🔥 0.1-beta2 (ory#90) 🔥

* cli: key is now sha256(secret) - closes ory#86 * client: creating clients with predefined credentials - closes ory#91 * client: always autogenerate secrets when using clients create * cli: CLI should have `-dry` option to show what the HTTP request looks like - closes ory#99 * cli: fix issue where tls certificate is regenerated on boot - closes ory#93 * cli: allow passing of tls certificates via env vars or files - closes ory#88 * oauth2: add offline scope for refresh tokens - closes ory#97 * jwk: support for x5c certificate chains - closes ory#92 * all: minor changes - closes ory#89
guoyu07 · Jun 14, 2016 · 8593699 · 8593699
1 parent 3ca01db
commit 8593699
Show file tree

Hide file tree

Showing 31 changed files with 514 additions and 149 deletions.
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -0,0 +1,15 @@
+engines:
+  govet:
+    enabled: true
+  golint:
+    enabled: false
+  gofmt:
+    enabled: true
+
+ratings:
+  paths:
+    - "**.go"
+
+
+exclude_paths:
+- vendor/
diff --git a/.travis.yml b/.travis.yml
@@ -27,5 +27,5 @@ script:
   - docker build -t hydra-travis-ci .
   - docker run -d hydra-travis-ci
   - $GOPATH/bin/hydra host --dangerous-auto-logon &
-  - sleep 2
+  - while ! echo exit | nc localhost 4444; do sleep 1; done
   - $GOPATH/bin/hydra token client --skip-tls-verify
diff --git a/README.md b/README.md
@@ -2,18 +2,21 @@
 
 [![Build Status](https://travis-ci.org/ory-am/hydra.svg?branch=master)](https://travis-ci.org/ory-am/hydra)
 [![Coverage Status](https://coveralls.io/repos/ory-am/hydra/badge.svg?branch=master&service=github)](https://coveralls.io/github/ory-am/hydra?branch=master)
+[![Code Climate](https://codeclimate.com/github/ory-am/hydra/badges/gpa.svg)](https://codeclimate.com/github/ory-am/hydra)
 [![Go Report Card](https://goreportcard.com/badge/github.com/ory-am/hydra)](https://goreportcard.com/report/github.com/ory-am/hydra)
 
 [![Join the chat at https://gitter.im/ory-am/hydra](https://img.shields.io/badge/join-chat-00cc99.svg)](https://gitter.im/ory-am/hydra?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 [![Join mailinglist](https://img.shields.io/badge/join-mailinglist-00cc99.svg)](https://groups.google.com/forum/#!forum/ory-hydra/new)
 [![Join newsletter](https://img.shields.io/badge/join-newsletter-00cc99.svg)](http://eepurl.com/bKT3N9)
+[![Follow newsletter](https://img.shields.io/badge/follow-twitter-00cc99.svg)](https://twitter.com/_aeneasr)
+[![Follow GitHub](https://img.shields.io/badge/follow-github-00cc99.svg)](https://github.com/arekkas)
 
-Hydra is being developed by german-based company [Ory](https://ory.am). Join our [newsletter](http://eepurl.com/bKT3N9) to stay on top of new developments.  
+Hydra is being developed by german-based company [Ory](https://ory.am). Join our [newsletter](http://eepurl.com/bKT3N9) to stay on top of new developments.
 We respond on [Google Groups](https://groups.google.com/forum/#!forum/ory-hydra/new) and [Gitter](https://gitter.im/ory-am/hydra). Our timezone is CET.
 
 Hydra uses the security first OAuth2 and OpenID Connect SDK [Fosite](https://github.com/ory-am/fosite) and [Ladon](https://github.com/ory-am/ladon) for policy-based access control.
 
-:fire: Don't want to worry about security updates, backups, migration and scaling? Do you need enterprise support? Become an managed Hydra early adopter! [Contact us now](mailto:[email protected]) for more information. :fire:
+:fire: Don't want to worry about security updates, backups, migration and scaling? Do you need enterprise support? [Contact us now](mailto:[email protected]) and be a early adopter. :fire:
 
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
@@ -230,7 +233,7 @@ WARNING: The SYSTEM_SECRET variable is not set. Defaulting to a blank string.
 rethinkdb uses an image, skipping
 Building hydra
 [...]
-$ SYSTEM_SECRET=passwordtutorialpasswordtutorial DOCKER_IP=$(docker-machine ip default) docker-compose up
+$ SYSTEM_SECRET=passwordtutorial DOCKER_IP=$(docker-machine ip default) docker-compose up
 Starting hydra_rethinkdb_1
 Recreating hydra_hydra_1
 Recreating hydra_consent_1
@@ -247,7 +250,7 @@ WARNING: The SYSTEM_SECRET variable is not set. Defaulting to a blank string.
 rethinkdb uses an image, skipping
 Building hydra
 [...]
-$ SYSTEM_SECRET=passwordtutorialpasswordtutorial DOCKER_IP=tutorialpassword docker-compose up
+$ SYSTEM_SECRET=passwordtutorial DOCKER_IP=localhost docker-compose up
 Starting hydra_rethinkdb_1
 Recreating hydra_hydra_1
 Recreating hydra_consent_1
@@ -368,6 +371,37 @@ DATABASE_URL=rethinkdb://localhost:28015/hydra go run main.go
 DATABASE_URL=rethinkdb://$(docker-machine ip default):28015/hydra go run main.go
 ```
 
+## FAQ
+
+
+
+### How can I validate tokens?
+
+Please use the Warden API (API Docs, Guide).
+
+### How can I import TLS certificates?
+
+You can import TLS certificates when running `hydra host`. This can be done by setting the following environment variables:
+
+**Read from file**
+- `HTTPS_TLS_CERT_PATH`: The path to the TLS certificate (pem encoded).
+- `HTTPS_TLS_KEY_PATH`: The path to the TLS private key (pem encoded).
+
+**Embedded**
+- `HTTPS_TLS_CERT`: A pem encoded TLS certificate passed as string. Can be used instead of TLS_CERT_PATH.
+- `HTTPS_TLS_KEY`: A pem encoded TLS key passed as string. Can be used instead of TLS_KEY_PATH.
+
+Or by specifying the following flags:
+
+```
+--https-tls-cert-path string   Path to the certificate file for HTTP/2 over TLS (https). You can set HTTPS_TLS_KEY_PATH or HTTPS_TLS_KEY instead.
+--https-tls-key-path string    Path to the key file for HTTP/2 over TLS (https). You can set HTTPS_TLS_KEY_PATH or HTTPS_TLS_KEY instead.
+```
+
+### I want to disable HTTPS for testing
+
+You can do so by running `hydra host --force-dangerous-http`.
+
 ## Hall of Fame
 
 A list of extraordinary contributors and [bug hunters](https://github.com/ory-am/hydra/issues/84).

diff --git a/client/manager_http.go b/client/manager_http.go
@@ -11,12 +11,14 @@ import (
 type HTTPManager struct {
 	Client   *http.Client
 	Endpoint *url.URL
+	Dry      bool
 }
 
 func (m *HTTPManager) GetClient(id string) (fosite.Client, error) {
 	var c fosite.DefaultClient
 	var r = pkg.NewSuperAgent(pkg.JoinURL(m.Endpoint, id).String())
 	r.Client = m.Client
+	r.Dry = m.Dry
 	if err := r.Get(&c); err != nil {
 		return nil, err
 	}
@@ -27,19 +29,22 @@ func (m *HTTPManager) GetClient(id string) (fosite.Client, error) {
 func (m *HTTPManager) CreateClient(c *fosite.DefaultClient) error {
 	var r = pkg.NewSuperAgent(m.Endpoint.String())
 	r.Client = m.Client
+	r.Dry = m.Dry
 	return r.Create(c)
 }
 
 func (m *HTTPManager) DeleteClient(id string) error {
 	var r = pkg.NewSuperAgent(pkg.JoinURL(m.Endpoint, id).String())
 	r.Client = m.Client
+	r.Dry = m.Dry
 	return r.Delete()
 }
 
 func (m *HTTPManager) GetClients() (map[string]*fosite.DefaultClient, error) {
 	cs := make(map[string]*fosite.DefaultClient)
 	var r = pkg.NewSuperAgent(m.Endpoint.String())
 	r.Client = m.Client
+	r.Dry = m.Dry
 	if err := r.Get(&cs); err != nil {
 		return nil, err
 	}

diff --git a/cmd/cli/handler.go b/cmd/cli/handler.go
@@ -15,7 +15,7 @@ func NewHandler(c *config.Config) *Handler {
 	return &Handler{
 		Clients:     newClientHandler(c),
 		Connections: newConnectionHandler(c),
-		Policies:    newPolicHandler(c),
+		Policies:    newPolicyHandler(c),
 		Keys:        newJWKHandler(c),
 	}
 }
diff --git a/cmd/cli/handler_client.go b/cmd/cli/handler_client.go
@@ -3,6 +3,9 @@ package cli
 import (
 	"fmt"
 
+	"encoding/json"
+	"os"
+
 	"github.com/ory-am/fosite"
 	"github.com/ory-am/hydra/client"
 	"github.com/ory-am/hydra/config"
@@ -22,9 +25,34 @@ func newClientHandler(c *config.Config) *ClientHandler {
 	}
 }
 
+func (h *ClientHandler) ImportClients(cmd *cobra.Command, args []string) {
+	h.M.Dry = *h.Config.Dry
+	if len(args) == 0 {
+		fmt.Print(cmd.UsageString())
+		return
+	}
+
+	for _, path := range args {
+		reader, err := os.Open(path)
+		pkg.Must(err, "Could not open file %s: %s", path, err)
+		var client fosite.DefaultClient
+		err = json.NewDecoder(reader).Decode(&client)
+		pkg.Must(err, "Could not parse JSON: %s", err)
+
+		err = h.M.CreateClient(&client)
+		if h.M.Dry {
+			fmt.Printf("%s\n", err)
+			continue
+		}
+		pkg.Must(err, "Could not create client: %s", err)
+		fmt.Printf("Imported client %s from %s.\n", client.ID, path)
+	}
+}
+
 func (h *ClientHandler) CreateClient(cmd *cobra.Command, args []string) {
 	var err error
 
+	h.M.Dry = *h.Config.Dry
 	h.M.Endpoint = h.Config.Resolve("/clients")
 	h.M.Client = h.Config.OAuth2Client(cmd)
 
@@ -34,13 +62,9 @@ func (h *ClientHandler) CreateClient(cmd *cobra.Command, args []string) {
 	callbacks, _ := cmd.Flags().GetStringSlice("callbacks")
 	name, _ := cmd.Flags().GetString("name")
 	id, _ := cmd.Flags().GetString("id")
-	secretFlag, _ := cmd.Flags().GetString("secret")
 
-	secret := []byte(secretFlag)
-	if secretFlag == "" {
-		secret, err = pkg.GenerateSecret(26)
-		pkg.Must(err, "Could not generate secret: %s", err)
-	}
+	secret, err := pkg.GenerateSecret(26)
+	pkg.Must(err, "Could not generate secret: %s", err)
 
 	client := &fosite.DefaultClient{
 		ID:            id,
@@ -52,13 +76,18 @@ func (h *ClientHandler) CreateClient(cmd *cobra.Command, args []string) {
 		Name:          name,
 	}
 	err = h.M.CreateClient(client)
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
 	pkg.Must(err, "Could not create client: %s", err)
 
 	fmt.Printf("Client ID: %s\n", client.ID)
 	fmt.Printf("Client Secret: %s\n", secret)
 }
 
 func (h *ClientHandler) DeleteClient(cmd *cobra.Command, args []string) {
+	h.M.Dry = *h.Config.Dry
 	h.M.Endpoint = h.Config.Resolve("/clients")
 	h.M.Client = h.Config.OAuth2Client(cmd)
 	if len(args) == 0 {
@@ -68,6 +97,10 @@ func (h *ClientHandler) DeleteClient(cmd *cobra.Command, args []string) {
 
 	for _, c := range args {
 		err := h.M.DeleteClient(c)
+		if h.M.Dry {
+			fmt.Printf("%s\n", err)
+			continue
+		}
 		pkg.Must(err, "Could not delete client: %s", err)
 	}
 

diff --git a/cmd/cli/handler_connection.go b/cmd/cli/handler_connection.go
@@ -23,6 +23,7 @@ func newConnectionHandler(c *config.Config) *ConnectionHandler {
 }
 
 func (h *ConnectionHandler) CreateConnection(cmd *cobra.Command, args []string) {
+	h.M.Dry = *h.Config.Dry
 	h.M.Client = h.Config.OAuth2Client(cmd)
 	h.M.Endpoint = h.Config.Resolve("/connections")
 	if len(args) != 3 {
@@ -36,10 +37,15 @@ func (h *ConnectionHandler) CreateConnection(cmd *cobra.Command, args []string)
 		LocalSubject:  args[1],
 		RemoteSubject: args[2],
 	})
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
 	pkg.Must(err, "Could not create connection: %s", err)
 }
 
 func (h *ConnectionHandler) DeleteConnection(cmd *cobra.Command, args []string) {
+	h.M.Dry = *h.Config.Dry
 	h.M.Client = h.Config.OAuth2Client(cmd)
 	h.M.Endpoint = h.Config.Resolve("/connections")
 	if len(args) == 0 {
@@ -49,6 +55,10 @@ func (h *ConnectionHandler) DeleteConnection(cmd *cobra.Command, args []string)
 
 	for _, arg := range args {
 		err := h.M.Delete(arg)
+		if h.M.Dry {
+			fmt.Printf("%s\n", err)
+			continue
+		}
 		pkg.Must(err, "Could not delete connection: %s", err)
 		fmt.Printf("Connection %s deleted.\n", arg)
 	}

diff --git a/cmd/cli/handler_jwk.go b/cmd/cli/handler_jwk.go
@@ -23,6 +23,7 @@ func newJWKHandler(c *config.Config) *JWKHandler {
 }
 
 func (h *JWKHandler) CreateKeys(cmd *cobra.Command, args []string) {
+	h.M.Dry = *h.Config.Dry
 	h.M.Endpoint = h.Config.Resolve("/keys")
 	h.M.Client = h.Config.OAuth2Client(cmd)
 	if len(args) == 0 {
@@ -32,6 +33,10 @@ func (h *JWKHandler) CreateKeys(cmd *cobra.Command, args []string) {
 
 	alg, _ := cmd.Flags().GetString("alg")
 	keys, err := h.M.CreateKeys(args[0], alg)
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
 	pkg.Must(err, "Could not generate keys: %s", err)
 
 	out, err := json.MarshalIndent(keys, "", "\t")
@@ -41,6 +46,7 @@ func (h *JWKHandler) CreateKeys(cmd *cobra.Command, args []string) {
 }
 
 func (h *JWKHandler) GetKeys(cmd *cobra.Command, args []string) {
+	h.M.Dry = *h.Config.Dry
 	h.M.Endpoint = h.Config.Resolve("/keys")
 	h.M.Client = h.Config.OAuth2Client(cmd)
 	if len(args) == 0 {
@@ -49,6 +55,10 @@ func (h *JWKHandler) GetKeys(cmd *cobra.Command, args []string) {
 	}
 
 	keys, err := h.M.GetKeySet(args[0])
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
 	pkg.Must(err, "Could not generate keys: %s", err)
 
 	out, err := json.MarshalIndent(keys, "", "\t")
@@ -66,6 +76,10 @@ func (h *JWKHandler) DeleteKeys(cmd *cobra.Command, args []string) {
 	}
 
 	err := h.M.DeleteKeySet(args[0])
+	if h.M.Dry {
+		fmt.Printf("%s\n", err)
+		return
+	}
 	pkg.Must(err, "Could not generate keys: %s", err)
 	fmt.Println("Key set deleted.")
 }