Set up ory kratos, add identity admin api #1460
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #1460 +/- ##
==========================================
+ Coverage 15.49% 15.61% +0.11%
==========================================
Files 1143 1148 +5
Lines 109672 109930 +258
==========================================
+ Hits 16995 17166 +171
- Misses 91020 91051 +31
- Partials 1657 1713 +56
|
shuofan
force-pushed
the
feature/ory-kratos-setup
branch
from
db847bd to
ea72ec5
Compare
shuofan
force-pushed
the
feature/ory-kratos-setup
branch
from
ea72ec5 to
6dadb3b
Compare
Effet
previously requested changes
Sep 10, 2021
| @@ -86,6 +86,10 @@ func freezeUser(w http.ResponseWriter, r *http.Request) { | |||
| } | |||
|
|
|||
| func handleFreezeUser(userID, operatorID string, token ucauth.OAuthToken) error { | |||
| if token.TokenType == ucauth.OryCompatibleClientId { | |||
| return ucauth.ChangeUserState(token.AccessToken, userID, "inactive") | |||
There was a problem hiding this comment.
magic value is not good: "inactive"
| // TODO: password oidc | ||
| if token.TokenType == ucauth.OryCompatibleClientId { | ||
| return &listLoginTypeResult{ | ||
| RegistryType: []string{"email"}, |
| @@ -87,6 +87,10 @@ func unfreezeUser(w http.ResponseWriter, r *http.Request) { | |||
| } | |||
|
|
|||
| func handleUnfreezeUser(userID, operatorID string, token ucauth.OAuthToken) error { | |||
| if token.TokenType == ucauth.OryCompatibleClientId { | |||
| return ucauth.ChangeUserState(token.AccessToken, userID, "active") | |||
pkg/ucauth/identity_paging.go
Outdated
| cnt++ | ||
| } | ||
| } | ||
| if cnt >= 10 { |
| if start > len(i) { | ||
| return nil | ||
| } | ||
| end := start + pageSize |
There was a problem hiding this comment.
it's better to ensure pageSize > 0
| @@ -0,0 +1,52 @@ | |||
| { | |||
| "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json", | |||
There was a problem hiding this comment.
looks like it's an example value.
pkg/ucauth/kratos/kratos.yml
Outdated
| @@ -0,0 +1,80 @@ | |||
| version: v0.4.6-alpha.1 | |||
| base_url: http://kratos:4434/ | ||
|
|
||
| selfservice: | ||
| default_browser_return_url: http://one.erda.local |
There was a problem hiding this comment.
should be replace to related path, not static domain
There was a problem hiding this comment.
Config source validation has been improved in later ory/kratos version. we are not using it. it can be replaced by env SELFSERVICE_DEFAULT_BROWSER_RETURN_URL .
pkg/ucauth/model.go
Outdated
| Mobile: u.Phone, | ||
| Email: u.Email, | ||
| Enabled: true, | ||
| Locked: u.State == "inactive", |
| @@ -11,7 +11,7 @@ serve: | |||
| base_url: http://kratos:4434/ | |||
|
|
|||
| selfservice: | |||
| default_browser_return_url: / | |||
| default_browser_return_url: http://one.erda.local | |||
shuofan
force-pushed
the
feature/ory-kratos-setup
branch
from
6dadb3b to
1f5f9cb
Compare
sfwn
requested changes
Sep 18, 2021
| @@ -0,0 +1,7 @@ | |||
| CREATE TABLE `kratos_uc_userid_mapping` ( | |||
| `id` varchar(50) NOT NULL COMMENT 'uc userid', | |||
There was a problem hiding this comment.
change id to uc_user_id.
add index for both uc_user_id and user_id separately.
| func (client *DBClient) InsertMapping(userID, uuid, hash string) error { | ||
| return client.Transaction(func(tx *gorm.DB) error { | ||
| sql := fmt.Sprintf("UPDATE identity_credentials SET config = JSON_SET(config, '$.hashed_password', ?) WHERE identity_id = ?") | ||
| if err := client.Exec(sql, hash, uuid).Error; err != nil { |
sfwn
requested changes
Sep 18, 2021
| @@ -244,6 +246,12 @@ func WithFileSvc(svc *filesvc.FileService) Option { | |||
| } | |||
| } | |||
|
|
|||
| func WithMigrationSvc(svc *migration.Migration) Option { | |||
There was a problem hiding this comment.
Bad pkg. Just put it under uc service.
| @@ -433,5 +449,6 @@ func (e *Endpoints) Routes() []httpserver.Endpoint { | |||
| {Path: "/api/users", Method: http.MethodGet, Handler: e.ListUser}, | |||
| {Path: "/api/users/current", Method: http.MethodGet, Handler: e.GetCurrentUser}, | |||
| {Path: "/api/users/actions/search", Method: http.MethodGet, Handler: e.SearchUser}, | |||
| {Path: "/api/users/userID", Method: http.MethodGet, Handler: e.GetUcUserID}, | |||
modules/core-services/initialize.go
Outdated
| return | ||
| } | ||
| for i := 0; i < 3; i++ { | ||
| if ep.UcSvc().MigrationReady() { |
modules/core-services/initialize.go
Outdated
| if !conf.OryEnabled() { | ||
| return | ||
| } | ||
| for i := 0; i < 3; i++ { |
| @@ -0,0 +1,20 @@ | |||
| package model | |||
modules/openapi/conf/conf.go
Outdated
| } | ||
|
|
||
| // TODO change return url | ||
| func OryLogoutURL() string { | ||
| return "/.ory/kratos/public/self-service/browser/flows/logout" |
There was a problem hiding this comment.
will remove deprecated configs
shuofan
force-pushed
the
feature/ory-kratos-setup
branch
2 times, most recently
from
20f8a5e to
79bc038
Compare
shuofan
force-pushed
the
feature/ory-kratos-setup
branch
from
79bc038 to
d3a43be
Compare
sfwn
requested changes
Sep 22, 2021
| @@ -254,6 +262,14 @@ func (e *Endpoints) GetLocale(request *http.Request) *i18n.LocaleResource { | |||
| return e.bdl.GetLocaleByRequest(request) | |||
| } | |||
|
|
|||
| func (e *Endpoints) MigrationSvc() *migration.Migration { | |||
| lifespan: 10m | ||
|
|
||
| registration: | ||
| lifespan: 10m | ||
| ui_url: /uc/auth/registration | ||
| ui_url: http://one.erda.local/uc/auth/registration |
There was a problem hiding this comment.
add comment in code. Not just on conversation.
sfwn
approved these changes
Sep 22, 2021
|
/approve |
erda-bot
approved these changes
Sep 22, 2021
|
/cherry-pick release/1.3 |
erda-bot
pushed a commit
to erda-bot/erda
that referenced
this pull request
Sep 23, 2021
* Set up ory kratos, add identity admin api * Code refactor, comment in kratos config
erda-bot
added a commit
that referenced
this pull request
Sep 23, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of this PR
feature
What this PR does / why we need it:
the first step in replacing uc component
Specified Reviewers:
/assign @Effet