Commit graph

25 commits

Author SHA1 Message Date
Eric Chiang
33010e22c4 Merge pull request #487 from ericchiang/unify-email-config
*: depricate --email-from flag and move to email config files
2016-07-19 15:12:35 -07:00
Eric Chiang
5a78e89807 clean up LDAP connector
* Remove some unlikely to be used fields to help configurability.
  * Combined "serverHost" and "serverPort" into "host"
  * Remove "timeout" (just default to 30 seconds).
  * Remove "maxIdleConn" will add it back if users feel the need
    to control the number of cached connections.
  * Remove "trustedEmailProvider" (just always trust).
  * Remove "skipCertVerification" you can't make this connector
    ingore TLS errors.
* Fix configs that don't search before bind (previously broken).
* Add more examples to Documentation
* Refactor LDAPPool Acquire() and Put() into a Do() function which
  always does the flow correctly.
* Added more comments and renamed some functions.
* Moved methods on LDAPIdentityProvider to the LDAPConnector
2016-06-28 15:01:39 -07:00
Eric Chiang
87faa5a1f7 *: depricate --email-from flag and move to email config files 2016-06-27 23:36:07 -07:00
Bobby Rullo
6d4336c3c8 examples: support OOB in example app. 2016-06-20 17:03:13 -07:00
Bobby Rullo
b80dbc8975 server: support out-of-band auth flow
When "urn:ietf:wg:oauth:2.0:oob" is used as a redirect URI, redirect to
an internal dex page where the user is shown the code and instructed to
paste it into their app.
2016-06-20 17:03:13 -07:00
Bobby Rullo
ce14dc4368 examples, static: Add cross-client auth to example
* add trustedPeers to a client in client.json.sample
* add optional cross client auth to example web app
* login page is now templated
2016-06-09 16:16:10 -07:00
Pavel Strashkin
dec5d90657 examples: add sample for clients
Adds consistency to existing samples for users, connectors, etc., as
well as protects users from accidental changes to files under Git, which
is why there are samples after all.
2016-05-18 18:18:20 -07:00
Eric Chiang
ac73d3cdf2 *: load password infos from users file in no-db mode not connectors
In --no-db mode, load passwords from the users file instead of the
connectors file. This allows us to remove the password infos field
from the local connector and stop loading them during connector
registration, a case that was causing panics when using a real
database (see #286).

Fixes #286
Closes #340
2016-04-06 11:15:05 -07:00
Eric Chiang
ebbea78a2e *: remove build-units script
closes #159
2016-02-25 13:56:28 -08:00
Eric Chiang
3b125d6073 *: fix --no-db client decoding 2016-02-12 13:19:05 -08:00
Frode Nordahl
4d970d5fc4 connector: add LDAP connector
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.

Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.

This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.

Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).

To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go

Fixes #119
2016-02-11 18:30:16 +01:00
Bobby Rullo
dc828825e6 server: better UX when remote ID already exists
Instead of cryptic message with nowhere to, give them the choice to
login with that account or register.
2015-12-23 17:11:03 -08:00
Eric Chiang
4c9d2d670a static: use --issuer-name as title for public facing pages
Closes #142
2015-12-16 10:56:13 -08:00
Eric Chiang
f2c3dbc5e6 static, server: add styles for github and bitbucket connectors
Add icons and styles for github and bitbucket buttons.
2015-12-08 10:20:13 -08:00
Josh Wood
36803d16dd Merge pull request #176 from philips/add-connector
Improve docs for the getting started guide for oauth2_proxy
2015-11-10 09:50:35 -08:00
Brandon Philips
5dc95b20c7 examples: improve docs in README
Make the docs feel more like a tutorial and add some more context.
2015-11-10 09:44:46 -08:00
Brandon Philips
1ee7d6c5f4 static: add fixture client for oauth2_proxy
oauth2_proxy is a proxy you can put in front of any http application to
add OAUTH 2.0 auth. I have added OIDC support to this proxy and to make
it easy to get started lets add it to the fixture.
2015-11-08 22:26:41 +01:00
Bobby Rullo
2ef1b4beff user: introduce "invite" emails
Invite emails are essentially just reset password emails with a
different template (though this can and probably will change (slightly)
in the near future)
2015-10-30 14:41:00 -07:00
Bobby Rullo
bf9517fdaa server,cmd: Add flag for disabling registation
For situations where admins add users.
2015-09-30 16:35:58 -07:00
Chance Zibolski
b1e146b702 email: Remove unused ID field 2015-09-24 15:01:06 -07:00
Bobby Rullo
f1820cda14 cmd,server,static/html: Configurable name, logo
fixes #47
2015-09-02 18:00:28 -07:00
Bobby Rullo
abc1d365ac examples/static: various changes to fix examples 2015-08-28 12:43:07 -07:00
Bobby Rullo
bbcffde0a5 server: make reset password pass tests
Handler wants a password value even when its blank
2015-08-26 15:45:15 -07:00
Ed Rooth
627a4f8805 static: update all templates to be generic 2015-08-25 09:42:43 -07:00
Bobby Rullo
66fe201c24 *: move original project to dex 2015-08-18 11:26:57 -07:00