Commit graph

47 commits

Author SHA1 Message Date
Bobby Rullo
e7141336bc db: Client() should not return the secret
It's never used by downstream code, and besides, it's not really the
secret but a Hash of the secret.
2016-04-20 14:31:27 -07:00
Bobby Rullo
e5948ab3ce *: ClientIdentityXXX -> ClientXXX
Get rid of all outdated "ClientIdentity" terminology.
2016-04-20 14:31:27 -07:00
Bobby Rullo
95757e8779 *: Client Repo now deals with custom Client object
This is instead of oidc.ClientIdentity. This makes it easier to add new
fields custom to dex to the client.
2016-04-20 14:31:27 -07:00
Eric Chiang
5c5df23a57 db: print better error messages for invalid input
When client secrets are not base64 encoded, print an error message
that's not a generic base64 decode error:

   client secrets must be base64 decodable. See issue #337.
   Please consider replaceing "secret" with "c2VjcmV0"

When a user file is missing a mandatory field print an error message.

	Unable to build Server: user elroy-foo is missing email field

For #400
2016-04-11 16:31:50 -07:00
Eric Chiang
7416929455 *: add revocation methods to refresh repo 2016-04-06 11:25:50 -07:00
Eric Chiang
6120f7ac05 *: add isAdmin option to client repo when creating a client 2016-04-05 11:29:58 -07:00
Eric Chiang
60b843e78b Merge pull request #339 from ericchiang/case_insensitive_emails
db: email comparison should be case insensitive
2016-03-02 16:51:47 -08:00
Eric Chiang
09069a51a7 Merge pull request #356 from ericchiang/fix_cross_compilation
Fix cross compilation
2016-03-02 14:47:39 -08:00
Eric Chiang
875d5d09bf db: regenerate migrations 2016-03-02 14:47:17 -08:00
Eric Chiang
4feaae98b0 db: add better comment about migration 2016-03-02 14:47:00 -08:00
Eric Chiang
93b89ad0e9 db: protect the sqlite3 import with a cgo tag 2016-03-02 12:02:55 -08:00
Eric Chiang
2a0cc47419 db: generate in-memory migration assets 2016-03-01 10:59:25 -08:00
Eric Chiang
f738188c13 db: switch migration source to use in-memory migration
When reading migrations from files, sql-migrate attempts to split
SQL statements. The parsing logic does not handle $BODY$ statements
and broke when the migration included one.

Replace go-bindata with a small migration generation script and use
in memory migrations instead.
2016-03-01 10:55:05 -08:00
Eric Chiang
208afd3b01 *: add functional tests for case insensitive emails 2016-03-01 10:54:12 -08:00
Eric Chiang
9bc68edae7 *: add migration to convert all emails to lowercase
Fixes #338
2016-03-01 10:51:50 -08:00
Eric Chiang
22180c697f db: only allow one open connection for in memory databases
sqlite3 in memory databases do not support concurrent writes. Limit
number of open connections to prevent race conditions.
2016-02-22 16:30:48 -08:00
Eric Chiang
ed5dee9960 db: clean up quote and executor function calls, improve translate docs 2016-02-16 18:19:23 -08:00
Eric Chiang
1658e86b2a *: fix govet warnings 2016-02-12 13:19:05 -08:00
Eric Chiang
72d1ecab64 *: remove in memory password info repo 2016-02-12 13:19:05 -08:00
Eric Chiang
95560404a3 *: remove in memory refresh repo 2016-02-12 13:19:05 -08:00
Eric Chiang
7bac93aa20 *: remove in memory session repos
Move manager to it's own package so it can import db. Move all
references to the in memory session repos to use sqlite3.
2016-02-12 13:19:05 -08:00
Eric Chiang
bfd63b7514 db: add sqlite3 support 2016-02-12 13:19:05 -08:00
Eric Chiang
af790e46bb Merge pull request #267 from ericchiang/metadata
add dynamic client registration
2016-02-01 16:25:57 -08:00
Eric Chiang
d255007ed9 db: log ignored base64 decode error
Closes #270
2016-01-15 15:31:46 -08:00
Eric Chiang
9796a1e648 *: add migration to update JSON fields and require postgres 9.4+
The "redirectURLs" field in the client metadata has been updated
to the correct "redirect_uris". To allow backwards compatibility
use Postgres' JSON features to update the actual JSON in the text
field.

json_build_object was introduced in Postgres 9.4. So update the
documentations to require at least this version.
2016-01-12 17:19:07 -08:00
Bobby Rullo
c1f8effe1a db, functional: make value column in key not pkey
go-oidc increased the size of the generated keys, which were too large
to be used as primary keys in postgres.
2015-12-28 16:02:16 -08:00
Eric Chiang
a7138b3cfd db: rebuild miration assets using go generate 2015-12-21 09:45:53 -08:00
Eric Chiang
6cb3146b09 build,db: don't call go-bindata on every build
Add go generate rule to generate migration assets.
2015-12-21 09:43:45 -08:00
Eric Chiang
49389c9b90 cmd, db: verify at least one secret is passed to --key-secrets
Passing an empty list to the overlord or worker's --key-secrets
flag currently causes an out of range panic. Always check to ensure
there's at least one element passed.

Fixes #130
Fixes #217
2015-12-16 20:28:21 -08:00
Eric Chiang
9f3bf0d160 db: strconv.ParseInt specify base 10
closes #99
2015-12-09 14:47:21 -08:00
Eric Chiang
5295344f9e db: fixed missing return statement GetConnectorByID
Added missing err return introduced by #199
2015-12-07 20:58:36 -08:00
Eric Chiang
f43655a8c3 user/manager: connector must exists when creating remote identity
Add ConnectorConfigRepo to UserManager. When trying to create a
RemoteIdentity, validate that the connector ID exists.

Fixes #198
2015-12-07 17:34:08 -08:00
George Tankersley
07a4d4441e pkg/crypto: replace old crypto with new crypto 2015-10-29 13:45:25 -07:00
Joe Bowers
c70b29f83d db: log schema errors, distinguish them from nil results where needed 2015-09-29 20:07:36 -07:00
Joe Bowers
2ed2859896 repo: functional repo tests
includes changes to ensure uniform errors for DB and in-memory repos
2015-09-29 16:46:48 -07:00
Joe Bowers
e5db302312 server: expose user disable API endpoint 2015-09-29 16:46:30 -07:00
Joe Bowers
60a36e2c2e server,db: flag for disabling user login 2015-09-25 14:25:06 -07:00
Giulio Iotti
472e4a02a4 *: Remove unnecessary else statements
Whenever it makes the code easier to follow, use early return to
avoid else statements.
2015-09-04 22:45:32 +03:00
Yifan Gu
44c6cb44f5 refresh: bcrypt raw bytes rather than base64 encoded string.
This enables us to control the length of the bytes that will be bcrypted,
by default it's 64.

Also changed the token's stored form from string('text') to []byte('bytea')
and added some test cases for different types of invalid tokens.
2015-09-02 14:23:20 -07:00
Yifan Gu
066fd859ec session: add 'scope' field in session. 2015-08-31 13:51:59 -07:00
bobbyrullo
5abc7633fb Merge pull request #87 from bobbyrullo/keyspace
Base64 Encode secrets, and allow >1 of them
2015-08-26 10:43:42 -07:00
Bobby Rullo
c8feb5c33d db: PrivateKeySetRepo now takes >1 secrets
The first secret is used to encrypt, the rest are for decryption; if the
first doesn't work, the rest are tried in order.

The makes it possible to rotate keys.
2015-08-25 16:41:20 -07:00
Bobby Rullo
74df09acb6 db: gorp moved to github.com/go-gorp/gorp 2015-08-24 15:43:15 -07:00
Bobby Rullo
4ce5a36d08 db: initialize bigint, boolean columns
gorp hates nil.
2015-08-20 12:38:15 -07:00
Bobby Rullo
8b6a2699d9 cmd/dex-overlord, db: migrations in overlord
Migrations happen only in the overlord, so there's no thundering herd,
and database initialziation can be more easily controlled.
2015-08-20 11:44:43 -07:00
Bobby Rullo
c16e3b5a10 db: add DB migration code and scripts. 2015-08-20 11:44:43 -07:00
Bobby Rullo
66fe201c24 *: move original project to dex 2015-08-18 11:26:57 -07:00