Marcus Stong
7d0ecf9532
server: add scope to newLoginURLFromSession
...
need to make sure the scope is present otherwise will be considered an invalid request
fixes #135
2015-11-18 14:16:35 -05:00
Joe Bowers
792b72ef54
server: spelling of error message
2015-11-11 10:04:54 -08:00
Joe Bowers
ca9227fc19
various: spelling, logging, and commentary cleanup
2015-11-11 10:04:54 -08:00
Bobby Rullo
d1e292eb94
server: pass issuer name to emailer
...
Issuer name can be used in Emailer
2015-10-30 15:00:40 -07:00
Bobby Rullo
2ef1b4beff
user: introduce "invite" emails
...
Invite emails are essentially just reset password emails with a
different template (though this can and probably will change (slightly)
in the near future)
2015-10-30 14:41:00 -07:00
George Tankersley
07a4d4441e
pkg/crypto: replace old crypto with new crypto
2015-10-29 13:45:25 -07:00
Joe Bowers
85113748a8
server: unify password reset and email verification code and behavior
...
This patch proposes behavioral changes. In particular, referring
systems will need to provide client ids under all circumstances.
2015-10-16 14:47:58 -07:00
bobbyrullo
8360f18fea
Merge pull request #147 from gyuho/use_stdpkg_basicauth
...
server: use standard lib http.Request.BasicAuth
2015-10-13 11:37:31 -07:00
Yifan Gu
7282dd5187
refreshtoken: return base64 encoded token for in-memory backend.
...
Previously if we use the in-memory backend, it will return a raw
binary token for refresh token. This fixes the case.
2015-10-12 14:51:52 -07:00
Gyu-Ho Lee
f06073fbcd
server: use standard lib http.Request.BasicAuth
...
Go 1.4+ has https://golang.org/pkg/net/http/#Request.BasicAuth
method for http.Request and it was requested by CoreOS(kelsey) [1]
with the same functionalities. If dex's Go development is being done
in Go 1.4 or later, we should use the standard library.
Thanks!
---
[1] https://codereview.appspot.com/76540043/
2015-10-06 05:00:33 -07:00
Bobby Rullo
55040c55fa
server, integration, cmd: Protect Admin API
...
Admin API now requires a 128 byte base64 encoded secret to be passed in
Authorization header, closing up a potential security hole for those
who expose this service.
2015-10-01 13:15:45 -07:00
Bobby Rullo
d3d6a75b91
fixup - Code review changes.
2015-09-30 17:07:00 -07:00
Bobby Rullo
bf9517fdaa
server,cmd: Add flag for disabling registation
...
For situations where admins add users.
2015-09-30 16:35:58 -07:00
Joe Bowers
e5db302312
server: expose user disable API endpoint
2015-09-29 16:46:30 -07:00
Joe Bowers
b19adefde5
Merge pull request #138 from joeatwork/disable-users
...
server: disable users
2015-09-28 12:36:09 -07:00
Joe Bowers
fbbb3cc2df
server: all authorizations fail for disabled users
2015-09-25 17:29:59 -07:00
Joe Bowers
ffabe03bc0
server: don't allow disabled users to access the api
2015-09-25 15:47:42 -07:00
Joe Bowers
60a36e2c2e
server,db: flag for disabling user login
2015-09-25 14:25:06 -07:00
Joe Bowers
4c9bab0890
server: user management endpoints strictly conform to schema
...
This change disables the URL fixing behavior or the router associated
with the user management schema. After this commit, URLS routing
to /api/$VERSION/users must target exactly the specified paths. In
addition, `/api/$VERSION/users/` will serve a 404
This change allows users to hit the user create endpoint, which
would previously serve a redirect rather than actually making the
associated change.
2015-09-24 16:41:29 -07:00
Giulio Iotti
472e4a02a4
*: Remove unnecessary else statements
...
Whenever it makes the code easier to follow, use early return to
avoid else statements.
2015-09-04 22:45:32 +03:00
bobbyrullo
0ec24a17bd
Merge pull request #104 from bobbyrullo/flags_are_good
...
cmd,server,static/html: Configurable name, logo
2015-09-02 18:00:58 -07:00
Bobby Rullo
f1820cda14
cmd,server,static/html: Configurable name, logo
...
fixes #47
2015-09-02 18:00:28 -07:00
Yifan Gu
44c6cb44f5
refresh: bcrypt raw bytes rather than base64 encoded string.
...
This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.
Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
2015-09-02 14:23:20 -07:00
Yifan Gu
93a0830ae0
server: check scope in requests.
...
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Yifan Gu
066fd859ec
session: add 'scope' field in session.
2015-08-31 13:51:59 -07:00
Bobby Rullo
d0c199b62c
cmd, server: base64 encode multiple secrets
...
Two things here:
* key secrets are now base64 encoded strings, so we get the full key
space
* we can pass >1 of them in so we can rotate them
2015-08-26 10:43:24 -07:00
Bobby Rullo
66fe201c24
*: move original project to dex
2015-08-18 11:26:57 -07:00