From 2366410ea8a6d739fea5934773b28c3e9092d571 Mon Sep 17 00:00:00 2001 From: ThibaultHerard Date: Thu, 22 Sep 2022 15:17:22 +0000 Subject: [PATCH] feat(saml): file reorganization Signed-off-by: ThibaultHerard Co-authored-by: sebferrer --- driver/registry_default.go | 5 +- driver/registry_default_saml.go | 2 +- .../saml/test/testdata/idp_saml_metadata.xml | 118 ------------------ .../{strategy => }/.schema/link.schema.json | 0 .../.schema/settings.schema.json | 0 .../strategy/saml/{strategy => }/const.go | 2 +- .../{flow => strategy}/saml/handler.go | 4 +- .../test => strategy/saml}/handler_test.go | 25 ++-- .../test => strategy/saml}/metadata_test.go | 22 ++-- .../strategy/saml/{strategy => }/schema.go | 2 +- .../strategy/saml/{strategy => }/strategy.go | 18 ++- .../saml/strategy/test/testdata/cert.pem | 13 -- .../test/testdata/idp_saml_metadata.xml | 118 ------------------ .../saml/strategy/test/testdata/key.pem | 15 --- .../strategy/test/testdata/myservice.cert | 19 --- .../saml/strategy/test/testdata/myservice.key | 28 ----- .../test/testdata/registration.schema.json | 16 --- .../saml/strategy/test/testdata/saml.jsonnet | 17 --- .../strategy/test/testdata/samlkratos.crt | 21 ---- .../saml/{strategy => }/strategy_auth.go | 5 +- .../saml/strategy_helper_test.go} | 40 +++--- .../saml/{strategy => }/strategy_login.go | 10 +- .../{strategy => }/strategy_registration.go | 7 +- .../saml/{strategy/test => }/strategy_test.go | 64 +++++----- .../test => }/testdata/SP_IDPMetadata.xml | 0 .../test => }/testdata/SP_SamlResponse.xml | 0 .../TestSPCanHandleOneloginResponse_response | 0 .../test => strategy/saml}/testdata/cert.pem | 0 .../saml}/testdata/expected_metadata.xml | 0 .../test => strategy/saml}/testdata/key.pem | 0 .../saml}/testdata/myservice.cert | 0 .../saml}/testdata/myservice.key | 0 .../saml}/testdata/registration.schema.json | 0 .../saml}/testdata/saml.jsonnet | 0 .../test => }/testdata/saml_response.xml | 0 .../saml}/testdata/samlkratos.crt | 0 .../strategy/saml/{strategy => }/types.go | 5 +- 37 files changed, 96 insertions(+), 480 deletions(-) delete mode 100644 selfservice/flow/saml/test/testdata/idp_saml_metadata.xml rename selfservice/strategy/saml/{strategy => }/.schema/link.schema.json (100%) rename selfservice/strategy/saml/{strategy => }/.schema/settings.schema.json (100%) rename selfservice/strategy/saml/{strategy => }/const.go (78%) rename selfservice/{flow => strategy}/saml/handler.go (98%) rename selfservice/{flow/saml/test => strategy/saml}/handler_test.go (78%) rename selfservice/{flow/saml/test => strategy/saml}/metadata_test.go (84%) rename selfservice/strategy/saml/{strategy => }/schema.go (82%) rename selfservice/strategy/saml/{strategy => }/strategy.go (95%) delete mode 100644 selfservice/strategy/saml/strategy/test/testdata/cert.pem delete mode 100644 selfservice/strategy/saml/strategy/test/testdata/idp_saml_metadata.xml delete mode 100644 selfservice/strategy/saml/strategy/test/testdata/key.pem delete mode 100755 selfservice/strategy/saml/strategy/test/testdata/myservice.cert delete mode 100755 selfservice/strategy/saml/strategy/test/testdata/myservice.key delete mode 100644 selfservice/strategy/saml/strategy/test/testdata/registration.schema.json delete mode 100644 selfservice/strategy/saml/strategy/test/testdata/saml.jsonnet delete mode 100755 selfservice/strategy/saml/strategy/test/testdata/samlkratos.crt rename selfservice/strategy/saml/{strategy => }/strategy_auth.go (91%) rename selfservice/{flow/saml/helpertest/helpertest.go => strategy/saml/strategy_helper_test.go} (80%) rename selfservice/strategy/saml/{strategy => }/strategy_login.go (91%) rename selfservice/strategy/saml/{strategy => }/strategy_registration.go (94%) rename selfservice/strategy/saml/{strategy/test => }/strategy_test.go (68%) rename selfservice/strategy/saml/{strategy/test => }/testdata/SP_IDPMetadata.xml (100%) rename selfservice/strategy/saml/{strategy/test => }/testdata/SP_SamlResponse.xml (100%) rename selfservice/strategy/saml/{strategy/test => }/testdata/TestSPCanHandleOneloginResponse_response (100%) rename selfservice/{flow/saml/test => strategy/saml}/testdata/cert.pem (100%) rename selfservice/{flow/saml/test => strategy/saml}/testdata/expected_metadata.xml (100%) rename selfservice/{flow/saml/test => strategy/saml}/testdata/key.pem (100%) rename selfservice/{flow/saml/test => strategy/saml}/testdata/myservice.cert (100%) rename selfservice/{flow/saml/test => strategy/saml}/testdata/myservice.key (100%) rename selfservice/{flow/saml/test => strategy/saml}/testdata/registration.schema.json (100%) rename selfservice/{flow/saml/test => strategy/saml}/testdata/saml.jsonnet (100%) rename selfservice/strategy/saml/{strategy/test => }/testdata/saml_response.xml (100%) rename selfservice/{flow/saml/test => strategy/saml}/testdata/samlkratos.crt (100%) rename selfservice/strategy/saml/{strategy => }/types.go (88%) diff --git a/driver/registry_default.go b/driver/registry_default.go index ebec168b664a..0fb64da96a21 100644 --- a/driver/registry_default.go +++ b/driver/registry_default.go @@ -37,13 +37,11 @@ import ( "github.com/ory/kratos/hash" "github.com/ory/kratos/schema" "github.com/ory/kratos/selfservice/flow/recovery" - "github.com/ory/kratos/selfservice/flow/saml" "github.com/ory/kratos/selfservice/flow/settings" "github.com/ory/kratos/selfservice/flow/verification" "github.com/ory/kratos/selfservice/hook" "github.com/ory/kratos/selfservice/strategy/link" "github.com/ory/kratos/selfservice/strategy/profile" - samlstrategy "github.com/ory/kratos/selfservice/strategy/saml/strategy" "github.com/ory/kratos/x" "github.com/cenkalti/backoff" @@ -63,6 +61,7 @@ import ( "github.com/ory/kratos/selfservice/flow/logout" "github.com/ory/kratos/selfservice/flow/registration" "github.com/ory/kratos/selfservice/strategy/oidc" + "github.com/ory/kratos/selfservice/strategy/saml" "github.com/ory/herodot" @@ -292,7 +291,7 @@ func (m *RegistryDefault) selfServiceStrategies() []interface{} { m.selfserviceStrategies = []interface{}{ password2.NewStrategy(m), oidc.NewStrategy(m), - samlstrategy.NewStrategy(m), + saml.NewStrategy(m), profile.NewStrategy(m), link.NewStrategy(m), totp.NewStrategy(m), diff --git a/driver/registry_default_saml.go b/driver/registry_default_saml.go index c201047fc21d..23b619b0ec82 100644 --- a/driver/registry_default_saml.go +++ b/driver/registry_default_saml.go @@ -1,6 +1,6 @@ package driver -import "github.com/ory/kratos/selfservice/flow/saml" +import "github.com/ory/kratos/selfservice/strategy/saml" func (m *RegistryDefault) SAMLHandler() *saml.Handler { if m.selfserviceSAMLHandler == nil { diff --git a/selfservice/flow/saml/test/testdata/idp_saml_metadata.xml b/selfservice/flow/saml/test/testdata/idp_saml_metadata.xml deleted file mode 100644 index dcaf7f051dae..000000000000 --- a/selfservice/flow/saml/test/testdata/idp_saml_metadata.xml +++ /dev/null @@ -1,118 +0,0 @@ - - - - - - - - - - - - - - - testshib.org - - TestShib Test IdP - TestShib IdP. Use this as a source of attributes - for your test SP. - https://www.testshib.org/testshibtwo.jpg - - - - - - MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV - MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD - VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4 - MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI - EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl - c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B - AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C - yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe - 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT - NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614 - kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH - gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G - A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86 - 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl - bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo - aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN - BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL - I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo - 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4 - /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj - Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr - 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA== - - - - - - - - - - - - urn:mace:shibboleth:1.0:nameIdentifier - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - - - - - - - - MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV - MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD - VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4 - MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI - EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl - c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B - AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C - yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe - 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT - NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614 - kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH - gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G - A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86 - 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl - bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo - aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN - BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL - I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo - 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4 - /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj - Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr - 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA== - - - - - - - - - - - - urn:mace:shibboleth:1.0:nameIdentifier - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - TestShib Two Identity Provider - TestShib Two - http://www.testshib.org/testshib-two/ - - - Nate - Klingenstein - ndk@internet2.edu - - \ No newline at end of file diff --git a/selfservice/strategy/saml/strategy/.schema/link.schema.json b/selfservice/strategy/saml/.schema/link.schema.json similarity index 100% rename from selfservice/strategy/saml/strategy/.schema/link.schema.json rename to selfservice/strategy/saml/.schema/link.schema.json diff --git a/selfservice/strategy/saml/strategy/.schema/settings.schema.json b/selfservice/strategy/saml/.schema/settings.schema.json similarity index 100% rename from selfservice/strategy/saml/strategy/.schema/settings.schema.json rename to selfservice/strategy/saml/.schema/settings.schema.json diff --git a/selfservice/strategy/saml/strategy/const.go b/selfservice/strategy/saml/const.go similarity index 78% rename from selfservice/strategy/saml/strategy/const.go rename to selfservice/strategy/saml/const.go index e578913b1427..43e852245103 100644 --- a/selfservice/strategy/saml/strategy/const.go +++ b/selfservice/strategy/saml/const.go @@ -1,4 +1,4 @@ -package strategy +package saml const ( sessionName = "ory_kratos_saml_auth_code_session" diff --git a/selfservice/flow/saml/handler.go b/selfservice/strategy/saml/handler.go similarity index 98% rename from selfservice/flow/saml/handler.go rename to selfservice/strategy/saml/handler.go index 9ce5b65cd1e1..5c13c8469718 100644 --- a/selfservice/flow/saml/handler.go +++ b/selfservice/strategy/saml/handler.go @@ -24,8 +24,6 @@ import ( samlidp "github.com/crewjam/saml" - samlstrategy "github.com/ory/kratos/selfservice/strategy/saml" - "github.com/ory/kratos/session" "github.com/ory/kratos/x" "github.com/ory/x/decoderx" @@ -144,7 +142,7 @@ func DestroyMiddlewareIfExists() { func (h *Handler) instantiateMiddleware(ctx context.Context, config config.Config) error { // Create a SAMLProvider object from the config file - var c samlstrategy.ConfigurationCollection + var c ConfigurationCollection conf := config.SelfServiceStrategy(ctx, "saml").Config if err := jsonx. NewStrictDecoder(bytes.NewBuffer(conf)). diff --git a/selfservice/flow/saml/test/handler_test.go b/selfservice/strategy/saml/handler_test.go similarity index 78% rename from selfservice/flow/saml/test/handler_test.go rename to selfservice/strategy/saml/handler_test.go index 0af00023e473..7f93a89408a5 100644 --- a/selfservice/flow/saml/test/handler_test.go +++ b/selfservice/strategy/saml/handler_test.go @@ -4,10 +4,9 @@ import ( "io/ioutil" "testing" - samlhandler "github.com/ory/kratos/selfservice/flow/saml" + "github.com/ory/kratos/selfservice/strategy/saml" "github.com/stretchr/testify/require" - helpertest "github.com/ory/kratos/selfservice/flow/saml/helpertest" "gotest.tools/assert" ) @@ -16,10 +15,10 @@ func TestInitMiddleWareWithMetadata(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - middleWare, _, _, err := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + middleWare, _, _, err := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") require.NoError(t, err) assert.Check(t, middleWare != nil) @@ -33,9 +32,9 @@ func TestInitMiddleWareWithoutMetadata(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - middleWare, _, _, err := helpertest.InitMiddlewareWithoutMetadata(t, + middleWare, _, _, err := InitTestMiddlewareWithoutMetadata(t, "https://samltest.id/idp/profile/SAML2/Redirect/SSO", "https://samltest.id/saml/idp", "file://testdata/samlkratos.crt", @@ -53,12 +52,12 @@ func TestGetMiddleware(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") - middleWare, err := samlhandler.GetMiddleware() + middleWare, err := saml.GetMiddleware() require.NoError(t, err) assert.Check(t, middleWare != nil) @@ -72,12 +71,12 @@ func TestMustParseCertificate(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() certificate, err := ioutil.ReadFile("testdata/samlkratos.crt") require.NoError(t, err) - cert, err := samlhandler.MustParseCertificate(certificate) + cert, err := saml.MustParseCertificate(certificate) require.NoError(t, err) assert.Check(t, cert.Issuer.Country[0] == "AU") diff --git a/selfservice/flow/saml/test/metadata_test.go b/selfservice/strategy/saml/metadata_test.go similarity index 84% rename from selfservice/flow/saml/test/metadata_test.go rename to selfservice/strategy/saml/metadata_test.go index 7545034d7157..8e801fb529ff 100644 --- a/selfservice/flow/saml/test/metadata_test.go +++ b/selfservice/strategy/saml/metadata_test.go @@ -8,11 +8,7 @@ import ( "reflect" "testing" - samlhandler "github.com/ory/kratos/selfservice/flow/saml" - helpertest "github.com/ory/kratos/selfservice/flow/saml/helpertest" - - samltesthelpers "github.com/ory/kratos/selfservice/flow/saml/helpertest" - + "github.com/ory/kratos/selfservice/strategy/saml" "github.com/stretchr/testify/require" "gotest.tools/assert" is "gotest.tools/assert/cmp" @@ -71,12 +67,12 @@ func TestXmlMetadataExist(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - _, _, ts, err := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + _, _, ts, err := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") assert.NilError(t, err) - res, _ := samltesthelpers.NewClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata") + res, _ := NewTestClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata") assert.Check(t, is.Equal(http.StatusOK, res.StatusCode)) assert.Check(t, is.Equal("application/samlmetadata+xml", @@ -88,11 +84,11 @@ func TestXmlMetadataValues(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - _, _, ts, err := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") - res, _ := samltesthelpers.NewClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata") + _, _, ts, err := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") + res, _ := NewTestClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata") body, _ := io.ReadAll(res.Body) assert.Check(t, is.Equal(http.StatusOK, res.StatusCode)) diff --git a/selfservice/strategy/saml/strategy/schema.go b/selfservice/strategy/saml/schema.go similarity index 82% rename from selfservice/strategy/saml/strategy/schema.go rename to selfservice/strategy/saml/schema.go index 92ac527c5d00..50aa01e10193 100644 --- a/selfservice/strategy/saml/strategy/schema.go +++ b/selfservice/strategy/saml/schema.go @@ -1,4 +1,4 @@ -package strategy +package saml import ( _ "embed" diff --git a/selfservice/strategy/saml/strategy/strategy.go b/selfservice/strategy/saml/strategy.go similarity index 95% rename from selfservice/strategy/saml/strategy/strategy.go rename to selfservice/strategy/saml/strategy.go index 937d5af9168a..6061ab812dec 100644 --- a/selfservice/strategy/saml/strategy/strategy.go +++ b/selfservice/strategy/saml/strategy.go @@ -1,4 +1,4 @@ -package strategy +package saml import ( "bytes" @@ -35,10 +35,8 @@ import ( "github.com/ory/kratos/selfservice/flow/login" "github.com/ory/kratos/selfservice/flow/registration" - samlflow "github.com/ory/kratos/selfservice/flow/saml" "github.com/ory/kratos/selfservice/flow/settings" "github.com/ory/kratos/selfservice/strategy" - samlstrategy "github.com/ory/kratos/selfservice/strategy/saml" "github.com/ory/kratos/session" "github.com/ory/kratos/x" ) @@ -186,7 +184,7 @@ func (s *Strategy) validateFlow(ctx context.Context, r *http.Request, rid uuid.U if ar, err := s.d.RegistrationFlowPersister().GetRegistrationFlow(ctx, rid); err == nil { if ar.Type != flow.TypeBrowser { - return ar, samlstrategy.ErrAPIFlowNotSupported + return ar, ErrAPIFlowNotSupported } if err := ar.Valid(); err != nil { @@ -197,7 +195,7 @@ func (s *Strategy) validateFlow(ctx context.Context, r *http.Request, rid uuid.U if ar, err := s.d.LoginFlowPersister().GetLoginFlow(ctx, rid); err == nil { if ar.Type != flow.TypeBrowser { - return ar, samlstrategy.ErrAPIFlowNotSupported + return ar, ErrAPIFlowNotSupported } if err := ar.Valid(); err != nil { @@ -209,7 +207,7 @@ func (s *Strategy) validateFlow(ctx context.Context, r *http.Request, rid uuid.U ar, err := s.d.SettingsFlowPersister().GetSettingsFlow(ctx, rid) if err == nil { if ar.Type != flow.TypeBrowser { - return ar, samlstrategy.ErrAPIFlowNotSupported + return ar, ErrAPIFlowNotSupported } sess, err := s.d.SessionManager().FetchFromRequest(ctx, r) @@ -279,7 +277,7 @@ func (s *Strategy) handleCallback(w http.ResponseWriter, r *http.Request, ps htt return } - m, err := samlflow.GetMiddleware() + m, err := GetMiddleware() if err != nil { s.forwardError(w, r, err) } @@ -330,7 +328,7 @@ func (s *Strategy) forwardError(w http.ResponseWriter, r *http.Request, err erro } // Return the SAML Provider -func (s *Strategy) Provider(ctx context.Context) (samlstrategy.Provider, error) { +func (s *Strategy) Provider(ctx context.Context) (Provider, error) { c, err := s.Config(ctx) if err != nil { return nil, err @@ -345,8 +343,8 @@ func (s *Strategy) Provider(ctx context.Context) (samlstrategy.Provider, error) } // Translate YAML Config file into a SAML Provider struct -func (s *Strategy) Config(ctx context.Context) (*samlstrategy.ConfigurationCollection, error) { - var c samlstrategy.ConfigurationCollection +func (s *Strategy) Config(ctx context.Context) (*ConfigurationCollection, error) { + var c ConfigurationCollection conf := s.d.Config().SelfServiceStrategy(ctx, string(s.ID())).Config if err := jsonx. diff --git a/selfservice/strategy/saml/strategy/test/testdata/cert.pem b/selfservice/strategy/saml/strategy/test/testdata/cert.pem deleted file mode 100644 index 52667ef39ff2..000000000000 --- a/selfservice/strategy/saml/strategy/test/testdata/cert.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB7zCCAVgCCQDFzbKIp7b3MTANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGEwJV -UzELMAkGA1UECAwCR0ExDDAKBgNVBAoMA2ZvbzESMBAGA1UEAwwJbG9jYWxob3N0 -MB4XDTEzMTAwMjAwMDg1MVoXDTE0MTAwMjAwMDg1MVowPDELMAkGA1UEBhMCVVMx -CzAJBgNVBAgMAkdBMQwwCgYDVQQKDANmb28xEjAQBgNVBAMMCWxvY2FsaG9zdDCB -nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1PMHYmhZj308kWLhZVT4vOulqx/9 -ibm5B86fPWwUKKQ2i12MYtz07tzukPymisTDhQaqyJ8Kqb/6JjhmeMnEOdTvSPmH -O8m1ZVveJU6NoKRn/mP/BD7FW52WhbrUXLSeHVSKfWkNk6S4hk9MV9TswTvyRIKv -Rsw0X/gfnqkroJcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCMMlIO+GNcGekevKgk -akpMdAqJfs24maGb90DvTLbRZRD7Xvn1MnVBBS9hzlXiFLYOInXACMW5gcoRFfeT -QLSouMM8o57h0uKjfTmuoWHLQLi6hnF+cvCsEFiJZ4AbF+DgmO6TarJ8O05t8zvn -OwJlNCASPZRH/JmF8tX0hoHuAQ== ------END CERTIFICATE----- \ No newline at end of file diff --git a/selfservice/strategy/saml/strategy/test/testdata/idp_saml_metadata.xml b/selfservice/strategy/saml/strategy/test/testdata/idp_saml_metadata.xml deleted file mode 100644 index dcaf7f051dae..000000000000 --- a/selfservice/strategy/saml/strategy/test/testdata/idp_saml_metadata.xml +++ /dev/null @@ -1,118 +0,0 @@ - - - - - - - - - - - - - - - testshib.org - - TestShib Test IdP - TestShib IdP. Use this as a source of attributes - for your test SP. - https://www.testshib.org/testshibtwo.jpg - - - - - - MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV - MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD - VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4 - MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI - EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl - c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B - AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C - yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe - 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT - NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614 - kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH - gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G - A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86 - 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl - bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo - aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN - BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL - I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo - 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4 - /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj - Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr - 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA== - - - - - - - - - - - - urn:mace:shibboleth:1.0:nameIdentifier - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - - - - - - - - - - MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV - MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD - VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4 - MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI - EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl - c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B - AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C - yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe - 3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT - NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614 - kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH - gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G - A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86 - 9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl - bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo - aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN - BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL - I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo - 93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4 - /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj - Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr - 8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA== - - - - - - - - - - - - urn:mace:shibboleth:1.0:nameIdentifier - urn:oasis:names:tc:SAML:2.0:nameid-format:transient - - - TestShib Two Identity Provider - TestShib Two - http://www.testshib.org/testshib-two/ - - - Nate - Klingenstein - ndk@internet2.edu - - \ No newline at end of file diff --git a/selfservice/strategy/saml/strategy/test/testdata/key.pem b/selfservice/strategy/saml/strategy/test/testdata/key.pem deleted file mode 100644 index 48284dac33a1..000000000000 --- a/selfservice/strategy/saml/strategy/test/testdata/key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDU8wdiaFmPfTyRYuFlVPi866WrH/2JubkHzp89bBQopDaLXYxi -3PTu3O6Q/KaKxMOFBqrInwqpv/omOGZ4ycQ51O9I+Yc7ybVlW94lTo2gpGf+Y/8E -PsVbnZaFutRctJ4dVIp9aQ2TpLiGT0xX1OzBO/JEgq9GzDRf+B+eqSuglwIDAQAB -AoGBAMuy1eN6cgFiCOgBsB3gVDdTKpww87Qk5ivjqEt28SmXO13A1KNVPS6oQ8SJ -CT5Azc6X/BIAoJCURVL+LHdqebogKljhH/3yIel1kH19vr4E2kTM/tYH+qj8afUS -JEmArUzsmmK8ccuNqBcllqdwCZjxL4CHDUmyRudFcHVX9oyhAkEA/OV1OkjM3CLU -N3sqELdMmHq5QZCUihBmk3/N5OvGdqAFGBlEeewlepEVxkh7JnaNXAXrKHRVu/f/ -fbCQxH+qrwJBANeQERF97b9Sibp9xgolb749UWNlAdqmEpmlvmS202TdcaaT1msU -4rRLiQN3X9O9mq4LZMSVethrQAdX1whawpkCQQDk1yGf7xZpMJ8F4U5sN+F4rLyM -Rq8Sy8p2OBTwzCUXXK+fYeXjybsUUMr6VMYTRP2fQr/LKJIX+E5ZxvcIyFmDAkEA -yfjNVUNVaIbQTzEbRlRvT6MqR+PTCefC072NF9aJWR93JimspGZMR7viY6IM4lrr -vBkm0F5yXKaYtoiiDMzlOQJADqmEwXl0D72ZG/2KDg8b4QZEmC9i5gidpQwJXUc6 -hU+IVQoLxRq0fBib/36K9tcrrO5Ba4iEvDcNY+D8yGbUtA== ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/selfservice/strategy/saml/strategy/test/testdata/myservice.cert b/selfservice/strategy/saml/strategy/test/testdata/myservice.cert deleted file mode 100755 index a815f8f44742..000000000000 --- a/selfservice/strategy/saml/strategy/test/testdata/myservice.cert +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDITCCAgmgAwIBAgIUAKe3G3G4JRoPJDbHcFfUC0M1vUwwDQYJKoZIhvcNAQEL -BQAwIDEeMBwGA1UEAwwVbXlzZXJ2aWNlLmV4YW1wbGUuY29tMB4XDTIxMTIyODEw -MTcxOFoXDTIyMTIyODEwMTcxOFowIDEeMBwGA1UEAwwVbXlzZXJ2aWNlLmV4YW1w -bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA456eHhpbTabo -JD9IurVIakdb4Y1CtM1cWEgeDB/owu+h13pqj+wk/1AlFUNIYKfzJNmP+CoJv5pS -vUeJaMdA7vKUCHPMY7SNoZdaX0eGV4Z9Q7Q6pSkV+heoamojl+Lq9VIVvWnz4ra9 -3xjvJJ4bACyIz7k9u32jAb+v3Rh3axVlPfYJqCx0gU+tcMxb/Lc7HH7ynAjFGc4N -iG7qOqE2nmzRanKw4dMJhkzhNyFQbqtd4DmEzV70XixyztxmbENVfNdvOrCc34/e -JR4q7w5YEGMwUIPip7/zz/itqsrk0x4/VF1lExMOihf8dfYnqdF3+SdywoBf5UC4 -AUyFS/3FgQIDAQABo1MwUTAdBgNVHQ4EFgQUdG+6zhMmsR2yenGz22Iacjeh6BUw -HwYDVR0jBBgwFoAUdG+6zhMmsR2yenGz22Iacjeh6BUwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAU5eJKGCBsJpMgL6AgrtpY47iT2KtIkeiI5RC -L+2z2pORG2jFzvY+3kcYA+Nj7EwVyBGmn2lL2JCgk3Qr1YsO4IMJ6sZYbDi6I1SR -z14QMYDRWqPY7VoyqiDzdIS9ENWm80gCG4BChSMtEtN2kmjdTOM++Cr4LY/LLhM4 -9aSNfXHTx4kklP1VVc8dGWw+bFtzZUeP6O+ssrFhcse4V6DoQAxYSU4MAAjePhAP -0IS2I3sSzLe/LCsJMPZv0r1q8YQCGBrijAXSnQiu8KFh8hEQusxilIZV9XPDGB98 -EwTT5cbtUtOIbrZ6kdBs49O27xCTymaIuysidFtywwTaDdrc1g== ------END CERTIFICATE----- diff --git a/selfservice/strategy/saml/strategy/test/testdata/myservice.key b/selfservice/strategy/saml/strategy/test/testdata/myservice.key deleted file mode 100755 index e7b461f2f228..000000000000 --- a/selfservice/strategy/saml/strategy/test/testdata/myservice.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDjnp4eGltNpugk -P0i6tUhqR1vhjUK0zVxYSB4MH+jC76HXemqP7CT/UCUVQ0hgp/Mk2Y/4Kgm/mlK9 -R4lox0Du8pQIc8xjtI2hl1pfR4ZXhn1DtDqlKRX6F6hqaiOX4ur1UhW9afPitr3f -GO8knhsALIjPuT27faMBv6/dGHdrFWU99gmoLHSBT61wzFv8tzscfvKcCMUZzg2I -buo6oTaebNFqcrDh0wmGTOE3IVBuq13gOYTNXvReLHLO3GZsQ1V81286sJzfj94l -HirvDlgQYzBQg+Knv/PP+K2qyuTTHj9UXWUTEw6KF/x19iep0Xf5J3LCgF/lQLgB -TIVL/cWBAgMBAAECggEAAn9H/s6NN+Hf5B3pn1rDy56yzFuvYqpqG/HWmo1zEUht -vx5xstiFY2OutHgDgEP3b+0PHkrfxoFb7QWu5T5iYPy6UQlsMZ/WefJeJHN1btpj -321Hw24a9p5x05EMiOsNZtmasXRLH66fkKYGYaF2bF8QtS60Fa2AL1G6DTPqg3s4 -T+ijNYPr1xUk5GSh8Ea0DjLhzL6WgSHj+eBKgfEdYPDlOaQaYQuV2OJg9JyqxV6h -/Fa1HDc6RgpIhalLhP+9OqhSr9vmXSzEidzu+WTQSPpabwlVIae30Qh8XT9bYF5v -TElDXv5e5FwFmIJTnhAHyGlpnJ3KzaEHkmGbAxLOQQKBgQD2P4++d0WzrugKnfpz -hMpIVwk4jl1l2LUe3LoKEtF85lj6NjmvUNEPfJ0MIwKAjQYZ9AJWgCPP2/kjDBRv -dwwtSDIjFf79y810MNTGhAKv8nf7Lf5tSiJbvWgwtiiqF/ivUlxOKL9jqc6qj2s9 -psFoPOSAHQz6NqNpGyNza/7+CQKBgQDsojNWLJUXVzeUCMCzF+tn8lgs1aGrjHB7 -ZMHpr5nZCBdXjAzZR6yQH653Fa3OzNnVjq8CiO1ZdvbwW/KgVUHB4Mb/4kJ0Uxbm -WOF7zQjsMleoABFTi5mCcSqEK+u1qnrG8Ful9L6F8WhP7mdDmRXQM3f9rG2NDb1H -/OJuj/LpuQKBgQDK0+31Z069QtsUK62oSv9G+JG6yOC7S/Vbt1lxhLCSnTU620FG -W13n0K+W2JtuATq+U9M9JozY4ApkyMVoTnl0LtxFNA/1QlI3WyVXYlLIVAJpnSfN -I1wLjoZsYQ47lEUdO8yWAFAsqih1Km6duGXkEwvvTn5q9mhA4b6giprc6QKBgQCR -knMcd068ziXdxsitJHDoQHkoE8BiZYIpFuIIHcP6dPTPIdQhsusguqy8i7Sh/Pmh -XCaj25KQMBRX52jKY8iROfOSJSIWp6r1yAXnAEqV655rNqdyCvZD/dRW/SIDXz4q -tmDbJkYy5kDys0oJltqJe7A8eV/nn2UrLRIrTBj22QKBgQCFMmXVRqRje9k0Aqfe -KGYYCEPzeFzY4PzufwoOyhsGkLCwKthf43jXjWy53+u82Od1oKiNCjIhQHOtL720 -mTIhl2AzTJ1VMWoqUIHtGxhaIC3zhDjAaTMHZNDXFU78hPOhcBPtKikh3Hj2bfGG -TK1KTG49VMcWHmYJhJXwVevKAg== ------END PRIVATE KEY----- diff --git a/selfservice/strategy/saml/strategy/test/testdata/registration.schema.json b/selfservice/strategy/saml/strategy/test/testdata/registration.schema.json deleted file mode 100644 index c7005d87ce8d..000000000000 --- a/selfservice/strategy/saml/strategy/test/testdata/registration.schema.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "$id": "https://example.com/registration.schema.json", - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "Person", - "type": "object", - "properties": { - "traits": { - "type": "object", - "properties": { - "bar": { - "type": "string" - } - } - } - } -} diff --git a/selfservice/strategy/saml/strategy/test/testdata/saml.jsonnet b/selfservice/strategy/saml/strategy/test/testdata/saml.jsonnet deleted file mode 100644 index 87103e26bc6b..000000000000 --- a/selfservice/strategy/saml/strategy/test/testdata/saml.jsonnet +++ /dev/null @@ -1,17 +0,0 @@ -local claims = { - email_verified: false -} + std.extVar('claims'); - -{ - identity: { - traits: { - // Allowing unverified email addresses enables account - // enumeration attacks, especially if the value is used for - // e.g. verification or as a password login identifier. - // - // Therefore we only return the email if it (a) exists and (b) is marked verified - // by Discord. - [if "email" in claims && claims.email_verified then "email" else null]: claims.email, - }, - }, -} \ No newline at end of file diff --git a/selfservice/strategy/saml/strategy/test/testdata/samlkratos.crt b/selfservice/strategy/saml/strategy/test/testdata/samlkratos.crt deleted file mode 100755 index 3dfdeb703e1c..000000000000 --- a/selfservice/strategy/saml/strategy/test/testdata/samlkratos.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDazCCAlOgAwIBAgIUVREfiVXf4z/hq8AsbyNnkuWn6i8wDQYJKoZIhvcNAQEL -BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjExMTA4MjBaFw0yMzAy -MjExMTA4MjBaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw -HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCjvij3wZV+OhbEbwcs7cpc1hGR+uK4Y0y/ItHkAqlV -ddl+D28iDJeHci4LA8XmG0loFMTxdC9PG5t4ewn8G18+EeYRV0K3BMMWfxrO6ibG -z1ElTxQvVSw9tgPpjIgZqL8Qso8UO1ji98yoPhqP77F29pCNqiHrKJI1c52OCPHq -NBCZa76DmCGcXKAwRQaTo+tig6HJ1/3qCLGq57O396mQRFvjB535mceLzKSpFHsh -45beytXiBjTkvOEmNIUGVKIidXxqDtuTHz5QqhHTHMSsFH8cT648sSB9K9jPZ6ai -VCq5z/McyaYFlb/wt7PApJTSRjU0Any4876eBca59ca/AgMBAAGjUzBRMB0GA1Ud -DgQWBBQml5ORluABegdU+rLlpn++esD9fjAfBgNVHSMEGDAWgBQml5ORluABegdU -+rLlpn++esD9fjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCL -X5bpRKtMY7FsPtMsO/KBz5GT7P6aqe8pS0m3uXap6KkQwxa2wyyyH+in6uds8Sxm -bsdsGpSpCfGQCMqmu0yCjhfwI8nFA6q1YxLNgmx7kEIAQQQG2+jZJE7adXzSk2vT -tiNQ55mfiO9Wv+JpaB7ldAX3Q+O2uqVLJG/NlvC3ZAq0FXMyeitddLYSmEE0xrcM -QTB7vb7LpZk7Owa2UJ2VcQyZcxLWMonikIg4u3ALHGR0SvEgMwGhWr354RDGLYSO -Ii5O1foUR1O71jffr7CgELauyz3AXv6PNYLkyOCQP5gNB2NEMLJBRn5U4IhCHKzD -t1/BujsTuZV5r6aj3J9+ ------END CERTIFICATE----- diff --git a/selfservice/strategy/saml/strategy/strategy_auth.go b/selfservice/strategy/saml/strategy_auth.go similarity index 91% rename from selfservice/strategy/saml/strategy/strategy_auth.go rename to selfservice/strategy/saml/strategy_auth.go index b04bea371291..2b7af9c380ee 100644 --- a/selfservice/strategy/saml/strategy/strategy_auth.go +++ b/selfservice/strategy/saml/strategy_auth.go @@ -1,4 +1,4 @@ -package strategy +package saml import ( "errors" @@ -7,12 +7,11 @@ import ( "github.com/ory/kratos/identity" "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/selfservice/flow/login" - samlsp "github.com/ory/kratos/selfservice/strategy/saml" "github.com/ory/x/sqlcon" ) // Handle SAML Assertion and process to either login or register -func (s *Strategy) processLoginOrRegister(w http.ResponseWriter, r *http.Request, loginFlow *login.Flow, provider samlsp.Provider, claims *samlsp.Claims) (*flow.Flow, error) { +func (s *Strategy) processLoginOrRegister(w http.ResponseWriter, r *http.Request, loginFlow *login.Flow, provider Provider, claims *Claims) (*flow.Flow, error) { // This is a check to see if the user exists in the database i, c, err := s.d.PrivilegedIdentityPool().FindByCredentialsIdentifier(r.Context(), identity.CredentialsTypeSAML, uid(provider.Config().ID, claims.Subject)) diff --git a/selfservice/flow/saml/helpertest/helpertest.go b/selfservice/strategy/saml/strategy_helper_test.go similarity index 80% rename from selfservice/flow/saml/helpertest/helpertest.go rename to selfservice/strategy/saml/strategy_helper_test.go index 21ad51f92b42..6479669bba80 100644 --- a/selfservice/flow/saml/helpertest/helpertest.go +++ b/selfservice/strategy/saml/strategy_helper_test.go @@ -1,4 +1,4 @@ -package helpertest +package saml_test import ( "context" @@ -29,22 +29,20 @@ import ( "github.com/ory/kratos/identity" "github.com/ory/kratos/internal" "github.com/ory/kratos/internal/testhelpers" - samlhandler "github.com/ory/kratos/selfservice/flow/saml" - samlstrategy "github.com/ory/kratos/selfservice/strategy/saml" - samlstrat "github.com/ory/kratos/selfservice/strategy/saml/strategy" + "github.com/ory/kratos/selfservice/strategy/saml" "github.com/ory/kratos/x" ) var TimeNow = func() time.Time { return time.Now().UTC() } var RandReader = rand.Reader -func NewSAMLProvider( +func NewTestSAMLProvider( t *testing.T, kratos *httptest.Server, id, label string, -) samlstrategy.Configuration { +) saml.Configuration { - return samlstrategy.Configuration{ + return saml.Configuration{ ID: id, Label: label, PublicCertPath: "secret", @@ -55,12 +53,12 @@ func NewSAMLProvider( } } -func ViperSetProviderConfig(t *testing.T, conf *config.Config, SAMLProvider ...samlstrategy.Configuration) { - conf.MustSet(context.Background(), config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeSAML)+".config", &samlstrategy.ConfigurationCollection{SAMLProviders: SAMLProvider}) +func ViperSetProviderConfig(t *testing.T, conf *config.Config, SAMLProvider ...saml.Configuration) { + conf.MustSet(context.Background(), config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeSAML)+".config", &saml.ConfigurationCollection{SAMLProviders: SAMLProvider}) conf.MustSet(context.Background(), config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeSAML)+".enabled", true) } -func NewClient(t *testing.T, jar *cookiejar.Jar) *http.Client { +func NewTestClient(t *testing.T, jar *cookiejar.Jar) *http.Client { if jar == nil { j, err := cookiejar.New(nil) jar = j @@ -112,10 +110,10 @@ func mustParsePrivateKey(pemStr []byte) crypto.PrivateKey { return k } -func InitMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Middleware, *samlstrat.Strategy, *httptest.Server, error) { +func InitTestMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Middleware, *saml.Strategy, *httptest.Server, error) { conf, reg := internal.NewFastRegistryWithMocks(t) - strategy := samlstrat.NewStrategy(reg) + strategy := saml.NewStrategy(reg) errTS := testhelpers.NewErrorTestServer(t, reg) routerP := x.NewRouterPublic() routerA := x.NewRouterAdmin() @@ -131,8 +129,8 @@ func InitMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Mid ViperSetProviderConfig( t, conf, - NewSAMLProvider(t, ts, "samlProviderTestID", "samlProviderTestLabel"), - samlstrategy.Configuration{ + NewTestSAMLProvider(t, ts, "samlProviderTestID", "samlProviderTestLabel"), + saml.Configuration{ ID: "samlProviderTestID", Label: "samlProviderTestLabel", PublicCertPath: "file://testdata/myservice.cert", @@ -152,9 +150,9 @@ func InitMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Mid t.Logf("Kratos Error URL: %s", errTS.URL) // Instantiates the MiddleWare - _, err := NewClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata") + _, err := NewTestClient(t, nil).Get(ts.URL + "/self-service/methods/saml/metadata") require.NoError(t, err) - middleware, err := samlhandler.GetMiddleware() + middleware, err := saml.GetMiddleware() require.NoError(t, err) middleware.ServiceProvider.Key = mustParsePrivateKey(golden.Get(t, "key.pem")).(*rsa.PrivateKey) middleware.ServiceProvider.Certificate = mustParseCertificate(golden.Get(t, "cert.pem")) @@ -162,15 +160,15 @@ func InitMiddleware(t *testing.T, idpInformation map[string]string) (*samlsp.Mid return middleware, strategy, ts, err } -func InitMiddlewareWithMetadata(t *testing.T, metadataURL string) (*samlsp.Middleware, *samlstrat.Strategy, *httptest.Server, error) { +func InitTestMiddlewareWithMetadata(t *testing.T, metadataURL string) (*samlsp.Middleware, *saml.Strategy, *httptest.Server, error) { idpInformation := make(map[string]string) idpInformation["idp_metadata_url"] = metadataURL - return InitMiddleware(t, idpInformation) + return InitTestMiddleware(t, idpInformation) } -func InitMiddlewareWithoutMetadata(t *testing.T, idpSsoUrl string, idpEntityId string, - idpCertifiatePath string, idpLogoutUrl string) (*samlsp.Middleware, *samlstrat.Strategy, *httptest.Server, error) { +func InitTestMiddlewareWithoutMetadata(t *testing.T, idpSsoUrl string, idpEntityId string, + idpCertifiatePath string, idpLogoutUrl string) (*samlsp.Middleware, *saml.Strategy, *httptest.Server, error) { idpInformation := make(map[string]string) idpInformation["idp_sso_url"] = idpSsoUrl @@ -178,7 +176,7 @@ func InitMiddlewareWithoutMetadata(t *testing.T, idpSsoUrl string, idpEntityId s idpInformation["idp_certificate_path"] = idpCertifiatePath idpInformation["idp_logout_url"] = idpLogoutUrl - return InitMiddleware(t, idpInformation) + return InitTestMiddleware(t, idpInformation) } func GetAndDecryptAssertion(t *testing.T, samlResponseFile string, key *rsa.PrivateKey) (*crewjamsaml.Assertion, error) { diff --git a/selfservice/strategy/saml/strategy/strategy_login.go b/selfservice/strategy/saml/strategy_login.go similarity index 91% rename from selfservice/strategy/saml/strategy/strategy_login.go rename to selfservice/strategy/saml/strategy_login.go index c8d7941a7123..a265fe69acbb 100644 --- a/selfservice/strategy/saml/strategy/strategy_login.go +++ b/selfservice/strategy/saml/strategy_login.go @@ -1,4 +1,4 @@ -package strategy +package saml import ( "bytes" @@ -14,8 +14,6 @@ import ( "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/selfservice/flow/login" "github.com/ory/kratos/selfservice/flow/registration" - handler "github.com/ory/kratos/selfservice/flow/saml" - samlsp "github.com/ory/kratos/selfservice/strategy/saml" "github.com/ory/kratos/session" "github.com/ory/kratos/text" "github.com/ory/kratos/ui/node" @@ -55,7 +53,7 @@ type SubmitSelfServiceLoginFlowWithSAMLMethodBody struct { } // Login and give a session to the user -func (s *Strategy) processLogin(w http.ResponseWriter, r *http.Request, a *login.Flow, provider samlsp.Provider, c *identity.Credentials, i *identity.Identity, claims *samlsp.Claims) (*registration.Flow, error) { +func (s *Strategy) processLogin(w http.ResponseWriter, r *http.Request, a *login.Flow, provider Provider, c *identity.Credentials, i *identity.Identity, claims *Claims) (*registration.Flow, error) { var o CredentialsConfig if err := json.NewDecoder(bytes.NewBuffer(c.Config)).Decode(&o); err != nil { @@ -117,10 +115,10 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, } if x.IsJSONRequest(r) { - s.d.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(handler.RouteSamlLoginInit)) + s.d.Writer().WriteError(w, r, flow.NewBrowserLocationChangeRequiredError(RouteSamlLoginInit)) } else { - http.Redirect(w, r, handler.RouteSamlLoginInit, http.StatusSeeOther) + http.Redirect(w, r, RouteSamlLoginInit, http.StatusSeeOther) } return nil, errors.WithStack(flow.ErrCompletedByStrategy) diff --git a/selfservice/strategy/saml/strategy/strategy_registration.go b/selfservice/strategy/saml/strategy_registration.go similarity index 94% rename from selfservice/strategy/saml/strategy/strategy_registration.go rename to selfservice/strategy/saml/strategy_registration.go index 5a3b52ceea00..223672f8fff1 100644 --- a/selfservice/strategy/saml/strategy/strategy_registration.go +++ b/selfservice/strategy/saml/strategy_registration.go @@ -1,4 +1,4 @@ -package strategy +package saml import ( "bytes" @@ -15,7 +15,6 @@ import ( "github.com/ory/kratos/selfservice/flow" "github.com/ory/kratos/selfservice/flow/registration" - samlsp "github.com/ory/kratos/selfservice/strategy/saml" "github.com/ory/kratos/text" "github.com/tidwall/gjson" @@ -32,7 +31,7 @@ func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic) { s.setRoutes(r) } -func (s *Strategy) GetRegistrationIdentity(r *http.Request, ctx context.Context, provider samlsp.Provider, claims *samlsp.Claims, logsEnabled bool) (*identity.Identity, error) { +func (s *Strategy) GetRegistrationIdentity(r *http.Request, ctx context.Context, provider Provider, claims *Claims, logsEnabled bool) (*identity.Identity, error) { // Fetch fetches the file contents from the mapper file. jn, err := s.f.Fetch(provider.Config().Mapper) if err != nil { @@ -102,7 +101,7 @@ func (s *Strategy) GetRegistrationIdentity(r *http.Request, ctx context.Context, return i, nil } -func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a *registration.Flow, provider samlsp.Provider, claims *samlsp.Claims) error { +func (s *Strategy) processRegistration(w http.ResponseWriter, r *http.Request, a *registration.Flow, provider Provider, claims *Claims) error { i, err := s.GetRegistrationIdentity(r, r.Context(), provider, claims, true) if err != nil { diff --git a/selfservice/strategy/saml/strategy/test/strategy_test.go b/selfservice/strategy/saml/strategy_test.go similarity index 68% rename from selfservice/strategy/saml/strategy/test/strategy_test.go rename to selfservice/strategy/saml/strategy_test.go index cd1ee0128875..88578370c36b 100644 --- a/selfservice/strategy/saml/strategy/test/strategy_test.go +++ b/selfservice/strategy/saml/strategy_test.go @@ -1,4 +1,4 @@ -package strategy_test +package saml_test import ( "bytes" @@ -8,9 +8,7 @@ import ( "testing" "github.com/ory/kratos/identity" - samlhandler "github.com/ory/kratos/selfservice/flow/saml" - helpertest "github.com/ory/kratos/selfservice/flow/saml/helpertest" - samlstrategy "github.com/ory/kratos/selfservice/strategy/saml/strategy" + "github.com/ory/kratos/selfservice/strategy/saml" "github.com/stretchr/testify/require" "gotest.tools/assert" @@ -23,12 +21,12 @@ func TestGetAndDecryptAssertion(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - middleware, _, _, _ := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + middleware, _, _, _ := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") - assertion, err := helpertest.GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key) + assertion, err := GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key) require.NoError(t, err) assert.Check(t, assertion != nil) @@ -39,12 +37,12 @@ func TestGetAttributesFromAssertion(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - middleware, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + middleware, strategy, _, _ := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") - assertion, _ := helpertest.GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key) + assertion, _ := GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key) mapAttributes, err := strategy.GetAttributesFromAssertion(assertion) @@ -69,10 +67,10 @@ func TestCreateAuthRequest(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - middleware, _, _, _ := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + middleware, _, _, _ := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") authReq, err := middleware.ServiceProvider.MakeAuthenticationRequest("https://samltest.id/idp/profile/SAML2/Redirect/SSO", "saml.HTTPPostBinding", "saml.HTTPPostBinding") require.NoError(t, err) @@ -93,10 +91,10 @@ func TestProvider(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - _, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + _, strategy, _, _ := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") provider, err := strategy.Provider(context.Background()) require.NoError(t, err) @@ -110,10 +108,10 @@ func TestConfig(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - _, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + _, strategy, _, _ := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") config, err := strategy.Config(context.Background()) require.NoError(t, err) @@ -128,10 +126,10 @@ func TestID(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - _, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + _, strategy, _, _ := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") id := strategy.ID() gotest.Check(t, id == "saml") @@ -142,16 +140,16 @@ func TestCountActiveCredentials(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - _, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + _, strategy, _, _ := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") mapCredentials := make(map[identity.CredentialsType]identity.Credentials) var b bytes.Buffer - err := json.NewEncoder(&b).Encode(samlstrategy.CredentialsConfig{ - Providers: []samlstrategy.ProviderCredentialsConfig{ + err := json.NewEncoder(&b).Encode(saml.CredentialsConfig{ + Providers: []saml.ProviderCredentialsConfig{ { Subject: "testUserID", Provider: "saml", @@ -175,13 +173,13 @@ func TestGetRegistrationIdentity(t *testing.T) { t.Skip() } - samlhandler.DestroyMiddlewareIfExists() + saml.DestroyMiddlewareIfExists() - middleware, strategy, _, _ := helpertest.InitMiddlewareWithMetadata(t, - "file://testdata/idp_saml_metadata.xml") + middleware, strategy, _, _ := InitTestMiddlewareWithMetadata(t, + "file://testdata/SP_IDPMetadata.xml") provider, _ := strategy.Provider(context.Background()) - assertion, _ := helpertest.GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key) + assertion, _ := GetAndDecryptAssertion(t, "./testdata/SP_SamlResponse.xml", middleware.ServiceProvider.Key) attributes, _ := strategy.GetAttributesFromAssertion(assertion) claims, _ := provider.Claims(context.Background(), strategy.D().Config(), attributes) diff --git a/selfservice/strategy/saml/strategy/test/testdata/SP_IDPMetadata.xml b/selfservice/strategy/saml/testdata/SP_IDPMetadata.xml similarity index 100% rename from selfservice/strategy/saml/strategy/test/testdata/SP_IDPMetadata.xml rename to selfservice/strategy/saml/testdata/SP_IDPMetadata.xml diff --git a/selfservice/strategy/saml/strategy/test/testdata/SP_SamlResponse.xml b/selfservice/strategy/saml/testdata/SP_SamlResponse.xml similarity index 100% rename from selfservice/strategy/saml/strategy/test/testdata/SP_SamlResponse.xml rename to selfservice/strategy/saml/testdata/SP_SamlResponse.xml diff --git a/selfservice/strategy/saml/strategy/test/testdata/TestSPCanHandleOneloginResponse_response b/selfservice/strategy/saml/testdata/TestSPCanHandleOneloginResponse_response similarity index 100% rename from selfservice/strategy/saml/strategy/test/testdata/TestSPCanHandleOneloginResponse_response rename to selfservice/strategy/saml/testdata/TestSPCanHandleOneloginResponse_response diff --git a/selfservice/flow/saml/test/testdata/cert.pem b/selfservice/strategy/saml/testdata/cert.pem similarity index 100% rename from selfservice/flow/saml/test/testdata/cert.pem rename to selfservice/strategy/saml/testdata/cert.pem diff --git a/selfservice/flow/saml/test/testdata/expected_metadata.xml b/selfservice/strategy/saml/testdata/expected_metadata.xml similarity index 100% rename from selfservice/flow/saml/test/testdata/expected_metadata.xml rename to selfservice/strategy/saml/testdata/expected_metadata.xml diff --git a/selfservice/flow/saml/test/testdata/key.pem b/selfservice/strategy/saml/testdata/key.pem similarity index 100% rename from selfservice/flow/saml/test/testdata/key.pem rename to selfservice/strategy/saml/testdata/key.pem diff --git a/selfservice/flow/saml/test/testdata/myservice.cert b/selfservice/strategy/saml/testdata/myservice.cert similarity index 100% rename from selfservice/flow/saml/test/testdata/myservice.cert rename to selfservice/strategy/saml/testdata/myservice.cert diff --git a/selfservice/flow/saml/test/testdata/myservice.key b/selfservice/strategy/saml/testdata/myservice.key similarity index 100% rename from selfservice/flow/saml/test/testdata/myservice.key rename to selfservice/strategy/saml/testdata/myservice.key diff --git a/selfservice/flow/saml/test/testdata/registration.schema.json b/selfservice/strategy/saml/testdata/registration.schema.json similarity index 100% rename from selfservice/flow/saml/test/testdata/registration.schema.json rename to selfservice/strategy/saml/testdata/registration.schema.json diff --git a/selfservice/flow/saml/test/testdata/saml.jsonnet b/selfservice/strategy/saml/testdata/saml.jsonnet similarity index 100% rename from selfservice/flow/saml/test/testdata/saml.jsonnet rename to selfservice/strategy/saml/testdata/saml.jsonnet diff --git a/selfservice/strategy/saml/strategy/test/testdata/saml_response.xml b/selfservice/strategy/saml/testdata/saml_response.xml similarity index 100% rename from selfservice/strategy/saml/strategy/test/testdata/saml_response.xml rename to selfservice/strategy/saml/testdata/saml_response.xml diff --git a/selfservice/flow/saml/test/testdata/samlkratos.crt b/selfservice/strategy/saml/testdata/samlkratos.crt similarity index 100% rename from selfservice/flow/saml/test/testdata/samlkratos.crt rename to selfservice/strategy/saml/testdata/samlkratos.crt diff --git a/selfservice/strategy/saml/strategy/types.go b/selfservice/strategy/saml/types.go similarity index 88% rename from selfservice/strategy/saml/strategy/types.go rename to selfservice/strategy/saml/types.go index 60db543da1a8..a6de0bd7ac79 100644 --- a/selfservice/strategy/saml/strategy/types.go +++ b/selfservice/strategy/saml/types.go @@ -1,11 +1,10 @@ -package strategy +package saml import ( "bytes" "encoding/json" "github.com/ory/kratos/identity" - "github.com/ory/kratos/selfservice/strategy/saml" "github.com/ory/kratos/text" "github.com/ory/kratos/ui/container" "github.com/ory/kratos/ui/node" @@ -40,7 +39,7 @@ func NewCredentialsForSAML(subject string, provider string) (*identity.Credentia }, nil } -func AddProviders(c *container.Container, providers []saml.Configuration, message func(provider string) *text.Message) { +func AddProviders(c *container.Container, providers []Configuration, message func(provider string) *text.Message) { for _, p := range providers { AddProvider(c, p.ID, message( stringsx.Coalesce(p.Label, p.ID)))