fix: memory store upgrade in resolvers
This commit is contained in:
Lakhan Samani
parent
43359f1dba
commit
268b22ffb2
|
|
@ -111,7 +111,6 @@ type Env {
|
|||
ALLOWED_ORIGINS: [String!]
|
||||
APP_URL: String
|
||||
REDIS_URL: String
|
||||
COOKIE_NAME: String
|
||||
RESET_PASSWORD_URL: String
|
||||
DISABLE_EMAIL_VERIFICATION: Boolean
|
||||
DISABLE_BASIC_AUTHENTICATION: Boolean
|
||||
|
|
@ -159,7 +158,6 @@ input UpdateEnvInput {
|
|||
ALLOWED_ORIGINS: [String!]
|
||||
APP_URL: String
|
||||
REDIS_URL: String
|
||||
COOKIE_NAME: String
|
||||
RESET_PASSWORD_URL: String
|
||||
DISABLE_EMAIL_VERIFICATION: Boolean
|
||||
DISABLE_BASIC_AUTHENTICATION: Boolean
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/env"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/oauth"
|
||||
"github.com/authorizerdev/authorizer/server/routes"
|
||||
|
|
@ -108,5 +107,5 @@ func main() {
|
|||
|
||||
router := routes.InitRouter(log)
|
||||
log.Info("Starting Authorizer: ", VERSION)
|
||||
router.Run(":" + envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyPort))
|
||||
router.Run(":" + memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyPort))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
||||
|
|
@ -24,7 +24,11 @@ func AdminLoginResolver(ctx context.Context, params model.AdminLoginInput) (*mod
|
|||
return res, err
|
||||
}
|
||||
|
||||
adminSecret := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
if err != nil {
|
||||
log.Debug("Error getting admin secret: ", err)
|
||||
return res, err
|
||||
}
|
||||
if params.AdminSecret != adminSecret {
|
||||
log.Debug("Admin secret is not correct")
|
||||
return res, fmt.Errorf(`invalid admin secret`)
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
|
@ -30,7 +30,12 @@ func AdminSessionResolver(ctx context.Context) (*model.Response, error) {
|
|||
return res, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
hashedKey, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
if err != nil {
|
||||
log.Debug("Error getting admin secret: ", err)
|
||||
return res, fmt.Errorf("unauthorized")
|
||||
}
|
||||
hashedKey, err := crypto.EncryptPassword(adminSecret)
|
||||
if err != nil {
|
||||
log.Debug("Failed to encrypt key: ", err)
|
||||
return res, err
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@ package resolvers
|
|||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
|
|
@ -12,8 +11,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
||||
|
|
@ -39,7 +38,11 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
|
|||
return res, err
|
||||
}
|
||||
|
||||
adminSecret := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
if err != nil {
|
||||
log.Debug("Error getting admin secret: ", err)
|
||||
adminSecret = ""
|
||||
}
|
||||
|
||||
if adminSecret != "" {
|
||||
log.Debug("Admin secret is already set")
|
||||
|
|
@ -47,18 +50,11 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
|
|||
return res, err
|
||||
}
|
||||
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyAdminSecret, params.AdminSecret)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.EnvKeyAdminSecret, params.AdminSecret)
|
||||
// consvert EnvData to JSON
|
||||
var storeData envstore.Store
|
||||
|
||||
jsonBytes, err := json.Marshal(envstore.EnvStoreObj.GetEnvStoreClone())
|
||||
storeData, err := memorystore.Provider.GetEnvStore()
|
||||
if err != nil {
|
||||
log.Debug("Failed to marshal envstore: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(jsonBytes, &storeData); err != nil {
|
||||
log.Debug("Failed to unmarshal envstore: ", err)
|
||||
log.Debug("Error getting env store: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ import (
|
|||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
|
@ -30,50 +30,57 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
|
|||
}
|
||||
|
||||
// get clone of store
|
||||
store := envstore.EnvStoreObj.GetEnvStoreClone()
|
||||
accessTokenExpiryTime := store.StringEnv[constants.EnvKeyAccessTokenExpiryTime]
|
||||
adminSecret := store.StringEnv[constants.EnvKeyAdminSecret]
|
||||
clientID := store.StringEnv[constants.EnvKeyClientID]
|
||||
clientSecret := store.StringEnv[constants.EnvKeyClientSecret]
|
||||
databaseURL := store.StringEnv[constants.EnvKeyDatabaseURL]
|
||||
databaseName := store.StringEnv[constants.EnvKeyDatabaseName]
|
||||
databaseType := store.StringEnv[constants.EnvKeyDatabaseType]
|
||||
databaseUsername := store.StringEnv[constants.EnvKeyDatabaseUsername]
|
||||
databasePassword := store.StringEnv[constants.EnvKeyDatabasePassword]
|
||||
databaseHost := store.StringEnv[constants.EnvKeyDatabaseHost]
|
||||
databasePort := store.StringEnv[constants.EnvKeyDatabasePort]
|
||||
customAccessTokenScript := store.StringEnv[constants.EnvKeyCustomAccessTokenScript]
|
||||
smtpHost := store.StringEnv[constants.EnvKeySmtpHost]
|
||||
smtpPort := store.StringEnv[constants.EnvKeySmtpPort]
|
||||
smtpUsername := store.StringEnv[constants.EnvKeySmtpUsername]
|
||||
smtpPassword := store.StringEnv[constants.EnvKeySmtpPassword]
|
||||
senderEmail := store.StringEnv[constants.EnvKeySenderEmail]
|
||||
jwtType := store.StringEnv[constants.EnvKeyJwtType]
|
||||
jwtSecret := store.StringEnv[constants.EnvKeyJwtSecret]
|
||||
jwtRoleClaim := store.StringEnv[constants.EnvKeyJwtRoleClaim]
|
||||
jwtPublicKey := store.StringEnv[constants.EnvKeyJwtPublicKey]
|
||||
jwtPrivateKey := store.StringEnv[constants.EnvKeyJwtPrivateKey]
|
||||
allowedOrigins := store.SliceEnv[constants.EnvKeyAllowedOrigins]
|
||||
appURL := store.StringEnv[constants.EnvKeyAppURL]
|
||||
redisURL := store.StringEnv[constants.EnvKeyRedisURL]
|
||||
cookieName := store.StringEnv[constants.EnvKeyCookieName]
|
||||
resetPasswordURL := store.StringEnv[constants.EnvKeyResetPasswordURL]
|
||||
disableEmailVerification := store.BoolEnv[constants.EnvKeyDisableEmailVerification]
|
||||
disableBasicAuthentication := store.BoolEnv[constants.EnvKeyDisableBasicAuthentication]
|
||||
disableMagicLinkLogin := store.BoolEnv[constants.EnvKeyDisableMagicLinkLogin]
|
||||
disableLoginPage := store.BoolEnv[constants.EnvKeyDisableLoginPage]
|
||||
disableSignUp := store.BoolEnv[constants.EnvKeyDisableSignUp]
|
||||
roles := store.SliceEnv[constants.EnvKeyRoles]
|
||||
defaultRoles := store.SliceEnv[constants.EnvKeyDefaultRoles]
|
||||
protectedRoles := store.SliceEnv[constants.EnvKeyProtectedRoles]
|
||||
googleClientID := store.StringEnv[constants.EnvKeyGoogleClientID]
|
||||
googleClientSecret := store.StringEnv[constants.EnvKeyGoogleClientSecret]
|
||||
facebookClientID := store.StringEnv[constants.EnvKeyFacebookClientID]
|
||||
facebookClientSecret := store.StringEnv[constants.EnvKeyFacebookClientSecret]
|
||||
githubClientID := store.StringEnv[constants.EnvKeyGithubClientID]
|
||||
githubClientSecret := store.StringEnv[constants.EnvKeyGithubClientSecret]
|
||||
organizationName := store.StringEnv[constants.EnvKeyOrganizationName]
|
||||
organizationLogo := store.StringEnv[constants.EnvKeyOrganizationLogo]
|
||||
store, err := memorystore.Provider.GetEnvStore()
|
||||
if err != nil {
|
||||
log.Debug("Failed to get env store: ", err)
|
||||
return res, err
|
||||
}
|
||||
accessTokenExpiryTime := store[constants.EnvKeyAccessTokenExpiryTime].(string)
|
||||
adminSecret := store[constants.EnvKeyAdminSecret].(string)
|
||||
clientID := store[constants.EnvKeyClientID].(string)
|
||||
clientSecret := store[constants.EnvKeyClientSecret].(string)
|
||||
databaseURL := store[constants.EnvKeyDatabaseURL].(string)
|
||||
databaseName := store[constants.EnvKeyDatabaseName].(string)
|
||||
databaseType := store[constants.EnvKeyDatabaseType].(string)
|
||||
databaseUsername := store[constants.EnvKeyDatabaseUsername].(string)
|
||||
databasePassword := store[constants.EnvKeyDatabasePassword].(string)
|
||||
databaseHost := store[constants.EnvKeyDatabaseHost].(string)
|
||||
databasePort := store[constants.EnvKeyDatabasePort].(string)
|
||||
customAccessTokenScript := store[constants.EnvKeyCustomAccessTokenScript].(string)
|
||||
smtpHost := store[constants.EnvKeySmtpHost].(string)
|
||||
smtpPort := store[constants.EnvKeySmtpPort].(string)
|
||||
smtpUsername := store[constants.EnvKeySmtpUsername].(string)
|
||||
smtpPassword := store[constants.EnvKeySmtpPassword].(string)
|
||||
senderEmail := store[constants.EnvKeySenderEmail].(string)
|
||||
jwtType := store[constants.EnvKeyJwtType].(string)
|
||||
jwtSecret := store[constants.EnvKeyJwtSecret].(string)
|
||||
jwtRoleClaim := store[constants.EnvKeyJwtRoleClaim].(string)
|
||||
jwtPublicKey := store[constants.EnvKeyJwtPublicKey].(string)
|
||||
jwtPrivateKey := store[constants.EnvKeyJwtPrivateKey].(string)
|
||||
appURL := store[constants.EnvKeyAppURL].(string)
|
||||
redisURL := store[constants.EnvKeyRedisURL].(string)
|
||||
resetPasswordURL := store[constants.EnvKeyResetPasswordURL].(string)
|
||||
googleClientID := store[constants.EnvKeyGoogleClientID].(string)
|
||||
googleClientSecret := store[constants.EnvKeyGoogleClientSecret].(string)
|
||||
facebookClientID := store[constants.EnvKeyFacebookClientID].(string)
|
||||
facebookClientSecret := store[constants.EnvKeyFacebookClientSecret].(string)
|
||||
githubClientID := store[constants.EnvKeyGithubClientID].(string)
|
||||
githubClientSecret := store[constants.EnvKeyGithubClientSecret].(string)
|
||||
organizationName := store[constants.EnvKeyOrganizationName].(string)
|
||||
organizationLogo := store[constants.EnvKeyOrganizationLogo].(string)
|
||||
|
||||
// string slice vars
|
||||
allowedOrigins := utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyAllowedOrigins])
|
||||
roles := utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyRoles])
|
||||
defaultRoles := utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyDefaultRoles])
|
||||
protectedRoles := utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyProtectedRoles])
|
||||
|
||||
// bool vars
|
||||
disableEmailVerification := store[constants.EnvKeyDisableEmailVerification].(bool)
|
||||
disableBasicAuthentication := store[constants.EnvKeyDisableBasicAuthentication].(bool)
|
||||
disableMagicLinkLogin := store[constants.EnvKeyDisableMagicLinkLogin].(bool)
|
||||
disableLoginPage := store[constants.EnvKeyDisableLoginPage].(bool)
|
||||
disableSignUp := store[constants.EnvKeyDisableSignUp].(bool)
|
||||
|
||||
if accessTokenExpiryTime == "" {
|
||||
accessTokenExpiryTime = "30m"
|
||||
|
|
@ -105,7 +112,6 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
|
|||
AllowedOrigins: allowedOrigins,
|
||||
AppURL: &appURL,
|
||||
RedisURL: &redisURL,
|
||||
CookieName: &cookieName,
|
||||
ResetPasswordURL: &resetPasswordURL,
|
||||
DisableEmailVerification: &disableEmailVerification,
|
||||
DisableBasicAuthentication: &disableBasicAuthentication,
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/email"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
|
@ -28,7 +28,12 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
|
|||
return res, err
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
|
||||
isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("Error getting basic auth disabled: ", err)
|
||||
isBasicAuthDisabled = true
|
||||
}
|
||||
if isBasicAuthDisabled {
|
||||
log.Debug("Basic authentication is disabled")
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
|
@ -26,7 +26,11 @@ func GenerateJWTKeysResolver(ctx context.Context, params model.GenerateJWTKeysIn
|
|||
return nil, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
clientID := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID)
|
||||
clientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID)
|
||||
if err != nil {
|
||||
log.Debug("Error getting client id: ", err)
|
||||
return nil, err
|
||||
}
|
||||
if crypto.IsHMACA(params.Type) {
|
||||
secret, _, err := crypto.NewHMACKey(params.Type, clientID)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
emailservice "github.com/authorizerdev/authorizer/server/email"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
|
@ -33,12 +33,20 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
|
|||
}
|
||||
|
||||
// this feature is only allowed if email server is configured
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
|
||||
isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
|
||||
if err != nil {
|
||||
log.Debug("Error getting email verification disabled: ", err)
|
||||
isEmailVerificationDisabled = true
|
||||
}
|
||||
|
||||
if isEmailVerificationDisabled {
|
||||
log.Debug("Email server is not configured")
|
||||
return nil, errors.New("email sending is disabled")
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) && envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
|
||||
isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
|
||||
isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
|
||||
if isBasicAuthDisabled && isMagicLinkLoginDisabled {
|
||||
log.Debug("Basic authentication and Magic link login is disabled.")
|
||||
return nil, errors.New("either basic authentication or magic link login is required")
|
||||
}
|
||||
|
|
@ -77,9 +85,13 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
|
|||
// invite new emails
|
||||
for _, email := range newEmails {
|
||||
|
||||
defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting default roles: ", err)
|
||||
}
|
||||
user := models.User{
|
||||
Email: email,
|
||||
Roles: strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ","),
|
||||
Roles: strings.Join(defaultRoles, ","),
|
||||
}
|
||||
hostname := utils.GetHost(gc)
|
||||
verifyEmailURL := hostname + "/verify_email"
|
||||
|
|
@ -109,7 +121,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
|
|||
}
|
||||
|
||||
// use magic link login if that option is on
|
||||
if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
|
||||
if !isMagicLinkLoginDisabled {
|
||||
user.SignupMethods = constants.SignupMethodMagicLinkLogin
|
||||
verificationRequest.Identifier = constants.VerificationTypeMagicLinkLogin
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
|
|
@ -30,7 +29,13 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
|
|||
return res, err
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
|
||||
isBasiAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("Error getting basic auth disabled: ", err)
|
||||
isBasiAuthDisabled = true
|
||||
}
|
||||
|
||||
if isBasiAuthDisabled {
|
||||
log.Debug("Basic authentication is disabled.")
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
|
|
@ -66,7 +71,11 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
|
|||
log.Debug("Failed to compare password: ", err)
|
||||
return res, fmt.Errorf(`invalid password`)
|
||||
}
|
||||
roles := envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
|
||||
roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting default roles: ", err)
|
||||
}
|
||||
currentRoles := strings.Split(user.Roles, ",")
|
||||
if len(params.Roles) > 0 {
|
||||
if !utils.IsValidRoles(params.Roles, currentRoles) {
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/email"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
|
@ -28,7 +28,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
return res, err
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
|
||||
isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
|
||||
if err != nil {
|
||||
log.Debug("Error getting magic link login disabled: ", err)
|
||||
isMagicLinkLoginDisabled = true
|
||||
}
|
||||
|
||||
if isMagicLinkLoginDisabled {
|
||||
log.Debug("Magic link login is disabled.")
|
||||
return res, fmt.Errorf(`magic link login is disabled for this instance`)
|
||||
}
|
||||
|
|
@ -53,7 +59,11 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
// find user with email
|
||||
existingUser, err := db.Provider.GetUserByEmail(params.Email)
|
||||
if err != nil {
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
|
||||
isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
|
||||
if err != nil {
|
||||
log.Debug("Error getting signup disabled: ", err)
|
||||
}
|
||||
if isSignupDisabled {
|
||||
log.Debug("Signup is disabled.")
|
||||
return res, fmt.Errorf(`signup is disabled for this instance`)
|
||||
}
|
||||
|
|
@ -62,14 +72,24 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
// define roles for new user
|
||||
if len(params.Roles) > 0 {
|
||||
// check if roles exists
|
||||
if !utils.IsValidRoles(params.Roles, envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles)) {
|
||||
roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting roles: ", err)
|
||||
return res, err
|
||||
}
|
||||
if !utils.IsValidRoles(params.Roles, roles) {
|
||||
log.Debug("Invalid roles: ", params.Roles)
|
||||
return res, fmt.Errorf(`invalid roles`)
|
||||
} else {
|
||||
inputRoles = params.Roles
|
||||
}
|
||||
} else {
|
||||
inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting default roles: ", err)
|
||||
return res, fmt.Errorf(`invalid roles`)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
user.Roles = strings.Join(inputRoles, ",")
|
||||
|
|
@ -88,7 +108,11 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
|
||||
// find the unassigned roles
|
||||
if len(params.Roles) <= 0 {
|
||||
inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting default roles: ", err)
|
||||
return res, fmt.Errorf(`invalid default roles`)
|
||||
}
|
||||
}
|
||||
existingRoles := strings.Split(existingUser.Roles, ",")
|
||||
unasignedRoles := []string{}
|
||||
|
|
@ -101,8 +125,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
if len(unasignedRoles) > 0 {
|
||||
// check if it contains protected unassigned role
|
||||
hasProtectedRole := false
|
||||
protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting protected roles: ", err)
|
||||
return res, err
|
||||
}
|
||||
for _, ur := range unasignedRoles {
|
||||
if utils.StringSliceContains(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles), ur) {
|
||||
if utils.StringSliceContains(protectedRoles, ur) {
|
||||
hasProtectedRole = true
|
||||
}
|
||||
}
|
||||
|
|
@ -130,7 +159,12 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
}
|
||||
|
||||
hostname := utils.GetHost(gc)
|
||||
if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
|
||||
isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
|
||||
if err != nil {
|
||||
log.Debug("Error getting email verification disabled: ", err)
|
||||
isEmailVerificationDisabled = true
|
||||
}
|
||||
if !isEmailVerificationDisabled {
|
||||
// insert verification request
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
|
@ -26,7 +26,13 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
|
|||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
|
||||
|
||||
isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("Error getting basic auth disabled: ", err)
|
||||
isBasicAuthDisabled = true
|
||||
}
|
||||
if isBasicAuthDisabled {
|
||||
log.Debug("Basic authentication is disabled")
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/email"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
|
|
@ -31,12 +30,23 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
return res, err
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
|
||||
isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
|
||||
if err != nil {
|
||||
log.Debug("Error getting signup disabled: ", err)
|
||||
isSignupDisabled = true
|
||||
}
|
||||
if isSignupDisabled {
|
||||
log.Debug("Signup is disabled")
|
||||
return res, fmt.Errorf(`signup is disabled for this instance`)
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
|
||||
isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
|
||||
if err != nil {
|
||||
log.Debug("Error getting basic auth disabled: ", err)
|
||||
isBasicAuthDisabled = true
|
||||
}
|
||||
|
||||
if isBasicAuthDisabled {
|
||||
log.Debug("Basic authentication is disabled")
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
|
|
@ -80,14 +90,23 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
|
||||
if len(params.Roles) > 0 {
|
||||
// check if roles exists
|
||||
if !utils.IsValidRoles(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), params.Roles) {
|
||||
roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting roles: ", err)
|
||||
return res, err
|
||||
}
|
||||
if !utils.IsValidRoles(roles, params.Roles) {
|
||||
log.Debug("Invalid roles: ", params.Roles)
|
||||
return res, fmt.Errorf(`invalid roles`)
|
||||
} else {
|
||||
inputRoles = params.Roles
|
||||
}
|
||||
} else {
|
||||
inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting default roles: ", err)
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
user := models.User{
|
||||
|
|
@ -132,7 +151,12 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
}
|
||||
|
||||
user.SignupMethods = constants.SignupMethodBasicAuth
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
|
||||
isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
|
||||
if err != nil {
|
||||
log.Debug("Error getting email verification disabled: ", err)
|
||||
isEmailVerificationDisabled = true
|
||||
}
|
||||
if isEmailVerificationDisabled {
|
||||
now := time.Now().Unix()
|
||||
user.EmailVerifiedAt = &now
|
||||
}
|
||||
|
|
@ -145,7 +169,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
userToReturn := user.AsAPIUser()
|
||||
|
||||
hostname := utils.GetHost(gc)
|
||||
if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
|
||||
if !isEmailVerificationDisabled {
|
||||
// insert verification request
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/oauth"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
|
|
@ -36,10 +36,14 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
return res, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
updatedData := envstore.EnvStoreObj.GetEnvStoreClone()
|
||||
updatedData, err := memorystore.Provider.GetEnvStore()
|
||||
if err != nil {
|
||||
log.Debug("Failed to get env store: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
isJWTUpdated := false
|
||||
algo := updatedData.StringEnv[constants.EnvKeyJwtType]
|
||||
algo := updatedData[constants.EnvKeyJwtType].(string)
|
||||
if params.JwtType != nil {
|
||||
algo = *params.JwtType
|
||||
if !crypto.IsHMACA(algo) && !crypto.IsECDSA(algo) && !crypto.IsRSA(algo) {
|
||||
|
|
@ -47,7 +51,7 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
return res, fmt.Errorf("invalid jwt type")
|
||||
}
|
||||
|
||||
updatedData.StringEnv[constants.EnvKeyJwtType] = algo
|
||||
updatedData[constants.EnvKeyJwtType] = algo
|
||||
isJWTUpdated = true
|
||||
}
|
||||
|
||||
|
|
@ -135,8 +139,12 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
log.Debug("Old admin secret is required for admin secret update")
|
||||
return res, errors.New("admin secret and old admin secret are required for secret change")
|
||||
}
|
||||
|
||||
if *params.OldAdminSecret != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret) {
|
||||
oldAdminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get old admin secret: ", err)
|
||||
return res, err
|
||||
}
|
||||
if *params.OldAdminSecret != oldAdminSecret {
|
||||
log.Debug("Old admin secret is invalid")
|
||||
return res, errors.New("old admin secret is not correct")
|
||||
}
|
||||
|
|
@ -154,31 +162,31 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
fieldType := reflect.TypeOf(value).String()
|
||||
|
||||
if fieldType == "string" {
|
||||
updatedData.StringEnv[key] = value.(string)
|
||||
updatedData[key] = value.(string)
|
||||
}
|
||||
|
||||
if fieldType == "bool" {
|
||||
updatedData.BoolEnv[key] = value.(bool)
|
||||
updatedData[key] = value.(bool)
|
||||
}
|
||||
if fieldType == "[]interface {}" {
|
||||
stringArr := []string{}
|
||||
for _, v := range value.([]interface{}) {
|
||||
stringArr = append(stringArr, v.(string))
|
||||
}
|
||||
updatedData.SliceEnv[key] = stringArr
|
||||
updatedData[key] = stringArr
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// handle derivative cases like disabling email verification & magic login
|
||||
// in case SMTP is off but env is set to true
|
||||
if updatedData.StringEnv[constants.EnvKeySmtpHost] == "" || updatedData.StringEnv[constants.EnvKeySmtpUsername] == "" || updatedData.StringEnv[constants.EnvKeySmtpPassword] == "" || updatedData.StringEnv[constants.EnvKeySenderEmail] == "" && updatedData.StringEnv[constants.EnvKeySmtpPort] == "" {
|
||||
if !updatedData.BoolEnv[constants.EnvKeyDisableEmailVerification] {
|
||||
updatedData.BoolEnv[constants.EnvKeyDisableEmailVerification] = true
|
||||
if updatedData[constants.EnvKeySmtpHost] == "" || updatedData[constants.EnvKeySmtpUsername] == "" || updatedData[constants.EnvKeySmtpPassword] == "" || updatedData[constants.EnvKeySenderEmail] == "" && updatedData[constants.EnvKeySmtpPort] == "" {
|
||||
if !updatedData[constants.EnvKeyDisableEmailVerification].(bool) {
|
||||
updatedData[constants.EnvKeyDisableEmailVerification] = true
|
||||
}
|
||||
|
||||
if !updatedData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] {
|
||||
updatedData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true
|
||||
if !updatedData[constants.EnvKeyDisableMagicLinkLogin].(bool) {
|
||||
updatedData[constants.EnvKeyDisableMagicLinkLogin] = true
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -205,14 +213,18 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
}
|
||||
|
||||
// Update local store
|
||||
envstore.EnvStoreObj.UpdateEnvStore(updatedData)
|
||||
memorystore.Provider.UpdateEnvStore(updatedData)
|
||||
jwk, err := crypto.GenerateJWKBasedOnEnv()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate JWK: ", err)
|
||||
return res, err
|
||||
}
|
||||
// updating jwk
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJWK, jwk)
|
||||
err = memorystore.Provider.UpdateEnvVariable(constants.EnvKeyJWK, jwk)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update JWK: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// TODO check how to update session store based on env change.
|
||||
// err = sessionstore.InitSession()
|
||||
|
|
@ -233,7 +245,12 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
}
|
||||
|
||||
if params.AdminSecret != nil {
|
||||
hashedKey, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get admin secret: ", err)
|
||||
return res, err
|
||||
}
|
||||
hashedKey, err := crypto.EncryptPassword(adminSecret)
|
||||
if err != nil {
|
||||
log.Debug("Failed to encrypt admin secret: ", err)
|
||||
return res, err
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/email"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
|
|
@ -145,7 +144,12 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
|||
go cookie.DeleteSession(gc)
|
||||
|
||||
user.Email = newEmail
|
||||
if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
|
||||
isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get disable email verification env variable: ", err)
|
||||
return res, err
|
||||
}
|
||||
if !isEmailVerificationDisabled {
|
||||
hostname := utils.GetHost(gc)
|
||||
user.EmailVerifiedAt = nil
|
||||
hasEmailChanged = true
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/email"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
|
|
@ -155,7 +154,16 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
inputRoles = append(inputRoles, *item)
|
||||
}
|
||||
|
||||
if !utils.IsValidRoles(inputRoles, append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...)) {
|
||||
roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting roles: ", err)
|
||||
}
|
||||
protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
|
||||
if err != nil {
|
||||
log.Debug("Error getting protected roles: ", err)
|
||||
}
|
||||
|
||||
if !utils.IsValidRoles(inputRoles, append([]string{}, append(roles, protectedRoles...)...)) {
|
||||
log.Debug("Invalid roles: ", params.Roles)
|
||||
return res, fmt.Errorf("invalid list of roles")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -21,7 +21,7 @@ func adminLoginTests(t *testing.T, s TestSetup) {
|
|||
assert.NotNil(t, err)
|
||||
|
||||
_, err = resolvers.AdminLoginResolver(ctx, model.AdminLoginInput{
|
||||
AdminSecret: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret),
|
||||
AdminSecret: memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret),
|
||||
})
|
||||
|
||||
assert.Nil(t, err)
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -18,9 +18,9 @@ func adminLogoutTests(t *testing.T, s TestSetup) {
|
|||
_, err := resolvers.AdminLogoutResolver(ctx)
|
||||
assert.NotNil(t, err)
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
_, err = resolvers.AdminLogoutResolver(ctx)
|
||||
|
||||
assert.Nil(t, err)
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -18,9 +18,9 @@ func adminSessionTests(t *testing.T, s TestSetup) {
|
|||
_, err := resolvers.AdminSessionResolver(ctx)
|
||||
assert.NotNil(t, err)
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
_, err = resolvers.AdminSessionResolver(ctx)
|
||||
|
||||
assert.Nil(t, err)
|
||||
|
|
|
|||
|
|
@ -4,8 +4,8 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -20,7 +20,7 @@ func adminSignupTests(t *testing.T, s TestSetup) {
|
|||
|
||||
assert.NotNil(t, err)
|
||||
// reset env for test to pass
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyAdminSecret, "")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyAdminSecret, "")
|
||||
|
||||
_, err = resolvers.AdminSignupResolver(ctx, model.AdminSignupInput{
|
||||
AdminSecret: "admin123",
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -28,9 +28,9 @@ func deleteUserTest(t *testing.T, s TestSetup) {
|
|||
})
|
||||
assert.NotNil(t, err, "unauthorized")
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
|
||||
_, err = resolvers.DeleteUserResolver(ctx, model.DeleteUserInput{
|
||||
Email: email,
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -29,9 +29,9 @@ func enableAccessTest(t *testing.T, s TestSetup) {
|
|||
assert.NoError(t, err)
|
||||
assert.NotNil(t, verifyRes.AccessToken)
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
|
||||
res, err := resolvers.RevokeAccessResolver(ctx, model.UpdateAccessInput{
|
||||
UserID: verifyRes.User.ID,
|
||||
|
|
|
|||
|
|
@ -5,14 +5,14 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/env"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestEnvs(t *testing.T) {
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnvPath, "../../.env.sample")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnvPath, "../../.env.sample")
|
||||
env.InitAllEnv()
|
||||
store := envstore.EnvStoreObj.GetEnvStoreClone()
|
||||
store := memorystore.Provider.GetEnvStoreClone()
|
||||
|
||||
assert.Equal(t, store.StringEnv[constants.EnvKeyEnv], "production")
|
||||
assert.False(t, store.BoolEnv[constants.EnvKeyDisableEmailVerification])
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -18,12 +18,12 @@ func envTests(t *testing.T, s TestSetup) {
|
|||
_, err := resolvers.EnvResolver(ctx)
|
||||
assert.NotNil(t, err)
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
res, err := resolvers.EnvResolver(ctx)
|
||||
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, *res.AdminSecret, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Equal(t, *res.AdminSecret, memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -30,9 +30,9 @@ func generateJWTkeyTest(t *testing.T, s TestSetup) {
|
|||
assert.Error(t, err)
|
||||
assert.Nil(t, res)
|
||||
})
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
t.Run(`should generate HS256 secret`, func(t *testing.T) {
|
||||
res, err := resolvers.GenerateJWTKeysResolver(ctx, model.GenerateJWTKeysInput{
|
||||
Type: "HS256",
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -26,9 +26,9 @@ func inviteUserTest(t *testing.T, s TestSetup) {
|
|||
assert.Error(t, err)
|
||||
assert.Nil(t, res)
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
|
||||
// invalid emails test
|
||||
invalidEmailsTest := []string{
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/token"
|
||||
"github.com/golang-jwt/jwt"
|
||||
"github.com/google/uuid"
|
||||
|
|
@ -15,10 +15,10 @@ import (
|
|||
|
||||
func TestJwt(t *testing.T) {
|
||||
// persist older data till test is done and then reset it
|
||||
jwtType := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
publicKey := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)
|
||||
privateKey := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)
|
||||
clientID := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID)
|
||||
jwtType := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
publicKey := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey)
|
||||
privateKey := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey)
|
||||
clientID := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID)
|
||||
nonce := uuid.New().String()
|
||||
hostname := "localhost"
|
||||
subject := "test"
|
||||
|
|
@ -33,14 +33,14 @@ func TestJwt(t *testing.T) {
|
|||
}
|
||||
|
||||
t.Run("invalid jwt type", func(t *testing.T) {
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "invalid")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "invalid")
|
||||
token, err := token.SignJWTToken(claims)
|
||||
assert.Error(t, err, "unsupported signing method")
|
||||
assert.Empty(t, token)
|
||||
})
|
||||
t.Run("expired jwt token", func(t *testing.T) {
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS256")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtSecret, "test")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS256")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtSecret, "test")
|
||||
expiredClaims := jwt.MapClaims{
|
||||
"exp": time.Now().Add(-time.Minute * 30).Unix(),
|
||||
"iat": time.Now().Unix(),
|
||||
|
|
@ -52,9 +52,9 @@ func TestJwt(t *testing.T) {
|
|||
assert.Error(t, err, err.Error(), "Token is expired")
|
||||
})
|
||||
t.Run("HMAC algorithms", func(t *testing.T) {
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtSecret, "test")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtSecret, "test")
|
||||
t.Run("HS256", func(t *testing.T) {
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS256")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS256")
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -63,7 +63,7 @@ func TestJwt(t *testing.T) {
|
|||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
})
|
||||
t.Run("HS384", func(t *testing.T) {
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS384")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS384")
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -72,7 +72,7 @@ func TestJwt(t *testing.T) {
|
|||
assert.Equal(t, c["email"].(string), claims["email"])
|
||||
})
|
||||
t.Run("HS512", func(t *testing.T) {
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS512")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "HS512")
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -86,9 +86,9 @@ func TestJwt(t *testing.T) {
|
|||
t.Run("RS256", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewRSAKey("RS256", clientID)
|
||||
assert.NoError(t, err)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS256")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS256")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -99,9 +99,9 @@ func TestJwt(t *testing.T) {
|
|||
t.Run("RS384", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewRSAKey("RS384", clientID)
|
||||
assert.NoError(t, err)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS384")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS384")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -112,9 +112,9 @@ func TestJwt(t *testing.T) {
|
|||
t.Run("RS512", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewRSAKey("RS512", clientID)
|
||||
assert.NoError(t, err)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS512")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "RS512")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -128,9 +128,9 @@ func TestJwt(t *testing.T) {
|
|||
t.Run("ES256", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewECDSAKey("ES256", clientID)
|
||||
assert.NoError(t, err)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES256")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES256")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -141,9 +141,9 @@ func TestJwt(t *testing.T) {
|
|||
t.Run("ES384", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewECDSAKey("ES384", clientID)
|
||||
assert.NoError(t, err)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES384")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES384")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -154,9 +154,9 @@ func TestJwt(t *testing.T) {
|
|||
t.Run("ES512", func(t *testing.T) {
|
||||
_, privateKey, publickKey, _, err := crypto.NewECDSAKey("ES512", clientID)
|
||||
assert.NoError(t, err)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES512")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, "ES512")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publickKey)
|
||||
jwtToken, err := token.SignJWTToken(claims)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, jwtToken)
|
||||
|
|
@ -166,7 +166,7 @@ func TestJwt(t *testing.T) {
|
|||
})
|
||||
})
|
||||
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, jwtType)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publicKey)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtType, jwtType)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPublicKey, publicKey)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJwtPrivateKey, privateKey)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
|
@ -15,7 +15,7 @@ import (
|
|||
func loginTests(t *testing.T, s TestSetup) {
|
||||
t.Helper()
|
||||
t.Run(`should login`, func(t *testing.T) {
|
||||
t.Logf("=> is enabled: %v", envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification))
|
||||
t.Logf("=> is enabled: %v", memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification))
|
||||
_, ctx := createContext(s)
|
||||
email := "login." + s.TestInfo.Email
|
||||
_, err := resolvers.SignupResolver(ctx, model.SignUpInput{
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
|
|
@ -34,7 +33,7 @@ func logoutTests(t *testing.T, s TestSetup) {
|
|||
// set all they keys in cookie one of them should be session cookie
|
||||
for key := range sessions {
|
||||
if key != token {
|
||||
cookie += fmt.Sprintf("%s=%s;", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", key)
|
||||
cookie += fmt.Sprintf("%s=%s;", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", key)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -17,13 +17,13 @@ func magicLinkLoginTests(t *testing.T, s TestSetup) {
|
|||
t.Run(`should login with magic link`, func(t *testing.T) {
|
||||
req, ctx := createContext(s)
|
||||
email := "magic_link_login." + s.TestInfo.Email
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, true)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, true)
|
||||
_, err := resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
|
||||
Email: email,
|
||||
})
|
||||
assert.NotNil(t, err, "signup disabled")
|
||||
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, false)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, false)
|
||||
_, err = resolvers.MagicLinkLoginResolver(ctx, model.MagicLinkLoginInput{
|
||||
Email: email,
|
||||
})
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/env"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
)
|
||||
|
||||
func TestResolvers(t *testing.T) {
|
||||
|
|
@ -19,8 +19,8 @@ func TestResolvers(t *testing.T) {
|
|||
|
||||
for dbType, dbURL := range databases {
|
||||
s := testSetup()
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseURL, dbURL)
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseType, dbType)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseURL, dbURL)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyDatabaseType, dbType)
|
||||
defer s.Server.Close()
|
||||
err := db.InitDB()
|
||||
if err != nil {
|
||||
|
|
@ -35,8 +35,8 @@ func TestResolvers(t *testing.T) {
|
|||
}
|
||||
env.PersistEnv()
|
||||
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnv, "test")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyIsProd, false)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnv, "test")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyIsProd, false)
|
||||
t.Run("should pass tests for "+dbType, func(t *testing.T) {
|
||||
// admin tests
|
||||
adminSignupTests(t, s)
|
||||
|
|
|
|||
|
|
@ -7,8 +7,8 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -34,9 +34,9 @@ func revokeAccessTest(t *testing.T, s TestSetup) {
|
|||
})
|
||||
assert.Error(t, err)
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
|
||||
res, err = resolvers.RevokeAccessResolver(ctx, model.UpdateAccessInput{
|
||||
UserID: verifyRes.User.ID,
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
|
|
@ -40,7 +39,7 @@ func sessionTests(t *testing.T, s TestSetup) {
|
|||
// set all they keys in cookie one of them should be session cookie
|
||||
for key := range sessions {
|
||||
if key != token {
|
||||
cookie += fmt.Sprintf("%s=%s;", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", key)
|
||||
cookie += fmt.Sprintf("%s=%s;", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyCookieName)+"_session", key)
|
||||
}
|
||||
}
|
||||
cookie = strings.TrimSuffix(cookie, ";")
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -30,7 +30,7 @@ func signupTests(t *testing.T, s TestSetup) {
|
|||
})
|
||||
assert.NotNil(t, err, "invalid password")
|
||||
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, true)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, true)
|
||||
res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
|
||||
Email: email,
|
||||
Password: s.TestInfo.Password,
|
||||
|
|
@ -38,7 +38,7 @@ func signupTests(t *testing.T, s TestSetup) {
|
|||
})
|
||||
assert.NotNil(t, err, "singup disabled")
|
||||
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, false)
|
||||
memorystore.Provider.UpdateEnvVariable(constants.BoolStoreIdentifier, constants.EnvKeyDisableSignUp, false)
|
||||
res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
|
||||
Email: email,
|
||||
Password: s.TestInfo.Password,
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db"
|
||||
"github.com/authorizerdev/authorizer/server/env"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/handlers"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/middlewares"
|
||||
|
|
@ -76,14 +75,14 @@ func testSetup() TestSetup {
|
|||
Password: "Test@123",
|
||||
}
|
||||
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnvPath, "../../.env.sample")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyEnvPath, "../../.env.sample")
|
||||
memorystore.InitMemStore()
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpHost, "smtp.yopmail.com")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpPort, "2525")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpUsername, "lakhan@yopmail.com")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpPassword, "test")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySenderEmail, "info@yopmail.com")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyProtectedRoles, []string{"admin"})
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpHost, "smtp.yopmail.com")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpPort, "2525")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpUsername, "lakhan@yopmail.com")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySmtpPassword, "test")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeySenderEmail, "info@yopmail.com")
|
||||
memorystore.Provider.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyProtectedRoles, []string{"admin"})
|
||||
memorystore.InitMemStore()
|
||||
db.InitDB()
|
||||
env.InitAllEnv()
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -16,16 +16,16 @@ func updateEnvTests(t *testing.T, s TestSetup) {
|
|||
t.Helper()
|
||||
t.Run(`should update envs`, func(t *testing.T) {
|
||||
req, ctx := createContext(s)
|
||||
originalAppURL := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
|
||||
originalAppURL := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
|
||||
|
||||
data := model.UpdateEnvInput{}
|
||||
_, err := resolvers.UpdateEnvResolver(ctx, data)
|
||||
|
||||
assert.NotNil(t, err)
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
newURL := "https://test.com"
|
||||
disableLoginPage := true
|
||||
allowedOrigins := []string{"http://localhost:8080"}
|
||||
|
|
@ -37,9 +37,9 @@ func updateEnvTests(t *testing.T, s TestSetup) {
|
|||
_, err = resolvers.UpdateEnvResolver(ctx, data)
|
||||
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAppURL), newURL)
|
||||
assert.True(t, envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage))
|
||||
assert.Equal(t, envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins), allowedOrigins)
|
||||
assert.Equal(t, memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL), newURL)
|
||||
assert.True(t, memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableLoginPage))
|
||||
assert.Equal(t, memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins), allowedOrigins)
|
||||
|
||||
disableLoginPage = false
|
||||
data = model.UpdateEnvInput{
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -34,9 +34,9 @@ func updateUserTest(t *testing.T, s TestSetup) {
|
|||
})
|
||||
assert.NotNil(t, err, "unauthorized")
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
_, err = resolvers.UpdateUserResolver(ctx, model.UpdateUserInput{
|
||||
ID: user.ID,
|
||||
Roles: newRoles,
|
||||
|
|
@ -44,7 +44,7 @@ func updateUserTest(t *testing.T, s TestSetup) {
|
|||
// supplier is not part of envs
|
||||
assert.Error(t, err)
|
||||
adminRole = "admin"
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyProtectedRoles, []string{adminRole})
|
||||
memorystore.Provider.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyProtectedRoles, []string{adminRole})
|
||||
newRoles = []*string{&adminRole, &userRole}
|
||||
_, err = resolvers.UpdateUserResolver(ctx, model.UpdateUserInput{
|
||||
ID: user.ID,
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -35,9 +35,9 @@ func usersTest(t *testing.T, s TestSetup) {
|
|||
usersRes, err := resolvers.UsersResolver(ctx, pagination)
|
||||
assert.NotNil(t, err, "unauthorized")
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
|
||||
usersRes, err = resolvers.UsersResolver(ctx, pagination)
|
||||
assert.Nil(t, err)
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -22,7 +22,7 @@ func TestIsValidEmail(t *testing.T) {
|
|||
func TestIsValidOrigin(t *testing.T) {
|
||||
// don't use portocal(http/https) for ALLOWED_ORIGINS while testing,
|
||||
// as we trim them off while running the main function
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyAllowedOrigins, []string{"localhost:8080", "*.google.com", "*.google.in", "*abc.*"})
|
||||
memorystore.Provider.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyAllowedOrigins, []string{"localhost:8080", "*.google.com", "*.google.in", "*abc.*"})
|
||||
assert.False(t, utils.IsValidOrigin("http://myapp.com"), "it should be invalid origin")
|
||||
assert.False(t, utils.IsValidOrigin("http://appgoogle.com"), "it should be invalid origin")
|
||||
assert.True(t, utils.IsValidOrigin("http://app.google.com"), "it should be valid origin")
|
||||
|
|
@ -32,7 +32,7 @@ func TestIsValidOrigin(t *testing.T) {
|
|||
assert.True(t, utils.IsValidOrigin("http://xyx.abc.in"), "it should be valid origin")
|
||||
assert.True(t, utils.IsValidOrigin("http://xyxabc.in"), "it should be valid origin")
|
||||
assert.True(t, utils.IsValidOrigin("http://localhost:8080"), "it should be valid origin")
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyAllowedOrigins, []string{"*"})
|
||||
memorystore.Provider.UpdateEnvVariable(constants.SliceStoreIdentifier, constants.EnvKeyAllowedOrigins, []string{"*"})
|
||||
}
|
||||
|
||||
func TestIsValidIdentifier(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/resolvers"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
|
@ -40,9 +40,9 @@ func verificationRequestsTest(t *testing.T, s TestSetup) {
|
|||
requests, err := resolvers.VerificationRequestsResolver(ctx, pagination)
|
||||
assert.NotNil(t, err, "unauthorized")
|
||||
|
||||
h, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
h, err := crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
assert.Nil(t, err)
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
req.Header.Set("Cookie", fmt.Sprintf("%s=%s", memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminCookieName), h))
|
||||
requests, err = resolvers.VerificationRequestsResolver(ctx, pagination)
|
||||
|
||||
assert.Nil(t, err)
|
||||
|
|
|
|||
|
|
@ -6,14 +6,14 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/cookie"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/gin-gonic/gin"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
|
||||
// CreateAdminAuthToken creates the admin token based on secret key
|
||||
func CreateAdminAuthToken(tokenType string, c *gin.Context) (string, error) {
|
||||
return crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
return crypto.EncryptPassword(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
}
|
||||
|
||||
// GetAdminAuthToken helps in getting the admin token from the request cookie
|
||||
|
|
@ -23,7 +23,7 @@ func GetAdminAuthToken(gc *gin.Context) (string, error) {
|
|||
return "", fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
err = bcrypt.CompareHashAndPassword([]byte(token), []byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)))
|
||||
err = bcrypt.CompareHashAndPassword([]byte(token), []byte(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)))
|
||||
|
||||
if err != nil {
|
||||
return "", fmt.Errorf(`unauthorized`)
|
||||
|
|
@ -41,7 +41,7 @@ func IsSuperAdmin(gc *gin.Context) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
return secret == envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
return secret == memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
|
||||
}
|
||||
|
||||
return token != ""
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ import (
|
|||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/db/models"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/authorizerdev/authorizer/server/utils"
|
||||
)
|
||||
|
|
@ -109,7 +108,7 @@ func CreateRefreshToken(user models.User, roles, scopes []string, hostname, nonc
|
|||
expiresAt := time.Now().Add(expiryBound).Unix()
|
||||
customClaims := jwt.MapClaims{
|
||||
"iss": hostname,
|
||||
"aud": envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
"aud": memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
"sub": user.ID,
|
||||
"exp": expiresAt,
|
||||
"iat": time.Now().Unix(),
|
||||
|
|
@ -130,7 +129,7 @@ func CreateRefreshToken(user models.User, roles, scopes []string, hostname, nonc
|
|||
// CreateAccessToken util to create JWT token, based on
|
||||
// user information, roles config and CUSTOM_ACCESS_TOKEN_SCRIPT
|
||||
func CreateAccessToken(user models.User, roles, scopes []string, hostName, nonce string) (string, int64, error) {
|
||||
expiryBound, err := utils.ParseDurationInSeconds(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAccessTokenExpiryTime))
|
||||
expiryBound, err := utils.ParseDurationInSeconds(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAccessTokenExpiryTime))
|
||||
if err != nil {
|
||||
expiryBound = time.Minute * 30
|
||||
}
|
||||
|
|
@ -139,7 +138,7 @@ func CreateAccessToken(user models.User, roles, scopes []string, hostName, nonce
|
|||
|
||||
customClaims := jwt.MapClaims{
|
||||
"iss": hostName,
|
||||
"aud": envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
"aud": memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
"nonce": nonce,
|
||||
"sub": user.ID,
|
||||
"exp": expiresAt,
|
||||
|
|
@ -286,7 +285,7 @@ func ValidateBrowserSession(gc *gin.Context, encryptedSession string) (*SessionD
|
|||
// CreateIDToken util to create JWT token, based on
|
||||
// user information, roles config and CUSTOM_ACCESS_TOKEN_SCRIPT
|
||||
func CreateIDToken(user models.User, roles []string, hostname, nonce string) (string, int64, error) {
|
||||
expiryBound, err := utils.ParseDurationInSeconds(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAccessTokenExpiryTime))
|
||||
expiryBound, err := utils.ParseDurationInSeconds(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAccessTokenExpiryTime))
|
||||
if err != nil {
|
||||
expiryBound = time.Minute * 30
|
||||
}
|
||||
|
|
@ -298,10 +297,10 @@ func CreateIDToken(user models.User, roles []string, hostname, nonce string) (st
|
|||
var userMap map[string]interface{}
|
||||
json.Unmarshal(userBytes, &userMap)
|
||||
|
||||
claimKey := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtRoleClaim)
|
||||
claimKey := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtRoleClaim)
|
||||
customClaims := jwt.MapClaims{
|
||||
"iss": hostname,
|
||||
"aud": envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
"aud": memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
"nonce": nonce,
|
||||
"sub": user.ID,
|
||||
"exp": expiresAt,
|
||||
|
|
@ -318,7 +317,7 @@ func CreateIDToken(user models.User, roles []string, hostname, nonce string) (st
|
|||
}
|
||||
|
||||
// check for the extra access token script
|
||||
accessTokenScript := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyCustomAccessTokenScript)
|
||||
accessTokenScript := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyCustomAccessTokenScript)
|
||||
if accessTokenScript != "" {
|
||||
vm := otto.New()
|
||||
|
||||
|
|
|
|||
|
|
@ -5,13 +5,13 @@ import (
|
|||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/crypto"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/golang-jwt/jwt"
|
||||
)
|
||||
|
||||
// SignJWTToken common util to sing jwt token
|
||||
func SignJWTToken(claims jwt.MapClaims) (string, error) {
|
||||
jwtType := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
jwtType := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
signingMethod := jwt.GetSigningMethod(jwtType)
|
||||
if signingMethod == nil {
|
||||
return "", errors.New("unsupported signing method")
|
||||
|
|
@ -24,15 +24,15 @@ func SignJWTToken(claims jwt.MapClaims) (string, error) {
|
|||
|
||||
switch signingMethod {
|
||||
case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:
|
||||
return t.SignedString([]byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)))
|
||||
return t.SignedString([]byte(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)))
|
||||
case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:
|
||||
key, err := crypto.ParseRsaPrivateKeyFromPemStr(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey))
|
||||
key, err := crypto.ParseRsaPrivateKeyFromPemStr(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return t.SignedString(key)
|
||||
case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:
|
||||
key, err := crypto.ParseEcdsaPrivateKeyFromPemStr(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey))
|
||||
key, err := crypto.ParseEcdsaPrivateKeyFromPemStr(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPrivateKey))
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
|
@ -45,7 +45,7 @@ func SignJWTToken(claims jwt.MapClaims) (string, error) {
|
|||
|
||||
// ParseJWTToken common util to parse jwt token
|
||||
func ParseJWTToken(token, hostname, nonce, subject string) (jwt.MapClaims, error) {
|
||||
jwtType := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
jwtType := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
signingMethod := jwt.GetSigningMethod(jwtType)
|
||||
|
||||
var err error
|
||||
|
|
@ -54,11 +54,11 @@ func ParseJWTToken(token, hostname, nonce, subject string) (jwt.MapClaims, error
|
|||
switch signingMethod {
|
||||
case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:
|
||||
_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil
|
||||
return []byte(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil
|
||||
})
|
||||
case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:
|
||||
_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
|
||||
key, err := crypto.ParseRsaPublicKeyFromPemStr(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
|
||||
key, err := crypto.ParseRsaPublicKeyFromPemStr(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -66,7 +66,7 @@ func ParseJWTToken(token, hostname, nonce, subject string) (jwt.MapClaims, error
|
|||
})
|
||||
case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:
|
||||
_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
|
||||
key, err := crypto.ParseEcdsaPublicKeyFromPemStr(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
|
||||
key, err := crypto.ParseEcdsaPublicKeyFromPemStr(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -87,7 +87,7 @@ func ParseJWTToken(token, hostname, nonce, subject string) (jwt.MapClaims, error
|
|||
claims["exp"] = intExp
|
||||
claims["iat"] = intIat
|
||||
|
||||
if claims["aud"] != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
if claims["aud"] != memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
return claims, errors.New("invalid audience")
|
||||
}
|
||||
|
||||
|
|
@ -109,7 +109,7 @@ func ParseJWTToken(token, hostname, nonce, subject string) (jwt.MapClaims, error
|
|||
// ParseJWTTokenWithoutNonce common util to parse jwt token without nonce
|
||||
// used to validate ID token as it is not persisted in store
|
||||
func ParseJWTTokenWithoutNonce(token, hostname string) (jwt.MapClaims, error) {
|
||||
jwtType := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
jwtType := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtType)
|
||||
signingMethod := jwt.GetSigningMethod(jwtType)
|
||||
|
||||
var err error
|
||||
|
|
@ -118,11 +118,11 @@ func ParseJWTTokenWithoutNonce(token, hostname string) (jwt.MapClaims, error) {
|
|||
switch signingMethod {
|
||||
case jwt.SigningMethodHS256, jwt.SigningMethodHS384, jwt.SigningMethodHS512:
|
||||
_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil
|
||||
return []byte(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil
|
||||
})
|
||||
case jwt.SigningMethodRS256, jwt.SigningMethodRS384, jwt.SigningMethodRS512:
|
||||
_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
|
||||
key, err := crypto.ParseRsaPublicKeyFromPemStr(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
|
||||
key, err := crypto.ParseRsaPublicKeyFromPemStr(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -130,7 +130,7 @@ func ParseJWTTokenWithoutNonce(token, hostname string) (jwt.MapClaims, error) {
|
|||
})
|
||||
case jwt.SigningMethodES256, jwt.SigningMethodES384, jwt.SigningMethodES512:
|
||||
_, err = jwt.ParseWithClaims(token, &claims, func(token *jwt.Token) (interface{}, error) {
|
||||
key, err := crypto.ParseEcdsaPublicKeyFromPemStr(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
|
||||
key, err := crypto.ParseEcdsaPublicKeyFromPemStr(memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtPublicKey))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -151,7 +151,7 @@ func ParseJWTTokenWithoutNonce(token, hostname string) (jwt.MapClaims, error) {
|
|||
claims["exp"] = intExp
|
||||
claims["iat"] = intIat
|
||||
|
||||
if claims["aud"] != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
if claims["aud"] != memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
return claims, errors.New("invalid audience")
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/golang-jwt/jwt"
|
||||
)
|
||||
|
||||
|
|
@ -12,7 +12,7 @@ import (
|
|||
func CreateVerificationToken(email, tokenType, hostname, nonceHash, redirectURL string) (string, error) {
|
||||
claims := jwt.MapClaims{
|
||||
"iss": hostname,
|
||||
"aud": envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
"aud": memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
"sub": email,
|
||||
"exp": time.Now().Add(time.Minute * 30).Unix(),
|
||||
"iat": time.Now().Unix(),
|
||||
|
|
|
|||
|
|
@ -2,21 +2,21 @@ package utils
|
|||
|
||||
import (
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
)
|
||||
|
||||
// GetMeta helps in getting the meta data about the deployment from EnvData
|
||||
func GetMetaInfo() model.Meta {
|
||||
return model.Meta{
|
||||
Version: constants.VERSION,
|
||||
ClientID: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
IsGoogleLoginEnabled: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret) != "",
|
||||
IsGithubLoginEnabled: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret) != "",
|
||||
IsFacebookLoginEnabled: envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID) != "" && envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret) != "",
|
||||
IsBasicAuthenticationEnabled: !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication),
|
||||
IsEmailVerificationEnabled: !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification),
|
||||
IsMagicLinkLoginEnabled: !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin),
|
||||
IsSignUpEnabled: !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp),
|
||||
ClientID: memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID),
|
||||
IsGoogleLoginEnabled: memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientID) != "" && memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGoogleClientSecret) != "",
|
||||
IsGithubLoginEnabled: memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientID) != "" && memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyGithubClientSecret) != "",
|
||||
IsFacebookLoginEnabled: memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientID) != "" && memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyFacebookClientSecret) != "",
|
||||
IsBasicAuthenticationEnabled: !memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication),
|
||||
IsEmailVerificationEnabled: !memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification),
|
||||
IsMagicLinkLoginEnabled: !memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin),
|
||||
IsSignUpEnabled: !memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp),
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
|
|
@ -19,7 +19,7 @@ func GetHost(c *gin.Context) string {
|
|||
return authorizerURL
|
||||
}
|
||||
|
||||
authorizerURL = envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAuthorizerURL)
|
||||
authorizerURL = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAuthorizerURL)
|
||||
if authorizerURL != "" {
|
||||
return authorizerURL
|
||||
}
|
||||
|
|
@ -89,7 +89,7 @@ func GetDomainName(uri string) string {
|
|||
|
||||
// GetAppURL to get /app/ url if not configured by user
|
||||
func GetAppURL(gc *gin.Context) string {
|
||||
envAppURL := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
|
||||
envAppURL := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAppURL)
|
||||
if envAppURL == "" {
|
||||
envAppURL = GetHost(gc) + "/app"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/envstore"
|
||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||
)
|
||||
|
||||
// IsValidEmail validates email
|
||||
|
|
@ -17,7 +17,7 @@ func IsValidEmail(email string) bool {
|
|||
|
||||
// IsValidOrigin validates origin based on ALLOWED_ORIGINS
|
||||
func IsValidOrigin(url string) bool {
|
||||
allowedOrigins := envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins)
|
||||
allowedOrigins := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins)
|
||||
if len(allowedOrigins) == 1 && allowedOrigins[0] == "*" {
|
||||
return true
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user