From ca948d31e8bf61b26fdc2c6354d5df81f1462fed Mon Sep 17 00:00:00 2001 From: arekkas Date: Wed, 25 Oct 2017 14:22:45 +0200 Subject: [PATCH 1/9] tests: run database tests in parallel Closes #617 --- client/manager_test_helpers.go | 3 +++ jwk/manager_test.go | 8 ++------ jwk/manager_test_helpers.go | 2 ++ oauth2/consent_manager_sql_test.go | 1 + oauth2/fosite_store_test.go | 5 +++++ warden/group/manager_test_helper.go | 2 ++ 6 files changed, 15 insertions(+), 6 deletions(-) diff --git a/client/manager_test_helpers.go b/client/manager_test_helpers.go index 3291c7c9c48..de1992ee092 100644 --- a/client/manager_test_helpers.go +++ b/client/manager_test_helpers.go @@ -10,6 +10,7 @@ import ( func TestHelperClientAutoGenerateKey(k string, m Storage) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() c := &Client{ Secret: "secret", RedirectURIs: []string{"http://redirect"}, @@ -23,6 +24,7 @@ func TestHelperClientAutoGenerateKey(k string, m Storage) func(t *testing.T) { func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() m.CreateClient(&Client{ ID: "1234321", Secret: "secret", @@ -40,6 +42,7 @@ func TestHelperClientAuthenticate(k string, m Manager) func(t *testing.T) { func TestHelperCreateGetDeleteClient(k string, m Storage) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() _, err := m.GetClient(nil, "4321") assert.NotNil(t, err) diff --git a/jwk/manager_test.go b/jwk/manager_test.go index 3f4e3ec3844..1210c0ab398 100644 --- a/jwk/manager_test.go +++ b/jwk/manager_test.go @@ -56,9 +56,7 @@ func TestManagerKey(t *testing.T) { ks, _ := testGenerator.Generate("") for name, m := range managers { - t.Run(fmt.Sprintf("case=%s", name), func(t *testing.T) { - TestHelperManagerKey(m, ks)(t) - }) + t.Run(fmt.Sprintf("case=%s", name), TestHelperManagerKey(m, ks)) } } @@ -67,8 +65,6 @@ func TestManagerKeySet(t *testing.T) { ks.Key("private") for name, m := range managers { - t.Run(fmt.Sprintf("case=%s", name), func(t *testing.T) { - TestHelperManagerKeySet(m, ks)(t) - }) + t.Run(fmt.Sprintf("case=%s", name), TestHelperManagerKeySet(m, ks)) } } diff --git a/jwk/manager_test_helpers.go b/jwk/manager_test_helpers.go index e62df5b618b..30f312dd8ea 100644 --- a/jwk/manager_test_helpers.go +++ b/jwk/manager_test_helpers.go @@ -24,6 +24,7 @@ func TestHelperManagerKey(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T priv := keys.Key("private") return func(t *testing.T) { + t.Parallel() _, err := m.GetKey("faz", "baz") assert.NotNil(t, err) @@ -55,6 +56,7 @@ func TestHelperManagerKey(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T func TestHelperManagerKeySet(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() _, err := m.GetKeySet("foo") require.Error(t, err) diff --git a/oauth2/consent_manager_sql_test.go b/oauth2/consent_manager_sql_test.go index a7fdfb9b17c..7bb023d4341 100644 --- a/oauth2/consent_manager_sql_test.go +++ b/oauth2/consent_manager_sql_test.go @@ -9,6 +9,7 @@ import ( ) func TestConsentRequestSqlDataTransforms(t *testing.T) { + t.Parallel() for _, tc := range []struct { d string r *ConsentRequest diff --git a/oauth2/fosite_store_test.go b/oauth2/fosite_store_test.go index 2d50dd39472..ef728c268ba 100644 --- a/oauth2/fosite_store_test.go +++ b/oauth2/fosite_store_test.go @@ -64,30 +64,35 @@ func connectToMySQL() { } func TestCreateGetDeleteAuthorizeCodes(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperCreateGetDeleteAuthorizeCodes(m)) } } func TestCreateGetDeleteAccessTokenSession(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperCreateGetDeleteAccessTokenSession(m)) } } func TestCreateGetDeleteOpenIDConnectSession(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperCreateGetDeleteOpenIDConnectSession(m)) } } func TestCreateGetDeleteRefreshTokenSession(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperCreateGetDeleteRefreshTokenSession(m)) } } func TestRevokeRefreshToken(t *testing.T) { + t.Parallel() for k, m := range clientManagers { t.Run(fmt.Sprintf("case=%s", k), TestHelperRevokeRefreshToken(m)) } diff --git a/warden/group/manager_test_helper.go b/warden/group/manager_test_helper.go index 98d116876cc..8b017ba9cea 100644 --- a/warden/group/manager_test_helper.go +++ b/warden/group/manager_test_helper.go @@ -9,6 +9,8 @@ import ( func TestHelperManagers(m Manager) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() + _, err := m.GetGroup("4321") assert.NotNil(t, err) From 2f3c40966d920d6d53878e8a00d055e1577baacb Mon Sep 17 00:00:00 2001 From: arekkas Date: Wed, 25 Oct 2017 16:46:28 +0200 Subject: [PATCH 2/9] integration: use postgres and add consent manager test --- integration/sql_schema_test.go | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/integration/sql_schema_test.go b/integration/sql_schema_test.go index aba091161a1..bf86b43cef3 100644 --- a/integration/sql_schema_test.go +++ b/integration/sql_schema_test.go @@ -25,12 +25,13 @@ func TestSQLSchema(t *testing.T) { p1 := ks.Key("private") r := fosite.NewRequest() r.ID = "foo" - db := ConnectToMySQL() + db := ConnectToPostgres() cm := &client.SQLManager{DB: db, Hasher: &fosite.BCrypt{}} gm := group.SQLManager{DB: db} jm := jwk.SQLManager{DB: db, Cipher: &jwk.AEAD{Key: []byte("11111111111111111111111111111111")}} om := oauth2.FositeSQLStore{Manager: cm, DB: db, L: logrus.New()} + crm := oauth2.NewConsentRequestSQLManager(db) pm := lsql.NewSQLManager(db, nil) _, err := pm.CreateSchemas("", "hydra_ladon_migration") @@ -43,12 +44,15 @@ func TestSQLSchema(t *testing.T) { require.NoError(t, err) _, err = om.CreateSchemas() require.NoError(t, err) + _, err = crm.CreateSchemas() + require.NoError(t, err) - require.Nil(t, jm.AddKey("foo", jwk.First(p1))) - require.Nil(t, pm.Create(&ladon.DefaultPolicy{ID: "foo"})) - require.Nil(t, cm.CreateClient(&client.Client{ID: "foo"})) - require.Nil(t, om.CreateAccessTokenSession(nil, "asdfasdf", r)) - require.Nil(t, gm.CreateGroup(&group.Group{ + require.NoError(t, jm.AddKey("foo", jwk.First(p1))) + require.NoError(t, pm.Create(&ladon.DefaultPolicy{ID: "foo"})) + require.NoError(t, cm.CreateClient(&client.Client{ID: "foo"})) + require.NoError(t, crm.PersistConsentRequest(&oauth2.ConsentRequest{ID: "foo"})) + require.NoError(t, om.CreateAccessTokenSession(nil, "asdfasdf", r)) + require.NoError(t, gm.CreateGroup(&group.Group{ ID: "asdfas", Members: []string{"asdf"}, })) From 9c3c4efde5d7c5cc947ff51502c1536759d23f21 Mon Sep 17 00:00:00 2001 From: arekkas Date: Wed, 25 Oct 2017 10:45:21 +0200 Subject: [PATCH 3/9] jwk: use cryptopasta library --- jwk/aead.go | 46 +++++++++--------------------------------- jwk/generator_hs256.go | 24 +++++++++------------- 2 files changed, 20 insertions(+), 50 deletions(-) diff --git a/jwk/aead.go b/jwk/aead.go index bc073b26d2b..ac1c01eb3e0 100644 --- a/jwk/aead.go +++ b/jwk/aead.go @@ -1,13 +1,9 @@ package jwk import ( - "crypto/aes" - "crypto/cipher" - "crypto/rand" "encoding/base64" - "io" - "github.com/pkg/errors" + "github.com/gtank/cryptopasta" ) type AEAD struct { @@ -15,29 +11,19 @@ type AEAD struct { } func (c *AEAD) Encrypt(plaintext []byte) (string, error) { - // The key argument should be the AES key, either 16 or 32 bytes - // to select AES-128 or AES-256. if len(c.Key) < 32 { - return "", errors.Errorf("Key must be longer 32 bytes, got %d bytes", len(c.Key)) - } - - block, err := aes.NewCipher(c.Key[:32]) - if err != nil { - return "", errors.WithStack(err) + return "", errors.Errorf("Key must be 32 bytes, got %d bytes", len(c.Key)) } - nonce := make([]byte, 12) - if _, err := io.ReadFull(rand.Reader, nonce); err != nil { - return "", errors.WithStack(err) - } + var key [32]byte + copy(key[:], c.Key[:32]) - aesgcm, err := cipher.NewGCM(block) + ciphertext, err := cryptopasta.Encrypt(plaintext, &key) if err != nil { return "", errors.WithStack(err) } - ciphertext := aesgcm.Seal(nil, nonce, plaintext, nil) - return base64.URLEncoding.EncodeToString(append(ciphertext, nonce...)), nil + return base64.URLEncoding.EncodeToString(ciphertext), nil } func (c *AEAD) Decrypt(ciphertext string) ([]byte, error) { @@ -45,26 +31,14 @@ func (c *AEAD) Decrypt(ciphertext string) ([]byte, error) { return []byte{}, errors.Errorf("Key must be longer 32 bytes, got %d bytes", len(c.Key)) } - raw, err := base64.URLEncoding.DecodeString(ciphertext) - if err != nil { - return []byte{}, errors.WithStack(err) - } - - n := len(raw) - block, err := aes.NewCipher(c.Key) - if err != nil { - return []byte{}, errors.WithStack(err) - } - - aesgcm, err := cipher.NewGCM(block) - if err != nil { - return []byte{}, errors.WithStack(err) - } + var key [32]byte + copy(key[:], c.Key[:32]) - plaintext, err := aesgcm.Open(nil, raw[n-12:n], raw[:n-12], nil) + raw, err := base64.URLEncoding.DecodeString(ciphertext) if err != nil { return []byte{}, errors.WithStack(err) } + plaintext, err := cryptopasta.Decrypt(raw, &key) return plaintext, nil } diff --git a/jwk/generator_hs256.go b/jwk/generator_hs256.go index ff9615c09c7..ea2c31b6d3e 100644 --- a/jwk/generator_hs256.go +++ b/jwk/generator_hs256.go @@ -2,35 +2,31 @@ package jwk import ( "crypto/x509" - - "github.com/ory/hydra/rand/sequence" "github.com/pkg/errors" "github.com/square/go-jose" + "io" + "crypto/rand" ) type HS256Generator struct { - Length int } func (g *HS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { - if g.Length < 12 { - g.Length = 12 - } - - if id == "" { - id = "shared" - } - - key, err := sequence.RuneSequence(g.Length, []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,.-;:_#+*!ยง$%&/()=?}][{<>")) + // Taken from NewHMACKey + key := &[32]byte{} + _, err := io.ReadFull(rand.Reader, key[:]) if err != nil { - return nil, errors.Errorf("Could not generate key because %s", err) + return nil, errors.WithStack(err) } + var sliceKey []byte + copy(sliceKey, key[:]) + return &jose.JsonWebKeySet{ Keys: []jose.JsonWebKey{ { Algorithm: "HS256", - Key: []byte(string(key)), + Key: sliceKey, KeyID: id, Certificates: []*x509.Certificate{}, }, From fe222ac3f2836348ea131d8fe87591984a72a419 Mon Sep 17 00:00:00 2001 From: aeneasr Date: Wed, 25 Oct 2017 13:13:26 +0200 Subject: [PATCH 4/9] vendor: update to jwk-go 0.3 and replace glide with dep Closes #631 --- .travis.yml | 28 +- Dockerfile | 12 +- Dockerfile-automigrate | 10 +- Dockerfile-demo | 10 +- Dockerfile-http | 10 +- Dockerfile-without-telemetry | 10 +- Gopkg.lock | 435 +++++++++++++++++++++++++++ Gopkg.toml | 146 +++++++++ README.md | 12 +- cmd/server/helper_cert.go | 4 +- docs/api.swagger.json | 8 +- glide.lock | 247 --------------- glide.yaml | 80 ----- jwk/aead.go | 3 +- jwk/cast.go | 8 +- jwk/generator.go | 2 +- jwk/generator_ecdsa256.go | 6 +- jwk/generator_ecdsa521.go | 6 +- jwk/generator_hs256.go | 17 +- jwk/generator_rs256.go | 6 +- jwk/generator_test.go | 14 +- jwk/handler.go | 10 +- jwk/handler_test.go | 4 +- jwk/helper.go | 2 +- jwk/manager.go | 8 +- jwk/manager_memory.go | 18 +- jwk/manager_sql.go | 18 +- jwk/manager_test_helpers.go | 4 +- oauth2/handler_test.go | 2 +- oauth2/oauth2_test.go | 2 +- package.json | 2 +- sdk/go/hydra/swagger/docs/Handler.md | 1 - sdk/go/hydra/swagger/handler.go | 2 - sdk/js/swagger/docs/Handler.md | 1 - sdk/js/swagger/src/model/Handler.js | 21 +- 35 files changed, 697 insertions(+), 472 deletions(-) create mode 100644 Gopkg.lock create mode 100644 Gopkg.toml delete mode 100644 glide.lock delete mode 100644 glide.yaml diff --git a/.travis.yml b/.travis.yml index 4332b0f550b..2c20f819723 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,39 +1,33 @@ sudo: required -go_import_path: github.com/ory/hydra +language: go -cache: - directories: - - ./vendor/ +go: + - 1.9 -before_cache: +go_import_path: github.com/ory/hydra services: - docker env: - - DOCKER_BIND_LOCALHOST=true DATABASE_URL=memory - -language: go - -go: - - 1.9 + - DOCKER_BIND_LOCALHOST=true DATABASE_URL=memory DEP_VERSION="0.3.2" before_install: + - curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep + - chmod +x $GOPATH/bin/dep - sudo apt-get install curl install: - - go get -u github.com/go-swagger/go-swagger/cmd/swagger github.com/bradfitz/goimports github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/Masterminds/glide github.com/mitchellh/gox github.com/ory/go-acc + - go get -u github.com/go-swagger/go-swagger/cmd/swagger github.com/bradfitz/goimports github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/mitchellh/gox github.com/ory/go-acc - git clone https://github.com/docker-library/official-images.git ~/official-images - - glide install - - go install github.com/ory/hydra - - glide update + - dep ensure - go install github.com/ory/hydra script: - ./scripts/test-format.sh - - go-acc -o coverage.txt $(glide novendor) - - go test -race -short $(glide novendor | grep -v cmd) + - go-acc -o coverage.txt ./... + - go test -race -short $(go list ./... | grep -v cmd) - docker build -t hydra-travis-ci -f Dockerfile-without-telemetry . - docker run -d hydra-travis-ci - DATABASE_URL=memory hydra host --dangerous-auto-logon --dangerous-force-http --disable-telemetry & diff --git a/Dockerfile b/Dockerfile index 5a6f4384420..a46766304a2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,18 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +RUN dep ensure ADD . . RUN go install . ENTRYPOINT /go/bin/hydra host -EXPOSE 4444 \ No newline at end of file +EXPOSE 4444 diff --git a/Dockerfile-automigrate b/Dockerfile-automigrate index 7870063ba65..3a7de5617c0 100644 --- a/Dockerfile-automigrate +++ b/Dockerfile-automigrate @@ -1,12 +1,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +RUN dep ensure ADD . . RUN go install . diff --git a/Dockerfile-demo b/Dockerfile-demo index 888f5cd5b55..3ac4327351e 100644 --- a/Dockerfile-demo +++ b/Dockerfile-demo @@ -1,12 +1,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +RUN dep ensure ADD . . RUN go install . diff --git a/Dockerfile-http b/Dockerfile-http index 577cb23e49f..e50aca2e322 100644 --- a/Dockerfile-http +++ b/Dockerfile-http @@ -1,12 +1,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +RUN dep ensure ADD . . RUN go install . diff --git a/Dockerfile-without-telemetry b/Dockerfile-without-telemetry index d51d6ff6448..b35c890ffc8 100644 --- a/Dockerfile-without-telemetry +++ b/Dockerfile-without-telemetry @@ -1,12 +1,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base -RUN go get github.com/Masterminds/glide +ENV DEP_VERSION 0.3.2 +RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN chmod +x $GOPATH/bin/dep + WORKDIR /go/src/github.com/ory/hydra -ADD ./glide.yaml ./glide.yaml -ADD ./glide.lock ./glide.lock -RUN glide install --skip-test -v +ADD ./Gopkg.lock ./Gopkg.lock +RUN dep ensure ADD . . RUN go install . diff --git a/Gopkg.lock b/Gopkg.lock new file mode 100644 index 00000000000..9a382e49c41 --- /dev/null +++ b/Gopkg.lock @@ -0,0 +1,435 @@ +# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. + + +[[projects]] + branch = "master" + name = "github.com/Azure/go-ansiterm" + packages = [".","winterm"] + revision = "d6e3b3328b783f23731bc4d058875b0371ff8109" + +[[projects]] + name = "github.com/Microsoft/go-winio" + packages = ["."] + revision = "78439966b38d69bf38227fbf57ac8a6fee70f69a" + version = "v0.4.5" + +[[projects]] + branch = "master" + name = "github.com/Nvveen/Gotty" + packages = ["."] + revision = "cd527374f1e5bff4938207604a14f2e38a9cf512" + +[[projects]] + name = "github.com/asaskevich/govalidator" + packages = ["."] + revision = "73945b6115bfbbcc57d89b7316e28109364124e1" + version = "v7" + +[[projects]] + name = "github.com/cenk/backoff" + packages = ["."] + revision = "61153c768f31ee5f130071d08fc82b85208528de" + version = "v1.1.0" + +[[projects]] + branch = "master" + name = "github.com/containerd/continuity" + packages = ["pathdriver"] + revision = "1bed1ecb1dc42d8f4d2ac8c23e5cac64749e82c9" + +[[projects]] + name = "github.com/davecgh/go-spew" + packages = ["spew"] + revision = "346938d642f2ec3594ed81d874461961cd0faa76" + version = "v1.1.0" + +[[projects]] + name = "github.com/dgrijalva/jwt-go" + packages = ["."] + revision = "dbeaa9332f19a944acb5736b4456cfcc02140e29" + version = "v3.1.0" + +[[projects]] + branch = "master" + name = "github.com/docker/docker" + packages = ["api/types","api/types/blkiodev","api/types/container","api/types/filters","api/types/mount","api/types/network","api/types/registry","api/types/strslice","api/types/swarm","api/types/swarm/runtime","api/types/versions","opts","pkg/archive","pkg/fileutils","pkg/homedir","pkg/idtools","pkg/ioutils","pkg/jsonmessage","pkg/longpath","pkg/mount","pkg/pools","pkg/stdcopy","pkg/system","pkg/term","pkg/term/windows"] + revision = "d85f5e73203a1f8537b7db02e1eadcb6d75798b2" + +[[projects]] + name = "github.com/docker/go-connections" + packages = ["nat"] + revision = "3ede32e2033de7505e6500d6c868c2b9ed9f169d" + version = "v0.3.0" + +[[projects]] + name = "github.com/docker/go-units" + packages = ["."] + revision = "0dadbb0345b35ec7ef35e228dabb8de89a65bf52" + version = "v0.3.2" + +[[projects]] + name = "github.com/fsnotify/fsnotify" + packages = ["."] + revision = "629574ca2a5df945712d3079857300b5e4da0236" + version = "v1.4.2" + +[[projects]] + branch = "master" + name = "github.com/fsouza/go-dockerclient" + packages = ["."] + revision = "5c271fbf9db00b7011f28131e150e29725b8a1a6" + +[[projects]] + name = "github.com/go-resty/resty" + packages = ["."] + revision = "9ac9c42358f7c3c69ac9f8610e8790d7c338e85d" + version = "v1.0" + +[[projects]] + name = "github.com/go-sql-driver/mysql" + packages = ["."] + revision = "a0583e0143b1624142adab07e0e97fe106d99561" + version = "v1.3" + +[[projects]] + name = "github.com/gogo/protobuf" + packages = ["proto"] + revision = "342cbe0a04158f6dcb03ca0079991a51a4248c02" + version = "v0.5" + +[[projects]] + branch = "master" + name = "github.com/golang/protobuf" + packages = ["proto"] + revision = "1643683e1b54a9e88ad26d98f81400c8c9d9f4f9" + +[[projects]] + name = "github.com/gorilla/context" + packages = ["."] + revision = "1ea25387ff6f684839d82767c1733ff4d4d15d0a" + version = "v1.1" + +[[projects]] + name = "github.com/gorilla/securecookie" + packages = ["."] + revision = "667fe4e3466a040b780561fe9b51a83a3753eefc" + version = "v1.1" + +[[projects]] + name = "github.com/gorilla/sessions" + packages = ["."] + revision = "ca9ada44574153444b00d3fd9c8559e4cc95f896" + version = "v1.1" + +[[projects]] + branch = "master" + name = "github.com/gtank/cryptopasta" + packages = ["."] + revision = "1f550f6f2f69009f6ae57347c188e0a67cd4e500" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/golang-lru" + packages = [".","simplelru"] + revision = "0a025b7e63adc15a622f29b0b2c4c3848243bbf6" + +[[projects]] + branch = "master" + name = "github.com/hashicorp/hcl" + packages = [".","hcl/ast","hcl/parser","hcl/scanner","hcl/strconv","hcl/token","json/parser","json/scanner","json/token"] + revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8" + +[[projects]] + name = "github.com/imdario/mergo" + packages = ["."] + revision = "7fe0c75c13abdee74b09fcacef5ea1c6bba6a874" + version = "0.2.4" + +[[projects]] + name = "github.com/inconshreveable/mousetrap" + packages = ["."] + revision = "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75" + version = "v1.0" + +[[projects]] + branch = "master" + name = "github.com/jehiah/go-strftime" + packages = ["."] + revision = "2efbe75097a505e2789f7e39cb9da067b5be8e3e" + +[[projects]] + branch = "master" + name = "github.com/jmoiron/sqlx" + packages = [".","reflectx"] + revision = "3379e5993990b1f927fc8db926485e6f6becf2d2" + +[[projects]] + name = "github.com/julienschmidt/httprouter" + packages = ["."] + revision = "8c199fb6259ffc1af525cc3ad52ee60ba8359669" + version = "v1.1" + +[[projects]] + branch = "master" + name = "github.com/lib/pq" + packages = [".","oid"] + revision = "b609790bd85edf8e9ab7e0f8912750a786177bcf" + +[[projects]] + name = "github.com/magiconair/properties" + packages = ["."] + revision = "be5ece7dd465ab0765a9682137865547526d1dfb" + version = "v1.7.3" + +[[projects]] + branch = "master" + name = "github.com/meatballhat/negroni-logrus" + packages = ["."] + revision = "31067281800f66f57548a7a32d9c6c5f963fef83" + +[[projects]] + branch = "master" + name = "github.com/mitchellh/mapstructure" + packages = ["."] + revision = "06020f85339e21b2478f756a78e295255ffa4d6a" + +[[projects]] + branch = "master" + name = "github.com/mohae/deepcopy" + packages = ["."] + revision = "c48cc78d482608239f6c4c92a4abd87eb8761c90" + +[[projects]] + name = "github.com/oleiade/reflections" + packages = ["."] + revision = "2b6ec3da648e3e834dc41bad8d9ed7f2dc6a9496" + version = "v1.0.0" + +[[projects]] + name = "github.com/opencontainers/go-digest" + packages = ["."] + revision = "279bed98673dd5bef374d3b6e4b09e2af76183bf" + version = "v1.0.0-rc1" + +[[projects]] + name = "github.com/opencontainers/image-spec" + packages = ["specs-go","specs-go/v1"] + revision = "ab7389ef9f50030c9b245bc16b981c7ddf192882" + version = "v1.0.0" + +[[projects]] + name = "github.com/opencontainers/runc" + packages = ["libcontainer/system","libcontainer/user"] + revision = "baf6536d6259209c3edfa2b22237af82942d3dfa" + version = "v0.1.1" + +[[projects]] + name = "github.com/ory/dockertest" + packages = ["."] + revision = "6d57cd43b964e928111542771659af6a3a58521f" + version = "3.0.9" + +[[projects]] + name = "github.com/ory/fosite" + packages = [".","compose","handler/oauth2","handler/openid","storage","token/hmac","token/jwt"] + revision = "ec43e3a05da49d45ebe8a98b28b14f8817c507f4" + version = "v0.13.0" + +[[projects]] + name = "github.com/ory/graceful" + packages = ["."] + revision = "3d30c83329259f53a904d428b38d8cb8fba7bd77" + version = "v0.1.0" + +[[projects]] + name = "github.com/ory/herodot" + packages = ["."] + revision = "5bb399b8a5aa583343a2108e723b990432b4a1b4" + version = "v0.1.1" + +[[projects]] + name = "github.com/ory/ladon" + packages = [".","compiler","manager/memory","manager/sql"] + revision = "306b2e6adf322d429e72ace6be16818dda75f574" + version = "v0.8.2" + +[[projects]] + name = "github.com/pborman/uuid" + packages = ["."] + revision = "e790cca94e6cc75c7064b1332e63811d4aae1a53" + version = "v1.1" + +[[projects]] + name = "github.com/pelletier/go-toml" + packages = ["."] + revision = "16398bac157da96aa88f98a2df640c7f32af1da2" + version = "v1.0.1" + +[[projects]] + name = "github.com/pkg/errors" + packages = ["."] + revision = "645ef00459ed84a119197bfb8d8205042c6df63d" + version = "v0.8.0" + +[[projects]] + name = "github.com/pkg/profile" + packages = ["."] + revision = "5b67d428864e92711fcbd2f8629456121a56d91f" + version = "v1.2.1" + +[[projects]] + name = "github.com/pmezard/go-difflib" + packages = ["difflib"] + revision = "792786c7400a136282c1664665ae0a8db921c6c2" + version = "v1.0.0" + +[[projects]] + branch = "master" + name = "github.com/rubenv/sql-migrate" + packages = [".","sqlparse"] + revision = "79fe99e24311fa42469fb2ca23eb3f8f065e6155" + +[[projects]] + name = "github.com/segmentio/analytics-go" + packages = ["."] + revision = "2d840d861c322bdf5346ba7917af1c2285e653d3" + version = "2.1.1" + +[[projects]] + branch = "master" + name = "github.com/segmentio/backo-go" + packages = ["."] + revision = "204274ad699c0983a70203a566887f17a717fef4" + +[[projects]] + name = "github.com/sirupsen/logrus" + packages = ["."] + revision = "f006c2ac4710855cf0f916dd6b77acf6b048dc6e" + version = "v1.0.3" + +[[projects]] + branch = "master" + name = "github.com/spf13/afero" + packages = [".","mem"] + revision = "5660eeed305fe5f69c8fc6cf899132a459a97064" + +[[projects]] + name = "github.com/spf13/cast" + packages = ["."] + revision = "acbeb36b902d72a7a4c18e8f3241075e7ab763e4" + version = "v1.1.0" + +[[projects]] + name = "github.com/spf13/cobra" + packages = ["."] + revision = "7b2c5ac9fc04fc5efafb60700713d4fa609b777b" + version = "v0.0.1" + +[[projects]] + branch = "master" + name = "github.com/spf13/jwalterweatherman" + packages = ["."] + revision = "12bd96e66386c1960ab0f74ced1362f66f552f7b" + +[[projects]] + name = "github.com/spf13/pflag" + packages = ["."] + revision = "e57e3eeb33f795204c1ca35f56c44f83227c6e66" + version = "v1.0.0" + +[[projects]] + name = "github.com/spf13/viper" + packages = ["."] + revision = "25b30aa063fc18e48662b86996252eabdcf2f0c7" + version = "v1.0.0" + +[[projects]] + name = "github.com/square/go-jose" + packages = [".","json"] + revision = "f8f38de21b4dcd69d0413faf231983f5fd6634b1" + version = "v2.1.3" + +[[projects]] + name = "github.com/stretchr/testify" + packages = ["assert","require"] + revision = "69483b4bd14f5845b5a1e55bca19e954e827f1d0" + version = "v1.1.4" + +[[projects]] + name = "github.com/toqueteos/webbrowser" + packages = ["."] + revision = "21fc9f95c83442fd164094666f7cb4f9fdd56cd6" + version = "v1.0" + +[[projects]] + name = "github.com/urfave/negroni" + packages = ["."] + revision = "fde5e16d32adc7ad637e9cd9ad21d4ebc6192535" + version = "v0.2.0" + +[[projects]] + branch = "master" + name = "github.com/xtgo/uuid" + packages = ["."] + revision = "a0b114877d4caeffbd7f87e3757c17fce570fea7" + +[[projects]] + branch = "master" + name = "golang.org/x/crypto" + packages = ["bcrypt","blowfish","ed25519","ed25519/internal/edwards25519","ssh/terminal"] + revision = "2509b142fb2b797aa7587dad548f113b2c0f20ce" + +[[projects]] + branch = "master" + name = "golang.org/x/net" + packages = ["context","context/ctxhttp","idna","publicsuffix"] + revision = "4b14673ba32bee7f5ac0f990a48f033919fd418b" + +[[projects]] + branch = "master" + name = "golang.org/x/oauth2" + packages = [".","clientcredentials","internal"] + revision = "bb50c06baba3d0c76f9d125c0719093e315b5b44" + +[[projects]] + branch = "master" + name = "golang.org/x/sys" + packages = ["unix","windows"] + revision = "e82597366816b6fa799040628e95490bbf6e6b2b" + +[[projects]] + branch = "master" + name = "golang.org/x/text" + packages = ["collate","collate/build","internal/colltab","internal/gen","internal/tag","internal/triegen","internal/ucd","language","secure/bidirule","transform","unicode/bidi","unicode/cldr","unicode/norm","unicode/rangetable"] + revision = "6eab0e8f74e86c598ec3b6fad4888e0c11482d48" + +[[projects]] + name = "google.golang.org/appengine" + packages = ["internal","internal/base","internal/datastore","internal/log","internal/remote_api","internal/urlfetch","urlfetch"] + revision = "150dc57a1b433e64154302bdc40b6bb8aefa313a" + version = "v1.0.0" + +[[projects]] + name = "gopkg.in/gorp.v1" + packages = ["."] + revision = "c87af80f3cc5036b55b83d77171e156791085e2e" + version = "v1.7.1" + +[[projects]] + name = "gopkg.in/square/go-jose.v2" + packages = ["cipher","json"] + revision = "f8f38de21b4dcd69d0413faf231983f5fd6634b1" + version = "v2.1.3" + +[[projects]] + branch = "v2" + name = "gopkg.in/yaml.v2" + packages = ["."] + revision = "eb3733d160e74a9c7e442f435eb3bea458e1d19f" + +[solve-meta] + analyzer-name = "dep" + analyzer-version = 1 + inputs-digest = "b7e038321a6b38112add68025b57fd952e9dd2f8687de5d4c945cb87641b0f8f" + solver-name = "gps-cdcl" + solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml new file mode 100644 index 00000000000..a3a2f97d161 --- /dev/null +++ b/Gopkg.toml @@ -0,0 +1,146 @@ + +# Gopkg.toml example +# +# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md +# for detailed Gopkg.toml documentation. +# +# required = ["github.com/user/thing/cmd/thing"] +# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] +# +# [[constraint]] +# name = "github.com/user/project" +# version = "1.0.0" +# +# [[constraint]] +# name = "github.com/user/project2" +# branch = "dev" +# source = "github.com/myfork/project2" +# +# [[override]] +# name = "github.com/x/y" +# version = "2.4.0" + + +[[constraint]] + name = "github.com/go-resty/resty" + version = "1.0.0" + +[[constraint]] + name = "github.com/go-sql-driver/mysql" + version = "1.3.0" + +[[constraint]] + name = "github.com/gorilla/context" + version = "1.1.0" + +[[constraint]] + name = "github.com/gorilla/sessions" + version = "1.1.0" + +[[constraint]] + branch = "master" + name = "github.com/gtank/cryptopasta" + +[[constraint]] + name = "github.com/imdario/mergo" + version = "0.2.4" + +[[constraint]] + branch = "master" + name = "github.com/jmoiron/sqlx" + +[[constraint]] + name = "github.com/julienschmidt/httprouter" + version = "1.1.0" + +[[constraint]] + branch = "master" + name = "github.com/lib/pq" + +[[constraint]] + branch = "master" + name = "github.com/meatballhat/negroni-logrus" + +[[constraint]] + branch = "master" + name = "github.com/mohae/deepcopy" + +[[constraint]] + name = "github.com/oleiade/reflections" + version = "1.0.0" + +[[constraint]] + name = "github.com/ory/dockertest" + version = "3.0.9" + +[[constraint]] + name = "github.com/ory/fosite" + version = "0.13.0" + +[[constraint]] + name = "github.com/ory/graceful" + version = "0.1.0" + +[[constraint]] + name = "github.com/ory/herodot" + version = "0.1.1" + +[[constraint]] + name = "github.com/ory/ladon" + version = "0.8.2" + +[[constraint]] + name = "github.com/pborman/uuid" + version = "1.1.0" + +[[constraint]] + name = "github.com/pkg/errors" + version = "0.8.0" + +[[constraint]] + name = "github.com/pkg/profile" + version = "1.2.1" + +[[constraint]] + branch = "master" + name = "github.com/rubenv/sql-migrate" + +[[constraint]] + name = "github.com/segmentio/analytics-go" + version = "2.1.1" + +[[constraint]] + name = "github.com/sirupsen/logrus" + version = "1.0.3" + +[[constraint]] + name = "github.com/spf13/cobra" + version = "0.0.1" + +[[constraint]] + name = "github.com/spf13/viper" + version = "1.0.0" + +[[constraint]] + name = "github.com/square/go-jose" + version = "2.1.3" + +[[constraint]] + name = "github.com/stretchr/testify" + version = "1.1.4" + +[[constraint]] + name = "github.com/toqueteos/webbrowser" + version = "1.0.0" + +[[constraint]] + name = "github.com/urfave/negroni" + version = "0.2.0" + +[[constraint]] + branch = "master" + name = "golang.org/x/oauth2" + +[[constraint]] + branch = "v2" + name = "gopkg.in/yaml.v2" diff --git a/README.md b/README.md index c43cfc3808f..f1588ede252 100644 --- a/README.md +++ b/README.md @@ -163,14 +163,13 @@ Hydra is a twelve factor OAuth2 and OpenID Connect provider #### Building from source -If you wish to compile ORY Hydra yourself, you need to install and set up [Go 1.8+](https://golang.org/) and add `$GOPATH/bin` -to your `$PATH`. To do so, run the following commands in a shell (bash, sh, cmd.exe, ...): +If you wish to compile ORY Hydra yourself, you need to install and set up [Go 1.9+](https://golang.org/) and add `$GOPATH/bin` +to your `$PATH` as well as [golang/dep](http://github.com/golang/dep). To do so, run the following commands in a shell (bash, sh, cmd.exe, ...): ``` go get -d -u github.com/ory/hydra -go get github.com/Masterminds/glide cd $GOPATH/src/github.com/ory/hydra -glide install +dep ensure go install github.com/ory/hydra hydra ``` @@ -253,10 +252,9 @@ Developing with ORY Hydra is as easy as: ``` go get -d -u github.com/ory/hydra -go get github.com/Masterminds/glide cd $GOPATH/src/github.com/ory/hydra -glide install -go test $(glide novendor) +dep ensure +go test ./... ``` Then run it with in-memory database: diff --git a/cmd/server/helper_cert.go b/cmd/server/helper_cert.go index bd09d2761ed..da6835ddf67 100644 --- a/cmd/server/helper_cert.go +++ b/cmd/server/helper_cert.go @@ -84,8 +84,8 @@ func getOrCreateTLSCertificate(cmd *cobra.Command, c *config.Config) tls.Certifi private := jwk.First(keys.Key("private")) private.Certificates = []*x509.Certificate{cert} - keys = &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + keys = &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ *private, *jwk.First(keys.Key("public")), }, diff --git a/docs/api.swagger.json b/docs/api.swagger.json index 0578de0ab7d..b80bf8bd0eb 100644 --- a/docs/api.swagger.json +++ b/docs/api.swagger.json @@ -1928,12 +1928,6 @@ "Handler": { "type": "object", "properties": { - "Generators": { - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/KeyGenerator" - } - }, "H": { "$ref": "#/definitions/Writer" }, @@ -1944,7 +1938,7 @@ "$ref": "#/definitions/Firewall" } }, - "x-go-package": "github.com/ory/hydra/jwk" + "x-go-package": "github.com/ory/hydra/warden/group" }, "KeyGenerator": { "type": "object", diff --git a/glide.lock b/glide.lock deleted file mode 100644 index 2664e523f3b..00000000000 --- a/glide.lock +++ /dev/null @@ -1,247 +0,0 @@ -hash: c4be9b74aa40e60d7722f40bf12dd531809a39647f5b1958345598024b9e8509 -updated: 2017-10-05T16:00:11.7993519+02:00 -imports: -- name: github.com/asaskevich/govalidator - version: 4918b99a7cb949bb295f3c7bbaf24b577d806e35 -- name: github.com/Azure/go-ansiterm - version: 19f72df4d05d31cbe1c56bfc8045c96babff6c7e - subpackages: - - winterm -- name: github.com/cenk/backoff - version: 32cd0c5b3aef12c76ed64aaf678f6c79736be7dc -- name: github.com/davecgh/go-spew - version: 6d212800a42e8ab5c146b8ace3490ee17e5225f9 - subpackages: - - spew -- name: github.com/dgrijalva/jwt-go - version: d2709f9f1f31ebcda9651b03077758c1f3a0018c -- name: github.com/docker/docker - version: 89658bed64c2a8fe05a978e5b87dbec409d57a0f - subpackages: - - api/types - - api/types/blkiodev - - api/types/container - - api/types/filters - - api/types/mount - - api/types/network - - api/types/registry - - api/types/strslice - - api/types/swarm - - api/types/versions - - opts - - pkg/archive - - pkg/fileutils - - pkg/homedir - - pkg/idtools - - pkg/ioutils - - pkg/jsonlog - - pkg/jsonmessage - - pkg/longpath - - pkg/pools - - pkg/promise - - pkg/stdcopy - - pkg/system - - pkg/term - - pkg/term/windows - - pkg/testutil/assert -- name: github.com/docker/go-connections - version: 3ede32e2033de7505e6500d6c868c2b9ed9f169d - subpackages: - - nat -- name: github.com/docker/go-units - version: 0dadbb0345b35ec7ef35e228dabb8de89a65bf52 -- name: github.com/fsnotify/fsnotify - version: 4da3e2cfbabc9f751898f250b49f2439785783a1 -- name: github.com/fsouza/go-dockerclient - version: 98edf3edfae6a6500fecc69d2bcccf1302544004 -- name: github.com/go-resty/resty - version: 9ac9c42358f7c3c69ac9f8610e8790d7c338e85d -- name: github.com/go-sql-driver/mysql - version: a0583e0143b1624142adab07e0e97fe106d99561 -- name: github.com/golang/protobuf - version: 11b8df160996e00fd4b55cbaafb3d84ec6d50fa8 - subpackages: - - proto -- name: github.com/gorilla/context - version: 1ea25387ff6f684839d82767c1733ff4d4d15d0a -- name: github.com/gorilla/securecookie - version: e59506cc896acb7f7bf732d4fdf5e25f7ccd8983 -- name: github.com/gorilla/sessions - version: ca9ada44574153444b00d3fd9c8559e4cc95f896 -- name: github.com/hashicorp/golang-lru - version: 0a025b7e63adc15a622f29b0b2c4c3848243bbf6 - subpackages: - - simplelru -- name: github.com/hashicorp/hcl - version: 68e816d1c783414e79bc65b3994d9ab6b0a722ab - subpackages: - - hcl/ast - - hcl/parser - - hcl/scanner - - hcl/strconv - - hcl/token - - json/parser - - json/scanner - - json/token -- name: github.com/imdario/mergo - version: 3e95a51e0639b4cf372f2ccf74c86749d747fbdc -- name: github.com/inconshreveable/mousetrap - version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 -- name: github.com/jehiah/go-strftime - version: 834e15c05a45371503440cc195bbd05c9a0968d9 -- name: github.com/jmoiron/sqlx - version: d9bd385d68c068f1fabb5057e3dedcbcbb039d0f - subpackages: - - reflectx -- name: github.com/julienschmidt/httprouter - version: 8c199fb6259ffc1af525cc3ad52ee60ba8359669 -- name: github.com/lib/pq - version: e42267488fe361b9dc034be7a6bffef5b195bceb - subpackages: - - oid -- name: github.com/magiconair/properties - version: 8d7837e64d3c1ee4e54a880c5a920ab4316fc90a -- name: github.com/meatballhat/negroni-logrus - version: 31067281800f66f57548a7a32d9c6c5f963fef83 -- name: github.com/Microsoft/go-winio - version: 78439966b38d69bf38227fbf57ac8a6fee70f69a -- name: github.com/mitchellh/mapstructure - version: d0303fe809921458f417bcf828397a65db30a7e4 -- name: github.com/mohae/deepcopy - version: 491d3605edfb866af34a48075bd4355ac1bf46ca -- name: github.com/moul/http2curl - version: 4e24498b31dba4683efb9d35c1c8a91e2eda28c8 -- name: github.com/Nvveen/Gotty - version: cd527374f1e5bff4938207604a14f2e38a9cf512 -- name: github.com/oleiade/reflections - version: 2b6ec3da648e3e834dc41bad8d9ed7f2dc6a9496 -- name: github.com/opencontainers/runc - version: 593914b8bd5448a93f7c3e4902a03408b6d5c0ce - subpackages: - - libcontainer/system - - libcontainer/user -- name: github.com/ory/dockertest - version: a7951f7a8442f0e70d36e499ed4d744f00af2963 -- name: github.com/ory/fosite - version: 461b38fd07e47dad709667f024e98a71bfd3792b - subpackages: - - compose - - handler/oauth2 - - handler/openid - - storage - - token/hmac - - token/jwt -- name: github.com/ory/graceful - version: 3d30c83329259f53a904d428b38d8cb8fba7bd77 -- name: github.com/ory/herodot - version: 5bb399b8a5aa583343a2108e723b990432b4a1b4 -- name: github.com/ory/ladon - version: 306b2e6adf322d429e72ace6be16818dda75f574 - subpackages: - - compiler - - manager/memory - - manager/sql -- name: github.com/pborman/uuid - version: a97ce2ca70fa5a848076093f05e639a89ca34d06 -- name: github.com/pelletier/go-toml - version: 1d6b12b7cb290426e27e6b4e38b89fcda3aeef03 -- name: github.com/pkg/errors - version: 645ef00459ed84a119197bfb8d8205042c6df63d -- name: github.com/pkg/profile - version: 5b67d428864e92711fcbd2f8629456121a56d91f -- name: github.com/pmezard/go-difflib - version: d8ed2627bdf02c080bf22230dbb337003b7aba2d - subpackages: - - difflib -- name: github.com/rubenv/sql-migrate - version: 79fe99e24311fa42469fb2ca23eb3f8f065e6155 - subpackages: - - sqlparse -- name: github.com/segmentio/analytics-go - version: 2d840d861c322bdf5346ba7917af1c2285e653d3 -- name: github.com/segmentio/backo-go - version: 204274ad699c0983a70203a566887f17a717fef4 -- name: github.com/sirupsen/logrus - version: 89742aefa4b206dcf400792f3bd35b542998eb3b -- name: github.com/Sirupsen/logrus - version: 89742aefa4b206dcf400792f3bd35b542998eb3b - repo: https://github.com/sirupsen/logrus.git - vcs: git -- name: github.com/spf13/afero - version: ee1bd8ee15a1306d1f9201acc41ef39cd9f99a1b - subpackages: - - mem -- name: github.com/spf13/cast - version: acbeb36b902d72a7a4c18e8f3241075e7ab763e4 -- name: github.com/spf13/cobra - version: b78744579491c1ceeaaa3b40205e56b0591b93a3 -- name: github.com/spf13/jwalterweatherman - version: 12bd96e66386c1960ab0f74ced1362f66f552f7b -- name: github.com/spf13/pflag - version: 7aff26db30c1be810f9de5038ec5ef96ac41fd7c -- name: github.com/spf13/viper - version: 25b30aa063fc18e48662b86996252eabdcf2f0c7 -- name: github.com/square/go-jose - version: aa2e30fdd1fe9dd3394119af66451ae790d50e0d - subpackages: - - json -- name: github.com/stretchr/testify - version: 69483b4bd14f5845b5a1e55bca19e954e827f1d0 - subpackages: - - assert - - require -- name: github.com/toqueteos/webbrowser - version: 21fc9f95c83442fd164094666f7cb4f9fdd56cd6 -- name: github.com/urfave/negroni - version: fde5e16d32adc7ad637e9cd9ad21d4ebc6192535 -- name: github.com/xtgo/uuid - version: a0b114877d4caeffbd7f87e3757c17fce570fea7 -- name: golang.org/x/crypto - version: faadfbdc035307d901e69eea569f5dda451a3ee3 - subpackages: - - bcrypt - - blowfish - - ssh/terminal -- name: golang.org/x/net - version: 859d1a86bb617c0c20d154590c3c5d3fcb670b07 - subpackages: - - context - - context/ctxhttp - - publicsuffix -- name: golang.org/x/oauth2 - version: 13449ad91cb26cb47661c1b080790392170385fd - subpackages: - - clientcredentials - - internal -- name: golang.org/x/sys - version: 062cd7e4e68206d8bab9b18396626e855c992658 - subpackages: - - unix - - windows -- name: golang.org/x/text - version: 1cbadb444a806fd9430d14ad08967ed91da4fa0a - subpackages: - - transform - - unicode/norm -- name: google.golang.org/appengine - version: d9a072cfa7b9736e44311ef77b3e09d804bfa599 - subpackages: - - internal - - internal/base - - internal/datastore - - internal/log - - internal/remote_api - - internal/urlfetch - - urlfetch -- name: gopkg.in/gorp.v1 - version: c87af80f3cc5036b55b83d77171e156791085e2e -- name: gopkg.in/square/go-jose.v1 - version: aa2e30fdd1fe9dd3394119af66451ae790d50e0d - subpackages: - - cipher - - json -- name: gopkg.in/yaml.v2 - version: eb3733d160e74a9c7e442f435eb3bea458e1d19f -testImports: -- name: github.com/bmizerany/assert - version: b7ed37b82869576c289d7d97fb2bbd8b64a0cb28 diff --git a/glide.yaml b/glide.yaml deleted file mode 100644 index 2744db083ac..00000000000 --- a/glide.yaml +++ /dev/null @@ -1,80 +0,0 @@ -package: github.com/ory/hydra -import: -- package: github.com/sirupsen/logrus - version: master -- package: github.com/Sirupsen/logrus - repo: https://github.com/sirupsen/logrus.git - vcs: git - version: master -- package: github.com/dgrijalva/jwt-go - version: 3.0.0 -- package: github.com/go-sql-driver/mysql - version: 1.3.0 -- package: github.com/gorilla/context - version: 1.1.0 -- package: github.com/gorilla/sessions - version: 1.1.0 -- package: github.com/imdario/mergo - version: 0.2.2 -- package: github.com/jmoiron/sqlx -- package: github.com/julienschmidt/httprouter - version: 1.1.0 -- package: github.com/go-resty/resty - version: 1.0.0 -- package: github.com/lib/pq -- package: github.com/meatballhat/negroni-logrus -- package: github.com/moul/http2curl -- package: github.com/oleiade/reflections - version: 1.0.0 -- package: github.com/go-resty/resty - version: 1.0.0 -- package: github.com/ory/fosite - version: 0.11.3 - subpackages: - - compose - - handler/oauth2 - - handler/openid - - storage - - token/hmac - - token/jwt -- package: github.com/ory/graceful - version: 0.1.0 -- package: github.com/ory/herodot - version: 0.1.1 -- package: github.com/ory/ladon - version: 0.8.2 - subpackages: - - manager/memory - - manager/sql -- package: github.com/pborman/uuid - version: 1.0.0 -- package: github.com/segmentio/analytics-go - version: 2.1.1 -- package: github.com/pkg/errors - version: 0.8.0 -- package: github.com/pkg/profile - version: 1.2.1 -- package: github.com/rubenv/sql-migrate -- package: github.com/spf13/cobra -- package: github.com/spf13/viper -- package: github.com/square/go-jose - version: ~1.1.0 - subpackages: - - json -- package: github.com/stretchr/testify - version: 1.1.4 - subpackages: - - assert - - require -- package: github.com/toqueteos/webbrowser - version: 1.0.0 -- package: github.com/urfave/negroni - version: 0.2.0 -- package: golang.org/x/oauth2 - subpackages: - - clientcredentials -- package: gopkg.in/yaml.v2 -- package: github.com/mohae/deepcopy -testImport: -- package: github.com/bmizerany/assert -- package: github.com/ory/dockertest diff --git a/jwk/aead.go b/jwk/aead.go index ac1c01eb3e0..5bc7f940970 100644 --- a/jwk/aead.go +++ b/jwk/aead.go @@ -2,8 +2,9 @@ package jwk import ( "encoding/base64" - "github.com/pkg/errors" + "github.com/gtank/cryptopasta" + "github.com/pkg/errors" ) type AEAD struct { diff --git a/jwk/cast.go b/jwk/cast.go index 9f58fdad5d5..845a7844b98 100644 --- a/jwk/cast.go +++ b/jwk/cast.go @@ -7,7 +7,7 @@ import ( "github.com/square/go-jose" ) -func MustRSAPublic(key *jose.JsonWebKey) *rsa.PublicKey { +func MustRSAPublic(key *jose.JSONWebKey) *rsa.PublicKey { res, err := ToRSAPublic(key) if err != nil { panic(err.Error()) @@ -16,7 +16,7 @@ func MustRSAPublic(key *jose.JsonWebKey) *rsa.PublicKey { } -func ToRSAPublic(key *jose.JsonWebKey) (*rsa.PublicKey, error) { +func ToRSAPublic(key *jose.JSONWebKey) (*rsa.PublicKey, error) { res, ok := key.Key.(*rsa.PublicKey) if !ok { return res, errors.New("Could not convert key to RSA Private Key.") @@ -24,7 +24,7 @@ func ToRSAPublic(key *jose.JsonWebKey) (*rsa.PublicKey, error) { return res, nil } -func MustRSAPrivate(key *jose.JsonWebKey) *rsa.PrivateKey { +func MustRSAPrivate(key *jose.JSONWebKey) *rsa.PrivateKey { res, err := ToRSAPrivate(key) if err != nil { panic(err.Error()) @@ -32,7 +32,7 @@ func MustRSAPrivate(key *jose.JsonWebKey) *rsa.PrivateKey { return res } -func ToRSAPrivate(key *jose.JsonWebKey) (*rsa.PrivateKey, error) { +func ToRSAPrivate(key *jose.JSONWebKey) (*rsa.PrivateKey, error) { res, ok := key.Key.(*rsa.PrivateKey) if !ok { return res, errors.New("Could not convert key to RSA Private Key.") diff --git a/jwk/generator.go b/jwk/generator.go index 008d024c84c..04e73cefaa1 100644 --- a/jwk/generator.go +++ b/jwk/generator.go @@ -3,5 +3,5 @@ package jwk import "github.com/square/go-jose" type KeyGenerator interface { - Generate(id string) (*jose.JsonWebKeySet, error) + Generate(id string) (*jose.JSONWebKeySet, error) } diff --git a/jwk/generator_ecdsa256.go b/jwk/generator_ecdsa256.go index 1b84697119d..71552fe5e42 100644 --- a/jwk/generator_ecdsa256.go +++ b/jwk/generator_ecdsa256.go @@ -12,14 +12,14 @@ import ( type ECDSA256Generator struct{} -func (g *ECDSA256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { +func (g *ECDSA256Generator) Generate(id string) (*jose.JSONWebKeySet, error) { key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { return nil, errors.Errorf("Could not generate key because %s", err) } - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ { Key: key, KeyID: ider("private", id), diff --git a/jwk/generator_ecdsa521.go b/jwk/generator_ecdsa521.go index 8f1f5737401..600b5afdb31 100644 --- a/jwk/generator_ecdsa521.go +++ b/jwk/generator_ecdsa521.go @@ -12,14 +12,14 @@ import ( type ECDSA521Generator struct{} -func (g *ECDSA521Generator) Generate(id string) (*jose.JsonWebKeySet, error) { +func (g *ECDSA521Generator) Generate(id string) (*jose.JSONWebKeySet, error) { key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) if err != nil { return nil, errors.Errorf("Could not generate key because %s", err) } - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ { Key: key, KeyID: ider("private", id), diff --git a/jwk/generator_hs256.go b/jwk/generator_hs256.go index ea2c31b6d3e..222ddf89f2b 100644 --- a/jwk/generator_hs256.go +++ b/jwk/generator_hs256.go @@ -1,17 +1,17 @@ package jwk import ( + "crypto/rand" "crypto/x509" + "io" + "github.com/pkg/errors" "github.com/square/go-jose" - "io" - "crypto/rand" ) -type HS256Generator struct { -} +type HS256Generator struct{} -func (g *HS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { +func (g *HS256Generator) Generate(id string) (*jose.JSONWebKeySet, error) { // Taken from NewHMACKey key := &[32]byte{} _, err := io.ReadFull(rand.Reader, key[:]) @@ -19,11 +19,10 @@ func (g *HS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { return nil, errors.WithStack(err) } - var sliceKey []byte - copy(sliceKey, key[:]) + var sliceKey = key[:] - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ { Algorithm: "HS256", Key: sliceKey, diff --git a/jwk/generator_rs256.go b/jwk/generator_rs256.go index b6d9a4b4e6b..8b13a54cd3f 100644 --- a/jwk/generator_rs256.go +++ b/jwk/generator_rs256.go @@ -14,7 +14,7 @@ type RS256Generator struct { KeyLength int } -func (g *RS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { +func (g *RS256Generator) Generate(id string) (*jose.JSONWebKeySet, error) { if g.KeyLength < 4096 { g.KeyLength = 4096 } @@ -28,8 +28,8 @@ func (g *RS256Generator) Generate(id string) (*jose.JsonWebKeySet, error) { // jose does not support this... key.Precomputed = rsa.PrecomputedValues{} - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{ + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ { Algorithm: "RS256", Key: key, diff --git a/jwk/generator_test.go b/jwk/generator_test.go index a155bac2722..ac09c697dc1 100644 --- a/jwk/generator_test.go +++ b/jwk/generator_test.go @@ -17,31 +17,29 @@ func TestGenerator(t *testing.T) { for k, c := range []struct { g KeyGenerator - check func(*jose.JsonWebKeySet) + check func(*jose.JSONWebKeySet) }{ { g: &RS256Generator{}, - check: func(ks *jose.JsonWebKeySet) { + check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) }, }, { g: &ECDSA521Generator{}, - check: func(ks *jose.JsonWebKeySet) { + check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) }, }, { g: &ECDSA256Generator{}, - check: func(ks *jose.JsonWebKeySet) { + check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) }, }, { - g: &HS256Generator{ - Length: 32, - }, - check: func(ks *jose.JsonWebKeySet) { + g: &HS256Generator{}, + check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 1) }, }, diff --git a/jwk/handler.go b/jwk/handler.go index 65a91543d56..ca4d12b4f70 100644 --- a/jwk/handler.go +++ b/jwk/handler.go @@ -29,9 +29,7 @@ func (h *Handler) GetGenerators() map[string]KeyGenerator { h.Generators = map[string]KeyGenerator{ "RS256": &RS256Generator{}, "ES521": &ECDSA521Generator{}, - "HS256": &HS256Generator{ - Length: 32, - }, + "HS256": &HS256Generator{}, } } return h.Generators @@ -354,7 +352,7 @@ func (h *Handler) Create(w http.ResponseWriter, r *http.Request, ps httprouter.P func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ctx = context.Background() var requests joseWebKeySetRequest - var keySet = new(jose.JsonWebKeySet) + var keySet = new(jose.JSONWebKeySet) var set = ps.ByName("set") if _, err := h.W.TokenAllowed(ctx, h.W.TokenFromRequest(r), &firewall.TokenAccessRequest{ @@ -371,7 +369,7 @@ func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httpro } for _, request := range requests.Keys { - key := &jose.JsonWebKey{} + key := &jose.JSONWebKey{} if err := key.UnmarshalJSON(request); err != nil { h.H.WriteError(w, r, errors.WithStack(err)) } @@ -421,7 +419,7 @@ func (h *Handler) UpdateKeySet(w http.ResponseWriter, r *http.Request, ps httpro // 500: genericError func (h *Handler) UpdateKey(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { var ctx = context.Background() - var key jose.JsonWebKey + var key jose.JSONWebKey var set = ps.ByName("set") if err := json.NewDecoder(r.Body).Decode(&key); err != nil { diff --git a/jwk/handler_test.go b/jwk/handler_test.go index f531af4894d..3d1f2ec7e6f 100644 --- a/jwk/handler_test.go +++ b/jwk/handler_test.go @@ -18,7 +18,7 @@ import ( ) var testServer *httptest.Server -var IDKS *jose.JsonWebKeySet +var IDKS *jose.JSONWebKeySet func init() { localWarden, _ := compose.NewMockFirewall( @@ -57,7 +57,7 @@ func TestHandlerWellKnown(t *testing.T) { require.NoError(t, err, "problem in http request") defer res.Body.Close() - var known jose.JsonWebKeySet + var known jose.JSONWebKeySet err = json.NewDecoder(res.Body).Decode(&known) require.NoError(t, err, "problem in decoding response") diff --git a/jwk/helper.go b/jwk/helper.go index 67465286929..b522b7b2992 100644 --- a/jwk/helper.go +++ b/jwk/helper.go @@ -10,7 +10,7 @@ import ( "github.com/square/go-jose" ) -func First(keys []jose.JsonWebKey) *jose.JsonWebKey { +func First(keys []jose.JSONWebKey) *jose.JSONWebKey { if len(keys) == 0 { return nil } diff --git a/jwk/manager.go b/jwk/manager.go index b4da6533ef7..efd2a23e11b 100644 --- a/jwk/manager.go +++ b/jwk/manager.go @@ -3,13 +3,13 @@ package jwk import "github.com/square/go-jose" type Manager interface { - AddKey(set string, key *jose.JsonWebKey) error + AddKey(set string, key *jose.JSONWebKey) error - AddKeySet(set string, keys *jose.JsonWebKeySet) error + AddKeySet(set string, keys *jose.JSONWebKeySet) error - GetKey(set, kid string) (*jose.JsonWebKeySet, error) + GetKey(set, kid string) (*jose.JSONWebKeySet, error) - GetKeySet(set string) (*jose.JsonWebKeySet, error) + GetKeySet(set string) (*jose.JSONWebKeySet, error) DeleteKey(set, kid string) error diff --git a/jwk/manager_memory.go b/jwk/manager_memory.go index f77b9a3c9e1..4dcc9356825 100644 --- a/jwk/manager_memory.go +++ b/jwk/manager_memory.go @@ -9,30 +9,30 @@ import ( ) type MemoryManager struct { - Keys map[string]*jose.JsonWebKeySet + Keys map[string]*jose.JSONWebKeySet sync.RWMutex } -func (m *MemoryManager) AddKey(set string, key *jose.JsonWebKey) error { +func (m *MemoryManager) AddKey(set string, key *jose.JSONWebKey) error { m.Lock() defer m.Unlock() m.alloc() if m.Keys[set] == nil { - m.Keys[set] = &jose.JsonWebKeySet{Keys: []jose.JsonWebKey{}} + m.Keys[set] = &jose.JSONWebKeySet{Keys: []jose.JSONWebKey{}} } m.Keys[set].Keys = append(m.Keys[set].Keys, *key) return nil } -func (m *MemoryManager) AddKeySet(set string, keys *jose.JsonWebKeySet) error { +func (m *MemoryManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error { for _, key := range keys.Keys { m.AddKey(set, &key) } return nil } -func (m *MemoryManager) GetKey(set, kid string) (*jose.JsonWebKeySet, error) { +func (m *MemoryManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error) { m.RLock() defer m.RUnlock() @@ -47,12 +47,12 @@ func (m *MemoryManager) GetKey(set, kid string) (*jose.JsonWebKeySet, error) { return nil, errors.Wrap(pkg.ErrNotFound, "") } - return &jose.JsonWebKeySet{ + return &jose.JSONWebKeySet{ Keys: result, }, nil } -func (m *MemoryManager) GetKeySet(set string) (*jose.JsonWebKeySet, error) { +func (m *MemoryManager) GetKeySet(set string) (*jose.JSONWebKeySet, error) { m.RLock() defer m.RUnlock() @@ -72,7 +72,7 @@ func (m *MemoryManager) DeleteKey(set, kid string) error { } m.Lock() - var results []jose.JsonWebKey + var results []jose.JSONWebKey for _, key := range keys.Keys { if key.KeyID != kid { results = append(results) @@ -94,6 +94,6 @@ func (m *MemoryManager) DeleteKeySet(set string) error { func (m *MemoryManager) alloc() { if m.Keys == nil { - m.Keys = make(map[string]*jose.JsonWebKeySet) + m.Keys = make(map[string]*jose.JSONWebKeySet) } } diff --git a/jwk/manager_sql.go b/jwk/manager_sql.go index 278f3490459..d3f8157d536 100644 --- a/jwk/manager_sql.go +++ b/jwk/manager_sql.go @@ -52,7 +52,7 @@ func (s *SQLManager) CreateSchemas() (int, error) { return n, nil } -func (m *SQLManager) AddKey(set string, key *jose.JsonWebKey) error { +func (m *SQLManager) AddKey(set string, key *jose.JSONWebKey) error { out, err := json.Marshal(key) if err != nil { return errors.WithStack(err) @@ -74,7 +74,7 @@ func (m *SQLManager) AddKey(set string, key *jose.JsonWebKey) error { return nil } -func (m *SQLManager) AddKeySet(set string, keys *jose.JsonWebKeySet) error { +func (m *SQLManager) AddKeySet(set string, keys *jose.JSONWebKeySet) error { tx, err := m.DB.Beginx() if err != nil { return errors.WithStack(err) @@ -119,7 +119,7 @@ func (m *SQLManager) AddKeySet(set string, keys *jose.JsonWebKeySet) error { return nil } -func (m *SQLManager) GetKey(set, kid string) (*jose.JsonWebKeySet, error) { +func (m *SQLManager) GetKey(set, kid string) (*jose.JSONWebKeySet, error) { var d sqlData if err := m.DB.Get(&d, m.DB.Rebind("SELECT * FROM hydra_jwk WHERE sid=? AND kid=?"), set, kid); err == sql.ErrNoRows { return nil, errors.Wrap(pkg.ErrNotFound, "") @@ -132,17 +132,17 @@ func (m *SQLManager) GetKey(set, kid string) (*jose.JsonWebKeySet, error) { return nil, errors.WithStack(err) } - var c jose.JsonWebKey + var c jose.JSONWebKey if err := json.Unmarshal(key, &c); err != nil { return nil, errors.WithStack(err) } - return &jose.JsonWebKeySet{ - Keys: []jose.JsonWebKey{c}, + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{c}, }, nil } -func (m *SQLManager) GetKeySet(set string) (*jose.JsonWebKeySet, error) { +func (m *SQLManager) GetKeySet(set string) (*jose.JSONWebKeySet, error) { var ds []sqlData if err := m.DB.Select(&ds, m.DB.Rebind("SELECT * FROM hydra_jwk WHERE sid=?"), set); err == sql.ErrNoRows { return nil, errors.Wrap(pkg.ErrNotFound, "") @@ -154,14 +154,14 @@ func (m *SQLManager) GetKeySet(set string) (*jose.JsonWebKeySet, error) { return nil, errors.Wrap(pkg.ErrNotFound, "") } - keys := &jose.JsonWebKeySet{Keys: []jose.JsonWebKey{}} + keys := &jose.JSONWebKeySet{Keys: []jose.JSONWebKey{}} for _, d := range ds { key, err := m.Cipher.Decrypt(d.Key) if err != nil { return nil, errors.WithStack(err) } - var c jose.JsonWebKey + var c jose.JSONWebKey if err := json.Unmarshal(key, &c); err != nil { return nil, errors.WithStack(err) } diff --git a/jwk/manager_test_helpers.go b/jwk/manager_test_helpers.go index 30f312dd8ea..da2ec35bee1 100644 --- a/jwk/manager_test_helpers.go +++ b/jwk/manager_test_helpers.go @@ -19,7 +19,7 @@ func RandomBytes(n int) ([]byte, error) { return bytes, nil } -func TestHelperManagerKey(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T) { +func TestHelperManagerKey(m Manager, keys *jose.JSONWebKeySet) func(t *testing.T) { pub := keys.Key("public") priv := keys.Key("private") @@ -54,7 +54,7 @@ func TestHelperManagerKey(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T } } -func TestHelperManagerKeySet(m Manager, keys *jose.JsonWebKeySet) func(t *testing.T) { +func TestHelperManagerKeySet(m Manager, keys *jose.JSONWebKeySet) func(t *testing.T) { return func(t *testing.T) { t.Parallel() _, err := m.GetKeySet("foo") diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go index 26b15762189..9fa7df5f6fa 100644 --- a/oauth2/handler_test.go +++ b/oauth2/handler_test.go @@ -70,7 +70,7 @@ func (s *FakeConsentStrategy) CreateConsentRequest(authorizeRequest fosite.Autho func TestIssuerRedirect(t *testing.T) { storage := storage.NewExampleStore() - secret := []byte("my super secret password") + secret := []byte("my super secret password password password password") config := compose.Config{} privateKey, _ := rsa.GenerateKey(rand.Reader, 2048) diff --git a/oauth2/oauth2_test.go b/oauth2/oauth2_test.go index 3418caaadb3..0b405b8f5ab 100644 --- a/oauth2/oauth2_test.go +++ b/oauth2/oauth2_test.go @@ -43,7 +43,7 @@ var handler = &Handler{ fc, store, &compose.CommonStrategy{ - CoreStrategy: compose.NewOAuth2HMACStrategy(fc, []byte("some super secret secret")), + CoreStrategy: compose.NewOAuth2HMACStrategy(fc, []byte("some super secret secret secret secret")), OpenIDConnectTokenStrategy: compose.NewOpenIDConnectStrategy(pkg.MustRSAKey()), }, nil, diff --git a/package.json b/package.json index 87556cc3524..39518f7c88f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ory-hydra-sdk", - "version": "latest", + "version": "0.0.0", "description": "The official JavaScript / NodeJS SDK for ORY Hydra.", "license": "Apache 2.0", "main": "sdk/js/swagger/src/index.js", diff --git a/sdk/go/hydra/swagger/docs/Handler.md b/sdk/go/hydra/swagger/docs/Handler.md index 77f018750e1..f6f2dc3c0a2 100644 --- a/sdk/go/hydra/swagger/docs/Handler.md +++ b/sdk/go/hydra/swagger/docs/Handler.md @@ -3,7 +3,6 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Generators** | [**map[string]KeyGenerator**](KeyGenerator.md) | | [optional] [default to null] **H** | [**Writer**](Writer.md) | | [optional] [default to null] **Manager** | [**Manager**](Manager.md) | | [optional] [default to null] **W** | [**Firewall**](Firewall.md) | | [optional] [default to null] diff --git a/sdk/go/hydra/swagger/handler.go b/sdk/go/hydra/swagger/handler.go index 14c0e7786a0..83f0c0d7842 100644 --- a/sdk/go/hydra/swagger/handler.go +++ b/sdk/go/hydra/swagger/handler.go @@ -11,8 +11,6 @@ package swagger type Handler struct { - Generators map[string]KeyGenerator `json:"Generators,omitempty"` - H Writer `json:"H,omitempty"` Manager Manager `json:"Manager,omitempty"` diff --git a/sdk/js/swagger/docs/Handler.md b/sdk/js/swagger/docs/Handler.md index ca45bb05dee..ee1689cb759 100644 --- a/sdk/js/swagger/docs/Handler.md +++ b/sdk/js/swagger/docs/Handler.md @@ -3,7 +3,6 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**generators** | [**{String: KeyGenerator}**](KeyGenerator.md) | | [optional] **H** | [**Writer**](Writer.md) | | [optional] **manager** | [**Manager**](Manager.md) | | [optional] **W** | [**Firewall**](Firewall.md) | | [optional] diff --git a/sdk/js/swagger/src/model/Handler.js b/sdk/js/swagger/src/model/Handler.js index bb70efcbc26..1cab0e8e0bb 100644 --- a/sdk/js/swagger/src/model/Handler.js +++ b/sdk/js/swagger/src/model/Handler.js @@ -18,13 +18,7 @@ if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. define( - [ - 'ApiClient', - 'model/Firewall', - 'model/KeyGenerator', - 'model/Manager', - 'model/Writer' - ], + ['ApiClient', 'model/Firewall', 'model/Manager', 'model/Writer'], factory ) } else if (typeof module === 'object' && module.exports) { @@ -32,7 +26,6 @@ module.exports = factory( require('../ApiClient'), require('./Firewall'), - require('./KeyGenerator'), require('./Manager'), require('./Writer') ) @@ -44,12 +37,11 @@ root.HydraOAuth2OpenIdConnectServer.Handler = factory( root.HydraOAuth2OpenIdConnectServer.ApiClient, root.HydraOAuth2OpenIdConnectServer.Firewall, - root.HydraOAuth2OpenIdConnectServer.KeyGenerator, root.HydraOAuth2OpenIdConnectServer.Manager, root.HydraOAuth2OpenIdConnectServer.Writer ) } -})(this, function(ApiClient, Firewall, KeyGenerator, Manager, Writer) { +})(this, function(ApiClient, Firewall, Manager, Writer) { 'use strict' /** @@ -78,11 +70,6 @@ if (data) { obj = obj || new exports() - if (data.hasOwnProperty('Generators')) { - obj['Generators'] = ApiClient.convertToType(data['Generators'], { - String: KeyGenerator - }) - } if (data.hasOwnProperty('H')) { obj['H'] = Writer.constructFromObject(data['H']) } @@ -96,10 +83,6 @@ return obj } - /** - * @member {Object.} Generators - */ - exports.prototype['Generators'] = undefined /** * @member {module:model/Writer} H */ From c356e6b03ab58d5d06ca62ad2617386f809b1a26 Mon Sep 17 00:00:00 2001 From: arekkas Date: Wed, 25 Oct 2017 15:12:58 +0200 Subject: [PATCH 5/9] docs: update history.md for 0.10.0-alpha.9 --- HISTORY.md | 121 ++++++++++++++++++++++++++++++++++++----- jwk/generator_hs256.go | 2 +- jwk/generator_hs512.go | 34 ++++++++++++ jwk/generator_test.go | 14 +++++ jwk/handler.go | 5 +- 5 files changed, 159 insertions(+), 17 deletions(-) create mode 100644 jwk/generator_hs512.go diff --git a/HISTORY.md b/HISTORY.md index ab10a5cbd2f..4c6b4a080db 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,8 +1,97 @@ # History -This list makes you aware of (breaking) changes. For patch notes, please check the [releases tab](https://github.com/ory/hydra/releases). +This list makes you aware of any breaking and substantial non-breaking changes. + + + + +- [0.10.0-alpha.9](#0100-alpha9) + - [Breaking changes](#breaking-changes) + - [AES-GCM nonce storage](#aes-gcm-nonce-storage) + - [Other changes](#other-changes) + - [Token signature algorithm changed from HMAC-SHA256 to HMAC-SHA512](#token-signature-algorithm-changed-from-hmac-sha256-to-hmac-sha512) + - [RS256 JWK Generator now uses all 256 bit](#rs256-jwk-generator-now-uses-all-256-bit) +- [0.10.0-alpha.1](#0100-alpha1) + - [Breaking changes](#breaking-changes-1) + - [New consent flow](#new-consent-flow) + - [Audience](#audience) + - [Response payload changes to `/warden/token/allowed`](#response-payload-changes-to-wardentokenallowed) + - [Go SDK](#go-sdk) + - [Health endpoints](#health-endpoints) + - [Group endpoints](#group-endpoints) + - [Replacing hierarchical scope strategy with wildcard scope strategy](#replacing-hierarchical-scope-strategy-with-wildcard-scope-strategy) + - [Non-breaking changes](#non-breaking-changes) + - [Refreshing OpenID Connect ID Token using `refresh_token` grant type](#refreshing-openid-connect-id-token-using-refresh_token-grant-type) +- [0.9.0](#090) +- [0.8.0](#080) + - [Breaking changes](#breaking-changes-2) + - [Ladon updated to 0.6.0](#ladon-updated-to-060) + - [Redis and RethinkDB deprecated](#redis-and-rethinkdb-deprecated) + - [Moved to ory namespace](#moved-to-ory-namespace) + - [SDK](#sdk) + - [JWK](#jwk) + - [Migrations are no longer automatically applied](#migrations-are-no-longer-automatically-applied) + - [Changes](#changes) + - [Log format: json](#log-format-json) + - [SQL Connection Control](#sql-connection-control) + - [REST API Docs are now generated from source code](#rest-api-docs-are-now-generated-from-source-code) + - [Documentation on scopes](#documentation-on-scopes) + - [New response writer library](#new-response-writer-library) + - [Graceful http handling](#graceful-http-handling) + - [Best practice HTTP server config](#best-practice-http-server-config) + + + +## 0.10.0-alpha.9 + +This release focuses on cryptographic security by leveraging best practices that emerged within the last one and a +half years. Before upgrading to this version, make a back up of the JWK table in your SQL database. -## 0.10.0-alpha1 +### Breaking changes + +#### AES-GCM nonce storage + +Our use of `crypto/aes`'s AES-GCM was replaced in favor of [`cryptopasta/encrypt`](https://github.com/gtank/cryptopasta/blob/master/encrypt.go). +As this includes a change of how nonces are appended to the ciphertext, ORY Hydra will be unable to decipher existing +databases. + +There are two paths to migrate this change: +1. If you have not added any keys to the JWK store: + 1. Stop all Hydra instances. + 2. Drop all rows from the `hydra_jwk` table. + 3. Start **one** Hydra instance and wait for it to boot. + 4. Restart all remaining Hydra instances. +2. If you added keys to the JWK store: + 1. If you can afford to re-generate those keys: + 1. Write down all key ids you generated. + 2. Stop all Hydra instances. + 3. Drop all rows from the `hydra_jwk` table. + 4. Start **one** Hydra instance and wait for it to boot. + 5. Restart all remaining Hydra instances. + 6. Regenerate the keys and use the key ids you wrote down. + 2. If you can not afford to re-generate the keys: + 1. Export said keys using the REST API. + 2. Stop all Hydra instances. + 3. Drop all rows from the `hydra_jwk` table. + 4. Start **one** Hydra instance and wait for it to boot. + 5. Restart all remaining Hydra instances. + 6. Import said keys using the REST API. + +### Other changes + +#### Token signature algorithm changed from HMAC-SHA256 to HMAC-SHA512 + +The signature algorithm used to generate authorize codes, access tokens, and refresh tokens has been upgraded +from HMAC-SHA256 to HMAC-SHA512. With upgrading to alpha.9, all previously issued authorize codes, access tokens, and refresh will thus be +rendered invalid. Apart from some re-authorization procedures, which are usually automated, this should not have any +significant impact on your installation. + +#### RS256 JWK Generator now uses all 256 bit + +The RS256 JWK Generator now uses the full 256 bit range to generate secrets instead of a predefined rune sequence. +This change only affects keys generated in the future. + +## 0.10.0-alpha.1 **Warning: This version introduces breaking changes and is not suited for production use yet.** @@ -14,7 +103,9 @@ Please also note that the new scope strategy might render your administrative cl Set the environment variable `SCOPE_STRATEGY=DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY` to temporarily use the previous scope strategy and migrate the scopes manually. You may append `.*` to all scopes. For example, `hydra` is now `hydra hydra.*` -## New consent flow +### Breaking changes + +#### New consent flow Previously, the consent flow looked roughly like this: @@ -59,7 +150,7 @@ is now enough to confirm a consent request: Learn more on how the new consent flow works in the guide: https://ory.gitbooks.io/hydra/content/oauth2.html#consent-flow -## Audience +#### Audience Previously, the audience terminology was used as a synonym for OAuth2 client IDs. This is no longer the case. The audience is typically a URL identifying the endpoint(s) the token is intended for. For example, if a client requires access to @@ -71,30 +162,25 @@ renamed to `clientId` (where previously named `audience`) and `cid` (where previ **IMPORTANT NOTE:** This does **not** apply to OpenID Connect ID tokens. There, the `aud` claim **MUST** match the `client_id`. This discrepancy between OpenID Connect and OAuth 2.0 is what caused the confusion with the OAuth 2.0 audience terminology. -## Response payload changes to `/warden/token/allowed` +#### Response payload changes to `/warden/token/allowed` Previously, the response of the warden endpoint contained shorthands like `aud`, `iss`, and so on. Those have now been changed to their full names. For example, `iss` is now `issuer`. Additionally, `aud` is now named `clientId`. -## Go SDK +#### Go SDK The Go SDK was completely replaced in favor of a SDK based on `swagger-codegen`. Read more on it here: https://ory.gitbooks.io/hydra/content/sdk/go.html -## Health endpoints +#### Health endpoints * `GET /health` is now `GET /health/status` * `GET /health/stats` is now `GET /health/metrics` -## Group endpoints +#### Group endpoints * `GET /warden/groups` now returns a list of groups, not just a group id -## Refreshing OpenID Connect ID Token using `refresh_token` grant type - -1. It is now possible to refresh openid connect tokens using the refresh_token grant. An ID Token is issued if the scope -`openid` was requested, and the client is allowed to receive an ID Token. - -## Replacing hierarchical scope strategy with wildcard scope strategy +#### Replacing hierarchical scope strategy with wildcard scope strategy The previous scope matching strategy has been replaced in favor of a wildcard-based matching strategy. Read more on this strategy [here](https://ory.gitbooks.io/hydra/content/oauth2.html#oauth2-scopes). @@ -102,6 +188,13 @@ on this strategy [here](https://ory.gitbooks.io/hydra/content/oauth2.html#oauth2 To fall back to hierarchical scope matching, set the environment variable `SCOPE_STRATEGY=DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY`. This feature *might* be fully removed in the final 1.0.0 version. +### Non-breaking changes + +#### Refreshing OpenID Connect ID Token using `refresh_token` grant type + +1. It is now possible to refresh openid connect tokens using the refresh_token grant. An ID Token is issued if the scope +`openid` was requested, and the client is allowed to receive an ID Token. + ## 0.9.0 This version adds performance metrics to `/health` and sends anonymous usage statistics to our servers, [click here](https://ory.gitbooks.io/hydra/content/telemetry.html) for more diff --git a/jwk/generator_hs256.go b/jwk/generator_hs256.go index 222ddf89f2b..65fb8386338 100644 --- a/jwk/generator_hs256.go +++ b/jwk/generator_hs256.go @@ -13,7 +13,7 @@ type HS256Generator struct{} func (g *HS256Generator) Generate(id string) (*jose.JSONWebKeySet, error) { // Taken from NewHMACKey - key := &[32]byte{} + key := &[16]byte{} _, err := io.ReadFull(rand.Reader, key[:]) if err != nil { return nil, errors.WithStack(err) diff --git a/jwk/generator_hs512.go b/jwk/generator_hs512.go new file mode 100644 index 00000000000..35beddcfcee --- /dev/null +++ b/jwk/generator_hs512.go @@ -0,0 +1,34 @@ +package jwk + +import ( + "crypto/rand" + "crypto/x509" + "io" + + "github.com/pkg/errors" + "github.com/square/go-jose" +) + +type HS512Generator struct{} + +func (g *HS512Generator) Generate(id string) (*jose.JSONWebKeySet, error) { + // Taken from NewHMACKey + key := &[32]byte{} + _, err := io.ReadFull(rand.Reader, key[:]) + if err != nil { + return nil, errors.WithStack(err) + } + + var sliceKey = key[:] + + return &jose.JSONWebKeySet{ + Keys: []jose.JSONWebKey{ + { + Algorithm: "HS512", + Key: sliceKey, + KeyID: id, + Certificates: []*x509.Certificate{}, + }, + }, + }, nil +} diff --git a/jwk/generator_test.go b/jwk/generator_test.go index ac09c697dc1..d548766d03e 100644 --- a/jwk/generator_test.go +++ b/jwk/generator_test.go @@ -23,24 +23,38 @@ func TestGenerator(t *testing.T) { g: &RS256Generator{}, check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) + assert.NotEmpty(t, ks.Keys[0].Key) + assert.NotEmpty(t, ks.Keys[1].Key) }, }, { g: &ECDSA521Generator{}, check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) + assert.NotEmpty(t, ks.Keys[0].Key) + assert.NotEmpty(t, ks.Keys[1].Key) }, }, { g: &ECDSA256Generator{}, check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 2) + assert.NotEmpty(t, ks.Keys[0].Key) + assert.NotEmpty(t, ks.Keys[1].Key) }, }, { g: &HS256Generator{}, check: func(ks *jose.JSONWebKeySet) { assert.Len(t, ks, 1) + assert.NotEmpty(t, ks.Keys[0].Key) + }, + }, + { + g: &HS512Generator{}, + check: func(ks *jose.JSONWebKeySet) { + assert.Len(t, ks, 1) + assert.NotEmpty(t, ks.Keys[0].Key) }, }, } { diff --git a/jwk/handler.go b/jwk/handler.go index ca4d12b4f70..fb5c525eeb8 100644 --- a/jwk/handler.go +++ b/jwk/handler.go @@ -30,6 +30,7 @@ func (h *Handler) GetGenerators() map[string]KeyGenerator { "RS256": &RS256Generator{}, "ES521": &ECDSA521Generator{}, "HS256": &HS256Generator{}, + "HS512": &HS512Generator{}, } } return h.Generators @@ -51,7 +52,7 @@ func (h *Handler) SetRoutes(r *httprouter.Router) { // swagger:model jsonWebKeySetGeneratorRequest type createRequest struct { - // The algorithm to be used for creating the key. Supports "RS256", "ES521" and "HS256" + // The algorithm to be used for creating the key. Supports "RS256", "ES521", "HS512", and "HS256" // required: true // in: body Algorithm string `json:"alg"` @@ -247,7 +248,7 @@ func (h *Handler) GetKeySet(w http.ResponseWriter, r *http.Request, ps httproute // Generate a new JSON Web Key // // This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as -// symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). +// symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). // // // If the specified JSON Web Key Set does not exist, it will be created. From d86b4728c3e47ebd1683a11b6c5e59e9c3bc74b9 Mon Sep 17 00:00:00 2001 From: arekkas Date: Wed, 25 Oct 2017 15:46:23 +0200 Subject: [PATCH 6/9] docker: add curl to docker files --- Dockerfile | 2 +- Dockerfile-automigrate | 2 +- Dockerfile-demo | 2 +- Dockerfile-http | 2 +- Dockerfile-without-telemetry | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index a46766304a2..716537a8a54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base +RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep diff --git a/Dockerfile-automigrate b/Dockerfile-automigrate index 3a7de5617c0..58d4e9f81d3 100644 --- a/Dockerfile-automigrate +++ b/Dockerfile-automigrate @@ -1,6 +1,6 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base +RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep diff --git a/Dockerfile-demo b/Dockerfile-demo index 3ac4327351e..89755d05ca7 100644 --- a/Dockerfile-demo +++ b/Dockerfile-demo @@ -1,6 +1,6 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base +RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep diff --git a/Dockerfile-http b/Dockerfile-http index e50aca2e322..561bc2a265e 100644 --- a/Dockerfile-http +++ b/Dockerfile-http @@ -1,6 +1,6 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base +RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep diff --git a/Dockerfile-without-telemetry b/Dockerfile-without-telemetry index b35c890ffc8..40df19b0a88 100644 --- a/Dockerfile-without-telemetry +++ b/Dockerfile-without-telemetry @@ -1,6 +1,6 @@ FROM golang:1.9-alpine -RUN apk add --no-cache git build-base +RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep From b9b83a30279c333fb1bbc437053fd3af85678df3 Mon Sep 17 00:00:00 2001 From: arekkas Date: Wed, 25 Oct 2017 17:02:12 +0200 Subject: [PATCH 7/9] rand: remove unused numeric package --- rand/numeric/int.go | 52 ------------------ rand/numeric/int_test.go | 113 --------------------------------------- 2 files changed, 165 deletions(-) delete mode 100644 rand/numeric/int.go delete mode 100644 rand/numeric/int_test.go diff --git a/rand/numeric/int.go b/rand/numeric/int.go deleted file mode 100644 index 15b169c9456..00000000000 --- a/rand/numeric/int.go +++ /dev/null @@ -1,52 +0,0 @@ -package numeric - -import ( - "bytes" - "crypto/rand" - "encoding/binary" - "io" -) - -var ( - rander = rand.Reader // random function - r = make([]byte, 8) -) - -// Int64 creates a random 64 bit integer using crypto.rand -func Int64() (i int64) { - randomBits(r) - buf := bytes.NewBuffer(r) - binary.Read(buf, binary.LittleEndian, &i) - return i -} - -// UInt64 creates a random 64 bit unsigned integer using crypto.rand -func UInt64() (i uint64) { - randomBits(r) - buf := bytes.NewBuffer(r) - binary.Read(buf, binary.LittleEndian, &i) - return i -} - -// Int32 creates a random 32 bit integer using crypto.rand -func Int32() (i int32) { - randomBits(r) - buf := bytes.NewBuffer(r) - binary.Read(buf, binary.LittleEndian, &i) - return i -} - -// UInt32 creates a random 32 bit unsigned integer using crypto.rand -func UInt32() (i uint32) { - randomBits(r) - buf := bytes.NewBuffer(r) - binary.Read(buf, binary.LittleEndian, &i) - return i -} - -// randomBits completely fills slice b with random data. -func randomBits(b []byte) { - if _, err := io.ReadFull(rander, b); err != nil { - panic(err.Error()) // rand should never fail - } -} diff --git a/rand/numeric/int_test.go b/rand/numeric/int_test.go deleted file mode 100644 index be889ab011f..00000000000 --- a/rand/numeric/int_test.go +++ /dev/null @@ -1,113 +0,0 @@ -package numeric - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestInt64(t *testing.T) { - seq := Int64() - assert.NotEmpty(t, seq) -} - -func TestInt32(t *testing.T) { - seq := Int32() - assert.NotEmpty(t, seq) -} - -func TestUInt64(t *testing.T) { - seq := UInt64() - assert.NotEmpty(t, seq) -} - -func TestUInt32(t *testing.T) { - seq := UInt32() - assert.NotEmpty(t, seq) -} - -func TestInt64IsUnique(t *testing.T) { - if testing.Short() { - t.SkipNow() - } - - // Probability of collision is around 1 in a million - times := 6000000 - s := make(map[int64]bool) - - for i := 0; i < times; i++ { - k := Int64() - _, ok := s[k] - assert.False(t, ok) - if ok { - return - } - s[k] = true - } -} - -func TestUInt64IsUnique(t *testing.T) { - if testing.Short() { - t.SkipNow() - } - - // Probability of collision is around 1 in a million - times := 6000000 - s := make(map[uint64]bool) - - for i := 0; i < times; i++ { - k := UInt64() - _, ok := s[k] - assert.False(t, ok) - if ok { - return - } - s[k] = true - } -} - -func TestInt32IsUnique(t *testing.T) { - if testing.Short() { - t.SkipNow() - } - - // Probability of collision is around 1 in 1000 - times := 3000 - s := make(map[int32]bool) - - for i := 0; i < times; i++ { - k := Int32() - _, ok := s[k] - assert.False(t, ok) - if ok { - return - } - s[k] = true - } -} - -func TestUInt32IsUnique(t *testing.T) { - if testing.Short() { - t.SkipNow() - } - - // Probability of collision is around 1 in 1000 - times := 3000 - s := make(map[uint32]bool) - - for i := 0; i < times; i++ { - k := UInt32() - _, ok := s[k] - assert.False(t, ok) - if ok { - return - } - s[k] = true - } -} - -func BenchmarkTestInt64(b *testing.B) { - for i := 0; i < b.N; i++ { - _ = Int64() - } -} From faf9c2ca7db08ecc9509cc689aebede9bd18ccb0 Mon Sep 17 00:00:00 2001 From: arekkas Date: Wed, 25 Oct 2017 17:14:32 +0200 Subject: [PATCH 8/9] ci: move to circle-ci --- .travis.yml => .circleci/.travis.yml | 0 .circleci/config.yml | 181 ++++++++++++++++++ Dockerfile | 6 +- Dockerfile-automigrate | 5 +- Dockerfile-demo | 5 +- Dockerfile-http | 5 +- Dockerfile-without-telemetry | 5 +- docs/api.swagger.json | 4 +- integration/docker.go | 18 ++ scripts/run-deploy.sh | 6 +- scripts/run-gensdk.sh | 4 +- scripts/test-e2e.sh | 3 + scripts/test-sdk.sh | 13 ++ sdk/go/hydra/swagger/docs/JsonWebKeyApi.md | 2 +- .../docs/JsonWebKeySetGeneratorRequest.md | 2 +- sdk/go/hydra/swagger/json_web_key_api.go | 2 +- .../json_web_key_set_generator_request.go | 2 +- sdk/js/swagger/docs/JsonWebKeyApi.md | 2 +- .../docs/JsonWebKeySetGeneratorRequest.md | 2 +- sdk/js/swagger/src/api/JsonWebKeyApi.js | 2 +- .../model/JsonWebKeySetGeneratorRequest.js | 4 +- yarn.lock | 139 +------------- 22 files changed, 245 insertions(+), 167 deletions(-) rename .travis.yml => .circleci/.travis.yml (100%) create mode 100644 .circleci/config.yml create mode 100755 scripts/test-sdk.sh diff --git a/.travis.yml b/.circleci/.travis.yml similarity index 100% rename from .travis.yml rename to .circleci/.travis.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000000..9bde3a718bd --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,181 @@ +# Golang CircleCI 2.0 configuration file +# +# Check https://circleci.com/docs/2.0/language-go/ for more details +version: 2 +jobs: + format: + docker: + - image: circleci/golang:1.9 + working_directory: /go/src/github.com/ory/hydra + steps: + - checkout + - run: curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep + - run: go get -u golang.org/x/tools/cmd/goimports + - run: dep ensure -vendor-only + - run: ./scripts/test-format.sh + + test: + docker: + - image: circleci/golang:1.9 + environment: + - TEST_DATABASE_POSTGRES=postgres://test:test@localhost:5432/hydra?sslmode=disable + - TEST_DATABASE_MYSQL=root:test@(localhost:3306)/mysql?parseTime=true + - image: postgres:9.5 + environment: + - POSTGRES_USER=test + - POSTGRES_PASSWORD=test + - POSTGRES_DB=oathkeeper + - image: mysql:5.7 + environment: + - MYSQL_ROOT_PASSWORD=test + working_directory: /go/src/github.com/ory/hydra + steps: + - checkout + - run: curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep + - run: go get -u github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/ory/go-acc + - run: dep ensure -vendor-only + - run: go install github.com/ory/hydra + - run: go test -race -short $(go list ./... | grep -v cmd) + - run: go-acc -o coverage.txt ./... + - run: ./scripts/test-e2e.sh + - run: goveralls -service=circle-ci -coverprofile=coverage.txt -repotoken=$COVERALLS_REPO_TOKEN + + swagger: + docker: + - image: circleci/golang:1.9 + working_directory: /go/src/github.com/ory/hydra + steps: + - checkout + - run: curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep + - run: go get -u github.com/go-swagger/go-swagger/cmd/swagger golang.org/x/tools/cmd/goimports + - run: dep ensure -vendor-only + - run: curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - + - run: sudo apt-get install -y default-jre nodejs + - run: sudo npm i -g yarn + - run: yarn + - run: ./scripts/test-sdk.sh + + build-docker-default: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -f Dockerfile . + + build-docker-http: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -f Dockerfile-http . + + build-docker-demo: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -f Dockerfile-demo . + + build-docker-automigrate: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -f Dockerfile-automigrate . + + build-docker-without-telemetry: + docker: + - image: library/docker:17.10 + steps: + - checkout + - setup_remote_docker + - run: docker build -t hydra-travis-ci -f Dockerfile-without-telemetry . + - run: docker run -d hydra-travis-ci + + build: + docker: + - image: circleci/golang:1.9 + working_directory: /go/src/github.com/ory/hydra + steps: + - checkout + - run: curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o /go/bin/dep && chmod +x /go/bin/dep + - run: go get -u github.com/mitchellh/gox github.com/tcnksm/ghr + - run: dep ensure -vendor-only + - run: sudo apt-get install -y nodejs + - run: ./scripts/run-deploy.sh + - run: ghr -t $GITHUB_TOKEN -u $CIRCLE_PROJECT_USERNAME -r $CIRCLE_PROJECT_REPONAME --replace `git describe --tags` dist/ + - run: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + - run: npm publish + +workflows: + version: 2 + "test, build, push, and deploy": + jobs: + - format: + filters: + tags: + only: /.*/ + - test: + filters: + tags: + only: /.*/ + - swagger: + filters: + tags: + only: /.*/ + - build-docker-default: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build-docker-http: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build-docker-demo: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build-docker-automigrate: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build-docker-without-telemetry: + requires: + - test + - swagger + - format + filters: + tags: + only: /.*/ + - build: + requires: + - build-docker-without-telemetry + - build-docker-demo + - build-docker-automigrate + - build-docker-http + - build-docker-default + filters: + tags: + only: /.*/ + branches: + ignore: /.*/ diff --git a/Dockerfile b/Dockerfile index 716537a8a54..2d00036d657 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base curl -ENV DEP_VERSION 0.3.2 -RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep WORKDIR /go/src/github.com/ory/hydra ADD ./Gopkg.lock ./Gopkg.lock -RUN dep ensure +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/Dockerfile-automigrate b/Dockerfile-automigrate index 58d4e9f81d3..aaee8dab3c8 100644 --- a/Dockerfile-automigrate +++ b/Dockerfile-automigrate @@ -2,13 +2,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 -RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep WORKDIR /go/src/github.com/ory/hydra ADD ./Gopkg.lock ./Gopkg.lock -RUN dep ensure +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/Dockerfile-demo b/Dockerfile-demo index 89755d05ca7..560f1ad23bd 100644 --- a/Dockerfile-demo +++ b/Dockerfile-demo @@ -2,13 +2,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 -RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep WORKDIR /go/src/github.com/ory/hydra ADD ./Gopkg.lock ./Gopkg.lock -RUN dep ensure +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/Dockerfile-http b/Dockerfile-http index 561bc2a265e..7edaa9c4fda 100644 --- a/Dockerfile-http +++ b/Dockerfile-http @@ -2,13 +2,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 -RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep WORKDIR /go/src/github.com/ory/hydra ADD ./Gopkg.lock ./Gopkg.lock -RUN dep ensure +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/Dockerfile-without-telemetry b/Dockerfile-without-telemetry index 40df19b0a88..9109c4ca56b 100644 --- a/Dockerfile-without-telemetry +++ b/Dockerfile-without-telemetry @@ -2,13 +2,14 @@ FROM golang:1.9-alpine RUN apk add --no-cache git build-base curl ENV DEP_VERSION 0.3.2 -RUN curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep +RUN curl -L -s https://github.com/golang/dep/releases/download/v0.3.2/dep-linux-amd64 -o $GOPATH/bin/dep RUN chmod +x $GOPATH/bin/dep WORKDIR /go/src/github.com/ory/hydra ADD ./Gopkg.lock ./Gopkg.lock -RUN dep ensure +ADD ./Gopkg.toml ./Gopkg.toml +RUN dep ensure -vendor-only ADD . . RUN go install . diff --git a/docs/api.swagger.json b/docs/api.swagger.json index b80bf8bd0eb..fb1eee4720d 100644 --- a/docs/api.swagger.json +++ b/docs/api.swagger.json @@ -531,7 +531,7 @@ } }, "post": { - "description": "This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as\nsymmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA).\n\n\nIf the specified JSON Web Key Set does not exist, it will be created.\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```", + "description": "This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as\nsymmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA).\n\n\nIf the specified JSON Web Key Set does not exist, it will be created.\n\n\nThe subject making the request needs to be assigned to a policy containing:\n\n```\n{\n\"resources\": [\"rn:hydra:keys:\u003cset\u003e:\u003ckid\u003e\"],\n\"actions\": [\"create\"],\n\"effect\": \"allow\"\n}\n```", "consumes": [ "application/json" ], @@ -2167,7 +2167,7 @@ ], "properties": { "alg": { - "description": "The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\"", + "description": "The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\"", "type": "string", "x-go-name": "Algorithm" }, diff --git a/integration/docker.go b/integration/docker.go index 1af57eabb2f..ca57441de5d 100644 --- a/integration/docker.go +++ b/integration/docker.go @@ -5,6 +5,8 @@ import ( "log" "time" + "os" + _ "github.com/go-sql-driver/mysql" "github.com/jmoiron/sqlx" _ "github.com/lib/pq" @@ -24,6 +26,14 @@ func KillAll() { } func ConnectToMySQL() *sqlx.DB { + if url := os.Getenv("TEST_DATABASE_MYSQL"); url != "" { + db, err := sqlx.Open("mysql", url) + if err != nil { + log.Fatalf("Could not connect to bootstrapped database: %s", err) + } + return db + } + var db *sqlx.DB var err error pool, err = dockertest.NewPool("") @@ -54,6 +64,14 @@ func ConnectToMySQL() *sqlx.DB { } func ConnectToPostgres() *sqlx.DB { + if url := os.Getenv("TEST_DATABASE_POSTGRESQL"); url != "" { + db, err := sqlx.Open("postgres", url) + if err != nil { + log.Fatalf("Could not connect to bootstrapped database: %s", err) + } + return db + } + var db *sqlx.DB var err error pool, err = dockertest.NewPool("") diff --git a/scripts/run-deploy.sh b/scripts/run-deploy.sh index 855560177ea..d75d17bdb76 100755 --- a/scripts/run-deploy.sh +++ b/scripts/run-deploy.sh @@ -2,7 +2,5 @@ set -euo pipefail -if [ "${TRAVIS_TAG}" != "" ]; then - gox -ldflags "-X github.com/ory/hydra/cmd.Version=`git describe --tags` -X github.com/ory/hydra/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/hydra/cmd.GitHash=`git rev-parse HEAD`" -output "dist/{{.Dir}}-{{.OS}}-{{.Arch}}"; - npm version -f --no-git-tag-version $(git describe --tag); -fi +gox -ldflags "-X github.com/ory/hydra/cmd.Version=`git describe --tags` -X github.com/ory/hydra/cmd.BuildTime=`TZ=UTC date -u '+%Y-%m-%dT%H:%M:%SZ'` -X github.com/ory/hydra/cmd.GitHash=`git rev-parse HEAD`" -output "dist/{{.Dir}}-{{.OS}}-{{.Arch}}"; +npm version -f --no-git-tag-version $(git describe --tag); diff --git a/scripts/run-gensdk.sh b/scripts/run-gensdk.sh index 47783cad1db..23ba8ac078b 100755 --- a/scripts/run-gensdk.sh +++ b/scripts/run-gensdk.sh @@ -16,11 +16,9 @@ java -jar scripts/swagger-codegen-cli-2.2.3.jar generate -i ./docs/api.swagger.j scripts/run-format.sh -git add -A . - git checkout HEAD -- sdk/go/hydra/swagger/configuration.go git checkout HEAD -- sdk/go/hydra/swagger/api_client.go rm -f ./sdk/js/swagger/package.json rm -rf ./sdk/js/swagger/test -npm run prettier \ No newline at end of file +npm run prettier diff --git a/scripts/test-e2e.sh b/scripts/test-e2e.sh index 9446d45e8bb..27ac3e0ab38 100755 --- a/scripts/test-e2e.sh +++ b/scripts/test-e2e.sh @@ -4,6 +4,9 @@ set -euo pipefail cd "$( dirname "${BASH_SOURCE[0]}" )/.." +DATABASE_URL=memory hydra host --dangerous-auto-logon --dangerous-force-http --disable-telemetry & +while ! echo exit | nc 127.0.0.1 4444; do sleep 1; done + hydra clients create --id foobar hydra clients delete foobar curl --header "Authorization: bearer $(hydra token client)" http://localhost:4444/clients diff --git a/scripts/test-sdk.sh b/scripts/test-sdk.sh new file mode 100755 index 00000000000..4bf29e60f4c --- /dev/null +++ b/scripts/test-sdk.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -euo pipefail + +cd "$( dirname "${BASH_SOURCE[0]}" )/.." + +scripts/run-genswag.sh +git add -A +git diff --exit-code + +./scripts/run-gensdk.sh +git add -A +git diff --exit-code diff --git a/sdk/go/hydra/swagger/docs/JsonWebKeyApi.md b/sdk/go/hydra/swagger/docs/JsonWebKeyApi.md index 0c5331b344d..f8e2ea227ae 100644 --- a/sdk/go/hydra/swagger/docs/JsonWebKeyApi.md +++ b/sdk/go/hydra/swagger/docs/JsonWebKeyApi.md @@ -18,7 +18,7 @@ Method | HTTP request | Description Generate a new JSON Web Key -This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys::\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` +This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys::\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` ### Parameters diff --git a/sdk/go/hydra/swagger/docs/JsonWebKeySetGeneratorRequest.md b/sdk/go/hydra/swagger/docs/JsonWebKeySetGeneratorRequest.md index 65ef3f75ae6..642a4e4d557 100644 --- a/sdk/go/hydra/swagger/docs/JsonWebKeySetGeneratorRequest.md +++ b/sdk/go/hydra/swagger/docs/JsonWebKeySetGeneratorRequest.md @@ -3,7 +3,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**Alg** | **string** | The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" | [default to null] +**Alg** | **string** | The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" | [default to null] **Kid** | **string** | The kid of the key to be created | [default to null] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/go/hydra/swagger/json_web_key_api.go b/sdk/go/hydra/swagger/json_web_key_api.go index bc15b383d47..e9320135d4e 100644 --- a/sdk/go/hydra/swagger/json_web_key_api.go +++ b/sdk/go/hydra/swagger/json_web_key_api.go @@ -39,7 +39,7 @@ func NewJsonWebKeyApiWithBasePath(basePath string) *JsonWebKeyApi { /** * Generate a new JSON Web Key - * This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` + * This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` * * @param set The set * @param body diff --git a/sdk/go/hydra/swagger/json_web_key_set_generator_request.go b/sdk/go/hydra/swagger/json_web_key_set_generator_request.go index fcf1ec74d16..88e16d16624 100644 --- a/sdk/go/hydra/swagger/json_web_key_set_generator_request.go +++ b/sdk/go/hydra/swagger/json_web_key_set_generator_request.go @@ -12,7 +12,7 @@ package swagger type JsonWebKeySetGeneratorRequest struct { - // The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" + // The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" Alg string `json:"alg"` // The kid of the key to be created diff --git a/sdk/js/swagger/docs/JsonWebKeyApi.md b/sdk/js/swagger/docs/JsonWebKeyApi.md index 738cb9aba3f..c1ce2a513fd 100644 --- a/sdk/js/swagger/docs/JsonWebKeyApi.md +++ b/sdk/js/swagger/docs/JsonWebKeyApi.md @@ -19,7 +19,7 @@ Method | HTTP request | Description Generate a new JSON Web Key -This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` +This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` ### Example ```javascript diff --git a/sdk/js/swagger/docs/JsonWebKeySetGeneratorRequest.md b/sdk/js/swagger/docs/JsonWebKeySetGeneratorRequest.md index 31d45de88cf..8e53290479e 100644 --- a/sdk/js/swagger/docs/JsonWebKeySetGeneratorRequest.md +++ b/sdk/js/swagger/docs/JsonWebKeySetGeneratorRequest.md @@ -3,7 +3,7 @@ ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**alg** | **String** | The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" | +**alg** | **String** | The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" | **kid** | **String** | The kid of the key to be created | diff --git a/sdk/js/swagger/src/api/JsonWebKeyApi.js b/sdk/js/swagger/src/api/JsonWebKeyApi.js index fea352f5d88..ea2cfc8567f 100644 --- a/sdk/js/swagger/src/api/JsonWebKeyApi.js +++ b/sdk/js/swagger/src/api/JsonWebKeyApi.js @@ -84,7 +84,7 @@ /** * Generate a new JSON Web Key - * This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` + * This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` * @param {String} set The set * @param {Object} opts Optional parameters * @param {module:model/JsonWebKeySetGeneratorRequest} opts.body diff --git a/sdk/js/swagger/src/model/JsonWebKeySetGeneratorRequest.js b/sdk/js/swagger/src/model/JsonWebKeySetGeneratorRequest.js index 1e3fd75be9b..dba4bf67354 100644 --- a/sdk/js/swagger/src/model/JsonWebKeySetGeneratorRequest.js +++ b/sdk/js/swagger/src/model/JsonWebKeySetGeneratorRequest.js @@ -43,7 +43,7 @@ * Constructs a new JsonWebKeySetGeneratorRequest. * @alias module:model/JsonWebKeySetGeneratorRequest * @class - * @param alg {String} The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" + * @param alg {String} The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" * @param kid {String} The kid of the key to be created */ var exports = function(alg, kid) { @@ -75,7 +75,7 @@ } /** - * The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\" and \"HS256\" + * The algorithm to be used for creating the key. Supports \"RS256\", \"ES521\", \"HS512\", and \"HS256\" * @member {String} alg */ exports.prototype['alg'] = undefined diff --git a/yarn.lock b/yarn.lock index 40b8a7c829f..eba00a66a0a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -12,14 +12,6 @@ combined-stream@^1.0.5: dependencies: delayed-stream "~1.0.0" -commander@0.6.1: - version "0.6.1" - resolved "https://registry.yarnpkg.com/commander/-/commander-0.6.1.tgz#fa68a14f6a945d54dbbe50d8cdb3320e9e3b1a06" - -commander@2.3.0: - version "2.3.0" - resolved "https://registry.yarnpkg.com/commander/-/commander-2.3.0.tgz#fd430e889832ec353b9acd1de217c11cb3eef873" - component-emitter@^1.2.0: version "1.2.1" resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.2.1.tgz#137918d6d78283f7df7a6b7c5a63e140e69425e6" @@ -32,12 +24,6 @@ core-util-is@~1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7" -debug@2.2.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/debug/-/debug-2.2.0.tgz#f87057e995b1a1f6ae6a4960664137bc56f039da" - dependencies: - ms "0.7.1" - debug@^2.2.0: version "2.6.9" resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" @@ -48,18 +34,6 @@ delayed-stream@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" -diff@1.4.0: - version "1.4.0" - resolved "https://registry.yarnpkg.com/diff/-/diff-1.4.0.tgz#7f28d2eb9ee7b15a97efd89ce63dcfdaa3ccbabf" - -escape-string-regexp@1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.2.tgz#4dbc2fe674e71949caf3fb2695ce7f2dc1d9a8d1" - -expect.js@~0.3.1: - version "0.3.1" - resolved "https://registry.yarnpkg.com/expect.js/-/expect.js-0.3.1.tgz#b0a59a0d2eff5437544ebf0ceaa6015841d09b5b" - extend@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.1.tgz#a755ea7bc1adfcc5a31ce7e762dbaadc5e636444" @@ -72,59 +46,18 @@ form-data@^2.1.1: combined-stream "^1.0.5" mime-types "^2.1.12" -formatio@1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/formatio/-/formatio-1.1.1.tgz#5ed3ccd636551097383465d996199100e86161e9" - dependencies: - samsam "~1.1" - formidable@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/formidable/-/formidable-1.1.1.tgz#96b8886f7c3c3508b932d6bd70c4d3a88f35f1a9" -glob@3.2.3: - version "3.2.3" - resolved "https://registry.yarnpkg.com/glob/-/glob-3.2.3.tgz#e313eeb249c7affaa5c475286b0e115b59839467" - dependencies: - graceful-fs "~2.0.0" - inherits "2" - minimatch "~0.2.11" - -graceful-fs@~2.0.0: - version "2.0.3" - resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-2.0.3.tgz#7cd2cdb228a4a3f36e95efa6cc142de7d1a136d0" - -growl@1.8.1: - version "1.8.1" - resolved "https://registry.yarnpkg.com/growl/-/growl-1.8.1.tgz#4b2dec8d907e93db336624dcec0183502f8c9428" - -inherits@2, inherits@~2.0.3: +inherits@~2.0.3: version "2.0.3" resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.3.tgz#633c2c83e3da42a502f52466022480f4208261de" -inherits@2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.1.tgz#b17d08d326b4423e568eff719f91b0b1cbdf69f1" - isarray@~1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" -jade@0.26.3: - version "0.26.3" - resolved "https://registry.yarnpkg.com/jade/-/jade-0.26.3.tgz#8f10d7977d8d79f2f6ff862a81b0513ccb25686c" - dependencies: - commander "0.6.1" - mkdirp "0.3.0" - -lolex@1.3.2: - version "1.3.2" - resolved "https://registry.yarnpkg.com/lolex/-/lolex-1.3.2.tgz#7c3da62ffcb30f0f5a80a2566ca24e45d8a01f31" - -lru-cache@2: - version "2.7.3" - resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-2.7.3.tgz#6d4524e8b955f95d4f5b58851ce21dd72fb4e952" - methods@^1.1.1: version "1.1.2" resolved "https://registry.yarnpkg.com/methods/-/methods-1.1.2.tgz#5529a4d67654134edcc5266656835b0f851afcee" @@ -143,45 +76,6 @@ mime@^1.3.4: version "1.4.1" resolved "https://registry.yarnpkg.com/mime/-/mime-1.4.1.tgz#121f9ebc49e3766f311a76e1fa1c8003c4b03aa6" -minimatch@~0.2.11: - version "0.2.14" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-0.2.14.tgz#c74e780574f63c6f9a090e90efbe6ef53a6a756a" - dependencies: - lru-cache "2" - sigmund "~1.0.0" - -minimist@0.0.8: - version "0.0.8" - resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d" - -mkdirp@0.3.0: - version "0.3.0" - resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.3.0.tgz#1bbf5ab1ba827af23575143490426455f481fe1e" - -mkdirp@0.5.0: - version "0.5.0" - resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.0.tgz#1d73076a6df986cd9344e15e71fcc05a4c9abf12" - dependencies: - minimist "0.0.8" - -mocha@~2.3.4: - version "2.3.4" - resolved "https://registry.yarnpkg.com/mocha/-/mocha-2.3.4.tgz#8629a6fb044f2d225aa4b81a2ae2d001699eb266" - dependencies: - commander "2.3.0" - debug "2.2.0" - diff "1.4.0" - escape-string-regexp "1.0.2" - glob "3.2.3" - growl "1.8.1" - jade "0.26.3" - mkdirp "0.5.0" - supports-color "1.2.0" - -ms@0.7.1: - version "0.7.1" - resolved "https://registry.yarnpkg.com/ms/-/ms-0.7.1.tgz#9cd13c03adbff25b65effde7ce864ee952017098" - ms@2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" @@ -214,27 +108,6 @@ safe-buffer@~5.1.0, safe-buffer@~5.1.1: version "5.1.1" resolved "https://registry.yarnpkg.com/safe-buffer/-/safe-buffer-5.1.1.tgz#893312af69b2123def71f57889001671eeb2c853" -samsam@1.1.2: - version "1.1.2" - resolved "https://registry.yarnpkg.com/samsam/-/samsam-1.1.2.tgz#bec11fdc83a9fda063401210e40176c3024d1567" - -samsam@~1.1: - version "1.1.3" - resolved "https://registry.yarnpkg.com/samsam/-/samsam-1.1.3.tgz#9f5087419b4d091f232571e7fa52e90b0f552621" - -sigmund@~1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/sigmund/-/sigmund-1.0.1.tgz#3ff21f198cad2175f9f3b781853fd94d0d19b590" - -sinon@1.17.3: - version "1.17.3" - resolved "https://registry.yarnpkg.com/sinon/-/sinon-1.17.3.tgz#44d64bc748d023880046c1543cefcea34c47d17e" - dependencies: - formatio "1.1.1" - lolex "1.3.2" - samsam "1.1.2" - util ">=0.10.3 <1" - string_decoder@~1.0.3: version "1.0.3" resolved "https://registry.yarnpkg.com/string_decoder/-/string_decoder-1.0.3.tgz#0fc67d7c141825de94282dd536bec6b9bce860ab" @@ -256,16 +129,6 @@ superagent@3.5.2: qs "^6.1.0" readable-stream "^2.0.5" -supports-color@1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-1.2.0.tgz#ff1ed1e61169d06b3cf2d588e188b18d8847e17e" - util-deprecate@~1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" - -"util@>=0.10.3 <1": - version "0.10.3" - resolved "https://registry.yarnpkg.com/util/-/util-0.10.3.tgz#7afb1afe50805246489e3db7fe0ed379336ac0f9" - dependencies: - inherits "2.0.1" From 61c82a324ad552bb2f317f8b5a8f94ebcf9c11da Mon Sep 17 00:00:00 2001 From: arekkas Date: Wed, 25 Oct 2017 21:03:07 +0200 Subject: [PATCH 9/9] tests: resolve issue with postgresql connectivity --- .circleci/config.yml | 6 +++--- Gopkg.lock | 6 +++--- Gopkg.toml | 2 +- config/backend_sql_test.go | 25 +++++++++++++++++++++++-- integration/docker.go | 2 ++ integration/sql_schema_test.go | 12 ++++++------ 6 files changed, 38 insertions(+), 15 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9bde3a718bd..60f922087bc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -18,13 +18,13 @@ jobs: docker: - image: circleci/golang:1.9 environment: - - TEST_DATABASE_POSTGRES=postgres://test:test@localhost:5432/hydra?sslmode=disable + - TEST_DATABASE_POSTGRESQL=postgres://test:test@localhost:5432/hydra?sslmode=disable - TEST_DATABASE_MYSQL=root:test@(localhost:3306)/mysql?parseTime=true - image: postgres:9.5 environment: - POSTGRES_USER=test - POSTGRES_PASSWORD=test - - POSTGRES_DB=oathkeeper + - POSTGRES_DB=hydra - image: mysql:5.7 environment: - MYSQL_ROOT_PASSWORD=test @@ -35,8 +35,8 @@ jobs: - run: go get -u github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/ory/go-acc - run: dep ensure -vendor-only - run: go install github.com/ory/hydra - - run: go test -race -short $(go list ./... | grep -v cmd) - run: go-acc -o coverage.txt ./... + - run: go test -race -short $(go list ./... | grep -v cmd) - run: ./scripts/test-e2e.sh - run: goveralls -service=circle-ci -coverprofile=coverage.txt -repotoken=$COVERALLS_REPO_TOKEN diff --git a/Gopkg.lock b/Gopkg.lock index 9a382e49c41..67417f3a362 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -250,8 +250,8 @@ [[projects]] name = "github.com/ory/ladon" packages = [".","compiler","manager/memory","manager/sql"] - revision = "306b2e6adf322d429e72ace6be16818dda75f574" - version = "v0.8.2" + revision = "4223d97b7a16808bc1213cc641d529e764e67eea" + version = "v0.8.3" [[projects]] name = "github.com/pborman/uuid" @@ -430,6 +430,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "b7e038321a6b38112add68025b57fd952e9dd2f8687de5d4c945cb87641b0f8f" + inputs-digest = "bd4e4e49a90e5ae6c9c2eab26a2873ad73904748258fd27f09cf1a7d911dbfe6" solver-name = "gps-cdcl" solver-version = 1 diff --git a/Gopkg.toml b/Gopkg.toml index a3a2f97d161..35062c72746 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -87,7 +87,7 @@ [[constraint]] name = "github.com/ory/ladon" - version = "0.8.2" + version = "0.8.3" [[constraint]] name = "github.com/pborman/uuid" diff --git a/config/backend_sql_test.go b/config/backend_sql_test.go index 7e94366df5c..b795a310d96 100644 --- a/config/backend_sql_test.go +++ b/config/backend_sql_test.go @@ -1,6 +1,7 @@ package config import ( + "flag" "fmt" "log" "net/url" @@ -9,9 +10,9 @@ import ( "testing" "time" - "flag" - + _ "github.com/go-sql-driver/mysql" "github.com/jmoiron/sqlx" + _ "github.com/lib/pq" "github.com/ory/dockertest" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" @@ -125,6 +126,16 @@ func killAll() { } func bootstrapMySQL() *url.URL { + if uu := os.Getenv("TEST_DATABASE_MYSQL"); uu != "" { + log.Println("Found mysql test database config, skipping dockertest...") + _, err := sqlx.Open("postgres", uu) + if err != nil { + log.Fatalf("Could not connect to bootstrapped database: %s", err) + } + u, _ := url.Parse("mysql://" + uu) + return u + } + var db *sqlx.DB var err error var urls string @@ -160,6 +171,16 @@ func bootstrapMySQL() *url.URL { } func bootstrapPostgres() *url.URL { + if uu := os.Getenv("TEST_DATABASE_POSTGRESQL"); uu != "" { + log.Println("Found postgresql test database config, skipping dockertest...") + _, err := sqlx.Open("postgres", uu) + if err != nil { + log.Fatalf("Could not connect to bootstrapped database: %s", err) + } + u, _ := url.Parse(uu) + return u + } + var db *sqlx.DB var err error var urls string diff --git a/integration/docker.go b/integration/docker.go index ca57441de5d..3935355d01c 100644 --- a/integration/docker.go +++ b/integration/docker.go @@ -27,6 +27,7 @@ func KillAll() { func ConnectToMySQL() *sqlx.DB { if url := os.Getenv("TEST_DATABASE_MYSQL"); url != "" { + log.Println("Found mysql test database config, skipping dockertest...") db, err := sqlx.Open("mysql", url) if err != nil { log.Fatalf("Could not connect to bootstrapped database: %s", err) @@ -65,6 +66,7 @@ func ConnectToMySQL() *sqlx.DB { func ConnectToPostgres() *sqlx.DB { if url := os.Getenv("TEST_DATABASE_POSTGRESQL"); url != "" { + log.Println("Found postgresql test database config, skipping dockertest...") db, err := sqlx.Open("postgres", url) if err != nil { log.Fatalf("Could not connect to bootstrapped database: %s", err) diff --git a/integration/sql_schema_test.go b/integration/sql_schema_test.go index bf86b43cef3..5c782034850 100644 --- a/integration/sql_schema_test.go +++ b/integration/sql_schema_test.go @@ -34,7 +34,7 @@ func TestSQLSchema(t *testing.T) { crm := oauth2.NewConsentRequestSQLManager(db) pm := lsql.NewSQLManager(db, nil) - _, err := pm.CreateSchemas("", "hydra_ladon_migration") + _, err := pm.CreateSchemas("", "hydra_policy_migration") require.NoError(t, err) _, err = cm.CreateSchemas() require.NoError(t, err) @@ -47,13 +47,13 @@ func TestSQLSchema(t *testing.T) { _, err = crm.CreateSchemas() require.NoError(t, err) - require.NoError(t, jm.AddKey("foo", jwk.First(p1))) - require.NoError(t, pm.Create(&ladon.DefaultPolicy{ID: "foo"})) - require.NoError(t, cm.CreateClient(&client.Client{ID: "foo"})) - require.NoError(t, crm.PersistConsentRequest(&oauth2.ConsentRequest{ID: "foo"})) + require.NoError(t, jm.AddKey("integration-test-foo", jwk.First(p1))) + require.NoError(t, pm.Create(&ladon.DefaultPolicy{ID: "integration-test-foo", Resources: []string{"foo"}, Actions: []string{"bar"}, Subjects: []string{"baz"}, Effect: "allow"})) + require.NoError(t, cm.CreateClient(&client.Client{ID: "integration-test-foo"})) + require.NoError(t, crm.PersistConsentRequest(&oauth2.ConsentRequest{ID: "integration-test-foo"})) require.NoError(t, om.CreateAccessTokenSession(nil, "asdfasdf", r)) require.NoError(t, gm.CreateGroup(&group.Group{ - ID: "asdfas", + ID: "integration-test-asdfas", Members: []string{"asdf"}, })) }