Bobby Rullo
f9dbc8a3d2
db, client: add data model for trusted peers
...
Trusted Peers are clients that are authorized to mint tokens
for another client.
2016-06-07 17:16:09 -07:00
bobbyrullo
546463adcc
Merge pull request #457 from bobbyrullo/client_manager_tweaks
...
Various client api tweaks
2016-06-07 17:01:28 -07:00
Bobby Rullo
1b4dca80d7
client: remove ClientManagerFromClients
...
Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it
was doing the wrong thing: it was ignoring the client_id and client_secret
passed into it as far as I can tell.
2016-06-07 16:47:30 -07:00
Bobby Rullo
8d1a6f2324
functional: test sample clients file is valid
...
Also tests that it's being loaded properly (which is not the case in
NewClientManagerFromClients, which will be removed in subsequent commit)
2016-06-07 16:47:29 -07:00
Frode Nordahl
3077979a3b
Functional tests for LDAP Connection Pool
2016-06-03 11:04:58 +02:00
Evan Cordell
73d9742c8b
client manager: accept full client when creating
2016-05-24 14:44:04 -05:00
Evan Cordell
a418e1c4e7
client: add client manager
...
adds a client manager to handle business logic, leaving the repo
for basic crud operations. Also adds client to the test script
2016-05-19 16:20:12 -07:00
Evan Cordell
3da98fcb8e
client: add transaction support
2016-05-19 16:17:01 -07:00
Bobby Rullo
3442a5af1c
functional: test Admin field serialization
2016-04-20 14:31:27 -07:00
Bobby Rullo
e5948ab3ce
*: ClientIdentityXXX -> ClientXXX
...
Get rid of all outdated "ClientIdentity" terminology.
2016-04-20 14:31:27 -07:00
Bobby Rullo
95757e8779
*: Client Repo now deals with custom Client object
...
This is instead of oidc.ClientIdentity. This makes it easier to add new
fields custom to dex to the client.
2016-04-20 14:31:27 -07:00
Eric Chiang
7416929455
*: add revocation methods to refresh repo
2016-04-06 11:25:50 -07:00
Eric Chiang
6120f7ac05
*: add isAdmin option to client repo when creating a client
2016-04-05 11:29:58 -07:00
Eric Chiang
60b843e78b
Merge pull request #339 from ericchiang/case_insensitive_emails
...
db: email comparison should be case insensitive
2016-03-02 16:51:47 -08:00
Eric Chiang
01a24542e9
*: fix tests that care about email case sensitivity
2016-03-01 14:09:10 -08:00
Eric Chiang
208afd3b01
*: add functional tests for case insensitive emails
2016-03-01 10:54:12 -08:00
Eric Chiang
bf88fe48a6
functional: don't fail if postgres or ldap isn't availabl
2016-02-25 11:57:26 -08:00
Eric Chiang
2cc0ae6fac
functional: remove in memory connector configs from ldap tests
2016-02-16 15:21:38 -08:00
Eric Chiang
dcf5835189
*: remove in memory connector config repo
2016-02-12 13:19:05 -08:00
Eric Chiang
b572b8dd6c
*: remove in memory client repo
...
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.
A lot of this commit is fixing those tests.
2016-02-12 13:19:05 -08:00
Eric Chiang
72d1ecab64
*: remove in memory password info repo
2016-02-12 13:19:05 -08:00
Eric Chiang
2726f4dcdf
*: remove in memory user repo
2016-02-12 13:19:05 -08:00
Eric Chiang
7bac93aa20
*: remove in memory session repos
...
Move manager to it's own package so it can import db. Move all
references to the in memory session repos to use sqlite3.
2016-02-12 13:19:05 -08:00
Eric Chiang
5052d8007f
functional: clean up functional tests
...
Adjust logic and remove panics from functional tests.
2016-02-12 13:19:05 -08:00
Frode Nordahl
4d970d5fc4
connector: add LDAP connector
...
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.
Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.
This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.
Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).
To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go
Fixes #119
2016-02-11 18:30:16 +01:00
Eric Chiang
af790e46bb
Merge pull request #267 from ericchiang/metadata
...
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
ec3bc7f258
*: allow dexctl set-connector-configs to read from stdin
...
Closes #276
2016-01-19 08:59:34 -08:00
Eric Chiang
5e44b6bc27
*: update all to accommodate changes to go-oidc
...
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
Eric Chiang
7aa3d925d5
Merge pull request #249 from ericchiang/cli
...
use cobra for dexctl cli logic
2015-12-28 16:26:31 -08:00
Bobby Rullo
c1f8effe1a
db, functional: make value column in key not pkey
...
go-oidc increased the size of the generated keys, which were too large
to be used as primary keys in postgres.
2015-12-28 16:02:16 -08:00
Eric Chiang
8e5115ce73
cmd: use spf13/cobra for dexctl cli logic
2015-12-28 15:55:11 -08:00
Eric Chiang
f43655a8c3
user/manager: connector must exists when creating remote identity
...
Add ConnectorConfigRepo to UserManager. When trying to create a
RemoteIdentity, validate that the connector ID exists.
Fixes #198
2015-12-07 17:34:08 -08:00
George Tankersley
07a4d4441e
pkg/crypto: replace old crypto with new crypto
2015-10-29 13:45:25 -07:00
Joe Bowers
2ed2859896
repo: functional repo tests
...
includes changes to ensure uniform errors for DB and in-memory repos
2015-09-29 16:46:48 -07:00
Yifan Gu
44c6cb44f5
refresh: bcrypt raw bytes rather than base64 encoded string.
...
This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.
Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
2015-09-02 14:23:20 -07:00
bobbyrullo
5abc7633fb
Merge pull request #87 from bobbyrullo/keyspace
...
Base64 Encode secrets, and allow >1 of them
2015-08-26 10:43:42 -07:00
Bobby Rullo
c8feb5c33d
db: PrivateKeySetRepo now takes >1 secrets
...
The first secret is used to encrypt, the rest are for decryption; if the
first doesn't work, the rest are tried in order.
The makes it possible to rotate keys.
2015-08-25 16:41:20 -07:00
Bobby Rullo
74df09acb6
db: gorp moved to github.com/go-gorp/gorp
2015-08-24 15:43:15 -07:00
Bobby Rullo
4ce5a36d08
db: initialize bigint, boolean columns
...
gorp hates nil.
2015-08-20 12:38:15 -07:00
Bobby Rullo
84bc8073de
functional: Test DBs use migrations
...
All repo tests build their tables by applying all the migrations. This
way we know our migrations are functional.
2015-08-20 11:44:43 -07:00
Bobby Rullo
66fe201c24
*: move original project to dex
2015-08-18 11:26:57 -07:00