11d4d78d6b
Merge pull request #850 from ericchiang/cherry-pick-where-statement
...
storage/sql: add missing WHERE statement to refresh token update (cherry pick)
2017-03-13 17:00:09 -07:00
5586a3c1fd
storage/sql: add missing WHERE statement to refresh token update
2017-03-13 16:56:32 -07:00
29af9b4c75
Merge pull request #830 from ericchiang/cherry-pick-expiry-fix
...
server: fix expiry detection for verification keys
2017-03-01 12:51:48 -08:00
5c6ddbb6dc
server: fix expiry detection for verification keys
2017-03-01 12:47:19 -08:00
1bb4edb25c
Merge pull request #824 from rithujohn191/cherry-pick-change
...
storage/kubernetes: fix conflict error detection in TRP creation
2017-02-27 15:24:45 -08:00
0d894e3186
storage/kubernetes: fix conflict error detection in TRP creation
...
PR #815 fixed the Kubernetes storage implementation by correctly
returning storage.ErrAlreadyExists on POST conflicts. This caused a
regression in TPR creation (#822 ) when some, but not all, of the
resources already existed. E.g. for users upgrading from old
versions of dex.
Fixes #822
2017-02-27 14:55:10 -08:00
565805b716
Merge pull request #821 from rithujohn191/cherry-pick
...
storage/kubernetes: fix hash initialization bug
2017-02-24 15:26:24 -08:00
2cfcdfb80f
storage/kubernetes: fix hash initialization bug
2017-02-24 15:16:02 -08:00
f8aec4c1c5
Merge pull request #816 from ericchiang/cherry-pick-k8s-storage-fix
...
storage/kubernetes: fix kubernetes storage conformance test failures
2017-02-23 19:42:42 -08:00
7968f283f2
storage/kubernetes: fix kubernetes storage conformance test failures
2017-02-23 19:34:49 -08:00
af0d9cebd1
Merge pull request #810 from caarlos0/patch-1
...
simplified clone: using go get
2017-02-22 08:38:13 -08:00
f57e19e6ab
simplified clone: using go get
2017-02-22 09:33:01 -03:00
c76832eaea
Merge pull request #809 from rithujohn191/set-error-flag
...
storage: Surface "already exists" errors.
2017-02-21 16:09:48 -08:00
3df1db1864
storage: Surface "already exists" errors.
2017-02-21 15:00:22 -08:00
90c80e700a
Merge pull request #807 from rithujohn191/fix-typo
...
web/static/main.css: fix typo.
2017-02-21 13:30:07 -08:00
0ee40865a2
web/static/main.css: fix typo.
2017-02-20 08:48:36 -08:00
7e9dc836eb
Merge pull request #802 from rithujohn191/token-revocation
...
api: adding a gRPC call for revoking refresh tokens.
2017-02-15 08:43:58 -08:00
1ec19d4fbf
api: adding a gRPC call for revoking refresh tokens.
2017-02-15 07:48:20 -08:00
b119ffddcb
Merge pull request #801 from rithujohn191/token-revocation
...
api: adding a gRPC call for listing refresh tokens.
2017-02-13 18:36:56 -08:00
d201e49248
api: adding a gRPC call for listing refresh tokens.
2017-02-13 16:12:16 -08:00
53e383670a
Merge pull request #793 from rithujohn191/token-revocation
...
storage: Add OfflineSession object to backend storage.
2017-02-09 19:46:00 -08:00
d928ac0677
storage: Add OfflineSession object to backend storage.
2017-02-09 19:01:28 -08:00
49f446c1a7
Merge pull request #800 from ericchiang/server-test-comments
...
server: clean up test comments and code flow
2017-02-07 10:37:32 -08:00
80038847de
server: clean up test comments and code flow
2017-02-07 10:31:51 -08:00
dd415f5e2f
Merge pull request #799 from ericchiang/thirdpartyresources
...
Documentation: warn admins not to edit dex ThirdPartyResources manually
2017-02-06 15:04:40 -08:00
167d7be281
Merge pull request #790 from givia/github-teams-pagination
...
Fixes #706
2017-02-06 11:13:03 -08:00
adf3703962
Documentation: warn admins not to edit dex ThirdPartyResources manually
2017-02-06 10:35:27 -08:00
7f860e09b5
Merge pull request #796 from ericchiang/html-template
...
{web,server}: use html/template and reduce use of auth request ID
2017-02-02 17:33:06 -08:00
72a431dd4b
{web,server}: use html/template and reduce use of auth request ID
...
Switch from using "text/template" to "html/template", which provides
basic XSS preventions. We haven't identified any particular place
where unsanitized user data is rendered to the frontend. This is
just a preventative step.
At the same time, make more templates take pure URL instead of
forming an URL themselves using an "authReqID" argument. This will
help us stop using the auth req ID in certain places, preventing
garbage collection from killing login flows that wait too long at
the login screen.
Also increase the login session window (time between initial
redirect and the user logging in) from 30 minutes to 24 hours,
and display a more helpful error message when the session expires.
How to test:
1. Spin up dex and example with examples/config-dev.yaml.
2. Login through both the password prompt and the direct redirect.
3. Edit examples/config-dev.yaml removing the "connectors" section.
4. Ensure you can still login with a password.
(email/password is "admin@example.com" and "password")
2017-02-02 11:11:00 -08:00
12f969364e
Merge pull request #794 from rithujohn191/saml-doc
...
Documentation: Minor changes to SAML connector doc.
2017-02-02 09:49:00 -08:00
fecd596ae2
Documentation: Minor changes to SAML connector doc.
2017-02-01 11:28:46 -08:00
42d0728048
Merge pull request #785 from holgerkoser/master
...
Improve SAML Signature and Response Validation
2017-02-01 11:14:13 -08:00
27224cdc98
Merge pull request #788 from givia/gitlab-connector
...
connector: add GitLab connecor
2017-02-01 09:39:37 -08:00
e623ad4d35
connector: add GitLab connector
2017-01-28 01:36:02 +03:30
0dcf1bcf79
Merge pull request #792 from ericchiang/auth-endpoint-post
...
server: support POSTing to authorization endpoint
2017-01-27 13:36:02 -08:00
8541184afb
server: support POSTing to authorization endpoint
...
Fixes #791
2017-01-27 11:42:46 -08:00
36883d0bbf
Merge pull request #789 from rithujohn191/token-revocation-proposal
...
Documentation/proposals: Add a proposal for refresh token revocation.
2017-01-27 09:39:13 -08:00
d114b8ffc7
Documentation/proposals: Add a proposal for refresh token revocation.
2017-01-27 09:37:01 -08:00
98bfa4fbb1
Fixes #706
2017-01-27 05:12:58 +03:30
27a1e9f1bd
vendor: revendor
2017-01-26 19:06:54 +01:00
e46f2ebe40
Improve SAML Signature and Response Validation
...
* Improve Order of Namespace Declarations and Attributes in Canonical XML. This is related to an issue in goxmldsig for which I created an [pull request](https://github.com/russellhaering/goxmldsig/pull/17 ).
* Do not compress the AuthnRequest if `HTTP-POST` binding is used.
* SAML Response is valid if the Message and/or the Assertion is signed.
* Add `AssertionConsumerServiceURL` to `AuthnRequest`
* Validate Status on the Response
* Validate Conditions on the Assertion
* Validation SubjectConfirmation on the Subject
2017-01-26 19:05:40 +01:00
48fcf66a35
Merge pull request #783 from rithujohn191/config-validation
...
cmd/dex: make connector name field mandatory in dex configuration.
2017-01-23 17:03:50 -08:00
31e8009441
cmd/dex: make connector name field mandatory in dex configuration.
2017-01-23 15:14:41 -08:00
613d160ad9
Merge pull request #782 from marians/patch-1
...
Docs: Added a name to the LDAP connector
2017-01-23 09:07:24 -08:00
d3f4ae2ab7
Merge pull request #781 from ajohnstone/patch-1
...
Update kubernetes.md - correct typo
2017-01-23 08:52:37 -08:00
38a2e41e0a
Added a name to the connector
...
Without a name, the example app's login form will only show `Log in with` as a button label.
2017-01-23 10:46:29 +01:00
b10c0a1c87
Update kubernetes.md
2017-01-23 06:28:21 +00:00
a3ef8d26bc
Merge pull request #777 from rithujohn191/update-release-doc
...
Documentation: add docs on patch release process.
2017-01-17 14:50:37 -08:00
265cfacd17
Documentation: add docs on patch release process.
2017-01-17 11:49:09 -08:00
fe93f60af4
Merge pull request #775 from xeonx/master
...
Allow CORS on keys and token endpoints
2017-01-17 10:48:06 -08:00
rithu leena john
Eric Chiang
Eric Chiang
Carlos Alexandro Becker
Ali Javadi
Ali Javadi
Holger Koser
Marian Steinbach
Andrew Johnstone