Commit graph

1901 commits

Author SHA1 Message Date
Márk Sági-Kazár
0b9b588c96
Merge pull request #2089 from flant/remove-go-dev-badge-from-readme
chore: remove go dev badge from README
2021-04-17 21:20:47 +02:00
m.nabokikh
026d979073 chore: remove go dev badge from README
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-17 10:24:02 +04:00
dependabot[bot]
e4065013a4
Merge pull request #2085 from dexidp/dependabot/docker/alpine-3.13.5 2021-04-15 08:18:38 +00:00
dependabot[bot]
d4a2a362ab
Merge pull request #2086 from dexidp/dependabot/go_modules/github.com/mattn/go-sqlite3-1.14.7 2021-04-15 08:18:07 +00:00
dependabot[bot]
de6d1bea56
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.6 to 1.14.7
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.6...v1.14.7)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-15 06:57:54 +00:00
dependabot[bot]
8fbbd4cec9
build(deps): bump alpine from 3.13.4 to 3.13.5
Bumps alpine from 3.13.4 to 3.13.5.

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-15 06:53:00 +00:00
Márk Sági-Kazár
b79d9a84bc
Merge pull request #2072 from dexidp/dependency-updates
Update dependencies
2021-04-08 17:50:52 +02:00
Mark Sagi-Kazar
03db309337
chore(deps): update dependencies
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-07 14:45:53 +02:00
Márk Sági-Kazár
c7549cce5b
Merge pull request #2071 from dexidp/dependabot/go_modules/github.com/go-ldap/ldap/v3-3.3.0
build(deps): bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.3.0
2021-04-06 10:15:37 +02:00
dependabot[bot]
656798c8bd
build(deps): bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.3.0
Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.2.4 to 3.3.0.
- [Release notes](https://github.com/go-ldap/ldap/releases)
- [Commits](https://github.com/go-ldap/ldap/compare/v3.2.4...v3.3.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-06 07:01:29 +00:00
m.nabokikh
beb8911cf7 chore: add note about units to expire config
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-02 16:12:43 +04:00
dependabot[bot]
b73c406d21
Merge pull request #2069 from dexidp/dependabot/docker/golang-1.16.3-alpine3.13 2021-04-02 07:14:55 +00:00
dependabot[bot]
4b924f1d86
build(deps): bump golang from 1.16.2-alpine3.13 to 1.16.3-alpine3.13
Bumps golang from 1.16.2-alpine3.13 to 1.16.3-alpine3.13.

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-02 06:54:24 +00:00
dependabot[bot]
55352575b8
Merge pull request #2066 from dexidp/dependabot/docker/alpine-3.13.4 2021-04-01 11:20:38 +00:00
Márk Sági-Kazár
d2eb1b04dc
Merge pull request #2067 from dexidp/dependabot/go_modules/github.com/go-sql-driver/mysql-1.6.0
build(deps): bump github.com/go-sql-driver/mysql from 1.5.0 to 1.6.0
2021-04-01 13:18:21 +02:00
dependabot[bot]
0f4ad150ce
build(deps): bump github.com/go-sql-driver/mysql from 1.5.0 to 1.6.0
Bumps [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/go-sql-driver/mysql/releases)
- [Changelog](https://github.com/go-sql-driver/mysql/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-sql-driver/mysql/compare/v1.5.0...v1.6.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-01 07:23:52 +00:00
dependabot[bot]
b57c8fa75b
build(deps): bump alpine from 3.13.3 to 3.13.4
Bumps alpine from 3.13.3 to 3.13.4.

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-01 07:16:05 +00:00
dependabot[bot]
1076081f79
Merge pull request #2064 from dexidp/dependabot/docker/alpine-3.13.3 2021-03-26 10:41:31 +00:00
dependabot[bot]
f5a29bcdbb
build(deps): bump alpine from 3.13.2 to 3.13.3
Bumps alpine from 3.13.2 to 3.13.3.

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-26 06:48:52 +00:00
Márk Sági-Kazár
e18510b16e
Merge pull request #2058 from dexidp/proto
Upgrade protobuf and grpc
2021-03-24 20:18:08 +01:00
Mark Sagi-Kazar
95796b04a3
chore(deps): upgrade protobuf and grpc
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-24 19:17:26 +01:00
Márk Sági-Kazár
2bf728c6ec
Merge pull request #1926 from dexidp/update-etcd-3.5
Update etcd to 3.5
2021-03-23 14:44:26 +01:00
Mark Sagi-Kazar
356ccecc24
chore(deps): update etcd client to 3.5
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 22:12:35 +01:00
Márk Sági-Kazár
8e7ce6353f
Merge pull request #2057 from dexidp/codec
Upgrade protobuf in internal codec
2021-03-22 20:24:07 +01:00
Mark Sagi-Kazar
d25051c867
chore(deps): upgrade protobuf in server/internal package
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 19:27:47 +01:00
Mark Sagi-Kazar
41712bcbfa
build: rename old proto download targets
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 18:28:15 +01:00
Márk Sági-Kazár
e3f8b0f2f6
Merge pull request #2036 from flant/keystone-minor-fixes
chore: add keystone connector icon and bump tests dependencies
2021-03-22 17:51:19 +01:00
Márk Sági-Kazár
8cba308b0e
Merge pull request #2056 from dexidp/updates
Update xml roundtrip validator
2021-03-22 17:40:17 +01:00
Márk Sági-Kazár
3adb4e74df
Merge pull request #2055 from salmanisd/update-ldap-to-v3
connector/ldap: use go-ldap version v3
2021-03-22 17:39:50 +01:00
Márk Sági-Kazár
1ec5cf07f2
Merge pull request #2054 from dexidp/embed-web
Embed web assets
2021-03-22 17:38:09 +01:00
Mark Sagi-Kazar
3e12618f0c
chore(deps): update xml roundtrip validator
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 16:23:01 +01:00
Salman Ahmed
bbd8b3b3cd connector/ldap: use go-ldap version v3
Signed-off-by: Salman Ahmed <salman.ahmed@weidmueller.com>
2021-03-22 16:17:47 +01:00
Mark Sagi-Kazar
3ecdd57282
chore: change frontend dir default to unset
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 15:44:05 +01:00
Mark Sagi-Kazar
a050f3228a
feat: add DEX_FRONTEND_DIR env var for setting the frontend dir
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 15:44:05 +01:00
Mark Sagi-Kazar
3b80d480e5
feat!: move web assets to /srv in Dockerfile
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 15:44:05 +01:00
Mark Sagi-Kazar
d1e8b085e2
feat: use embedded assets by default
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 15:44:03 +01:00
Mark Sagi-Kazar
78fcac7568
feat: embed web assets
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-22 11:05:50 +01:00
Márk Sági-Kazár
3f0ca9b361
Merge pull request #1416 from concourse/pr/http-filesystem
Use http.FileSystem for web assets
2021-03-22 10:56:39 +01:00
Rui Yang
2f28fc7451 default to ./web when Dir and WebFS are not set
update WebFS doc

Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
2021-03-20 20:05:59 +00:00
Rui Yang
4e569024fd use go 1.16 new package io/fs
Unify the interface for reading web statics. Now it could read an
OS directory or get the content on live

One could use

//go:embed static
var webFiles embed.FS

anywhere and config dex server to take the file system by setting

WebConfig{WebFS: webFiles}

Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
2021-03-20 20:05:59 +00:00
Rui Yang
7b50cbf0ac use pkger for embedding static contents
Co-authored-by: Vikram Yadav <vyadav@pivotal.io>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-03-20 20:05:59 +00:00
Rui Yang
1eab25f89f use web host url for asset hosting
Signed-off-by: Rui Yang <ruiya@vmware.com>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
2021-03-20 20:05:59 +00:00
Rui Yang
10e9054811 Use http.FileSystem for web assets
Signed-off-by: Rui Yang <ryang@pivotal.io>
Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>
2021-03-20 20:05:59 +00:00
Rui Yang
d658c24e8f add dex config flag for enabling client secret encryption
* if enabled, it will make sure client secret is bcrypted correctly
* if not, it falls back to old behaviour that allowing empty client
secret and comparing plain text, though now it will do
ConstantTimeCompare to avoid a timing attack.

So in either way it should provide more secure of client secret
verification.

Co-authored-by: Alex Surraci <suraci.alex@gmail.com>
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-03-20 20:05:56 +00:00
Josh Winters
ec6f3a2f19 use bcrypt when comparing client secrets
- this assumes that the client is already bcrytped
when passed to dex. Similar to user passwords.

Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Vikram Yadav <vyadav@pivotal.io>
2021-03-20 20:05:56 +00:00
Márk Sági-Kazár
a1adf86e53
Merge pull request #2053 from dexidp/fix-gomplate-slim
fix: stop using slim version of gomplate
2021-03-20 13:59:51 +01:00
Mark Sagi-Kazar
27dfbc0344
fix: stop using slim version of gomplate
See hairyhenderson/gomplate#1085

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-03-20 13:23:46 +01:00
dependabot[bot]
83ad7bc4e3
Merge pull request #2037 from dexidp/dependabot/docker/golang-1.16.2-alpine3.13 2021-03-12 08:49:06 +00:00
dependabot[bot]
8fee3cd212
build(deps): bump golang from 1.16.1-alpine3.13 to 1.16.2-alpine3.13
Bumps golang from 1.16.1-alpine3.13 to 1.16.2-alpine3.13.

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-12 06:42:23 +00:00
m.nabokikh
6be747142a chore: add keystone connector icon and bump tests dependencies
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-03-11 23:03:37 +04:00