mystiq/dex
Archived
4
0
Fork 1
Code Issues Pull requests Packages Projects Releases Wiki Activity
412 commits 27 branches 73 tags 23 MiB
Commit graph

412 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eric Chiang 015e7cf606 cmd/dex: only expand from env for storages and connectors 
Bcrypt'd hashes have "$" characters in them. This means that #667
(accepting actually bcrypted values) combined with #627 (expanding
config with environment variables) broke the example config.

For now, allow storages and connectors to expand their configs from
the environment, but don't do this anywhere else.
 2016-11-03 21:38:32 -07:00
Eric Chiang 35d6423ac2 cmd/example-app: add a --debug flag 2016-11-03 21:36:15 -07:00
Eric Chiang ce703a7fe1 Merge pull request #665 from rithujohn191/expose-serv-opts 
cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config
 2016-11-03 18:25:44 -07:00
rithu leena john 600e761266 cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config. 2016-11-03 17:25:36 -07:00
Eric Chiang d11224f2bb Merge pull request #668 from ericchiang/dev-ldap-conn 
connector: accept base64 encoded CA and add convience open method
 2016-11-03 16:39:22 -07:00
Eric Chiang 0f31566b27 connector: accept base64 encoded CA and add convience open method 2016-11-03 16:28:23 -07:00
Eric Chiang 53852d4e42 Merge pull request #667 from ericchiang/dev-switch-yaml-package 
*: switch to github.com/ghodss/yaml for more consistent YAML parsing
 2016-11-03 15:29:18 -07:00
Eric Chiang 59240f93b1 vendor: revendor 2016-11-03 15:24:47 -07:00
Eric Chiang df50308713 glide.yaml: add new yaml package 2016-11-03 15:24:35 -07:00
Eric Chiang ebe51e736d cmd/dex: accept raw bcrypt'd hash as well as base64'd version of hash 2016-11-03 15:23:56 -07:00
Eric Chiang aa7f304bc1 *: switch to github.com/ghodss/yaml for more consistent YAML parsing 
ghodss/yaml converts from YAML to JSON before attempting to unmarshal.
This allows us to:

* Get the correct behavor when decoding base64'd []byte slices.
* Use *json.RawMessage.
* Not have to support extravagant YAML features.
* Let our structs use `json:` tags
 2016-11-03 14:39:32 -07:00
Eric Chiang a78adb0272 Merge pull request #666 from rithujohn191/update-go-version 
*: travis tests and build scripts should use Go 1.7.3.
 2016-11-03 12:37:54 -07:00
rithu leena john 75abce2b19 *: travis tests and build scripts should use Go 1.7.3. 2016-11-03 12:28:53 -07:00
Eric Chiang 74eaec60cb Merge pull request #661 from rithujohn191/gRPC-client-auth 
cmd/dex: add option for gRPC client auth CA.
 2016-11-02 15:05:15 -07:00
rithu leena john 42dfd3ecec cmd/dex: add option for gRPC client auth CA. 2016-11-02 14:51:22 -07:00
Eric Chiang 799b3f3ef5 Merge pull request #658 from ericchiang/dev-dont-error-on-invalid-username 
*: don't error out if a username doesn't exist in the backing connector
 2016-11-01 16:06:40 -07:00
Eric Chiang 90e613b328 Merge pull request #649 from rithujohn191/gRPC-endpoints 
api: add gRPC endpoints for creating, updating and deleting passwords
 2016-11-01 14:20:31 -07:00
Eric Chiang 57a59d4631 *: don't error out if a username doesn't exist in the backing connector 
Instead of throwing a 500 error if a user enters an invalid name,
display the same text box as if the user had entered the wrong
password.

NOTE: An invalid username now returns much quicker than an invalid
password. Consider adding an arbitrary sleep in the future if we
care about masking which was invalid.
 2016-11-01 14:10:55 -07:00
rithu leena john ed7e943406 api: add gRPC endpoints for creating, updating and deleting passwords 2016-11-01 14:10:35 -07:00
Eric Chiang 2a9051c864 Merge pull request #654 from ericchiang/dev-sql-optimistic-concurrency 
storage/sql: use isolation level "serializable" for transactions
 2016-11-01 10:16:23 -07:00
Eric Chiang 8debe68314 Documentation: remove caveat about running multiple instances 2016-10-31 23:18:40 -07:00
Eric Chiang 786e12b15e storage/conformance: expand transaction test suite 2016-10-31 23:01:31 -07:00
Eric Chiang 52e2a1668c storage/sql: use isolation level "serializable" for transactions 2016-10-31 23:00:55 -07:00
Eric Chiang 1c51c50b23 Merge pull request #652 from ericchiang/dev-docs-api 
Documentation: add document on the dex API
 2016-10-31 18:16:08 -07:00
Eric Chiang fe1d27586e Documentation: add document on the dex API 2016-10-31 15:25:52 -07:00
Eric Chiang 651b406cfd Merge pull request #651 from ericchiang/dev-remove-openldap-container 
contrib/openldap: remove OpenLDAP container
 2016-10-31 15:19:05 -07:00
Eric Chiang f672e75a3a contrib/openldap: remove OpenLDAP container 
Based on #640 we're going to osixia/openldap instead of rolling our
own container. Removing this work for now. If we want it back we can
revert easily enough.
 2016-10-28 16:08:26 -07:00
rithu leena john 0cfd815d3d Merge pull request #648 from ericchiang/dev-storage-docs 
storage: update godocs
 2016-10-28 13:59:13 -07:00
Eric Chiang c0aa63ac97 storage: update godocs 2016-10-28 13:00:13 -07:00
Eric Chiang a7c2fca039 Merge pull request #645 from ericchiang/dev-ldap-fix-switch 
connector/ldap: fix bug in switch statement
 2016-10-28 11:19:40 -07:00
Eric Chiang 4329406158 connector/ldap: fix bug in switch statement 2016-10-28 10:11:18 -07:00
Eric Chiang d7912a3a97 Merge pull request #638 from ericchiang/dev-share-a-single-callback 
*: allow call connectors to share a single a single callback
 2016-10-27 16:59:04 -07:00
Eric Chiang 44fec87ce1 Merge pull request #642 from ericchiang/k8s-client-id 
storage/kubernetes: allow arbitrary client IDs
 2016-10-27 16:58:57 -07:00
Eric Chiang d7a75c5b5d storage/kubernetes: allow arbitrary client IDs 
Use a hash algorithm to match client IDs to Kubernetes object names.
Because cryptographic hash algorithms produce sums larger than a
Kubernetes name can fit, a non-cryptographic hash is used instead.
Hash collisions are checked and result in errors.
 2016-10-27 16:37:58 -07:00
Eric Chiang 99717cb56d Merge pull request #635 from ericchiang/dev-transaction-tests 
storage/conformance: add tests for transactional guarantees
 2016-10-27 15:54:53 -07:00
Eric Chiang acf3d6385e Merge pull request #641 from ericchiang/dev-scripts-fix-get-protoc 
scripts: fix get-protoc script to work directly after a clean
 2016-10-27 14:42:40 -07:00
Eric Chiang 84c3ba0fe3 scripts: fix get-protoc script to work directly after a clean 
Right now `make grpc` only works if a user hasn't run a `make clean`.
Fix this.
 2016-10-27 14:35:38 -07:00
Eric Chiang c1f18802c9 Merge pull request #624 from ericchiang/dev-ldap-connector 
connector/ldap: expand LDAP connector to include searches
 2016-10-27 13:44:18 -07:00
Eric Chiang f5a378a4e5 Merge pull request #640 from rithujohn191/openldap-docs 
Documentation: adding documentation for running ldap tests locally
 2016-10-27 13:22:37 -07:00
rithu leena john 27880dba59 Documentation: adding documentation for running ldap tests locally 2016-10-27 13:20:32 -07:00
Eric Chiang 13f7dfaef0 connector/ldap: expand LDAP connector to include searches 2016-10-27 13:11:30 -07:00
Eric Chiang 7c2289e0de *: rename internally used "state" form value to "req" 
"state" means something specific to OAuth2 and SAML so we don't
want to confuse developers who are working on this.

Also don't use "session" which could easily be confused with HTTP
cookies.
 2016-10-27 10:26:01 -07:00
Eric Chiang a3235d022a *: verify "state" field before passing request to callback connectors 
Let the server handle the state token instead of the connector. As a
result it can throw out bad requests earlier. It can also use that
token to determine which connector was used to generate the request
allowing all connectors to share the same callback URL.

Callbacks now all look like:

    https://dex.example.com/callback

Instead of:

    https://dex.example.com/callback/(connector id)

Even when multiple connectors are being used.
 2016-10-27 10:23:09 -07:00
Eric Chiang 88896eb949 Merge pull request #637 from squat/fix_cache_control 
server/handlers: fix Cache-Control header
 2016-10-26 15:07:18 -07:00
Lucas Serven 5c498ae4df server/handlers: fix Cache-Control header 
fixes: #636

This commit addresses a problem where the `max-age` value is being set
in nanoseconds as opposed to seconds, as required by the specification.
 2016-10-26 14:58:18 -07:00
Eric Chiang 4ab78d0ded storage/kubernetes: run transactional conformance tests 2016-10-26 13:30:45 -07:00
Eric Chiang 5720ecf412 storage/conformance: add tests for transactional guarantees 2016-10-26 13:30:45 -07:00
Eric Chiang 99e312eadd Merge pull request #632 from ericchiang/dev-docs-storage-options 
Documentation: add a document on storage options
 2016-10-26 12:33:37 -07:00
Eric Chiang 6c4839860e Documentation: add a document on storage options 2016-10-26 12:32:45 -07:00
Eric Chiang d350938fb0 Merge pull request #626 from ericchiang/storage-kubernetes-guess-namespace-from-service-account-token 
storage/kubernetes: guess namespace from the service account token
 2016-10-25 16:54:58 -07:00