commit
01f7bf73a0
@ -281,7 +281,7 @@ func (m *DeleteClientResp) GetNotFound() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// UpdateClientReq is a request to update an exisitng client.
|
||||
// UpdateClientReq is a request to update an existing client.
|
||||
type UpdateClientReq struct {
|
||||
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
|
||||
RedirectUris []string `protobuf:"bytes,2,rep,name=redirect_uris,json=redirectUris,proto3" json:"redirect_uris,omitempty"`
|
||||
@ -353,7 +353,7 @@ func (m *UpdateClientReq) GetLogoUrl() string {
|
||||
return ""
|
||||
}
|
||||
|
||||
// UpdateClientResp returns the reponse form updating a client.
|
||||
// UpdateClientResp returns the response from updating a client.
|
||||
type UpdateClientResp struct {
|
||||
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
|
@ -36,7 +36,7 @@ message DeleteClientResp {
|
||||
bool not_found = 1;
|
||||
}
|
||||
|
||||
// UpdateClientReq is a request to update an exisitng client.
|
||||
// UpdateClientReq is a request to update an existing client.
|
||||
message UpdateClientReq {
|
||||
string id = 1;
|
||||
repeated string redirect_uris = 2;
|
||||
@ -45,7 +45,7 @@ message UpdateClientReq {
|
||||
string logo_url = 5;
|
||||
}
|
||||
|
||||
// UpdateClientResp returns the reponse form updating a client.
|
||||
// UpdateClientResp returns the response from updating a client.
|
||||
message UpdateClientResp {
|
||||
bool not_found = 1;
|
||||
}
|
||||
|
@ -281,7 +281,7 @@ func (m *DeleteClientResp) GetNotFound() bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// UpdateClientReq is a request to update an exisitng client.
|
||||
// UpdateClientReq is a request to update an existing client.
|
||||
type UpdateClientReq struct {
|
||||
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
|
||||
RedirectUris []string `protobuf:"bytes,2,rep,name=redirect_uris,json=redirectUris,proto3" json:"redirect_uris,omitempty"`
|
||||
@ -353,7 +353,7 @@ func (m *UpdateClientReq) GetLogoUrl() string {
|
||||
return ""
|
||||
}
|
||||
|
||||
// UpdateClientResp returns the reponse form updating a client.
|
||||
// UpdateClientResp returns the response from updating a client.
|
||||
type UpdateClientResp struct {
|
||||
NotFound bool `protobuf:"varint,1,opt,name=not_found,json=notFound,proto3" json:"not_found,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
|
@ -36,7 +36,7 @@ message DeleteClientResp {
|
||||
bool not_found = 1;
|
||||
}
|
||||
|
||||
// UpdateClientReq is a request to update an exisitng client.
|
||||
// UpdateClientReq is a request to update an existing client.
|
||||
message UpdateClientReq {
|
||||
string id = 1;
|
||||
repeated string redirect_uris = 2;
|
||||
@ -45,7 +45,7 @@ message UpdateClientReq {
|
||||
string logo_url = 5;
|
||||
}
|
||||
|
||||
// UpdateClientResp returns the reponse form updating a client.
|
||||
// UpdateClientResp returns the response from updating a client.
|
||||
message UpdateClientResp {
|
||||
bool not_found = 1;
|
||||
}
|
||||
|
@ -29,7 +29,7 @@ import (
|
||||
// # The following field is required if using port 389.
|
||||
// # insecureNoSSL: true
|
||||
// rootCA: /etc/dex/ldap.ca
|
||||
// bindDN: uid=seviceaccount,cn=users,dc=example,dc=com
|
||||
// bindDN: uid=serviceaccount,cn=users,dc=example,dc=com
|
||||
// bindPW: password
|
||||
// userSearch:
|
||||
// # Would translate to the query "(&(objectClass=person)(uid=<username>))"
|
||||
|
@ -204,7 +204,7 @@ func (c *microsoftConnector) HandleCallback(s connector.Scopes, r *http.Request)
|
||||
|
||||
type tokenNotifyFunc func(*oauth2.Token) error
|
||||
|
||||
// notifyRefreshTokenSource is essentially `oauth2.ResuseTokenSource` with `TokenNotifyFunc` added.
|
||||
// notifyRefreshTokenSource is essentially `oauth2.ReuseTokenSource` with `TokenNotifyFunc` added.
|
||||
type notifyRefreshTokenSource struct {
|
||||
new oauth2.TokenSource
|
||||
mu sync.Mutex // guards t
|
||||
|
@ -38,7 +38,7 @@ type Config struct {
|
||||
// If this field is nonempty, only users from a listed domain will be allowed to log in
|
||||
HostedDomains []string `json:"hostedDomains"`
|
||||
|
||||
// Override the value of email_verifed to true in the returned claims
|
||||
// Override the value of email_verified to true in the returned claims
|
||||
InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"`
|
||||
|
||||
// InsecureEnableGroups enables groups claims. This is disabled by default until https://github.com/dexidp/dex/issues/1065 is resolved
|
||||
|
@ -452,7 +452,7 @@ func (p *provider) HandlePOST(s connector.Scopes, samlResponse, inResponseTo str
|
||||
}
|
||||
|
||||
// validateStatus verifies that the response has a good status code or
|
||||
// formats a human readble error based on the bad status.
|
||||
// formats a human readable error based on the bad status.
|
||||
func (p *provider) validateStatus(status *status) error {
|
||||
// StatusCode is mandatory in the Status type
|
||||
statusCode := status.StatusCode
|
||||
@ -480,7 +480,7 @@ func (p *provider) validateStatus(status *status) error {
|
||||
// see https://www.oasis-open.org/committees/download.php/35389/sstc-saml-profiles-errata-2.0-wd-06-diff.pdf
|
||||
//
|
||||
// Some of these fields are optional, but we're going to be strict here since
|
||||
// we have no other way of guarenteeing that this is actually the response to
|
||||
// we have no other way of guaranteeing that this is actually the response to
|
||||
// the request we expect.
|
||||
func (p *provider) validateSubject(subject *subject, inResponseTo string) error {
|
||||
// Optional according to the spec, but again, we're going to be strict here.
|
||||
|
@ -562,7 +562,7 @@ func runVerify(t *testing.T, ca string, resp string, shouldSucceed bool) {
|
||||
}
|
||||
} else {
|
||||
if !shouldSucceed {
|
||||
t.Fatalf("expected an invalid signatrue but verification has been successful")
|
||||
t.Fatalf("expected an invalid signature but verification has been successful")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -23,7 +23,7 @@ import (
|
||||
type apiClient struct {
|
||||
// Embedded gRPC client to talk to the server.
|
||||
api.DexClient
|
||||
// Close releases resources associated with this client, includuing shutting
|
||||
// Close releases resources associated with this client, including shutting
|
||||
// down the background server.
|
||||
Close func()
|
||||
}
|
||||
@ -226,7 +226,7 @@ func TestCheckCost(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// Attempts to list and revoke an exisiting refresh token.
|
||||
// Attempts to list and revoke an existing refresh token.
|
||||
func TestRefreshToken(t *testing.T) {
|
||||
logger := &logrus.Logger{
|
||||
Out: os.Stderr,
|
||||
|
@ -855,7 +855,7 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
|
||||
s.writeAccessToken(w, tokenResponse)
|
||||
}
|
||||
|
||||
func (s *Server) exchangeAuthCode(w http.ResponseWriter, authCode storage.AuthCode, client storage.Client) (*accessTokenReponse, error) {
|
||||
func (s *Server) exchangeAuthCode(w http.ResponseWriter, authCode storage.AuthCode, client storage.Client) (*accessTokenResponse, error) {
|
||||
accessToken, err := s.newAccessToken(client.ID, authCode.Claims, authCode.Scopes, authCode.Nonce, authCode.ConnectorID)
|
||||
if err != nil {
|
||||
s.logger.Errorf("failed to create new access token: %v", err)
|
||||
@ -1449,7 +1449,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
|
||||
s.writeAccessToken(w, resp)
|
||||
}
|
||||
|
||||
type accessTokenReponse struct {
|
||||
type accessTokenResponse struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
TokenType string `json:"token_type"`
|
||||
ExpiresIn int `json:"expires_in"`
|
||||
@ -1457,8 +1457,8 @@ type accessTokenReponse struct {
|
||||
IDToken string `json:"id_token"`
|
||||
}
|
||||
|
||||
func (s *Server) toAccessTokenResponse(idToken, accessToken, refreshToken string, expiry time.Time) *accessTokenReponse {
|
||||
return &accessTokenReponse{
|
||||
func (s *Server) toAccessTokenResponse(idToken, accessToken, refreshToken string, expiry time.Time) *accessTokenResponse {
|
||||
return &accessTokenResponse{
|
||||
accessToken,
|
||||
"bearer",
|
||||
int(expiry.Sub(s.now()).Seconds()),
|
||||
@ -1467,7 +1467,7 @@ func (s *Server) toAccessTokenResponse(idToken, accessToken, refreshToken string
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTokenReponse) {
|
||||
func (s *Server) writeAccessToken(w http.ResponseWriter, resp *accessTokenResponse) {
|
||||
data, err := json.Marshal(resp)
|
||||
if err != nil {
|
||||
s.logger.Errorf("failed to marshal access token response: %v", err)
|
||||
|
@ -129,7 +129,7 @@ func TestConnectorLoginDoesNotAllowToChangeConnectorForAuthRequest(t *testing.T)
|
||||
|
||||
templates, err := loadTemplates(webConfig{}, "../web/templates")
|
||||
if err != nil {
|
||||
t.Fatal("failed to load tempalates")
|
||||
t.Fatal("failed to load templates")
|
||||
}
|
||||
|
||||
s := &Server{
|
||||
|
@ -194,7 +194,7 @@ func signPayload(key *jose.JSONWebKey, alg jose.SignatureAlgorithm, payload []by
|
||||
|
||||
signer, err := jose.NewSigner(signingKey, &jose.SignerOptions{})
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("new signier: %v", err)
|
||||
return "", fmt.Errorf("new signer: %v", err)
|
||||
}
|
||||
signature, err := signer.Sign(payload)
|
||||
if err != nil {
|
||||
|
@ -25,7 +25,7 @@ type rotationStrategy struct {
|
||||
rotationFrequency time.Duration
|
||||
|
||||
// After being rotated how long should the key be kept around for validating
|
||||
// signatues?
|
||||
// signatures?
|
||||
idTokenValidFor time.Duration
|
||||
|
||||
// Keys are always RSA keys. Though cryptopasta recommends ECDSA keys, not every
|
||||
@ -55,7 +55,7 @@ func defaultRotationStrategy(rotationFrequency, idTokenValidFor time.Duration) r
|
||||
}
|
||||
}
|
||||
|
||||
type keyRotater struct {
|
||||
type keyRotator struct {
|
||||
storage.Storage
|
||||
|
||||
strategy rotationStrategy
|
||||
@ -69,10 +69,10 @@ type keyRotater struct {
|
||||
// The method blocks until after the first attempt to rotate keys has completed. That way
|
||||
// healthy storages will return from this call with valid keys.
|
||||
func (s *Server) startKeyRotation(ctx context.Context, strategy rotationStrategy, now func() time.Time) {
|
||||
rotater := keyRotater{s.storage, strategy, now, s.logger}
|
||||
rotator := keyRotator{s.storage, strategy, now, s.logger}
|
||||
|
||||
// Try to rotate immediately so properly configured storages will have keys.
|
||||
if err := rotater.rotate(); err != nil {
|
||||
if err := rotator.rotate(); err != nil {
|
||||
if err == errAlreadyRotated {
|
||||
s.logger.Infof("Key rotation not needed: %v", err)
|
||||
} else {
|
||||
@ -86,7 +86,7 @@ func (s *Server) startKeyRotation(ctx context.Context, strategy rotationStrategy
|
||||
case <-ctx.Done():
|
||||
return
|
||||
case <-time.After(time.Second * 30):
|
||||
if err := rotater.rotate(); err != nil {
|
||||
if err := rotator.rotate(); err != nil {
|
||||
s.logger.Errorf("failed to rotate keys: %v", err)
|
||||
}
|
||||
}
|
||||
@ -94,7 +94,7 @@ func (s *Server) startKeyRotation(ctx context.Context, strategy rotationStrategy
|
||||
}()
|
||||
}
|
||||
|
||||
func (k keyRotater) rotate() error {
|
||||
func (k keyRotator) rotate() error {
|
||||
keys, err := k.GetKeys()
|
||||
if err != nil && err != storage.ErrNotFound {
|
||||
return fmt.Errorf("get keys: %v", err)
|
||||
|
@ -57,7 +57,7 @@ func slicesEq(s1, s2 []string) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func TestKeyRotater(t *testing.T) {
|
||||
func TestKeyRotator(t *testing.T) {
|
||||
now := time.Now()
|
||||
|
||||
delta := time.Millisecond
|
||||
@ -73,7 +73,7 @@ func TestKeyRotater(t *testing.T) {
|
||||
Level: logrus.DebugLevel,
|
||||
}
|
||||
|
||||
r := &keyRotater{
|
||||
r := &keyRotator{
|
||||
Storage: memory.New(l),
|
||||
strategy: defaultRotationStrategy(rotationFrequency, validFor),
|
||||
now: func() time.Time { return now },
|
||||
|
@ -435,7 +435,7 @@ func makeOAuth2Tests(clientID string, clientSecret string, now func() time.Time)
|
||||
v.Add("client_secret", clientSecret)
|
||||
v.Add("grant_type", "refresh_token")
|
||||
v.Add("refresh_token", token.RefreshToken)
|
||||
// Request a scope that wasn't requestd initially.
|
||||
// Request a scope that wasn't requested initially.
|
||||
v.Add("scope", "oidc email profile")
|
||||
resp, err := http.PostForm(p.Endpoint().TokenURL, v)
|
||||
if err != nil {
|
||||
@ -721,7 +721,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
|
||||
|
||||
defer oauth2Client.Close()
|
||||
|
||||
// Regester the client above with dex.
|
||||
// Register the client above with dex.
|
||||
redirectURL := oauth2Client.URL + "/callback"
|
||||
client := storage.Client{
|
||||
ID: clientID,
|
||||
@ -1560,7 +1560,7 @@ func TestOAuth2DeviceFlow(t *testing.T) {
|
||||
}
|
||||
|
||||
// Parse the response
|
||||
var tokenRes accessTokenReponse
|
||||
var tokenRes accessTokenResponse
|
||||
if err := json.Unmarshal(responseBody, &tokenRes); err != nil {
|
||||
t.Errorf("Unexpected Device Access Token Response Format %v", string(responseBody))
|
||||
}
|
||||
|
@ -406,7 +406,7 @@ func testRefreshTokenCRUD(t *testing.T, s storage.Storage) {
|
||||
return r, nil
|
||||
}
|
||||
if err := s.UpdateRefreshToken(id, updater); err != nil {
|
||||
t.Errorf("failed to udpate refresh token: %v", err)
|
||||
t.Errorf("failed to update refresh token: %v", err)
|
||||
}
|
||||
refresh.Token = "spam"
|
||||
refresh.LastUsed = updatedAt
|
||||
@ -616,7 +616,7 @@ func testConnectorCRUD(t *testing.T, s storage.Storage) {
|
||||
mustBeErrAlreadyExists(t, "connector", err)
|
||||
|
||||
id2 := storage.NewID()
|
||||
config2 := []byte(`{"redirectURIi": "http://127.0.0.1:5556/dex/callback"}`)
|
||||
config2 := []byte(`{"redirectURI": "http://127.0.0.1:5556/dex/callback"}`)
|
||||
c2 := storage.Connector{
|
||||
ID: id2,
|
||||
Type: "Mock",
|
||||
|
@ -32,7 +32,7 @@ func newUUID() string {
|
||||
}
|
||||
|
||||
var tmpl = template.Must(template.New("jwks.go").Parse(`
|
||||
// This file was generaged by gen_jwks.go
|
||||
// This file was generated by gen_jwks.go
|
||||
|
||||
package conformance
|
||||
|
||||
|
@ -32,11 +32,11 @@ type Config struct {
|
||||
APIVersion string `json:"apiVersion,omitempty"`
|
||||
// Preferences holds general information to be use for cli interactions
|
||||
Preferences Preferences `json:"preferences"`
|
||||
// Clusters is a map of referencable names to cluster configs
|
||||
// Clusters is a map of referenceable names to cluster configs
|
||||
Clusters []NamedCluster `json:"clusters"`
|
||||
// AuthInfos is a map of referencable names to user configs
|
||||
// AuthInfos is a map of referenceable names to user configs
|
||||
AuthInfos []NamedAuthInfo `json:"users"`
|
||||
// Contexts is a map of referencable names to context configs
|
||||
// Contexts is a map of referenceable names to context configs
|
||||
Contexts []NamedContext `json:"contexts"`
|
||||
// CurrentContext is the name of the context that you would like to use by default
|
||||
CurrentContext string `json:"current-context"`
|
||||
@ -85,7 +85,7 @@ type AuthInfo struct {
|
||||
ClientKeyData string `json:"client-key-data,omitempty"`
|
||||
// Token is the bearer token for authentication to the kubernetes cluster.
|
||||
Token string `json:"token,omitempty"`
|
||||
// Impersonate is the username to imperonate. The name matches the flag.
|
||||
// Impersonate is the username to impersonate. The name matches the flag.
|
||||
Impersonate string `json:"as,omitempty"`
|
||||
// Username is the username for basic authentication to the kubernetes cluster.
|
||||
Username string `json:"username,omitempty"`
|
||||
|
@ -405,7 +405,7 @@ func (cli *client) DeleteAuthCode(code string) error {
|
||||
}
|
||||
|
||||
func (cli *client) DeleteClient(id string) error {
|
||||
// Check for hash collition.
|
||||
// Check for hash collision.
|
||||
c, err := cli.getClient(id)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -362,7 +362,7 @@ func (cli *client) fromStorageAuthRequest(a storage.AuthRequest) AuthRequest {
|
||||
return req
|
||||
}
|
||||
|
||||
// Password is a mirrored struct from the stroage with JSON struct tags and
|
||||
// Password is a mirrored struct from the storage with JSON struct tags and
|
||||
// Kubernetes type metadata.
|
||||
type Password struct {
|
||||
k8sapi.TypeMeta `json:",inline"`
|
||||
|
@ -59,7 +59,7 @@ type opener interface {
|
||||
}
|
||||
|
||||
func testDB(t *testing.T, o opener, withTransactions bool) {
|
||||
// t.Fatal has a bad habbit of not actually printing the error
|
||||
// t.Fatal has a bad habit of not actually printing the error
|
||||
fatal := func(i interface{}) {
|
||||
fmt.Fprintln(os.Stdout, i)
|
||||
t.Fatal(i)
|
||||
|
@ -90,7 +90,7 @@ var (
|
||||
// Translate types.
|
||||
{matchLiteral("bytea"), "blob"},
|
||||
{matchLiteral("timestamptz"), "datetime(3)"},
|
||||
// MySQL doesn't support indicies on text fields w/o
|
||||
// MySQL doesn't support indices on text fields w/o
|
||||
// specifying key length. Use varchar instead (767 byte
|
||||
// is the max key length for InnoDB with 4k pages).
|
||||
// For compound indexes (with two keys) even less.
|
||||
|
Reference in New Issue
Block a user