Commit graph

392 commits

Author SHA1 Message Date
Chris Swan
6589b2ecdd Documentation: clearer guidance on creating OAuth 2 client ID
Provides a more accurate walk through of the screens and menus of the Google
Developers Console encountered whilst creating a client ID.

Fixes #125

Signed-off-by: Chris Swan <@cpswan>
2015-09-28 10:51:02 +01:00
Joe Bowers
72fa4127d0 Merge pull request #137 from joeatwork/dont-create-users-with-bad-urls
api: don't create a user if you can't send them an email
2015-09-25 17:31:34 -07:00
Joe Bowers
fbbb3cc2df server: all authorizations fail for disabled users 2015-09-25 17:29:59 -07:00
Joe Bowers
ffabe03bc0 server: don't allow disabled users to access the api 2015-09-25 15:47:42 -07:00
Derek Parker
944bed6d2e Merge pull request #136 from derekparker/fix-compilation-issues
email/smtp: Fix type comparison error
2015-09-25 15:36:55 -07:00
Joe Bowers
f115015a3f api: don't create a user if you can't send them an email 2015-09-25 15:11:27 -07:00
Joe Bowers
60a36e2c2e server,db: flag for disabling user login 2015-09-25 14:25:06 -07:00
Derek Parker
20857d71e7 email/smtp: Fix type comparison error
Fixes #134
2015-09-25 12:49:57 -07:00
Joe Bowers
e8f347a738 Merge pull request #133 from joeatwork/stricter-url-endpoints
server: user management endpoints strictly conform to schema
2015-09-24 17:03:00 -07:00
Joe Bowers
4c9bab0890 server: user management endpoints strictly conform to schema
This change disables the URL fixing behavior or the router associated
with the user management schema. After this commit, URLS routing
to /api/$VERSION/users must target exactly the specified paths. In
addition, `/api/$VERSION/users/` will serve a 404

This change allows users to hit the user create endpoint, which
would previously serve a redirect rather than actually making the
associated change.
2015-09-24 16:41:29 -07:00
bobbyrullo
97041dbd90 Merge pull request #129 from ecnahc515/smtp_support
Add smtp support
2015-09-24 16:34:45 -07:00
Chance Zibolski
d154cad3f6 Documentation: Add how to setup email configuration 2015-09-24 15:01:06 -07:00
Chance Zibolski
b1e146b702 email: Remove unused ID field 2015-09-24 15:01:06 -07:00
Chance Zibolski
3e08bd6619 email: Add smtp emailer 2015-09-24 15:01:04 -07:00
Chance Zibolski
95cc72c218 godeps: Add gomail 2015-09-21 13:42:12 -07:00
bobbyrullo
825c3cf21b Merge pull request #128 from bobbyrullo/wait_on_connectors
cmd/dex-worker: wait 'til connectors are available
2015-09-18 17:28:26 -07:00
Bobby Rullo
510293a984 fixup 2015-09-18 17:25:06 -07:00
Bobby Rullo
3cd0d84e31 cmd/dex-worker: wait 'til connectors are available
Otherwise, if worker starts without connectors, and then connectors are
added workers have to be restarted to pick up the changes.
2015-09-18 17:11:58 -07:00
bobbyrullo
188aa27c17 Merge pull request #118 from bobbyrullo/k8s
Get the K8s files up to date with more docs
2015-09-18 15:31:01 -07:00
Bobby Rullo
25c21f0f7e contrib/k8s: docs for using k8s configs 2015-09-18 15:30:17 -07:00
bobbyrullo
f15890edb4 Merge pull request #124 from cpswan/fixes-123
Documentation: no need to create a new Google project
2015-09-17 09:23:39 -07:00
Chris Swan
b773770218 Documentation: no need to create a new Google project
A new API key can be generated in an existing Google project

Fixes #123

Signed-off-by: Chris Swan <@cpswan>
2015-09-17 15:17:03 +01:00
Bobby Rullo
edd88db932 contrib/k8s: Use secrets to store secrets.
Also, move most flags to environment variables.
2015-09-09 14:29:41 -07:00
Bobby Rullo
d9b668002c contrib/k8s: get yaml up-to-date with latest k8s 2015-09-08 14:53:53 -07:00
bobbyrullo
b340660d6d Merge pull request #111 from dullgiulio/early-returns-nazi
Remove unnecessary else statements
2015-09-04 13:02:28 -07:00
Giulio Iotti
472e4a02a4 *: Remove unnecessary else statements
Whenever it makes the code easier to follow, use early return to
avoid else statements.
2015-09-04 22:45:32 +03:00
bobbyrullo
99ed0024b0 Merge pull request #96 from bobbyrullo/who_should_
README.md: "Similar Software", "who should use"
2015-09-03 11:48:01 -07:00
bobbyrullo
7f49efd873 Merge pull request #109 from bobbyrullo/yes_we_DO_have_TLS
Documentation: remove outdated TLS info
2015-09-03 09:57:43 -07:00
Bobby Rullo
bfe6cd2817 Documentation: remove outdated TLS info 2015-09-03 09:56:48 -07:00
bobbyrullo
507649750c Merge pull request #108 from coreos/bobbyrullo-patch-1
Update README.md
2015-09-02 18:06:22 -07:00
bobbyrullo
1cde31af7d Update README.md 2015-09-02 18:04:40 -07:00
bobbyrullo
0ec24a17bd Merge pull request #104 from bobbyrullo/flags_are_good
cmd,server,static/html: Configurable name, logo
2015-09-02 18:00:58 -07:00
Bobby Rullo
f1820cda14 cmd,server,static/html: Configurable name, logo
fixes #47
2015-09-02 18:00:28 -07:00
Bobby Rullo
6545bc6f80 README.md: "Similar Software", "who should use" 2015-09-02 15:53:24 -07:00
Yifan Gu
e077803e93 Merge pull request #105 from yifan-gu/tests
refresh: bcrypt raw bytes rather than base64 encoded string.
2015-09-02 15:39:54 -07:00
Yifan Gu
44c6cb44f5 refresh: bcrypt raw bytes rather than base64 encoded string.
This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.

Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
2015-09-02 14:23:20 -07:00
bobbyrullo
ff71593cd7 Merge pull request #106 from bobbyrullo/shadow_stevens
cmd/dex-overlord: was using the wrong err
2015-09-01 17:09:34 -07:00
Bobby Rullo
62aa12fa6c cmd/dex-overlord: was using the wrong err 2015-09-01 17:07:10 -07:00
Yifan Gu
081bfdd13d Merge pull request #103 from yifan-gu/offline
return refresh token only when scope contains 'offline_access'
2015-08-31 14:30:06 -07:00
Yifan Gu
fb72e6074a Documentation: Update the notes on 'offline access'. 2015-08-31 13:59:02 -07:00
Yifan Gu
93a0830ae0 server: check scope in requests.
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Yifan Gu
066fd859ec session: add 'scope' field in session. 2015-08-31 13:51:59 -07:00
bobbyrullo
d87b5c9bfe Merge pull request #102 from bobbyrullo/we_are_your_overlords
cmd/dex-overlord: bind admin API on 127.0.0.1
2015-08-31 13:43:50 -07:00
Bobby Rullo
9b64ecb2d7 cmd/dex-overlord: bind admin API on 127.0.0.1
Instead of 0.0.0.0; this is safer, since the admin API is very powerful.

fixes #97
2015-08-31 13:42:16 -07:00
bobbyrullo
40a0a63a3e Merge pull request #101 from bobbyrullo/rename
Documentation: mv security_guide.md tls-setup.md
2015-08-31 13:32:10 -07:00
Bobby Rullo
1dd0d13ee0 Documentation: mv security_guide.md tls-setup.md 2015-08-31 13:29:52 -07:00
Yifan Gu
f1fb00efdd Merge pull request #92 from yifan-gu/ssl
dex-worker: add TLS support.
2015-08-31 10:41:13 -07:00
Yifan Gu
783fa364f6 Documentation: add serity_guide.md to show how to establish TLS.
Also add example tls-setup configs that can be used to generate
TLS CA, server certs, key files using 'cfssl'.
2015-08-29 01:42:21 -07:00
Yifan Gu
01f95db3ca examples: also print raw token in the result. 2015-08-29 01:42:21 -07:00
Yifan Gu
3da456efa8 dex-worker: add TLS support.
Add two new flags '--cert-file' and '--key-file'.
If scheme == 'https', then we will use the two new flags to get
the cert/key pair for TLS connection.

Also add '--ca-file' to the example app to allow TLS connection to the
dex-worker using a specified ca file.
2015-08-29 01:42:21 -07:00