Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Packages Projects Releases Wiki Activity
1597 commits 27 branches 73 tags 23 MiB
Commit graph

260 commits

Author SHA1 Message Date
Bernd Eckstein f6cd778b60 Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow 
* fixed name collision (renamed hash->hashFunc)

Signed-off-by: Bernd Eckstein <Bernd.Eckstein@faro.com>
 2020-07-31 12:06:19 +02:00
justin-slowik 9a7926c19b Cleaned up Device Flow test log levels 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>

Remove extraneous "=" from conformance.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Additional test for TestHandleDeviceCode

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-21 16:01:08 -04:00
justin-slowik 334ecf0482 Fixes based on PR comments. 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-14 10:13:37 -04:00
justin-slowik 1404477326 Updates based on dexidp pr 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:06 -04:00
justin-slowik f91f294385 gofmt 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:06 -04:00
justin-slowik 9882ea453f better support for /device/callback redirect uris with public clients. 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:06 -04:00
Justin Slowik 9c699b1028 Server integration test for Device Flow (#3) 
Extracted test cases from OAuth2Code flow tests to reuse in device flow

deviceHandler unit tests to test specific device endpoints

Include client secret as an optional parameter for standards compliance

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik 9bbdc721d5 Device flow token code exchange (#2) 
* Added /device/token handler with associated business logic and storage tests.

Perform user code exchange, flag the device code as complete.

Moved device handler code into its own file for cleanliness.  Cleanup

* Removed PKCE code

* Rate limiting for /device/token endpoint based on ietf standards

* Configurable Device expiry

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik 0d1a0e4129 Device token api endpoint (#1) 
* Added /device/token handler with associated business logic and storage tests.

* Use crypto rand for user code

Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
Justin Slowik 6d343e059b Generates/Stores the device request and returns the device and user codes. 
Signed-off-by: justin-slowik <justin.slowik@thermofisher.com>
 2020-07-08 16:25:05 -04:00
m.nabokikh 70505b258d Fix templates with asset paths that point to external URL 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2020-07-06 12:02:39 +04:00
Mark Sagi-Kazar e84682d7b9
Add v2 api module 2020-07-01 14:20:57 +02:00
Márk Sági-Kazár 2ca992e9b3
Merge pull request #1721 from candlerb/fix-token-comment 
Fix comment for implicit flow
 2020-05-31 21:54:31 +02:00
techknowlogick 0a9f56527e
Add Gitea connector (#1715) 
* Add Gitea connector

* Add details to readme

* resolve lint issue
 2020-05-26 13:54:40 +02:00
Brian Candler d2c9305e0f Fix comment for implicit flow 2020-05-21 12:00:53 +01:00
Tadeusz Magura-Witkowski 7b7e2a040d Automatic consistency fixing in case of missing refresh token in db 2020-03-25 13:43:53 +01:00
Kyle Larose ab5ea03025
handlers: do not fail login if refresh token gone 
There is a chance that offline storage could fall out of sync with the
refresh token tables. One example is if dex crashes/is stopped in the
middle of handling a login request. If the old refresh token associated
with the offline session is deleted, and then the process stops, the
offline session will still refer to the old token.

Unfortunately, if this case occurs, there is no way to recover from it,
since further logins will be halted due to dex being unable to clean up
the old tokens till referenced in the offline session: the database is
essentially corrupted.

There doesn't seem to be a good reason to fail the auth request if the
old refresh token is gone. This changes the logic in `handleAuthCode` to
not fail the entire transaction if the old refresh token could not be
deleted because it was not present. This has the effect of installing
the new refresh token, and unpdating the offline storage, thereby fixing
the issue, however it occured.
 2020-03-18 12:56:37 -04:00
Nándor István Krácser b7cf701032
Merge pull request #1515 from flant/atlassian-crowd-connector 
new connector for Atlassian Crowd
 2020-02-24 10:09:27 +01:00
Nándor István Krácser 1160649c31
Merge pull request #1621 from concourse/pr/passowrd-grant-synced 
Rework - add support for Resource Owner Password Credentials Grant
 2020-02-20 08:27:50 +01:00
Ivan Mikheykin 7ef1179e75 feat: connector for Atlassian Crowd 2020-02-05 12:40:49 +04:00
Joshua Winters 76825fef8f Make logger and prometheus optional in server config 
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
 2020-01-13 15:28:41 -05:00
Rui Yang 0f9a74f1d0 Remove uneccesary client verification 2020-01-10 14:52:57 -05:00
Zach Brown 13be146d2a Add support for password grant #926 2020-01-10 13:18:09 -05:00
Nándor István Krácser 6318c105ec
Merge pull request #1599 from sabre1041/openshift-connector 
OpenShift connector
 2020-01-01 12:55:11 +01:00
Márk Sági-Kazár 789272a0c1
Merge pull request #1576 from flant/icons-proposal 
Pick icons on login screen by connector type instead of ID
 2019-12-23 13:05:19 +01:00
m.nabokikh 058e72ef50 Pick icons on login screen by connector type instead of ID 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2019-12-23 12:38:22 +04:00
Andrew Block 92e63771ac
Added OpenShift connector 2019-12-22 02:27:09 -05:00
Mark Sagi-Kazar 050d5af937
Fix ineffassign 2019-12-18 16:07:06 +01:00
Mark Sagi-Kazar 65c77e9db2
Fix bodyclose 2019-12-18 16:04:03 +01:00
Mark Sagi-Kazar f141f2133b
Fix whitespace 2019-12-18 15:56:12 +01:00
Mark Sagi-Kazar 9bd5ae5197
Fix goimports 2019-12-18 15:53:34 +01:00
Mark Sagi-Kazar 367b187cf4
Fix missspell 2019-12-18 15:51:44 +01:00
Mark Sagi-Kazar 8c3dc0ca66
Remove unused code (fixed: unused, structcheck, deadcode linters) 2019-12-18 15:46:49 +01:00
Joel Speed 97ffa21262
Create separate Google connector 2019-11-19 17:12:36 +00:00
Joel Speed c4e96dda32
Fix migration of old connector data 2019-11-19 15:43:23 +00:00
Joel Speed d9095073c8
Unindent session updates on finalizeLogin 2019-11-19 15:43:22 +00:00
Joel Speed 19ad7daa7f
Use old ConnectorData before session.ConnectorData 2019-11-19 15:43:19 +00:00
Joel Speed 176ba709a4
Revert "Remove connectordata from other structs" 
This reverts commit 27f33516db343bd79b56a47ecef0fe514a35082d.
 2019-11-19 15:43:14 +00:00
Joel Speed 4076eed17b
Build opts based on scope 2019-11-19 15:43:11 +00:00
Joel Speed 5c88713177
Remove connectordata from other structs 2019-11-19 15:43:03 +00:00
Joel Speed 0352258093
Update handleRefreshToken logic 2019-11-19 15:43:01 +00:00
Joel Speed 575c792156
Store most recent refresh token in offline sessions 2019-11-19 15:40:56 +00:00
serhiimakogon b793afd375 preferred_username claim added on refresh token 2019-11-19 16:27:34 +02:00
Nándor István Krácser 0b55f121b4
Fix missing email in log message 
Co-Authored-By: Felix Fontein <ff@dybuster.com>
 2019-10-30 13:13:33 +01:00
Nandor Kracser c1b421fa04 add preffered_username to idToken 
Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
 2019-10-30 13:06:37 +01:00
Yannis Zarkadas 27944d4f8f templates: add new relativeURL function 
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
 2019-10-02 17:08:06 +03:00
Yannis Zarkadas 839130f01c handlers: change all handlers to pass down http request 
Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
 2019-10-02 17:08:06 +03:00
Stephan Renatus c854e760db
Merge pull request #1539 from erwinvaneyk/replace-context-import 
Replace x/net/context with stdlib context
 2019-08-31 17:52:18 +02:00
erwinvaneyk 3e2217b3f4 Replace x/net/context with context of stdlib 2019-08-30 11:52:46 +02:00
Nandor Kracser bd61535cb6 connector/ldap: display login error 2019-08-22 15:55:05 +02:00
Stephan Renatus e1afe771cb
Merge pull request #1505 from MarcDufresne/show-login-page 
Add option to always display connector selection even if there's only one
 2019-08-07 09:23:42 +02:00
Stephan Renatus 89e43c198b
Merge pull request #1504 from MarcDufresne/template-custom-data 
Allow arbitrary data to be passed to templates
 2019-08-07 09:19:14 +02:00
Marc-André Dufresne 0dbb642f2c
Add option to always display connector selection even if there's only one 2019-08-06 13:18:46 -04:00
Marc-André Dufresne d458e882aa
Allow arbitrary data to be passed to templates 2019-08-06 13:14:53 -04:00
Mike O 43d1a044bd Add tests for some callback handler error conditions 2019-08-05 16:02:28 -07:00
Mike O d03a43335e Return HTTP 400 for invalid state parameter 2019-08-01 16:22:53 -07:00
Stephan Renatus 291cd9e01c
regenerate protobuf code 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-31 08:16:18 +02:00
Stephan Renatus 231e571c3c
server/api: fix logging in VerifyPassword 
Before:

    msg="api: password check failed : %vcrypto/bcrypt: hashedPassword is not the hash of the given password"

After:

    msg="api: password check failed : crypto/bcrypt: hashedPassword is not the hash of the given password"

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-30 14:53:33 +02:00
Stephan Renatus d9487e553b
*: fix some lint issues 
Mostly gathered these using golangci-lint's deadcode and ineffassign
linters.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-30 11:29:08 +02:00
Stephan Renatus 8561a66365
server/{handler,oauth2}: cleanup error returns 
Now, we'll return a standard error, and have the caller act upon this
being an instance of authErr.

Also changes the storage.AuthRequest return to a pointer, and returns
nil in error cases.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2019-07-25 13:40:06 +02:00
Stephan Renatus 421c26fdf5
Merge pull request #1481 from LanceH/master 
Added "connector_id" to skip straight to a connector (similar to when len(connector) is 1.
 2019-07-23 11:31:25 +02:00
LanceH 07a77e0dac Use connector_id param to skip directly to a specific connector 2019-07-22 10:47:11 -05:00
Tyler Cloke dd84e73c0e Add VerifyPassword to API 
It takes in an email and plain text password to verify. If it fails to find a password stored for email, it returns not_found. If it finds the password hash stored but that hash doesn't match the password passed via the API, it returns verified = false, else it returns verified = true.

Co-authored-by: Alban Seurat <alban.seurat@me.com>
 2019-07-22 10:23:07 +02:00
Andy Lindeman 5b66bf05c8 Fixed shadowed variable declaration 2019-06-27 19:12:18 -04:00
Andy Lindeman 59b6595c37 userinfo_endpoint is required 2019-06-25 12:17:03 -04:00
Andy Lindeman 8959dc4275 ctx is not used 2019-06-24 09:43:12 -04:00
Andy Lindeman 21174c06a1 Remove comment 
We have a story around user info now
 2019-06-24 09:42:46 -04:00
Andy Lindeman 840065faaf Assert something about the returned userinfo 2019-06-24 09:39:54 -04:00
Andy Lindeman 46f5726d11 Use oidc.Verifier to verify tokens 2019-06-22 13:18:35 -04:00
Andy Lindeman 157c359f3e Bump go-oidc to latest v2 2019-06-20 12:27:47 -04:00
mdbraber 3dd1bac821 Fix comments 2019-06-05 22:14:31 +02:00
Maarten den Braber 74f4e749b9 Formatting 2019-06-05 22:14:31 +02:00
Maarten den Braber d7750b1e26 Fix changes 2019-06-05 22:14:31 +02:00
Maarten den Braber a8d059a237 Add userinfo endpoint 
Co-authored-by: Yuxing Li <360983+jackielii@users.noreply.github.com>
Co-authored-by: Francisco Santiago <1737357+fjbsantiago@users.noreply.github.com>
 2019-06-05 22:11:21 +02:00
Eric Chiang cd3c6983da
Merge pull request #1429 from tsuna/master 
server: add metrics for CORS handlers.
 2019-05-12 10:40:23 -07:00
Tomas Barton 55cebd58a8
print appropriate error 2019-05-03 14:19:54 +02:00
Benoit Sigoure d6ad67a6de server: add metrics for CORS handlers. 2019-04-19 14:32:52 -07:00
Mark Sagi-Kazar 06521ffa49
Remove the logrus logger wrapper 2019-02-22 21:31:46 +01:00
Mark Sagi-Kazar d1c8f8d095
Remove structured logging from the logger interface 2019-02-22 21:26:30 +01:00
Mark Sagi-Kazar be581fa7ff
Add logger interface and stop relying on Logrus directly 2019-02-22 13:38:57 +01:00
Eric Chiang 8935a1479c server: update health check endpoint to query storage periodically 
Instead of querying the storage every time a health check is performed
query it periodically and save the result.
 2019-02-04 19:02:41 +00:00
joannano 88d1e2b041 keystone: test cases, refactoring and cleanup 2019-01-11 15:14:56 +01:00
Krzysztof Balka a965365a2b keystone: refresh token and groups 2019-01-11 15:14:11 +01:00
knangia 0774a89066 keystone: squashed changes from knangia/dex 2019-01-11 15:12:59 +01:00
Haines Chan b78b8aeee0 Replace "GET", "POST" to http.MethodGet and http.MethodPost 2018-12-27 16:27:36 +08:00
Maximilian Gaß 468c74d1d2 Make expiry of auth requests configurable 2018-12-13 11:50:34 +01:00
Stephan Renatus f3acec0b1b
Merge pull request #1275 from ccojocar/client-update-api 
Extend the API with a function which updates the client configuration
 2018-11-27 11:47:16 +01:00
Cosmin Cojocar 01c6b9dd91 Remove the 'public' field from UpdateClientReq proto message 2018-11-26 19:07:59 +01:00
Alexander Matyushentsev ff8b44558e Issue #1263 - Render error message provided by connector if user authentication failed 2018-11-13 15:44:28 -08:00
Cosmin Cojocar 281ec27118 Update also to a list of empty redirect URIs and Peers 2018-11-13 09:59:45 +01:00
Cosmin Cojocar 9d1ec6c36b Revert "Avoid overwriting exiting redirect URI and trusted peers when updating the client" 
This reverts commit 49fa5ee6e8.
 2018-11-13 09:58:17 +01:00
Cosmin Cojocar 49fa5ee6e8 Avoid overwriting exiting redirect URI and trusted peers when updating the client 
Also skip configure the Public field.
 2018-11-12 21:48:14 +01:00
Cosmin Cojocar c9b18b2785 Add tests for UpateClient API 2018-11-12 18:43:48 +01:00
Cosmin Cojocar 9926a0dced Extend the API with a function which updates the client configuration 2018-11-12 17:33:06 +01:00
Stephan Renatus e1acb6d577
Merge pull request #1307 from edtan/upstream-add-bitbucket-connector 
Add Bitbucket connector
 2018-10-12 09:02:21 +02:00
Danny Sauer 74bfbcefbc
minor spelling correction 2018-10-09 15:57:37 -05:00
Ed Tan d26e23c16f Make suggested code changes 2018-10-05 10:43:49 -04:00
Ed Tan 8c75d85b60 Add Bitbucket connector 2018-09-30 15:08:07 -04:00
Stephan Renatus b9f6594bf0 *: github.com/coreos/dex -> github.com/dexidp/dex 
Signed-off-by: Stephan Renatus <srenatus@chef.io>
 2018-09-05 17:57:08 +02:00
Eric Chiang 01d63b086f
Merge pull request #1176 from vyshane/master 
New id_provider scope that adds the connector ID and user ID to the ID token claims
 2018-02-03 11:47:42 -08:00