Merge branch 'master' into fix-914

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2.1
 
 orbs:
   changelog: ory/[email protected]
-  goreleaser: ory/[email protected].36
+  goreleaser: ory/[email protected].37
   slack: circleci/[email protected]
   sdk: ory/[email protected]
   docs: ory/[email protected]
@@ -74,7 +74,7 @@ jobs:
       - run: |
           bash <(curl -s https://codecov.io/bash)
 
-  test-e2e:
+  test-e2e-1:
     docker:
       - image: oryd/e2e-env:latest
         environment:
@@ -143,30 +143,103 @@ jobs:
             echo "unset DISPLAY" >> $BASH_ENV
 
       - run:
-          description: Run sqlite e2e test
+          description: Run postrgres e2e test
           command: |
             source $BASH_ENV
-            ./test/e2e/run.sh sqlite
+            ./test/e2e/run.sh postgres
       - run:
-          description: Run postrgres e2e test
+          description: Run cockroach e2e test
           command: |
             source $BASH_ENV
-            ./test/e2e/run.sh postgres
+            ./test/e2e/run.sh cockroach
+
+  test-e2e-2:
+    docker:
+      - image: oryd/e2e-env:latest
+        environment:
+          TEST_DATABASE_MYSQL: mysql://root:test@(localhost:3306)/mysql?parseTime=true&multiStatements=true
+          TEST_DATABASE_COCKROACHDB: cockroach://root@localhost:26257/defaultdb?sslmode=disable
+          TEST_DATABASE_POSTGRESQL: postgres://test:test@localhost:5432/kratos?sslmode=disable
+      - image: postgres:9.6
+        environment:
+          POSTGRES_USER: test
+          POSTGRES_PASSWORD: test
+          POSTGRES_DB: kratos
+      - image: cockroachdb/cockroach:v21.1.9
+        command: start-single-node --insecure
+      - image: mysql:5.7
+        environment:
+          - MYSQL_ROOT_PASSWORD=test
+      - image: oryd/mailslurper:latest-smtps
+    steps:
+      - browser-tools/install-browser-tools
+      - checkout
+
+      - restore_cache:
+          keys:
+            - v3-e2e-deps-{{ checksum "package-lock.json" }}-{{ checksum "test/e2e/package-lock.json" }}
+      - run: npm ci
+      - run: cd test/e2e; npm ci
+      - run: sudo npm i -g expo-cli
+      - save_cache:
+          key: v3-e2e-deps-{{ checksum "package-lock.json" }}-{{ checksum "test/e2e/package-lock.json" }}
+          paths:
+            - node_modules
+            - ~/.cache # cypress
+            - ~/.npm/node_modules # global npm
+            - test/e2e/node_modules # e2e npm
+
+      - go/load-cache
+      - go/mod-download
+      - go/save-cache
+
+      - run: npm config set prefix ~/.npm/node_modules
+
       - run:
-          description: Run mysql e2e test
+          description: "Install selfservice-ui-node"
+          command: |
+            node_ui_dir="$(mktemp -d -t ci-XXXXXXXXXX)/kratos-selfservice-ui-node"
+            echo "export NODE_UI_PATH=$node_ui_dir" >> $BASH_ENV
+
+            git clone https://github.com/ory/kratos-selfservice-ui-node.git --depth 1 --branch master "$node_ui_dir"
+            cd "$node_ui_dir"
+            npm i
+            npm run build
+
+      - run:
+          description: "Install selfservice-ui-react-native"
+          command: |
+            rn_ui_dir="$(mktemp -d -t ci-XXXXXXXXXX)/kratos-selfservice-ui-react-native"
+            echo "export RN_UI_PATH=$rn_ui_dir" >> $BASH_ENV
+
+            git clone https://github.com/ory/kratos-selfservice-ui-react-native.git --depth 1 --branch master "$rn_ui_dir"
+            cd "$rn_ui_dir"
+            npm i
+
+      - run:
+          description: "Unset DISPLAY - see https://github.com/cypress-io/cypress/issues/4034"
+          command: |
+            echo "unset DISPLAY" >> $BASH_ENV
+
+      - run:
+          description: Run sqlite e2e test
           command: |
             source $BASH_ENV
-            ./test/e2e/run.sh mysql
+            ./test/e2e/run.sh sqlite
       - run:
-          description: Run cockroach e2e test
+          description: Run mysql e2e test
           command: |
             source $BASH_ENV
-            ./test/e2e/run.sh cockroach
+            ./test/e2e/run.sh mysql
 
 workflows:
   tbr:
     jobs:
-      - test-e2e:
+      - test-e2e-1:
+          filters:
+            tags:
+              only: /.*/
+      - test-e2e-2:
           filters:
             tags:
               only: /.*/
@@ -183,7 +256,8 @@ workflows:
       - sdk/generate-openapi:
           requires:
             - test
-            - test-e2e
+            - test-e2e-1
+            - test-e2e-2
           filters:
             tags:
               only: /.*/
@@ -201,7 +275,8 @@ workflows:
           swagpath: spec/api.json
           requires:
             - test
-            - test-e2e
+            - test-e2e-1
+            - test-e2e-2
             - sdk/generate-openapi
             - sdk/test
             - goreleaser/release
@@ -213,7 +288,8 @@ workflows:
       - changelog/generate:
           requires:
             - test
-            - test-e2e
+            - test-e2e-1
+            - test-e2e-2
           filters:
             tags:
               only: /.*/
@@ -222,7 +298,8 @@ workflows:
       - goreleaser/release:
           requires:
             - test
-            - test-e2e
+            - test-e2e-1
+            - test-e2e-2
           filters:
             branches:
               ignore: /.*/

.docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.14.3
+FROM alpine:3.15
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D -u 10000 -h /home/ory -s /bin/nologin; \

.docker/Dockerfile-build

@@ -1,4 +1,5 @@
-FROM golang:1.16.10-alpine3.14 AS builder
+FROM golang:1.17-alpine3.15 AS base
+# syntax = docker/dockerfile:1-experimental
 
 RUN apk -U --no-cache add build-base git gcc bash
 
@@ -19,17 +20,17 @@ ARG VERSION
 ARG COMMIT
 ARG BUILD_DATE
 
-RUN go build -tags sqlite \
+RUN --mount=type=cache,target=/root/.cache/go-build go build -tags sqlite \
     -ldflags="-X 'github.com/ory/kratos/driver/config.Version=${VERSION}' -X 'github.com/ory/kratos/driver/config.Date=${BUILD_DATE}' -X 'github.com/ory/kratos/driver/config.Commit=${COMMIT}'" \
     -o /usr/bin/kratos
 
-FROM alpine:3.14.3
+FROM alpine:3.15.0
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D -u 10000 -h /home/ory -s /bin/nologin; \
     chown -R ory:ory /home/ory
 
-COPY --from=builder /usr/bin/kratos /usr/bin/kratos
+COPY --from=base /usr/bin/kratos /usr/bin/kratos
 
 # By creating the sqlite folder as the ory user, the mounted volume will be owned by ory:ory, which
 # is required for read/write of SQLite.

.docker/Dockerfile-debug

@@ -1,4 +1,4 @@
-FROM golang:1.16-buster
+FROM golang:1.17.3-buster
 ENV CGO_ENABLED 1
 
 RUN apt-get update && apt-get install -y --no-install-recommends inotify-tools psmisc

.docker/Dockerfile-sqlite

@@ -1,4 +1,4 @@
-FROM alpine:3.14.3
+FROM alpine:3.15
 
 # Because this image is built for SQLite, we create /home/ory and /home/ory/sqlite which is owned by the ory user
 # and declare /home/ory/sqlite a volume.

Makefile

@@ -135,7 +135,7 @@ format: .bin/goimports docs/node_modules node_modules
 # Build local docker image
 .PHONY: docker
 docker:
-		docker build -f .docker/Dockerfile-build --build-arg=COMMIT=$(VCS_REF) --build-arg=BUILD_DATE=$(BUILD_DATE) -t oryd/kratos:latest-sqlite .
+		DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-build --build-arg=COMMIT=$(VCS_REF) --build-arg=BUILD_DATE=$(BUILD_DATE) -t oryd/kratos:latest-sqlite .
 
 # Runs the documentation tests
 .PHONY: test-docs

README.md

@@ -198,14 +198,26 @@ that your company deserves a spot here, reach out to
         <tr>
             <td>Adopter *</td>
             <td>Cloudbear</td>
-            <td align="center"><img height="32px" src="../../../static/adopters/cloudbear.svg" alt="Cloudbear"></td>
+            <td align="center"><img height="32px" src="https://raw.githubusercontent.com/ory/meta/master/static/adopters/cloudbear.svg" alt="Cloudbear"></td>
             <td><a href="https://cloudbear.eu/">cloudbear.eu</a></td>
         </tr>
         <tr>
             <td>Adopter *</td>
             <td>Security Onion Solutions</td>
-            <td align="center"><img height="32px" src="../../../static/adopters/securityonion.svg" alt="Security Onion Solutions"></td>
+            <td align="center"><img height="32px" src="https://raw.githubusercontent.com/ory/meta/master/static/adopters/securityonion.svg" alt="Security Onion Solutions"></td>
             <td><a href="https://securityonionsolutions.com/">securityonionsolutions.com</a></td>
+        </tr>        
+        <tr>
+            <td>Adopter *</td>
+            <td>Factly</td>
+            <td align="center"><img height="32px" src="https://raw.githubusercontent.com/ory/meta/master/static/adopters/factly.svg" alt="Factly"></td>
+            <td><a href="https://factlylabs.com/">factlylabs.com</a></td>
+        </tr>
+        <tr>
+            <td>Adopter *</td>
+            <td>Nortal</td>
+            <td align="center"><img height="32px" src="https://raw.githubusercontent.com/ory/meta/master/static/adopters/nortal.svg" alt="Nortal"></td>
+            <td><a href="https://nortal.com/">nortal.com</a></td>
         </tr>
         <tr>
             <td>Sponsor</td>

cmd/clidoc/main.go

@@ -269,7 +269,3 @@ func validateAllMessages(path string) error {
 
 	return nil
 }
-
-type importerFunc func(path string) (*types.Package, error)
-
-func (f importerFunc) Import(path string) (*types.Package, error) { return f(path) }

cmd/identities/get.go

@@ -6,6 +6,7 @@ import (
 	kratos "github.com/ory/kratos-client-go"
 	"github.com/ory/kratos/x"
 	"github.com/ory/x/cmdx"
+	"github.com/ory/x/stringsx"
 
 	"github.com/ory/kratos/internal/clihelpers"
 
@@ -14,8 +15,16 @@ import (
 	"github.com/ory/kratos/cmd/cliclient"
 )
 
+const (
+	FlagIncludeCreds = "include-credentials"
+)
+
 func NewGetCmd() *cobra.Command {
-	return &cobra.Command{
+	var (
+		includeCreds []string
+	)
+
+	cmd := &cobra.Command{
 		Use:   "get <id-0 [id-1 ...]>",
 		Short: "Get one or more identities by ID",
 		Long: fmt.Sprintf(`This command gets all the details about an identity. To get an identity by some selector, e.g. the recovery email address, use the list command in combination with jq.
@@ -29,10 +38,23 @@ func NewGetCmd() *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			c := cliclient.NewClient(cmd)
 
+			// we check includeCreds argument is valid
+			for _, opt := range includeCreds {
+				e := stringsx.SwitchExact(opt)
+				if !e.AddCase("oidc") {
+					cmd.PrintErrln(`You have to put a valid value of credentials type to be included, try --help for details.`)
+					return cmdx.FailSilently(cmd)
+				}
+			}
+
 			identities := make([]kratos.Identity, 0, len(args))
 			failed := make(map[string]error)
 			for _, id := range args {
-				identity, _, err := c.V0alpha2Api.AdminGetIdentity(cmd.Context(), id).Execute()
+				identity, _, err := c.V0alpha2Api.
+					AdminGetIdentity(cmd.Context(), id).
+					IncludeCredential(includeCreds).
+					Execute()
+
 				if x.SDKError(err) != nil {
 					failed[id] = err
 					continue
@@ -54,4 +76,9 @@ func NewGetCmd() *cobra.Command {
 			return nil
 		},
 	}
+
+	flags := cmd.Flags()
+	// include credential flag to add third party tokens in returned data
+	flags.StringArrayVarP(&includeCreds, FlagIncludeCreds, "i", []string{}, `Include third party tokens (only "oidc" supported) `)
+	return cmd
 }

cmd/identities/get_test.go

@@ -2,10 +2,12 @@ package identities_test
 
 import (
 	"context"
+	"encoding/hex"
 	"encoding/json"
 	"testing"
 
 	"github.com/ory/kratos/cmd/identities"
+	"github.com/ory/kratos/selfservice/strategy/oidc"
 
 	"github.com/ory/x/assertx"
 
@@ -50,4 +52,55 @@ func TestGetCmd(t *testing.T) {
 
 		assert.Contains(t, stdErr, "404 Not Found", stdErr)
 	})
+
+	t.Run("case=gets a single identity with oidc credentials", func(t *testing.T) {
+		applyCredentials := func(identifier, accessToken, refreshToken, idToken string, encrypt bool) identity.Credentials {
+			toJson := func(c oidc.CredentialsConfig) []byte {
+				out, err := json.Marshal(&c)
+				require.NoError(t, err)
+				return out
+			}
+			transform := func(token string) string {
+				if !encrypt {
+					return token
+				}
+				return hex.EncodeToString([]byte(token))
+			}
+			return identity.Credentials{
+				Type:        identity.CredentialsTypeOIDC,
+				Identifiers: []string{"bar:" + identifier},
+				Config: toJson(oidc.CredentialsConfig{Providers: []oidc.ProviderCredentialsConfig{
+					{
+						Subject:             "foo",
+						Provider:            "bar",
+						InitialAccessToken:  transform(accessToken + "0"),
+						InitialRefreshToken: transform(refreshToken + "0"),
+						InitialIDToken:      transform(idToken + "0"),
+					},
+					{
+						Subject:             "baz",
+						Provider:            "zab",
+						InitialAccessToken:  transform(accessToken + "1"),
+						InitialRefreshToken: transform(refreshToken + "1"),
+						InitialIDToken:      transform(idToken + "1"),
+					},
+				}}),
+			}
+		}
+		i := identity.NewIdentity(config.DefaultIdentityTraitsSchemaID)
+		i.SetCredentials(identity.CredentialsTypeOIDC, applyCredentials("uniqueIdentifier", "accessBar", "refreshBar", "idBar", true))
+		// duplicate identity with decrypted tokens
+		di := i.CopyWithoutCredentials()
+		di.SetCredentials(identity.CredentialsTypeOIDC, applyCredentials("uniqueIdentifier", "accessBar", "refreshBar", "idBar", false))
+
+		require.NoError(t, c.Flags().Set(identities.FlagIncludeCreds, "oidc"))
+		require.NoError(t, reg.Persister().CreateIdentity(context.Background(), i))
+
+		stdOut := execNoErr(t, c, i.ID.String())
+		ij, err := json.Marshal(identity.WithCredentialsInJSON(*di))
+		require.NoError(t, err)
+
+		ii := []string{"schema_url", "state_changed_at", "created_at", "updated_at", "credentials.oidc.created_at", "credentials.oidc.updated_at"}
+		assertx.EqualAsJSONExcept(t, json.RawMessage(ij), json.RawMessage(stdOut), ii)
+	})
 }