Commit graph

505 commits

Author SHA1 Message Date
Frode Nordahl
508c24b10e Get DN from entry, not entryDN attribute
Not all LDAP servers have entryDN available as an attribute. Reading up on
https://tools.ietf.org/html/rfc5020 tells me that entryDN is intended for
making the DN available for attribute value assertions. Thus it is not
mandatory for a LDAP server to make it available as an retrievable
attribute.

The DN is always a part of the entry returned in a search result, just use
it.

Fixes #314
2016-02-14 09:33:38 +01:00
Eric Chiang
1658e86b2a *: fix govet warnings 2016-02-12 13:19:05 -08:00
Eric Chiang
07236da1e7 *: use go install instead of go build in build script
go-sqlite3 takes a long time to compile, so it's very important
to cache a build rather than re-compile every time.

Use go install instead of go build in the build script to cache
all packages. Print a warning in the test script if cached packages
are not found.
2016-02-12 13:19:05 -08:00
Eric Chiang
07af73f367 *: don't allow sqlite3 if --no-db flag not specified 2016-02-12 13:19:05 -08:00
Eric Chiang
3b125d6073 *: fix --no-db client decoding 2016-02-12 13:19:05 -08:00
Eric Chiang
dcf5835189 *: remove in memory connector config repo 2016-02-12 13:19:05 -08:00
Eric Chiang
b572b8dd6c *: remove in memory client repo
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.

A lot of this commit is fixing those tests.
2016-02-12 13:19:05 -08:00
Eric Chiang
72d1ecab64 *: remove in memory password info repo 2016-02-12 13:19:05 -08:00
Eric Chiang
2726f4dcdf *: remove in memory user repo 2016-02-12 13:19:05 -08:00
Eric Chiang
95560404a3 *: remove in memory refresh repo 2016-02-12 13:19:05 -08:00
Eric Chiang
7bac93aa20 *: remove in memory session repos
Move manager to it's own package so it can import db. Move all
references to the in memory session repos to use sqlite3.
2016-02-12 13:19:05 -08:00
Eric Chiang
5052d8007f functional: clean up functional tests
Adjust logic and remove panics from functional tests.
2016-02-12 13:19:05 -08:00
Eric Chiang
bfd63b7514 db: add sqlite3 support 2016-02-12 13:19:05 -08:00
Eric Chiang
8f16279f49 Godeps: add sqlite3 2016-02-12 13:19:05 -08:00
Eric Chiang
cd72a1f69f Merge pull request #178 from fnordahl/ldap_connector
connector: add LDAP connector
2016-02-12 11:30:21 -08:00
Frode Nordahl
4d970d5fc4 connector: add LDAP connector
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.

Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.

This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.

Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).

To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go

Fixes #119
2016-02-11 18:30:16 +01:00
Frode Nordahl
bb53e5bb81 Godeps: add ldap and asn1-ber library 2016-02-11 18:30:15 +01:00
Eric Chiang
8bfe5d92fc Merge pull request #307 from ericchiang/google_group
README: add note about roadmap and google group
2016-02-10 14:21:53 -08:00
Eric Chiang
9dd1c4bb41 README: add note about roadmap and google group
Closes #297
2016-02-10 09:52:05 -08:00
Eric Chiang
907f536e74 Merge pull request #273 from ericchiang/version
cmd: add version to command worker and overlord, print go version
2016-02-05 09:30:48 -08:00
Eric Chiang
232a6103f9 Merge pull request #285 from ericchiang/api_docs
add generated documentation for APIs
2016-02-01 16:26:05 -08:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
e6963f078a schema: regenerate schemas with markdown documentation 2016-02-01 16:09:39 -08:00
Eric Chiang
c7ed4fdd60 pkg,cmd: add document generator tool 2016-02-01 16:09:23 -08:00
Eric Chiang
04cd1851aa server: add dynamic client registration 2016-02-01 16:06:46 -08:00
Eric Chiang
0ceecbaa72 Merge pull request #271 from ericchiang/proposals
Documentation: move proposals to their own sub directory
2016-02-01 11:32:22 -08:00
Eric Chiang
5961122c80 Merge pull request #291 from Tecsisa/admintest
admin: tests do not compile (Fixes #257)
2016-01-28 09:34:32 -08:00
miguelcubillo
4c7fc43296 admin: Fix compile errors in test script
includes admin in the test script and fix the api_test compile errors

Fixes #257
2016-01-27 09:21:58 +01:00
Eric Chiang
c7606ae320 Merge pull request #296 from set321go/master
worker start command missing registration and emailer config.
2016-01-26 20:46:20 -08:00
Alex Edwards
4741017055 worker start command missing registration and emailer config. exported as env variables like other properties. 2016-01-26 20:40:50 -08:00
Eric Chiang
1bc004e5b3 Merge pull request #294 from ericchiang/db_url_flag
Documentation: fix --db-url flag
2016-01-26 17:53:12 -08:00
Eric Chiang
7b32d9e4ee Documentation: fix --db-url flag
As was noted in #293 --db-url must take two slashs, not one.
2016-01-26 17:30:01 -08:00
Eric Chiang
6bcdbd2660 Merge pull request #293 from set321go/master
Fixed db-url flag in standup-db.sh
2016-01-26 17:28:52 -08:00
Alex Edwards
f6361f67fe fixed -db-url flag as it now requires two dashes --db-url 2016-01-26 17:18:52 -08:00
Eric Chiang
a3f26be501 Merge pull request #289 from ericchiang/godeps
Documentation: add section about using godeps
2016-01-25 20:38:52 -08:00
Eric Chiang
75a5362d46 Documentation: add section about using godeps 2016-01-25 20:17:34 -08:00
Eric Chiang
26fa124efd Merge pull request #288 from fnordahl/change-to-status-found
Change status code used for redirects from StatusTemporaryRedirect (3…
2016-01-23 16:46:32 -08:00
Frode Nordahl
5d284e08ae Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302)
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the
project. However, the endpoints redirected to explicitly expects
the client to make a GET request.

If a HTTP client issues a POST request to a server and receives a
HTTP 307 redirect, it forwards the POST request to the new URL.

When using 302 the HTTP client will issue a GET request.

Fixes #287
2016-01-23 22:33:53 +01:00
bobbyrullo
789d9a68cc Merge pull request #282 from ericchiang/fix_token_test
server: fix reset password test
2016-01-20 14:35:46 -08:00
Eric Chiang
849f737095 Merge pull request #283 from coreos/quote-build-docker-push
travis: quote cwd build-docker-push script
2016-01-20 09:09:06 -08:00
Dalton Hubble
4b9afb84d6 travis: Quote cwd build-docker-push script 2016-01-20 00:41:40 -08:00
Eric Chiang
4da143ca2d server: fix reset password test
TestResetPasswordHandler depended on makeToken begin called twice
during the initialization of a single test case and later assuming
the result would match. Because the token has a timestamp accurate
to the second, occasionally the timestamps would be slightly off
within a single test case and cause the test to fail.

Adding a sleep statement to makeToken would cause the test to fail
reliably.

Define a single token for each test case outside of the struct
initializer so test cases compare the same token.

Closes #274

Additionally remove logging statements that dump entire HTML pages.
2016-01-19 19:45:16 -08:00
Eric Chiang
6b4aa88306 Merge pull request #280 from ericchiang/user_api
*: move user API auth to middleware and fix return status
2016-01-19 15:52:11 -08:00
Eric Chiang
0ada4c8010 *: move user API auth to middleware and fix return status
Move client authentication into its own middleware and provide
differentiation between HTTP requests that do not provide
credentials (401) and requests that authenticate as a non-admin
user (403).

Closes #152
2016-01-19 13:49:01 -08:00
Eric Chiang
ace8253c82 Merge pull request #279 from dghubble/master
travis: Change from after_success script to travis deploy
2016-01-19 11:41:42 -08:00
Dalton Hubble
cf0c2afa4c travis: Change from after_success script to travis deploy 2016-01-19 11:22:46 -08:00
bobbyrullo
bfe53e0b03 Merge pull request #275 from ericchiang/decode_err
db: log ignored base64 decode error
2016-01-19 09:35:55 -08:00
bobbyrullo
67c1bd6aee Merge pull request #277 from ericchiang/cmd_stdin
*: allow dexctl set-connector-configs to read from stdin
2016-01-19 09:34:33 -08:00
Eric Chiang
ec3bc7f258 *: allow dexctl set-connector-configs to read from stdin
Closes #276
2016-01-19 08:59:34 -08:00
Eric Chiang
d255007ed9 db: log ignored base64 decode error
Closes #270
2016-01-15 15:31:46 -08:00