From 6dabd9bcd9b9c840d11f418fe5c77e2ac730c72e Mon Sep 17 00:00:00 2001 From: hackerman <3372410+aeneasr@users.noreply.github.com> Date: Sat, 16 May 2020 15:26:27 +0200 Subject: [PATCH] docs: clarify consent request list endpoint (#1859) Closes #1856 --- .schema/api.swagger.json | 107 +++++------------- consent/handler.go | 5 +- .../httpclient/client/admin/admin_client.go | 4 + ...list_subject_consent_sessions_responses.go | 39 ------- .../models/accept_consent_request.go | 46 +++++++- .../httpclient/models/accept_login_request.go | 2 +- .../httpclient/models/completed_request.go | 2 +- internal/httpclient/models/consent_request.go | 46 +++++++- .../models/consent_request_session.go | 2 +- .../flush_inactive_o_auth2_tokens_request.go | 3 +- internal/httpclient/models/generic_error.go | 2 +- .../models/health_not_ready_status.go | 2 +- internal/httpclient/models/health_status.go | 2 +- internal/httpclient/models/login_request.go | 46 +++++++- internal/httpclient/models/o_auth2_client.go | 4 +- .../models/o_auth2_token_introspection.go | 2 +- .../models/oauth2_token_response.go | 2 +- .../models/plugin_config_network.go | 2 +- .../httpclient/models/plugin_config_rootfs.go | 2 +- internal/httpclient/models/plugin_env.go | 2 +- internal/httpclient/models/plugin_settings.go | 2 +- .../models/previous_consent_session.go | 85 ++++++++------ .../httpclient/models/userinfo_response.go | 2 +- internal/httpclient/models/version.go | 2 +- .../httpclient/models/volume_usage_data.go | 2 +- internal/httpclient/models/well_known.go | 2 +- 26 files changed, 231 insertions(+), 186 deletions(-) diff --git a/.schema/api.swagger.json b/.schema/api.swagger.json index 638ca364a20..49a8ff40eb6 100755 --- a/.schema/api.swagger.json +++ b/.schema/api.swagger.json @@ -1335,7 +1335,7 @@ }, "/oauth2/auth/sessions/consent": { "get": { - "description": "This endpoint lists all subject's granted consent sessions, including client and granted scope.\nThe \"Link\" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '\u003chttps://hydra-url/admin/oauth2/auth/sessions/consent?subject={user}\u0026limit={limit}\u0026offset={offset}\u003e; rel=\"{page}\"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'.\nMultiple links can be included in this header, and will be separated by a comma.", + "description": "This endpoint lists all subject's granted consent sessions, including client and granted scope.\nIf the subject is unknown or has not granted any consent sessions yet, the endpoint returns an\nempty JSON array with status code 200 OK.\n\n\nThe \"Link\" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '\u003chttps://hydra-url/admin/oauth2/auth/sessions/consent?subject={user}\u0026limit={limit}\u0026offset={offset}\u003e; rel=\"{page}\"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'.\nMultiple links can be included in this header, and will be separated by a comma.", "consumes": [ "application/json" ], @@ -1375,12 +1375,6 @@ "$ref": "#/definitions/genericError" } }, - "404": { - "description": "genericError", - "schema": { - "$ref": "#/definitions/genericError" - } - }, "500": { "description": "genericError", "schema": { @@ -1831,10 +1825,10 @@ "description": "It is important that this model object is named JSONWebKey for\n\"swagger generate spec\" to generate only on definition of a\nJSONWebKey.", "type": "object", "required": [ - "alg", - "kid", + "use", "kty", - "use" + "kid", + "alg" ], "properties": { "alg": { @@ -2108,7 +2102,7 @@ } }, "PluginConfigNetwork": { - "description": "PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork plugin config network", + "description": "PluginConfigNetwork plugin config network", "type": "object", "required": [ "Type" @@ -2185,7 +2179,7 @@ } }, "PluginEnv": { - "description": "PluginEnv PluginEnv plugin env", + "description": "PluginEnv plugin env", "type": "object", "required": [ "Description", @@ -2289,7 +2283,7 @@ }, "PluginSettings": { "type": "object", - "title": "PluginSettings PluginSettings PluginSettings Settings that can be modified by users.", + "title": "PluginSettings Settings that can be modified by users.", "required": [ "Args", "Devices", @@ -2328,30 +2322,20 @@ } }, "PreviousConsentSession": { - "description": "PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession The response used to return used consent requests\nsame as HandledLoginRequest, just with consent_request exposed as json", + "description": "The response used to return used consent requests\nsame as HandledLoginRequest, just with consent_request exposed as json", "type": "object", "properties": { "consent_request": { "$ref": "#/definitions/consentRequest" }, "grant_access_token_audience": { - "description": "GrantedAudience sets the audience the user authorized the client to use. Should be a subset of `requested_access_token_audience`.", - "type": "array", - "items": { - "type": "string" - } + "$ref": "#/definitions/StringSlicePipeDelimiter" }, "grant_scope": { - "description": "GrantScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope`", - "type": "array", - "items": { - "type": "string" - } + "$ref": "#/definitions/StringSlicePipeDelimiter" }, "handled_at": { - "description": "handled at\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time\nFormat: date-time", - "type": "string", - "format": "date-time" + "$ref": "#/definitions/NullTime" }, "remember": { "description": "Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same\nclient asks the same user for the same, or a subset of, scope.", @@ -2375,7 +2359,7 @@ } }, "VolumeUsageData": { - "description": "VolumeUsageData VolumeUsageData Usage details about the volume. This information is used by the\n`GET /system/df` endpoint, and omitted in other endpoints.", + "description": "VolumeUsageData Usage details about the volume. This information is used by the\n`GET /system/df` endpoint, and omitted in other endpoints.", "type": "object", "required": [ "RefCount", @@ -2396,20 +2380,12 @@ }, "acceptConsentRequest": { "type": "object", - "title": "AcceptConsentRequest AcceptConsentRequest AcceptConsentRequest AcceptConsentRequest The request payload used to accept a consent request.", + "title": "The request payload used to accept a consent request.", "properties": { "grant_access_token_audience": { - "type": "array", - "items": { - "type": "string" - }, "$ref": "#/definitions/StringSlicePipeDelimiter" }, "grant_scope": { - "type": "array", - "items": { - "type": "string" - }, "$ref": "#/definitions/StringSlicePipeDelimiter" }, "handled_at": { @@ -2431,7 +2407,7 @@ }, "acceptLoginRequest": { "type": "object", - "title": "AcceptLoginRequest HandledLoginRequest is the request payload used to accept a login request.", + "title": "HandledLoginRequest is the request payload used to accept a login request.", "required": [ "subject" ], @@ -2464,7 +2440,7 @@ }, "completedRequest": { "type": "object", - "title": "CompletedRequest CompletedRequest The response payload sent when accepting or rejecting a login or consent request.", + "title": "The response payload sent when accepting or rejecting a login or consent request.", "properties": { "redirect_to": { "description": "RedirectURL is the URL which you should redirect the user to once the authentication process is completed.", @@ -2474,7 +2450,7 @@ }, "consentRequest": { "type": "object", - "title": "ConsentRequest ConsentRequest Contains information on an ongoing consent request.", + "title": "Contains information on an ongoing consent request.", "properties": { "acr": { "description": "ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it\nto express that, for example, a user authenticated using two factor authentication.", @@ -2506,17 +2482,9 @@ "type": "string" }, "requested_access_token_audience": { - "type": "array", - "items": { - "type": "string" - }, "$ref": "#/definitions/StringSlicePipeDelimiter" }, "requested_scope": { - "type": "array", - "items": { - "type": "string" - }, "$ref": "#/definitions/StringSlicePipeDelimiter" }, "skip": { @@ -2531,7 +2499,7 @@ }, "consentRequestSession": { "type": "object", - "title": "ConsentRequestSession Used to pass session data to a consent request.", + "title": "Used to pass session data to a consent request.", "properties": { "access_token": { "description": "AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the\nrefresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.\nIf only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties\ncan access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!", @@ -2550,11 +2518,10 @@ } }, "flushInactiveOAuth2TokensRequest": { - "description": "FlushInactiveOAuth2TokensRequest flush inactive o auth2 tokens request", "type": "object", "properties": { "notAfter": { - "description": "NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history\nof recently issued tokens for auditing.\nFormat: date-time", + "description": "NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history\nof recently issued tokens for auditing.", "type": "string", "format": "date-time" } @@ -2563,7 +2530,7 @@ "genericError": { "description": "Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.", "type": "object", - "title": "GenericError Error response", + "title": "Error response", "required": [ "error" ], @@ -2592,7 +2559,6 @@ } }, "healthNotReadyStatus": { - "description": "HealthNotReadyStatus health not ready status", "type": "object", "properties": { "errors": { @@ -2605,7 +2571,6 @@ } }, "healthStatus": { - "description": "HealthStatus HealthStatus HealthStatus health status", "type": "object", "properties": { "status": { @@ -2618,8 +2583,8 @@ "type": "object", "required": [ "alg", - "kid", - "use" + "use", + "kid" ], "properties": { "alg": { @@ -2638,7 +2603,7 @@ }, "loginRequest": { "type": "object", - "title": "LoginRequest LoginRequest LoginRequest LoginRequest LoginRequest LoginRequest Contains information on an ongoing login request.", + "title": "Contains information on an ongoing login request.", "properties": { "challenge": { "description": "Challenge is the identifier (\"login challenge\") of the login request. It is used to\nidentify the session.", @@ -2655,17 +2620,9 @@ "type": "string" }, "requested_access_token_audience": { - "type": "array", - "items": { - "type": "string" - }, "$ref": "#/definitions/StringSlicePipeDelimiter" }, "requested_scope": { - "type": "array", - "items": { - "type": "string" - }, "$ref": "#/definitions/StringSlicePipeDelimiter" }, "session_id": { @@ -2835,7 +2792,7 @@ "oAuth2TokenIntrospection": { "description": "https://tools.ietf.org/html/rfc7662", "type": "object", - "title": "OAuth2TokenIntrospection Introspection contains an access token's session data as specified by IETF RFC 7662, see:", + "title": "Introspection contains an access token's session data as specified by IETF RFC 7662, see:", "required": [ "active" ], @@ -2904,32 +2861,26 @@ } }, "oauth2TokenResponse": { - "description": "Oauth2TokenResponse Oauth2TokenResponse Oauth2TokenResponse Oauth2TokenResponse The Access Token Response", + "description": "The Access Token Response", "type": "object", "properties": { "access_token": { - "description": "access token", "type": "string" }, "expires_in": { - "description": "expires in", "type": "integer", "format": "int64" }, "id_token": { - "description": "id token", "type": "string" }, "refresh_token": { - "description": "refresh token", "type": "string" }, "scope": { - "description": "scope", "type": "string" }, "token_type": { - "description": "token type", "type": "string" } } @@ -2974,30 +2925,25 @@ "title": "The request payload used to accept a login or consent request.", "properties": { "error": { - "description": "error", "type": "string" }, "error_debug": { - "description": "error debug", "type": "string" }, "error_description": { - "description": "error description", "type": "string" }, "error_hint": { - "description": "error hint", "type": "string" }, "status_code": { - "description": "status code", "type": "integer", "format": "int64" } } }, "userinfoResponse": { - "description": "UserinfoResponse The userinfo response", + "description": "The userinfo response", "type": "object", "properties": { "birthdate": { @@ -3080,7 +3026,6 @@ } }, "version": { - "description": "Version Version version", "type": "object", "properties": { "version": { @@ -3092,7 +3037,7 @@ "wellKnown": { "description": "It includes links to several endpoints (e.g. /oauth2/token) and exposes information on supported signature algorithms\namong others.", "type": "object", - "title": "WellKnown WellKnown WellKnown WellKnown represents important OpenID Connect discovery metadata", + "title": "WellKnown represents important OpenID Connect discovery metadata", "required": [ "issuer", "authorization_endpoint", diff --git a/consent/handler.go b/consent/handler.go index 575f13ffdff..70c3fa791e6 100644 --- a/consent/handler.go +++ b/consent/handler.go @@ -128,6 +128,10 @@ func (h *Handler) DeleteConsentSession(w http.ResponseWriter, r *http.Request, p // Lists all consent sessions of a subject // // This endpoint lists all subject's granted consent sessions, including client and granted scope. +// If the subject is unknown or has not granted any consent sessions yet, the endpoint returns an +// empty JSON array with status code 200 OK. +// +// // The "Link" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '; rel="{page}"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'. // Multiple links can be included in this header, and will be separated by a comma. // @@ -142,7 +146,6 @@ func (h *Handler) DeleteConsentSession(w http.ResponseWriter, r *http.Request, p // Responses: // 200: handledConsentRequestList // 400: genericError -// 404: genericError // 500: genericError func (h *Handler) GetConsentSessions(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { subject := r.URL.Query().Get("subject") diff --git a/internal/httpclient/client/admin/admin_client.go b/internal/httpclient/client/admin/admin_client.go index b9f2fc9b150..b80d3ce4ab4 100644 --- a/internal/httpclient/client/admin/admin_client.go +++ b/internal/httpclient/client/admin/admin_client.go @@ -856,6 +856,10 @@ func (a *Client) ListOAuth2Clients(params *ListOAuth2ClientsParams) (*ListOAuth2 ListSubjectConsentSessions lists all consent sessions of a subject This endpoint lists all subject's granted consent sessions, including client and granted scope. +If the subject is unknown or has not granted any consent sessions yet, the endpoint returns an +empty JSON array with status code 200 OK. + + The "Link" header is also included in successful responses, which contains one or more links for pagination, formatted like so: '; rel="{page}"', where page is one of the following applicable pages: 'first', 'next', 'last', and 'previous'. Multiple links can be included in this header, and will be separated by a comma. */ diff --git a/internal/httpclient/client/admin/list_subject_consent_sessions_responses.go b/internal/httpclient/client/admin/list_subject_consent_sessions_responses.go index b5422098bad..d73241f68ac 100644 --- a/internal/httpclient/client/admin/list_subject_consent_sessions_responses.go +++ b/internal/httpclient/client/admin/list_subject_consent_sessions_responses.go @@ -35,12 +35,6 @@ func (o *ListSubjectConsentSessionsReader) ReadResponse(response runtime.ClientR return nil, err } return nil, result - case 404: - result := NewListSubjectConsentSessionsNotFound() - if err := result.readResponse(response, consumer, o.formats); err != nil { - return nil, err - } - return nil, result case 500: result := NewListSubjectConsentSessionsInternalServerError() if err := result.readResponse(response, consumer, o.formats); err != nil { @@ -117,39 +111,6 @@ func (o *ListSubjectConsentSessionsBadRequest) readResponse(response runtime.Cli return nil } -// NewListSubjectConsentSessionsNotFound creates a ListSubjectConsentSessionsNotFound with default headers values -func NewListSubjectConsentSessionsNotFound() *ListSubjectConsentSessionsNotFound { - return &ListSubjectConsentSessionsNotFound{} -} - -/*ListSubjectConsentSessionsNotFound handles this case with default header values. - -genericError -*/ -type ListSubjectConsentSessionsNotFound struct { - Payload *models.GenericError -} - -func (o *ListSubjectConsentSessionsNotFound) Error() string { - return fmt.Sprintf("[GET /oauth2/auth/sessions/consent][%d] listSubjectConsentSessionsNotFound %+v", 404, o.Payload) -} - -func (o *ListSubjectConsentSessionsNotFound) GetPayload() *models.GenericError { - return o.Payload -} - -func (o *ListSubjectConsentSessionsNotFound) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error { - - o.Payload = new(models.GenericError) - - // response payload - if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF { - return err - } - - return nil -} - // NewListSubjectConsentSessionsInternalServerError creates a ListSubjectConsentSessionsInternalServerError with default headers values func NewListSubjectConsentSessionsInternalServerError() *ListSubjectConsentSessionsInternalServerError { return &ListSubjectConsentSessionsInternalServerError{} diff --git a/internal/httpclient/models/accept_consent_request.go b/internal/httpclient/models/accept_consent_request.go index 7b9d703a801..89d31c9c64a 100644 --- a/internal/httpclient/models/accept_consent_request.go +++ b/internal/httpclient/models/accept_consent_request.go @@ -11,16 +11,16 @@ import ( "github.com/go-openapi/swag" ) -// AcceptConsentRequest AcceptConsentRequest AcceptConsentRequest AcceptConsentRequest AcceptConsentRequest The request payload used to accept a consent request. +// AcceptConsentRequest The request payload used to accept a consent request. // // swagger:model acceptConsentRequest type AcceptConsentRequest struct { // grant access token audience - GrantAccessTokenAudience []string `json:"grant_access_token_audience,omitempty"` + GrantAccessTokenAudience StringSlicePipeDelimiter `json:"grant_access_token_audience,omitempty"` // grant scope - GrantScope []string `json:"grant_scope,omitempty"` + GrantScope StringSlicePipeDelimiter `json:"grant_scope,omitempty"` // handled at // Format: date-time @@ -42,6 +42,14 @@ type AcceptConsentRequest struct { func (m *AcceptConsentRequest) Validate(formats strfmt.Registry) error { var res []error + if err := m.validateGrantAccessTokenAudience(formats); err != nil { + res = append(res, err) + } + + if err := m.validateGrantScope(formats); err != nil { + res = append(res, err) + } + if err := m.validateHandledAt(formats); err != nil { res = append(res, err) } @@ -56,6 +64,38 @@ func (m *AcceptConsentRequest) Validate(formats strfmt.Registry) error { return nil } +func (m *AcceptConsentRequest) validateGrantAccessTokenAudience(formats strfmt.Registry) error { + + if swag.IsZero(m.GrantAccessTokenAudience) { // not required + return nil + } + + if err := m.GrantAccessTokenAudience.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("grant_access_token_audience") + } + return err + } + + return nil +} + +func (m *AcceptConsentRequest) validateGrantScope(formats strfmt.Registry) error { + + if swag.IsZero(m.GrantScope) { // not required + return nil + } + + if err := m.GrantScope.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("grant_scope") + } + return err + } + + return nil +} + func (m *AcceptConsentRequest) validateHandledAt(formats strfmt.Registry) error { if swag.IsZero(m.HandledAt) { // not required diff --git a/internal/httpclient/models/accept_login_request.go b/internal/httpclient/models/accept_login_request.go index e353110d1f5..4eae3c7ccc3 100644 --- a/internal/httpclient/models/accept_login_request.go +++ b/internal/httpclient/models/accept_login_request.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// AcceptLoginRequest AcceptLoginRequest HandledLoginRequest is the request payload used to accept a login request. +// AcceptLoginRequest HandledLoginRequest is the request payload used to accept a login request. // // swagger:model acceptLoginRequest type AcceptLoginRequest struct { diff --git a/internal/httpclient/models/completed_request.go b/internal/httpclient/models/completed_request.go index b7e059946f0..06bfb45fcdc 100644 --- a/internal/httpclient/models/completed_request.go +++ b/internal/httpclient/models/completed_request.go @@ -10,7 +10,7 @@ import ( "github.com/go-openapi/swag" ) -// CompletedRequest CompletedRequest CompletedRequest The response payload sent when accepting or rejecting a login or consent request. +// CompletedRequest The response payload sent when accepting or rejecting a login or consent request. // // swagger:model completedRequest type CompletedRequest struct { diff --git a/internal/httpclient/models/consent_request.go b/internal/httpclient/models/consent_request.go index 9735f52f9a0..5ebea1cc60d 100644 --- a/internal/httpclient/models/consent_request.go +++ b/internal/httpclient/models/consent_request.go @@ -11,7 +11,7 @@ import ( "github.com/go-openapi/swag" ) -// ConsentRequest ConsentRequest ConsentRequest Contains information on an ongoing consent request. +// ConsentRequest Contains information on an ongoing consent request. // // swagger:model consentRequest type ConsentRequest struct { @@ -49,10 +49,10 @@ type ConsentRequest struct { RequestURL string `json:"request_url,omitempty"` // requested access token audience - RequestedAccessTokenAudience []string `json:"requested_access_token_audience,omitempty"` + RequestedAccessTokenAudience StringSlicePipeDelimiter `json:"requested_access_token_audience,omitempty"` // requested scope - RequestedScope []string `json:"requested_scope,omitempty"` + RequestedScope StringSlicePipeDelimiter `json:"requested_scope,omitempty"` // Skip, if true, implies that the client has requested the same scopes from the same user previously. // If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the @@ -76,6 +76,14 @@ func (m *ConsentRequest) Validate(formats strfmt.Registry) error { res = append(res, err) } + if err := m.validateRequestedAccessTokenAudience(formats); err != nil { + res = append(res, err) + } + + if err := m.validateRequestedScope(formats); err != nil { + res = append(res, err) + } + if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -118,6 +126,38 @@ func (m *ConsentRequest) validateOidcContext(formats strfmt.Registry) error { return nil } +func (m *ConsentRequest) validateRequestedAccessTokenAudience(formats strfmt.Registry) error { + + if swag.IsZero(m.RequestedAccessTokenAudience) { // not required + return nil + } + + if err := m.RequestedAccessTokenAudience.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("requested_access_token_audience") + } + return err + } + + return nil +} + +func (m *ConsentRequest) validateRequestedScope(formats strfmt.Registry) error { + + if swag.IsZero(m.RequestedScope) { // not required + return nil + } + + if err := m.RequestedScope.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("requested_scope") + } + return err + } + + return nil +} + // MarshalBinary interface implementation func (m *ConsentRequest) MarshalBinary() ([]byte, error) { if m == nil { diff --git a/internal/httpclient/models/consent_request_session.go b/internal/httpclient/models/consent_request_session.go index c6911966579..4a7ada6ce52 100644 --- a/internal/httpclient/models/consent_request_session.go +++ b/internal/httpclient/models/consent_request_session.go @@ -10,7 +10,7 @@ import ( "github.com/go-openapi/swag" ) -// ConsentRequestSession ConsentRequestSession Used to pass session data to a consent request. +// ConsentRequestSession Used to pass session data to a consent request. // // swagger:model consentRequestSession type ConsentRequestSession struct { diff --git a/internal/httpclient/models/flush_inactive_o_auth2_tokens_request.go b/internal/httpclient/models/flush_inactive_o_auth2_tokens_request.go index c33b44a9e61..6bd161403a9 100644 --- a/internal/httpclient/models/flush_inactive_o_auth2_tokens_request.go +++ b/internal/httpclient/models/flush_inactive_o_auth2_tokens_request.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// FlushInactiveOAuth2TokensRequest FlushInactiveOAuth2TokensRequest flush inactive o auth2 tokens request +// FlushInactiveOAuth2TokensRequest flush inactive o auth2 tokens request // // swagger:model flushInactiveOAuth2TokensRequest type FlushInactiveOAuth2TokensRequest struct { @@ -20,7 +20,6 @@ type FlushInactiveOAuth2TokensRequest struct { // NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history // of recently issued tokens for auditing. // Format: date-time - // Format: date-time NotAfter strfmt.DateTime `json:"notAfter,omitempty"` } diff --git a/internal/httpclient/models/generic_error.go b/internal/httpclient/models/generic_error.go index c3499c0a4bd..59282884ae2 100644 --- a/internal/httpclient/models/generic_error.go +++ b/internal/httpclient/models/generic_error.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// GenericError GenericError Error response +// GenericError Error response // // Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred. // diff --git a/internal/httpclient/models/health_not_ready_status.go b/internal/httpclient/models/health_not_ready_status.go index 4e697f273c4..64626783ed4 100644 --- a/internal/httpclient/models/health_not_ready_status.go +++ b/internal/httpclient/models/health_not_ready_status.go @@ -10,7 +10,7 @@ import ( "github.com/go-openapi/swag" ) -// HealthNotReadyStatus HealthNotReadyStatus health not ready status +// HealthNotReadyStatus health not ready status // // swagger:model healthNotReadyStatus type HealthNotReadyStatus struct { diff --git a/internal/httpclient/models/health_status.go b/internal/httpclient/models/health_status.go index bf4db5d820f..60ba32416b0 100644 --- a/internal/httpclient/models/health_status.go +++ b/internal/httpclient/models/health_status.go @@ -10,7 +10,7 @@ import ( "github.com/go-openapi/swag" ) -// HealthStatus HealthStatus HealthStatus HealthStatus health status +// HealthStatus health status // // swagger:model healthStatus type HealthStatus struct { diff --git a/internal/httpclient/models/login_request.go b/internal/httpclient/models/login_request.go index 18d635694dd..f8630bbbc8b 100644 --- a/internal/httpclient/models/login_request.go +++ b/internal/httpclient/models/login_request.go @@ -11,7 +11,7 @@ import ( "github.com/go-openapi/swag" ) -// LoginRequest LoginRequest LoginRequest LoginRequest LoginRequest LoginRequest LoginRequest Contains information on an ongoing login request. +// LoginRequest Contains information on an ongoing login request. // // swagger:model loginRequest type LoginRequest struct { @@ -32,10 +32,10 @@ type LoginRequest struct { RequestURL string `json:"request_url,omitempty"` // requested access token audience - RequestedAccessTokenAudience []string `json:"requested_access_token_audience,omitempty"` + RequestedAccessTokenAudience StringSlicePipeDelimiter `json:"requested_access_token_audience,omitempty"` // requested scope - RequestedScope []string `json:"requested_scope,omitempty"` + RequestedScope StringSlicePipeDelimiter `json:"requested_scope,omitempty"` // SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) // this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) @@ -67,6 +67,14 @@ func (m *LoginRequest) Validate(formats strfmt.Registry) error { res = append(res, err) } + if err := m.validateRequestedAccessTokenAudience(formats); err != nil { + res = append(res, err) + } + + if err := m.validateRequestedScope(formats); err != nil { + res = append(res, err) + } + if len(res) > 0 { return errors.CompositeValidationError(res...) } @@ -109,6 +117,38 @@ func (m *LoginRequest) validateOidcContext(formats strfmt.Registry) error { return nil } +func (m *LoginRequest) validateRequestedAccessTokenAudience(formats strfmt.Registry) error { + + if swag.IsZero(m.RequestedAccessTokenAudience) { // not required + return nil + } + + if err := m.RequestedAccessTokenAudience.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("requested_access_token_audience") + } + return err + } + + return nil +} + +func (m *LoginRequest) validateRequestedScope(formats strfmt.Registry) error { + + if swag.IsZero(m.RequestedScope) { // not required + return nil + } + + if err := m.RequestedScope.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("requested_scope") + } + return err + } + + return nil +} + // MarshalBinary interface implementation func (m *LoginRequest) MarshalBinary() ([]byte, error) { if m == nil { diff --git a/internal/httpclient/models/o_auth2_client.go b/internal/httpclient/models/o_auth2_client.go index 11295eac19a..607756bec1d 100644 --- a/internal/httpclient/models/o_auth2_client.go +++ b/internal/httpclient/models/o_auth2_client.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// OAuth2Client OAuth2Client Client represents an OAuth 2.0 Client. +// OAuth2Client Client represents an OAuth 2.0 Client. // // swagger:model oAuth2Client type OAuth2Client struct { @@ -62,7 +62,6 @@ type OAuth2Client struct { // CreatedAt returns the timestamp of the client's creation. // Format: date-time - // Format: date-time CreatedAt strfmt.DateTime `json:"created_at,omitempty"` // Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be @@ -148,7 +147,6 @@ type OAuth2Client struct { // UpdatedAt returns the timestamp of the last update. // Format: date-time - // Format: date-time UpdatedAt strfmt.DateTime `json:"updated_at,omitempty"` // JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT diff --git a/internal/httpclient/models/o_auth2_token_introspection.go b/internal/httpclient/models/o_auth2_token_introspection.go index 7b239019822..c2667fba65c 100644 --- a/internal/httpclient/models/o_auth2_token_introspection.go +++ b/internal/httpclient/models/o_auth2_token_introspection.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// OAuth2TokenIntrospection OAuth2TokenIntrospection Introspection contains an access token's session data as specified by IETF RFC 7662, see: +// OAuth2TokenIntrospection Introspection contains an access token's session data as specified by IETF RFC 7662, see: // // https://tools.ietf.org/html/rfc7662 // diff --git a/internal/httpclient/models/oauth2_token_response.go b/internal/httpclient/models/oauth2_token_response.go index 47b0806ed18..4aec720a00f 100644 --- a/internal/httpclient/models/oauth2_token_response.go +++ b/internal/httpclient/models/oauth2_token_response.go @@ -10,7 +10,7 @@ import ( "github.com/go-openapi/swag" ) -// Oauth2TokenResponse Oauth2TokenResponse Oauth2TokenResponse Oauth2TokenResponse Oauth2TokenResponse The Access Token Response +// Oauth2TokenResponse The Access Token Response // // swagger:model oauth2TokenResponse type Oauth2TokenResponse struct { diff --git a/internal/httpclient/models/plugin_config_network.go b/internal/httpclient/models/plugin_config_network.go index 73e5304e9d6..5649fd30a9b 100644 --- a/internal/httpclient/models/plugin_config_network.go +++ b/internal/httpclient/models/plugin_config_network.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork PluginConfigNetwork plugin config network +// PluginConfigNetwork PluginConfigNetwork plugin config network // // swagger:model PluginConfigNetwork type PluginConfigNetwork struct { diff --git a/internal/httpclient/models/plugin_config_rootfs.go b/internal/httpclient/models/plugin_config_rootfs.go index 8e184dd94a1..4497e49a3fe 100644 --- a/internal/httpclient/models/plugin_config_rootfs.go +++ b/internal/httpclient/models/plugin_config_rootfs.go @@ -10,7 +10,7 @@ import ( "github.com/go-openapi/swag" ) -// PluginConfigRootfs PluginConfigRootfs PluginConfigRootfs plugin config rootfs +// PluginConfigRootfs PluginConfigRootfs plugin config rootfs // // swagger:model PluginConfigRootfs type PluginConfigRootfs struct { diff --git a/internal/httpclient/models/plugin_env.go b/internal/httpclient/models/plugin_env.go index 9cc364d13c0..6ed6644db68 100644 --- a/internal/httpclient/models/plugin_env.go +++ b/internal/httpclient/models/plugin_env.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// PluginEnv PluginEnv PluginEnv plugin env +// PluginEnv PluginEnv plugin env // // swagger:model PluginEnv type PluginEnv struct { diff --git a/internal/httpclient/models/plugin_settings.go b/internal/httpclient/models/plugin_settings.go index 1c88fa36837..4e7d4ba9748 100644 --- a/internal/httpclient/models/plugin_settings.go +++ b/internal/httpclient/models/plugin_settings.go @@ -14,7 +14,7 @@ import ( "github.com/go-openapi/validate" ) -// PluginSettings PluginSettings PluginSettings PluginSettings Settings that can be modified by users. +// PluginSettings PluginSettings Settings that can be modified by users. // // swagger:model PluginSettings type PluginSettings struct { diff --git a/internal/httpclient/models/previous_consent_session.go b/internal/httpclient/models/previous_consent_session.go index 9de91036ecd..b0b0616f356 100644 --- a/internal/httpclient/models/previous_consent_session.go +++ b/internal/httpclient/models/previous_consent_session.go @@ -9,10 +9,9 @@ import ( "github.com/go-openapi/errors" "github.com/go-openapi/strfmt" "github.com/go-openapi/swag" - "github.com/go-openapi/validate" ) -// PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession PreviousConsentSession The response used to return used consent requests +// PreviousConsentSession The response used to return used consent requests // same as HandledLoginRequest, just with consent_request exposed as json // // swagger:model PreviousConsentSession @@ -21,42 +20,15 @@ type PreviousConsentSession struct { // consent request ConsentRequest *ConsentRequest `json:"consent_request,omitempty"` - // GrantedAudience sets the audience the user authorized the client to use. Should be a subset of `requested_access_token_audience`. - GrantAccessTokenAudience []string `json:"grant_access_token_audience"` + // grant access token audience + GrantAccessTokenAudience StringSlicePipeDelimiter `json:"grant_access_token_audience,omitempty"` - // GrantScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope` - GrantScope []string `json:"grant_scope"` + // grant scope + GrantScope StringSlicePipeDelimiter `json:"grant_scope,omitempty"` // handled at // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - // Format: date-time - HandledAt strfmt.DateTime `json:"handled_at,omitempty"` + HandledAt NullTime `json:"handled_at,omitempty"` // Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same // client asks the same user for the same, or a subset of, scope. @@ -78,6 +50,14 @@ func (m *PreviousConsentSession) Validate(formats strfmt.Registry) error { res = append(res, err) } + if err := m.validateGrantAccessTokenAudience(formats); err != nil { + res = append(res, err) + } + + if err := m.validateGrantScope(formats); err != nil { + res = append(res, err) + } + if err := m.validateHandledAt(formats); err != nil { res = append(res, err) } @@ -110,13 +90,48 @@ func (m *PreviousConsentSession) validateConsentRequest(formats strfmt.Registry) return nil } +func (m *PreviousConsentSession) validateGrantAccessTokenAudience(formats strfmt.Registry) error { + + if swag.IsZero(m.GrantAccessTokenAudience) { // not required + return nil + } + + if err := m.GrantAccessTokenAudience.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("grant_access_token_audience") + } + return err + } + + return nil +} + +func (m *PreviousConsentSession) validateGrantScope(formats strfmt.Registry) error { + + if swag.IsZero(m.GrantScope) { // not required + return nil + } + + if err := m.GrantScope.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("grant_scope") + } + return err + } + + return nil +} + func (m *PreviousConsentSession) validateHandledAt(formats strfmt.Registry) error { if swag.IsZero(m.HandledAt) { // not required return nil } - if err := validate.FormatOf("handled_at", "body", "date-time", m.HandledAt.String(), formats); err != nil { + if err := m.HandledAt.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("handled_at") + } return err } diff --git a/internal/httpclient/models/userinfo_response.go b/internal/httpclient/models/userinfo_response.go index 34b1468d991..9b5fb8685fb 100644 --- a/internal/httpclient/models/userinfo_response.go +++ b/internal/httpclient/models/userinfo_response.go @@ -10,7 +10,7 @@ import ( "github.com/go-openapi/swag" ) -// UserinfoResponse UserinfoResponse The userinfo response +// UserinfoResponse The userinfo response // // swagger:model userinfoResponse type UserinfoResponse struct { diff --git a/internal/httpclient/models/version.go b/internal/httpclient/models/version.go index 4c8e253f692..8e687bcb20d 100644 --- a/internal/httpclient/models/version.go +++ b/internal/httpclient/models/version.go @@ -10,7 +10,7 @@ import ( "github.com/go-openapi/swag" ) -// Version Version Version version +// Version version // // swagger:model version type Version struct { diff --git a/internal/httpclient/models/volume_usage_data.go b/internal/httpclient/models/volume_usage_data.go index 9d5221c09f9..886190c490b 100644 --- a/internal/httpclient/models/volume_usage_data.go +++ b/internal/httpclient/models/volume_usage_data.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// VolumeUsageData VolumeUsageData VolumeUsageData Usage details about the volume. This information is used by the +// VolumeUsageData VolumeUsageData Usage details about the volume. This information is used by the // `GET /system/df` endpoint, and omitted in other endpoints. // // swagger:model VolumeUsageData diff --git a/internal/httpclient/models/well_known.go b/internal/httpclient/models/well_known.go index 127d766647a..7b5a6bcfea9 100644 --- a/internal/httpclient/models/well_known.go +++ b/internal/httpclient/models/well_known.go @@ -12,7 +12,7 @@ import ( "github.com/go-openapi/validate" ) -// WellKnown WellKnown WellKnown WellKnown WellKnown represents important OpenID Connect discovery metadata +// WellKnown WellKnown represents important OpenID Connect discovery metadata // // It includes links to several endpoints (e.g. /oauth2/token) and exposes information on supported signature algorithms // among others.