From e4905340c40f505da5b3d065872a5ba5e0110ca4 Mon Sep 17 00:00:00 2001
From: Matthias Stone <matthias@bellstone.ca>
Date: Wed, 3 Jan 2024 18:47:50 -0700
Subject: [PATCH 1/3] Allow configuring multiple OAuth clients in the same
 realm

* Allows configuration of OAuth clients from a given identity provider to be independent
* Does not allow an authentication portal to use multiple clients for a given identity provider
---
 assets/cla/consent.yaml |  2 ++
 server.go               | 10 ----------
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/assets/cla/consent.yaml b/assets/cla/consent.yaml
index cf3edf6..e466e71 100644
--- a/assets/cla/consent.yaml
+++ b/assets/cla/consent.yaml
@@ -43,4 +43,6 @@
   email: Michael94Ellis@gmail.com
 - name: Peter Oettig
   email: oss-cla@oettig.de
+- name: Matthias Stone
+  email: matthias@bellstone.ca
 
diff --git a/server.go b/server.go
index 8b7c484..467ebc2 100644
--- a/server.go
+++ b/server.go
@@ -48,7 +48,6 @@ type Server struct {
 	ssoProviders      []sso.SingleSignOnProvider
 	userRegistries    []registry.UserRegistry
 	nameRefs          refMap
-	realmRefs         refMap
 	logger            *zap.Logger
 }
 
@@ -74,7 +73,6 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
 		config:    config,
 		logger:    logger,
 		nameRefs:  newRefMap(),
-		realmRefs: newRefMap(),
 	}
 
 	for _, cfg := range config.IdentityProviders {
@@ -85,14 +83,10 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
 		if _, exists := srv.nameRefs.identityProviders[provider.GetName()]; exists {
 			return nil, errors.ErrNewServer.WithArgs("duplicate identity provider name", provider.GetName())
 		}
-		if _, exists := srv.realmRefs.identityProviders[provider.GetRealm()]; exists {
-			return nil, errors.ErrNewServer.WithArgs("duplicate identity provider realm", provider.GetRealm())
-		}
 		if err := provider.Configure(); err != nil {
 			return nil, errors.ErrNewServer.WithArgs("failed configuring identity provider", err)
 		}
 		srv.nameRefs.identityProviders[provider.GetName()] = provider
-		srv.realmRefs.identityProviders[provider.GetRealm()] = provider
 		srv.identityProviders = append(srv.identityProviders, provider)
 	}
 
@@ -104,14 +98,10 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
 		if _, exists := srv.nameRefs.identityStores[store.GetName()]; exists {
 			return nil, errors.ErrNewServer.WithArgs("duplicate identity store name", store.GetName())
 		}
-		if _, exists := srv.realmRefs.identityStores[store.GetRealm()]; exists {
-			return nil, errors.ErrNewServer.WithArgs("duplicate identity store realm", store.GetRealm())
-		}
 		if err := store.Configure(); err != nil {
 			return nil, errors.ErrNewServer.WithArgs("failed configuring identity store", err)
 		}
 		srv.nameRefs.identityStores[store.GetName()] = store
-		srv.realmRefs.identityStores[store.GetRealm()] = store
 		srv.identityStores = append(srv.identityStores, store)
 	}
 

From 46e525f83bdc6ce5262ae878f6add7a93d8e2cc9 Mon Sep 17 00:00:00 2001
From: Matthias Stone <matthias@bellstone.ca>
Date: Mon, 18 Mar 2024 12:10:02 -0600
Subject: [PATCH 2/3] Add test for multiple portals using the same realm

---
 config_test.go | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/config_test.go b/config_test.go
index 7e1d4d0..8ea5312 100644
--- a/config_test.go
+++ b/config_test.go
@@ -299,6 +299,41 @@ func TestNewConfig(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "test valid config whan multiple portals have same realm from different identity stores",
+			identityStores: []*ids.IdentityStoreConfig{
+				{
+					Name: "localdb1",
+					Kind: "local",
+					Params: map[string]interface{}{
+						"realm": "local",
+						"path":  filepath.Join(path.Dir(dbPath), "user_db1.json"),
+					},
+				},
+				{
+					Name: "localdb2",
+					Kind: "local",
+					Params: map[string]interface{}{
+						"realm": "local",
+						"path":  filepath.Join(path.Dir(dbPath), "user_db2.json"),
+					},
+				},
+			},
+			portals: []*authn.PortalConfig{
+				{
+					Name: "myportal1",
+					IdentityStores: []string{
+						"localdb1",
+					},
+				},
+				{
+					Name: "myportal2",
+					IdentityStores: []string{
+						"localdb2",
+					},
+				},
+			},
+		},
 	}
 
 	for _, tc := range testcases {

From dc423ba5c3688bcbcbc859169a3ac4222b0b3430 Mon Sep 17 00:00:00 2001
From: Matthias Stone <matthias@bellstone.ca>
Date: Mon, 18 Mar 2024 12:10:38 -0600
Subject: [PATCH 3/3] Return error when validating nil configs

---
 config.go      | 4 ++++
 config_test.go | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/config.go b/config.go
index bc13cc7..2bb8b7a 100644
--- a/config.go
+++ b/config.go
@@ -112,6 +112,10 @@ func (cfg *Config) AddAuthorizationPolicy(p *authz.PolicyConfig) error {
 
 // Validate validates Config.
 func (cfg *Config) Validate() error {
+	if cfg == nil {
+		return fmt.Errorf("config is nil")
+	}
+
 	if len(cfg.AuthenticationPortals) < 1 && len(cfg.AuthorizationPolicies) < 1 {
 		return fmt.Errorf("no portals and gatekeepers found")
 	}
diff --git a/config_test.go b/config_test.go
index 8ea5312..233160a 100644
--- a/config_test.go
+++ b/config_test.go
@@ -396,3 +396,9 @@ func TestNewConfig(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateNilConfig(t *testing.T) {
+	var cfg *Config
+	err := cfg.Validate()
+	tests.EvalErrWithLog(t, err, "Validate", true, fmt.Errorf("config is nil"), nil)
+}