Commit graph

52 commits

Author SHA1 Message Date
Adrián López Gómez
9b8ab3bdc6 ClientCredentials flow in UserAPI
Fixes #528
2016-09-01 08:34:36 +02:00
Wyatt Anderson
26508c6bab server: when registering a user, set display name
When automatically registering a user from an IP that provides
a `DisplayName`, set it on the created user so that JWT we create
contain a meaningful `name` field.
2016-08-04 11:45:05 -04:00
Eric Chiang
8669167b42 user api: accept bearer tokens with multiple audiences 2016-08-02 11:52:19 -07:00
Eric Chiang
33010e22c4 Merge pull request #487 from ericchiang/unify-email-config
*: depricate --email-from flag and move to email config files
2016-07-19 15:12:35 -07:00
Eric Chiang
b02a3a3163 *: add "groups" scope 2016-07-19 11:23:04 -07:00
Eric Chiang
47ce264f08 return 409 status code on duplicate email errors 2016-06-28 13:52:28 -07:00
Eric Chiang
87faa5a1f7 *: depricate --email-from flag and move to email config files 2016-06-27 23:36:07 -07:00
Bobby Rullo
32a1994a5e refresh tokens: store and validate scopes.
A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.

This Commit:

* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
  verified
* updates dependent code to pass along scopes
2016-06-14 14:14:36 -07:00
Bobby Rullo
ca18efb1fe client: load full clients w/ LoadableClient
The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.

To that end, LoadableClient contains the full representation of a client
and associated entities.
2016-06-08 11:31:50 -07:00
Bobby Rullo
1b4dca80d7 client: remove ClientManagerFromClients
Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it
was doing the wrong thing: it was ignoring the client_id and client_secret
passed into it as far as I can tell.
2016-06-07 16:47:30 -07:00
bobbyrullo
04fa835405 Merge pull request #353 from fnordahl/issue/156
vendor: update go-oidc to latest
2016-05-27 10:56:54 -04:00
Bobby Rullo
bbaea52ea6 alternate approach to fixing tests 2016-05-27 00:22:27 +02:00
Evan Cordell
a418e1c4e7 client: add client manager
adds a client manager to handle business logic, leaving the repo
for basic crud operations. Also adds client to the test script
2016-05-19 16:20:12 -07:00
Evan Cordell
3da98fcb8e client: add transaction support 2016-05-19 16:17:01 -07:00
Bobby Rullo
e5948ab3ce *: ClientIdentityXXX -> ClientXXX
Get rid of all outdated "ClientIdentity" terminology.
2016-04-20 14:31:27 -07:00
Bobby Rullo
95757e8779 *: Client Repo now deals with custom Client object
This is instead of oidc.ClientIdentity. This makes it easier to add new
fields custom to dex to the client.
2016-04-20 14:31:27 -07:00
Eric Chiang
64380734e6 *: implement refresh revocation user API methods 2016-04-06 11:29:09 -07:00
Eric Chiang
c92aae647c Merge pull request #331 from Tecsisa/184-resend-email-invitation
add support for resend an invite email
2016-03-02 16:53:17 -08:00
Eric Chiang
01a24542e9 *: fix tests that care about email case sensitivity 2016-03-01 14:09:10 -08:00
Eric Chiang
9bc68edae7 *: add migration to convert all emails to lowercase
Fixes #338
2016-03-01 10:51:50 -08:00
Rubén Soleto Buenvarón
8156870862 add support for resend an invite email
This change solves the User's API problem when you want to create an user that its email hasn't been verified yet but it exist.
At now, you can resend invitation email using endpoint /users/{id}/resend-invitation

Fixes #184
2016-02-26 09:55:28 +01:00
Eric Chiang
221a1ad7a0 user: fix password info JSON encoding to survive round trips
PasswordInfos are marshaled when storing them in the database as
part of the local connector. However, the custom unmarsheler
defined could not unmarshal the standard marshling of this struct.

Add a struct tag to the Password field to correct this.

Closes #332
2016-02-23 16:25:56 -08:00
Eric Chiang
1658e86b2a *: fix govet warnings 2016-02-12 13:19:05 -08:00
Eric Chiang
dcf5835189 *: remove in memory connector config repo 2016-02-12 13:19:05 -08:00
Eric Chiang
b572b8dd6c *: remove in memory client repo
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.

A lot of this commit is fixing those tests.
2016-02-12 13:19:05 -08:00
Eric Chiang
72d1ecab64 *: remove in memory password info repo 2016-02-12 13:19:05 -08:00
Eric Chiang
2726f4dcdf *: remove in memory user repo 2016-02-12 13:19:05 -08:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
0ada4c8010 *: move user API auth to middleware and fix return status
Move client authentication into its own middleware and provide
differentiation between HTTP requests that do not provide
credentials (401) and requests that authenticate as a non-admin
user (403).

Closes #152
2016-01-19 13:49:01 -08:00
Eric Chiang
5e44b6bc27 *: update all to accommodate changes to go-oidc
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
Eric Chiang
1829209243 Godeps,user: update uuid package reference
The package code.google.com/p/go-uuid/uuid has been moved to
github.com/pborman/uuid. Update the reference.

Closes #224
2015-12-30 08:54:31 -08:00
Eric Chiang
f43655a8c3 user/manager: connector must exists when creating remote identity
Add ConnectorConfigRepo to UserManager. When trying to create a
RemoteIdentity, validate that the connector ID exists.

Fixes #198
2015-12-07 17:34:08 -08:00
Eric Chiang
d518447282 user: move user manager to it's own package
This commit moves the user.Manage to its own package (user/manager)
so it can import the connector package in a later commit.

For clarity, it renames "Manager" to "UserManager" using gorname.

This commit has no functional changes.
2015-12-07 15:34:14 -08:00
Eric Chiang
137330b202 user: fix bug in ValidEmail helper
mail.ParseAddress will stop parsing a string once it finds a valid
email address. This means you could give ValidUser an email
address followed by junk and it would mark it valid.

This commit fixes this behavior and adds some more test cases.

Fixes #189
2015-12-01 09:06:30 -08:00
Joe Bowers
0c854a21d6 server: endpoint and system for sending invitations to dex
An invitation allows users to both verify their email address and set
a new password.
2015-11-18 14:24:19 -08:00
Joe Bowers
2cdb6c0adb user: more convenient way to read claims that have already been validated 2015-11-11 10:04:54 -08:00
Joe Bowers
468c1b8b5e user: claims and parsing for invitations 2015-11-11 10:04:54 -08:00
Joe Bowers
ca9227fc19 various: spelling, logging, and commentary cleanup 2015-11-11 10:04:54 -08:00
Bobby Rullo
2ef1b4beff user: introduce "invite" emails
Invite emails are essentially just reset password emails with a
different template (though this can and probably will change (slightly)
in the near future)
2015-10-30 14:41:00 -07:00
Joe Bowers
b1e4369811 fixup: remove debug logging from test 2015-10-16 17:14:51 -07:00
Joe Bowers
12342149d3 fixup: document parseAndVerifyTokenClaims behavior 2015-10-16 16:54:22 -07:00
Joe Bowers
ce8b0a4c9e tests: fix user tests with for new behavior 2015-10-16 16:43:52 -07:00
Joe Bowers
85113748a8 server: unify password reset and email verification code and behavior
This patch proposes behavioral changes. In particular, referring
systems will need to provide client ids under all circumstances.
2015-10-16 14:47:58 -07:00
Joe Bowers
2ed2859896 repo: functional repo tests
includes changes to ensure uniform errors for DB and in-memory repos
2015-09-29 16:46:48 -07:00
Joe Bowers
e5db302312 server: expose user disable API endpoint 2015-09-29 16:46:30 -07:00
Joe Bowers
b19adefde5 Merge pull request #138 from joeatwork/disable-users
server: disable users
2015-09-28 12:36:09 -07:00
Joe Bowers
fbbb3cc2df server: all authorizations fail for disabled users 2015-09-25 17:29:59 -07:00
Joe Bowers
ffabe03bc0 server: don't allow disabled users to access the api 2015-09-25 15:47:42 -07:00
Joe Bowers
f115015a3f api: don't create a user if you can't send them an email 2015-09-25 15:11:27 -07:00
Joe Bowers
60a36e2c2e server,db: flag for disabling user login 2015-09-25 14:25:06 -07:00