Commit graph

420 commits

Author SHA1 Message Date
Eric Chiang
e5f60fe9dd vendor: revendor 2017-03-08 10:33:36 -08:00
Eric Chiang
777eeafabc *: update go-oidc and use standard library's context package 2017-03-08 10:33:19 -08:00
Eric Chiang
3e5480a859 Merge pull request #829 from ericchiang/fix-keys-expiry
server: fix expiry detection for verification keys
2017-03-01 12:46:23 -08:00
Eric Chiang
920f6fb5cd Merge pull request #825 from ericchiang/http2
storage/kubernetes: enable HTTP/2 support
2017-03-01 12:46:07 -08:00
Eric Chiang
2c4752d5d4 server: fix expiry detection for verification keys 2017-03-01 12:43:45 -08:00
rithu leena john
3797a71ec9 Merge pull request #812 from rithujohn191/example-client
examples: adding a gRPC client example.
2017-02-28 13:34:23 -08:00
Eric Chiang
38c77e0f33 storage/kubernetes: enable HTTP/2 support 2017-02-28 12:42:06 -08:00
rithu john
fa2f76bcdb examples: adding a gRPC client example. 2017-02-28 12:06:44 -08:00
rithu leena john
bb896a8222 Merge pull request #823 from ericchiang/tpr-already-exists
storage/kubernetes: fix conflict error detection in TRP creation
2017-02-27 11:21:43 -08:00
Eric Chiang
a7b8e52b92 storage/kubernetes: fix conflict error detection in TRP creation
PR #815 fixed the Kubernetes storage implementation by correctly
returning storage.ErrAlreadyExists on POST conflicts. This caused a
regression in TPR creation (#822) when some, but not all, of the
resources already existed. E.g. for users upgrading from old
versions of dex.

Fixes #822
2017-02-27 11:01:47 -08:00
rithu leena john
8e562dac2d Merge pull request #819 from SEJeff/patch-1
[storage.md] Fix the ThirdPartyResource syntax
2017-02-24 13:55:19 -08:00
Jeff Schroeder
58d80547ef [storage.md] Fix the ThirdPartyResource syntax
This makes manually creating the `o-auth2-client.oidc.coreos.com` actually work.
2017-02-24 15:35:29 -06:00
Eric Chiang
cd93930934 Merge pull request #817 from ericchiang/fix-hash-bug
storage/kubernetes: fix hash initialization bug
2017-02-24 12:58:22 -08:00
Eric Chiang
1da2ae279c storage/kubernetes: fix hash initialization bug 2017-02-24 12:55:04 -08:00
Eric Chiang
25b902b0c2 Merge pull request #815 from ericchiang/fix-k8s-storage
storage/kubernetes: fix kubernetes storage conformance test failures
2017-02-23 19:31:45 -08:00
Eric Chiang
4be029c6c1 storage/kubernetes: fix kubernetes storage conformance test failures 2017-02-23 19:23:19 -08:00
Eric Chiang
58eb25aa60 Merge pull request #813 from SEJeff/patch-1
[Makefile] Allow specifying VERSION as an env var
2017-02-23 10:44:25 -08:00
Jeff Schroeder
4630f69f17 [Makefile] Allow specifying VERSION as an env var
This makes specifying the VERSION when building native operating system packages require less hacks.

Refs: #811
2017-02-23 12:23:33 -06:00
Eric Chiang
af0d9cebd1 Merge pull request #810 from caarlos0/patch-1
simplified clone: using go get
2017-02-22 08:38:13 -08:00
Carlos Alexandro Becker
f57e19e6ab simplified clone: using go get 2017-02-22 09:33:01 -03:00
rithu leena john
c76832eaea Merge pull request #809 from rithujohn191/set-error-flag
storage: Surface "already exists" errors.
2017-02-21 16:09:48 -08:00
rithu john
3df1db1864 storage: Surface "already exists" errors. 2017-02-21 15:00:22 -08:00
rithu leena john
90c80e700a Merge pull request #807 from rithujohn191/fix-typo
web/static/main.css: fix typo.
2017-02-21 13:30:07 -08:00
rithu john
0ee40865a2 web/static/main.css: fix typo. 2017-02-20 08:48:36 -08:00
rithu leena john
7e9dc836eb Merge pull request #802 from rithujohn191/token-revocation
api: adding a gRPC call for revoking refresh tokens.
2017-02-15 08:43:58 -08:00
rithu john
1ec19d4fbf api: adding a gRPC call for revoking refresh tokens. 2017-02-15 07:48:20 -08:00
rithu leena john
b119ffddcb Merge pull request #801 from rithujohn191/token-revocation
api: adding a gRPC call for listing refresh tokens.
2017-02-13 18:36:56 -08:00
rithu john
d201e49248 api: adding a gRPC call for listing refresh tokens. 2017-02-13 16:12:16 -08:00
rithu leena john
53e383670a Merge pull request #793 from rithujohn191/token-revocation
storage: Add OfflineSession object to backend storage.
2017-02-09 19:46:00 -08:00
rithu john
d928ac0677 storage: Add OfflineSession object to backend storage. 2017-02-09 19:01:28 -08:00
rithu leena john
49f446c1a7 Merge pull request #800 from ericchiang/server-test-comments
server: clean up test comments and code flow
2017-02-07 10:37:32 -08:00
Eric Chiang
80038847de server: clean up test comments and code flow 2017-02-07 10:31:51 -08:00
Eric Chiang
dd415f5e2f Merge pull request #799 from ericchiang/thirdpartyresources
Documentation: warn admins not to edit dex ThirdPartyResources manually
2017-02-06 15:04:40 -08:00
rithu leena john
167d7be281 Merge pull request #790 from givia/github-teams-pagination
Fixes #706
2017-02-06 11:13:03 -08:00
Eric Chiang
adf3703962 Documentation: warn admins not to edit dex ThirdPartyResources manually 2017-02-06 10:35:27 -08:00
Eric Chiang
7f860e09b5 Merge pull request #796 from ericchiang/html-template
{web,server}: use html/template and reduce use of auth request ID
2017-02-02 17:33:06 -08:00
Eric Chiang
72a431dd4b {web,server}: use html/template and reduce use of auth request ID
Switch from using "text/template" to "html/template", which provides
basic XSS preventions. We haven't identified any particular place
where unsanitized user data is rendered to the frontend. This is
just a preventative step.

At the same time, make more templates take pure URL instead of
forming an URL themselves using an "authReqID" argument. This will
help us stop using the auth req ID in certain places, preventing
garbage collection from killing login flows that wait too long at
the login screen.

Also increase the login session window (time between initial
redirect and the user logging in) from 30 minutes to 24 hours,
and display a more helpful error message when the session expires.

How to test:

1. Spin up dex and example with examples/config-dev.yaml.
2. Login through both the password prompt and the direct redirect.
3. Edit examples/config-dev.yaml removing the "connectors" section.
4. Ensure you can still login with a password.

(email/password is "admin@example.com" and "password")
2017-02-02 11:11:00 -08:00
rithu leena john
12f969364e Merge pull request #794 from rithujohn191/saml-doc
Documentation: Minor changes to SAML connector doc.
2017-02-02 09:49:00 -08:00
rithu john
fecd596ae2 Documentation: Minor changes to SAML connector doc. 2017-02-01 11:28:46 -08:00
rithu leena john
42d0728048 Merge pull request #785 from holgerkoser/master
Improve SAML Signature and Response Validation
2017-02-01 11:14:13 -08:00
rithu leena john
27224cdc98 Merge pull request #788 from givia/gitlab-connector
connector: add GitLab connecor
2017-02-01 09:39:37 -08:00
Ali Javadi
e623ad4d35 connector: add GitLab connector 2017-01-28 01:36:02 +03:30
Eric Chiang
0dcf1bcf79 Merge pull request #792 from ericchiang/auth-endpoint-post
server: support POSTing to authorization endpoint
2017-01-27 13:36:02 -08:00
Eric Chiang
8541184afb server: support POSTing to authorization endpoint
Fixes #791
2017-01-27 11:42:46 -08:00
rithu leena john
36883d0bbf Merge pull request #789 from rithujohn191/token-revocation-proposal
Documentation/proposals: Add a proposal for refresh token revocation.
2017-01-27 09:39:13 -08:00
rithu john
d114b8ffc7 Documentation/proposals: Add a proposal for refresh token revocation. 2017-01-27 09:37:01 -08:00
Ali Javadi
98bfa4fbb1 Fixes #706 2017-01-27 05:12:58 +03:30
Holger Koser
27a1e9f1bd vendor: revendor 2017-01-26 19:06:54 +01:00
Holger Koser
e46f2ebe40 Improve SAML Signature and Response Validation
* Improve Order of Namespace Declarations and Attributes in Canonical XML. This is related to an issue in goxmldsig for which I created an [pull request](https://github.com/russellhaering/goxmldsig/pull/17).
* Do not compress the AuthnRequest if `HTTP-POST` binding is used.
* SAML Response is valid if the Message and/or the Assertion is signed.
* Add `AssertionConsumerServiceURL` to `AuthnRequest`
* Validate Status on the Response
* Validate Conditions on the Assertion
* Validation SubjectConfirmation on the Subject
2017-01-26 19:05:40 +01:00
rithu leena john
48fcf66a35 Merge pull request #783 from rithujohn191/config-validation
cmd/dex: make connector name field mandatory in dex configuration.
2017-01-23 17:03:50 -08:00