unstaged

cmd/cli/handler.go

@@ -25,19 +25,19 @@ import (
 )
 
 type Handler struct {
-	Clients   *ClientHandler
-	Keys      *JWKHandler
-	Warden    *IntrospectionHandler
-	Token     *TokenHandler
-	Migration *MigrateHandler
+	Clients       *ClientHandler
+	Keys          *JWKHandler
+	Introspection *IntrospectionHandler
+	Token         *TokenHandler
+	Migration     *MigrateHandler
 }
 
 func NewHandler(c *config.Config) *Handler {
 	return &Handler{
-		Clients:   newClientHandler(c),
-		Keys:      newJWKHandler(c),
-		Warden:    newIntrospectionHandler(c),
-		Token:     newTokenHandler(c),
-		Migration: newMigrateHandler(c),
+		Clients:       newClientHandler(c),
+		Keys:          newJWKHandler(c),
+		Introspection: newIntrospectionHandler(c),
+		Token:         newTokenHandler(c),
+		Migration:     newMigrateHandler(c),
 	}
 }

cmd/cli/handler_client.go

@@ -21,13 +21,13 @@
 package cli
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
+	"net/http"
 	"os"
 	"strings"
 
-	"net/http"
-
 	"github.com/ory/hydra/config"
 	"github.com/ory/hydra/pkg"
 	hydra "github.com/ory/hydra/sdk/go/hydra/swagger"
@@ -46,12 +46,20 @@ func newClientHandler(c *config.Config) *ClientHandler {
 
 func (h *ClientHandler) newClientManager(cmd *cobra.Command) *hydra.OAuth2Api {
 	c := hydra.NewOAuth2ApiWithBasePath(h.Config.GetClusterURLWithoutTailingSlash())
-	c.Configuration.Transport = h.Config.OAuth2Client(cmd).Transport
+
+	fakeTlsTermination, _ := cmd.Flags().GetBool("skip-tls-verify")
+	c.Configuration.Transport = &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: fakeTlsTermination},
+	}
 
 	if term, _ := cmd.Flags().GetBool("fake-tls-termination"); term {
 		c.Configuration.DefaultHeader["X-Forwarded-Proto"] = "https"
 	}
 
+	if token, _ := cmd.Flags().GetString("access-token"); token != "" {
+		c.Configuration.DefaultHeader["Authorization"] = "Bearer " + token
+	}
+
 	return c
 }
 
@@ -81,7 +89,7 @@ func (h *ClientHandler) CreateClient(cmd *cobra.Command, args []string) {
 	m := h.newClientManager(cmd)
 	responseTypes, _ := cmd.Flags().GetStringSlice("response-types")
 	grantTypes, _ := cmd.Flags().GetStringSlice("grant-types")
-	allowedScopes, _ := cmd.Flags().GetStringSlice("allowed-scopes")
+	allowedScopes, _ := cmd.Flags().GetStringSlice("scope")
 	callbacks, _ := cmd.Flags().GetStringSlice("callbacks")
 	name, _ := cmd.Flags().GetString("name")
 	secret, _ := cmd.Flags().GetString("secret")

cmd/cli/handler_introspection.go

@@ -21,6 +21,7 @@
 package cli
 
 import (
+	"crypto/tls"
 	//"context"
 	//"encoding/json"
 	"fmt"
@@ -45,14 +46,29 @@ func newIntrospectionHandler(c *config.Config) *IntrospectionHandler {
 	}
 }
 
-func (h *IntrospectionHandler) IsAuthorized(cmd *cobra.Command, args []string) {
+func (h *IntrospectionHandler) Introspect(cmd *cobra.Command, args []string) {
 	if len(args) != 1 {
 		fmt.Print(cmd.UsageString())
 		return
 	}
 
 	c := hydra.NewOAuth2ApiWithBasePath(h.Config.GetClusterURLWithoutTailingSlash())
-	c.Configuration.Transport = h.Config.OAuth2Client(cmd).Transport
+
+	clientID, _ := cmd.Flags().GetString("client-id")
+	clientSecret, _ := cmd.Flags().GetString("client-secret")
+	if clientID == "" || clientSecret == "" {
+		fmt.Print(cmd.UsageString())
+		fmt.Println("Please provide a Client ID and Client Secret using flags --client-id and --client-secret, or environment variables OAUTH2_CLIENT_ID and OAUTH2_CLIENT_SECRET.")
+		return
+	}
+
+	c.Configuration.Username = clientID
+	c.Configuration.Password = clientSecret
+
+	skipTLSTermination, _ := cmd.Flags().GetBool("skip-tls-verify")
+	c.Configuration.Transport = &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: skipTLSTermination},
+	}
 
 	if term, _ := cmd.Flags().GetBool("fake-tls-termination"); term {
 		c.Configuration.DefaultHeader["X-Forwarded-Proto"] = "https"

cmd/cli/handler_jwk.go

@@ -21,6 +21,7 @@
 package cli
 
 import (
+	"crypto/tls"
 	"fmt"
 
 	"net/http"
@@ -36,11 +37,20 @@ type JWKHandler struct {
 
 func (h *JWKHandler) newJwkManager(cmd *cobra.Command) *hydra.JsonWebKeyApi {
 	c := hydra.NewJsonWebKeyApiWithBasePath(h.Config.GetClusterURLWithoutTailingSlash())
-	c.Configuration.Transport = h.Config.OAuth2Client(cmd).Transport
+
+	skipTLSTermination, _ := cmd.Flags().GetBool("skip-tls-verify")
+	c.Configuration.Transport = &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: skipTLSTermination},
+	}
+
 	if term, _ := cmd.Flags().GetBool("fake-tls-termination"); term {
 		c.Configuration.DefaultHeader["X-Forwarded-Proto"] = "https"
 	}
 
+	if token, _ := cmd.Flags().GetString("access-token"); token != "" {
+		c.Configuration.DefaultHeader["Authorization"] = "Bearer " + token
+	}
+
 	return c
 }
 

cmd/cli/handler_token.go

@@ -37,11 +37,20 @@ type TokenHandler struct {
 
 func (h *TokenHandler) newTokenManager(cmd *cobra.Command) *hydra.OAuth2Api {
 	c := hydra.NewOAuth2ApiWithBasePath(h.Config.GetClusterURLWithoutTailingSlash())
-	c.Configuration.Transport = h.Config.OAuth2Client(cmd).Transport
+
+	skipTLSTermination, _ := cmd.Flags().GetBool("skip-tls-verify")
+	c.Configuration.Transport = &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: skipTLSTermination},
+	}
+
 	if term, _ := cmd.Flags().GetBool("fake-tls-termination"); term {
 		c.Configuration.DefaultHeader["X-Forwarded-Proto"] = "https"
 	}
 
+	if token, _ := cmd.Flags().GetString("access-token"); token != "" {
+		c.Configuration.DefaultHeader["Authorization"] = "Bearer " + token
+	}
+
 	return c
 }
 
@@ -56,8 +65,22 @@ func (h *TokenHandler) RevokeToken(cmd *cobra.Command, args []string) {
 	}
 
 	handler := hydra.NewOAuth2ApiWithBasePath(h.Config.GetClusterURLWithoutTailingSlash())
-	handler.Configuration.Username = h.Config.ClientID
-	handler.Configuration.Password = h.Config.ClientSecret
+
+	skipTLSTermination, _ := cmd.Flags().GetBool("skip-tls-verify")
+	handler.Configuration.Transport = &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: skipTLSTermination},
+	}
+
+	clientID, _ := cmd.Flags().GetString("client-id")
+	clientSecret, _ := cmd.Flags().GetString("client-secret")
+	if clientID == "" || clientSecret == "" {
+		fmt.Print(cmd.UsageString())
+		fmt.Println("Please provide a Client ID and Client Secret using flags --client-id and --client-secret, or environment variables OAUTH2_CLIENT_ID and OAUTH2_CLIENT_SECRET.")
+		return
+	}
+
+	handler.Configuration.Username = clientID
+	handler.Configuration.Password = clientSecret
 
 	if skip, _ := cmd.Flags().GetBool("skip-tls-verify"); skip {
 		handler.Configuration.Transport = &http.Transport{

cmd/clients.go

@@ -21,6 +21,8 @@
 package cmd
 
 import (
+	"os"
+
 	"github.com/spf13/cobra"
 )
 
@@ -34,7 +36,8 @@ var clientsCmd = &cobra.Command{
 func init() {
 	RootCmd.AddCommand(clientsCmd)
 	//clientsCmd.PersistentFlags().Bool("dry", false, "do not execute the command but show the corresponding curl command instead")
-	clientsCmd.PersistentFlags().Bool("fake-tls-termination", false, `fake tls termination by adding "X-Forwarded-Proto: https"" to http headers`)
+	clientsCmd.PersistentFlags().Bool("fake-tls-termination", false, `Fake tls termination by adding "X-Forwarded-Proto: https" to http headers`)
+	clientsCmd.PersistentFlags().String("access-token", os.Getenv("OAUTH2_ACCESS_TOKEN"), "Set an access token to be used in the Authorization header, defaults to environment variable ACCESS_TOKEN")
 
 	// Here you will define your flags and configuration settings.
 

cmd/keys.go

@@ -21,6 +21,8 @@
 package cmd
 
 import (
+	"os"
+
 	"github.com/spf13/cobra"
 )
 
@@ -33,7 +35,8 @@ var keysCmd = &cobra.Command{
 func init() {
 	RootCmd.AddCommand(keysCmd)
 	//keysCmd.PersistentFlags().Bool("dry", false, "do not execute the command but show the corresponding curl command instead")
-	keysCmd.PersistentFlags().Bool("fake-tls-termination", false, `fake tls termination by adding "X-Forwarded-Proto: https"" to http headers`)
+	keysCmd.PersistentFlags().Bool("fake-tls-termination", false, `fake tls termination by adding "X-Forwarded-Proto: https" to http headers`)
+	keysCmd.PersistentFlags().String("access-token", os.Getenv("OAUTH2_ACCESS_TOKEN"), "Set an access token to be used in the Authorization header, defaults to environment variable ACCESS_TOKEN")
 
 	// Here you will define your flags and configuration settings.
 

cmd/root.go

@@ -76,8 +76,8 @@ func init() {
 	// Cobra supports Persistent Flags, which, if defined here,
 	// will be global for your application.
 
-	RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.hydra.yaml)")
-	RootCmd.PersistentFlags().Bool("skip-tls-verify", false, "foolishly accept TLS certificates signed by unkown certificate authorities")
+	RootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "Config file (default is $HOME/.hydra.yaml)")
+	RootCmd.PersistentFlags().Bool("skip-tls-verify", false, "Foolishly accept TLS certificates signed by unkown certificate authorities")
 
 	// Cobra also supports local flags, which will only run
 	// when this action is called directly.

cmd/root_test.go

@@ -21,27 +21,33 @@
 package cmd
 
 import (
+	"crypto/tls"
 	"fmt"
+	"net/http"
 	"os"
-	"path/filepath"
 	"testing"
 	"time"
 
-	"github.com/pborman/uuid"
+	"github.com/phayes/freeport"
 	"github.com/stretchr/testify/assert"
 )
 
+var port int
+
 func init() {
-	c.BindPort = 13124
+	var err error
+	port, err = freeport.GetFreePort()
+	if err != nil {
+		panic(err.Error())
+	}
+	os.Setenv("PORT", fmt.Sprintf("%d", port))
 }
 
 func TestExecute(t *testing.T) {
 	var osArgs = make([]string, len(os.Args))
-	var path = filepath.Join(os.TempDir(), fmt.Sprintf("hydra-%s.yml", uuid.New()))
 	os.Setenv("DATABASE_URL", "memory")
-	os.Setenv("FORCE_ROOT_CLIENT_ID", "admin")
-	os.Setenv("FORCE_ROOT_CLIENT_SECRET", "pw")
-	os.Setenv("OAUTH2_ISSUER_URL", "https://localhost:4444/")
+	os.Setenv("CLUSTER_URL", fmt.Sprintf("https://localhost:%d/", port))
+	os.Setenv("OAUTH2_ISSUER_URL", fmt.Sprintf("https://localhost:%d/", port))
 	copy(osArgs, os.Args)
 
 	for _, c := range []struct {
@@ -50,38 +56,42 @@ func TestExecute(t *testing.T) {
 		expectErr bool
 	}{
 		{
-			args: []string{"host", "--dangerous-auto-logon", "--disable-telemetry"},
+			args: []string{"serve", "--disable-telemetry"},
 			wait: func() bool {
-				_, err := os.Stat(path)
+				client := &http.Client{
+					Transport: &transporter{
+						FakeTLSTermination: true,
+						Transport: &http.Transport{
+							TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+						},
+					},
+				}
+
+				_, err := client.Get(fmt.Sprintf("https://127.0.0.1:%d/health/status", port))
 				if err != nil {
-					t.Logf("Could not stat path %s because %s", path, err)
+					t.Logf("HTTP request failed: %s", err)
 				} else {
 					time.Sleep(time.Second * 5)
 				}
 				return err != nil
 			},
 		},
-		{args: []string{"connect", "--skip-newsletter", "--id", "admin", "--secret", "pw", "--url", "https://127.0.0.1:4444"}},
-		{args: []string{"clients", "create", "--id", "foobarbaz"}},
+		{args: []string{"clients", "create", "--id", "foobarbaz", "--secret", "foobar", "-g", "client_credentials"}},
 		{args: []string{"clients", "get", "foobarbaz"}},
 		{args: []string{"clients", "create", "--id", "public-foo", "--is-public"}},
-		{args: []string{"clients", "delete", "foobarbaz"}},
+		{args: []string{"clients", "delete", "public-foo"}},
 		{args: []string{"keys", "create", "foo", "-a", "HS256"}},
 		{args: []string{"keys", "create", "foo", "-a", "HS256"}},
 		{args: []string{"keys", "get", "foo"}},
 		{args: []string{"keys", "delete", "foo"}},
-		{args: []string{"token", "revoke", "foo"}},
-		{args: []string{"token", "client"}},
+		{args: []string{"token", "revoke", "--client-secret", "foobar", "--client-id", "foobarbaz", "foo"}},
+		{args: []string{"token", "client", "--client-secret", "foobar", "--client-id", "foobarbaz"}},
 		{args: []string{"help", "migrate", "sql"}},
 		{args: []string{"help", "migrate", "ladon", "0.6.0"}},
 		{args: []string{"version"}},
 		{args: []string{"token", "flush"}},
-		{args: []string{"token", "user", "--no-open"}, wait: func() bool {
-			time.Sleep(time.Millisecond * 10)
-			return false
-		}},
 	} {
-		c.args = append(c.args, []string{"--skip-tls-verify", "--config", path}...)
+		c.args = append(c.args, []string{"--skip-tls-verify"}...)
 		RootCmd.SetArgs(c.args)
 
 		t.Run(fmt.Sprintf("command=%v", c.args), func(t *testing.T) {

cmd/host.go → cmd/serve.go

@@ -25,9 +25,9 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// hostCmd represents the host command
-var hostCmd = &cobra.Command{
-	Use:   "host",
+// serveCmd represents the host command
+var serveCmd = &cobra.Command{
+	Use:   "serve",
 	Short: "Start the HTTP/2 host service",
 	Long: `Starts all HTTP/2 APIs and connects to a database backend.
 
@@ -198,19 +198,19 @@ DEBUG CONTROLS
 }
 
 func init() {
-	RootCmd.AddCommand(hostCmd)
+	RootCmd.AddCommand(serveCmd)
 
 	// Here you will define your flags and configuration settings.
 
 	// Cobra supports Persistent Flags which will work for this command
 	// and all subcommands, e.g.:
-	// hostCmd.PersistentFlags().String("foo", "", "A help for foo")
+	// serveCmd.PersistentFlags().String("foo", "", "A help for foo")
 
 	// Cobra supports local flags which will only run when this command
 	// is called directly, e.g.:
-	hostCmd.Flags().BoolVar(&c.ForceHTTP, "dangerous-force-http", false, "Disable HTTP/2 over TLS (HTTPS) and serve HTTP instead. Never use this in production.")
-	hostCmd.Flags().Bool("dangerous-auto-logon", false, "Stores the root credentials in ~/.hydra.yml. Do not use in production.")
-	hostCmd.Flags().Bool("disable-telemetry", false, "Disable telemetry collection and sharing - for more information please visit https://ory.gitbooks.io/hydra/content/telemetry.html")
-	hostCmd.Flags().String("https-tls-key-path", "", "Path to the key file for HTTP/2 over TLS (https). You can set HTTPS_TLS_KEY_PATH or HTTPS_TLS_KEY instead.")
-	hostCmd.Flags().String("https-tls-cert-path", "", "Path to the certificate file for HTTP/2 over TLS (https). You can set HTTPS_TLS_CERT_PATH or HTTPS_TLS_CERT instead.")
+	serveCmd.Flags().BoolVar(&c.ForceHTTP, "dangerous-force-http", false, "Disable HTTP/2 over TLS (HTTPS) and serve HTTP instead. Never use this in production.")
+	//serveCmd.Flags().Bool("dangerous-auto-logon", false, "Stores the root credentials in ~/.hydra.yml. Do not use in production.")
+	serveCmd.Flags().Bool("disable-telemetry", false, "Disable telemetry collection and sharing - for more information please visit https://ory.gitbooks.io/hydra/content/telemetry.html")
+	serveCmd.Flags().String("https-tls-key-path", "", "Path to the key file for HTTP/2 over TLS (https). You can set HTTPS_TLS_KEY_PATH or HTTPS_TLS_KEY instead.")
+	serveCmd.Flags().String("https-tls-cert-path", "", "Path to the certificate file for HTTP/2 over TLS (https). You can set HTTPS_TLS_CERT_PATH or HTTPS_TLS_CERT instead.")
 }

cmd/token.go

@@ -33,5 +33,5 @@ var tokenCmd = &cobra.Command{
 func init() {
 	RootCmd.AddCommand(tokenCmd)
 	//tokenCmd.PersistentFlags().Bool("dry", false, "do not execute the command but show the corresponding curl command instead")
-	tokenCmd.PersistentFlags().Bool("fake-tls-termination", false, `fake tls termination by adding "X-Forwarded-Proto: https"" to http headers`)
+	tokenCmd.PersistentFlags().Bool("fake-tls-termination", false, `fake tls termination by adding "X-Forwarded-Proto: https" to http headers`)
 }