Commit graph

1597 commits

Author SHA1 Message Date
Rui Yang
ecea593ddd fix a bug in hash comparison function
the client secret coming in should be hashed and the one in storage
is the one in plaintext

Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-05-14 13:32:27 -04:00
Rui Yang
d658c24e8f add dex config flag for enabling client secret encryption
* if enabled, it will make sure client secret is bcrypted correctly
* if not, it falls back to old behaviour that allowing empty client
secret and comparing plain text, though now it will do
ConstantTimeCompare to avoid a timing attack.

So in either way it should provide more secure of client secret
verification.

Co-authored-by: Alex Surraci <suraci.alex@gmail.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-03-20 20:05:56 +00:00
Josh Winters
ec6f3a2f19 use bcrypt when comparing client secrets
- this assumes that the client is already bcrytped
when passed to dex. Similar to user passwords.

Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Vikram Yadav <vyadav@pivotal.io>
2021-03-20 20:05:56 +00:00
Márk Sági-Kazár
a1adf86e53
Merge pull request #2053 from dexidp/fix-gomplate-slim
fix: stop using slim version of gomplate
2021-03-20 13:59:51 +01:00
Mark Sagi-Kazar
27dfbc0344
fix: stop using slim version of gomplate
See hairyhenderson/gomplate#1085

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-20 13:23:46 +01:00
dependabot[bot]
83ad7bc4e3
Merge pull request #2037 from dexidp/dependabot/docker/golang-1.16.2-alpine3.13 2021-03-12 08:49:06 +00:00
dependabot[bot]
8fee3cd212
build(deps): bump golang from 1.16.1-alpine3.13 to 1.16.2-alpine3.13
Bumps golang from 1.16.1-alpine3.13 to 1.16.2-alpine3.13.

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-12 06:42:23 +00:00
dependabot[bot]
dab9f98a15
Merge pull request #2035 from dexidp/dependabot/docker/golang-1.16.1-alpine3.13 2021-03-11 07:13:08 +00:00
dependabot[bot]
d93a238a42
build(deps): bump golang from 1.16.0-alpine3.13 to 1.16.1-alpine3.13
Bumps golang from 1.16.0-alpine3.13 to 1.16.1-alpine3.13.

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-11 06:50:39 +00:00
Márk Sági-Kazár
3ae53f7434
Make OpenShift an alpha connector
I'm not sure why this was ever marked as stable.
2021-03-10 16:12:05 +01:00
dependabot[bot]
b9ff4dd9ae
Merge pull request #2032 from dexidp/dependabot/go_modules/github.com/sirupsen/logrus-1.8.1 2021-03-10 11:47:37 +00:00
dependabot[bot]
04b2f655e6
build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.0...v1.8.1)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-10 07:07:37 +00:00
dependabot[bot]
72d11017ce
Merge pull request #2030 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.0 2021-03-08 12:01:20 +00:00
dependabot[bot]
08647537e2
Bump github.com/lib/pq from 1.9.0 to 1.10.0
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.9.0...v1.10.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-08 08:02:20 +00:00
Márk Sági-Kazár
f7d1405cfd
Merge pull request #2019 from dexidp/refactor-run-groups
Refactor run groups
2021-02-25 14:36:01 +01:00
Mark Sagi-Kazar
24a1103f11
refactor: rename gr to group
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-25 12:33:19 +01:00
Mark Sagi-Kazar
9cffca70f2
refactor: relocate run group initialization
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-25 12:32:28 +01:00
Márk Sági-Kazár
3c5a631ce3
Merge pull request #2009 from flant/skip-ldap-tests
fix: do not run LDAP tests locally by default
2021-02-20 23:33:31 +01:00
Márk Sági-Kazár
c73057f93d
Merge pull request #2006 from flant/update-kubernetes-section-in-readme
chore: update Kubernetes section in README
2021-02-20 23:33:20 +01:00
m.nabokikh
84a07a7805 Do not run LDAP tests if DEX_LDAP_HOST is not set
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-20 17:05:41 +04:00
m.nabokikh
796d4c1e6b Remove tectonic links from the README
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-20 16:59:37 +04:00
dependabot[bot]
c166257cf4
Merge pull request #2007 from dexidp/dependabot/docker/alpine-3.13.2 2021-02-20 12:30:25 +00:00
dependabot[bot]
ff60ac0c4f
Merge pull request #2008 from dexidp/dependabot/go_modules/github.com/sirupsen/logrus-1.8.0 2021-02-20 12:30:11 +00:00
m.nabokikh
1f2771b57e fix: do not run LDAP tests locally by default
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-20 12:55:52 +04:00
Steffen Pøhner Henriksen
0f68fadb9a
Allow public clients created with API to have no client_secret (#1871)
Signed-off-by: Steffen Pøhner Henriksen <str3sses@gmail.com>
2021-02-19 10:18:54 +01:00
dependabot[bot]
b4238886b3
chore(deps): bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.7.1 to 1.8.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.7.1...v1.8.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-18 06:51:32 +00:00
dependabot[bot]
9162eace7a
chore(deps): bump alpine from 3.13.1 to 3.13.2
Bumps alpine from 3.13.1 to 3.13.2.

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-18 06:48:45 +00:00
m.nabokikh
df86a1faca chore: update Kubernetes section in README
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-18 08:14:43 +04:00
dependabot[bot]
86ea49173c
Merge pull request #2002 from dexidp/dependabot/go_modules/github.com/sirupsen/logrus-1.7.1 2021-02-17 09:38:46 +00:00
Márk Sági-Kazár
08a10b063f
Merge pull request #2003 from dexidp/go1.16
Upgrade Go to 1.16
2021-02-17 10:37:56 +01:00
Mark Sagi-Kazar
809ccaf4da
build: upgrade Go to 1.16
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-17 10:18:26 +01:00
dependabot[bot]
02cf3db178
chore(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.7.0 to 1.7.1.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.7.0...v1.7.1)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-17 06:51:31 +00:00
Joel Speed
95d8a0cccb
Merge pull request #1997 from dexidp/rewrite-ldap-tests
Rewrite LDAP tests to use a single server instance
2021-02-15 18:16:14 +00:00
Mark Sagi-Kazar
6f70272bc3
test(connector/ldap): remove ldap test gate
Now that the ldap tests don't create containers on the fly
they can run the same way as other integration tests.

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-15 16:46:43 +01:00
Mark Sagi-Kazar
f11db50369
test(connector/ldap): rewrite tests to use a single server instance
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-15 16:37:03 +01:00
dependabot[bot]
447841f513
Merge pull request #1986 from dexidp/dependabot/go_modules/github.com/spf13/cobra-1.1.3 2021-02-15 10:10:51 +00:00
Márk Sági-Kazár
39cb542cc3
Merge pull request #1996 from justaugustus/update-email
MAINTAINERS: Update email address for Stephen Augustus
2021-02-15 11:10:05 +01:00
dependabot[bot]
ee10373993
chore(deps): bump github.com/spf13/cobra from 1.1.1 to 1.1.3
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.1.1 to 1.1.3.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v1.1.1...v1.1.3)

Signed-off-by: dependabot[bot] <support@github.com>
2021-02-15 09:06:38 +00:00
Stephen Augustus
71351b1f47 MAINTAINERS: Update email address for Stephen Augustus
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2021-02-15 03:51:45 -05:00
Márk Sági-Kazár
ce8b05b0be
Merge pull request #1991 from flant/close-storage
fix: close storage on shutdown
2021-02-13 07:53:58 +01:00
m.nabokikh
87ebbaf834 fix: close storage on shutdown
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-12 22:31:13 +04:00
Márk Sági-Kazár
a8c7ed9f67
Merge pull request #1989 from candlerb/candlerb/1732
Improve "Grant Access" template when client requests only openid scope
2021-02-12 00:54:09 +01:00
Brian Candler
aa615c04c9 Improve "Grant Access" template when client requests only openid scope
Fixes #1732

Signed-off-by: Brian Candler <b.candler@pobox.com>
2021-02-11 17:35:40 +00:00
Márk Sági-Kazár
35cd09d481
Merge pull request #1980 from dexidp/refactor-health-checks
Refactor health checks
2021-02-11 13:16:07 +01:00
Mark Sagi-Kazar
7da0a89936
refactor: remove unused health checker
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-11 01:29:27 +01:00
Mark Sagi-Kazar
316da70545
refactor: use new health checker
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-11 01:29:25 +01:00
Mark Sagi-Kazar
d77147f7cf
refactor: fix router variable name
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-11 00:13:47 +01:00
Mark Sagi-Kazar
024f69b2c7
feat: add health check to telemetry server
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-02-11 00:13:07 +01:00
Márk Sági-Kazár
10597cf09f
Merge pull request #1893 from flant/add-dockerize
feat: Add gomplate to the docker image
2021-02-10 20:06:45 +01:00
m.nabokikh
715fee7a01 Switch to slim version of a gomplate and add a comment to docker config
Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com>
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-02-10 19:44:05 +04:00