Commit graph

90 commits

Author SHA1 Message Date
Bobby Rullo
e71c5086ba server: CodeToken now does Cross-Client auth 2016-06-07 17:22:41 -07:00
Bobby Rullo
9b4740862c server: /auth accepts, validates X-client scopes 2016-06-07 17:16:11 -07:00
Bobby Rullo
f9dbc8a3d2 db, client: add data model for trusted peers
Trusted Peers are clients that are authorized to mint tokens
for another client.
2016-06-07 17:16:09 -07:00
Bobby Rullo
1b4dca80d7 client: remove ClientManagerFromClients
Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it
was doing the wrong thing: it was ignoring the client_id and client_secret
passed into it as far as I can tell.
2016-06-07 16:47:30 -07:00
Bobby Rullo
a33d61c8e2 server: remove boilerplate setup code part deux
Use the test fixture setup stuff in testutil instead.
2016-06-07 16:47:30 -07:00
Bobby Rullo
ad1d5ab253 server: remove boilerplate setup code
Use the test fixture setup stuff in testutil instead.
2016-06-07 16:47:29 -07:00
Eric Chiang
4440b3a085 Merge pull request #449 from ericchiang/add-connectors-to-api
Set and list connectors from admin API
2016-06-01 10:51:30 -07:00
Eric Chiang
35ea3d9ae1 *: add ability to set and list connectors from admin API
closes #360
2016-06-01 09:31:47 -07:00
bobbyrullo
04fa835405 Merge pull request #353 from fnordahl/issue/156
vendor: update go-oidc to latest
2016-05-27 10:56:54 -04:00
Bobby Rullo
bbaea52ea6 alternate approach to fixing tests 2016-05-27 00:22:27 +02:00
Evan Cordell
73d9742c8b client manager: accept full client when creating 2016-05-24 14:44:04 -05:00
Evan Cordell
a418e1c4e7 client: add client manager
adds a client manager to handle business logic, leaving the repo
for basic crud operations. Also adds client to the test script
2016-05-19 16:20:12 -07:00
Evan Cordell
3da98fcb8e client: add transaction support 2016-05-19 16:17:01 -07:00
Bobby Rullo
847849931f Revert "Fix response_type missing param"
This reverts commit 821b242c83.
2016-05-17 13:49:14 -07:00
Bobby Rullo
e5948ab3ce *: ClientIdentityXXX -> ClientXXX
Get rid of all outdated "ClientIdentity" terminology.
2016-04-20 14:31:27 -07:00
Bobby Rullo
95757e8779 *: Client Repo now deals with custom Client object
This is instead of oidc.ClientIdentity. This makes it easier to add new
fields custom to dex to the client.
2016-04-20 14:31:27 -07:00
Eric Chiang
c2c7f03f47 Merge pull request #409 from Tecsisa/408-test-handleToken
tests: add HandleTokenFunc test
2016-04-15 08:32:53 -07:00
Adrián López Gómez
d3d2db8e05 tests: add HandleTokenFunc test
Fixes #408
2016-04-15 09:17:02 +02:00
Eric Chiang
7858da565f server: add more validation to --no-db static file parsing
In #393 the format of the static user file in --no-db mode changed.
However, the old format loads without error, which has caused
issues for developers with existing user files.

Add an explicit check to ensure the file is not using the old
format. If they are, print a better error message.
2016-04-11 16:21:31 -07:00
Stephan Renatus
ed89be44ef bugfix: make getCreds work for non-admins (#396) 2016-04-08 10:14:01 -07:00
Eric Chiang
cd7d3fff85 Merge pull request #386 from ericchiang/revoke_refresh_2
add ability to revoke refresh tokens in user API
2016-04-06 13:45:23 -07:00
Eric Chiang
e6177cf307 Merge pull request #393 from ericchiang/nodb_users
remove passwordInfos from local connector
2016-04-06 11:30:08 -07:00
Eric Chiang
553e7d0167 server: add refresh token revocation API to server 2016-04-06 11:29:51 -07:00
Eric Chiang
ac73d3cdf2 *: load password infos from users file in no-db mode not connectors
In --no-db mode, load passwords from the users file instead of the
connectors file. This allows us to remove the password infos field
from the local connector and stop loading them during connector
registration, a case that was causing panics when using a real
database (see #286).

Fixes #286
Closes #340
2016-04-06 11:15:05 -07:00
Eric Chiang
b10645f58d *: add client registration endpoint to admin API 2016-04-05 11:37:26 -07:00
Eric Chiang
6120f7ac05 *: add isAdmin option to client repo when creating a client 2016-04-05 11:29:58 -07:00
Rubén Soleto Buenvarón
821b242c83 Fix response_type missing param
This commit fix problem with response_type param, which is required according to OIDC spec, when it is missing.
 At now, when connector_id url query param is not set, connector view use response_type that client request instead of default "code".

Fixes #370
2016-03-17 08:00:49 +01:00
Eric Chiang
1dd831700d Merge pull request #348 from ericchiang/db_health
server: add db heatlh checker to server checkers
2016-03-14 13:17:19 -07:00
Eric Chiang
c3aa6a1ee3 server: correctly decode oauth2 basic auth credentials
Fixes #336
2016-03-02 21:31:54 -08:00
Eric Chiang
c92aae647c Merge pull request #331 from Tecsisa/184-resend-email-invitation
add support for resend an invite email
2016-03-02 16:53:17 -08:00
Eric Chiang
60b843e78b Merge pull request #339 from ericchiang/case_insensitive_emails
db: email comparison should be case insensitive
2016-03-02 16:51:47 -08:00
Eric Chiang
01a24542e9 *: fix tests that care about email case sensitivity 2016-03-01 14:09:10 -08:00
Eric Chiang
3f4a42eefd *: remove unused code
This change has no functional changes, it only removes dead code.
2016-02-29 11:29:36 -08:00
Eric Chiang
067ccee145 server: add db heatlh checker to server checkers 2016-02-29 11:27:17 -08:00
Rubén Soleto Buenvarón
8156870862 add support for resend an invite email
This change solves the User's API problem when you want to create an user that its email hasn't been verified yet but it exist.
At now, you can resend invitation email using endpoint /users/{id}/resend-invitation

Fixes #184
2016-02-26 09:55:28 +01:00
Eric Chiang
07af73f367 *: don't allow sqlite3 if --no-db flag not specified 2016-02-12 13:19:05 -08:00
Eric Chiang
3b125d6073 *: fix --no-db client decoding 2016-02-12 13:19:05 -08:00
Eric Chiang
dcf5835189 *: remove in memory connector config repo 2016-02-12 13:19:05 -08:00
Eric Chiang
b572b8dd6c *: remove in memory client repo
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.

A lot of this commit is fixing those tests.
2016-02-12 13:19:05 -08:00
Eric Chiang
72d1ecab64 *: remove in memory password info repo 2016-02-12 13:19:05 -08:00
Eric Chiang
2726f4dcdf *: remove in memory user repo 2016-02-12 13:19:05 -08:00
Eric Chiang
95560404a3 *: remove in memory refresh repo 2016-02-12 13:19:05 -08:00
Eric Chiang
7bac93aa20 *: remove in memory session repos
Move manager to it's own package so it can import db. Move all
references to the in memory session repos to use sqlite3.
2016-02-12 13:19:05 -08:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
04cd1851aa server: add dynamic client registration 2016-02-01 16:06:46 -08:00
Frode Nordahl
5d284e08ae Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302)
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the
project. However, the endpoints redirected to explicitly expects
the client to make a GET request.

If a HTTP client issues a POST request to a server and receives a
HTTP 307 redirect, it forwards the POST request to the new URL.

When using 302 the HTTP client will issue a GET request.

Fixes #287
2016-01-23 22:33:53 +01:00
bobbyrullo
789d9a68cc Merge pull request #282 from ericchiang/fix_token_test
server: fix reset password test
2016-01-20 14:35:46 -08:00
Eric Chiang
4da143ca2d server: fix reset password test
TestResetPasswordHandler depended on makeToken begin called twice
during the initialization of a single test case and later assuming
the result would match. Because the token has a timestamp accurate
to the second, occasionally the timestamps would be slightly off
within a single test case and cause the test to fail.

Adding a sleep statement to makeToken would cause the test to fail
reliably.

Define a single token for each test case outside of the struct
initializer so test cases compare the same token.

Closes #274

Additionally remove logging statements that dump entire HTML pages.
2016-01-19 19:45:16 -08:00
Eric Chiang
6b4aa88306 Merge pull request #280 from ericchiang/user_api
*: move user API auth to middleware and fix return status
2016-01-19 15:52:11 -08:00
Eric Chiang
0ada4c8010 *: move user API auth to middleware and fix return status
Move client authentication into its own middleware and provide
differentiation between HTTP requests that do not provide
credentials (401) and requests that authenticate as a non-admin
user (403).

Closes #152
2016-01-19 13:49:01 -08:00