Commit graph

317 commits

Author SHA1 Message Date
Giulio Iotti
472e4a02a4 *: Remove unnecessary else statements
Whenever it makes the code easier to follow, use early return to
avoid else statements.
2015-09-04 22:45:32 +03:00
bobbyrullo
99ed0024b0 Merge pull request #96 from bobbyrullo/who_should_
README.md: "Similar Software", "who should use"
2015-09-03 11:48:01 -07:00
bobbyrullo
7f49efd873 Merge pull request #109 from bobbyrullo/yes_we_DO_have_TLS
Documentation: remove outdated TLS info
2015-09-03 09:57:43 -07:00
Bobby Rullo
bfe6cd2817 Documentation: remove outdated TLS info 2015-09-03 09:56:48 -07:00
bobbyrullo
507649750c Merge pull request #108 from coreos/bobbyrullo-patch-1
Update README.md
2015-09-02 18:06:22 -07:00
bobbyrullo
1cde31af7d Update README.md 2015-09-02 18:04:40 -07:00
bobbyrullo
0ec24a17bd Merge pull request #104 from bobbyrullo/flags_are_good
cmd,server,static/html: Configurable name, logo
2015-09-02 18:00:58 -07:00
Bobby Rullo
f1820cda14 cmd,server,static/html: Configurable name, logo
fixes #47
2015-09-02 18:00:28 -07:00
Bobby Rullo
6545bc6f80 README.md: "Similar Software", "who should use" 2015-09-02 15:53:24 -07:00
Yifan Gu
e077803e93 Merge pull request #105 from yifan-gu/tests
refresh: bcrypt raw bytes rather than base64 encoded string.
2015-09-02 15:39:54 -07:00
Yifan Gu
44c6cb44f5 refresh: bcrypt raw bytes rather than base64 encoded string.
This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.

Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
2015-09-02 14:23:20 -07:00
bobbyrullo
ff71593cd7 Merge pull request #106 from bobbyrullo/shadow_stevens
cmd/dex-overlord: was using the wrong err
2015-09-01 17:09:34 -07:00
Bobby Rullo
62aa12fa6c cmd/dex-overlord: was using the wrong err 2015-09-01 17:07:10 -07:00
Yifan Gu
081bfdd13d Merge pull request #103 from yifan-gu/offline
return refresh token only when scope contains 'offline_access'
2015-08-31 14:30:06 -07:00
Yifan Gu
fb72e6074a Documentation: Update the notes on 'offline access'. 2015-08-31 13:59:02 -07:00
Yifan Gu
93a0830ae0 server: check scope in requests.
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Yifan Gu
066fd859ec session: add 'scope' field in session. 2015-08-31 13:51:59 -07:00
bobbyrullo
d87b5c9bfe Merge pull request #102 from bobbyrullo/we_are_your_overlords
cmd/dex-overlord: bind admin API on 127.0.0.1
2015-08-31 13:43:50 -07:00
Bobby Rullo
9b64ecb2d7 cmd/dex-overlord: bind admin API on 127.0.0.1
Instead of 0.0.0.0; this is safer, since the admin API is very powerful.

fixes #97
2015-08-31 13:42:16 -07:00
bobbyrullo
40a0a63a3e Merge pull request #101 from bobbyrullo/rename
Documentation: mv security_guide.md tls-setup.md
2015-08-31 13:32:10 -07:00
Bobby Rullo
1dd0d13ee0 Documentation: mv security_guide.md tls-setup.md 2015-08-31 13:29:52 -07:00
Yifan Gu
f1fb00efdd Merge pull request #92 from yifan-gu/ssl
dex-worker: add TLS support.
2015-08-31 10:41:13 -07:00
Yifan Gu
783fa364f6 Documentation: add serity_guide.md to show how to establish TLS.
Also add example tls-setup configs that can be used to generate
TLS CA, server certs, key files using 'cfssl'.
2015-08-29 01:42:21 -07:00
Yifan Gu
01f95db3ca examples: also print raw token in the result. 2015-08-29 01:42:21 -07:00
Yifan Gu
3da456efa8 dex-worker: add TLS support.
Add two new flags '--cert-file' and '--key-file'.
If scheme == 'https', then we will use the two new flags to get
the cert/key pair for TLS connection.

Also add '--ca-file' to the example app to allow TLS connection to the
dex-worker using a specified ca file.
2015-08-29 01:42:21 -07:00
bobbyrullo
1c85071705 Update README.md 2015-08-28 14:56:00 -07:00
bobbyrullo
7356265d68 Merge pull request #95 from bobbyrullo/fix_example
examples/static: various changes to fix examples
2015-08-28 12:43:39 -07:00
Bobby Rullo
abc1d365ac examples/static: various changes to fix examples 2015-08-28 12:43:07 -07:00
bobbyrullo
8fc076af9e Merge pull request #93 from bobbyrullo/oidc
OIDC Compliance Notes
2015-08-28 12:29:07 -07:00
Bobby Rullo
6d0e7e268e Documentation: add notes on OIDC 2015-08-28 12:28:42 -07:00
bobbyrullo
9b4a264c1a Merge pull request #89 from bobbyrullo/server_fix
server: make reset password pass tests
2015-08-26 15:46:22 -07:00
Bobby Rullo
bbcffde0a5 server: make reset password pass tests
Handler wants a password value even when its blank
2015-08-26 15:45:15 -07:00
bobbyrullo
ed0696f16b Merge pull request #79 from bobbyrullo/intro_page
README.md/Documentation: Get Docs up-to-date.
2015-08-26 15:28:19 -07:00
Bobby Rullo
eb65555fe7 build-docker-push: allow override of quay repo 2015-08-26 15:28:09 -07:00
Bobby Rullo
fa96fb3a33 contrib: get standup up-to-date
* key_secret -> key_secrets
* make sure overlord starts up before other operations since it creates
  the db
* remove race conditions by blocking on /health being up for worker and overlord
2015-08-26 15:28:09 -07:00
Bobby Rullo
5ecad3470b Documentation: bring dev-guide up to date. 2015-08-26 15:27:11 -07:00
Bobby Rullo
3bbafaf3fe README.md/Documentation: Get Docs up-to-date.
* Fix up README
* Create getting started guide.
* Start dev guide
* Start deploy guide
2015-08-26 15:27:11 -07:00
bobbyrullo
5abc7633fb Merge pull request #87 from bobbyrullo/keyspace
Base64 Encode secrets, and allow >1 of them
2015-08-26 10:43:42 -07:00
Bobby Rullo
d0c199b62c cmd, server: base64 encode multiple secrets
Two things here:

    * key secrets are now base64 encoded strings, so we get the full key
      space

    * we can pass >1 of them in so we can rotate them
2015-08-26 10:43:24 -07:00
Bobby Rullo
93f4ae2ba6 pkg/crypto: Don't modify ciphertext in place.
mmmkay?
2015-08-26 10:43:24 -07:00
Bobby Rullo
0feb1dd719 pkg/flag: add new Base64, Base64List flag.Values
Allows setting of []byte's with base64 encoded strings and [][]bytes
with comma-separated base64 encoded strings.
2015-08-25 16:42:43 -07:00
Bobby Rullo
c8feb5c33d db: PrivateKeySetRepo now takes >1 secrets
The first secret is used to encrypt, the rest are for decryption; if the
first doesn't work, the rest are tried in order.

The makes it possible to rotate keys.
2015-08-25 16:41:20 -07:00
Ed Rooth
8cfffcc98a Merge pull request #85 from sym3tri/update-templates
static: update all static templates to be generic & prettier
2015-08-25 14:56:40 -07:00
Ed Rooth
627a4f8805 static: update all templates to be generic 2015-08-25 09:42:43 -07:00
bobbyrullo
ba7c5d5cd7 Merge pull request #84 from bobbyrullo/gorpy
Move gorp to its new location.
2015-08-24 18:02:21 -07:00
Bobby Rullo
74df09acb6 db: gorp moved to github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
Bobby Rullo
50c568b9d2 godep: add github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
bobbyrullo
72c3b0c31a Merge pull request #82 from philips/dex-origin-story
README: explain the name dex
2015-08-24 12:54:36 -07:00
Brandon Philips
827a63f458 README: explain the name dex
People are going to ask, might as well get it out there.
2015-08-24 12:47:31 -07:00
bobbyrullo
2b23798366 Merge pull request #80 from polvi/nit
bug: remote whitespace so eval works
2015-08-24 11:46:08 -07:00