Skip to content
Snippets Groups Projects
Commit ac5f6c59 authored by Gabriel Zachmann's avatar Gabriel Zachmann
Browse files

mytoken client: st add support for capabilities

parent 6de47196
No related branches found
No related tags found
No related merge requests found
......@@ -4,13 +4,19 @@ instance: "http://localhost:8000"
token_name_prefix: "<hostname>"
default_oidc_flow: "auth"
# The default capabilities for super tokens
default_token_capabilities:
- "AT"
- "create_super_token"
- "tokeninfo_history"
- "tokeninfo_tree"
# - "settings"
# - "list_super_tokens"
# The default capabilities for super tokens are stored by the client
stored:
- "AT"
- "create_super_token"
- "tokeninfo_history"
- "tokeninfo_tree"
# - "settings"
# - "list_super_tokens"
# The default capabilities for super tokens are returned for other usage
returned:
- "AT"
default_gpg_key:
default_provider:
......
......@@ -16,6 +16,14 @@ func init() {
options.ST.Store.CommonSTOptions = options.ST.CommonSTOptions
st, _ := parser.AddCommand("ST", "Obtain super token", "Obtain a new mytoken super token", &options.ST)
st.SubcommandsOptional = true
for _, o := range st.Options() {
if o.LongName == "capability" {
o.Choices = capabilities.AllCapabilities.Strings()
}
if o.LongName == "subtoken-capability" {
o.Choices = capabilities.AllCapabilities.Strings()
}
}
}
type stCommand struct {
......@@ -33,8 +41,8 @@ type CommonSTOptions struct {
Scopes []string `long:"scope" description:"Request the passed scope. Can be used multiple times"`
Audiences []string `long:"aud" description:"Request the passed audience. Can be used multiple times"`
Capabilities []string `long:"capability" choice:"AT" choice:"create_supertoken" description:"Request the passed capabilities. Can be used multiple times"` //TODO
SubtokenCapabilities []string `long:"subtoken-capability" choice:"AT" choice:"create_supertoken" description:"Request the passed subtoken capabilities. Can be used multiple times"` //TODO
Capabilities []string `long:"capability" default:"default" description:"Request the passed capabilities. Can be used multiple times"` //TODO
SubtokenCapabilities []string `long:"subtoken-capability" description:"Request the passed subtoken capabilities. Can be used multiple times"` //TODO
Restrictions string
}
......@@ -49,6 +57,9 @@ type stStoreCommand struct {
// Execute implements the flags.Commander interface
func (stc *stCommand) Execute(args []string) error {
if len(stc.Capabilities) > 0 && stc.Capabilities[0] == "default" {
stc.Capabilities = config.Get().DefaultTokenCapabilities.Returned
}
st, err := obtainST(stc.CommonSTOptions, "", model.NewResponseType(stc.TokenType))
if err != nil {
return err
......@@ -72,8 +83,8 @@ func obtainST(args *CommonSTOptions, name string, responseType model.ResponseTyp
tokenName = fmt.Sprintf("%s:%s", prefix, name)
}
var r restrictions.Restrictions = nil
var c capabilities.Capabilities = nil
var sc capabilities.Capabilities = nil
c := capabilities.NewCapabilities(args.Capabilities)
sc := capabilities.NewCapabilities(args.SubtokenCapabilities)
if len(args.OIDCFlow) > 0 {
if args.OIDCFlow == "default" {
args.OIDCFlow = config.Get().DefaultOIDCFlow
......@@ -114,6 +125,9 @@ func obtainST(args *CommonSTOptions, name string, responseType model.ResponseTyp
// Execute implements the flags.Commander interface
func (sstc *stStoreCommand) Execute(args []string) error {
if len(sstc.Capabilities) > 0 && sstc.Capabilities[0] == "default" {
sstc.Capabilities = config.Get().DefaultTokenCapabilities.Stored
}
provider, err := sstc.CommonSTOptions.generalOptions.checkProvider()
if err != nil {
return err
......
......@@ -13,6 +13,7 @@ import (
"github.com/zachmann/mytoken/internal/client/model"
"github.com/zachmann/mytoken/internal/client/utils/cryptutils"
"github.com/zachmann/mytoken/internal/server/supertoken/capabilities"
"github.com/zachmann/mytoken/internal/utils/fileutil"
"github.com/zachmann/mytoken/pkg/mytokenlib"
)
......@@ -21,9 +22,13 @@ type config struct {
URL string `yaml:"instance"`
Mytoken *mytokenlib.Mytoken `yaml:"-"`
DefaultGPGKey string `yaml:"default_gpg_key"`
DefaultProvider string `yaml:"default_provider"`
DefaultOIDCFlow string `yaml:"default_oidc_flow"`
DefaultGPGKey string `yaml:"default_gpg_key"`
DefaultProvider string `yaml:"default_provider"`
DefaultOIDCFlow string `yaml:"default_oidc_flow"`
DefaultTokenCapabilities struct {
Stored []string `yaml:"stored"`
Returned []string `yaml:"returned"`
} `yaml:"default_token_capabilities"`
TokenNamePrefix string `yaml:"token_name_prefix"`
......@@ -68,9 +73,16 @@ func (c *config) GetToken(issuer, name string) (string, error) {
}
var defaultConfig = config{
TokensFile: "tokens.json",
TokenNamePrefix: "<hostname>",
DefaultOIDCFlow: "auth",
DefaultTokenCapabilities: struct {
Stored []string `yaml:"stored"`
Returned []string `yaml:"returned"`
}{
Stored: capabilities.Capabilities{capabilities.CapabilityAT, capabilities.CapabilityCreateST, capabilities.CapabilityTokeninfoHistory, capabilities.CapabilityTokeninfoTree}.Strings(),
Returned: capabilities.Capabilities{capabilities.CapabilityAT}.Strings(),
},
TokenNamePrefix: "<hostname>",
TokensFile: "tokens.json",
}
var conf *config
......
......@@ -8,13 +8,39 @@ import (
// Constants for capabilities
const (
CapabilityAT Capability = "AT"
CapabilityCreateST = "create_super_token"
CapabilitySettings = "settings"
CapabilityTokeninfoHistory = "tokeninfo_history"
CapabilityTokeninfoTree = "tokeninfo_tree"
CapabilityListST = "list_super_tokens"
CapabilityCreateST Capability = "create_super_token"
CapabilitySettings Capability = "settings"
CapabilityTokeninfoHistory Capability = "tokeninfo_history"
CapabilityTokeninfoTree Capability = "tokeninfo_tree"
CapabilityListST Capability = "list_super_tokens"
)
// AllCapabilities holds all defined capabilities
var AllCapabilities = Capabilities{
CapabilityAT,
CapabilityCreateST,
CapabilitySettings,
CapabilityTokeninfoHistory,
CapabilityTokeninfoTree,
CapabilityListST,
}
// NewCapabilities casts a []string into Capabilities
func NewCapabilities(caps []string) (c Capabilities) {
for _, cc := range caps {
c = append(c, Capability(cc))
}
return
}
// Strings returns a slice of strings for these capabilities
func (c Capabilities) Strings() (s []string) {
for _, cc := range c {
s = append(s, string(cc))
}
return
}
// Capabilities is a slice of Capability
type Capabilities []Capability
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment