Commit graph

367 commits

Author SHA1 Message Date
Eric Chiang
5302fefdfb Merge pull request #671 from ericchiang/fix-server-time-bug
server: use seconds instead of nano seconds for expires_in and expiry
2016-11-05 07:56:06 -07:00
Eric Chiang
7f24ebb051 Merge pull request #664 from ericchiang/dev-docs-v2
Documentation: add doc describing v2 changes
2016-11-05 07:55:16 -07:00
Eric Chiang
12a5c0ada3 server: use seconds instead of nano seconds for expires_in and expiry 2016-11-04 17:00:10 -07:00
Eric Chiang
c9889683b4 Documentation: add doc describing v2 changes 2016-11-04 16:56:21 -07:00
Eric Chiang
d86a774a29 Merge pull request #670 from ericchiang/example-app-debug
cmd/example-app: add a --debug flag
2016-11-04 14:29:39 -07:00
Eric Chiang
015e7cf606 cmd/dex: only expand from env for storages and connectors
Bcrypt'd hashes have "$" characters in them. This means that #667
(accepting actually bcrypted values) combined with #627 (expanding
config with environment variables) broke the example config.

For now, allow storages and connectors to expand their configs from
the environment, but don't do this anywhere else.
2016-11-03 21:38:32 -07:00
Eric Chiang
35d6423ac2 cmd/example-app: add a --debug flag 2016-11-03 21:36:15 -07:00
Eric Chiang
ce703a7fe1 Merge pull request #665 from rithujohn191/expose-serv-opts
cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config
2016-11-03 18:25:44 -07:00
rithu leena john
600e761266 cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config. 2016-11-03 17:25:36 -07:00
Eric Chiang
d11224f2bb Merge pull request #668 from ericchiang/dev-ldap-conn
connector: accept base64 encoded CA and add convience open method
2016-11-03 16:39:22 -07:00
Eric Chiang
0f31566b27 connector: accept base64 encoded CA and add convience open method 2016-11-03 16:28:23 -07:00
Eric Chiang
53852d4e42 Merge pull request #667 from ericchiang/dev-switch-yaml-package
*: switch to github.com/ghodss/yaml for more consistent YAML parsing
2016-11-03 15:29:18 -07:00
Eric Chiang
59240f93b1 vendor: revendor 2016-11-03 15:24:47 -07:00
Eric Chiang
df50308713 glide.yaml: add new yaml package 2016-11-03 15:24:35 -07:00
Eric Chiang
ebe51e736d cmd/dex: accept raw bcrypt'd hash as well as base64'd version of hash 2016-11-03 15:23:56 -07:00
Eric Chiang
aa7f304bc1 *: switch to github.com/ghodss/yaml for more consistent YAML parsing
ghodss/yaml converts from YAML to JSON before attempting to unmarshal.
This allows us to:

* Get the correct behavor when decoding base64'd []byte slices.
* Use *json.RawMessage.
* Not have to support extravagant YAML features.
* Let our structs use `json:` tags
2016-11-03 14:39:32 -07:00
Eric Chiang
a78adb0272 Merge pull request #666 from rithujohn191/update-go-version
*: travis tests and build scripts should use Go 1.7.3.
2016-11-03 12:37:54 -07:00
rithu leena john
75abce2b19 *: travis tests and build scripts should use Go 1.7.3. 2016-11-03 12:28:53 -07:00
Eric Chiang
74eaec60cb Merge pull request #661 from rithujohn191/gRPC-client-auth
cmd/dex: add option for gRPC client auth CA.
2016-11-02 15:05:15 -07:00
rithu leena john
42dfd3ecec cmd/dex: add option for gRPC client auth CA. 2016-11-02 14:51:22 -07:00
Eric Chiang
799b3f3ef5 Merge pull request #658 from ericchiang/dev-dont-error-on-invalid-username
*: don't error out if a username doesn't exist in the backing connector
2016-11-01 16:06:40 -07:00
Eric Chiang
90e613b328 Merge pull request #649 from rithujohn191/gRPC-endpoints
api: add gRPC endpoints for creating, updating and deleting passwords
2016-11-01 14:20:31 -07:00
Eric Chiang
57a59d4631 *: don't error out if a username doesn't exist in the backing connector
Instead of throwing a 500 error if a user enters an invalid name,
display the same text box as if the user had entered the wrong
password.

NOTE: An invalid username now returns much quicker than an invalid
password. Consider adding an arbitrary sleep in the future if we
care about masking which was invalid.
2016-11-01 14:10:55 -07:00
rithu leena john
ed7e943406 api: add gRPC endpoints for creating, updating and deleting passwords 2016-11-01 14:10:35 -07:00
Eric Chiang
2a9051c864 Merge pull request #654 from ericchiang/dev-sql-optimistic-concurrency
storage/sql: use isolation level "serializable" for transactions
2016-11-01 10:16:23 -07:00
Eric Chiang
8debe68314 Documentation: remove caveat about running multiple instances 2016-10-31 23:18:40 -07:00
Eric Chiang
786e12b15e storage/conformance: expand transaction test suite 2016-10-31 23:01:31 -07:00
Eric Chiang
52e2a1668c storage/sql: use isolation level "serializable" for transactions 2016-10-31 23:00:55 -07:00
Eric Chiang
1c51c50b23 Merge pull request #652 from ericchiang/dev-docs-api
Documentation: add document on the dex API
2016-10-31 18:16:08 -07:00
Eric Chiang
fe1d27586e Documentation: add document on the dex API 2016-10-31 15:25:52 -07:00
Eric Chiang
651b406cfd Merge pull request #651 from ericchiang/dev-remove-openldap-container
contrib/openldap: remove OpenLDAP container
2016-10-31 15:19:05 -07:00
Eric Chiang
f672e75a3a contrib/openldap: remove OpenLDAP container
Based on #640 we're going to osixia/openldap instead of rolling our
own container. Removing this work for now. If we want it back we can
revert easily enough.
2016-10-28 16:08:26 -07:00
rithu leena john
0cfd815d3d Merge pull request #648 from ericchiang/dev-storage-docs
storage: update godocs
2016-10-28 13:59:13 -07:00
Eric Chiang
c0aa63ac97 storage: update godocs 2016-10-28 13:00:13 -07:00
Eric Chiang
a7c2fca039 Merge pull request #645 from ericchiang/dev-ldap-fix-switch
connector/ldap: fix bug in switch statement
2016-10-28 11:19:40 -07:00
Eric Chiang
4329406158 connector/ldap: fix bug in switch statement 2016-10-28 10:11:18 -07:00
Eric Chiang
d7912a3a97 Merge pull request #638 from ericchiang/dev-share-a-single-callback
*: allow call connectors to share a single a single callback
2016-10-27 16:59:04 -07:00
Eric Chiang
44fec87ce1 Merge pull request #642 from ericchiang/k8s-client-id
storage/kubernetes: allow arbitrary client IDs
2016-10-27 16:58:57 -07:00
Eric Chiang
d7a75c5b5d storage/kubernetes: allow arbitrary client IDs
Use a hash algorithm to match client IDs to Kubernetes object names.
Because cryptographic hash algorithms produce sums larger than a
Kubernetes name can fit, a non-cryptographic hash is used instead.
Hash collisions are checked and result in errors.
2016-10-27 16:37:58 -07:00
Eric Chiang
99717cb56d Merge pull request #635 from ericchiang/dev-transaction-tests
storage/conformance: add tests for transactional guarantees
2016-10-27 15:54:53 -07:00
Eric Chiang
acf3d6385e Merge pull request #641 from ericchiang/dev-scripts-fix-get-protoc
scripts: fix get-protoc script to work directly after a clean
2016-10-27 14:42:40 -07:00
Eric Chiang
84c3ba0fe3 scripts: fix get-protoc script to work directly after a clean
Right now `make grpc` only works if a user hasn't run a `make clean`.
Fix this.
2016-10-27 14:35:38 -07:00
Eric Chiang
c1f18802c9 Merge pull request #624 from ericchiang/dev-ldap-connector
connector/ldap: expand LDAP connector to include searches
2016-10-27 13:44:18 -07:00
Eric Chiang
f5a378a4e5 Merge pull request #640 from rithujohn191/openldap-docs
Documentation: adding documentation for running ldap tests locally
2016-10-27 13:22:37 -07:00
rithu leena john
27880dba59 Documentation: adding documentation for running ldap tests locally 2016-10-27 13:20:32 -07:00
Eric Chiang
13f7dfaef0 connector/ldap: expand LDAP connector to include searches 2016-10-27 13:11:30 -07:00
Eric Chiang
7c2289e0de *: rename internally used "state" form value to "req"
"state" means something specific to OAuth2 and SAML so we don't
want to confuse developers who are working on this.

Also don't use "session" which could easily be confused with HTTP
cookies.
2016-10-27 10:26:01 -07:00
Eric Chiang
a3235d022a *: verify "state" field before passing request to callback connectors
Let the server handle the state token instead of the connector. As a
result it can throw out bad requests earlier. It can also use that
token to determine which connector was used to generate the request
allowing all connectors to share the same callback URL.

Callbacks now all look like:

    https://dex.example.com/callback

Instead of:

    https://dex.example.com/callback/(connector id)

Even when multiple connectors are being used.
2016-10-27 10:23:09 -07:00
Eric Chiang
88896eb949 Merge pull request #637 from squat/fix_cache_control
server/handlers: fix Cache-Control header
2016-10-26 15:07:18 -07:00
Lucas Serven
5c498ae4df server/handlers: fix Cache-Control header
fixes: #636

This commit addresses a problem where the `max-age` value is being set
in nanoseconds as opposed to seconds, as required by the specification.
2016-10-26 14:58:18 -07:00