mirror
/
kratos
mirror of https://github.com/ory/kratos
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: make tools indirect dependencies (#4345)

This commit is contained in:
Patrik 2025-03-28 11:36:23 +01:00 committed by GitHub
parent 80183b6b3c
commit b26c65259e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
20 changed files with 629 additions and 728 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/ci.yaml vendored
View File

@ -36,7 +36,7 @@ jobs:
ports:
- 5432:5432
mysql:
image: mysql:8.0
image: mysql:8.4
env:
MYSQL_ROOT_PASSWORD: test
ports:
@ -99,7 +99,7 @@ jobs:
version: v1.64.5
- name: Build Kratos
run: make install
- name: Run go-acc (tests)
- name: Run go tests
run: make test-coverage
- name: Submit to Codecov
run: |
@ -122,7 +122,7 @@ jobs:
ports:
- 5432:5432
mysql:
image: mysql:8.0
image: mysql:8.4
env:
MYSQL_ROOT_PASSWORD: test
ports:
@ -236,7 +236,7 @@ jobs:
ports:
- 5432:5432
mysql:
image: mysql:8.0
image: mysql:8.4
env:
MYSQL_ROOT_PASSWORD: test
ports:

8
.vscode/tasks.json vendored
View File

@ -31,11 +31,6 @@
}
}
},
{
"label": "Kratos: install mailhog",
"type": "shell",
"command": "make .bin/MailHog"
},
{
"label": "Kratos: start mailhog",
"type": "shell",
@ -44,9 +39,8 @@
"reveal": "always",
"panel": "dedicated"
},
"dependsOn": ["Kratos: install mailhog"],
"isBackground": true,
"command": "${workspaceFolder}/.bin/MailHog -smtp-bind-addr=localhost:8026",
"command": "go tool MailHog -smtp-bind-addr=localhost:8026",
"problemMatcher": {
"pattern": {
"regexp": ""

53
Makefile
View File

@ -12,29 +12,10 @@ export VCS_REF := $(shell git rev-parse HEAD)
export QUICKSTART_OPTIONS ?= ""
export IMAGE_TAG := $(if $(IMAGE_TAG),$(IMAGE_TAG),latest)
GO_DEPENDENCIES = github.com/ory/go-acc \
github.com/golang/mock/mockgen \
github.com/go-swagger/go-swagger/cmd/swagger \
golang.org/x/tools/cmd/goimports \
github.com/mattn/goveralls \
github.com/cortesi/modd/cmd/modd \
github.com/mailhog/MailHog
define make-go-dependency
# go install is responsible for not re-building when the code hasn't changed
.bin/$(notdir $1): go.mod go.sum
GOBIN=$(PWD)/.bin/ go install $1
endef
$(foreach dep, $(GO_DEPENDENCIES), $(eval $(call make-go-dependency, $(dep))))
$(call make-lint-dependency)
.bin/clidoc:
echo "deprecated usage, use docs/cli instead"
go build -o .bin/clidoc ./cmd/clidoc/.
.bin/yq: Makefile
GOBIN=$(PWD)/.bin go install github.com/mikefarah/yq/v4@v4.44.3
.PHONY: docs/cli
docs/cli:
go run ./cmd/clidoc/. .
@ -69,15 +50,15 @@ lint: .bin/golangci-lint
.bin/buf lint
.PHONY: mocks
mocks: .bin/mockgen
mockgen -mock_names Manager=MockLoginExecutorDependencies -package internal -destination internal/hook_login_executor_dependencies.go github.com/ory/kratos/selfservice loginExecutorDependencies
mocks:
go tool mockgen -mock_names Manager=MockLoginExecutorDependencies -package internal -destination internal/hook_login_executor_dependencies.go github.com/ory/kratos/selfservice loginExecutorDependencies
.PHONY: proto
proto: gen/oidc/v1/state.pb.go
gen/oidc/v1/state.pb.go: proto/oidc/v1/state.proto buf.yaml buf.gen.yaml .bin/buf .bin/goimports
gen/oidc/v1/state.pb.go: proto/oidc/v1/state.proto buf.yaml buf.gen.yaml .bin/buf
.bin/buf generate
.bin/goimports -w gen/
go tool goimports -w gen/
.PHONY: install
install:
@ -95,25 +76,25 @@ test-short:
go test -tags sqlite -count=1 -failfast -short ./...
.PHONY: test-coverage
test-coverage: .bin/go-acc .bin/goveralls
go-acc -o coverage.out ./... -- -failfast -timeout=20m -tags sqlite,json1
test-coverage:
go test -coverprofile=coverage.out -failfast -timeout=20m -tags sqlite ./...
.PHONY: test-coverage-next
test-coverage-next: .bin/go-acc .bin/goveralls
go test -short -failfast -timeout=20m -tags sqlite,json1 -cover ./... --args test.gocoverdir="$$PWD/coverage"
test-coverage-next:
go test -short -failfast -timeout=20m -tags sqlite -cover ./... --args test.gocoverdir="$$PWD/coverage"
go tool covdata percent -i=coverage
go tool covdata textfmt -i=./coverage -o coverage.new.out
# Generates the SDK
.PHONY: sdk
sdk: .bin/swagger .bin/ory node_modules
swagger generate spec -m -o spec/swagger.json \
sdk: .bin/ory node_modules
go tool swagger generate spec -m -o spec/swagger.json \
-c github.com/ory/kratos \
-c github.com/ory/x/healthx \
-c github.com/ory/x/crdbx \
-c github.com/ory/x/openapix
ory dev swagger sanitize ./spec/swagger.json
swagger validate ./spec/swagger.json
go tool swagger validate ./spec/swagger.json
CIRCLE_PROJECT_USERNAME=ory CIRCLE_PROJECT_REPONAME=kratos \
ory dev openapi migrate \
--health-path-tags metadata \
@ -174,9 +155,9 @@ authors: # updates the AUTHORS file
# Formats the code
.PHONY: format
format: .bin/goimports .bin/ory node_modules .bin/buf
format: .bin/ory node_modules .bin/buf
.bin/ory dev headers copyright --exclude=gen --exclude=internal/httpclient --exclude=internal/client-go --exclude test/e2e/proxy/node_modules --exclude test/e2e/node_modules --exclude node_modules
goimports -w -local github.com/ory .
go tool goimports -w -local github.com/ory .
npm exec -- prettier --write 'test/e2e/**/*{.ts,.js}'
npm exec -- prettier --write '.github'
.bin/buf format --write
@ -205,10 +186,10 @@ test-refresh:
UPDATE_SNAPSHOTS=true go test -tags sqlite,json1,refresh -short ./...
.PHONY: post-release
post-release: .bin/yq
cat quickstart.yml | yq '.services.kratos.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
cat quickstart.yml | yq '.services.kratos-migrate.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
cat quickstart.yml | yq '.services.kratos-selfservice-ui-node.image = "oryd/kratos-selfservice-ui-node:'$$DOCKER_TAG'"' | sponge quickstart.yml
post-release:
cat quickstart.yml | go tool yq '.services.kratos.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
cat quickstart.yml | go tool yq '.services.kratos-migrate.image = "oryd/kratos:'$$DOCKER_TAG'"' | sponge quickstart.yml
cat quickstart.yml | go tool yq '.services.kratos-selfservice-ui-node.image = "oryd/kratos-selfservice-ui-node:'$$DOCKER_TAG'"' | sponge quickstart.yml
licenses: .bin/licenses node_modules # checks open-source licenses
.bin/licenses

288
go.mod
View File

@ -1,8 +1,6 @@
module github.com/ory/kratos
go 1.24
toolchain go1.24.0
go 1.24.1
replace (
github.com/coreos/go-oidc/v3 => github.com/ory/go-oidc/v3 v3.0.0-20241127113405-e5362711266b
@ -21,7 +19,7 @@ replace (
)
require (
dario.cat/mergo v1.0.0
dario.cat/mergo v1.0.1
github.com/Masterminds/sprig/v3 v3.2.3
github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0
github.com/avast/retry-go/v3 v3.1.1
@ -29,17 +27,15 @@ require (
github.com/bwmarrin/discordgo v0.28.1
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/coreos/go-oidc/v3 v3.11.0
github.com/cortesi/modd v0.8.1
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
github.com/dghubble/oauth1 v0.7.3
github.com/dgraph-io/ristretto/v2 v2.1.0
github.com/fatih/color v1.17.0
github.com/fatih/color v1.18.0
github.com/ghodss/yaml v1.0.0
github.com/go-crypt/crypt v0.2.25
github.com/go-faker/faker/v4 v4.4.2
github.com/go-openapi/strfmt v0.23.0
github.com/go-playground/validator/v10 v10.22.0
github.com/go-swagger/go-swagger v0.31.0
github.com/go-playground/validator/v10 v10.22.1
github.com/go-webauthn/webauthn v0.11.2
github.com/gobuffalo/httptest v1.5.2
github.com/gobuffalo/pop/v6 v6.1.2-0.20230318123913-c85387acc9a0
@ -62,94 +58,149 @@ require (
github.com/laher/mergefs v0.1.2-0.20230223191438-d16611b2f4e7 // indirect
github.com/lestrrat-go/jwx/v2 v2.1.1
github.com/luna-duclos/instrumentedsql v1.1.3
github.com/mailhog/MailHog v1.0.1
github.com/mattn/goveralls v0.0.12
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe
github.com/montanaflynn/stats v0.7.1
github.com/ory/analytics-go/v5 v5.0.1
github.com/ory/client-go v1.14.3
github.com/ory/client-go v0.0.0-00010101000000-000000000000
github.com/ory/dockertest/v3 v3.11.0
github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe
github.com/ory/graceful v0.1.4-0.20230301144740-e222150c51d0
github.com/ory/herodot v0.10.3-0.20230626083119-d7e5192f0d88
github.com/ory/herodot v0.10.3-0.20250318104651-3179543efba8
github.com/ory/hydra-client-go/v2 v2.2.1
github.com/ory/jsonschema/v3 v3.0.8
github.com/ory/jsonschema/v3 v3.0.9-0.20250317235931-280c5fc7bf0e
github.com/ory/mail/v3 v3.0.0
github.com/ory/nosurf v1.2.7
github.com/ory/x v0.0.702
github.com/ory/x v0.0.705
github.com/peterhellberg/link v1.2.0
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
github.com/pkg/errors v0.9.1
github.com/pquerna/otp v1.4.0
github.com/rakutentech/jwk-go v1.1.3
github.com/rs/cors v1.11.0
github.com/rakutentech/jwk-go v1.2.0
github.com/rs/cors v1.11.1
github.com/samber/lo v1.46.0
github.com/sirupsen/logrus v1.9.3
github.com/slack-go/slack v0.13.1
github.com/spf13/cobra v1.8.1
github.com/spf13/pflag v1.0.5
github.com/spf13/cobra v1.9.1
github.com/spf13/pflag v1.0.6
github.com/stretchr/testify v1.10.0
github.com/tidwall/gjson v1.17.3
github.com/tidwall/gjson v1.18.0
github.com/tidwall/sjson v1.2.5
github.com/urfave/negroni v1.0.0
github.com/wI2L/jsondiff v0.6.0
github.com/zmb3/spotify/v2 v2.4.2
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0
go.opentelemetry.io/otel v1.32.0
go.opentelemetry.io/otel/sdk v1.32.0
go.opentelemetry.io/otel/trace v1.32.0
golang.org/x/crypto v0.35.0
golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect
golang.org/x/net v0.36.0
golang.org/x/oauth2 v0.24.0
golang.org/x/sync v0.11.0
golang.org/x/text v0.22.0
google.golang.org/grpc v1.67.1
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0
go.opentelemetry.io/otel v1.35.0
go.opentelemetry.io/otel/sdk v1.35.0
go.opentelemetry.io/otel/trace v1.35.0
golang.org/x/crypto v0.36.0
golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
golang.org/x/net v0.37.0
golang.org/x/oauth2 v0.28.0
golang.org/x/sync v0.12.0
golang.org/x/text v0.23.0
google.golang.org/grpc v1.71.0
)
require (
filippo.io/edwards25519 v1.1.0 // indirect
github.com/a8m/envsubst v1.4.2 // indirect
github.com/alecthomas/participle/v2 v2.1.1 // indirect
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
github.com/bmatcuk/doublestar v1.3.4 // indirect
github.com/cortesi/modd v0.8.1 // indirect
github.com/cortesi/moddwatch v0.1.0 // indirect
github.com/cortesi/termlog v0.0.0-20210222042314-a1eec763abec // indirect
github.com/jackc/pgx/v5 v5.6.0 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/elliotchance/orderedmap v1.7.1 // indirect
github.com/go-openapi/analysis v0.23.0 // indirect
github.com/go-openapi/inflect v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/loads v0.22.0 // indirect
github.com/go-openapi/runtime v0.28.0 // indirect
github.com/go-openapi/spec v0.21.0 // indirect
github.com/go-openapi/validate v0.24.0 // indirect
github.com/go-swagger/go-swagger v0.31.0 // indirect
github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
github.com/gorilla/context v1.1.2 // indirect
github.com/gorilla/handlers v1.5.2 // indirect
github.com/gorilla/mux v1.8.1 // indirect
github.com/gorilla/pat v1.0.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/ian-kent/envconf v0.0.0-20141026121121-c19809918c02 // indirect
github.com/ian-kent/go-log v0.0.0-20160113211217-5731446c36ab // indirect
github.com/ian-kent/goose v0.0.0-20141221090059-c3541ea826ad // indirect
github.com/ian-kent/linkio v0.0.0-20170807205755-97566b872887 // indirect
github.com/jackc/pgx/v5 v5.7.2 // indirect
github.com/jessevdk/go-flags v1.6.1 // indirect
github.com/jinzhu/copier v0.4.0 // indirect
github.com/klauspost/compress v1.17.11 // indirect
github.com/kr/pretty v0.3.1 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/mailhog/MailHog v1.0.1 // indirect
github.com/mailhog/MailHog-Server v1.0.1 // indirect
github.com/mailhog/MailHog-UI v1.0.1 // indirect
github.com/mailhog/data v1.0.1 // indirect
github.com/mailhog/http v1.0.1 // indirect
github.com/mailhog/mhsendmail v0.2.0 // indirect
github.com/mailhog/smtp v1.0.1 // indirect
github.com/mailhog/storage v1.0.1 // indirect
github.com/mikefarah/yq/v4 v4.45.1 // indirect
github.com/moby/sys/user v0.3.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/ogier/pflag v0.0.1 // indirect
github.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c // indirect
github.com/rjeczalik/notify v0.9.3 // indirect
golang.org/x/term v0.29.0 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/smartystreets/goconvey v1.8.1 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/viper v1.18.2 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/t-k/fluent-logger-golang v1.0.0 // indirect
github.com/tinylib/msgp v1.2.5 // indirect
github.com/toqueteos/webbrowser v1.2.0 // indirect
github.com/yuin/gopher-lua v1.1.1 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/term v0.30.0 // indirect
golang.org/x/time v0.8.0 // indirect
golang.org/x/tools v0.31.0 // indirect
gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect
gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect
mvdan.cc/sh/v3 v3.6.0 // indirect
)
require (
code.dny.dev/ssrf v0.2.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/Masterminds/semver/v3 v3.3.1 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/avast/retry-go/v4 v4.3.0 // indirect
github.com/avast/retry-go/v4 v4.6.1 // indirect
github.com/aymerick/douceur v0.2.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.1 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/cockroachdb/cockroach-go/v2 v2.3.5
github.com/containerd/continuity v0.4.3 // indirect
github.com/cockroachdb/cockroach-go/v2 v2.4.0
github.com/containerd/continuity v0.4.5 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/cli v26.1.4+incompatible // indirect
github.com/docker/docker v27.1.1+incompatible // indirect
github.com/docker/cli v28.0.1+incompatible // indirect
github.com/docker/docker v28.0.1+incompatible // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
github.com/fatih/structs v1.1.0 // indirect
github.com/felixge/fgprof v0.9.3 // indirect
github.com/felixge/fgprof v0.9.5 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fsnotify/fsnotify v1.8.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/go-crypt/x v0.2.18 // indirect
@ -157,56 +208,39 @@ require (
github.com/go-jose/go-jose/v4 v4.0.5 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/analysis v0.23.0 // indirect
github.com/go-openapi/errors v0.22.0 // indirect
github.com/go-openapi/inflect v0.21.0 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/loads v0.22.0 // indirect
github.com/go-openapi/runtime v0.28.0 // indirect
github.com/go-openapi/spec v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-openapi/validate v0.24.0 // indirect
github.com/go-openapi/errors v0.22.1 // indirect
github.com/go-openapi/jsonpointer v0.21.1 // indirect
github.com/go-openapi/swag v0.23.1 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-sql-driver/mysql v1.8.1 // indirect
github.com/go-sql-driver/mysql v1.9.0 // indirect
github.com/go-webauthn/x v0.1.14 // indirect
github.com/gobuffalo/envy v1.10.2 // indirect
github.com/gobuffalo/fizz v1.14.4 // indirect
github.com/gobuffalo/flect v1.0.2 // indirect
github.com/gobuffalo/flect v1.0.3 // indirect
github.com/gobuffalo/github_flavored_markdown v1.1.4 // indirect
github.com/gobuffalo/helpers v0.6.7 // indirect
github.com/gobuffalo/nulls v0.4.2 // indirect
github.com/gobuffalo/plush/v4 v4.1.21 // indirect
github.com/gobuffalo/plush/v4 v4.1.22 // indirect
github.com/gobuffalo/tags/v3 v3.1.4 // indirect
github.com/gobuffalo/validate/v3 v3.3.3 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/goccy/go-json v0.10.3 // indirect
github.com/goccy/go-yaml v1.11.3 // indirect
github.com/gofrs/flock v0.8.1 // indirect
github.com/goccy/go-json v0.10.5 // indirect
github.com/goccy/go-yaml v1.16.0 // indirect
github.com/gofrs/flock v0.12.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/go-querystring v1.0.0 // indirect
github.com/google/go-tpm v0.9.1 // indirect
github.com/google/pprof v0.0.0-20221010195024-131d412537ea // indirect
github.com/google/pprof v0.0.0-20250315033105-103756e64e1d // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/context v1.1.2 // indirect
github.com/gorilla/css v1.0.1 // indirect
github.com/gorilla/handlers v1.5.2 // indirect
github.com/gorilla/mux v1.8.1 // indirect
github.com/gorilla/pat v1.0.2 // indirect
github.com/gorilla/securecookie v1.1.1 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/gorilla/websocket v1.5.3 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/huandu/xstrings v1.4.0 // indirect
github.com/ian-kent/envconf v0.0.0-20141026121121-c19809918c02 // indirect
github.com/ian-kent/go-log v0.0.0-20160113211217-5731446c36ab // indirect
github.com/ian-kent/goose v0.0.0-20141221090059-c3541ea826ad // indirect
github.com/ian-kent/linkio v0.0.0-20170807205755-97566b872887 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
@ -215,9 +249,7 @@ require (
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgproto3/v2 v2.3.3 // indirect
github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
github.com/jackc/puddle/v2 v2.2.1 // indirect
github.com/jandelgado/gcov2lcov v1.0.5 // indirect
github.com/jessevdk/go-flags v1.5.0 // indirect
github.com/jackc/puddle/v2 v2.2.2 // indirect
github.com/joho/godotenv v1.5.1 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
@ -225,103 +257,83 @@ require (
github.com/knadh/koanf/parsers/toml v0.1.0 // indirect
github.com/knadh/koanf/parsers/yaml v0.1.0 // indirect
github.com/knadh/koanf/providers/posflag v0.1.0 // indirect
github.com/knadh/koanf/v2 v2.0.1 // indirect
github.com/kr/pretty v0.3.1 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/knadh/koanf/v2 v2.1.2 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
github.com/lestrrat-go/blackmagic v1.0.2 // indirect
github.com/lestrrat-go/httpcc v1.0.1 // indirect
github.com/lestrrat-go/httprc v1.0.6 // indirect
github.com/lestrrat-go/iter v1.0.2 // indirect
github.com/lestrrat-go/jwx v1.2.29
github.com/lestrrat-go/jwx v1.2.30
github.com/lestrrat-go/option v1.0.1 // indirect
github.com/lib/pq v1.10.9 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailhog/MailHog-Server v1.0.1 // indirect
github.com/mailhog/MailHog-UI v1.0.1 // indirect
github.com/mailhog/data v1.0.1 // indirect
github.com/mailhog/http v1.0.1 // indirect
github.com/mailhog/mhsendmail v0.2.0 // indirect
github.com/mailhog/smtp v1.0.1 // indirect
github.com/mailhog/storage v1.0.1 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/magiconair/properties v1.8.9 // indirect
github.com/mailru/easyjson v0.9.0 // indirect
github.com/mattn/go-colorable v0.1.14 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/microcosm-cc/bluemonday v1.0.26 // indirect
github.com/microcosm-cc/bluemonday v1.0.27 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/nyaruka/phonenumbers v1.4.1
github.com/ogier/pflag v0.0.1 // indirect
github.com/moby/term v0.5.2 // indirect
github.com/nyaruka/phonenumbers v1.5.0
github.com/oklog/ulid v1.3.1 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/opencontainers/runc v1.1.14 // indirect
github.com/opencontainers/image-spec v1.1.1 // indirect
github.com/opencontainers/runc v1.2.5 // indirect
github.com/openzipkin/zipkin-go v0.4.3 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/philhofer/fwd v1.1.3-0.20240612014219-fbbf4953d986 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/pkg/profile v1.7.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_golang v1.13.0 // indirect
github.com/prometheus/client_model v0.3.0 // indirect
github.com/prometheus/common v0.37.0 // indirect
github.com/prometheus/procfs v0.8.0 // indirect
github.com/rogpeppe/go-internal v1.13.1 // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/prometheus/client_golang v1.21.1 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.63.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/rogpeppe/go-internal v1.14.1 // indirect
github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect
github.com/segmentio/asm v1.2.0 // indirect
github.com/segmentio/backo-go v1.0.1 // indirect
github.com/segmentio/backo-go v1.1.0 // indirect
github.com/sergi/go-diff v1.3.1 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/smartystreets/assertions v1.0.0 // indirect
github.com/smartystreets/goconvey v1.6.4 // indirect
github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
github.com/spf13/viper v1.18.2 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/t-k/fluent-logger-golang v1.0.0 // indirect
github.com/spf13/cast v1.7.1 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
github.com/tinylib/msgp v1.2.0 // indirect
github.com/toqueteos/webbrowser v1.2.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
go.mongodb.org/mongo-driver v1.14.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.57.0 // indirect
go.opentelemetry.io/contrib/propagators/b3 v1.32.0 // indirect
go.opentelemetry.io/contrib/propagators/jaeger v1.32.0 // indirect
go.opentelemetry.io/contrib/samplers/jaegerremote v0.26.0 // indirect
go.mongodb.org/mongo-driver v1.17.3 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.60.0 // indirect
go.opentelemetry.io/contrib/propagators/b3 v1.35.0 // indirect
go.opentelemetry.io/contrib/propagators/jaeger v1.35.0 // indirect
go.opentelemetry.io/contrib/samplers/jaegerremote v0.29.0 // indirect
go.opentelemetry.io/otel/exporters/jaeger v1.17.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect; / indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 // indirect; / indirect
go.opentelemetry.io/otel/exporters/zipkin v1.32.0 // indirect; / indirect
go.opentelemetry.io/otel/metric v1.32.0 // indirect
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/mod v0.22.0 // indirect
golang.org/x/sys v0.30.0 // indirect
golang.org/x/tools v0.28.0 // indirect
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
google.golang.org/protobuf v1.35.1
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 // indirect; / indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 // indirect; / indirect
go.opentelemetry.io/otel/exporters/zipkin v1.35.0 // indirect; / indirect
go.opentelemetry.io/otel/metric v1.35.0 // indirect
go.opentelemetry.io/proto/otlp v1.5.0 // indirect
golang.org/x/mod v0.24.0 // indirect
golang.org/x/sys v0.31.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
google.golang.org/protobuf v1.36.5
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
tool (
github.com/cortesi/modd/cmd/modd
github.com/go-swagger/go-swagger/cmd/swagger
github.com/mailhog/MailHog
github.com/mikefarah/yq/v4
golang.org/x/tools/cmd/goimports
)

551
go.sum
View File

File diff suppressed because it is too large Load Diff

16
go_mod_indirect_pins.go
View File

@ -1,16 +0,0 @@
// Copyright © 2023 Ory Corp
// SPDX-License-Identifier: Apache-2.0
//go:build tools
// +build tools
package main
import (
_ "github.com/cortesi/modd/cmd/modd"
_ "github.com/go-swagger/go-swagger/cmd/swagger"
_ "github.com/mailhog/MailHog"
_ "github.com/mattn/goveralls"
_ "github.com/ory/go-acc"
)

2
identity/handler_test.go
View File

@ -1325,7 +1325,7 @@ func TestHandler(t *testing.T) {
for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} {
t.Run("endpoint="+name, func(t *testing.T) {
res := send(t, ts, "PATCH", "/identities/"+i.ID.String(), http.StatusBadRequest, nil)
assert.Contains(t, res.Get("error.message").String(), `unexpected end of JSON input`, res.Raw)
assert.Equal(t, res.Get("error.message").Str, "invalid state detected", res.Raw)
})
}
})

10
identity/test/pool.go
View File

@ -332,6 +332,7 @@ func TestPool(ctx context.Context, p persistence.Persister, m *identity.Manager,
identities[i] = NewTestIdentity(4, "persister-create-multiple", i)
}
require.NoError(t, p.CreateIdentities(ctx, identities...))
createdAt := time.Now().UTC()
for _, id := range identities {
idFromDB, err := p.GetIdentity(ctx, id.ID, identity.ExpandEverything)
@ -348,8 +349,8 @@ func TestPool(ctx context.Context, p persistence.Persister, m *identity.Manager,
assert.Equal(t, len(id.RecoveryAddresses), len(idFromDB.RecoveryAddresses))
assert.Equal(t, id.Credentials["password"].Identifiers, credFromDB.Identifiers)
assert.WithinDuration(t, time.Now().UTC(), credFromDB.CreatedAt, time.Minute)
assert.WithinDuration(t, time.Now().UTC(), credFromDB.UpdatedAt, time.Minute)
assert.WithinDuration(t, createdAt, credFromDB.CreatedAt, time.Minute)
assert.WithinDuration(t, createdAt, credFromDB.UpdatedAt, time.Minute)
// because of mysql precision
assert.WithinDuration(t, id.CreatedAt, idFromDB.CreatedAt, time.Second)
assert.WithinDuration(t, id.UpdatedAt, idFromDB.UpdatedAt, time.Second)
@ -369,6 +370,7 @@ func TestPool(ctx context.Context, p persistence.Persister, m *identity.Manager,
assert.ErrorIs(t, err, sqlcon.ErrUniqueViolation)
return
}
createdAt := time.Now().UTC()
errWithCtx := new(identity.CreateIdentitiesError)
require.ErrorAsf(t, err, &errWithCtx, "%#v", err)
@ -390,8 +392,8 @@ func TestPool(ctx context.Context, p persistence.Persister, m *identity.Manager,
assert.Equal(t, len(id.RecoveryAddresses), len(idFromDB.RecoveryAddresses))
assert.Equal(t, id.Credentials["password"].Identifiers, credFromDB.Identifiers)
assert.WithinDuration(t, time.Now().UTC(), credFromDB.CreatedAt, time.Minute)
assert.WithinDuration(t, time.Now().UTC(), credFromDB.UpdatedAt, time.Minute)
assert.WithinDuration(t, createdAt, credFromDB.CreatedAt, time.Minute)
assert.WithinDuration(t, createdAt, credFromDB.UpdatedAt, time.Minute)
// because of mysql precision
assert.WithinDuration(t, id.CreatedAt, idFromDB.CreatedAt, time.Second)
assert.WithinDuration(t, id.UpdatedAt, idFromDB.UpdatedAt, time.Second)

28
persistence/sql/migratest/migration_test.go
View File

@ -8,6 +8,8 @@ import (
"encoding/json"
"os"
"path/filepath"
"regexp"
"strings"
"sync"
"testing"
"time"
@ -22,8 +24,6 @@ import (
"github.com/ory/x/dbal"
"github.com/ory/kratos/x/xsql"
"github.com/ory/x/migratest"
"github.com/gobuffalo/pop/v6"
@ -95,7 +95,7 @@ func TestMigrations_Mysql(t *testing.T) {
t.Skip("skipping testing in short mode")
}
t.Parallel()
testDatabase(t, "mysql", dockertest.ConnectPop(t, dockertest.RunTestMySQLWithVersion(t, "8.0.34")))
testDatabase(t, "mysql", dockertest.ConnectPop(t, dockertest.RunTestMySQLWithVersion(t, "8.4")))
}
func TestMigrations_Cockroach(t *testing.T) {
@ -110,16 +110,6 @@ func testDatabase(t *testing.T, db string, c *pop.Connection) {
ctx := context.Background()
l := logrusx.New("", "", logrusx.ForceLevel(logrus.DebugLevel))
t.Logf("Cleaning up before migrations")
_ = os.Remove("../migrations/sql/schema.sql")
xsql.CleanSQL(t, c)
t.Cleanup(func() {
t.Logf("Cleaning up after migrations")
xsql.CleanSQL(t, c)
require.NoError(t, c.Close())
})
url := c.URL()
// workaround for https://github.com/gobuffalo/pop/issues/538
switch db {
@ -127,8 +117,20 @@ func testDatabase(t *testing.T, db string, c *pop.Connection) {
url = "mysql://" + url
case "sqlite":
url = "sqlite3://" + url
case "cockroach":
url = "cockroach" + strings.TrimPrefix(url, "postgres")
}
if db != "sqlite" {
dbName := "testdb" + strings.ReplaceAll(x.NewUUID().String(), "-", "")
require.NoError(t, c.RawQuery("CREATE DATABASE "+dbName).Exec())
url = regexp.MustCompile("/[a-z0-9]+\\?").ReplaceAllString(url, "/"+dbName+"?")
}
t.Logf("URL: %s", url)
var err error
c, err = pop.NewConnection(&pop.ConnectionDetails{URL: url})
require.NoError(t, err)
require.NoError(t, c.Open())
tm, err := popx.NewMigrationBox(
os.DirFS("../migrations/sql"),

34
persistence/sql/persister_test.go
View File

@ -6,7 +6,8 @@ package sql_test
import (
"context"
"fmt"
"os"
"regexp"
"strings"
"sync"
"testing"
"time"
@ -44,7 +45,6 @@ import (
link "github.com/ory/kratos/selfservice/strategy/link/test"
session "github.com/ory/kratos/session/test"
"github.com/ory/kratos/x"
"github.com/ory/kratos/x/xsql"
"github.com/ory/x/sqlcon"
"github.com/ory/x/sqlcon/dockertest"
"github.com/ory/x/sqlxx"
@ -98,14 +98,13 @@ func createCleanDatabases(t testing.TB) map[string]*driver.RegistryDefault {
"sqlite": "sqlite://file:" + t.TempDir() + "/db.sqlite?_fk=true&max_conns=1&lock=false",
}
var l sync.Mutex
if !testing.Short() {
funcs := map[string]func(t testing.TB) string{
"postgres": func(t testing.TB) string {
return dockertest.RunTestPostgreSQLWithVersion(t, "16")
},
"mysql": func(t testing.TB) string {
return dockertest.RunTestMySQLWithVersion(t, "8.0")
return dockertest.RunTestMySQLWithVersion(t, "8.4")
},
"cockroach": newLocalTestCRDBServer,
}
@ -117,9 +116,7 @@ func createCleanDatabases(t testing.TB) map[string]*driver.RegistryDefault {
go func(s string, f func(t testing.TB) string) {
defer wg.Done()
db := f(t)
l.Lock()
conns[s] = db
l.Unlock()
}(k, f)
}
@ -132,18 +129,23 @@ func createCleanDatabases(t testing.TB) map[string]*driver.RegistryDefault {
for name, dsn := range conns {
go func(name, dsn string) {
defer wg.Done()
if name != "sqlite" {
require.EventuallyWithT(t, func(t *assert.CollectT) {
c, err := pop.NewConnection(&pop.ConnectionDetails{URL: dsn})
require.NoError(t, err)
require.NoError(t, c.Open())
dbName := "testdb" + strings.ReplaceAll(x.NewUUID().String(), "-", "")
require.NoError(t, c.RawQuery("CREATE DATABASE "+dbName).Exec())
dsn = regexp.MustCompile("/[a-z0-9]+\\?").ReplaceAllString(dsn, "/"+dbName+"?")
}, 20*time.Second, 100*time.Millisecond)
}
t.Logf("Connecting to %s: %s", name, dsn)
_, reg := internal.NewRegistryDefaultWithDSN(t, dsn)
p := reg.Persister().(*sql.Persister)
t.Logf("Cleaning up %s", name)
_ = os.Remove("migrations/schema.sql")
xsql.CleanSQL(t, p.Connection(context.Background()))
t.Cleanup(func() {
xsql.CleanSQL(t, p.Connection(context.Background()))
_ = os.Remove("migrations/schema.sql")
})
t.Logf("Applying %s migrations", name)
pop.SetLogger(pl(t))
require.NoError(t, p.MigrateUp(context.Background()))
@ -152,9 +154,7 @@ func createCleanDatabases(t testing.TB) map[string]*driver.RegistryDefault {
require.NoError(t, err)
require.False(t, status.HasPending())
l.Lock()
ps[name] = reg
l.Unlock()
t.Logf("Database %s initialized successfully", name)
}(name, dsn)
@ -388,7 +388,7 @@ func Benchmark_BatchCreateIdentities(b *testing.B) {
}
func newLocalTestCRDBServer(t testing.TB) string {
ts, err := testserver.NewTestServer(testserver.CustomVersionOpt("23.1.13"))
ts, err := testserver.NewTestServer(testserver.CustomVersionOpt("v23.1.13"))
require.NoError(t, err)
t.Cleanup(ts.Stop)

101
selfservice/flow/login/hook_test.go
View File

@ -6,6 +6,7 @@ package login_test
import (
"context"
"database/sql"
"fmt"
"net/http"
"net/http/httptest"
"net/url"
@ -43,7 +44,7 @@ func TestLoginExecutor(t *testing.T) {
conf, reg := internal.NewFastRegistryWithMocks(t)
reg.WithHydra(hydra.NewFake())
testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json")
conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/")
conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToServer.URL)
_ = testhelpers.NewLoginUIFlowEchoServer(t, reg)
newServer := func(t *testing.T, ft flow.Type, useIdentity *identity.Identity, flowCallback ...func(*login.Flow)) *httptest.Server {
@ -109,9 +110,9 @@ func TestLoginExecutor(t *testing.T) {
t.Run("case=pass without hooks", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL, res.Request.URL.String())
})
t.Run("case=pass without hooks if client is ajax", func(t *testing.T) {
@ -119,18 +120,18 @@ func TestLoginExecutor(t *testing.T) {
ts := newServer(t, flow.TypeBrowser, nil)
res, body := makeRequestPost(t, ts, true, url.Values{})
require.Equal(t, http.StatusOK, res.StatusCode)
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), ts.URL)
assert.EqualValues(t, gjson.Get(body, "continue_with").Raw, `[{"action":"redirect_browser_to","redirect_browser_to":"https://www.ory.sh/"}]`)
assert.JSONEq(t, fmt.Sprintf(`[{"action":"redirect_browser_to","redirect_browser_to":"%s"}]`, returnToServer.URL), gjson.Get(body, "continue_with").Raw)
})
t.Run("case=pass if hooks pass", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
viperSetPost(t, conf, strategy.String(), []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}})
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
require.Equal(t, http.StatusOK, res.StatusCode)
assert.Equal(t, "https://www.ory.sh/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Equal(t, returnToServer.URL, res.Request.URL.String())
})
t.Run("case=fail if hooks fail", func(t *testing.T) {
@ -139,53 +140,53 @@ func TestLoginExecutor(t *testing.T) {
ts := newServer(t, flow.TypeBrowser, nil)
res, body := makeRequestPost(t, ts, false, url.Values{})
require.Equal(t, http.StatusOK, res.StatusCode)
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), ts.URL)
assert.Empty(t, body)
})
t.Run("case=use return_to value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnToServer.URL})
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})
require.Equal(t, http.StatusOK, res.StatusCode)
assert.Equal(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{"return_to": {returnToServer.URL + "/kratos"}})
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Equal(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=use nested config value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+"."+config.DefaultBrowserReturnURL, "https://www.ory.sh/kratos")
conf.MustSet(ctx, config.ViperKeySelfServiceLoginAfter+"."+config.DefaultBrowserReturnURL, returnToServer.URL+"/kratos")
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=use nested config value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
testhelpers.SelfServiceHookLoginSetDefaultRedirectTo(t, conf, "https://www.ory.sh/not-kratos")
testhelpers.SelfServiceHookLoginSetDefaultRedirectToStrategy(t, conf, strategy.String(), "https://www.ory.sh/kratos")
testhelpers.SelfServiceHookLoginSetDefaultRedirectTo(t, conf, returnToServer.URL+"/not-kratos")
testhelpers.SelfServiceHookLoginSetDefaultRedirectToStrategy(t, conf, strategy.String(), returnToServer.URL+"/kratos")
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=pass if hooks pass", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
viperSetPost(t, conf, strategy.String(), []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}})
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL, res.Request.URL.String())
})
t.Run("case=send a json response for API clients", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
res, body := makeRequestPost(t, newServer(t, flow.TypeAPI, nil), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "session.identity.id").String())
})
@ -197,7 +198,7 @@ func TestLoginExecutor(t *testing.T) {
f.OAuth2LoginChallenge = hydra.FakeValidLoginChallenge
}
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil, withOAuthChallenge), true, url.Values{})
assert.EqualValues(t, http.StatusUnprocessableEntity, res.StatusCode)
require.EqualValuesf(t, http.StatusUnprocessableEntity, res.StatusCode, "%s", body)
assert.Equal(t, hydra.FakePostLoginURL, gjson.Get(body, "redirect_browser_to").String(), "%s", body)
})
@ -208,7 +209,7 @@ func TestLoginExecutor(t *testing.T) {
f.OAuth2LoginChallenge = hydra.FakeInvalidLoginChallenge
}
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil, withOAuthChallenge), true, url.Values{})
assert.EqualValues(t, http.StatusInternalServerError, res.StatusCode)
require.EqualValuesf(t, http.StatusInternalServerError, res.StatusCode, "%s", body)
assert.Equal(t, hydra.ErrFakeAcceptLoginRequestFailed.Error(), body, "%s", body)
})
})
@ -217,7 +218,7 @@ func TestLoginExecutor(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "session.identity.id").String())
assert.Empty(t, gjson.Get(body, "session.token").String())
assert.Empty(t, gjson.Get(body, "session_token").String())
@ -234,21 +235,21 @@ func TestLoginExecutor(t *testing.T) {
require.NoError(t, reg.Persister().CreateIdentity(context.Background(), useIdentity))
t.Run("browser client", func(t *testing.T) {
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL, res.Request.URL.String())
})
t.Run("api client returns the session with identity and the token", func(t *testing.T) {
res, body := makeRequestPost(t, newServer(t, flow.TypeAPI, useIdentity), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "session.identity").String())
assert.NotEmpty(t, gjson.Get(body, "session_token").String())
})
t.Run("browser JSON client returns the session with identity but not the token", func(t *testing.T) {
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "session.id").String())
assert.NotEmpty(t, gjson.Get(body, "session.identity").String())
assert.Empty(t, gjson.Get(body, "session_token").String())
@ -271,16 +272,16 @@ func TestLoginExecutor(t *testing.T) {
require.NoError(t, reg.Persister().CreateIdentity(context.Background(), useIdentity))
t.Run("browser client", func(t *testing.T) {
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), false, url.Values{})
assert.EqualValues(t, http.StatusNotFound, res.StatusCode)
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), false, url.Values{})
require.EqualValuesf(t, http.StatusNotFound, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), "/self-service/login/browser?aal=aal2")
})
t.Run("browser client with login challenge", func(t *testing.T) {
res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), false, url.Values{
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), false, url.Values{
"login_challenge": []string{hydra.FakeValidLoginChallenge},
})
assert.EqualValues(t, http.StatusNotFound, res.StatusCode)
require.EqualValuesf(t, http.StatusNotFound, res.StatusCode, "%s", body)
assert.Equal(t, res.Request.URL.Path, "/self-service/login/browser")
assert.Equal(t, res.Request.URL.Query().Get("aal"), "aal2")
@ -289,14 +290,14 @@ func TestLoginExecutor(t *testing.T) {
t.Run("api client returns the token and the session without the identity", func(t *testing.T) {
res, body := makeRequestPost(t, newServer(t, flow.TypeAPI, useIdentity), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Empty(t, gjson.Get(body, "session.identity").String())
assert.NotEmpty(t, gjson.Get(body, "session_token").String())
})
t.Run("browser JSON client", func(t *testing.T) {
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), true, url.Values{})
assert.EqualValues(t, http.StatusUnprocessableEntity, res.StatusCode)
require.EqualValuesf(t, http.StatusUnprocessableEntity, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "redirect_browser_to").String())
assert.Contains(t, gjson.Get(body, "redirect_browser_to").String(), "/self-service/login/browser?aal=aal2", "%s", body)
})
@ -305,7 +306,7 @@ func TestLoginExecutor(t *testing.T) {
res, body := makeRequestPost(t, newServer(t, flow.TypeBrowser, useIdentity), true, url.Values{
"login_challenge": []string{hydra.FakeValidLoginChallenge},
})
assert.EqualValues(t, http.StatusUnprocessableEntity, res.StatusCode)
require.EqualValuesf(t, http.StatusUnprocessableEntity, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "redirect_browser_to").String())
redirectBrowserTo, err := url.Parse(gjson.Get(body, "redirect_browser_to").String())
@ -414,8 +415,8 @@ func TestLoginExecutor(t *testing.T) {
}))
})
res, body := testhelpers.SelfServiceMakeHookRequest(t, ts, "/login/post2fa", false, url.Values{})
assert.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Equalf(t, "https://www.ory.sh/", res.Request.URL.String(), "%s", body)
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Equalf(t, returnToServer.URL, res.Request.URL.String(), "%s", body)
ident, err := reg.Persister().GetIdentity(ctx, twoFAIdentitiy.ID, identity.ExpandCredentials)
require.NoError(t, err)
@ -430,8 +431,8 @@ func TestLoginExecutor(t *testing.T) {
DuplicateIdentifier: email1,
}))
}), false, url.Values{})
assert.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Equalf(t, "https://www.ory.sh/", res.Request.URL.String(), "%s", body)
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Equalf(t, returnToServer.URL, res.Request.URL.String(), "%s", body)
ident, err := reg.Persister().GetIdentity(ctx, passwordOnlyIdentity.ID, identity.ExpandCredentials)
require.NoError(t, err)
@ -446,7 +447,7 @@ func TestLoginExecutor(t *testing.T) {
DuplicateIdentifier: "wrong@example.com",
}))
}), false, url.Values{})
assert.EqualValues(t, http.StatusInternalServerError, res.StatusCode)
require.EqualValues(t, http.StatusInternalServerError, res.StatusCode)
assert.Equal(t, schema.NewLinkedCredentialsDoNotMatch().Error(), body, "%s", body)
})
})
@ -476,11 +477,11 @@ func TestLoginExecutor(t *testing.T) {
}
t.Run("method=checkAAL", func(t *testing.T) {
ctx := confighelpers.WithConfigValue(ctx, config.ViperKeyPublicBaseURL, "https://www.ory.sh/")
ctx := confighelpers.WithConfigValue(ctx, config.ViperKeyPublicBaseURL, returnToServer.URL)
conf, reg := internal.NewFastRegistryWithMocks(t)
testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/login.schema.json")
conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/")
conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToServer.URL)
t.Run("returns no error when sufficient", func(t *testing.T) {
ctx := confighelpers.WithConfigValue(ctx, config.ViperKeySessionWhoAmIAAL, identity.AuthenticatorAssuranceLevel1)
@ -527,7 +528,7 @@ func TestLoginExecutor(t *testing.T) {
}),
&aalErr,
)
assert.Equal(t, "https://www.ory.sh/self-service/login/browser?aal=aal2&login_challenge=challenge&return_to=https%3A%2F%2Fwww.ory.sh%2Fkratos", aalErr.RedirectTo)
assert.Equal(t, returnToServer.URL+"/self-service/login/browser?aal=aal2&login_challenge=challenge&return_to=https%3A%2F%2Fwww.ory.sh%2Fkratos", aalErr.RedirectTo)
})
})
}

20
selfservice/flow/login/testsetup_test.go Normal file
View File

@ -0,0 +1,20 @@
// Copyright © 2025 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package login_test
import (
"net/http"
"net/http/httptest"
"os"
"testing"
)
var returnToServer *httptest.Server
func TestMain(m *testing.M) {
returnToServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("OK"))
}))
os.Exit(m.Run())
}

71
selfservice/flow/registration/hook_test.go
View File

@ -5,6 +5,7 @@ package registration_test
import (
"context"
"fmt"
"net/http"
"net/url"
"testing"
@ -41,7 +42,7 @@ func TestRegistrationExecutor(t *testing.T) {
conf, reg := internal.NewFastRegistryWithMocks(t)
reg.WithHydra(hydra.NewFake())
testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/registration.schema.json")
conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/")
conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToServer.URL)
newServer := func(t *testing.T, i *identity.Identity, ft flow.Type, flowCallbacks ...func(*registration.Flow)) *httptest.Server {
router := httprouter.New()
@ -82,9 +83,9 @@ func TestRegistrationExecutor(t *testing.T) {
i := testhelpers.SelfServiceHookFakeIdentity(t)
ts := newServer(t, i, flow.TypeBrowser)
res, _ := makeRequestPost(t, ts, false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/", res.Request.URL.String())
res, body := makeRequestPost(t, ts, false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL, res.Request.URL.String())
actual, err := reg.IdentityPool().GetIdentity(context.Background(), i.ID, identity.ExpandNothing)
require.NoError(t, err)
@ -97,9 +98,9 @@ func TestRegistrationExecutor(t *testing.T) {
ts := newServer(t, i, flow.TypeBrowser)
res, body := makeRequestPost(t, ts, true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), ts.URL)
assert.EqualValues(t, gjson.Get(body, "continue_with").Raw, `[{"action":"redirect_browser_to","redirect_browser_to":"https://www.ory.sh/"}]`)
assert.JSONEq(t, fmt.Sprintf(`[{"action":"redirect_browser_to","redirect_browser_to":"%s"}]`, returnToServer.URL), gjson.Get(body, "continue_with").Raw)
actual, err := reg.IdentityPool().GetIdentity(context.Background(), i.ID, identity.ExpandNothing)
require.NoError(t, err)
@ -110,9 +111,9 @@ func TestRegistrationExecutor(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
viperSetPost(t, conf, strategy, []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}})
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL, res.Request.URL.String())
})
t.Run("case=fail if hooks fail", func(t *testing.T) {
@ -121,7 +122,7 @@ func TestRegistrationExecutor(t *testing.T) {
i := testhelpers.SelfServiceHookFakeIdentity(t)
res, body := makeRequestPost(t, newServer(t, i, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Equal(t, "", body)
_, err := reg.IdentityPool().GetIdentity(context.Background(), i.ID, identity.ExpandNothing)
@ -130,47 +131,47 @@ func TestRegistrationExecutor(t *testing.T) {
t.Run("case=use return_to value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnToServer.URL})
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{"return_to": {returnToServer.URL + "/kratos"}})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=use nested config value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
testhelpers.SelfServiceHookRegistrationSetDefaultRedirectToStrategy(t, conf, strategy, "https://www.ory.sh/kratos")
testhelpers.SelfServiceHookRegistrationSetDefaultRedirectToStrategy(t, conf, strategy, returnToServer.URL+"/kratos")
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=use nested config value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/kratos"})
testhelpers.SelfServiceHookRegistrationSetDefaultRedirectTo(t, conf, "https://www.ory.sh/not-kratos")
testhelpers.SelfServiceHookRegistrationSetDefaultRedirectToStrategy(t, conf, strategy, "https://www.ory.sh/kratos")
conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnToServer.URL + "/kratos"})
testhelpers.SelfServiceHookRegistrationSetDefaultRedirectTo(t, conf, returnToServer.URL+"/not-kratos")
testhelpers.SelfServiceHookRegistrationSetDefaultRedirectToStrategy(t, conf, strategy, returnToServer.URL+"/kratos")
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=pass if hooks pass", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
viperSetPost(t, conf, strategy, []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}})
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL, res.Request.URL.String())
})
t.Run("case=send a json response for API clients", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeAPI), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "identity.id"))
})
@ -178,7 +179,7 @@ func TestRegistrationExecutor(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "identity.id"))
assert.Empty(t, gjson.Get(body, "session.token"))
assert.Empty(t, gjson.Get(body, "session_token"))
@ -196,8 +197,8 @@ func TestRegistrationExecutor(t *testing.T) {
i := testhelpers.SelfServiceHookFakeIdentity(t)
i.Traits = identity.Traits(`{"email": "verifiable@ory.sh"}`)
res, _ := makeRequestPost(t, newServer(t, i, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
res, body := makeRequestPost(t, newServer(t, i, flow.TypeBrowser), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), verificationTS.URL)
assert.NotEmpty(t, res.Request.URL.Query().Get("flow"))
})
@ -215,8 +216,8 @@ func TestRegistrationExecutor(t *testing.T) {
withOAuthChallenge := func(f *registration.Flow) {
f.OAuth2LoginChallenge = hydra.FakeValidLoginChallenge
}
res, _ := makeRequestPost(t, newServer(t, i, flow.TypeBrowser, withOAuthChallenge), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
res, body := makeRequestPost(t, newServer(t, i, flow.TypeBrowser, withOAuthChallenge), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), verificationTS.URL)
flowID := res.Request.URL.Query().Get("flow")
require.NotEmpty(t, flowID)
@ -239,8 +240,8 @@ func TestRegistrationExecutor(t *testing.T) {
i.SchemaID = testhelpers.UseIdentitySchema(t, conf, "file://./stub/registration-multi-email.schema.json")
i.Traits = identity.Traits(`{"emails": ["one@ory.sh", "two@ory.sh"]}`)
res, _ := makeRequestPost(t, newServer(t, i, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
res, body := makeRequestPost(t, newServer(t, i, flow.TypeBrowser), false, url.Values{})
require.EqualValuesf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), verificationTS.URL)
assert.NotEmpty(t, res.Request.URL.Query().Get("flow"))
})

20
selfservice/flow/registration/testsetup_test.go Normal file
View File

@ -0,0 +1,20 @@
// Copyright © 2025 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package registration_test
import (
"net/http"
"net/http/httptest"
"os"
"testing"
)
var returnToServer *httptest.Server
func TestMain(m *testing.M) {
returnToServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("OK"))
}))
os.Exit(m.Run())
}

46
selfservice/flow/settings/hook_test.go
View File

@ -37,7 +37,7 @@ func TestSettingsExecutor(t *testing.T) {
conf, reg := internal.NewFastRegistryWithMocks(t)
testhelpers.SetDefaultIdentitySchema(conf, "file://./stub/identity.schema.json")
conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh/")
conf.MustSet(ctx, config.ViperKeySelfServiceBrowserDefaultReturnTo, returnToServer.URL)
reg.WithHooks(map[string]func(config.SelfServiceHook) interface{}{
"err": func(c config.SelfServiceHook) interface{} {
@ -95,8 +95,8 @@ func TestSettingsExecutor(t *testing.T) {
t.Run("case=pass without hooks", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), uiURL)
})
@ -105,7 +105,7 @@ func TestSettingsExecutor(t *testing.T) {
ts := newServer(t, nil, flow.TypeBrowser)
res, body := makeRequestPost(t, ts, true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), ts.URL)
assert.EqualValues(t, gjson.Get(body, "continue_with.0.action").String(), "redirect_browser_to")
})
@ -114,8 +114,8 @@ func TestSettingsExecutor(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
viperSetPost(strategy, []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}})
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), uiURL)
})
@ -124,44 +124,44 @@ func TestSettingsExecutor(t *testing.T) {
viperSetPost(strategy, []config.SelfServiceHook{{Name: "err", Config: []byte(`{"ExecuteSettingsPrePersistHook": "abort"}`)}})
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Equal(t, "", body)
})
t.Run("case=use return_to value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(ctx, config.ViperKeyURLsAllowedReturnToDomains, []string{returnToServer.URL})
testhelpers.SelfServiceHookSettingsSetDefaultRedirectTo(t, conf, "https://www.ory.sh")
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{"return_to": {returnToServer.URL + "/kratos"}})
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=use nested config value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
testhelpers.SelfServiceHookSettingsSetDefaultRedirectTo(t, conf, "https://www.ory.sh/kratos")
testhelpers.SelfServiceHookSettingsSetDefaultRedirectTo(t, conf, returnToServer.URL+"/kratos")
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=use nested config value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
testhelpers.SelfServiceHookSettingsSetDefaultRedirectTo(t, conf, "https://www.ory.sh/not-kratos")
testhelpers.SelfServiceHookSettingsSetDefaultRedirectToStrategy(t, conf, strategy, "https://www.ory.sh/kratos")
testhelpers.SelfServiceHookSettingsSetDefaultRedirectToStrategy(t, conf, strategy, returnToServer.URL+"/kratos")
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
assert.EqualValues(t, "https://www.ory.sh/kratos/", res.Request.URL.String())
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.EqualValues(t, returnToServer.URL+"/kratos", res.Request.URL.String())
})
t.Run("case=pass if hooks pass", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
viperSetPost(strategy, []config.SelfServiceHook{{Name: "err", Config: []byte(`{}`)}})
res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{})
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.Contains(t, res.Request.URL.String(), uiURL)
})
@ -169,7 +169,7 @@ func TestSettingsExecutor(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
viperSetPost(strategy, nil)
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeAPI), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "identity.id"))
})
@ -177,7 +177,7 @@ func TestSettingsExecutor(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
res, body := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), true, url.Values{})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
require.Equalf(t, http.StatusOK, res.StatusCode, "%s", body)
assert.NotEmpty(t, gjson.Get(body, "identity.id"))
})
})

20
selfservice/flow/settings/testsetup_test.go Normal file
View File

@ -0,0 +1,20 @@
// Copyright © 2025 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package settings_test
import (
"net/http"
"net/http/httptest"
"os"
"testing"
)
var returnToServer *httptest.Server
func TestMain(m *testing.M) {
returnToServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("OK"))
}))
os.Exit(m.Run())
}

3
selfservice/strategy/profile/strategy_test.go
View File

@ -593,21 +593,18 @@ func TestStrategyTraits(t *testing.T) {
}
t.Run("type=api", func(t *testing.T) {
setPrivilegedTime(t, time.Second*10)
email := "not-john-doe-api@mail.com"
actual := expectSuccess(t, true, false, apiUser1, payload(email))
check(t, email, actual)
})
t.Run("type=sqa", func(t *testing.T) {
setPrivilegedTime(t, time.Second*10)
email := "not-john-doe-browser@mail.com"
actual := expectSuccess(t, false, true, browserUser1, payload(email))
check(t, email, actual)
})
t.Run("type=browser", func(t *testing.T) {
setPrivilegedTime(t, time.Second*10)
email := "not-john-doe-browser@mail.com"
actual := expectSuccess(t, false, false, browserUser1, payload(email))
check(t, email, actual)

3
test/e2e/playwright.config.ts
View File

@ -59,8 +59,7 @@ export default defineConfig({
timeout: 5 * 60 * 1000, // 5 minutes
},
{
command:
"make .bin/MailHog && .bin/MailHog -smtp-bind-addr=localhost:8026",
command: "go tool MailHog -smtp-bind-addr=localhost:8026",
cwd: "../..",
reuseExistingServer: false,
url: "http://localhost:8025/",

6
test/e2e/run.sh
View File

@ -7,8 +7,6 @@ set -euxo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
make .bin/hydra
make .bin/yq
make .bin/modd
export PATH=.bin:$PATH
export KRATOS_PUBLIC_URL=http://localhost:4433/
@ -254,12 +252,12 @@ run() {
ls -la .
for profile in code email mobile oidc recovery recovery-mfa verification mfa mfa-optional spa network passwordless passkey webhooks oidc-provider oidc-provider-mfa two-steps; do
yq ea '. as $item ireduce ({}; . * $item )' test/e2e/profiles/kratos.base.yml "test/e2e/profiles/${profile}/.kratos.yml" > test/e2e/kratos.${profile}.yml
go tool yq ea '. as $item ireduce ({}; . * $item )' test/e2e/profiles/kratos.base.yml "test/e2e/profiles/${profile}/.kratos.yml" > test/e2e/kratos.${profile}.yml
cat "test/e2e/kratos.${profile}.yml" | envsubst | sponge "test/e2e/kratos.${profile}.yml"
done
cp test/e2e/kratos.email.yml test/e2e/kratos.generated.yml
(modd -f test/e2e/modd.conf >"${base}/test/e2e/kratos.e2e.log" 2>&1 &)
(go tool modd -f test/e2e/modd.conf >"${base}/test/e2e/kratos.e2e.log" 2>&1 &)
npm run wait-on -- -l -t 300000 http-get://127.0.0.1:4434/health/ready \
http-get://127.0.0.1:4444/.well-known/openid-configuration \

69
x/xsql/sql.go
View File

@ -1,69 +0,0 @@
// Copyright © 2023 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package xsql
import (
"context"
"testing"
"github.com/gobuffalo/pop/v6"
"github.com/ory/kratos/selfservice/errorx"
"github.com/ory/kratos/selfservice/sessiontokenexchange"
"github.com/ory/kratos/continuity"
"github.com/ory/kratos/courier"
"github.com/ory/kratos/identity"
"github.com/ory/kratos/selfservice/flow/login"
"github.com/ory/kratos/selfservice/flow/recovery"
"github.com/ory/kratos/selfservice/flow/registration"
"github.com/ory/kratos/selfservice/flow/settings"
"github.com/ory/kratos/selfservice/flow/verification"
"github.com/ory/kratos/selfservice/strategy/code"
"github.com/ory/kratos/selfservice/strategy/link"
"github.com/ory/kratos/session"
)
func CleanSQL(t testing.TB, c *pop.Connection) {
ctx := context.Background()
for _, table := range []string{
new(code.LoginCode).TableName(ctx),
new(code.RegistrationCode).TableName(ctx),
new(continuity.Container).TableName(ctx),
new(courier.MessageDispatch).TableName(),
new(courier.Message).TableName(ctx),
new(session.Device).TableName(ctx),
new(session.Session).TableName(ctx),
new(login.Flow).TableName(ctx),
new(registration.Flow).TableName(ctx),
new(settings.Flow).TableName(ctx),
new(link.RecoveryToken).TableName(ctx),
new(link.VerificationToken).TableName(ctx),
new(code.RecoveryCode).TableName(ctx),
new(code.VerificationCode).TableName(ctx),
new(recovery.Flow).TableName(ctx),
new(verification.Flow).TableName(ctx),
new(errorx.ErrorContainer).TableName(ctx),
new(identity.CredentialIdentifier).TableName(ctx),
new(identity.Credentials).TableName(ctx),
new(identity.VerifiableAddress).TableName(ctx),
new(identity.RecoveryAddress).TableName(ctx),
new(identity.Identity).TableName(ctx),
new(identity.CredentialsTypeTable).TableName(ctx),
new(sessiontokenexchange.Exchanger).TableName(),
"networks",
"schema_migration",
} {
if err := c.RawQuery("DROP TABLE IF EXISTS " + table).Exec(); err != nil {
t.Logf(`Unable to clean up table "%s": %s`, table, err)
}
}
t.Logf("Successfully cleaned up database: %s", c.Dialect.Name())
}