Alastair Houghton
cd0c24ec4d
fix: add an extra endpoint to avoid refresh generating AuthRequests.
...
By adding an extra endpoint and a redirect, we can avoid a situation
where it's trivially easy to generate a large number of AuthRequests
by hitting F5/refresh in the browser.
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:42:52 +01:00
Alastair Houghton
030a6459d6
fix: reinstate TestHandleAuthCode.
...
Reinstating this test as it shouldn't have been removed.
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
88025b3d7c
fix: remove some additional dependencies.
...
Accidentally added some of these back during merge.
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
0284a4c3c9
fix: back link on password page needs to be explicit.
...
The back link on the password page was using Javascript to tell the
browser to navigate back, which won't work if the user has entered a
set of incorrect log-in details. Fix this by using an explicit URL
instead.
Fixes #1851
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
cdbb5dd94d
fix: defer creation of auth request.
...
Rather than creating the auth request when the user hits /auth, pass
the arguments through to /auth/{connector} and have the auth request
created there. This prevents a database error when using the "Select
another login method" link, and also avoids a few other error cases.
Fixes #1849 , #646 .
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:23 +01:00
dependabot[bot]
4a874cce89
Merge pull request #2130 from dexidp/dependabot/go_modules/google.golang.org/grpc-1.38.0
2021-05-20 12:35:09 +00:00
dependabot[bot]
461c5f687d
build(deps): bump google.golang.org/grpc from 1.37.0 to 1.38.0
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.0...v1.38.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-20 12:14:11 +00:00
dependabot[bot]
4e4dad023c
Merge pull request #2131 from dexidp/dependabot/go_modules/google.golang.org/api-0.47.0
2021-05-20 12:08:43 +00:00
dependabot[bot]
1220017f6c
build(deps): bump google.golang.org/api from 0.46.0 to 0.47.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.46.0 to 0.47.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.46.0...v0.47.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-20 06:20:51 +00:00
Maksim Nabokikh
20875c972e
Discard package "version" ( #2107 )
...
* Discard package "version"
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Inject api version
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Pass version arg to the dex API
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-18 00:55:24 +02:00
dependabot[bot]
47d029a51b
Merge pull request #2110 from dexidp/dependabot/docker/golang-1.16.4-alpine3.13
2021-05-17 15:47:59 +00:00
Márk Sági-Kazár
18d1f70cee
Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync
...
Use constant time comparison for client secret verification
2021-05-17 17:27:42 +02:00
Rui Yang
fe8085b886
remove client secret encryption option
...
constant time compare for client secret verification will be kept
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-05-17 10:16:50 -04:00
dependabot[bot]
283dd89f4d
Merge pull request #2123 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.2
2021-05-17 07:41:26 +00:00
dependabot[bot]
c65652ed8f
build(deps): bump github.com/lib/pq from 1.10.1 to 1.10.2
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.10.1...v1.10.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 07:11:13 +00:00
Rui Yang
ecea593ddd
fix a bug in hash comparison function
...
the client secret coming in should be hashed and the one in storage
is the one in plaintext
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-05-14 13:32:27 -04:00
dependabot[bot]
47bdbdb1a2
build(deps): bump golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13
...
Bumps golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13.
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-07 06:46:19 +00:00
Maksim Nabokikh
81c4dc7994
Merge pull request #1906 from flant/ent-sqlite
...
feat: Add ent-based sqlite3 storage
2021-05-05 18:19:25 +04:00
Márk Sági-Kazár
ba2cec3f72
Merge pull request #2103 from flant/add-new-maintainer
...
Add @nabokihms to the maintainers list
2021-05-04 21:22:49 +02:00
dependabot[bot]
fcca5f4b4f
Merge pull request #2104 from dexidp/dependabot/go_modules/google.golang.org/api-0.46.0
2021-05-04 09:18:05 +00:00
dependabot[bot]
b1292bd630
build(deps): bump google.golang.org/api from 0.45.0 to 0.46.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.45.0...v0.46.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-04 06:59:24 +00:00
m.nabokikh
8553309db3
Add obsolete tokens, resolve conflicts, bump ent
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-02 12:43:21 +04:00
Márk Sági-Kazár
94a2b3ed87
Merge pull request #2010 from flant/switch-device-token-endpoint-to-token
...
fix: use /token endpoint to get tokens with device flow
2021-05-01 13:24:55 +02:00
m.nabokikh
24fa4def5b
chore: update ent
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:48:16 +04:00
m.nabokikh
2e61860d5a
Add ent autogenerated code
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:47:54 +04:00
m.nabokikh
11859166d0
feat: Add ent-based sqlite3 storage
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:47:54 +04:00
Stephen Augustus
674631c9ab
Merge pull request #2090 from dexidp/security-policy
...
Initial security policy
2021-04-27 20:33:21 -04:00
Márk Sági-Kazár
47b0a2bdf9
Merge pull request #2100 from dexidp/mysql-port
...
Fix MySQL connection to use the provided port
2021-04-28 01:23:41 +02:00
Mark Sagi-Kazar
e2b56d0a09
fix(storage/mysql): add missing port to the address
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-27 14:09:21 +02:00
m.nabokikh
4561214ab2
Add @nabokihms to maintainers list
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-27 13:11:15 +04:00
dependabot[bot]
afa6f1e03e
Merge pull request #2099 from dexidp/dependabot/go_modules/github.com/felixge/httpsnoop-1.0.2
2021-04-26 09:09:08 +00:00
Mark Sagi-Kazar
df9fc78d2d
ci: run mysql tests on non-standard port
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 11:01:24 +02:00
Mark Sagi-Kazar
bf8c35ad2d
docs: update readme linking to the security policy
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 10:59:17 +02:00
Mark Sagi-Kazar
59fcab281e
docs: initial security policy
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 10:59:15 +02:00
dependabot[bot]
05b61a3d86
build(deps): bump github.com/felixge/httpsnoop from 1.0.1 to 1.0.2
...
Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/felixge/httpsnoop/releases )
- [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.1...v1.0.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-26 08:50:00 +00:00
Márk Sági-Kazár
551229a986
Merge pull request #1846 from flant/refresh-token-expiration-policy
...
feat: Add refresh token expiration and rotation settings
2021-04-24 11:03:40 +02:00
Márk Sági-Kazár
b1ac799073
Merge pull request #1912 from wellplayedgames/microsoft-prompt-type
...
Support setting the prompt type for the Microsoft connector
2021-04-24 10:58:43 +02:00
dependabot[bot]
31c18e557a
Merge pull request #2094 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.1
2021-04-22 08:26:07 +00:00
dependabot[bot]
5bc3cb2ad3
build(deps): bump github.com/lib/pq from 1.10.0 to 1.10.1
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.10.0...v1.10.1 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-22 06:54:28 +00:00
dependabot[bot]
efd9839fd2
Merge pull request #2093 from dexidp/dependabot/go_modules/google.golang.org/api-0.45.0
2021-04-21 10:23:32 +00:00
dependabot[bot]
fa3a4d7f6b
build(deps): bump google.golang.org/api from 0.43.0 to 0.45.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.43.0 to 0.45.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.43.0...v0.45.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-21 06:55:25 +00:00
Márk Sági-Kazár
0b9b588c96
Merge pull request #2089 from flant/remove-go-dev-badge-from-readme
...
chore: remove go dev badge from README
2021-04-17 21:20:47 +02:00
m.nabokikh
026d979073
chore: remove go dev badge from README
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-17 10:24:02 +04:00
dependabot[bot]
e4065013a4
Merge pull request #2085 from dexidp/dependabot/docker/alpine-3.13.5
2021-04-15 08:18:38 +00:00
dependabot[bot]
d4a2a362ab
Merge pull request #2086 from dexidp/dependabot/go_modules/github.com/mattn/go-sqlite3-1.14.7
2021-04-15 08:18:07 +00:00
dependabot[bot]
de6d1bea56
build(deps): bump github.com/mattn/go-sqlite3 from 1.14.6 to 1.14.7
...
Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3 ) from 1.14.6 to 1.14.7.
- [Release notes](https://github.com/mattn/go-sqlite3/releases )
- [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.6...v1.14.7 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-15 06:57:54 +00:00
dependabot[bot]
8fbbd4cec9
build(deps): bump alpine from 3.13.4 to 3.13.5
...
Bumps alpine from 3.13.4 to 3.13.5.
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-15 06:53:00 +00:00
Márk Sági-Kazár
b79d9a84bc
Merge pull request #2072 from dexidp/dependency-updates
...
Update dependencies
2021-04-08 17:50:52 +02:00
Mark Sagi-Kazar
03db309337
chore(deps): update dependencies
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-07 14:45:53 +02:00
Márk Sági-Kazár
c7549cce5b
Merge pull request #2071 from dexidp/dependabot/go_modules/github.com/go-ldap/ldap/v3-3.3.0
...
build(deps): bump github.com/go-ldap/ldap/v3 from 3.2.4 to 3.3.0
2021-04-06 10:15:37 +02:00