k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

password connectors: allow overriding the username attribute (password prompt)

Browse Source 
This allows users of the LDAP connector to give users of Dex' login
prompt an idea of what they should enter for a username.

Before, irregardless of how the LDAP connector was set up, the prompt
was

    Username
    [_________________]

    Password
    [_________________]

Now, this is configurable, and can be used to say "MyCorp SSO Login" if
that's what it is.

If it's not configured, it will default to "Username".

For the passwordDB connector (local users), it is set to "Email
Address", since this is what it uses.

Signed-off-by: Stephan Renatus <srenatus@chef.io>
This commit is contained in:
Stephan Renatus
2017-11-07 10:28:21 +01:00
parent 04e276f2df
commit b09a13458f
11 changed files with 81 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
connector/ldap/ldap.go
View File

@@ -77,6 +77,11 @@ type Config struct {
BindDN string `json:"bindDN"`
BindPW string `json:"bindPW"`
// UsernamePrompt allows users to override the username attribute (displayed
// in the username/password prompt). If unset, the handler will use
// "Username".
UsernamePrompt string `json:"usernamePrompt"`
// User entry search configuration.
UserSearch struct {
// BsaeDN to start the search from. For example "cn=users,dc=example,dc=com"
@@ -545,3 +550,7 @@ func (c *ldapConnector) groups(ctx context.Context, user ldap.Entry) ([]string,
}
return groupNames, nil
}
func (c *ldapConnector) Prompt() string {
return c.UsernamePrompt
}

25
connector/ldap/ldap_test.go
View File

@@ -437,6 +437,31 @@ userpassword: foo
runTests(t, schema, connectLDAPS, c, tests)
}
func TestUsernamePrompt(t *testing.T) {
tests := map[string]struct {
config Config
expected string
}{
"with usernamePrompt unset it returns \"\"": {
config: Config{},
expected: "",
},
"with usernamePrompt set it returns that": {
config: Config{UsernamePrompt: "Email address"},
expected: "Email address",
},
}
for n, d := range tests {
t.Run(n, func(t *testing.T) {
conn := &ldapConnector{Config: d.config}
if actual := conn.Prompt(); actual != d.expected {
t.Errorf("expected %v, got %v", d.expected, actual)
}
})
}
}
// runTests runs a set of tests against an LDAP schema. It does this by
// setting up an OpenLDAP server and injecting the provided scheme.
//