Auth: Remove types from SSOSettings struct in SSO service (#79459)

* replace SSOSettings with SSOSettingsDTO * fix database tests * fix oauth strategy * fix sso settings service tests * add secrets encryption on update * rename SSOSettingsDTO to SSOSettings * remove extraKeys from strategy * change back settings type from createOAuthConnector to OAuthInfo * do not parse multi-value fields in oauth strategy
2023-12-15 16:00:52 +02:00
parent 09445e0ecc
commit 15d8a1f94d
14 changed files with 330 additions and 448 deletions
@@ -9,7 +9,6 @@ import (
 	"github.com/stretchr/testify/require"

 	"github.com/grafana/grafana/pkg/infra/db"
-	"github.com/grafana/grafana/pkg/login/social"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/services/ssosettings"
 	"github.com/grafana/grafana/pkg/services/ssosettings/models"
@@ -28,9 +27,7 @@ func TestIntegrationGetSSOSettings(t *testing.T) {
 		ssoSettingsStore = ProvideStore(sqlStore)

 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled: true,
-			},
+			Settings: map[string]any{"enabled": true},
 		}
 		err := populateSSOSettings(sqlStore, template, "azuread")
 		require.NoError(t, err)
@@ -40,14 +37,14 @@ func TestIntegrationGetSSOSettings(t *testing.T) {
 		setup()

 		expected := &models.SSOSettings{
-			Provider:      "azuread",
-			OAuthSettings: &social.OAuthInfo{Enabled: true},
+			Provider: "azuread",
+			Settings: map[string]any{"enabled": true},
 		}

 		actual, err := ssoSettingsStore.Get(context.Background(), "azuread")
 		require.NoError(t, err)

-		require.Equal(t, expected.OAuthSettings, actual.OAuthSettings)
+		require.EqualValues(t, expected.Settings, actual.Settings)
 	})

 	t.Run("returns not found if the SSO setting is missing for the specified provider", func(t *testing.T) {
@@ -88,9 +85,9 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		settings := models.SSOSettings{
 			Provider: "azuread",
-			OAuthSettings: &social.OAuthInfo{
-				Enabled:  true,
-				ClientId: "azuread-client",
+			Settings: map[string]any{
+				"enabled":   true,
+				"client_id": "azuread-client",
 			},
 		}

@@ -99,7 +96,7 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		actual, err := getSSOSettingsByProvider(sqlStore, settings.Provider, false)
 		require.NoError(t, err)
-		require.EqualValues(t, settings.OAuthSettings, actual.OAuthSettings)
+		require.EqualValues(t, settings.Settings, actual.Settings)
 		require.NotEmpty(t, actual.ID)
 		require.Equal(t, formatTime(timeNow().UTC()), formatTime(actual.Created))
 		require.Equal(t, formatTime(timeNow().UTC()), formatTime(actual.Updated))
@@ -118,10 +115,10 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		provider := "github"
 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled:      true,
-				ClientId:     "github-client",
-				ClientSecret: "this-is-a-secret",
+			Settings: map[string]any{
+				"enabled":       true,
+				"client_id":     "github-client",
+				"client_secret": "this-is-a-secret",
 			},
 		}
 		err := populateSSOSettings(sqlStore, template, provider)
@@ -129,10 +126,10 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		newSettings := models.SSOSettings{
 			Provider: provider,
-			OAuthSettings: &social.OAuthInfo{
-				Enabled:      true,
-				ClientId:     "new-github-client",
-				ClientSecret: "this-is-a-new-secret",
+			Settings: map[string]any{
+				"enabled":       true,
+				"client_id":     "new-github-client",
+				"client_secret": "this-is-a-new-secret",
 			},
 		}
 		err = ssoSettingsStore.Upsert(context.Background(), newSettings)
@@ -140,7 +137,7 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		actual, err := getSSOSettingsByProvider(sqlStore, provider, false)
 		require.NoError(t, err)
-		require.Equal(t, newSettings.OAuthSettings, actual.OAuthSettings)
+		require.EqualValues(t, newSettings.Settings, actual.Settings)
 		require.Equal(t, formatTime(timeNow().UTC()), formatTime(actual.Updated))

 		deleted, notDeleted, err := getSSOSettingsCountByDeleted(sqlStore)
@@ -157,10 +154,10 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		provider := "azuread"
 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled:      true,
-				ClientId:     "azuread-client",
-				ClientSecret: "this-is-a-secret",
+			Settings: map[string]any{
+				"enabled":       true,
+				"client_id":     "azuread-client",
+				"client_secret": "this-is-a-secret",
 			},
 			IsDeleted: true,
 		}
@@ -169,10 +166,10 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		newSettings := models.SSOSettings{
 			Provider: provider,
-			OAuthSettings: &social.OAuthInfo{
-				Enabled:      true,
-				ClientId:     "new-azuread-client",
-				ClientSecret: "this-is-a-new-secret",
+			Settings: map[string]any{
+				"enabled":       true,
+				"client_id":     "new-azuread-client",
+				"client_secret": "this-is-a-new-secret",
 			},
 		}

@@ -181,13 +178,13 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		actual, err := getSSOSettingsByProvider(sqlStore, provider, false)
 		require.NoError(t, err)
-		require.Equal(t, newSettings.OAuthSettings, actual.OAuthSettings)
+		require.EqualValues(t, newSettings.Settings, actual.Settings)
 		require.Equal(t, formatTime(timeNow().UTC()), formatTime(actual.Created))
 		require.Equal(t, formatTime(timeNow().UTC()), formatTime(actual.Updated))

 		old, err := getSSOSettingsByProvider(sqlStore, provider, true)
 		require.NoError(t, err)
-		require.Equal(t, template.OAuthSettings, old.OAuthSettings)
+		require.EqualValues(t, template.Settings, old.Settings)
 	})

 	t.Run("replaces the settings only for the specified provider leaving the other provider's settings unchanged", func(t *testing.T) {
@@ -198,10 +195,10 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		providers := []string{"github", "gitlab", "google"}
 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled:      true,
-				ClientId:     "my-client",
-				ClientSecret: "this-is-a-secret",
+			Settings: map[string]any{
+				"enabled":       true,
+				"client_id":     "my-client",
+				"client_secret": "this-is-a-secret",
 			},
 		}
 		err := populateSSOSettings(sqlStore, template, providers...)
@@ -209,10 +206,10 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		newSettings := models.SSOSettings{
 			Provider: providers[0],
-			OAuthSettings: &social.OAuthInfo{
-				Enabled:      true,
-				ClientId:     "my-new-client",
-				ClientSecret: "this-is-my-new-secret",
+			Settings: map[string]any{
+				"enabled":       true,
+				"client_id":     "my-new-client",
+				"client_secret": "this-is-my-new-secret",
 			},
 		}
 		err = ssoSettingsStore.Upsert(context.Background(), newSettings)
@@ -220,13 +217,13 @@ func TestIntegrationUpsertSSOSettings(t *testing.T) {

 		actual, err := getSSOSettingsByProvider(sqlStore, providers[0], false)
 		require.NoError(t, err)
-		require.Equal(t, newSettings.OAuthSettings, actual.OAuthSettings)
+		require.EqualValues(t, newSettings.Settings, actual.Settings)
 		require.Equal(t, formatTime(timeNow().UTC()), formatTime(actual.Updated))

 		for index := 1; index < len(providers); index++ {
 			existing, err := getSSOSettingsByProvider(sqlStore, providers[index], false)
 			require.NoError(t, err)
-			require.EqualValues(t, template.OAuthSettings, existing.OAuthSettings)
+			require.EqualValues(t, template.Settings, existing.Settings)
 		}
 	})
 }
@@ -244,16 +241,16 @@ func TestIntegrationListSSOSettings(t *testing.T) {
 		ssoSettingsStore = ProvideStore(sqlStore)

 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled: true,
+			Settings: map[string]any{
+				"enabled": true,
 			},
 		}
 		err := populateSSOSettings(sqlStore, template, "azuread")
 		require.NoError(t, err)

 		template = models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled: false,
+			Settings: map[string]any{
+				"enabled": true,
 			},
 		}
 		err = populateSSOSettings(sqlStore, template, "okta")
@@ -288,8 +285,8 @@ func TestIntegrationDeleteSSOSettings(t *testing.T) {

 		providers := []string{"azuread", "github", "google"}
 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled: true,
+			Settings: map[string]any{
+				"enabled": true,
 			},
 		}
 		err := populateSSOSettings(sqlStore, template, providers...)
@@ -310,8 +307,8 @@ func TestIntegrationDeleteSSOSettings(t *testing.T) {
 		providers := []string{"github", "google", "okta"}
 		invalidProvider := "azuread"
 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled: true,
+			Settings: map[string]any{
+				"enabled": true,
 			},
 		}
 		err := populateSSOSettings(sqlStore, template, providers...)
@@ -332,8 +329,8 @@ func TestIntegrationDeleteSSOSettings(t *testing.T) {

 		providers := []string{"azuread", "github", "google"}
 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled: true,
+			Settings: map[string]any{
+				"enabled": true,
 			},
 			IsDeleted: true,
 		}
@@ -355,8 +352,8 @@ func TestIntegrationDeleteSSOSettings(t *testing.T) {

 		provider := "azuread"
 		template := models.SSOSettings{
-			OAuthSettings: &social.OAuthInfo{
-				Enabled: true,
+			Settings: map[string]any{
+				"enabled": true,
 			},
 		}
 		// insert sso for the same provider 2 times in the database
@@ -378,16 +375,15 @@ func TestIntegrationDeleteSSOSettings(t *testing.T) {
 func populateSSOSettings(sqlStore *sqlstore.SQLStore, template models.SSOSettings, providers ...string) error {
 	return sqlStore.WithDbSession(context.Background(), func(sess *db.Session) error {
 		for _, provider := range providers {
-			template.Provider = provider
-			template.ID = uuid.New().String()
-			template.Created = timeNow().UTC()
-
-			dto, err := template.ToSSOSettingsDTO()
-			if err != nil {
-				return err
+			settings := models.SSOSettings{
+				ID:        uuid.New().String(),
+				Provider:  provider,
+				Settings:  template.Settings,
+				Created:   timeNow().UTC(),
+				IsDeleted: template.IsDeleted,
 			}

-			_, err = sess.Insert(dto)
+			_, err := sess.Insert(settings)
 			if err != nil {
 				return err
 			}
@@ -410,7 +406,7 @@ func getSSOSettingsCountByDeleted(sqlStore *sqlstore.SQLStore) (deleted, notDele
 }

 func getSSOSettingsByProvider(sqlStore *sqlstore.SQLStore, provider string, deleted bool) (*models.SSOSettings, error) {
-	var model models.SSOSettingsDTO
+	var model models.SSOSettings
 	var err error

 	err = sqlStore.WithDbSession(context.Background(), func(sess *db.Session) error {
@@ -422,12 +418,7 @@ func getSSOSettingsByProvider(sqlStore *sqlstore.SQLStore, provider string, dele
 		return nil, err
 	}

-	settings, err := model.ToSSOSettings()
-	if err != nil {
-		return nil, err
-	}
-
-	return settings, err
+	return &model, err
 }

 func mockTimeNow(timeSeed time.Time) {