Commit graph

55 commits

Author SHA1 Message Date
Yifan Gu
44c6cb44f5 refresh: bcrypt raw bytes rather than base64 encoded string.
This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.

Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
2015-09-02 14:23:20 -07:00
Yifan Gu
081bfdd13d Merge pull request #103 from yifan-gu/offline
return refresh token only when scope contains 'offline_access'
2015-08-31 14:30:06 -07:00
Yifan Gu
fb72e6074a Documentation: Update the notes on 'offline access'. 2015-08-31 13:59:02 -07:00
Yifan Gu
93a0830ae0 server: check scope in requests.
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Yifan Gu
066fd859ec session: add 'scope' field in session. 2015-08-31 13:51:59 -07:00
bobbyrullo
d87b5c9bfe Merge pull request #102 from bobbyrullo/we_are_your_overlords
cmd/dex-overlord: bind admin API on 127.0.0.1
2015-08-31 13:43:50 -07:00
Bobby Rullo
9b64ecb2d7 cmd/dex-overlord: bind admin API on 127.0.0.1
Instead of 0.0.0.0; this is safer, since the admin API is very powerful.

fixes #97
2015-08-31 13:42:16 -07:00
bobbyrullo
40a0a63a3e Merge pull request #101 from bobbyrullo/rename
Documentation: mv security_guide.md tls-setup.md
2015-08-31 13:32:10 -07:00
Bobby Rullo
1dd0d13ee0 Documentation: mv security_guide.md tls-setup.md 2015-08-31 13:29:52 -07:00
Yifan Gu
f1fb00efdd Merge pull request #92 from yifan-gu/ssl
dex-worker: add TLS support.
2015-08-31 10:41:13 -07:00
Yifan Gu
783fa364f6 Documentation: add serity_guide.md to show how to establish TLS.
Also add example tls-setup configs that can be used to generate
TLS CA, server certs, key files using 'cfssl'.
2015-08-29 01:42:21 -07:00
Yifan Gu
01f95db3ca examples: also print raw token in the result. 2015-08-29 01:42:21 -07:00
Yifan Gu
3da456efa8 dex-worker: add TLS support.
Add two new flags '--cert-file' and '--key-file'.
If scheme == 'https', then we will use the two new flags to get
the cert/key pair for TLS connection.

Also add '--ca-file' to the example app to allow TLS connection to the
dex-worker using a specified ca file.
2015-08-29 01:42:21 -07:00
bobbyrullo
1c85071705 Update README.md 2015-08-28 14:56:00 -07:00
bobbyrullo
7356265d68 Merge pull request #95 from bobbyrullo/fix_example
examples/static: various changes to fix examples
2015-08-28 12:43:39 -07:00
Bobby Rullo
abc1d365ac examples/static: various changes to fix examples 2015-08-28 12:43:07 -07:00
bobbyrullo
8fc076af9e Merge pull request #93 from bobbyrullo/oidc
OIDC Compliance Notes
2015-08-28 12:29:07 -07:00
Bobby Rullo
6d0e7e268e Documentation: add notes on OIDC 2015-08-28 12:28:42 -07:00
bobbyrullo
9b4a264c1a Merge pull request #89 from bobbyrullo/server_fix
server: make reset password pass tests
2015-08-26 15:46:22 -07:00
Bobby Rullo
bbcffde0a5 server: make reset password pass tests
Handler wants a password value even when its blank
2015-08-26 15:45:15 -07:00
bobbyrullo
ed0696f16b Merge pull request #79 from bobbyrullo/intro_page
README.md/Documentation: Get Docs up-to-date.
2015-08-26 15:28:19 -07:00
Bobby Rullo
eb65555fe7 build-docker-push: allow override of quay repo 2015-08-26 15:28:09 -07:00
Bobby Rullo
fa96fb3a33 contrib: get standup up-to-date
* key_secret -> key_secrets
* make sure overlord starts up before other operations since it creates
  the db
* remove race conditions by blocking on /health being up for worker and overlord
2015-08-26 15:28:09 -07:00
Bobby Rullo
5ecad3470b Documentation: bring dev-guide up to date. 2015-08-26 15:27:11 -07:00
Bobby Rullo
3bbafaf3fe README.md/Documentation: Get Docs up-to-date.
* Fix up README
* Create getting started guide.
* Start dev guide
* Start deploy guide
2015-08-26 15:27:11 -07:00
bobbyrullo
5abc7633fb Merge pull request #87 from bobbyrullo/keyspace
Base64 Encode secrets, and allow >1 of them
2015-08-26 10:43:42 -07:00
Bobby Rullo
d0c199b62c cmd, server: base64 encode multiple secrets
Two things here:

    * key secrets are now base64 encoded strings, so we get the full key
      space

    * we can pass >1 of them in so we can rotate them
2015-08-26 10:43:24 -07:00
Bobby Rullo
93f4ae2ba6 pkg/crypto: Don't modify ciphertext in place.
mmmkay?
2015-08-26 10:43:24 -07:00
Bobby Rullo
0feb1dd719 pkg/flag: add new Base64, Base64List flag.Values
Allows setting of []byte's with base64 encoded strings and [][]bytes
with comma-separated base64 encoded strings.
2015-08-25 16:42:43 -07:00
Bobby Rullo
c8feb5c33d db: PrivateKeySetRepo now takes >1 secrets
The first secret is used to encrypt, the rest are for decryption; if the
first doesn't work, the rest are tried in order.

The makes it possible to rotate keys.
2015-08-25 16:41:20 -07:00
Ed Rooth
8cfffcc98a Merge pull request #85 from sym3tri/update-templates
static: update all static templates to be generic & prettier
2015-08-25 14:56:40 -07:00
Ed Rooth
627a4f8805 static: update all templates to be generic 2015-08-25 09:42:43 -07:00
bobbyrullo
ba7c5d5cd7 Merge pull request #84 from bobbyrullo/gorpy
Move gorp to its new location.
2015-08-24 18:02:21 -07:00
Bobby Rullo
74df09acb6 db: gorp moved to github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
Bobby Rullo
50c568b9d2 godep: add github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
bobbyrullo
72c3b0c31a Merge pull request #82 from philips/dex-origin-story
README: explain the name dex
2015-08-24 12:54:36 -07:00
Brandon Philips
827a63f458 README: explain the name dex
People are going to ask, might as well get it out there.
2015-08-24 12:47:31 -07:00
bobbyrullo
2b23798366 Merge pull request #80 from polvi/nit
bug: remote whitespace so eval works
2015-08-24 11:46:08 -07:00
Alex Polvi
c7d2393add bug: remote whitespace so eval works 2015-08-24 08:20:04 -07:00
bobbyrullo
fdce57513a Merge pull request #77 from coreos/bobbyrullo-patch-1
Update Quay link, remove semaphore link
2015-08-21 10:13:56 -07:00
bobbyrullo
35d3f95bb7 Update Quay link, remove semaphore link 2015-08-21 10:13:35 -07:00
bobbyrullo
d2416b9abe Merge pull request #76 from bobbyrullo/master
Godeps: remove link
2015-08-21 09:56:14 -07:00
Bobby Rullo
cf62cfe0d3 Godeps: remove link 2015-08-21 09:55:21 -07:00
bobbyrullo
43b0f7a1e1 Merge pull request #75 from bobbyrullo/docker_is_fun
go-docker: support functional tests
2015-08-20 16:53:48 -07:00
bobbyrullo
5f4fa64214 Merge pull request #74 from bobbyrullo/db_migrate_redux
db: initialize bigint, boolean columns
2015-08-20 16:52:39 -07:00
Bobby Rullo
91b900db3b go-docker: support functional tests
* add linking to go-docker command and remove host networking
* add functional/repo to functional tests script
2015-08-20 16:50:30 -07:00
Bobby Rullo
4ce5a36d08 db: initialize bigint, boolean columns
gorp hates nil.
2015-08-20 12:38:15 -07:00
bobbyrullo
6798adc607 Merge pull request #67 from bobbyrullo/db_migrate
DB Migrations for Dex
2015-08-20 11:45:35 -07:00
Bobby Rullo
8b6a2699d9 cmd/dex-overlord, db: migrations in overlord
Migrations happen only in the overlord, so there's no thundering herd,
and database initialziation can be more easily controlled.
2015-08-20 11:44:43 -07:00
Bobby Rullo
84bc8073de functional: Test DBs use migrations
All repo tests build their tables by applying all the migrations. This
way we know our migrations are functional.
2015-08-20 11:44:43 -07:00