Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial stub at implementing updating credentials #29

Closed
wants to merge 1 commit into from
Closed

Initial stub at implementing updating credentials #29

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions identity/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (

const RouteCollection = "/identities"
const RouteItem = RouteCollection + "/:id"
const RouteItemCredentials = RouteItem + "/credentials"

type (
handlerDependencies interface {
Expand Down Expand Up @@ -66,6 +67,8 @@ func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin) {

admin.POST(RouteCollection, h.create)
admin.PUT(RouteItem, h.update)

admin.PUT(RouteItemCredentials, h.updateCredentials)
}

// A list of identities.
Expand Down Expand Up @@ -312,6 +315,25 @@ type AdminUpdateIdentityBody struct {
State State `json:"state"`
}

type AdminUpdateIdentityCredentialsBody struct {
// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
// in a self-service manner. The input will always be validated against the JSON Schema defined
// in `schema_id`.
//
// required: true
Traits json.RawMessage `json:"traits"`

// State is the identity's state.
//
// required: true
ImportCredentials []CredentialsBody `json:"import_credentials"`
}

type CredentialsBody struct {
Type CredentialsType `json:"type"`
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if I want to use this type, because it would kinda force us into accepting only hashed (more likely) or plain (less likely) passwords. I'd say upstream wants hashed but for our migration's purposes we want plain for the time being.

Config sqlxx.JSONRawMessage `json:"config"`
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This probably needs to be a different input type and has to be parsed and validated.

}

// swagger:route PUT /identities/{id} v0alpha1 adminUpdateIdentity
//
// Update an Identity
Expand Down Expand Up @@ -423,3 +445,58 @@ func (h *Handler) delete(w http.ResponseWriter, r *http.Request, ps httprouter.P

w.WriteHeader(http.StatusNoContent)
}

// swagger:route PUT /identities/{id}/credentials v0alpha1 adminUpdateCredentials
//
// Update Identity Credentials
//
// Calling this endpoint updates the credentials according to the specification provided.
//
// Learn how identities work in [Ory Kratos' User And Identity Model Documentation](https://www.ory.sh/docs/next/kratos/concepts/identity-user-model).
//
// Produces:
// - application/json
//
// Schemes: http, https
//
// Responses:
// 204: emptyResponse
// 404: jsonError
// 500: jsonError
func (h *Handler) updateCredentials(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
var ur AdminUpdateIdentityCredentialsBody
if err := errors.WithStack(jsonx.NewStrictDecoder(r.Body).Decode(&ur)); err != nil {
h.r.Writer().WriteError(w, r, err)
return
}

pool := h.r.IdentityPool().(PrivilegedPool)
i, err := pool.GetIdentityConfidential(r.Context(), x.ParseUUID(ps.ByName("id")))
if err != nil {
h.r.Writer().WriteError(w, r, err)
return
}
for _, v := range ur.ImportCredentials {
cred, ok := i.GetCredentials(v.Type)
if ok {
cred.Config = v.Config
} else {
cred = &Credentials{
Type: v.Type,
Identifiers: []string{},
Config: v.Config,
}
}
}

if err := h.r.IdentityManager().Update(
r.Context(),
i,
ManagerAllowWriteProtectedTraits,
); err != nil {
h.r.Writer().WriteError(w, r, err)
return
}

w.WriteHeader(http.StatusNoContent)
}