Commit graph

61 commits

Author SHA1 Message Date
rithu john
d928ac0677 storage: Add OfflineSession object to backend storage. 2017-02-09 19:01:28 -08:00
Eric Chiang
1eda382789 server: add at_hash claim support
The "at_hash" claim, which provides hash verification for the
"access_token," is a required claim for implicit and hybrid flow
requests. Previously we did not include it (against spec). This
PR implements the "at_hash" logic and adds the claim to all
responses.

As a cleanup, it also moves some JOSE signing logic out of the
storage package and into the server package.

For details see:

https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
2017-01-13 10:05:24 -08:00
Eric Chiang
312ca7491e storage: add extra fields to refresh token and update method 2017-01-11 12:07:48 -08:00
rithu john
2c03693972 storage: Add ConnectorData to storage RefreshToken. 2017-01-09 15:01:29 -08:00
Eric Chiang
fd20b213bb storage: fix postgres timezone handling
Dex's Postgres client currently uses the `timestamp` datatype for
storing times. This lops of timezones with no conversion, causing
times to lose locality information.

We could convert all times to UTC before storing them, but this is
a backward incompatible change for upgrades, since the new version
of dex would still be reading times from the database with no
locality.

Because of this intrinsic issue that current Postgres users don't
save any timezone data, we chose to treat any existing installation
as corrupted and change the datatype used for times to `timestamptz`.
This is a breaking change, but it seems hard to offer an
alternative that's both correct and backward compatible.

Additionally, an internal flag has been added to SQL flavors,
`supportsTimezones`. This allows us to handle SQLite3, which doesn't
support timezones, while still storing timezones in other flavors.
Flavors that don't support timezones are explicitly converted to
UTC.
2016-12-16 11:46:49 -08:00
Eric Chiang
91cc94dd8f Merge pull request #740 from ericchiang/fix-comment-typos
*: fix comment typos and add go report card icon
2016-12-13 13:17:50 -08:00
Eric Chiang
fe196864c0 *: fix comment typos found with github.com/client9/misspell 2016-12-13 12:23:16 -08:00
rithu john
9949a1313c server: modify error messages to use logrus. 2016-12-13 11:52:44 -08:00
rithu john
2e22a948cf cmd/dex: add logging config and serve logger for different modules. 2016-12-12 15:56:50 -08:00
Eric Chiang
879e018f74 storage/kubernetes: remove unused method 2016-12-08 16:42:18 -08:00
rithu john
ee9738d663 api: adding a gRPC call for listing passwords. 2016-11-17 16:56:54 -08:00
rithu john
19c22807a7 api: adding ListPasswords() method to the storage interface. 2016-11-16 17:25:38 -08:00
Eric Chiang
aa7f304bc1 *: switch to github.com/ghodss/yaml for more consistent YAML parsing
ghodss/yaml converts from YAML to JSON before attempting to unmarshal.
This allows us to:

* Get the correct behavor when decoding base64'd []byte slices.
* Use *json.RawMessage.
* Not have to support extravagant YAML features.
* Let our structs use `json:` tags
2016-11-03 14:39:32 -07:00
Eric Chiang
90e613b328 Merge pull request #649 from rithujohn191/gRPC-endpoints
api: add gRPC endpoints for creating, updating and deleting passwords
2016-11-01 14:20:31 -07:00
rithu leena john
ed7e943406 api: add gRPC endpoints for creating, updating and deleting passwords 2016-11-01 14:10:35 -07:00
Eric Chiang
786e12b15e storage/conformance: expand transaction test suite 2016-10-31 23:01:31 -07:00
Eric Chiang
52e2a1668c storage/sql: use isolation level "serializable" for transactions 2016-10-31 23:00:55 -07:00
Eric Chiang
c0aa63ac97 storage: update godocs 2016-10-28 13:00:13 -07:00
Eric Chiang
d7a75c5b5d storage/kubernetes: allow arbitrary client IDs
Use a hash algorithm to match client IDs to Kubernetes object names.
Because cryptographic hash algorithms produce sums larger than a
Kubernetes name can fit, a non-cryptographic hash is used instead.
Hash collisions are checked and result in errors.
2016-10-27 16:37:58 -07:00
Eric Chiang
4ab78d0ded storage/kubernetes: run transactional conformance tests 2016-10-26 13:30:45 -07:00
Eric Chiang
5720ecf412 storage/conformance: add tests for transactional guarantees 2016-10-26 13:30:45 -07:00
Eric Chiang
d350938fb0 Merge pull request #626 from ericchiang/storage-kubernetes-guess-namespace-from-service-account-token
storage/kubernetes: guess namespace from the service account token
2016-10-25 16:54:58 -07:00
Eric Chiang
101a2bc22a Merge pull request #634 from rithujohn191/kubeconfig_context
storage/kubernetes: set CurrentContext when the Kubeconfig file contains only one context
2016-10-25 14:57:57 -07:00
Eric Chiang
e0b83af981 Merge pull request #629 from ericchiang/dev-storage-kubernetes-dont-print-error
storage/kubernetes: don't automatically print errors on bad HTTP status codes
2016-10-25 14:16:32 -07:00
rithu leena john
9de16f2c45 storage/kubernetes: set CurrentContext when the Kubeconfig file contains only one context 2016-10-25 11:59:34 -07:00
Eric Chiang
bc16de0b58 storage/kubernetes: don't guess the kubeconfig location and change test env
Using the default KUBECONFIG environment variable to indicate that
the Kubernetes tests should be run lead to cases where developers
accidentally ran the tests. This has now been changed to
"DEX_KUBECONFIG" and documentation hsa been added detailing how to
run these tests.

Additionally, no other storage reads environment variables for its
normal configuration (outside of tests) so the Kubernetes storage
no longer does.

Overall, be less surprising.
2016-10-23 20:53:29 -07:00
Eric Chiang
138ff96c00 storage/kubernetes: don't automatically print errors on bad HTTP status codes
These status codes spam the error logs for events like key rotation
and third party resource creation. In these cases "bad" status codes
are expected and shouldn't be automatically printed.
2016-10-23 07:42:42 -07:00
Eric Chiang
8c9c5160b6 storage/kubernetes: guess namespace from the service account token
The in cluster kubernetes client currently requires using the
downward API to determine its namespace. However this value can be
determine by inspecting the service account token mounted into the
pod. As a fallback, use this to guess the current namespace.
2016-10-21 23:35:17 -07:00
Eric Chiang
fe320c1928 storage/sql: fix typo in keys query 2016-10-14 12:28:49 -07:00
Eric Chiang
0a3aabc8ff storage/conformace: add conformance tests for keys 2016-10-14 12:28:49 -07:00
Eric Chiang
691476b477 storage/kubernetes: manage third party resources and drop support for 1.3 2016-10-13 17:41:52 -07:00
Eric Chiang
449f34ed2a storage/sql: print error before calling t.Fatal 2016-10-12 22:00:08 -07:00
Eric Chiang
558059ee58 storage/kubernetes: add garbage collection method 2016-10-12 18:48:23 -07:00
Eric Chiang
9ce05ecf73 storage/sql: add garbage collection method 2016-10-12 18:48:09 -07:00
Eric Chiang
c14ab3c44e storage/memory: add garbage collection method 2016-10-12 18:47:47 -07:00
Eric Chiang
d27f5e411f storage/conformance: add garbage collection tests 2016-10-12 18:47:15 -07:00
Eric Chiang
df6cfa0b7a storage: add GC method to interface to standardize handling 2016-10-12 18:46:10 -07:00
Eric Chiang
2909929b17 *: add the ability to define passwords statically 2016-10-06 10:35:54 -07:00
Eric Chiang
7ff3ce85a2 *: add password resource to kubernetes storage implementation 2016-10-05 17:26:41 -07:00
Eric Chiang
ae3b5ef6e9 storage/memory: add password resource 2016-10-05 17:26:41 -07:00
Eric Chiang
8012e56446 storage/sql: add password resource 2016-10-05 17:26:41 -07:00
Eric Chiang
138f55be06 storage/conformance: add tests for password resource 2016-10-05 17:26:41 -07:00
Eric Chiang
74b44e9757 storage: add a password resource 2016-10-05 16:51:50 -07:00
Eric Chiang
c50b44cf8f Merge pull request #584 from ericchiang/dev-increase-entropy
storage: increase the number of bytes randomly generated for IDs
2016-10-05 14:14:49 -07:00
Eric Chiang
ea4f3fd365 storage/sql: enable garbage collection
Was an oversite of the initial SQL PR.
2016-10-04 12:57:21 -07:00
Eric Chiang
490b3494db storage: increase the number of bytes randomly generated for IDs
Because these values are used for OAuth2 codes, refresh tokens,
etc, they shouldn't be guessable. Increase the number of random
bytes from 64 to 128.
2016-10-03 17:38:32 -07:00
Eric Chiang
877eb3dc7b *: add standup script to run DB tests locally and hook up travis 2016-10-03 12:48:26 -07:00
Eric Chiang
36d67574c5 storage/conformance: add more conformance tests 2016-10-03 12:48:25 -07:00
Eric Chiang
63f56b4269 storage: hook up conformance tests for SQL 2016-10-03 12:48:25 -07:00
Eric Chiang
e2bf8ceb63 storage: rename "storagetest" package to "conformance" 2016-10-03 12:48:25 -07:00