Commit graph

28 commits

Author SHA1 Message Date
Eric Chiang
60b843e78b Merge pull request #339 from ericchiang/case_insensitive_emails
db: email comparison should be case insensitive
2016-03-02 16:51:47 -08:00
Eric Chiang
01a24542e9 *: fix tests that care about email case sensitivity 2016-03-01 14:09:10 -08:00
Eric Chiang
208afd3b01 *: add functional tests for case insensitive emails 2016-03-01 10:54:12 -08:00
Eric Chiang
bf88fe48a6 functional: don't fail if postgres or ldap isn't availabl 2016-02-25 11:57:26 -08:00
Eric Chiang
2cc0ae6fac functional: remove in memory connector configs from ldap tests 2016-02-16 15:21:38 -08:00
Eric Chiang
dcf5835189 *: remove in memory connector config repo 2016-02-12 13:19:05 -08:00
Eric Chiang
b572b8dd6c *: remove in memory client repo
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.

A lot of this commit is fixing those tests.
2016-02-12 13:19:05 -08:00
Eric Chiang
72d1ecab64 *: remove in memory password info repo 2016-02-12 13:19:05 -08:00
Eric Chiang
2726f4dcdf *: remove in memory user repo 2016-02-12 13:19:05 -08:00
Eric Chiang
7bac93aa20 *: remove in memory session repos
Move manager to it's own package so it can import db. Move all
references to the in memory session repos to use sqlite3.
2016-02-12 13:19:05 -08:00
Eric Chiang
5052d8007f functional: clean up functional tests
Adjust logic and remove panics from functional tests.
2016-02-12 13:19:05 -08:00
Frode Nordahl
4d970d5fc4 connector: add LDAP connector
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.

Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.

This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.

Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).

To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go

Fixes #119
2016-02-11 18:30:16 +01:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
ec3bc7f258 *: allow dexctl set-connector-configs to read from stdin
Closes #276
2016-01-19 08:59:34 -08:00
Eric Chiang
5e44b6bc27 *: update all to accommodate changes to go-oidc
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
Eric Chiang
7aa3d925d5 Merge pull request #249 from ericchiang/cli
use cobra for dexctl cli logic
2015-12-28 16:26:31 -08:00
Bobby Rullo
c1f8effe1a db, functional: make value column in key not pkey
go-oidc increased the size of the generated keys, which were too large
to be used as primary keys in postgres.
2015-12-28 16:02:16 -08:00
Eric Chiang
8e5115ce73 cmd: use spf13/cobra for dexctl cli logic 2015-12-28 15:55:11 -08:00
Eric Chiang
f43655a8c3 user/manager: connector must exists when creating remote identity
Add ConnectorConfigRepo to UserManager. When trying to create a
RemoteIdentity, validate that the connector ID exists.

Fixes #198
2015-12-07 17:34:08 -08:00
George Tankersley
07a4d4441e pkg/crypto: replace old crypto with new crypto 2015-10-29 13:45:25 -07:00
Joe Bowers
2ed2859896 repo: functional repo tests
includes changes to ensure uniform errors for DB and in-memory repos
2015-09-29 16:46:48 -07:00
Yifan Gu
44c6cb44f5 refresh: bcrypt raw bytes rather than base64 encoded string.
This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.

Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
2015-09-02 14:23:20 -07:00
bobbyrullo
5abc7633fb Merge pull request #87 from bobbyrullo/keyspace
Base64 Encode secrets, and allow >1 of them
2015-08-26 10:43:42 -07:00
Bobby Rullo
c8feb5c33d db: PrivateKeySetRepo now takes >1 secrets
The first secret is used to encrypt, the rest are for decryption; if the
first doesn't work, the rest are tried in order.

The makes it possible to rotate keys.
2015-08-25 16:41:20 -07:00
Bobby Rullo
74df09acb6 db: gorp moved to github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
Bobby Rullo
4ce5a36d08 db: initialize bigint, boolean columns
gorp hates nil.
2015-08-20 12:38:15 -07:00
Bobby Rullo
84bc8073de functional: Test DBs use migrations
All repo tests build their tables by applying all the migrations. This
way we know our migrations are functional.
2015-08-20 11:44:43 -07:00
Bobby Rullo
66fe201c24 *: move original project to dex 2015-08-18 11:26:57 -07:00