add include_credentials query param to /admin/identities list call

ory · Jun 28, 2023 · 1e1f74e · 1e1f74e
1 parent 1e65662
commit 1e1f74e
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 2 deletions.
diff --git a/identity/handler.go b/identity/handler.go
@@ -8,6 +8,7 @@ import (
 	"encoding/json"
 	"io"
 	"net/http"
+	"strconv"
 	"time"
 
 	"github.com/ory/x/pagination/migrationpagination"
@@ -137,6 +138,13 @@ type listIdentitiesParameters struct {
 	// required: false
 	// in: query
 	CredentialsIdentifier string `json:"credentials_identifier"`
+
+	// IncludeCredentials when set to true includes all of the identity's credentials.
+	//
+	// default: false
+	// required: false
+	// in: query
+	IncludeCredentials bool `json:"include_credentials"`
 }
 
 // swagger:route GET /admin/identities identity listIdentities
@@ -159,8 +167,13 @@ type listIdentitiesParameters struct {
 func (h *Handler) list(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	page, itemsPerPage := x.ParsePagination(r)
 
+	includeCredentials := false
+	if param, err := strconv.ParseBool(r.URL.Query().Get("include_credentials")); err == nil {
+		includeCredentials = param
+	}
+
 	params := ListIdentityParameters{Expand: ExpandDefault, Page: page, PerPage: itemsPerPage, CredentialsIdentifier: r.URL.Query().Get("credentials_identifier")}
-	if params.CredentialsIdentifier != "" {
+	if includeCredentials || params.CredentialsIdentifier != "" {
 		params.Expand = ExpandEverything
 	}
 

diff --git a/identity/handler_test.go b/identity/handler_test.go
@@ -1213,7 +1213,7 @@ func TestHandler(t *testing.T) {
 	})
 
 	t.Run("case=should list all identities", func(t *testing.T) {
-		for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} {
+		for name, ts := range map[string]*httptest.Server{"admin": adminTS} {
 			t.Run("endpoint="+name, func(t *testing.T) {
 				res := get(t, ts, "/identities", http.StatusOK)
 				assert.False(t, res.Get("0.credentials").Exists(), "credentials config should be omitted: %s", res.Raw)
@@ -1224,6 +1224,30 @@ func TestHandler(t *testing.T) {
 		}
 	})
 
+	t.Run("case=should list all identities without credentials", func(t *testing.T) {
+		for name, ts := range map[string]*httptest.Server{"admin": adminTS} {
+			t.Run("endpoint="+name, func(t *testing.T) {
+				res := get(t, ts, "/identities?include_credentials=false", http.StatusOK)
+				assert.False(t, res.Get("0.credentials").Exists(), "credentials config should be omitted: %s", res.Raw)
+				assert.True(t, res.Get("0.metadata_public").Exists(), "metadata_public config should be included: %s", res.Raw)
+				assert.True(t, res.Get("0.metadata_admin").Exists(), "metadata_admin config should be included: %s", res.Raw)
+				assert.EqualValues(t, "baz", res.Get(`#(traits.bar=="baz").traits.bar`).String(), "%s", res.Raw)
+			})
+		}
+	})
+
+	t.Run("case=should list all identities with credentials", func(t *testing.T) {
+		for name, ts := range map[string]*httptest.Server{"admin": adminTS} {
+			t.Run("endpoint="+name, func(t *testing.T) {
+				res := get(t, ts, "/identities?include_credentials=true", http.StatusOK)
+				assert.True(t, res.Get("0.credentials").Exists(), "credentials config should be included: %s", res.Raw)
+				assert.True(t, res.Get("0.metadata_public").Exists(), "metadata_public config should be included: %s", res.Raw)
+				assert.True(t, res.Get("0.metadata_admin").Exists(), "metadata_admin config should be included: %s", res.Raw)
+				assert.EqualValues(t, "baz", res.Get(`#(traits.bar=="baz").traits.bar`).String(), "%s", res.Raw)
+			})
+		}
+	})
+
 	t.Run("case=should not be able to update an identity that does not exist yet", func(t *testing.T) {
 		for name, ts := range map[string]*httptest.Server{"public": publicTS, "admin": adminTS} {
 			t.Run("endpoint="+name, func(t *testing.T) {

diff --git a/internal/client-go/api_identity.go b/internal/client-go/api_identity.go
diff --git a/internal/httpclient/api_identity.go b/internal/httpclient/api_identity.go
diff --git a/spec/api.json b/spec/api.json
@@ -3296,6 +3296,15 @@
             "schema": {
               "type": "string"
             }
+          },
+          {
+            "description": "IncludeCredentials when set to true includes all of the identity's credentials.",
+            "in": "query",
+            "name": "include_credentials",
+            "schema": {
+              "default": false,
+              "type": "boolean"
+            }
           }
         ],
         "responses": {

diff --git a/spec/swagger.json b/spec/swagger.json
@@ -209,6 +209,13 @@
             "description": "CredentialsIdentifier is the identifier (username, email) of the credentials to look up.",
             "name": "credentials_identifier",
             "in": "query"
+          },
+          {
+            "type": "boolean",
+            "default": false,
+            "description": "IncludeCredentials when set to true includes all of the identity's credentials.",
+            "name": "include_credentials",
+            "in": "query"
           }
         ],
         "responses": {