Commit Graph

1742 Commits

Author SHA1 Message Date
Alastair Houghton
cd0c24ec4d fix: add an extra endpoint to avoid refresh generating AuthRequests.
By adding an extra endpoint and a redirect, we can avoid a situation
where it's trivially easy to generate a large number of AuthRequests
by hitting F5/refresh in the browser.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:42:52 +01:00
Alastair Houghton
030a6459d6 fix: reinstate TestHandleAuthCode.
Reinstating this test as it shouldn't have been removed.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
88025b3d7c fix: remove some additional dependencies.
Accidentally added some of these back during merge.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
0284a4c3c9 fix: back link on password page needs to be explicit.
The back link on the password page was using Javascript to tell the
browser to navigate back, which won't work if the user has entered a
set of incorrect log-in details.  Fix this by using an explicit URL
instead.

Fixes #1851

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
cdbb5dd94d fix: defer creation of auth request.
Rather than creating the auth request when the user hits /auth, pass
the arguments through to /auth/{connector} and have the auth request
created there.  This prevents a database error when using the "Select
another login method" link, and also avoids a few other error cases.

Fixes #1849, #646.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:23 +01:00
dependabot[bot]
4a874cce89
Merge pull request #2130 from dexidp/dependabot/go_modules/google.golang.org/grpc-1.38.0 2021-05-20 12:35:09 +00:00
dependabot[bot]
461c5f687d
build(deps): bump google.golang.org/grpc from 1.37.0 to 1.38.0
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.0...v1.38.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-20 12:14:11 +00:00
dependabot[bot]
4e4dad023c
Merge pull request #2131 from dexidp/dependabot/go_modules/google.golang.org/api-0.47.0 2021-05-20 12:08:43 +00:00
dependabot[bot]
1220017f6c
build(deps): bump google.golang.org/api from 0.46.0 to 0.47.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.46.0 to 0.47.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.46.0...v0.47.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-20 06:20:51 +00:00
Maksim Nabokikh
20875c972e
Discard package "version" (#2107)
* Discard package "version"

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Inject api version

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Pass version arg to the dex API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-18 00:55:24 +02:00
dependabot[bot]
47d029a51b
Merge pull request #2110 from dexidp/dependabot/docker/golang-1.16.4-alpine3.13 2021-05-17 15:47:59 +00:00
Márk Sági-Kazár
18d1f70cee
Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync
Use constant time comparison for client secret verification
2021-05-17 17:27:42 +02:00
Rui Yang
fe8085b886 remove client secret encryption option
constant time compare for client secret verification will be kept

Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-05-17 10:16:50 -04:00
dependabot[bot]
283dd89f4d
Merge pull request #2123 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.2 2021-05-17 07:41:26 +00:00
dependabot[bot]
c65652ed8f
build(deps): bump github.com/lib/pq from 1.10.1 to 1.10.2
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.1...v1.10.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 07:11:13 +00:00
Rui Yang
ecea593ddd fix a bug in hash comparison function
the client secret coming in should be hashed and the one in storage
is the one in plaintext

Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-05-14 13:32:27 -04:00
dependabot[bot]
47bdbdb1a2
build(deps): bump golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13
Bumps golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13.

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-07 06:46:19 +00:00
Maksim Nabokikh
81c4dc7994
Merge pull request #1906 from flant/ent-sqlite
feat: Add ent-based sqlite3 storage
2021-05-05 18:19:25 +04:00
Márk Sági-Kazár
ba2cec3f72
Merge pull request #2103 from flant/add-new-maintainer
Add @nabokihms to the maintainers list
2021-05-04 21:22:49 +02:00
dependabot[bot]
fcca5f4b4f
Merge pull request #2104 from dexidp/dependabot/go_modules/google.golang.org/api-0.46.0 2021-05-04 09:18:05 +00:00
dependabot[bot]
b1292bd630
build(deps): bump google.golang.org/api from 0.45.0 to 0.46.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.45.0...v0.46.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-04 06:59:24 +00:00
m.nabokikh
8553309db3 Add obsolete tokens, resolve conflicts, bump ent
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-02 12:43:21 +04:00
Márk Sági-Kazár
94a2b3ed87
Merge pull request #2010 from flant/switch-device-token-endpoint-to-token
fix: use /token endpoint to get tokens with device flow
2021-05-01 13:24:55 +02:00
m.nabokikh
24fa4def5b chore: update ent
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:48:16 +04:00
m.nabokikh
2e61860d5a Add ent autogenerated code
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:47:54 +04:00
m.nabokikh
11859166d0 feat: Add ent-based sqlite3 storage
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:47:54 +04:00
Stephen Augustus
674631c9ab
Merge pull request #2090 from dexidp/security-policy
Initial security policy
2021-04-27 20:33:21 -04:00
Márk Sági-Kazár
47b0a2bdf9
Merge pull request #2100 from dexidp/mysql-port
Fix MySQL connection to use the provided port
2021-04-28 01:23:41 +02:00
Mark Sagi-Kazar
e2b56d0a09
fix(storage/mysql): add missing port to the address
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-27 14:09:21 +02:00
m.nabokikh
4561214ab2 Add @nabokihms to maintainers list
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-27 13:11:15 +04:00
dependabot[bot]
afa6f1e03e
Merge pull request #2099 from dexidp/dependabot/go_modules/github.com/felixge/httpsnoop-1.0.2 2021-04-26 09:09:08 +00:00
Mark Sagi-Kazar
df9fc78d2d
ci: run mysql tests on non-standard port
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 11:01:24 +02:00
Mark Sagi-Kazar
bf8c35ad2d
docs: update readme linking to the security policy
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 10:59:17 +02:00
Mark Sagi-Kazar
59fcab281e
docs: initial security policy
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 10:59:15 +02:00
dependabot[bot]
05b61a3d86
build(deps): bump github.com/felixge/httpsnoop from 1.0.1 to 1.0.2
Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/felixge/httpsnoop/releases)
- [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.1...v1.0.2)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-26 08:50:00 +00:00
Márk Sági-Kazár
551229a986
Merge pull request #1846 from flant/refresh-token-expiration-policy
feat: Add refresh token expiration and rotation settings
2021-04-24 11:03:40 +02:00
Márk Sági-Kazár
b1ac799073
Merge pull request #1912 from wellplayedgames/microsoft-prompt-type
Support setting the prompt type for the Microsoft connector
2021-04-24 10:58:43 +02:00
dependabot[bot]
31c18e557a
Merge pull request #2094 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.1 2021-04-22 08:26:07 +00:00
dependabot[bot]
5bc3cb2ad3
build(deps): bump github.com/lib/pq from 1.10.0 to 1.10.1
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.0...v1.10.1)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-22 06:54:28 +00:00
dependabot[bot]
efd9839fd2
Merge pull request #2093 from dexidp/dependabot/go_modules/google.golang.org/api-0.45.0 2021-04-21 10:23:32 +00:00
dependabot[bot]
fa3a4d7f6b
build(deps): bump google.golang.org/api from 0.43.0 to 0.45.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.43.0 to 0.45.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.43.0...v0.45.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-21 06:55:25 +00:00
Márk Sági-Kazár
0b9b588c96
Merge pull request #2089 from flant/remove-go-dev-badge-from-readme
chore: remove go dev badge from README
2021-04-17 21:20:47 +02:00
m.nabokikh
026d979073 chore: remove go dev badge from README
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-17 10:24:02 +04:00
dependabot[bot]
e4065013a4
Merge pull request #2085 from dexidp/dependabot/docker/alpine-3.13.5 2021-04-15 08:18:38 +00:00
dependabot[bot]
d4a2a362ab
Merge pull request #2086 from dexidp/dependabot/go_modules/github.com/mattn/go-sqlite3-1.14.7 2021-04-15 08:18:07 +00:00
dependabot[bot]
de6d1bea56
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.6 to 1.14.7
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/mattn/go-sqlite3/releases)
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.6...v1.14.7)

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-15 06:57:54 +00:00
dependabot[bot]
8fbbd4cec9
build(deps): bump alpine from 3.13.4 to 3.13.5
Bumps alpine from 3.13.4 to 3.13.5.

Signed-off-by: dependabot[bot] <support@github.com>
2021-04-15 06:53:00 +00:00
Márk Sági-Kazár
b79d9a84bc
Merge pull request #2072 from dexidp/dependency-updates
Update dependencies
2021-04-08 17:50:52 +02:00
Mark Sagi-Kazar
03db309337
chore(deps): update dependencies
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-07 14:45:53 +02:00
Márk Sági-Kazár
c7549cce5b
Merge pull request #2071 from dexidp/dependabot/go_modules/github.com/go-ldap/ldap/v3-3.3.0
build(deps): bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.3.0
2021-04-06 10:15:37 +02:00