When reading migrations from files, sql-migrate attempts to split
SQL statements. The parsing logic does not handle $BODY$ statements
and broke when the migration included one.
Replace go-bindata with a small migration generation script and use
in memory migrations instead.
This change solves the User's API problem when you want to create an user that its email hasn't been verified yet but it exist.
At now, you can resend invitation email using endpoint /users/{id}/resend-invitation
Fixes#184
PasswordInfos are marshaled when storing them in the database as
part of the local connector. However, the custom unmarsheler
defined could not unmarshal the standard marshling of this struct.
Add a struct tag to the Password field to correct this.
Closes#332
Not all LDAP servers have entryDN available as an attribute. Reading up on
https://tools.ietf.org/html/rfc5020 tells me that entryDN is intended for
making the DN available for attribute value assertions. Thus it is not
mandatory for a LDAP server to make it available as an retrievable
attribute.
The DN is always a part of the entry returned in a search result, just use
it.
Fixes#314
go-sqlite3 takes a long time to compile, so it's very important
to cache a build rather than re-compile every time.
Use go install instead of go build in the build script to cache
all packages. Print a warning in the test script if cached packages
are not found.
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.
A lot of this commit is fixing those tests.
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.
Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.
This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.
Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).
To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go
Fixes#119
