Merge branch 'master' into feat-limit-maximum-password-length

ory · Mar 13, 2024 · 707d38d · 707d38d
2 parents eb6615a + bdf992e
commit 707d38d
Show file tree

Hide file tree

Showing 16 changed files with 261 additions and 77 deletions.
diff --git a/.gitignore b/.gitignore
@@ -20,6 +20,8 @@ heap_profiler/
 goroutine_dump/
 inflight_trace_dump/
 
+contrib/quickstart/kratos/oidc
+
 e2e/*.log
 e2e/kratos.*.yml
 e2e/proxy.json

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,13 +5,14 @@
 
 **Table of Contents**
 
-- [ (2024-03-08)](#2024-03-08)
-  - [Bug Fixes](#bug-fixes)
-  - [Features](#features)
-  - [Tests](#tests)
-  - [Unclassified](#unclassified)
-- [1.1.0 (2024-02-20)](#110-2024-02-20)
+- [ (2024-03-12)](#2024-03-12)
   - [Breaking Changes](#breaking-changes)
+    - [Bug Fixes](#bug-fixes)
+    - [Features](#features)
+    - [Tests](#tests)
+    - [Unclassified](#unclassified)
+- [1.1.0 (2024-02-20)](#110-2024-02-20)
+  - [Breaking Changes](#breaking-changes-1)
     - [Bug Fixes](#bug-fixes-1)
     - [Code Generation](#code-generation)
     - [Documentation](#documentation)
@@ -27,7 +28,7 @@
   - [Tests](#tests-2)
   - [Unclassified](#unclassified-2)
 - [0.13.0 (2023-04-18)](#0130-2023-04-18)
-  - [Breaking Changes](#breaking-changes-1)
+  - [Breaking Changes](#breaking-changes-2)
     - [Bug Fixes](#bug-fixes-3)
     - [Code Generation](#code-generation-2)
     - [Code Refactoring](#code-refactoring)
@@ -36,7 +37,7 @@
     - [Tests](#tests-3)
     - [Unclassified](#unclassified-3)
 - [0.11.1 (2023-01-14)](#0111-2023-01-14)
-  - [Breaking Changes](#breaking-changes-2)
+  - [Breaking Changes](#breaking-changes-3)
     - [Bug Fixes](#bug-fixes-4)
     - [Code Generation](#code-generation-3)
     - [Documentation](#documentation-3)
@@ -46,7 +47,7 @@
   - [Code Generation](#code-generation-4)
   - [Features](#features-5)
 - [0.11.0-alpha.0.pre.2 (2022-11-28)](#0110-alpha0pre2-2022-11-28)
-  - [Breaking Changes](#breaking-changes-3)
+  - [Breaking Changes](#breaking-changes-4)
     - [Bug Fixes](#bug-fixes-5)
     - [Code Generation](#code-generation-5)
     - [Code Refactoring](#code-refactoring-1)
@@ -59,7 +60,7 @@
   - [Bug Fixes](#bug-fixes-6)
   - [Code Generation](#code-generation-6)
 - [0.10.0 (2022-05-30)](#0100-2022-05-30)
-  - [Breaking Changes](#breaking-changes-4)
+  - [Breaking Changes](#breaking-changes-5)
     - [Bug Fixes](#bug-fixes-7)
     - [Code Generation](#code-generation-7)
     - [Code Refactoring](#code-refactoring-2)
@@ -68,15 +69,15 @@
     - [Tests](#tests-6)
     - [Unclassified](#unclassified-5)
 - [0.9.0-alpha.3 (2022-03-25)](#090-alpha3-2022-03-25)
-  - [Breaking Changes](#breaking-changes-5)
+  - [Breaking Changes](#breaking-changes-6)
     - [Bug Fixes](#bug-fixes-8)
     - [Code Generation](#code-generation-8)
     - [Documentation](#documentation-6)
 - [0.9.0-alpha.2 (2022-03-22)](#090-alpha2-2022-03-22)
   - [Bug Fixes](#bug-fixes-9)
   - [Code Generation](#code-generation-9)
 - [0.9.0-alpha.1 (2022-03-21)](#090-alpha1-2022-03-21)
-  - [Breaking Changes](#breaking-changes-6)
+  - [Breaking Changes](#breaking-changes-7)
     - [Bug Fixes](#bug-fixes-10)
     - [Code Generation](#code-generation-10)
     - [Code Refactoring](#code-refactoring-3)
@@ -85,7 +86,7 @@
     - [Tests](#tests-7)
     - [Unclassified](#unclassified-6)
 - [0.8.3-alpha.1.pre.0 (2022-01-21)](#083-alpha1pre0-2022-01-21)
-  - [Breaking Changes](#breaking-changes-7)
+  - [Breaking Changes](#breaking-changes-8)
     - [Bug Fixes](#bug-fixes-11)
     - [Code Generation](#code-generation-11)
     - [Code Refactoring](#code-refactoring-4)
@@ -103,7 +104,7 @@
   - [Features](#features-10)
   - [Tests](#tests-9)
 - [0.8.0-alpha.4.pre.0 (2021-11-09)](#080-alpha4pre0-2021-11-09)
-  - [Breaking Changes](#breaking-changes-8)
+  - [Breaking Changes](#breaking-changes-9)
     - [Bug Fixes](#bug-fixes-14)
     - [Code Generation](#code-generation-14)
     - [Documentation](#documentation-11)
@@ -115,7 +116,7 @@
 - [0.8.0-alpha.2 (2021-10-28)](#080-alpha2-2021-10-28)
   - [Code Generation](#code-generation-16)
 - [0.8.0-alpha.1 (2021-10-27)](#080-alpha1-2021-10-27)
-  - [Breaking Changes](#breaking-changes-9)
+  - [Breaking Changes](#breaking-changes-10)
     - [Bug Fixes](#bug-fixes-16)
     - [Code Generation](#code-generation-17)
     - [Code Refactoring](#code-refactoring-5)
@@ -145,7 +146,7 @@
   - [Documentation](#documentation-15)
   - [Tests](#tests-13)
 - [0.7.0-alpha.1 (2021-07-13)](#070-alpha1-2021-07-13)
-  - [Breaking Changes](#breaking-changes-10)
+  - [Breaking Changes](#breaking-changes-11)
     - [Bug Fixes](#bug-fixes-20)
     - [Code Generation](#code-generation-23)
     - [Code Refactoring](#code-refactoring-6)
@@ -154,7 +155,7 @@
     - [Tests](#tests-14)
     - [Unclassified](#unclassified-8)
 - [0.6.3-alpha.1 (2021-05-17)](#063-alpha1-2021-05-17)
-  - [Breaking Changes](#breaking-changes-11)
+  - [Breaking Changes](#breaking-changes-12)
     - [Bug Fixes](#bug-fixes-21)
     - [Code Generation](#code-generation-24)
     - [Code Refactoring](#code-refactoring-7)
@@ -169,7 +170,7 @@
   - [Code Generation](#code-generation-27)
   - [Features](#features-17)
 - [0.6.0-alpha.1 (2021-05-05)](#060-alpha1-2021-05-05)
-  - [Breaking Changes](#breaking-changes-12)
+  - [Breaking Changes](#breaking-changes-13)
     - [Bug Fixes](#bug-fixes-23)
     - [Code Generation](#code-generation-28)
     - [Code Refactoring](#code-refactoring-8)
@@ -209,7 +210,7 @@
   - [Tests](#tests-19)
   - [Unclassified](#unclassified-11)
 - [0.5.0-alpha.1 (2020-10-15)](#050-alpha1-2020-10-15)
-  - [Breaking Changes](#breaking-changes-13)
+  - [Breaking Changes](#breaking-changes-14)
     - [Bug Fixes](#bug-fixes-29)
     - [Code Generation](#code-generation-34)
     - [Code Refactoring](#code-refactoring-10)
@@ -234,15 +235,15 @@
   - [Bug Fixes](#bug-fixes-34)
   - [Code Generation](#code-generation-39)
 - [0.4.0-alpha.1 (2020-07-08)](#040-alpha1-2020-07-08)
-  - [Breaking Changes](#breaking-changes-14)
+  - [Breaking Changes](#breaking-changes-15)
     - [Bug Fixes](#bug-fixes-35)
     - [Code Generation](#code-generation-40)
     - [Code Refactoring](#code-refactoring-11)
     - [Documentation](#documentation-26)
     - [Features](#features-24)
     - [Unclassified](#unclassified-13)
 - [0.3.0-alpha.1 (2020-05-15)](#030-alpha1-2020-05-15)
-  - [Breaking Changes](#breaking-changes-15)
+  - [Breaking Changes](#breaking-changes-16)
     - [Bug Fixes](#bug-fixes-36)
     - [Chores](#chores)
     - [Code Refactoring](#code-refactoring-12)
@@ -253,7 +254,7 @@
   - [Chores](#chores-1)
   - [Documentation](#documentation-28)
 - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04)
-  - [Breaking Changes](#breaking-changes-16)
+  - [Breaking Changes](#breaking-changes-17)
     - [Bug Fixes](#bug-fixes-37)
     - [Chores](#chores-2)
     - [Code Refactoring](#code-refactoring-13)
@@ -321,7 +322,15 @@
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
-# [](https://github.com/ory/kratos/compare/v1.1.0...v) (2024-03-08)
+# [](https://github.com/ory/kratos/compare/v1.1.0...v) (2024-03-12)
+
+## Breaking Changes
+
+This feature enables two-step registration per default. Two-step registration is
+a significantly improved sign up flow and recommended when using more than one
+sign up methods. To disable two-step registration, set
+`selfservice.flows.registration.enable_legacy_flow` to `true`. This value
+defaults to `false`.
 
 ### Bug Fixes
 
@@ -369,6 +378,16 @@
   ([930fb19](https://github.com/ory/kratos/commit/930fb19842e527e5e9c415efa983b36e02829516))
 - Control edge cache ttl ([#3808](https://github.com/ory/kratos/issues/3808))
   ([c9dcce5](https://github.com/ory/kratos/commit/c9dcce5a41137937df1aad7ac81170b443740f88))
+- Linkedin v2 provider ([#3804](https://github.com/ory/kratos/issues/3804))
+  ([a6ad983](https://github.com/ory/kratos/commit/a6ad983ac83aa3ea65c4dc0c46b582096574c25a)):
+
+  - feat: add linkedin-v2 provider
+
+  - docs: document linkedin special-case
+
+- PassKeys with Resident Keys and two-step registration
+  ([#3748](https://github.com/ory/kratos/issues/3748))
+  ([3621411](https://github.com/ory/kratos/commit/3621411dc4386d841bc6766a5ab8d03e65812073))
 - Send OIDC claim keys to tracing
   ([#3798](https://github.com/ory/kratos/issues/3798))
   ([04390be](https://github.com/ory/kratos/commit/04390bee426befe51af2ee8177afabaa9ce4fa80))

diff --git a/driver/config/config_test.go b/driver/config/config_test.go
@@ -15,7 +15,6 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
-	"sync"
 	"testing"
 	"time"
 
@@ -1043,35 +1042,23 @@ func TestIdentitySchemaValidation(t *testing.T) {
 				t.Cleanup(cancel)
 
 				_, hook, writeSchema := testWatch(t, ctx, &cobra.Command{}, identity)
-
-				var wg sync.WaitGroup
-				wg.Add(1)
-				go func() {
-					defer wg.Done()
-					// Change the identity config to an invalid file
-					writeSchema(invalidIdentity.Identity.Schemas)
-				}()
+				writeSchema(invalidIdentity.Identity.Schemas)
 
 				// There are a bunch of log messages beeing logged. We are looking for a specific one.
-				timeout := time.After(time.Millisecond * 500)
-				success := false
-				for !success {
+				for {
 					for _, v := range hook.AllEntries() {
 						s, err := v.String()
 						require.NoError(t, err)
-						success = success || strings.Contains(s, "The changed identity schema configuration is invalid and could not be loaded.")
+						if strings.Contains(s, "The changed identity schema configuration is invalid and could not be loaded.") {
+							return
+						}
 					}
-
 					select {
 					case <-ctx.Done():
 						t.Fatal("the test could not complete as the context timed out before the file watcher updated")
-					case <-timeout:
-						t.Fatal("Expected log line was not encountered within specified timeout")
 					default: // nothing
 					}
 				}
-
-				wg.Wait()
 			})
 		}
 	})

diff --git a/embedx/config.schema.json b/embedx/config.schema.json
@@ -436,6 +436,7 @@
             "dingtalk",
             "patreon",
             "linkedin",
+            "linkedin_v2",
             "lark",
             "x"
           ],

diff --git a/...ties_with_credentials-include_credential=oidc_should_include_OIDC_credentials_config.json b/...ties_with_credentials-include_credential=oidc_should_include_OIDC_credentials_config.json
@@ -0,0 +1 @@
+"{\"providers\":[{\"initial_id_token\":\"id_token0\",\"initial_access_token\":\"access_token0\",\"initial_refresh_token\":\"refresh_token0\",\"subject\":\"foo\",\"provider\":\"bar\",\"organization\":\"\"},{\"initial_id_token\":\"id_token1\",\"initial_access_token\":\"access_token1\",\"initial_refresh_token\":\"refresh_token1\",\"subject\":\"baz\",\"provider\":\"zab\",\"organization\":\"\"}]}"
diff --git a/identity/handler.go b/identity/handler.go
@@ -251,15 +251,15 @@ func (h *Handler) list(w http.ResponseWriter, r *http.Request, _ httprouter.Para
 	}
 
 	// Identities using the marshaler for including metadata_admin
-	isam := make([]WithCredentialsMetadataAndAdminMetadataInJSON, len(is))
+	isam := make([]WithCredentialsAndAdminMetadataInJSON, len(is))
 	for i, identity := range is {
 		emit, err := identity.WithDeclassifiedCredentials(r.Context(), h.r, params.DeclassifyCredentials)
 		if err != nil {
 			h.r.Writer().WriteError(w, r, err)
 			return
 		}
 
-		isam[i] = WithCredentialsMetadataAndAdminMetadataInJSON(*emit)
+		isam[i] = WithCredentialsAndAdminMetadataInJSON(*emit)
 	}
 
 	h.r.Writer().Write(w, r, isam)

diff --git a/identity/handler_test.go b/identity/handler_test.go
@@ -1348,11 +1348,15 @@ func TestHandler(t *testing.T) {
 	})
 
 	t.Run("case=should list all identities with credentials", func(t *testing.T) {
-		res := get(t, adminTS, "/identities?include_credential=totp", http.StatusOK)
-		assert.True(t, res.Get("0.credentials").Exists(), "credentials config should be included: %s", res.Raw)
-		assert.True(t, res.Get("0.metadata_public").Exists(), "metadata_public config should be included: %s", res.Raw)
-		assert.True(t, res.Get("0.metadata_admin").Exists(), "metadata_admin config should be included: %s", res.Raw)
-		assert.EqualValues(t, "baz", res.Get(`#(traits.bar=="baz").traits.bar`).String(), "%s", res.Raw)
+		t.Run("include_credential=oidc should include OIDC credentials config", func(t *testing.T) {
+			res := get(t, adminTS, "/identities?include_credential=oidc&credentials_identifier=bar:foo.oidc@bar.com", http.StatusOK)
+			assert.True(t, res.Get("0.credentials.oidc.config").Exists(), "credentials config should be included: %s", res.Raw)
+			snapshotx.SnapshotT(t, res.Get("0.credentials.oidc.config").String())
+		})
+		t.Run("include_credential=totp should not include OIDC credentials config", func(t *testing.T) {
+			res := get(t, adminTS, "/identities?include_credential=totp&credentials_identifier=bar:foo.oidc@bar.com", http.StatusOK)
+			assert.False(t, res.Get("0.credentials.oidc.config").Exists(), "credentials config should be included: %s", res.Raw)
+		})
 	})
 
 	t.Run("case=should not be able to list all identities with credentials due to wrong credentials type", func(t *testing.T) {

diff --git a/selfservice/strategy/oidc/provider.go b/selfservice/strategy/oidc/provider.go
@@ -5,8 +5,10 @@ package oidc
 
 import (
 	"context"
+	"encoding/json"
 	"net/http"
 	"net/url"
+	"strings"
 
 	"github.com/dghubble/oauth1"
 	"github.com/pkg/errors"
@@ -68,7 +70,7 @@ type Claims struct {
 	Gender              string                 `json:"gender,omitempty"`
 	Birthdate           string                 `json:"birthdate,omitempty"`
 	Zoneinfo            string                 `json:"zoneinfo,omitempty"`
-	Locale              string                 `json:"locale,omitempty"`
+	Locale              Locale                 `json:"locale,omitempty"`
 	PhoneNumber         string                 `json:"phone_number,omitempty"`
 	PhoneNumberVerified bool                   `json:"phone_number_verified,omitempty"`
 	UpdatedAt           int64                  `json:"updated_at,omitempty"`
@@ -79,6 +81,29 @@ type Claims struct {
 	RawClaims           map[string]interface{} `json:"raw_claims,omitempty"`
 }
 
+type Locale string
+
+func (l *Locale) UnmarshalJSON(data []byte) error {
+	var linkedInLocale struct {
+		Language string `json:"language"`
+		Country  string `json:"country"`
+	}
+	if err := json.Unmarshal(data, &linkedInLocale); err == nil {
+		switch {
+		case linkedInLocale.Language == "":
+			*l = Locale(linkedInLocale.Country)
+		case linkedInLocale.Country == "":
+			*l = Locale(linkedInLocale.Language)
+		default:
+			*l = Locale(strings.Join([]string{linkedInLocale.Language, linkedInLocale.Country}, "-"))
+		}
+
+		return nil
+	}
+
+	return json.Unmarshal(data, (*string)(l))
+}
+
 // Validate checks if the claims are valid.
 func (c *Claims) Validate() error {
 	if c.Subject == "" {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		"{\"providers\":[{\"initial_id_token\":\"id_token0\",\"initial_access_token\":\"access_token0\",\"initial_refresh_token\":\"refresh_token0\",\"subject\":\"foo\",\"provider\":\"bar\",\"organization\":\"\"},{\"initial_id_token\":\"id_token1\",\"initial_access_token\":\"access_token1\",\"initial_refresh_token\":\"refresh_token1\",\"subject\":\"baz\",\"provider\":\"zab\",\"organization\":\"\"}]}"