Commit graph

294 commits

Author SHA1 Message Date
Frode Nordahl
bedd4716b9 Make constants for default values, simplify logic 2016-02-16 23:58:41 +01:00
Eric Chiang
dc9e596542 Merge pull request #315 from fnordahl/issue/314-entryDN-does-not-exist
Get DN from entry, not entryDN attribute
2016-02-16 09:44:32 -08:00
Frode Nordahl
508c24b10e Get DN from entry, not entryDN attribute
Not all LDAP servers have entryDN available as an attribute. Reading up on
https://tools.ietf.org/html/rfc5020 tells me that entryDN is intended for
making the DN available for attribute value assertions. Thus it is not
mandatory for a LDAP server to make it available as an retrievable
attribute.

The DN is always a part of the entry returned in a search result, just use
it.

Fixes #314
2016-02-14 09:33:38 +01:00
Eric Chiang
cd72a1f69f Merge pull request #178 from fnordahl/ldap_connector
connector: add LDAP connector
2016-02-12 11:30:21 -08:00
Frode Nordahl
4d970d5fc4 connector: add LDAP connector
Authentication is performed by binding to the configured LDAP server using
the user supplied credentials. Successfull bind equals authenticated user.

Optionally the connector can be configured to search before authentication.
The entryDN found will be used to bind to the LDAP server.

This feature must be enabled to get supplementary information from the
directory (ID, Name, Email). This feature can also be used to limit access
to the service.

Example use case: Allow your users to log in with e-mail address instead of
the identification string in your DNs (typically username).

To make re-use of HTTP form handling code from the Local connector possible:
- Implemented IdentityProvider interface
- Moved the re-used functions to login_local.go

Fixes #119
2016-02-11 18:30:16 +01:00
Frode Nordahl
bb53e5bb81 Godeps: add ldap and asn1-ber library 2016-02-11 18:30:15 +01:00
Eric Chiang
8bfe5d92fc Merge pull request #307 from ericchiang/google_group
README: add note about roadmap and google group
2016-02-10 14:21:53 -08:00
Eric Chiang
9dd1c4bb41 README: add note about roadmap and google group
Closes #297
2016-02-10 09:52:05 -08:00
Eric Chiang
907f536e74 Merge pull request #273 from ericchiang/version
cmd: add version to command worker and overlord, print go version
2016-02-05 09:30:48 -08:00
Eric Chiang
232a6103f9 Merge pull request #285 from ericchiang/api_docs
add generated documentation for APIs
2016-02-01 16:26:05 -08:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
e6963f078a schema: regenerate schemas with markdown documentation 2016-02-01 16:09:39 -08:00
Eric Chiang
c7ed4fdd60 pkg,cmd: add document generator tool 2016-02-01 16:09:23 -08:00
Eric Chiang
04cd1851aa server: add dynamic client registration 2016-02-01 16:06:46 -08:00
Eric Chiang
0ceecbaa72 Merge pull request #271 from ericchiang/proposals
Documentation: move proposals to their own sub directory
2016-02-01 11:32:22 -08:00
Eric Chiang
5961122c80 Merge pull request #291 from Tecsisa/admintest
admin: tests do not compile (Fixes #257)
2016-01-28 09:34:32 -08:00
miguelcubillo
4c7fc43296 admin: Fix compile errors in test script
includes admin in the test script and fix the api_test compile errors

Fixes #257
2016-01-27 09:21:58 +01:00
Eric Chiang
c7606ae320 Merge pull request #296 from set321go/master
worker start command missing registration and emailer config.
2016-01-26 20:46:20 -08:00
Alex Edwards
4741017055 worker start command missing registration and emailer config. exported as env variables like other properties. 2016-01-26 20:40:50 -08:00
Eric Chiang
1bc004e5b3 Merge pull request #294 from ericchiang/db_url_flag
Documentation: fix --db-url flag
2016-01-26 17:53:12 -08:00
Eric Chiang
7b32d9e4ee Documentation: fix --db-url flag
As was noted in #293 --db-url must take two slashs, not one.
2016-01-26 17:30:01 -08:00
Eric Chiang
6bcdbd2660 Merge pull request #293 from set321go/master
Fixed db-url flag in standup-db.sh
2016-01-26 17:28:52 -08:00
Alex Edwards
f6361f67fe fixed -db-url flag as it now requires two dashes --db-url 2016-01-26 17:18:52 -08:00
Eric Chiang
a3f26be501 Merge pull request #289 from ericchiang/godeps
Documentation: add section about using godeps
2016-01-25 20:38:52 -08:00
Eric Chiang
75a5362d46 Documentation: add section about using godeps 2016-01-25 20:17:34 -08:00
Eric Chiang
26fa124efd Merge pull request #288 from fnordahl/change-to-status-found
Change status code used for redirects from StatusTemporaryRedirect (3…
2016-01-23 16:46:32 -08:00
Frode Nordahl
5d284e08ae Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302)
HTTP code 307 aka. StatusTemporaryRedirect is used throughout the
project. However, the endpoints redirected to explicitly expects
the client to make a GET request.

If a HTTP client issues a POST request to a server and receives a
HTTP 307 redirect, it forwards the POST request to the new URL.

When using 302 the HTTP client will issue a GET request.

Fixes #287
2016-01-23 22:33:53 +01:00
bobbyrullo
789d9a68cc Merge pull request #282 from ericchiang/fix_token_test
server: fix reset password test
2016-01-20 14:35:46 -08:00
Eric Chiang
849f737095 Merge pull request #283 from coreos/quote-build-docker-push
travis: quote cwd build-docker-push script
2016-01-20 09:09:06 -08:00
Dalton Hubble
4b9afb84d6 travis: Quote cwd build-docker-push script 2016-01-20 00:41:40 -08:00
Eric Chiang
4da143ca2d server: fix reset password test
TestResetPasswordHandler depended on makeToken begin called twice
during the initialization of a single test case and later assuming
the result would match. Because the token has a timestamp accurate
to the second, occasionally the timestamps would be slightly off
within a single test case and cause the test to fail.

Adding a sleep statement to makeToken would cause the test to fail
reliably.

Define a single token for each test case outside of the struct
initializer so test cases compare the same token.

Closes #274

Additionally remove logging statements that dump entire HTML pages.
2016-01-19 19:45:16 -08:00
Eric Chiang
6b4aa88306 Merge pull request #280 from ericchiang/user_api
*: move user API auth to middleware and fix return status
2016-01-19 15:52:11 -08:00
Eric Chiang
0ada4c8010 *: move user API auth to middleware and fix return status
Move client authentication into its own middleware and provide
differentiation between HTTP requests that do not provide
credentials (401) and requests that authenticate as a non-admin
user (403).

Closes #152
2016-01-19 13:49:01 -08:00
Eric Chiang
ace8253c82 Merge pull request #279 from dghubble/master
travis: Change from after_success script to travis deploy
2016-01-19 11:41:42 -08:00
Dalton Hubble
cf0c2afa4c travis: Change from after_success script to travis deploy 2016-01-19 11:22:46 -08:00
bobbyrullo
bfe53e0b03 Merge pull request #275 from ericchiang/decode_err
db: log ignored base64 decode error
2016-01-19 09:35:55 -08:00
bobbyrullo
67c1bd6aee Merge pull request #277 from ericchiang/cmd_stdin
*: allow dexctl set-connector-configs to read from stdin
2016-01-19 09:34:33 -08:00
Eric Chiang
ec3bc7f258 *: allow dexctl set-connector-configs to read from stdin
Closes #276
2016-01-19 08:59:34 -08:00
Eric Chiang
d255007ed9 db: log ignored base64 decode error
Closes #270
2016-01-15 15:31:46 -08:00
Eric Chiang
0deccc7050 cmd: add version to command worker and overlord, print go version
Closes #272
2016-01-15 11:15:32 -08:00
Eric Chiang
61ec5bb15a Documentation: move proposals to their own sub directory 2016-01-15 10:42:57 -08:00
Eric Chiang
b5c7f1978e Merge pull request #269 from ericchiang/update_go_version
*: upgrade to go 1.5.3
2016-01-13 15:32:55 -08:00
Eric Chiang
9db1062e46 *: upgrade to go 1.5.3 2016-01-13 15:01:26 -08:00
Eric Chiang
9796a1e648 *: add migration to update JSON fields and require postgres 9.4+
The "redirectURLs" field in the client metadata has been updated
to the correct "redirect_uris". To allow backwards compatibility
use Postgres' JSON features to update the actual JSON in the text
field.

json_build_object was introduced in Postgres 9.4. So update the
documentations to require at least this version.
2016-01-12 17:19:07 -08:00
Eric Chiang
5e44b6bc27 *: update all to accommodate changes to go-oidc
Update dex to comply with the changes to fieldnames and types of
the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00
Eric Chiang
e80701f4b9 Godeps: update go-oidc for updates to client and provider metadata 2016-01-12 17:15:55 -08:00
Eric Chiang
09d8d8423c Merge pull request #263 from ericchiang/admin_tests
admin: add build ignore tag to tests that don't compile
2016-01-11 13:23:13 -08:00
Eric Chiang
69dcfec1be admin: add build ignore tag to tests that don't compile
These tests aren't included in the top level test script so have
unintentionally been ignored and currently don't compile. Until
this is fixed (see #257) add a build tag so tools ignore them.
2016-01-11 11:58:17 -08:00
bobbyrullo
217e26691c Merge pull request #259 from ericchiang/secret_errors
pkg: improve base64 flag error message
2016-01-08 16:39:43 -08:00
Eric Chiang
f9fc876391 Merge pull request #260 from ericchiang/maintainers
*: update MAINTAINERS
2016-01-08 15:00:14 -08:00