Commit graph

1580 commits

Author SHA1 Message Date
Eric Chiang
7a3658acdf vendor: revendor 2016-12-01 13:16:14 -08:00
Eric Chiang
3b99e8f22a *: update vendored go-oidc
Includes fixes for a panic when using HTTP/2[0] and some HTTPs calls
not actually using their passed context[1].

[0] https://github.com/coreos/go-oidc/pull/117
[1] https://github.com/coreos/go-oidc/pull/119
2016-12-01 13:13:27 -08:00
Eric Chiang
4d88eabb50 Merge pull request #714 from amrutac/refactor-css
Refactor css
2016-12-01 13:11:19 -08:00
Amruta Chitnis
170727454d web: Updates classes in templates 2016-12-01 12:18:12 -08:00
Amruta Chitnis
fabdae8e71 web: Updates css 2016-12-01 12:17:48 -08:00
Amruta Chitnis
da872ecd35 web: Adds tectonic specific files 2016-12-01 12:16:18 -08:00
Amruta Chitnis
513525c0ab web: Adds svg files for icons 2016-12-01 12:15:47 -08:00
rithu leena john
b38d355202 Merge pull request #713 from ericchiang/example-app-state
cmd/example-app: use a non-empty state
2016-12-01 09:57:25 -08:00
Eric Chiang
aebb6818b7 cmd/example-app: use a non-empty state
Use a non-empty state in the example-app to ensure dex is properly
preserving the state for the code flow.

Updates #712
2016-12-01 09:05:56 -08:00
rithu leena john
9d9ad4a5b3 Merge pull request #711 from ericchiang/themes
*: add theme based frontend configuration
2016-11-30 22:56:09 -08:00
Eric Chiang
391dc51c13 *: add theme based frontend configuration
This PR reworks the web layout so static files can be provided and
a "themes" directory to allow a certain degree of control over logos,
styles, etc.

This PR does NOT add general support for frontend customization,
only enough to allow us to start exploring theming internally.
The dex binary also must now be run from the root directory since
templates are no longer "compiled into" the binary.

The docker image has been updated with frontend assets.
2016-11-30 17:20:21 -08:00
Eric Chiang
e267dbd236 Merge pull request #708 from ericchiang/ldap-security-docs
Documentation: clarify difference between LDAP ports and security guarentees
2016-11-28 17:07:24 -08:00
Eric Chiang
6202e4d912 Merge pull request #709 from evanluc/patch-1
Updated openid-connect.md: small typo
2016-11-24 23:13:31 -08:00
Ev
5144ef643b Updated openid-connect.md: small typo
Protocol is written protocl.
2016-11-24 14:01:47 -05:00
Eric Chiang
8b8c076ecf Documentation: clarify difference between LDAP ports and security guarantees
Now that LDAP supports an `insecureSkipVerify` option, clarify that
`insecureNoTLS` is an extremely bad choice and as such we may drop
support for 389 in the future.

However, since we send plain text passwords from our frontend to our
backend, this probably gets us into a bigger conversation about dex's
TLS story. For example when terminiation is approporate. cc'ing
@dghubble for thoughts on how that might apply to our internal uses.

We probably want an overaching security doc at some point, but that
can be another PR.
2016-11-23 12:26:44 -08:00
Eric Chiang
a607ff7a3a Merge pull request #696 from ericchiang/switch-go-oidc-client
*: switch oidc client to github.com/coreos/go-oidc
2016-11-22 13:42:28 -08:00
Eric Chiang
a876ab37af vendor: revendor 2016-11-22 13:29:17 -08:00
Eric Chiang
522749b5d8 *: switch oidc client to github.com/coreos/go-oidc
This saves us from having to import two different versions of
square/go-jose.
2016-11-22 13:29:17 -08:00
rithu leena john
5ed42be7a5 Merge pull request #702 from ericchiang/connector-interface-cleanup
connector: add RefreshConnector interface
2016-11-22 13:10:13 -08:00
Eric Chiang
6980920a3a *: document the GitHub connector 2016-11-22 12:53:46 -08:00
Eric Chiang
55e97d90a6 *: add tests for the RefreshConnector 2016-11-22 12:53:46 -08:00
Eric Chiang
952e0f81f5 connector: add RefreshConnector interface 2016-11-22 12:53:46 -08:00
Eric Chiang
27fb7c523e Merge pull request #704 from Calpicow/oidc_callback_fix
Fix Google OIDC callback url
2016-11-21 10:31:44 -08:00
Phu Kieu
ba58f3f43b Fix Google OIDC callback url 2016-11-21 10:25:16 -08:00
Eric Chiang
35f16b6639 Merge pull request #703 from ericchiang/readme-updates
*: small README link additions
2016-11-18 17:12:20 -08:00
Eric Chiang
baa9096b6e *: small README link additions 2016-11-18 17:07:10 -08:00
rithu leena john
8bf70ace74 Merge pull request #701 from ericchiang/ldap-escape-filter
connector/ldap: use gopkg.in/ldap.v2's escape filter
2016-11-18 15:28:11 -08:00
Eric Chiang
ae4c32bc3b connector/ldap: use gopkg.in/ldap.v2's escape filter
Use the escape filter method provided by the upstream LDAP package
instead of rolling our own.
2016-11-18 15:16:40 -08:00
rithu leena john
d862561150 Merge pull request #700 from ericchiang/fix-expiry-test-flake
server: fix expiry test flake
2016-11-18 14:39:46 -08:00
Eric Chiang
a7db295714 Merge pull request #698 from Calpicow/groupsearch_by_dn
Allow getAttr to return DN
2016-11-18 13:55:18 -08:00
Phu Kieu
d4aba443ac Allow getAttr to return DN
Specify "DN" as attribute name to return, but will only work if not present in ldap.Entry.Attributes
Use when full DN is stored in groupSearch's userAttr
2016-11-18 13:51:47 -08:00
Eric Chiang
5c602d36d9 server: fix expiry test flake
Ensure compared times are within a second of one another instead of
rounding, which can flake if the two times are different enough to
do round to different values.

Tested using the golang.org/x/tools/cmd/stress tool.

The following set of commands fail without this patch:

    $ go get golang.org/x/tools/cmd/stress
    $ go test -o server.test github.com/coreos/dex/server
    $ stress ./server.test -test.run=TestOAuth2CodeFlow
    219 runs so far, 0 failures
    425 runs so far, 0 failures
    618 runs so far, 0 failures
    802 runs so far, 0 failures
    ^C

Closes #699
2016-11-18 13:47:16 -08:00
Eric Chiang
f45a1a9375 Merge pull request #697 from Calpicow/enable_groups
Enable groups scope
2016-11-18 13:32:01 -08:00
Phu Kieu
35180a72f1 Enable groups scope 2016-11-18 13:13:32 -08:00
rithu leena john
04360fa354 Merge pull request #695 from rithujohn191/add-list-password
api: add call to list passwords
2016-11-17 17:23:32 -08:00
rithu john
ee9738d663 api: adding a gRPC call for listing passwords. 2016-11-17 16:56:54 -08:00
Eric Chiang
e6b54250db Merge pull request #684 from ericchiang/examples-k8s-fixup
examples/k8s: update kubernetes examples
2016-11-17 15:28:00 -08:00
Eric Chiang
3ecfaf700e examples/k8s: update kubernetes examples 2016-11-17 14:10:55 -08:00
Eric Chiang
ff748a2f52 Merge pull request #694 from ericchiang/delete-todo
*: remove TODO.md file
2016-11-17 10:59:56 -08:00
Eric Chiang
2b20c4565f *: remove TODO.md file
This existed for when we were developing v2 but v1 was using the
issue tracker. We've since moved these goals to the issue tracker.
2016-11-17 10:53:11 -08:00
rithu john
19c22807a7 api: adding ListPasswords() method to the storage interface. 2016-11-16 17:25:38 -08:00
Eric Chiang
2e74b48492 Merge pull request #690 from rithujohn191/connector-docs
Documentation: LDAP connector documentation.
2016-11-16 16:11:44 -08:00
rithu john
8589650605 Documentation: LDAP connector documentation. 2016-11-16 15:29:17 -08:00
Eric Chiang
57178fd5f3 Merge pull request #685 from ericchiang/add-openssl-to-docker-container
Dockerfile: add OpenSSL to Docker container
2016-11-16 09:47:23 -08:00
Eric Chiang
13a1ebe053 Merge pull request #689 from cjyar/master
connector/ldap: Always set tls.Config.ServerName, to support LDAP ser…
2016-11-15 13:44:43 -08:00
Eric Chiang
91c88c8b12 Merge pull request #688 from SEJeff/patch-1
Fix a tyop in the storage documentation
2016-11-15 13:38:15 -08:00
Jeff Schroeder
da6cd9687d Documentation: fix a typo in the storage documentation 2016-11-15 15:14:11 -06:00
Chris Jones
384ac87deb connector/ldap: Always set tls.Config.ServerName, to support LDAP servers with public CA certs. 2016-11-15 14:06:39 -07:00
Eric Chiang
2ec3349f5d Merge pull request #686 from cjyar/master
Require the connector to have an ID.
2016-11-15 11:10:22 -08:00
Chris Jones
a2b78c28fc cmd/dex: validate that connectors have an ID. 2016-11-15 11:39:45 -07:00