" - + _ "github.com/go-sql-driver/mysql" "github.com/jmoiron/sqlx" + _ "github.com/lib/pq" "github.com/ory/dockertest" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" @@ -125,6 +126,16 @@ func killAll() { } func bootstrapMySQL() *url.URL { + if uu := os.Getenv("TEST_DATABASE_MYSQL"); uu != "" { + log.Println("Found mysql test database config, skipping dockertest...") + _, err := sqlx.Open("postgres", uu) + if err != nil { + log.Fatalf("Could not connect to bootstrapped database: %s", err) + } + u, _ := url.Parse("mysql://" + uu) + return u + } + var db *sqlx.DB var err error var urls string @@ -160,6 +171,16 @@ func bootstrapMySQL() *url.URL { } func bootstrapPostgres() *url.URL { + if uu := os.Getenv("TEST_DATABASE_POSTGRESQL"); uu != "" { + log.Println("Found postgresql test database config, skipping dockertest...") + _, err := sqlx.Open("postgres", uu) + if err != nil { + log.Fatalf("Could not connect to bootstrapped database: %s", err) + } + u, _ := url.Parse(uu) + return u + } + var db *sqlx.DB var err error var urls string diff --git a/docs/api.swagger.json b/docs/api.swagger.json index 0578de0ab7d..fb1eee4720d 100644 --- a/docs/api.swagger.json +++ b/docs/api.swagger.json @@ -531,7 +531,7 @@ } }, "post": { - "description": "This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as\nsymmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA).\n\n\nIf the specified JSON Web Key Set does not exist, it will be created.\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```", + "description": "This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as\nsymmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA).\n\n\nIf the specified JSON Web Key Set does not exist, it will be created.\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```", "consumes": [ "application/json" ], @@ -1928,12 +1928,6 @@ "Handler": { "type": "object", "properties": { - "Generators": { - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/KeyGenerator" - } - }, "H": { "$ref": "#/definitions/Writer" }, @@ -1944,7 +1938,7 @@ "$ref": "#/definitions/Firewall" } }, - "x-go-package": "github.com/ory/hydra/jwk" + "x-go-package": "github.com/ory/hydra/warden/group" }, "KeyGenerator": { "type": "object", @@ -2173,7 +2167,7 @@ ], "properties": { "alg": { - "description": "The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\"", + "description": "The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\"", "type": "string", "x-go-name": "Algorithm" }, diff --git a/glide.lock b/glide.lock deleted file mode 100644 index 2664e523f3b..00000000000 --- a/glide.lock +++ /dev/null @@ -1,247 +0,0 @@ -hash: c4be9b74aa40e60d7722f40bf12dd531809a39647f5b1958345598024b9e8509 -updated: 2017-10-05T16:00:11.7993519+02:00 -imports: -- name: github.com/asaskevich/govalidator - version: 4918b99a7cb949bb295f3c7bbaf24b577d806e35 -- name: github.com/Azure/go-ansiterm - version: 19f72df4d05d31cbe1c56bfc8045c96babff6c7e - subpackages: - - winterm -- name: github.com/cenk/backoff - version: 32cd0c5b3aef12c76ed64aaf678f6c79736be7dc -- name: github.com/davecgh/go-spew - version: 6d212800a42e8ab5c146b8ace3490ee17e5225f9 - subpackages: - - spew -- name: github.com/dgrijalva/jwt-go - version: d2709f9f1f31ebcda9651b03077758c1f3a0018c -- name: github.com/docker/docker - version: 89658bed64c2a8fe05a978e5b87dbec409d57a0f - subpackages: - - api/types - - api/types/blkiodev - - api/types/container - - api/types/filters - - api/types/mount - - api/types/network - - api/types/registry - - api/types/strslice - - api/types/swarm - - api/types/versions - - opts - - pkg/archive - - pkg/fileutils - - pkg/homedir - - pkg/idtools - - pkg/ioutils - - pkg/jsonlog - - pkg/jsonmessage - - pkg/longpath - - pkg/pools - - pkg/promise - - pkg/stdcopy - - pkg/system - - pkg/term - - pkg/term/windows - - pkg/testutil/assert -- name: github.com/docker/go-connections - version: 3ede32e2033de7505e6500d6c868c2b9ed9f169d - subpackages: - - nat -- name: github.com/docker/go-units - version: 0dadbb0345b35ec7ef35e228dabb8de89a65bf52 -- name: github.com/fsnotify/fsnotify - version: 4da3e2cfbabc9f751898f250b49f2439785783a1 -- name: github.com/fsouza/go-dockerclient - version: 98edf3edfae6a6500fecc69d2bcccf1302544004 -- name: github.com/go-resty/resty - version: 9ac9c42358f7c3c69ac9f8610e8790d7c338e85d -- name: github.com/go-sql-driver/mysql - version: a0583e0143b1624142adab07e0e97fe106d99561 -- name: github.com/golang/protobuf - version: 11b8df160996e00fd4b55cbaafb3d84ec6d50fa8 - subpackages: - - proto -- name: github.com/gorilla/context - version: 1ea25387ff6f684839d82767c1733ff4d4d15d0a -- name: github.com/gorilla/securecookie - version: e59506cc896acb7f7bf732d4fdf5e25f7ccd8983 -- name: github.com/gorilla/sessions - version: ca9ada44574153444b00d3fd9c8559e4cc95f896 -- name: github.com/hashicorp/golang-lru - version: 0a025b7e63adc15a622f29b0b2c4c3848243bbf6 - subpackages: - - simplelru -- name: github.com/hashicorp/hcl - version: 68e816d1c783414e79bc65b3994d9ab6b0a722ab - subpackages: - - hcl/ast - - hcl/parser - - hcl/scanner - - hcl/strconv - - hcl/token - - json/parser - - json/scanner - - json/token -- name: github.com/imdario/mergo - version: 3e95a51e0639b4cf372f2ccf74c86749d747fbdc -- name: github.com/inconshreveable/mousetrap - version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 -- name: github.com/jehiah/go-strftime - version: 834e15c05a45371503440cc195bbd05c9a0968d9 -- name: github.com/jmoiron/sqlx - version: d9bd385d68c068f1fabb5057e3dedcbcbb039d0f - subpackages: - - reflectx -- name: github.com/julienschmidt/httprouter - version: 8c199fb6259ffc1af525cc3ad52ee60ba8359669 -- name: github.com/lib/pq - version: e42267488fe361b9dc034be7a6bffef5b195bceb - subpackages: - - oid -- name: github.com/magiconair/properties - version: 8d7837e64d3c1ee4e54a880c5a920ab4316fc90a -- name: github.com/meatballhat/negroni-logrus - version: 31067281800f66f57548a7a32d9c6c5f963fef83 -- name: github.com/Microsoft/go-winio - version: 78439966b38d69bf38227fbf57ac8a6fee70f69a -- name: github.com/mitchellh/mapstructure - version: d0303fe809921458f417bcf828397a65db30a7e4 -- name: github.com/mohae/deepcopy - version: 491d3605edfb866af34a48075bd4355ac1bf46ca -- name: github.com/moul/http2curl - version: 4e24498b31dba4683efb9d35c1c8a91e2eda28c8 -- name: github.com/Nvveen/Gotty - version: cd527374f1e5bff4938207604a14f2e38a9cf512 -- name: github.com/oleiade/reflections - version: 2b6ec3da648e3e834dc41bad8d9ed7f2dc6a9496 -- name: github.com/opencontainers/runc - version: 593914b8bd5448a93f7c3e4902a03408b6d5c0ce - subpackages: - - libcontainer/system - - libcontainer/user -- name: github.com/ory/dockertest - version: a7951f7a8442f0e70d36e499ed4d744f00af2963 -- name: github.com/ory/fosite - version: 461b38fd07e47dad709667f024e98a71bfd3792b - subpackages: - - compose - - handler/oauth2 - - handler/openid - - storage - - token/hmac - - token/jwt -- name: github.com/ory/graceful - version: 3d30c83329259f53a904d428b38d8cb8fba7bd77 -- name: github.com/ory/herodot - version: 5bb399b8a5aa583343a2108e723b990432b4a1b4 -- name: github.com/ory/ladon - version: 306b2e6adf322d429e72ace6be16818dda75f574 - subpackages: - - compiler - - manager/memory - - manager/sql -- name: github.com/pborman/uuid - version: a97ce2ca70fa5a848076093f05e639a89ca34d06 -- name: github.com/pelletier/go-toml - version: 1d6b12b7cb290426e27e6b4e38b89fcda3aeef03 -- name: github.com/pkg/errors - version: 645ef00459ed84a119197bfb8d8205042c6df63d -- name: github.com/pkg/profile - version: 5b67d428864e92711fcbd2f8629456121a56d91f -- name: github.com/pmezard/go-difflib - version: d8ed2627bdf02c080bf22230dbb337003b7aba2d - subpackages: - - difflib -- name: github.com/rubenv/sql-migrate - version: 79fe99e24311fa42469fb2ca23eb3f8f065e6155 - subpackages: - - sqlparse -- name: github.com/segmentio/analytics-go - version: 2d840d861c322bdf5346ba7917af1c2285e653d3 -- name: github.com/segmentio/backo-go - version: 204274ad699c0983a70203a566887f17a717fef4 -- name: github.com/sirupsen/logrus - version: 89742aefa4b206dcf400792f3bd35b542998eb3b -- name: github.com/Sirupsen/logrus - version: 89742aefa4b206dcf400792f3bd35b542998eb3b - repo: https://github.com/sirupsen/logrus.git - vcs: git -- name: github.com/spf13/afero - version: ee1bd8ee15a1306d1f9201acc41ef39cd9f99a1b - subpackages: - - mem -- name: github.com/spf13/cast - version: acbeb36b902d72a7a4c18e8f3241075e7ab763e4 -- name: github.com/spf13/cobra - version: b78744579491c1ceeaaa3b40205e56b0591b93a3 -- name: github.com/spf13/jwalterweatherman - version: 12bd96e66386c1960ab0f74ced1362f66f552f7b -- name: github.com/spf13/pflag - version: 7aff26db30c1be810f9de5038ec5ef96ac41fd7c -- name: github.com/spf13/viper - version: 25b30aa063fc18e48662b86996252eabdcf2f0c7 -- name: github.com/square/go-jose - version: aa2e30fdd1fe9dd3394119af66451ae790d50e0d - subpackages: - - json -- name: github.com/stretchr/testify - version: 69483b4bd14f5845b5a1e55bca19e954e827f1d0 - subpackages: - - assert - - require -- name: github.com/toqueteos/webbrowser - version: 21fc9f95c83442fd164094666f7cb4f9fdd56cd6 -- name: github.com/urfave/negroni - version: fde5e16d32adc7ad637e9cd9ad21d4ebc6192535 -- name: github.com/xtgo/uuid - version: a0b114877d4caeffbd7f87e3757c17fce570fea7 -- name: golang.org/x/crypto - version: faadfbdc035307d901e69eea569f5dda451a3ee3 - subpackages: - - bcrypt - - blowfish - - ssh/terminal -- name: golang.org/x/net - version: 859d1a86bb617c0c20d154590c3c5d3fcb670b07 - subpackages: - - context - - context/ctxhttp - - publicsuffix -- name: golang.org/x/oauth2 - version: 13449ad91cb26cb47661c1b080790392170385fd - subpackages: - - clientcredentials - - internal -- name: golang.org/x/sys - version: 062cd7e4e68206d8bab9b18396626e855c992658 - subpackages: - - unix - - windows -- name: golang.org/x/text - version: 1cbadb444a806fd9430d14ad08967ed91da4fa0a - subpackages: - - transform - - unicode/norm -- name: google.golang.org/appengine - version: d9a072cfa7b9736e44311ef77b3e09d804bfa599 - subpackages: - - internal - - internal/base - - internal/datastore - - internal/log - - internal/remote_api - - internal/urlfetch - - urlfetch -- name: gopkg.in/gorp.v1 - version: c87af80f3cc5036b55b83d77171e156791085e2e -- name: gopkg.in/square/go-jose.v1 - version: aa2e30fdd1fe9dd3394119af66451ae790d50e0d - subpackages: - - cipher - - json -- name: gopkg.in/yaml.v2 - version: eb3733d160e74a9c7e442f435eb3bea458e1d19f -testImports: -- name: github.com/bmizerany/assert - version: b7ed37b82869576c289d7d97fb2bbd8b64a0cb28 diff --git a/glide.yaml b/glide.yaml deleted file mode 100644 index 2744db083ac..00000000000 --- a/glide.yaml +++ /dev/null @@ -1,80 +0,0 @@ -package: github.com/ory/hydra -import: -- package: github.com/sirupsen/logrus - version: master -- package: github.com/Sirupsen/logrus - repo: https://github.com/sirupsen/logrus.git - vcs: git - version: master -- package: github.com/dgrijalva/jwt-go - version: 3.0.0 -- package: github.com/go-sql-driver/mysql - version: 1.3.0 -- package: github.com/gorilla/context - version: 1.1.0 -- package: github.com/gorilla/sessions - version: 1.1.0 -- package: github.com/imdario/mergo - version: 0.2.2 -- package: github.com/jmoiron/sqlx -- package: github.com/julienschmidt/httprouter - version: 1.1.0 -- package: github.com/go-resty/resty - version: 1.0.0 -- package: github.com/lib/pq -- package: github.com/meatballhat/negroni-logrus -- package: github.com/moul/http2curl -- package: github.com/oleiade/reflections - version: 1.0.0 -- package: github.com/go-resty/resty - version: 1.0.0 -- package: github.com/ory/fosite - version: 0.11.3 - subpackages: - - compose - - handler/oauth2 - - handler/openid - - storage - - token/hmac - - token/jwt -- package: github.com/ory/graceful - version: 0.1.0 -- package: github.com/ory/herodot - version: 0.1.1 -- package: github.com/ory/ladon - version: 0.8.2 - subpackages: - - manager/memory - - manager/sql -- package: github.com/pborman/uuid - version: 1.0.0 -- package: github.com/segmentio/analytics-go - version: 2.1.1 -- package: github.com/pkg/errors - version: 0.8.0 -- package: github.com/pkg/profile - version: 1.2.1 -- package: github.com/rubenv/sql-migrate -- package: github.com/spf13/cobra -- package: github.com/spf13/viper -- package: github.com/square/go-jose - version: ~1.1.0 - subpackages: - - json -- package: github.com/stretchr/testify - version: 1.1.4 - subpackages: - - assert - - require -- package: github.com/toqueteos/webbrowser - version: 1.0.0 -- package: github.com/urfave/negroni - version: 0.2.0 -- package: golang.org/x/oauth2 - subpackages: - - clientcredentials -- package: gopkg.in/yaml.v2 -- package: github.com/mohae/deepcopy -testImport: -- package: github.com/bmizerany/assert -- package: github.com/ory/dockertest diff --git a/integration/docker.go b/integration/docker.go index 1af57eabb2f..3935355d01c 100644 --- a/integration/docker.go +++ b/integration/docker.go @@ -5,6 +5,8 @@ import ( "log" "time" + "os" + _ "github.com/go-sql-driver/mysql" "github.com/jmoiron/sqlx" _ "github.com/lib/pq" @@ -24,6 +26,15 @@ func KillAll() { } func ConnectToMySQL() *sqlx.DB { + if url := os.Getenv("TEST_DATABASE_MYSQL"); url != "" { + log.Println("Found mysql test database config, skipping dockertest...") + db, err := sqlx.Open("mysql", url) + if err != nil { + log.Fatalf("Could not connect to bootstrapped database: %s", err) + } + return db + } + var db *sqlx.DB var err error pool, err = dockertest.NewPool("") @@ -54,6 +65,15 @@ func ConnectToMySQL() *sqlx.DB { } func ConnectToPostgres() *sqlx.DB { + if url := os.Getenv("TEST_DATABASE_POSTGRESQL"); url != "" { + log.Println("Found postgresql test database config, skipping dockertest...") + db, err := sqlx.Open("postgres", url) + if err != nil { + log.Fatalf("Could not connect to bootstrapped database: %s", err) + } + return db + } + var db *sqlx.DB var err error pool, err = dockertest.NewPool("") diff --git a/integration/sql_schema_test.go b/integration/sql_schema_test.go index aba091161a1..5c782034850 100644 --- a/integration/sql_schema_test.go +++ b/integration/sql_schema_test.go @@ -25,15 +25,16 @@ func TestSQLSchema(t *testing.T) { p1 := ks.Key("private") r := fosite.NewRequest() r.ID = "foo" - db := ConnectToMySQL() + db := ConnectToPostgres() cm := &client.SQLManager{DB: db, Hasher: &fosite.BCrypt{}} gm := group.SQLManager{DB: db} jm := jwk.SQLManager{DB: db, Cipher: &jwk.AEAD{Key: []byte("11111111111111111111111111111111")}} om := oauth2.FositeSQLStore{Manager: cm, DB: db, L: logrus.New()} + crm := oauth2.NewConsentRequestSQLManager(db) pm := lsql.NewSQLManager(db, nil) - _, err := pm.CreateSchemas("", "hydra_ladon_migration") + _, err := pm.CreateSchemas("", "hydra_policy_migration") require.NoError(t, err) _, err = cm.CreateSchemas() require.NoError(t, err) @@ -43,13 +44,16 @@ func TestSQLSchema(t *testing.T) { require.NoError(t, err) _, err = om.CreateSchemas() require.NoError(t, err) + _, err = crm.CreateSchemas() + require.NoError(t, err) - require.Nil(t, jm.AddKey("foo", jwk.First(p1))) - require.Nil(t, pm.Create(&ladon.DefaultPolicy{ID: "foo"})) - require.Nil(t, cm.CreateClient(&client.Client{ID: "foo"})) - require.Nil(t, om.CreateAccessTokenSession(nil, "asdfasdf", r)) - require.Nil(t, gm.CreateGroup(&group.Group{ - ID: "asdfas", + require.NoError(t, jm.AddKey("integration-test-foo", jwk.First(p1))) + require.NoError(t, pm.Create(&ladon.DefaultPolicy{ID: "integration-test-foo", Resources: []string{"foo"}, Actions: []string{"bar"}, Subjects: []string{"baz"}, Effect: "allow"})) + require.NoError(t, cm.CreateClient(&client.Client{ID: "integration-test-foo"})) + require.NoError(t, crm.PersistConsentRequest(&oauth2.ConsentRequest{ID: "integration-test-foo"})) + require.NoError(t, om.CreateAccessTokenSession(nil, "asdfasdf", r)) + require.NoError(t, gm.CreateGroup(&group.Group{ + ID: "integration-test-asdfas", Members: []string{"asdf"}, })) } diff --git a/jwk/aead.go b/jwk/aead.go index bc073b26d2b..5bc7f940970 100644 --- a/jwk/aead.go +++ b/jwk/aead.go @@ -1,12 +1,9 @@ package jwk import ( - "crypto/aes" - "crypto/cipher" - "crypto/rand" "encoding/base64" - "io" + "github.com/gtank/cryptopasta" "github.com/pkg/errors" ) @@ -15,29 +12,19 @@ type AEAD struct { } func (c *AEAD) Encrypt(plaintext []byte) (string, error) { - // The key argument should be the AES key, either 16 or 32 bytes - // to select AES-128 or AES-256. if len(c.Key) < 32 { - return "", errors.Errorf("Key must be longer 32 bytes, got %d bytes", len(c.Key)) + return "", errors.Errorf("Key must be 32 bytes, got %d bytes", len(c.Key)) } - block, err := aes.NewCipher(c.Key[:32]) - if err != nil { - return "", errors.WithStack(err) - } - - nonce := make([]byte, 12) - if _, err := io.ReadFull(rand.Reader, nonce); err != nil { - return "", errors.WithStack(err) - } + var key [32]byte + copy(key[:], c.Key[:32]) - aesgcm, err := cipher.NewGCM(block) + ciphertext, err := cryptopasta.Encrypt(plaintext, &key) if err != nil { return "", errors.WithStack(err) } - ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) - return base64.URLEncoding.EncodeToString(append(ciphertext, nonce...)), nil + return base64.URLEncoding.EncodeToString(ciphertext), nil } func (c *AEAD) Decrypt(ciphertext string) ([]byte, error) { @@ -45,26 +32,14 @@ func (c *AEAD) Decrypt(ciphertext string) ([]byte, error) { return []byte{}, errors.Errorf("Key must be longer 32 bytes, got %d bytes", len(c.Key)) } - raw, err := base64.URLEncoding.DecodeString(ciphertext) - if err != nil { - return []byte{}, errors.WithStack(err) - } + var key [32]byte + copy(key[:], c.Key[:32]) - n := len(raw) - block, err := aes.NewCipher(c.Key) - if err != nil { - return []byte{}, errors.WithStack(err) - } - - aesgcm, err := cipher.NewGCM(block) - if err != nil { - return []byte{}, errors.WithStack(err) - } - - plaintext, err := aesgcm.Open(nil, raw[n-12:n], raw[:n-12], nil) + raw, err := base64.URLEncoding.DecodeString(ciphertext) if err != nil { return []byte{}, errors.WithStack(err) } + plaintext, err := cryptopasta.Decrypt(raw, &key) return plaintext, nil } diff --git a/jwk/cast.go b/jwk/cast.go index 9f58fdad5d5..845a7844b98 100644 --- a/jwk/cast.go +++ b/jwk/cast.go @@ -7,7 +7,7 @@ import ( "github.com/square/go-jose" ) -func MustRSAPublic(key *jose.JsonWebKey) *rsa.PublicKey { +func MustRSAPublic(key *jose.JSONWebKey) *rsa.PublicKey { res, err := ToRSAPublic(key) if err != nil { panic(err.Error()) @@ -16,7 +16,7 @@ func MustRSAPublic(key *jose.JsonWebKey) *rsa.PublicKey { } -func ToRSAPublic(key *jose.JsonWebKey) (*rsa.PublicKey, error) { +func ToRSAPublic(key *jose.JSONWebKey) (*rsa.PublicKey, error) { res, ok := key.Key.(*rsa.PublicKey) if !ok { return res, errors.New("Could not convert key to RSA Private Key.") @@ -24,7 +24,7 @@ func ToRSAPublic(key *jose.JsonWebKey) (*rsa.PublicKey, error) { return res, nil } -func MustRSAPrivate(key *jose.JsonWebKey) *rsa.PrivateKey { +func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey { res, err := ToRSAPrivate(key) if err != nil { panic(err.Error()) @@ -32,7 +32,7 @@ func MustRSAPrivate(key *jose.JsonWebKey) *rsa.PrivateKey { return res } -func ToRSAPrivate(key *jose.JsonWebKey) (*rsa.PrivateKey, error) { +func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error) { res, ok := key.Key.(*rsa.PrivateKey) if !ok { return res, errors.New("Could not convert key to RSA Private Key.") diff --git a/jwk/generator.go b/jwk/generator.go index 008d024c84c..04e73cefaa1 100644 --- a/jwk/generator.go +++ b/jwk/generator.go @@ -3,5 +3,5 @@ package jwk import "github.com/square/go-jose" type KeyGenerator interface { - Generate(id string) (*jose.JsonWebKeySet, error) + Generate(id string) (*jose.JSONWebKeySet, error) } diff --git a/jwk/generator_ecdsa256.go b/jwk/generator_ecdsa256.go index 1b84697119d..71552fe5e42 100644 --- a/jwk/generator_ecdsa256.go +++ b/jwk/generator_ecdsa256.go @@ -12,14 +12,14 @@ import ( type ECDSA256Generator struct{} -func (g *ECDSA256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { +func (g *ECDSA256Generator) Generate(id string) (*jose.JSONWebKeySet, error) { key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { return nil, errors.Errorf("Could not generate key because %s", err) } - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ { Key: key, KeyID: ider("private", id), diff --git a/jwk/generator_ecdsa521.go b/jwk/generator_ecdsa521.go index 8f1f5737401..600b5afdb31 100644 --- a/jwk/generator_ecdsa521.go +++ b/jwk/generator_ecdsa521.go @@ -12,14 +12,14 @@ import ( type ECDSA521Generator struct{} -func (g *ECDSA521Generator) Generate(id string) (*jose.JsonWebKeySet, error) { +func (g *ECDSA521Generator) Generate(id string) (*jose.JSONWebKeySet, error) { key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) if err != nil { return nil, errors.Errorf("Could not generate key because %s", err) } - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ { Key: key, KeyID: ider("private", id), diff --git a/jwk/generator_hs256.go b/jwk/generator_hs256.go index ff9615c09c7..65fb8386338 100644 --- a/jwk/generator_hs256.go +++ b/jwk/generator_hs256.go @@ -1,36 +1,31 @@ package jwk import ( + "crypto/rand" "crypto/x509" + "io" - "github.com/ory/hydra/rand/sequence" "github.com/pkg/errors" "github.com/square/go-jose" ) -type HS256Generator struct { - Length int -} - -func (g *HS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { - if g.Length < 12 { - g.Length = 12 - } +type HS256Generator struct{} - if id == "" { - id = "shared" - } - - key, err := sequence.RuneSequence(g.Length, []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,.-;:_#+*!ยง$%&/()=?}][{<>")) +func (g *HS256Generator) Generate(id string) (*jose.JSONWebKeySet, error) { + // Taken from NewHMACKey + key := &[16]byte{} + _, err := io.ReadFull(rand.Reader, key[:]) if err != nil { - return nil, errors.Errorf("Could not generate key because %s", err) + return nil, errors.WithStack(err) } - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + var sliceKey = key[:] + + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ { Algorithm: "HS256", - Key: []byte(string(key)), + Key: sliceKey, KeyID: id, Certificates: []*x509.Certificate{}, }, diff --git a/jwk/generator_hs512.go b/jwk/generator_hs512.go new file mode 100644 index 00000000000..35beddcfcee --- /dev/null +++ b/jwk/generator_hs512.go @@ -0,0 +1,34 @@ +package jwk + +import ( + "crypto/rand" + "crypto/x509" + "io" + + "github.com/pkg/errors" + "github.com/square/go-jose" +) + +type HS512Generator struct{} + +func (g *HS512Generator) Generate(id string) (*jose.JSONWebKeySet, error) { + // Taken from NewHMACKey + key := &[32]byte{} + _, err := io.ReadFull(rand.Reader, key[:]) + if err != nil { + return nil, errors.WithStack(err) + } + + var sliceKey = key[:] + + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ + { + Algorithm: "HS512", + Key: sliceKey, + KeyID: id, + Certificates: []*x509.Certificate{}, + }, + }, + }, nil +} diff --git a/jwk/generator_rs256.go b/jwk/generator_rs256.go index b6d9a4b4e6b..8b13a54cd3f 100644 --- a/jwk/generator_rs256.go +++ b/jwk/generator_rs256.go @@ -14,7 +14,7 @@ type RS256Generator struct { KeyLength int } -func (g *RS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { +func (g *RS256Generator) Generate(id string) (*jose.JSONWebKeySet, error) { if g.KeyLength < 4096 { g.KeyLength = 4096 } @@ -28,8 +28,8 @@ func (g *RS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { // jose does not support this... key.Precomputed = rsa.PrecomputedValues{} - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ { Algorithm: "RS256", Key: key, diff --git a/jwk/generator_test.go b/jwk/generator_test.go index a155bac2722..d548766d03e 100644 --- a/jwk/generator_test.go +++ b/jwk/generator_test.go @@ -17,32 +17,44 @@ func TestGenerator(t *testing.T) { for k, c := range []struct { g KeyGenerator - check func(*jose.JsonWebKeySet) + check func(*jose.JSONWebKeySet) }{ { g: &RS256Generator{}, - check: func(ks *jose.JsonWebKeySet) { + check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) + assert.NotEmpty(t, ks.Keys[0].Key) + assert.NotEmpty(t, ks.Keys[1].Key) }, }, { g: &ECDSA521Generator{}, - check: func(ks *jose.JsonWebKeySet) { + check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) + assert.NotEmpty(t, ks.Keys[0].Key) + assert.NotEmpty(t, ks.Keys[1].Key) }, }, { g: &ECDSA256Generator{}, - check: func(ks *jose.JsonWebKeySet) { + check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) + assert.NotEmpty(t, ks.Keys[0].Key) + assert.NotEmpty(t, ks.Keys[1].Key) }, }, { - g: &HS256Generator{ - Length: 32, + g: &HS256Generator{}, + check: func(ks *jose.JSONWebKeySet) { + assert.Len(t, ks, 1) + assert.NotEmpty(t, ks.Keys[0].Key) }, - check: func(ks *jose.JsonWebKeySet) { + }, + { + g: &HS512Generator{}, + check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 1) + assert.NotEmpty(t, ks.Keys[0].Key) }, }, } { diff --git a/jwk/handler.go b/jwk/handler.go index 65a91543d56..fb5c525eeb8 100644 --- a/jwk/handler.go +++ b/jwk/handler.go @@ -29,9 +29,8 @@ func (h *Handler) GetGenerators() map[string]KeyGenerator { h.Generators = map[string]KeyGenerator{ "RS256": &RS256Generator{}, "ES521": &ECDSA521Generator{}, - "HS256": &HS256Generator{ - Length: 32, - }, + "HS256": &HS256Generator{}, + "HS512": &HS512Generator{}, } } return h.Generators @@ -53,7 +52,7 @@ func (h *Handler) SetRoutes(r *httprouter.Router) { // swagger:model jsonWebKeySetGeneratorRequest type createRequest struct { - // The algorithm to be used for creating the key. Supports "RS256", "ES521" and "HS256" + // The algorithm to be used for creating the key. Supports "RS256", "ES521", "HS512", and "HS256" // required: true // in: body Algorithm string `json:"alg"` @@ -249,7 +248,7 @@ func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httproute // Generate a new JSON Web Key // // This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as -// symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). +// symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). // // // If the specified JSON Web Key Set does not exist, it will be created. @@ -354,7 +353,7 @@ func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.P func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ctx = context.Background() var requests joseWebKeySetRequest - var keySet = new(jose.JsonWebKeySet) + var keySet = new(jose.JSONWebKeySet) var set = ps.ByName("set") if _, err := h.W.TokenAllowed(ctx, h.W.TokenFromRequest(r), &firewall.TokenAccessRequest{ @@ -371,7 +370,7 @@ func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httpro } for _, request := range requests.Keys { - key := &jose.JsonWebKey{} + key := &jose.JSONWebKey{} if err := key.UnmarshalJSON(request); err != nil { h.H.WriteError(w, r, errors.WithStack(err)) } @@ -421,7 +420,7 @@ func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httpro // 500: genericError func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ctx = context.Background() - var key jose.JsonWebKey + var key jose.JSONWebKey var set = ps.ByName("set") if err := json.NewDecoder(r.Body).Decode(&key); err != nil { diff --git a/jwk/handler_test.go b/jwk/handler_test.go index f531af4894d..3d1f2ec7e6f 100644 --- a/jwk/handler_test.go +++ b/jwk/handler_test.go @@ -18,7 +18,7 @@ import ( ) var testServer *httptest.Server -var IDKS *jose.JsonWebKeySet +var IDKS *jose.JSONWebKeySet func init() { localWarden, _ := compose.NewMockFirewall( @@ -57,7 +57,7 @@ func TestHandlerWellKnown(t *testing.T) { require.NoError(t, err, "problem in http request") defer res.Body.Close() - var known jose.JsonWebKeySet + var known jose.JSONWebKeySet err = json.NewDecoder(res.Body).Decode(&known) require.NoError(t, err, "problem in decoding response") diff --git a/jwk/helper.go b/jwk/helper.go index 67465286929..b522b7b2992 100644 --- a/jwk/helper.go +++ b/jwk/helper.go @@ -10,7 +10,7 @@ import ( "github.com/square/go-jose" ) -func First(keys []jose.JsonWebKey) *jose.JsonWebKey { +func First(keys []jose.JSONWebKey) *jose.JSONWebKey { if len(keys) == 0 { return nil } diff --git a/jwk/manager.go b/jwk/manager.go index b4da6533ef7..efd2a23e11b 100644 --- a/jwk/manager.go +++ b/jwk/manager.go @@ -3,13 +3,13 @@ package jwk import "github.com/square/go-jose" type Manager interface { - AddKey(set string, key *jose.JsonWebKey) error + AddKey(set string, key *jose.JSONWebKey) error - AddKeySet(set string, keys *jose.JsonWebKeySet) error + AddKeySet(set string, keys *jose.JSONWebKeySet) error - GetKey(set, kid string) (*jose.JsonWebKeySet, error) + GetKey(set, kid string) (*jose.JSONWebKeySet, error) - GetKeySet(set string) (*jose.JsonWebKeySet, error) + GetKeySet(set string) (*jose.JSONWebKeySet, error) DeleteKey(set, kid string) error diff --git a/jwk/manager_memory.go b/jwk/manager_memory.go index f77b9a3c9e1..4dcc9356825 100644 --- a/jwk/manager_memory.go +++ b/jwk/manager_memory.go @@ -9,30 +9,30 @@ import ( ) type MemoryManager struct { - Keys map[string]*jose.JsonWebKeySet + Keys map[string]*jose.JSONWebKeySet sync.RWMutex } -func (m *MemoryManager) AddKey(set string, key *jose.JsonWebKey) error { +func (m *MemoryManager) AddKey(set string, key *jose.JSONWebKey) error { m.Lock() defer m.Unlock() m.alloc() if m.Keys[set] == nil { - m.Keys[set] = &jose.JsonWebKeySet{Keys: []jose.JsonWebKey{}} + m.Keys[set] = &jose.JSONWebKeySet{Keys: []jose.JSONWebKey{}} } m.Keys[set].Keys = append(m.Keys[set].Keys, *key) return nil } -func (m *MemoryManager) AddKeySet(set string, keys *jose.JsonWebKeySet) error { +func (m *MemoryManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error { for _, key := range keys.Keys { m.AddKey(set, &key) } return nil } -func (m *MemoryManager) GetKey(set, kid string) (*jose.JsonWebKeySet, error) { +func (m *MemoryManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error) { m.RLock() defer m.RUnlock() @@ -47,12 +47,12 @@ func (m *MemoryManager) GetKey(set, kid string) (*jose.JsonWebKeySet, error) { return nil, errors.Wrap(pkg.ErrNotFound, "") } - return &jose.JsonWebKeySet{ + return &jose.JSONWebKeySet{ Keys: result, }, nil } -func (m *MemoryManager) GetKeySet(set string) (*jose.JsonWebKeySet, error) { +func (m *MemoryManager) GetKeySet(set string) (*jose.JSONWebKeySet, error) { m.RLock() defer m.RUnlock() @@ -72,7 +72,7 @@ func (m *MemoryManager) DeleteKey(set, kid string) error { } m.Lock() - var results []jose.JsonWebKey + var results []jose.JSONWebKey for _, key := range keys.Keys { if key.KeyID != kid { results = append(results) @@ -94,6 +94,6 @@ func (m *MemoryManager) DeleteKeySet(set string) error { func (m *MemoryManager) alloc() { if m.Keys == nil { - m.Keys = make(map[string]*jose.JsonWebKeySet) + m.Keys = make(map[string]*jose.JSONWebKeySet) } } diff --git a/jwk/manager_sql.go b/jwk/manager_sql.go index 278f3490459..d3f8157d536 100644 --- a/jwk/manager_sql.go +++ b/jwk/manager_sql.go @@ -52,7 +52,7 @@ func (s *SQLManager) CreateSchemas() (int, error) { return n, nil } -func (m *SQLManager) AddKey(set string, key *jose.JsonWebKey) error { +func (m *SQLManager) AddKey(set string, key *jose.JSONWebKey) error { out, err := json.Marshal(key) if err != nil { return errors.WithStack(err) @@ -74,7 +74,7 @@ func (m *SQLManager) AddKey(set string, key *jose.JsonWebKey) error { return nil } -func (m *SQLManager) AddKeySet(set string, keys *jose.JsonWebKeySet) error { +func (m *SQLManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error { tx, err := m.DB.Beginx() if err != nil { return errors.WithStack(err) @@ -119,7 +119,7 @@ func (m *SQLManager) AddKeySet(set string, keys *jose.JsonWebKeySet) error { return nil } -func (m *SQLManager) GetKey(set, kid string) (*jose.JsonWebKeySet, error) { +func (m *SQLManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error) { var d sqlData if err := m.DB.Get(&d, m.DB.Rebind("SELECT * FROM hydra_jwk WHERE sid=? AND kid=?"), set, kid); err == sql.ErrNoRows { return nil, errors.Wrap(pkg.ErrNotFound, "") @@ -132,17 +132,17 @@ func (m *SQLManager) GetKey(set, kid string) (*jose.JsonWebKeySet, error) { return nil, errors.WithStack(err) } - var c jose.JsonWebKey + var c jose.JSONWebKey if err := json.Unmarshal(key, &c); err != nil { return nil, errors.WithStack(err) } - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{c}, + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{c}, }, nil } -func (m *SQLManager) GetKeySet(set string) (*jose.JsonWebKeySet, error) { +func (m *SQLManager) GetKeySet(set string) (*jose.JSONWebKeySet, error) { var ds []sqlData if err := m.DB.Select(&ds, m.DB.Rebind("SELECT * FROM hydra_jwk WHERE sid=?"), set); err == sql.ErrNoRows { return nil, errors.Wrap(pkg.ErrNotFound, "") @@ -154,14 +154,14 @@ func (m *SQLManager) GetKeySet(set string) (*jose.JsonWebKeySet, error) { return nil, errors.Wrap(pkg.ErrNotFound, "") } - keys := &jose.JsonWebKeySet{Keys: []jose.JsonWebKey{}} + keys := &jose.JSONWebKeySet{Keys: []jose.JSONWebKey{}} for _, d := range ds { key, err := m.Cipher.Decrypt(d.Key) if err != nil { return nil, errors.WithStack(err) } - var c jose.JsonWebKey + var c jose.JSONWebKey if err := json.Unmarshal(key, &c); err != nil { return nil, errors.WithStack(err) } diff --git a/jwk/manager_test.go b/jwk/manager_test.go index 3f4e3ec3844..1210c0ab398 100644 --- a/jwk/manager_test.go +++ b/jwk/manager_test.go @@ -56,9 +56,7 @@ func TestManagerKey(t *testing.T) { ks, _ := testGenerator.Generate("") for name, m := range managers { - t.Run(fmt.Sprintf("case=%s", name), func(t *testing.T) { - TestHelperManagerKey(m, ks)(t) - }) + t.Run(fmt.Sprintf("case=%s", name), TestHelperManagerKey(m, ks)) } } @@ -67,8 +65,6 @@ func TestManagerKeySet(t *testing.T) { ks.Key("private") for name, m := range managers { - t.Run(fmt.Sprintf("case=%s", name), func(t *testing.T) { - TestHelperManagerKeySet(m, ks)(t) - }) + t.Run(fmt.Sprintf("case=%s", name), TestHelperManagerKeySet(m, ks)) } } diff --git a/jwk/manager_test_helpers.go b/jwk/manager_test_helpers.go index e62df5b618b..da2ec35bee1 100644 --- a/jwk/manager_test_helpers.go +++ b/jwk/manager_test_helpers.go @@ -19,11 +19,12 @@ func RandomBytes(n int) ([]byte, error) { return bytes, nil } -func TestHelperManagerKey(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T) { +func TestHelperManagerKey(m Manager, keys *jose.JSONWebKeySet) func(t *testing.T) { pub := keys.Key("public") priv := keys.Key("private") return func(t *testing.T) { + t.Parallel() _, err := m.GetKey("faz", "baz") assert.NotNil(t, err) @@ -53,8 +54,9 @@ func TestHelperManagerKey(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T } } -func TestHelperManagerKeySet(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T) { +func TestHelperManagerKeySet(m Manager, keys *jose.JSONWebKeySet) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() _, err := m.GetKeySet("foo") require.Error(t, err) diff --git a/oauth2/consent_manager_sql_test.go b/oauth2/consent_manager_sql_test.go index a7fdfb9b17c..7bb023d4341 100644 --- a/oauth2/consent_manager_sql_test.go +++ b/oauth2/consent_manager_sql_test.go @@ -9,6 +9,7 @@ import ( ) func TestConsentRequestSqlDataTransforms(t *testing.T) { + t.Parallel() for _, tc := range []struct { d string r *ConsentRequest diff --git a/oauth2/fosite_store_test.go b/oauth2/fosite_store_test.go index 2d50dd39472..ef728c268ba 100644 --- a/oauth2/fosite_store_test.go +++ b/oauth2/fosite_store_test.go @@ -64,30 +64,35 @@ func connectToMySQL() { } func TestCreateGetDeleteAuthorizeCodes(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperCreateGetDeleteAuthorizeCodes(m)) } } func TestCreateGetDeleteAccessTokenSession(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperCreateGetDeleteAccessTokenSession(m)) } } func TestCreateGetDeleteOpenIDConnectSession(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperCreateGetDeleteOpenIDConnectSession(m)) } } func TestCreateGetDeleteRefreshTokenSession(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperCreateGetDeleteRefreshTokenSession(m)) } } func TestRevokeRefreshToken(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperRevokeRefreshToken(m)) } diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go index 26b15762189..9fa7df5f6fa 100644 --- a/oauth2/handler_test.go +++ b/oauth2/handler_test.go @@ -70,7 +70,7 @@ func (s *FakeConsentStrategy) CreateConsentRequest(authorizeRequest fosite.Autho func TestIssuerRedirect(t *testing.T) { storage := storage.NewExampleStore() - secret := []byte("my super secret password") + secret := []byte("my super secret password password password password") config := compose.Config{} privateKey, _ := rsa.GenerateKey(rand.Reader, 2048) diff --git a/oauth2/oauth2_test.go b/oauth2/oauth2_test.go index 3418caaadb3..0b405b8f5ab 100644 --- a/oauth2/oauth2_test.go +++ b/oauth2/oauth2_test.go @@ -43,7 +43,7 @@ var handler = &Handler{ fc, store, &compose.CommonStrategy{ - CoreStrategy: compose.NewOAuth2HMACStrategy(fc, []byte("some super secret secret")), + CoreStrategy: compose.NewOAuth2HMACStrategy(fc, []byte("some super secret secret secret secret")), OpenIDConnectTokenStrategy: compose.NewOpenIDConnectStrategy(pkg.MustRSAKey()), }, nil, diff --git a/package.json b/package.json index 87556cc3524..39518f7c88f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ory-hydra-sdk", - "version": "latest", + "version": "0.0.0", "description": "The official JavaScript / NodeJS SDK for ORY Hydra.", "license": "Apache 2.0", "main": "sdk/js/swagger/src/index.js", diff --git a/rand/numeric/int.go b/rand/numeric/int.go deleted file mode 100644 index 15b169c9456..00000000000 --- a/rand/numeric/int.go +++ /dev/null @@ -1,52 +0,0 @@ -package numeric - -import ( - "bytes" - "crypto/rand" - "encoding/binary" - "io" -) - -var ( - rander = rand.Reader // random function - r = make([]byte, 8) -) - -// Int64 creates a random 64 bit integer using crypto.rand -func Int64() (i int64) { - randomBits(r) - buf := bytes.NewBuffer(r) - binary.Read(buf, binary.LittleEndian, &i) - return i -} - -// UInt64 creates a random 64 bit unsigned integer using crypto.rand -func UInt64() (i uint64) { - randomBits(r) - buf := bytes.NewBuffer(r) - binary.Read(buf, binary.LittleEndian, &i) - return i -} - -// Int32 creates a random 32 bit integer using crypto.rand -func Int32() (i int32) { - randomBits(r) - buf := bytes.NewBuffer(r) - binary.Read(buf, binary.LittleEndian, &i) - return i -} - -// UInt32 creates a random 32 bit unsigned integer using crypto.rand -func UInt32() (i uint32) { - randomBits(r) - buf := bytes.NewBuffer(r) - binary.Read(buf, binary.LittleEndian, &i) - return i -} - -// randomBits completely fills slice b with random data. -func randomBits(b []byte) { - if _, err := io.ReadFull(rander, b); err != nil { - panic(err.Error()) // rand should never fail - } -} diff --git a/rand/numeric/int_test.go b/rand/numeric/int_test.go deleted file mode 100644 index be889ab011f..00000000000 --- a/rand/numeric/int_test.go +++ /dev/null @@ -1,113 +0,0 @@ -package numeric - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestInt64(t *testing.T) { - seq := Int64() - assert.NotEmpty(t, seq) -} - -func TestInt32(t *testing.T) { - seq := Int32() - assert.NotEmpty(t, seq) -} - -func TestUInt64(t *testing.T) { - seq := UInt64() - assert.NotEmpty(t, seq) -} - -func TestUInt32(t *testing.T) { - seq := UInt32() - assert.NotEmpty(t, seq) -} - -func TestInt64IsUnique(t *testing.T) { - if testing.Short() { - t.SkipNow() - } - - // Probability of collision is around 1 in a million - times := 6000000 - s := make(map[int64]bool) - - for i := 0; i < times; i++ { - k := Int64() - _, ok := s[k] - assert.False(t, ok) - if ok { - return - } - s[k] = true - } -} - -func TestUInt64IsUnique(t *testing.T) { - if testing.Short() { - t.SkipNow() - } - - // Probability of collision is around 1 in a million - times := 6000000 - s := make(map[uint64]bool) - - for i := 0; i < times; i++ { - k := UInt64() - _, ok := s[k] - assert.False(t, ok) - if ok { - return - } - s[k] = true - } -} - -func TestInt32IsUnique(t *testing.T) { - if testing.Short() { - t.SkipNow() - } - - // Probability of collision is around 1 in 1000 - times := 3000 - s := make(map[int32]bool) - - for i := 0; i < times; i++ { - k := Int32() - _, ok := s[k] - assert.False(t, ok) - if ok { - return - } - s[k] = true - } -} - -func TestUInt32IsUnique(t *testing.T) { - if testing.Short() { - t.SkipNow() - } - - // Probability of collision is around 1 in 1000 - times := 3000 - s := make(map[uint32]bool) - - for i := 0; i < times; i++ { - k := UInt32() - _, ok := s[k] - assert.False(t, ok) - if ok { - return - } - s[k] = true - } -} - -func BenchmarkTestInt64(b *testing.B) { - for i := 0; i < b.N; i++ { - _ = Int64() - } -} diff --git a/scripts/run-deploy.sh b/scripts/run-deploy.sh index 855560177ea..d75d17bdb76 100755 --- a/scripts/run-deploy.sh +++ b/scripts/run-deploy.sh @@ -2,7 +2,5 @@ set -euo pipefail -if [ "${TRAVIS_TAG}" != "" ]; then - gox -ldflags "-X github.com/ory/hydra/cmd.Version=`git describe --tags` -X github.com/ory/hydra/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/hydra/cmd.GitHash=`git rev-parse HEAD`" -output "dist/{{.Dir}}-{{.OS}}-{{.Arch}}"; - npm version -f --no-git-tag-version $(git describe --tag); -fi +gox -ldflags "-X github.com/ory/hydra/cmd.Version=`git describe --tags` -X github.com/ory/hydra/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/hydra/cmd.GitHash=`git rev-parse HEAD`" -output "dist/{{.Dir}}-{{.OS}}-{{.Arch}}"; +npm version -f --no-git-tag-version $(git describe --tag); diff --git a/scripts/run-gensdk.sh b/scripts/run-gensdk.sh index 47783cad1db..23ba8ac078b 100755 --- a/scripts/run-gensdk.sh +++ b/scripts/run-gensdk.sh @@ -16,11 +16,9 @@ java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.j scripts/run-format.sh -git add -A . - git checkout HEAD -- sdk/go/hydra/swagger/configuration.go git checkout HEAD -- sdk/go/hydra/swagger/api_client.go rm -f ./sdk/js/swagger/package.json rm -rf ./sdk/js/swagger/test -npm run prettier \ No newline at end of file +npm run prettier diff --git a/scripts/test-e2e.sh b/scripts/test-e2e.sh index 9446d45e8bb..27ac3e0ab38 100755 --- a/scripts/test-e2e.sh +++ b/scripts/test-e2e.sh @@ -4,6 +4,9 @@ set -euo pipefail cd "$( dirname "${BASH_SOURCE[0]}" )/.." +DATABASE_URL=memory hydra host --dangerous-auto-logon --dangerous-force-http --disable-telemetry & +while ! echo exit | nc 127.0.0.1 4444; do sleep 1; done + hydra clients create --id foobar hydra clients delete foobar curl --header "Authorization: bearer $(hydra token client)" http://localhost:4444/clients diff --git a/scripts/test-sdk.sh b/scripts/test-sdk.sh new file mode 100755 index 00000000000..4bf29e60f4c --- /dev/null +++ b/scripts/test-sdk.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -euo pipefail + +cd "$( dirname "${BASH_SOURCE[0]}" )/.." + +scripts/run-genswag.sh +git add -A +git diff --exit-code + +./scripts/run-gensdk.sh +git add -A +git diff --exit-code diff --git a/sdk/go/hydra/swagger/docs/Handler.md b/sdk/go/hydra/swagger/docs/Handler.md index 77f018750e1..f6f2dc3c0a2 100644 --- a/sdk/go/hydra/swagger/docs/Handler.md +++ b/sdk/go/hydra/swagger/docs/Handler.md @@ -3,7 +3,6 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Generators** | [**map[string]KeyGenerator**](KeyGenerator.md) | | [optional] [default to null] **H** | [**Writer**](Writer.md) | | [optional] [default to null] **Manager** | [**Manager**](Manager.md) | | [optional] [default to null] **W** | [**Firewall**](Firewall.md) | | [optional] [default to null] diff --git a/sdk/go/hydra/swagger/docs/JsonWebKeyApi.md b/sdk/go/hydra/swagger/docs/JsonWebKeyApi.md index 0c5331b344d..f8e2ea227ae 100644 --- a/sdk/go/hydra/swagger/docs/JsonWebKeyApi.md +++ b/sdk/go/hydra/swagger/docs/JsonWebKeyApi.md @@ -18,7 +18,7 @@ Method | HTTP request | Description Generate a new JSON Web Key -This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys::\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` +This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys::\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` ### Parameters diff --git a/sdk/go/hydra/swagger/docs/JsonWebKeySetGeneratorRequest.md b/sdk/go/hydra/swagger/docs/JsonWebKeySetGeneratorRequest.md index 65ef3f75ae6..642a4e4d557 100644 --- a/sdk/go/hydra/swagger/docs/JsonWebKeySetGeneratorRequest.md +++ b/sdk/go/hydra/swagger/docs/JsonWebKeySetGeneratorRequest.md @@ -3,7 +3,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Alg** | **string** | The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" | [default to null] +**Alg** | **string** | The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" | [default to null] **Kid** | **string** | The kid of the key to be created | [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/hydra/swagger/handler.go b/sdk/go/hydra/swagger/handler.go index 14c0e7786a0..83f0c0d7842 100644 --- a/sdk/go/hydra/swagger/handler.go +++ b/sdk/go/hydra/swagger/handler.go @@ -11,8 +11,6 @@ package swagger type Handler struct { - Generators map[string]KeyGenerator `json:"Generators,omitempty"` - H Writer `json:"H,omitempty"` Manager Manager `json:"Manager,omitempty"` diff --git a/sdk/go/hydra/swagger/json_web_key_api.go b/sdk/go/hydra/swagger/json_web_key_api.go index bc15b383d47..e9320135d4e 100644 --- a/sdk/go/hydra/swagger/json_web_key_api.go +++ b/sdk/go/hydra/swagger/json_web_key_api.go @@ -39,7 +39,7 @@ func NewJsonWebKeyApiWithBasePath(basePath string) *JsonWebKeyApi { /** * Generate a new JSON Web Key - * This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` + * This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` * * @param set The set * @param body diff --git a/sdk/go/hydra/swagger/json_web_key_set_generator_request.go b/sdk/go/hydra/swagger/json_web_key_set_generator_request.go index fcf1ec74d16..88e16d16624 100644 --- a/sdk/go/hydra/swagger/json_web_key_set_generator_request.go +++ b/sdk/go/hydra/swagger/json_web_key_set_generator_request.go @@ -12,7 +12,7 @@ package swagger type JsonWebKeySetGeneratorRequest struct { - // The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" + // The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" Alg string `json:"alg"` // The kid of the key to be created diff --git a/sdk/js/swagger/docs/Handler.md b/sdk/js/swagger/docs/Handler.md index ca45bb05dee..ee1689cb759 100644 --- a/sdk/js/swagger/docs/Handler.md +++ b/sdk/js/swagger/docs/Handler.md @@ -3,7 +3,6 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**generators** | [**{String: KeyGenerator}**](KeyGenerator.md) | | [optional] **H** | [**Writer**](Writer.md) | | [optional] **manager** | [**Manager**](Manager.md) | | [optional] **W** | [**Firewall**](Firewall.md) | | [optional] diff --git a/sdk/js/swagger/docs/JsonWebKeyApi.md b/sdk/js/swagger/docs/JsonWebKeyApi.md index 738cb9aba3f..c1ce2a513fd 100644 --- a/sdk/js/swagger/docs/JsonWebKeyApi.md +++ b/sdk/js/swagger/docs/JsonWebKeyApi.md @@ -19,7 +19,7 @@ Method | HTTP request | Description Generate a new JSON Web Key -This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` +This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` ### Example ```javascript diff --git a/sdk/js/swagger/docs/JsonWebKeySetGeneratorRequest.md b/sdk/js/swagger/docs/JsonWebKeySetGeneratorRequest.md index 31d45de88cf..8e53290479e 100644 --- a/sdk/js/swagger/docs/JsonWebKeySetGeneratorRequest.md +++ b/sdk/js/swagger/docs/JsonWebKeySetGeneratorRequest.md @@ -3,7 +3,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**alg** | **String** | The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" | +**alg** | **String** | The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" | **kid** | **String** | The kid of the key to be created | diff --git a/sdk/js/swagger/src/api/JsonWebKeyApi.js b/sdk/js/swagger/src/api/JsonWebKeyApi.js index fea352f5d88..ea2cfc8567f 100644 --- a/sdk/js/swagger/src/api/JsonWebKeyApi.js +++ b/sdk/js/swagger/src/api/JsonWebKeyApi.js @@ -84,7 +84,7 @@ /** * Generate a new JSON Web Key - * This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` + * This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` * @param {String} set The set * @param {Object} opts Optional parameters * @param {module:model/JsonWebKeySetGeneratorRequest} opts.body diff --git a/sdk/js/swagger/src/model/Handler.js b/sdk/js/swagger/src/model/Handler.js index bb70efcbc26..1cab0e8e0bb 100644 --- a/sdk/js/swagger/src/model/Handler.js +++ b/sdk/js/swagger/src/model/Handler.js @@ -18,13 +18,7 @@ if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. define( - [ - 'ApiClient', - 'model/Firewall', - 'model/KeyGenerator', - 'model/Manager', - 'model/Writer' - ], + ['ApiClient', 'model/Firewall', 'model/Manager', 'model/Writer'], factory ) } else if (typeof module === 'object' && module.exports) { @@ -32,7 +26,6 @@ module.exports = factory( require('../ApiClient'), require('./Firewall'), - require('./KeyGenerator'), require('./Manager'), require('./Writer') ) @@ -44,12 +37,11 @@ root.HydraOAuth2OpenIdConnectServer.Handler = factory( root.HydraOAuth2OpenIdConnectServer.ApiClient, root.HydraOAuth2OpenIdConnectServer.Firewall, - root.HydraOAuth2OpenIdConnectServer.KeyGenerator, root.HydraOAuth2OpenIdConnectServer.Manager, root.HydraOAuth2OpenIdConnectServer.Writer ) } -})(this, function(ApiClient, Firewall, KeyGenerator, Manager, Writer) { +})(this, function(ApiClient, Firewall, Manager, Writer) { 'use strict' /** @@ -78,11 +70,6 @@ if (data) { obj = obj || new exports() - if (data.hasOwnProperty('Generators')) { - obj['Generators'] = ApiClient.convertToType(data['Generators'], { - String: KeyGenerator - }) - } if (data.hasOwnProperty('H')) { obj['H'] = Writer.constructFromObject(data['H']) } @@ -96,10 +83,6 @@ return obj } - /** - * @member {Object.} Generators - */ - exports.prototype['Generators'] = undefined /** * @member {module:model/Writer} H */ diff --git a/sdk/js/swagger/src/model/JsonWebKeySetGeneratorRequest.js b/sdk/js/swagger/src/model/JsonWebKeySetGeneratorRequest.js index 1e3fd75be9b..dba4bf67354 100644 --- a/sdk/js/swagger/src/model/JsonWebKeySetGeneratorRequest.js +++ b/sdk/js/swagger/src/model/JsonWebKeySetGeneratorRequest.js @@ -43,7 +43,7 @@ * Constructs a new JsonWebKeySetGeneratorRequest. * @alias module:model/JsonWebKeySetGeneratorRequest * @class - * @param alg {String} The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" + * @param alg {String} The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" * @param kid {String} The kid of the key to be created */ var exports = function(alg, kid) { @@ -75,7 +75,7 @@ } /** - * The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" + * The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" * @member {String} alg */ exports.prototype['alg'] = undefined diff --git a/warden/group/manager_test_helper.go b/warden/group/manager_test_helper.go index 98d116876cc..8b017ba9cea 100644 --- a/warden/group/manager_test_helper.go +++ b/warden/group/manager_test_helper.go @@ -9,6 +9,8 @@ import ( func TestHelperManagers(m Manager) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() + _, err := m.GetGroup("4321") assert.NotNil(t, err) diff --git a/yarn.lock b/yarn.lock index 40b8a7c829f..eba00a66a0a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -12,14 +12,6 @@ combined-stream@^1.0.5: dependencies: delayed-stream "~1.0.0" -commander@0.6.1: - version "0.6.1" - resolved "https://registry.yarnpkg.com/commander/-/commander-0.6.1.tgz#fa68a14f6a945d54dbbe50d8cdb3320e9e3b1a06" - -commander@2.3.0: - version "2.3.0" - resolved "https://registry.yarnpkg.com/commander/-/commander-2.3.0.tgz#fd430e889832ec353b9acd1de217c11cb3eef873" - component-emitter@^1.2.0: version "1.2.1" resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.2.1.tgz#137918d6d78283f7df7a6b7c5a63e140e69425e6" @@ -32,12 +24,6 @@ core-util-is@~1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7" -debug@2.2.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/debug/-/debug-2.2.0.tgz#f87057e995b1a1f6ae6a4960664137bc56f039da" - dependencies: - ms "0.7.1" - debug@^2.2.0: version "2.6.9" resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" @@ -48,18 +34,6 @@ delayed-stream@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" -diff@1.4.0: - version "1.4.0" - resolved "https://registry.yarnpkg.com/diff/-/diff-1.4.0.tgz#7f28d2eb9ee7b15a97efd89ce63dcfdaa3ccbabf" - -escape-string-regexp@1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.2.tgz#4dbc2fe674e71949caf3fb2695ce7f2dc1d9a8d1" - -expect.js@~0.3.1: - version "0.3.1" - resolved "https://registry.yarnpkg.com/expect.js/-/expect.js-0.3.1.tgz#b0a59a0d2eff5437544ebf0ceaa6015841d09b5b" - extend@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.1.tgz#a755ea7bc1adfcc5a31ce7e762dbaadc5e636444" @@ -72,59 +46,18 @@ form-data@^2.1.1: combined-stream "^1.0.5" mime-types "^2.1.12" -formatio@1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/formatio/-/formatio-1.1.1.tgz#5ed3ccd636551097383465d996199100e86161e9" - dependencies: - samsam "~1.1" - formidable@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/formidable/-/formidable-1.1.1.tgz#96b8886f7c3c3508b932d6bd70c4d3a88f35f1a9" -glob@3.2.3: - version "3.2.3" - resolved "https://registry.yarnpkg.com/glob/-/glob-3.2.3.tgz#e313eeb249c7affaa5c475286b0e115b59839467" - dependencies: - graceful-fs "~2.0.0" - inherits "2" - minimatch "~0.2.11" - -graceful-fs@~2.0.0: - version "2.0.3" - resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-2.0.3.tgz#7cd2cdb228a4a3f36e95efa6cc142de7d1a136d0" - -growl@1.8.1: - version "1.8.1" - resolved "https://registry.yarnpkg.com/growl/-/growl-1.8.1.tgz#4b2dec8d907e93db336624dcec0183502f8c9428" - -inherits@2, inherits@~2.0.3: +inherits@~2.0.3: version "2.0.3" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de" -inherits@2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.1.tgz#b17d08d326b4423e568eff719f91b0b1cbdf69f1" - isarray@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" -jade@0.26.3: - version "0.26.3" - resolved "https://registry.yarnpkg.com/jade/-/jade-0.26.3.tgz#8f10d7977d8d79f2f6ff862a81b0513ccb25686c" - dependencies: - commander "0.6.1" - mkdirp "0.3.0" - -lolex@1.3.2: - version "1.3.2" - resolved "https://registry.yarnpkg.com/lolex/-/lolex-1.3.2.tgz#7c3da62ffcb30f0f5a80a2566ca24e45d8a01f31" - -lru-cache@2: - version "2.7.3" - resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-2.7.3.tgz#6d4524e8b955f95d4f5b58851ce21dd72fb4e952" - methods@^1.1.1: version "1.1.2" resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee" @@ -143,45 +76,6 @@ mime@^1.3.4: version "1.4.1" resolved "https://registry.yarnpkg.com/mime/-/mime-1.4.1.tgz#121f9ebc49e3766f311a76e1fa1c8003c4b03aa6" -minimatch@~0.2.11: - version "0.2.14" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-0.2.14.tgz#c74e780574f63c6f9a090e90efbe6ef53a6a756a" - dependencies: - lru-cache "2" - sigmund "~1.0.0" - -minimist@0.0.8: - version "0.0.8" - resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d" - -mkdirp@0.3.0: - version "0.3.0" - resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.3.0.tgz#1bbf5ab1ba827af23575143490426455f481fe1e" - -mkdirp@0.5.0: - version "0.5.0" - resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.0.tgz#1d73076a6df986cd9344e15e71fcc05a4c9abf12" - dependencies: - minimist "0.0.8" - -mocha@~2.3.4: - version "2.3.4" - resolved "https://registry.yarnpkg.com/mocha/-/mocha-2.3.4.tgz#8629a6fb044f2d225aa4b81a2ae2d001699eb266" - dependencies: - commander "2.3.0" - debug "2.2.0" - diff "1.4.0" - escape-string-regexp "1.0.2" - glob "3.2.3" - growl "1.8.1" - jade "0.26.3" - mkdirp "0.5.0" - supports-color "1.2.0" - -ms@0.7.1: - version "0.7.1" - resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.1.tgz#9cd13c03adbff25b65effde7ce864ee952017098" - ms@2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" @@ -214,27 +108,6 @@ safe-buffer@~5.1.0, safe-buffer@~5.1.1: version "5.1.1" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" -samsam@1.1.2: - version "1.1.2" - resolved "https://registry.yarnpkg.com/samsam/-/samsam-1.1.2.tgz#bec11fdc83a9fda063401210e40176c3024d1567" - -samsam@~1.1: - version "1.1.3" - resolved "https://registry.yarnpkg.com/samsam/-/samsam-1.1.3.tgz#9f5087419b4d091f232571e7fa52e90b0f552621" - -sigmund@~1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/sigmund/-/sigmund-1.0.1.tgz#3ff21f198cad2175f9f3b781853fd94d0d19b590" - -sinon@1.17.3: - version "1.17.3" - resolved "https://registry.yarnpkg.com/sinon/-/sinon-1.17.3.tgz#44d64bc748d023880046c1543cefcea34c47d17e" - dependencies: - formatio "1.1.1" - lolex "1.3.2" - samsam "1.1.2" - util ">=0.10.3 <1" - string_decoder@~1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.0.3.tgz#0fc67d7c141825de94282dd536bec6b9bce860ab" @@ -256,16 +129,6 @@ superagent@3.5.2: qs "^6.1.0" readable-stream "^2.0.5" -supports-color@1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-1.2.0.tgz#ff1ed1e61169d06b3cf2d588e188b18d8847e17e" - util-deprecate@~1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" - -"util@>=0.10.3 <1": - version "0.10.3" - resolved "https://registry.yarnpkg.com/util/-/util-0.10.3.tgz#7afb1afe50805246489e3db7fe0ed379336ac0f9" - dependencies: - inherits "2.0.1"