greenpau
diff --git a/‎Makefile
+3-2 b/‎Makefile
+3-2
diff --git a/‎config.go
+38-5 b/‎config.go
+38-5
diff --git a/‎config_test.go
-28 b/‎config_test.go
-28
diff --git a/‎internal/tag/tag_test.go
+12-7 b/‎internal/tag/tag_test.go
+12-7
diff --git a/‎pkg/authn/config.go
+2-63 b/‎pkg/authn/config.go
+2-63
@@ -79,10 +79,11 @@ clean:
 	@rm -rf bin/
 	@echo "$@: complete"
 
-qtest:
+qtest: covdir
 	@echo "Perform quick tests ..."
 	@#time richgo test $(VERBOSE) $(TEST) -coverprofile=.coverage/coverage.out -run TestNewConfig ./*.go
-	@time richgo test $(VERBOSE) $(TEST) -coverprofile=.coverage/coverage.out -run TestNewServer ./*.go
+	@#time richgo test $(VERBOSE) $(TEST) -coverprofile=.coverage/coverage.out -run TestNewServer ./*.go
+	@time richgo test $(VERBOSE) $(TEST) -coverprofile=.coverage/coverage.out ./pkg/registry/...
 	@#time richgo test -v -coverprofile=.coverage/coverage.out internal/tag/*.go
 	@### time richgo test $(VERBOSE) $(TEST) -coverprofile=.coverage/coverage.out -run TestAuthorize ./pkg/authz/validator/...
 	@#time richgo test $(VERBOSE) $(TEST) -coverprofile=.coverage/coverage.out  -run TestAddProviders ./pkg/messaging/...
 
@@ -23,18 +23,20 @@ import (
 	"github.com/greenpau/go-authcrunch/pkg/idp"
 	"github.com/greenpau/go-authcrunch/pkg/ids"
 	"github.com/greenpau/go-authcrunch/pkg/messaging"
+	"github.com/greenpau/go-authcrunch/pkg/registry"
 )
 
 // Config is a configuration of Server.
 type Config struct {
 	Credentials               *credentials.Config           `json:"credentials,omitempty" xml:"credentials,omitempty" yaml:"credentials,omitempty"`
+	Messaging                 *messaging.Config             `json:"messaging,omitempty" xml:"messaging,omitempty" yaml:"messaging,omitempty"`
 	AuthenticationPortals     []*authn.PortalConfig         `json:"authentication_portals,omitempty" xml:"authentication_portals,omitempty" yaml:"authentication_portals,omitempty"`
 	AuthorizationPolicies     []*authz.PolicyConfig         `json:"authorization_policies,omitempty" xml:"authorization_policies,omitempty" yaml:"authorization_policies,omitempty"`
-	Messaging                 *messaging.Config             `json:"messaging,omitempty" xml:"messaging,omitempty" yaml:"messaging,omitempty"`
 	IdentityStores            []*ids.IdentityStoreConfig    `json:"identity_stores,omitempty" xml:"identity_stores,omitempty" yaml:"identity_stores,omitempty"`
 	IdentityProviders         []*idp.IdentityProviderConfig `json:"identity_providers,omitempty" xml:"identity_providers,omitempty" yaml:"identity_providers,omitempty"`
 	disabledIdentityStores    map[string]interface{}
 	disabledIdentityProviders map[string]interface{}
+	UserRegistries            []*registry.UserRegistryConfig `json:"user_registries,omitempty" xml:"user_registries,omitempty" yaml:"user_registries,omitempty"`
 }
 
 // NewConfig returns an instance of Config.
@@ -102,13 +104,31 @@ func (cfg *Config) Validate() error {
 		return fmt.Errorf("no portals and gatekeepers found")
 	}
 
-	for _, portalCfg := range cfg.AuthenticationPortals {
-		portalCfg.SetCredentials(cfg.Credentials)
-		portalCfg.SetMessaging(cfg.Messaging)
-		if err := portalCfg.ValidateCredentials(); err != nil {
+	identityStoreUserRegistry := make(map[string]string)
+	for _, userRegistry := range cfg.UserRegistries {
+		userRegistry.SetCredentials(cfg.Credentials)
+		userRegistry.SetMessaging(cfg.Messaging)
+		if err := userRegistry.ValidateMessaging(); err != nil {
 			return err
 		}
+		var identityStoreFound bool
+		for _, identityStore := range cfg.IdentityStores {
+			if identityStore.Name == userRegistry.IdentityStore {
+				identityStoreFound = true
+				identityStoreUserRegistry[identityStore.Name] = userRegistry.IdentityStore
+				break
+			}
+		}
+		if !identityStoreFound {
+			return fmt.Errorf(
+				"identity store %q referenced in %q user registry not found",
+				userRegistry.IdentityStore, userRegistry.Name,
+			)
+		}
+	}
 
+	// Validate auth portal configurations.
+	for _, portalCfg := range cfg.AuthenticationPortals {
 		// If there are no excplicitly specified identity stores and providers in a portal, add all of them.
 		if len(portalCfg.IdentityStores) == 0 && len(portalCfg.IdentityProviders) == 0 {
 			for _, entry := range cfg.IdentityStores {
@@ -165,6 +185,10 @@ func (cfg *Config) Validate() error {
 				authByName[storeName] = "identity store in " + realmName + " realm"
 			}
 
+			// Add regustry store if configured.
+			if v, exists := identityStoreUserRegistry[storeName]; exists {
+				portalCfg.UserRegistries = append(portalCfg.UserRegistries, v)
+			}
 		}
 
 		// Filter out disabled identity store names.
@@ -259,3 +283,12 @@ func (cfg *Config) filterDisabledIdentityProviders(arr []string) []string {
 	}
 	return output
 }
+
+// AddUserRegistry adds a user registry configuration.
+func (cfg *Config) AddUserRegistry(r *registry.UserRegistryConfig) error {
+	if err := r.Validate(); err != nil {
+		return err
+	}
+	cfg.UserRegistries = append(cfg.UserRegistries, r)
+	return nil
+}
@@ -20,7 +20,6 @@ import (
 	"github.com/greenpau/go-authcrunch/internal/testutils"
 	"github.com/greenpau/go-authcrunch/pkg/acl"
 	"github.com/greenpau/go-authcrunch/pkg/authn"
-	"github.com/greenpau/go-authcrunch/pkg/authn/registration"
 	"github.com/greenpau/go-authcrunch/pkg/authz"
 	"github.com/greenpau/go-authcrunch/pkg/credentials"
 	"github.com/greenpau/go-authcrunch/pkg/errors"
@@ -226,33 +225,6 @@ func TestNewConfig(t *testing.T) {
 			errPhase:  "AddAuthorizationPolicy",
 			err:       errors.ErrInvalidConfiguration.WithArgs("mygatekeeper", "access list rule config not found"),
 		},
-		{
-			name: "test local auth config with invalid credentials",
-			identityStores: []*ids.IdentityStoreConfig{
-				{
-					Name: "localdb",
-					Kind: "local",
-					Params: map[string]interface{}{
-						"realm": "local",
-						"path":  dbPath,
-					},
-				},
-			},
-			portals: []*authn.PortalConfig{
-				{
-					Name: "myportal",
-					IdentityStores: []string{
-						"localdb",
-					},
-					UserRegistrationConfig: &registration.Config{
-						EmailProvider: "default",
-					},
-				},
-			},
-			shouldErr: true,
-			errPhase:  "Validate",
-			err:       errors.ErrPortalConfigMessagingNil,
-		},
 		{
 			name: "test valid local auth config",
 			credentials: []credentials.Credential{
 
@@ -24,7 +24,6 @@ import (
 	"github.com/greenpau/go-authcrunch/pkg/authn"
 	authncache "github.com/greenpau/go-authcrunch/pkg/authn/cache"
 	"github.com/greenpau/go-authcrunch/pkg/authn/cookie"
-	"github.com/greenpau/go-authcrunch/pkg/authn/registration"
 	"github.com/greenpau/go-authcrunch/pkg/authn/transformer"
 	"github.com/greenpau/go-authcrunch/pkg/authn/ui"
 	"github.com/greenpau/go-authcrunch/pkg/authproxy"
@@ -45,6 +44,7 @@ import (
 	"github.com/greenpau/go-authcrunch/pkg/ids/local"
 	"github.com/greenpau/go-authcrunch/pkg/kms"
 	"github.com/greenpau/go-authcrunch/pkg/messaging"
+	"github.com/greenpau/go-authcrunch/pkg/registry"
 	"github.com/greenpau/go-authcrunch/pkg/requests"
 	"github.com/greenpau/go-authcrunch/pkg/user"
 	"github.com/greenpau/go-authcrunch/pkg/util"
@@ -65,6 +65,11 @@ func TestTagCompliance(t *testing.T) {
 		shouldErr bool
 		err       error
 	}{
+		{
+			name:  "test registry.LocaUserRegistry struct",
+			entry: &registry.LocaUserRegistry{},
+			opts:  &Options{},
+		},
 		{
 			name:  "test messaging.FileProvider struct",
 			entry: &messaging.FileProvider{},
@@ -111,13 +116,13 @@ func TestTagCompliance(t *testing.T) {
 			opts:  &Options{},
 		},
 		{
-			name:  "test cache.RegistrationCache struct",
-			entry: &authncache.RegistrationCache{},
+			name:  "test registry.RegistrationCache struct",
+			entry: &registry.RegistrationCache{},
 			opts:  &Options{},
 		},
 		{
-			name:  "test cache.RegistrationCacheEntry struct",
-			entry: &authncache.RegistrationCacheEntry{},
+			name:  "test registry.RegistrationCacheEntry struct",
+			entry: &registry.RegistrationCacheEntry{},
 			opts:  &Options{},
 		},
 		{
@@ -442,8 +447,8 @@ func TestTagCompliance(t *testing.T) {
 			opts:  &Options{},
 		},
 		{
-			name:  "test registration.Config struct",
-			entry: &registration.Config{},
+			name:  "test registry.UserRegistryConfig struct",
+			entry: &registry.UserRegistryConfig{},
 			opts: &Options{
 				AllowFieldMismatch: true,
 				AllowedFields: map[string]interface{}{
 
@@ -15,22 +15,14 @@
 package authn
 
 import (
-	// "time"
-
 	"github.com/greenpau/go-authcrunch/pkg/acl"
-	// "github.com/greenpau/go-authcrunch/pkg/authn/cache"
 	"github.com/greenpau/go-authcrunch/pkg/authn/cookie"
-	"github.com/greenpau/go-authcrunch/pkg/authn/registration"
 	"github.com/greenpau/go-authcrunch/pkg/authn/transformer"
 	"github.com/greenpau/go-authcrunch/pkg/authn/ui"
 	"github.com/greenpau/go-authcrunch/pkg/authz/options"
-	// "github.com/greenpau/go-authcrunch/pkg/authz/validator"
-	"github.com/greenpau/go-authcrunch/pkg/credentials"
 	"github.com/greenpau/go-authcrunch/pkg/errors"
 	"github.com/greenpau/go-authcrunch/pkg/kms"
-	"github.com/greenpau/go-authcrunch/pkg/messaging"
 	cfgutil "github.com/greenpau/go-authcrunch/pkg/util/cfg"
-	// "go.uber.org/zap"
 	"strings"
 )
 
@@ -39,8 +31,6 @@ type PortalConfig struct {
 	Name string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
 	// UI holds the configuration for the user interface.
 	UI *ui.Parameters `json:"ui,omitempty" xml:"ui,omitempty" yaml:"ui,omitempty"`
-	// UserRegistrationConfig holds the configuration for the user registration.
-	UserRegistrationConfig *registration.Config `json:"user_registration_config,omitempty" xml:"user_registration_config,omitempty" yaml:"user_registration_config,omitempty"`
 	// UserTransformerConfig holds the configuration for the user transformer.
 	UserTransformerConfigs []*transformer.Config `json:"user_transformer_configs,omitempty" xml:"user_transformer_configs,omitempty" yaml:"user_transformer_configs,omitempty"`
 	// CookieConfig holds the configuration for the cookies issues by Authenticator.
@@ -49,6 +39,8 @@ type PortalConfig struct {
 	IdentityStores []string `json:"identity_stores,omitempty" xml:"identity_stores,omitempty" yaml:"identity_stores,omitempty"`
 	// The names of identity providers.
 	IdentityProviders []string `json:"identity_providers,omitempty" xml:"identity_providers,omitempty" yaml:"identity_providers,omitempty"`
+	// The names of user registries.
+	UserRegistries []string `json:"user_registries,omitempty" xml:"user_registries,omitempty" yaml:"user_registries,omitempty"`
 	// AccessListConfigs hold the configurations for the ACL of the token validator.
 	AccessListConfigs []*acl.RuleConfiguration `json:"access_list_configs,omitempty" xml:"access_list_configs,omitempty" yaml:"access_list_configs,omitempty"`
 	// TokenValidatorOptions holds the configuration for the token validator.
@@ -68,11 +60,6 @@ type PortalConfig struct {
 
 	// Indicated that the config was successfully validated.
 	validated bool
-
-	// Shared credentials.
-	credentials *credentials.Config `json:"credentials,omitempty" xml:"credentials,omitempty" yaml:"credentials,omitempty"`
-	// Shared messaging.
-	messaging *messaging.Config `json:"messaging,omitempty" xml:"messaging,omitempty" yaml:"messaging,omitempty"`
 }
 
 // AddRawCryptoConfigs adds raw crypto configs.
@@ -123,54 +110,6 @@ func (cfg *PortalConfig) parseRawCryptoConfigs() error {
 	return nil
 }
 
-// SetCredentials binds to shared credentials.
-func (cfg *PortalConfig) SetCredentials(c *credentials.Config) {
-	cfg.credentials = c
-	return
-}
-
-// SetMessaging binds to messaging config.
-func (cfg *PortalConfig) SetMessaging(c *messaging.Config) {
-	cfg.messaging = c
-	return
-}
-
-// ValidateCredentials validates messaging provider and credentials used for
-// the user registration.
-func (cfg *PortalConfig) ValidateCredentials() error {
-	if cfg.UserRegistrationConfig == nil {
-		return nil
-	}
-
-	if cfg.UserRegistrationConfig.EmailProvider == "" {
-		return nil
-	}
-
-	if cfg.messaging == nil {
-		return errors.ErrPortalConfigMessagingNil
-	}
-	if found := cfg.messaging.FindProvider(cfg.UserRegistrationConfig.EmailProvider); !found {
-		return errors.ErrPortalConfigMessagingProviderNotFound.WithArgs(cfg.UserRegistrationConfig.EmailProvider)
-	}
-	providerCreds := cfg.messaging.FindProviderCredentials(cfg.UserRegistrationConfig.EmailProvider)
-	if providerCreds == "" {
-		return errors.ErrPortalConfigMessagingProviderCredentialsNotFound.WithArgs(cfg.UserRegistrationConfig.EmailProvider)
-	}
-	if providerCreds != "passwordless" {
-		if cfg.credentials == nil {
-			return errors.ErrPortalConfigCredentialsNil
-		}
-		if found := cfg.credentials.FindCredential(providerCreds); !found {
-			return errors.ErrPortalConfigCredentialsNotFound.WithArgs(providerCreds)
-		}
-	}
-
-	if len(cfg.UserRegistrationConfig.AdminEmails) < 1 {
-		return errors.ErrPortalConfigAdminEmailNotFound
-	}
-	return nil
-}
-
 // Validate validates PortalConfig.
 func (cfg *PortalConfig) Validate() error {
 	if cfg.validated {