Commit graph

27 commits

Author SHA1 Message Date
Bobby Rullo
32a1994a5e refresh tokens: store and validate scopes.
A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.

This Commit:

* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
  verified
* updates dependent code to pass along scopes
2016-06-14 14:14:36 -07:00
Bobby Rullo
ca18efb1fe client: load full clients w/ LoadableClient
The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.

To that end, LoadableClient contains the full representation of a client
and associated entities.
2016-06-08 11:31:50 -07:00
Bobby Rullo
1b4dca80d7 client: remove ClientManagerFromClients
Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it
was doing the wrong thing: it was ignoring the client_id and client_secret
passed into it as far as I can tell.
2016-06-07 16:47:30 -07:00
Evan Cordell
a418e1c4e7 client: add client manager
adds a client manager to handle business logic, leaving the repo
for basic crud operations. Also adds client to the test script
2016-05-19 16:20:12 -07:00
Evan Cordell
3da98fcb8e client: add transaction support 2016-05-19 16:17:01 -07:00
Bobby Rullo
e5948ab3ce *: ClientIdentityXXX -> ClientXXX
Get rid of all outdated "ClientIdentity" terminology.
2016-04-20 14:31:27 -07:00
Bobby Rullo
95757e8779 *: Client Repo now deals with custom Client object
This is instead of oidc.ClientIdentity. This makes it easier to add new
fields custom to dex to the client.
2016-04-20 14:31:27 -07:00
Eric Chiang
64380734e6 *: implement refresh revocation user API methods 2016-04-06 11:29:09 -07:00
Rubén Soleto Buenvarón
8156870862 add support for resend an invite email
This change solves the User's API problem when you want to create an user that its email hasn't been verified yet but it exist.
At now, you can resend invitation email using endpoint /users/{id}/resend-invitation

Fixes #184
2016-02-26 09:55:28 +01:00
Eric Chiang
dcf5835189 *: remove in memory connector config repo 2016-02-12 13:19:05 -08:00
Eric Chiang
b572b8dd6c *: remove in memory client repo
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.

A lot of this commit is fixing those tests.
2016-02-12 13:19:05 -08:00
Eric Chiang
72d1ecab64 *: remove in memory password info repo 2016-02-12 13:19:05 -08:00
Eric Chiang
2726f4dcdf *: remove in memory user repo 2016-02-12 13:19:05 -08:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
0ada4c8010 *: move user API auth to middleware and fix return status
Move client authentication into its own middleware and provide
differentiation between HTTP requests that do not provide
credentials (401) and requests that authenticate as a non-admin
user (403).

Closes #152
2016-01-19 13:49:01 -08:00
Eric Chiang
5e44b6bc27 *: update all to accommodate changes to go-oidc
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
Eric Chiang
f43655a8c3 user/manager: connector must exists when creating remote identity
Add ConnectorConfigRepo to UserManager. When trying to create a
RemoteIdentity, validate that the connector ID exists.

Fixes #198
2015-12-07 17:34:08 -08:00
Eric Chiang
d518447282 user: move user manager to it's own package
This commit moves the user.Manage to its own package (user/manager)
so it can import the connector package in a later commit.

For clarity, it renames "Manager" to "UserManager" using gorname.

This commit has no functional changes.
2015-12-07 15:34:14 -08:00
Joe Bowers
0c854a21d6 server: endpoint and system for sending invitations to dex
An invitation allows users to both verify their email address and set
a new password.
2015-11-18 14:24:19 -08:00
Bobby Rullo
2ef1b4beff user: introduce "invite" emails
Invite emails are essentially just reset password emails with a
different template (though this can and probably will change (slightly)
in the near future)
2015-10-30 14:41:00 -07:00
Joe Bowers
e5db302312 server: expose user disable API endpoint 2015-09-29 16:46:30 -07:00
Joe Bowers
b19adefde5 Merge pull request #138 from joeatwork/disable-users
server: disable users
2015-09-28 12:36:09 -07:00
Joe Bowers
fbbb3cc2df server: all authorizations fail for disabled users 2015-09-25 17:29:59 -07:00
Joe Bowers
ffabe03bc0 server: don't allow disabled users to access the api 2015-09-25 15:47:42 -07:00
Joe Bowers
f115015a3f api: don't create a user if you can't send them an email 2015-09-25 15:11:27 -07:00
Giulio Iotti
472e4a02a4 *: Remove unnecessary else statements
Whenever it makes the code easier to follow, use early return to
avoid else statements.
2015-09-04 22:45:32 +03:00
Bobby Rullo
66fe201c24 *: move original project to dex 2015-08-18 11:26:57 -07:00