diff --git a/CHANGELOG.md b/CHANGELOG.md index bab68a10dd8f..9a34aa1c43ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,12 +5,13 @@ **Table of Contents** -- [ (2022-12-06)](#2022-12-06) +- [ (2022-12-19)](#2022-12-19) - [Breaking Changes](#breaking-changes) + - [Bug Fixes](#bug-fixes) - [Features](#features) - [0.11.0 (2022-12-02)](#0110-2022-12-02) - [Breaking Changes](#breaking-changes-1) - - [Bug Fixes](#bug-fixes) + - [Bug Fixes](#bug-fixes-1) - [Code Generation](#code-generation) - [Code Refactoring](#code-refactoring) - [Documentation](#documentation) @@ -19,11 +20,11 @@ - [Tests](#tests) - [Unclassified](#unclassified) - [0.10.1 (2022-06-01)](#0101-2022-06-01) - - [Bug Fixes](#bug-fixes-1) + - [Bug Fixes](#bug-fixes-2) - [Code Generation](#code-generation-1) - [0.10.0 (2022-05-30)](#0100-2022-05-30) - [Breaking Changes](#breaking-changes-2) - - [Bug Fixes](#bug-fixes-2) + - [Bug Fixes](#bug-fixes-3) - [Code Generation](#code-generation-2) - [Code Refactoring](#code-refactoring-1) - [Documentation](#documentation-1) @@ -32,15 +33,15 @@ - [Unclassified](#unclassified-1) - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25) - [Breaking Changes](#breaking-changes-3) - - [Bug Fixes](#bug-fixes-3) + - [Bug Fixes](#bug-fixes-4) - [Code Generation](#code-generation-3) - [Documentation](#documentation-2) - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22) - - [Bug Fixes](#bug-fixes-4) + - [Bug Fixes](#bug-fixes-5) - [Code Generation](#code-generation-4) - [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21) - [Breaking Changes](#breaking-changes-4) - - [Bug Fixes](#bug-fixes-5) + - [Bug Fixes](#bug-fixes-6) - [Code Generation](#code-generation-5) - [Code Refactoring](#code-refactoring-2) - [Documentation](#documentation-3) @@ -49,37 +50,37 @@ - [Unclassified](#unclassified-2) - [0.8.3-alpha.1.pre.0 (2022-01-21)](#083-alpha1pre0-2022-01-21) - [Breaking Changes](#breaking-changes-5) - - [Bug Fixes](#bug-fixes-6) + - [Bug Fixes](#bug-fixes-7) - [Code Generation](#code-generation-6) - [Code Refactoring](#code-refactoring-3) - [Documentation](#documentation-4) - [Features](#features-4) - [Tests](#tests-3) - [0.8.2-alpha.1 (2021-12-17)](#082-alpha1-2021-12-17) - - [Bug Fixes](#bug-fixes-7) + - [Bug Fixes](#bug-fixes-8) - [Code Generation](#code-generation-7) - [Documentation](#documentation-5) - [0.8.1-alpha.1 (2021-12-13)](#081-alpha1-2021-12-13) - - [Bug Fixes](#bug-fixes-8) + - [Bug Fixes](#bug-fixes-9) - [Code Generation](#code-generation-8) - [Documentation](#documentation-6) - [Features](#features-5) - [Tests](#tests-4) - [0.8.0-alpha.4.pre.0 (2021-11-09)](#080-alpha4pre0-2021-11-09) - [Breaking Changes](#breaking-changes-6) - - [Bug Fixes](#bug-fixes-9) + - [Bug Fixes](#bug-fixes-10) - [Code Generation](#code-generation-9) - [Documentation](#documentation-7) - [Features](#features-6) - [Tests](#tests-5) - [0.8.0-alpha.3 (2021-10-28)](#080-alpha3-2021-10-28) - - [Bug Fixes](#bug-fixes-10) + - [Bug Fixes](#bug-fixes-11) - [Code Generation](#code-generation-10) - [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28) - [Code Generation](#code-generation-11) - [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27) - [Breaking Changes](#breaking-changes-7) - - [Bug Fixes](#bug-fixes-11) + - [Bug Fixes](#bug-fixes-12) - [Code Generation](#code-generation-12) - [Code Refactoring](#code-refactoring-4) - [Documentation](#documentation-8) @@ -92,24 +93,24 @@ - [0.7.5-alpha.1 (2021-09-11)](#075-alpha1-2021-09-11) - [Code Generation](#code-generation-14) - [0.7.4-alpha.1 (2021-09-09)](#074-alpha1-2021-09-09) - - [Bug Fixes](#bug-fixes-12) + - [Bug Fixes](#bug-fixes-13) - [Code Generation](#code-generation-15) - [Documentation](#documentation-9) - [Features](#features-8) - [Tests](#tests-7) - [0.7.3-alpha.1 (2021-08-28)](#073-alpha1-2021-08-28) - - [Bug Fixes](#bug-fixes-13) + - [Bug Fixes](#bug-fixes-14) - [Code Generation](#code-generation-16) - [Documentation](#documentation-10) - [Features](#features-9) - [0.7.1-alpha.1 (2021-07-22)](#071-alpha1-2021-07-22) - - [Bug Fixes](#bug-fixes-14) + - [Bug Fixes](#bug-fixes-15) - [Code Generation](#code-generation-17) - [Documentation](#documentation-11) - [Tests](#tests-8) - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13) - [Breaking Changes](#breaking-changes-8) - - [Bug Fixes](#bug-fixes-15) + - [Bug Fixes](#bug-fixes-16) - [Code Generation](#code-generation-18) - [Code Refactoring](#code-refactoring-5) - [Documentation](#documentation-12) @@ -118,7 +119,7 @@ - [Unclassified](#unclassified-4) - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17) - [Breaking Changes](#breaking-changes-9) - - [Bug Fixes](#bug-fixes-16) + - [Bug Fixes](#bug-fixes-17) - [Code Generation](#code-generation-19) - [Code Refactoring](#code-refactoring-6) - [0.6.2-alpha.1 (2021-05-14)](#062-alpha1-2021-05-14) @@ -128,12 +129,12 @@ - [Code Generation](#code-generation-21) - [Features](#features-11) - [0.6.0-alpha.2 (2021-05-07)](#060-alpha2-2021-05-07) - - [Bug Fixes](#bug-fixes-17) + - [Bug Fixes](#bug-fixes-18) - [Code Generation](#code-generation-22) - [Features](#features-12) - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05) - [Breaking Changes](#breaking-changes-10) - - [Bug Fixes](#bug-fixes-18) + - [Bug Fixes](#bug-fixes-19) - [Code Generation](#code-generation-23) - [Code Refactoring](#code-refactoring-7) - [Documentation](#documentation-14) @@ -141,31 +142,31 @@ - [Tests](#tests-10) - [Unclassified](#unclassified-5) - [0.5.5-alpha.1 (2020-12-09)](#055-alpha1-2020-12-09) - - [Bug Fixes](#bug-fixes-19) + - [Bug Fixes](#bug-fixes-20) - [Code Generation](#code-generation-24) - [Documentation](#documentation-15) - [Features](#features-14) - [Tests](#tests-11) - [Unclassified](#unclassified-6) - [0.5.4-alpha.1 (2020-11-11)](#054-alpha1-2020-11-11) - - [Bug Fixes](#bug-fixes-20) + - [Bug Fixes](#bug-fixes-21) - [Code Generation](#code-generation-25) - [Code Refactoring](#code-refactoring-8) - [Documentation](#documentation-16) - [Features](#features-15) - [0.5.3-alpha.1 (2020-10-27)](#053-alpha1-2020-10-27) - - [Bug Fixes](#bug-fixes-21) + - [Bug Fixes](#bug-fixes-22) - [Code Generation](#code-generation-26) - [Documentation](#documentation-17) - [Features](#features-16) - [Tests](#tests-12) - [0.5.2-alpha.1 (2020-10-22)](#052-alpha1-2020-10-22) - - [Bug Fixes](#bug-fixes-22) + - [Bug Fixes](#bug-fixes-23) - [Code Generation](#code-generation-27) - [Documentation](#documentation-18) - [Tests](#tests-13) - [0.5.1-alpha.1 (2020-10-20)](#051-alpha1-2020-10-20) - - [Bug Fixes](#bug-fixes-23) + - [Bug Fixes](#bug-fixes-24) - [Code Generation](#code-generation-28) - [Documentation](#documentation-19) - [Features](#features-17) @@ -173,7 +174,7 @@ - [Unclassified](#unclassified-7) - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15) - [Breaking Changes](#breaking-changes-11) - - [Bug Fixes](#bug-fixes-24) + - [Bug Fixes](#bug-fixes-25) - [Code Generation](#code-generation-29) - [Code Refactoring](#code-refactoring-9) - [Documentation](#documentation-20) @@ -181,24 +182,24 @@ - [Tests](#tests-15) - [Unclassified](#unclassified-8) - [0.4.6-alpha.1 (2020-07-13)](#046-alpha1-2020-07-13) - - [Bug Fixes](#bug-fixes-25) + - [Bug Fixes](#bug-fixes-26) - [Code Generation](#code-generation-30) - [0.4.5-alpha.1 (2020-07-13)](#045-alpha1-2020-07-13) - - [Bug Fixes](#bug-fixes-26) + - [Bug Fixes](#bug-fixes-27) - [Code Generation](#code-generation-31) - [0.4.4-alpha.1 (2020-07-10)](#044-alpha1-2020-07-10) - - [Bug Fixes](#bug-fixes-27) + - [Bug Fixes](#bug-fixes-28) - [Code Generation](#code-generation-32) - [Documentation](#documentation-21) - [0.4.3-alpha.1 (2020-07-08)](#043-alpha1-2020-07-08) - - [Bug Fixes](#bug-fixes-28) + - [Bug Fixes](#bug-fixes-29) - [Code Generation](#code-generation-33) - [0.4.2-alpha.1 (2020-07-08)](#042-alpha1-2020-07-08) - - [Bug Fixes](#bug-fixes-29) + - [Bug Fixes](#bug-fixes-30) - [Code Generation](#code-generation-34) - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08) - [Breaking Changes](#breaking-changes-12) - - [Bug Fixes](#bug-fixes-30) + - [Bug Fixes](#bug-fixes-31) - [Code Generation](#code-generation-35) - [Code Refactoring](#code-refactoring-10) - [Documentation](#documentation-22) @@ -206,7 +207,7 @@ - [Unclassified](#unclassified-9) - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15) - [Breaking Changes](#breaking-changes-13) - - [Bug Fixes](#bug-fixes-31) + - [Bug Fixes](#bug-fixes-32) - [Chores](#chores) - [Code Refactoring](#code-refactoring-11) - [Documentation](#documentation-23) @@ -217,18 +218,18 @@ - [Documentation](#documentation-24) - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04) - [Breaking Changes](#breaking-changes-14) - - [Bug Fixes](#bug-fixes-32) + - [Bug Fixes](#bug-fixes-33) - [Chores](#chores-2) - [Code Refactoring](#code-refactoring-12) - [Documentation](#documentation-25) - [Features](#features-21) - [Unclassified](#unclassified-11) - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18) - - [Bug Fixes](#bug-fixes-33) + - [Bug Fixes](#bug-fixes-34) - [Code Refactoring](#code-refactoring-13) - [Documentation](#documentation-26) - [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16) - - [Bug Fixes](#bug-fixes-34) + - [Bug Fixes](#bug-fixes-35) - [Code Refactoring](#code-refactoring-14) - [Documentation](#documentation-27) - [Features](#features-22) @@ -241,7 +242,7 @@ - [0.1.0-alpha.3 (2020-02-06)](#010-alpha3-2020-02-06) - [Continuous Integration](#continuous-integration-1) - [0.1.0-alpha.2 (2020-02-03)](#010-alpha2-2020-02-03) - - [Bug Fixes](#bug-fixes-35) + - [Bug Fixes](#bug-fixes-36) - [Documentation](#documentation-30) - [Features](#features-24) - [Unclassified](#unclassified-12) @@ -284,14 +285,45 @@ -# [](https://github.com/ory/kratos/compare/v0.11.0...v) (2022-12-06) +# [](https://github.com/ory/kratos/compare/v0.11.0...v) (2022-12-19) ## Breaking Changes The `/admin/courier/messages` endpoint now uses `keysetpagination` instead. +### Bug Fixes + +- Add missing indexes for identity delete + ([#2952](https://github.com/ory/kratos/issues/2952)) + ([dc311f9](https://github.com/ory/kratos/commit/dc311f9a9dc0dbb26e2375b3cd4232a4e8cccb61)): + + This significantly improves the performance of identity deletes. + +- Cors headers not added to the response + [#2922](https://github.com/ory/kratos/issues/2922) + ([#2934](https://github.com/ory/kratos/issues/2934)) + ([1ed6839](https://github.com/ory/kratos/commit/1ed6839369baeecc99610d9f04d78dfee53ad72a)) +- Dont reset to false ([#2965](https://github.com/ory/kratos/issues/2965)) + ([ae8ad7b](https://github.com/ory/kratos/commit/ae8ad7be5b6f3dbb9142bee55448a71c7df44e52)) +- Flaky test now stable + ([4e5dcd0](https://github.com/ory/kratos/commit/4e5dcd0df6baffda8b15eda37fd7a247793f3297)) +- Respect `return_to` URL parameter in registration flow when the user is + already registered ([#2957](https://github.com/ory/kratos/issues/2957)) + ([3462ce1](https://github.com/ory/kratos/commit/3462ce1512d03529b613421a69bcf4c1d5e98e08)) +- Update pquerna/otp to fix TOTP URL encoding + ([#2951](https://github.com/ory/kratos/issues/2951)) + ([7248636](https://github.com/ory/kratos/commit/72486368f5403c02772e4a99ed9edc34e84c217c)): + + v1.4.0 fixes generating TOTP URLs. Query params now use %20 instead of + to + encode spaces. + was not correctly interpreted by some Android authenticator + apps, and would show up in the issuer name, e.g. "My+Issuer" instead of "My + Issuer". + ### Features +- Add NID to logs in courier + ([#2956](https://github.com/ory/kratos/issues/2956)) + ([b407aa9](https://github.com/ory/kratos/commit/b407aa9427382f38dd8a992a6998202a7b6ba83a)) - Require verification on login ([#2927](https://github.com/ory/kratos/issues/2927)) ([efb8ae8](https://github.com/ory/kratos/commit/efb8ae89cbc31477c2696a0df4c89d6dbf856d27)) diff --git a/courier/courier_dispatcher.go b/courier/courier_dispatcher.go index 41369e201eb2..1c2af13defba 100644 --- a/courier/courier_dispatcher.go +++ b/courier/courier_dispatcher.go @@ -14,6 +14,7 @@ func (c *courier) DispatchMessage(ctx context.Context, msg Message) error { c.deps.Logger(). WithError(err). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error(`Unable to increment the message's "send_count" field`) return err } @@ -35,12 +36,14 @@ func (c *courier) DispatchMessage(ctx context.Context, msg Message) error { c.deps.Logger(). WithError(err). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error(`Unable to set the message status to "sent".`) return err } c.deps.Logger(). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). WithField("message_type", msg.Type). WithField("message_template_type", msg.TemplateType). WithField("message_subject", msg.Subject). @@ -66,12 +69,14 @@ func (c *courier) DispatchQueue(ctx context.Context) error { c.deps.Logger(). WithError(err). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error(`Unable to set the retried message's status to "abandoned".`) return err } // Skip the message c.deps.Logger(). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Warnf(`Message was abandoned because it did not deliver after %d attempts`, msg.SendCount) } else if err := c.DispatchMessage(ctx, msg); err != nil { @@ -80,6 +85,7 @@ func (c *courier) DispatchQueue(ctx context.Context) error { c.deps.Logger(). WithError(err). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error(`Unable to record failure log entry.`) } @@ -91,6 +97,7 @@ func (c *courier) DispatchQueue(ctx context.Context) error { c.deps.Logger(). WithError(err). WithField("message_id", replace.ID). + WithField("message_nid", replace.NID). Error(`Unable to reset the failed message's status to "queued".`) } } @@ -100,6 +107,7 @@ func (c *courier) DispatchQueue(ctx context.Context) error { c.deps.Logger(). WithError(err). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error(`Unable to record success log entry.`) // continue with execution, as the message was successfully dispatched } diff --git a/courier/smtp.go b/courier/smtp.go index 6411b27a3df9..000742e70bea 100644 --- a/courier/smtp.go +++ b/courier/smtp.go @@ -186,6 +186,7 @@ func (c *courier) dispatchEmail(ctx context.Context, msg Message) error { c.deps.Logger(). WithError(err). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error(`Unable to get email template from message.`) } else { htmlBody, err := tmpl.EmailBody(ctx) @@ -193,6 +194,7 @@ func (c *courier) dispatchEmail(ctx context.Context, msg Message) error { c.deps.Logger(). WithError(err). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error(`Unable to get email body from template.`) } else { gm.AddAlternative("text/html", htmlBody) @@ -205,6 +207,8 @@ func (c *courier) dispatchEmail(ctx context.Context, msg Message) error { WithField("smtp_server", fmt.Sprintf("%s:%d", c.smtpClient.Host, c.smtpClient.Port)). WithField("smtp_ssl_enabled", c.smtpClient.SSL). WithField("message_from", from). + WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error("Unable to send email using SMTP connection.") var protoErr *textproto.Error @@ -215,6 +219,7 @@ func (c *courier) dispatchEmail(ctx context.Context, msg Message) error { c.deps.Logger(). WithError(err). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). Error(`Unable to reset the retried message's status to "abandoned".`) return err } @@ -225,6 +230,7 @@ func (c *courier) dispatchEmail(ctx context.Context, msg Message) error { c.deps.Logger(). WithField("message_id", msg.ID). + WithField("message_nid", msg.NID). WithField("message_type", msg.Type). WithField("message_template_type", msg.TemplateType). WithField("message_subject", msg.Subject). diff --git a/driver/config/config_test.go b/driver/config/config_test.go index d93e4ab0b07c..e745e2bb4a8c 100644 --- a/driver/config/config_test.go +++ b/driver/config/config_test.go @@ -14,6 +14,7 @@ import ( "net/url" "os" "path/filepath" + "strings" "sync" "testing" "time" @@ -26,8 +27,6 @@ import ( "github.com/ghodss/yaml" "github.com/spf13/cobra" - "github.com/ory/x/watcherx" - "github.com/ory/kratos/internal/testhelpers" "github.com/ory/x/configx" @@ -941,8 +940,7 @@ func TestIdentitySchemaValidation(t *testing.T) { assert.NoError(t, tmpFile.Sync()) } - testWatch := func(t *testing.T, ctx context.Context, cmd *cobra.Command, i *configFile) (*config.Config, *test.Hook, *os.File, *configFile, chan bool) { - c := make(chan bool, 1) + testWatch := func(t *testing.T, ctx context.Context, cmd *cobra.Command, identity *configFile) (*config.Config, *test.Hook, func([]map[string]string)) { tdir := t.TempDir() assert.NoError(t, os.MkdirAll(tdir, // DO NOT CHANGE THIS: https://github.com/fsnotify/fsnotify/issues/340 @@ -950,23 +948,23 @@ func TestIdentitySchemaValidation(t *testing.T) { configFileName := randx.MustString(8, randx.Alpha) tmpConfig, err := os.Create(filepath.Join(tdir, configFileName+".config.yaml")) assert.NoError(t, err) + t.Cleanup(func() { tmpConfig.Close() }) - marshalAndWrite(t, ctx, tmpConfig, i) + marshalAndWrite(t, ctx, tmpConfig, identity) l := logrusx.New("kratos-"+tmpConfig.Name(), "test") hook := test.NewLocal(l.Logger) - conf, err := config.New(ctx, l, os.Stderr, - configx.WithConfigFiles(tmpConfig.Name()), - configx.AttachWatcher(func(event watcherx.Event, err error) { - c <- true - })) + conf, err := config.New(ctx, l, os.Stderr, configx.WithConfigFiles(tmpConfig.Name())) assert.NoError(t, err) // clean the hooks since it will throw an event on first boot hook.Reset() - return conf, hook, tmpConfig, i, c + return conf, hook, func(schemas []map[string]string) { + identity.Identity.Schemas = schemas + marshalAndWrite(t, ctx, tmpConfig, identity) + } } t.Run("case=skip invalid schema validation", func(t *testing.T) { @@ -1022,34 +1020,38 @@ func TestIdentitySchemaValidation(t *testing.T) { invalidIdentity := setup(t, "stub/.identity.invalid.json") - for _, i := range identities { - t.Run("test=identity file "+i.identityFileName, func(t *testing.T) { + for _, identity := range identities { + t.Run("test=identity file "+identity.identityFileName, func(t *testing.T) { ctx, cancel := context.WithTimeout(ctx, time.Second*30) + t.Cleanup(cancel) - _, hook, tmpConfig, i, c := testWatch(t, ctx, &cobra.Command{}, i) - // Change the identity config to an invalid file - i.Identity.Schemas = invalidIdentity.Identity.Schemas - - t.Cleanup(func() { - cancel() - tmpConfig.Close() - }) + _, hook, writeSchema := testWatch(t, ctx, &cobra.Command{}, identity) var wg sync.WaitGroup wg.Add(1) - go func(t *testing.T, ctx context.Context, tmpFile *os.File, identity *configFile) { + go func() { defer wg.Done() - marshalAndWrite(t, ctx, tmpConfig, i) - }(t, ctx, tmpConfig, i) - - select { - case <-ctx.Done(): - panic("the test could not complete as the context timed out before the file watcher updated") - case <-c: - lastHook, err := hook.LastEntry().String() - assert.NoError(t, err) - - assert.Contains(t, lastHook, "The changed identity schema configuration is invalid and could not be loaded.") + // Change the identity config to an invalid file + writeSchema(invalidIdentity.Identity.Schemas) + }() + + // There are a bunch of log messages beeing logged. We are looking for a specific one. + timeout := time.After(time.Millisecond * 500) + var success = false + for !success { + for _, v := range hook.AllEntries() { + s, err := v.String() + require.NoError(t, err) + success = success || strings.Contains(s, "The changed identity schema configuration is invalid and could not be loaded.") + } + + select { + case <-ctx.Done(): + t.Fatal("the test could not complete as the context timed out before the file watcher updated") + case <-timeout: + t.Fatal("Expected log line was not encountered within specified timeout") + default: //nothing + } } wg.Wait() diff --git a/go.mod b/go.mod index 01a7268e3690..0a9e13c2296a 100644 --- a/go.mod +++ b/go.mod @@ -80,7 +80,7 @@ require ( github.com/ory/x v0.0.519 github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 github.com/pkg/errors v0.9.1 - github.com/pquerna/otp v1.3.0 + github.com/pquerna/otp v1.4.0 github.com/rs/cors v1.8.2 github.com/sirupsen/logrus v1.9.0 github.com/slack-go/slack v0.7.4 diff --git a/go.sum b/go.sum index 73efca034abb..8e8bf9b4677e 100644 --- a/go.sum +++ b/go.sum @@ -1202,8 +1202,8 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc= github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= -github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs= -github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg= +github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= diff --git a/internal/client-go/api_identity.go b/internal/client-go/api_identity.go index da484ae8ba99..973bd75575b6 100644 --- a/internal/client-go/api_identity.go +++ b/internal/client-go/api_identity.go @@ -504,6 +504,20 @@ func (a *IdentityApiService) CreateRecoveryCodeForIdentityExecute(r IdentityApiA } // body params localVarPostBody = r.createRecoveryCodeForIdentityBody + if r.ctx != nil { + // API Key Authentication + if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok { + if apiKey, ok := auth["oryAccessToken"]; ok { + var key string + if apiKey.Prefix != "" { + key = apiKey.Prefix + " " + apiKey.Key + } else { + key = apiKey.Key + } + localVarHeaderParams["Authorization"] = key + } + } + } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { return localVarReturnValue, nil, err @@ -642,6 +656,20 @@ func (a *IdentityApiService) CreateRecoveryLinkForIdentityExecute(r IdentityApiA } // body params localVarPostBody = r.createRecoveryLinkForIdentityBody + if r.ctx != nil { + // API Key Authentication + if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok { + if apiKey, ok := auth["oryAccessToken"]; ok { + var key string + if apiKey.Prefix != "" { + key = apiKey.Prefix + " " + apiKey.Key + } else { + key = apiKey.Key + } + localVarHeaderParams["Authorization"] = key + } + } + } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { return localVarReturnValue, nil, err @@ -1045,6 +1073,20 @@ func (a *IdentityApiService) DisableSessionExecute(r IdentityApiApiDisableSessio if localVarHTTPHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } + if r.ctx != nil { + // API Key Authentication + if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok { + if apiKey, ok := auth["oryAccessToken"]; ok { + var key string + if apiKey.Prefix != "" { + key = apiKey.Prefix + " " + apiKey.Key + } else { + key = apiKey.Key + } + localVarHeaderParams["Authorization"] = key + } + } + } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { return nil, err diff --git a/internal/httpclient/api_identity.go b/internal/httpclient/api_identity.go index da484ae8ba99..973bd75575b6 100644 --- a/internal/httpclient/api_identity.go +++ b/internal/httpclient/api_identity.go @@ -504,6 +504,20 @@ func (a *IdentityApiService) CreateRecoveryCodeForIdentityExecute(r IdentityApiA } // body params localVarPostBody = r.createRecoveryCodeForIdentityBody + if r.ctx != nil { + // API Key Authentication + if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok { + if apiKey, ok := auth["oryAccessToken"]; ok { + var key string + if apiKey.Prefix != "" { + key = apiKey.Prefix + " " + apiKey.Key + } else { + key = apiKey.Key + } + localVarHeaderParams["Authorization"] = key + } + } + } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { return localVarReturnValue, nil, err @@ -642,6 +656,20 @@ func (a *IdentityApiService) CreateRecoveryLinkForIdentityExecute(r IdentityApiA } // body params localVarPostBody = r.createRecoveryLinkForIdentityBody + if r.ctx != nil { + // API Key Authentication + if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok { + if apiKey, ok := auth["oryAccessToken"]; ok { + var key string + if apiKey.Prefix != "" { + key = apiKey.Prefix + " " + apiKey.Key + } else { + key = apiKey.Key + } + localVarHeaderParams["Authorization"] = key + } + } + } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { return localVarReturnValue, nil, err @@ -1045,6 +1073,20 @@ func (a *IdentityApiService) DisableSessionExecute(r IdentityApiApiDisableSessio if localVarHTTPHeaderAccept != "" { localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept } + if r.ctx != nil { + // API Key Authentication + if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok { + if apiKey, ok := auth["oryAccessToken"]; ok { + var key string + if apiKey.Prefix != "" { + key = apiKey.Prefix + " " + apiKey.Key + } else { + key = apiKey.Key + } + localVarHeaderParams["Authorization"] = key + } + } + } req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes) if err != nil { return nil, err diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go index 9ca86b7ee7a3..6b6061de87e9 100644 --- a/persistence/sql/migratest/migration_test.go +++ b/persistence/sql/migratest/migration_test.go @@ -6,10 +6,10 @@ package migratest import ( "context" "encoding/json" - "errors" "fmt" "os" "path/filepath" + "sync" "testing" "time" @@ -97,8 +97,10 @@ func TestMigrations(t *testing.T) { var test = func(db string, c *pop.Connection) func(t *testing.T) { return func(t *testing.T) { + t.Parallel() + ctx := context.Background() - l := logrusx.New("", "", logrusx.ForceLevel(logrus.DebugLevel)) + l := logrusx.New("", "", logrusx.ForceLevel(logrus.ErrorLevel)) t.Logf("Cleaning up before migrations") _ = os.Remove("../migrations/sql/schema.sql") @@ -131,6 +133,8 @@ func TestMigrations(t *testing.T) { }) t.Run("suite=fixtures", func(t *testing.T) { + wg := &sync.WaitGroup{} + d, err := driver.New( context.Background(), os.Stderr, @@ -149,6 +153,10 @@ func TestMigrations(t *testing.T) { require.NoError(t, err) t.Run("case=identity", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + ids, err := d.PrivilegedIdentityPool().ListIdentities(context.Background(), 0, 1000) require.NoError(t, err) require.NotEmpty(t, ids) @@ -157,7 +165,7 @@ func TestMigrations(t *testing.T) { for _, id := range ids { found = append(found, id.ID.String()) actual, err := d.PrivilegedIdentityPool().GetIdentityConfidential(context.Background(), id.ID) - require.NoError(t, err) + require.NoError(t, err, "ID: %s", id.ID) for _, a := range actual.VerifiableAddresses { CompareWithFixture(t, a, "identity_verification_address", a.ID.String()) @@ -177,6 +185,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=verification_token", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []link.VerificationToken require.NoError(t, c.All(&ids)) @@ -188,6 +200,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=session", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []session.Session require.NoError(t, c.Select("id").All(&ids)) require.NotEmpty(t, ids) @@ -204,6 +220,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=login", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []login.Flow require.NoError(t, c.Select("id").All(&ids)) require.NotEmpty(t, ids) @@ -219,6 +239,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=registration", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []registration.Flow require.NoError(t, c.Select("id").All(&ids)) require.NotEmpty(t, ids) @@ -234,6 +258,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=settings_flow", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []settings.Flow require.NoError(t, c.Select("id").All(&ids)) require.NotEmpty(t, ids) @@ -249,6 +277,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=recovery_flow", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []recovery.Flow require.NoError(t, c.Select("id").All(&ids)) require.NotEmpty(t, ids) @@ -264,6 +296,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=verification_flow", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []verification.Flow require.NoError(t, c.Select("id").All(&ids)) require.NotEmpty(t, ids) @@ -279,6 +315,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=recovery_token", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []link.RecoveryToken require.NoError(t, c.All(&ids)) require.NotEmpty(t, ids) @@ -292,6 +332,10 @@ func TestMigrations(t *testing.T) { }) t.Run("case=recovery_code", func(t *testing.T) { + wg.Add(1) + defer wg.Done() + t.Parallel() + var ids []code.RecoveryCode require.NoError(t, c.All(&ids)) require.NotEmpty(t, ids) @@ -305,6 +349,10 @@ func TestMigrations(t *testing.T) { }) t.Run("suite=constraints", func(t *testing.T) { + // This is not really a parallel test, but we have to mark it parallel so the other tests run first. + t.Parallel() + wg.Wait() + sr, err := d.SettingsFlowPersister().GetSettingsFlow(context.Background(), x.ParseUUID("a79bfcf1-68ae-49de-8b23-4f96921b8341")) require.NoError(t, err) @@ -312,7 +360,7 @@ func TestMigrations(t *testing.T) { _, err = d.SettingsFlowPersister().GetSettingsFlow(context.Background(), x.ParseUUID("a79bfcf1-68ae-49de-8b23-4f96921b8341")) require.Error(t, err) - require.True(t, errors.Is(err, sqlcon.ErrNoRows)) + require.ErrorIs(t, err, sqlcon.ErrNoRows) }) }) diff --git a/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.down.sql b/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.down.sql new file mode 100644 index 000000000000..cfd645a6c332 --- /dev/null +++ b/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.down.sql @@ -0,0 +1,13 @@ +DROP INDEX IF EXISTS "identity_recovery_codes_identity_id_nid_idx"; + +DROP INDEX IF EXISTS "identity_verification_codes_verifiable_address_nid_idx"; + +DROP INDEX IF EXISTS "selfservice_settings_flows_identity_id_nid_idx"; + +DROP INDEX IF EXISTS "continuity_containers_identity_id_nid_idx"; + +DROP INDEX IF EXISTS "selfservice_recovery_flows_recovered_identity_id_nid_idx"; + +DROP INDEX IF EXISTS "identity_recovery_tokens_identity_id_nid_idx"; + +DROP INDEX IF EXISTS "identity_recovery_codes_identity_recovery_address_id_nid_idx"; diff --git a/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.mysql.down.sql b/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.mysql.down.sql new file mode 100644 index 000000000000..d826bf84cbbf --- /dev/null +++ b/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.mysql.down.sql @@ -0,0 +1,36 @@ +-- MySQL requires indexes on foreign keys and referenced keys so that foreign key checks can be fast and not require a table scan. +-- In the referencing table, there must be an index where the foreign key columns are listed as the first columns in the same order. +-- Such an index is created on the referencing table automatically if it does not exist. This index might be silently dropped later +-- if you create another index that can be used to enforce the foreign key constraint. + +-- from https://dev.mysql.com/doc/refman/8.0/en/create-table-foreign-keys.html + +-- -> The indexes in question already existed. We have to create new ones that are just the foreign key to restore the previous state. + +ALTER TABLE identity_recovery_codes ADD INDEX (identity_id); + +DROP INDEX identity_recovery_codes_identity_id_nid_idx ON identity_recovery_codes; + +ALTER TABLE identity_verification_codes ADD INDEX (identity_verifiable_address_id); + +DROP INDEX identity_verification_codes_verifiable_address_nid_idx ON identity_verification_codes; + +ALTER TABLE selfservice_settings_flows ADD INDEX (identity_id); + +DROP INDEX selfservice_settings_flows_identity_id_nid_idx ON selfservice_settings_flows; + +ALTER TABLE continuity_containers ADD INDEX (identity_id); + +DROP INDEX continuity_containers_identity_id_nid_idx ON continuity_containers; + +ALTER TABLE selfservice_recovery_flows ADD INDEX (recovered_identity_id); + +DROP INDEX selfservice_recovery_flows_recovered_identity_id_nid_idx ON selfservice_recovery_flows; + +ALTER TABLE identity_recovery_tokens ADD INDEX (identity_id); + +DROP INDEX identity_recovery_tokens_identity_id_nid_idx ON identity_recovery_tokens; + +ALTER TABLE identity_recovery_codes ADD INDEX (identity_recovery_address_id); + +DROP INDEX identity_recovery_codes_identity_recovery_address_id_nid_idx ON identity_recovery_codes; diff --git a/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.mysql.up.sql b/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.mysql.up.sql new file mode 100644 index 000000000000..6340ae62e01f --- /dev/null +++ b/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.mysql.up.sql @@ -0,0 +1,22 @@ +-- MySQL requires indexes on foreign keys and referenced keys so that foreign key checks can be fast and not require a table scan. +-- In the referencing table, there must be an index where the foreign key columns are listed as the first columns in the same order. +-- Such an index is created on the referencing table automatically if it does not exist. This index might be silently dropped later +-- if you create another index that can be used to enforce the foreign key constraint. + +-- from https://dev.mysql.com/doc/refman/8.0/en/create-table-foreign-keys.html + +-- -> We create new indexes to be consistent with the other databases. However, dropping those will be a bit different. + +CREATE INDEX identity_recovery_codes_identity_id_nid_idx ON identity_recovery_codes (identity_id, nid); + +CREATE INDEX identity_verification_codes_verifiable_address_nid_idx ON identity_verification_codes (identity_verifiable_address_id, nid); + +CREATE INDEX selfservice_settings_flows_identity_id_nid_idx ON selfservice_settings_flows (identity_id, nid); + +CREATE INDEX continuity_containers_identity_id_nid_idx ON continuity_containers (identity_id, nid); + +CREATE INDEX selfservice_recovery_flows_recovered_identity_id_nid_idx ON selfservice_recovery_flows (recovered_identity_id, nid); + +CREATE INDEX identity_recovery_tokens_identity_id_nid_idx ON identity_recovery_tokens (identity_id, nid); + +CREATE INDEX identity_recovery_codes_identity_recovery_address_id_nid_idx ON identity_recovery_codes (identity_recovery_address_id, nid); diff --git a/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.up.sql b/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.up.sql new file mode 100644 index 000000000000..1adf5073033f --- /dev/null +++ b/persistence/sql/migrations/sql/20221214101328000000_identity_delete_indices.up.sql @@ -0,0 +1,13 @@ +CREATE INDEX IF NOT EXISTS "identity_recovery_codes_identity_id_nid_idx" ON "identity_recovery_codes" (identity_id, nid); + +CREATE INDEX IF NOT EXISTS "identity_verification_codes_verifiable_address_nid_idx" ON "identity_verification_codes" (identity_verifiable_address_id, nid); + +CREATE INDEX IF NOT EXISTS "selfservice_settings_flows_identity_id_nid_idx" ON "selfservice_settings_flows" (identity_id, nid); + +CREATE INDEX IF NOT EXISTS "continuity_containers_identity_id_nid_idx" ON "continuity_containers" (identity_id, nid); + +CREATE INDEX IF NOT EXISTS "selfservice_recovery_flows_recovered_identity_id_nid_idx" ON "selfservice_recovery_flows" (recovered_identity_id, nid); + +CREATE INDEX IF NOT EXISTS "identity_recovery_tokens_identity_id_nid_idx" ON "identity_recovery_tokens" (identity_id, nid); + +CREATE INDEX IF NOT EXISTS "identity_recovery_codes_identity_recovery_address_id_nid_idx" ON "identity_recovery_codes" (identity_recovery_address_id, nid); diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go index f1e4c0568d54..b22e66f0b81c 100644 --- a/selfservice/flow/registration/handler.go +++ b/selfservice/flow/registration/handler.go @@ -290,7 +290,16 @@ func (h *Handler) createBrowserRegistrationFlow(w http.ResponseWriter, r *http.R return } - http.Redirect(w, r, h.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context()).String(), http.StatusSeeOther) + returnTo, redirErr := x.SecureRedirectTo(r, h.d.Config().SelfServiceBrowserDefaultReturnTo(r.Context()), + x.SecureRedirectAllowSelfServiceURLs(h.d.Config().SelfPublicURL(r.Context())), + x.SecureRedirectAllowURLs(h.d.Config().SelfServiceBrowserAllowedReturnToDomains(r.Context())), + ) + if redirErr != nil { + h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, redirErr) + return + } + + http.Redirect(w, r, returnTo.String(), http.StatusSeeOther) return } diff --git a/selfservice/flow/registration/handler_test.go b/selfservice/flow/registration/handler_test.go index 9eaee55b561e..d0f19483d88c 100644 --- a/selfservice/flow/registration/handler_test.go +++ b/selfservice/flow/registration/handler_test.go @@ -43,6 +43,10 @@ func TestHandlerRedirectOnAuthenticated(t *testing.T) { router := x.NewRouterPublic() ts, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin()) + // Set it first as otherwise it will overwrite the ViperKeySelfServiceBrowserDefaultReturnTo key; + returnToTS := testhelpers.NewRedirTS(t, "return_to", conf) + conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnToTS.URL}) + redirTS := testhelpers.NewRedirTS(t, "already authenticated", conf) conf.MustSet(ctx, config.ViperKeySelfServiceRegistrationEnabled, true) testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json") @@ -58,6 +62,12 @@ func TestHandlerRedirectOnAuthenticated(t *testing.T) { assert.Contains(t, res.Request.URL.String(), registration.RouteInitAPIFlow) assertx.EqualAsJSON(t, registration.ErrAlreadyLoggedIn, json.RawMessage(gjson.GetBytes(body, "error").Raw)) }) + + t.Run("does redirect to return_to url on authenticated request", func(t *testing.T) { + body, res := testhelpers.MockMakeAuthenticatedRequest(t, reg, conf, router.Router, x.NewTestHTTPRequest(t, "GET", ts.URL+registration.RouteInitBrowserFlow+"?return_to="+returnToTS.URL, nil)) + assert.Contains(t, res.Request.URL.String(), returnToTS.URL) + assert.EqualValues(t, "return_to", string(body)) + }) } func TestInitFlow(t *testing.T) { diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go index c33c007fc80f..d08239517c4d 100644 --- a/selfservice/strategy/code/strategy_recovery.go +++ b/selfservice/strategy/code/strategy_recovery.go @@ -139,6 +139,9 @@ type recoveryCodeForIdentity struct { // // Schemes: http, https // +// Security: +// oryAccessToken: +// // Responses: // 201: recoveryCodeForIdentity // 400: errorGeneric diff --git a/selfservice/strategy/link/strategy_recovery.go b/selfservice/strategy/link/strategy_recovery.go index 6c6c20106065..9de1ff5b7889 100644 --- a/selfservice/strategy/link/strategy_recovery.go +++ b/selfservice/strategy/link/strategy_recovery.go @@ -130,6 +130,9 @@ type recoveryLinkForIdentity struct { // // Schemes: http, https // +// Security: +// oryAccessToken: +// // Responses: // 200: recoveryLinkForIdentity // 400: errorGeneric diff --git a/session/handler.go b/session/handler.go index db5e284e378d..7fd773c1d117 100644 --- a/session/handler.go +++ b/session/handler.go @@ -465,11 +465,14 @@ type disableSession struct { // // Schemes: http, https // +// Security: +// oryAccessToken: +// // Responses: -// 204: emptyResponse -// 400: errorGeneric -// 401: errorGeneric -// default: errorGeneric +// 204: emptyResponse +// 400: errorGeneric +// 401: errorGeneric +// default: errorGeneric func (h *Handler) disableSession(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { sID, err := uuid.FromString(ps.ByName("id")) if err != nil { diff --git a/spec/api.json b/spec/api.json index 0f5ca52e110f..79eb568076f5 100755 --- a/spec/api.json +++ b/spec/api.json @@ -3841,6 +3841,11 @@ "description": "errorGeneric" } }, + "security": [ + { + "oryAccessToken": [] + } + ], "summary": "Create a Recovery Code", "tags": [ "identity" @@ -3903,6 +3908,11 @@ "description": "errorGeneric" } }, + "security": [ + { + "oryAccessToken": [] + } + ], "summary": "Create a Recovery Link", "tags": [ "identity" @@ -4044,6 +4054,11 @@ "description": "errorGeneric" } }, + "security": [ + { + "oryAccessToken": [] + } + ], "summary": "Deactivate a Session", "tags": [ "identity" diff --git a/spec/swagger.json b/spec/swagger.json index 0ce12c8bf903..c9629b342f40 100755 --- a/spec/swagger.json +++ b/spec/swagger.json @@ -660,6 +660,11 @@ }, "/admin/recovery/code": { "post": { + "security": [ + { + "oryAccessToken": [] + } + ], "description": "This endpoint creates a recovery code which should be given to the user in order for them to recover\n(or activate) their account.", "consumes": [ "application/json" @@ -715,6 +720,11 @@ }, "/admin/recovery/link": { "post": { + "security": [ + { + "oryAccessToken": [] + } + ], "description": "This endpoint creates a recovery link which should be given to the user in order for them to recover\n(or activate) their account.", "consumes": [ "application/json" @@ -902,6 +912,11 @@ } }, "delete": { + "security": [ + { + "oryAccessToken": [] + } + ], "description": "Calling this endpoint deactivates the specified session. Session data is not deleted.", "schemes": [ "http",