k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
207 Commits 1 Branch 0 Tags
0f31566b27084ca6e224954128b7db96d7f89bd2
Commit Graph

207 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eric Chiang
0f31566b27 connector: accept base64 encoded CA and add convience open method 2016-11-03 16:28:23 -07:00
Eric Chiang
53852d4e42 Merge pull request #667 from ericchiang/dev-switch-yaml-package 
*: switch to github.com/ghodss/yaml for more consistent YAML parsing
 2016-11-03 15:29:18 -07:00
Eric Chiang
59240f93b1 vendor: revendor 2016-11-03 15:24:47 -07:00
Eric Chiang
df50308713 glide.yaml: add new yaml package 2016-11-03 15:24:35 -07:00
Eric Chiang
ebe51e736d cmd/dex: accept raw bcrypt'd hash as well as base64'd version of hash 2016-11-03 15:23:56 -07:00
Eric Chiang
aa7f304bc1 *: switch to github.com/ghodss/yaml for more consistent YAML parsing 
ghodss/yaml converts from YAML to JSON before attempting to unmarshal.
This allows us to:

* Get the correct behavor when decoding base64'd []byte slices.
* Use *json.RawMessage.
* Not have to support extravagant YAML features.
* Let our structs use `json:` tags
 2016-11-03 14:39:32 -07:00
Eric Chiang
a78adb0272 Merge pull request #666 from rithujohn191/update-go-version 
*: travis tests and build scripts should use Go 1.7.3.
 2016-11-03 12:37:54 -07:00
rithu leena john
75abce2b19 *: travis tests and build scripts should use Go 1.7.3. 2016-11-03 12:28:53 -07:00
Eric Chiang
74eaec60cb Merge pull request #661 from rithujohn191/gRPC-client-auth 
cmd/dex: add option for gRPC client auth CA.
 2016-11-02 15:05:15 -07:00
rithu leena john
42dfd3ecec cmd/dex: add option for gRPC client auth CA. 2016-11-02 14:51:22 -07:00
Eric Chiang
799b3f3ef5 Merge pull request #658 from ericchiang/dev-dont-error-on-invalid-username 
*: don't error out if a username doesn't exist in the backing connector
 2016-11-01 16:06:40 -07:00
Eric Chiang
90e613b328 Merge pull request #649 from rithujohn191/gRPC-endpoints 
api: add gRPC endpoints for creating, updating and deleting passwords
 2016-11-01 14:20:31 -07:00
Eric Chiang
57a59d4631 *: don't error out if a username doesn't exist in the backing connector 
Instead of throwing a 500 error if a user enters an invalid name,
display the same text box as if the user had entered the wrong
password.

NOTE: An invalid username now returns much quicker than an invalid
password. Consider adding an arbitrary sleep in the future if we
care about masking which was invalid.
 2016-11-01 14:10:55 -07:00
rithu leena john
ed7e943406 api: add gRPC endpoints for creating, updating and deleting passwords 2016-11-01 14:10:35 -07:00
Eric Chiang
2a9051c864 Merge pull request #654 from ericchiang/dev-sql-optimistic-concurrency 
storage/sql: use isolation level "serializable" for transactions
 2016-11-01 10:16:23 -07:00
Eric Chiang
8debe68314 Documentation: remove caveat about running multiple instances 2016-10-31 23:18:40 -07:00
Eric Chiang
786e12b15e storage/conformance: expand transaction test suite 2016-10-31 23:01:31 -07:00
Eric Chiang
52e2a1668c storage/sql: use isolation level "serializable" for transactions 2016-10-31 23:00:55 -07:00
Eric Chiang
1c51c50b23 Merge pull request #652 from ericchiang/dev-docs-api 
Documentation: add document on the dex API
 2016-10-31 18:16:08 -07:00
Eric Chiang
fe1d27586e Documentation: add document on the dex API 2016-10-31 15:25:52 -07:00
Eric Chiang
651b406cfd Merge pull request #651 from ericchiang/dev-remove-openldap-container 
contrib/openldap: remove OpenLDAP container
 2016-10-31 15:19:05 -07:00
Eric Chiang
f672e75a3a contrib/openldap: remove OpenLDAP container 
Based on #640 we're going to osixia/openldap instead of rolling our
own container. Removing this work for now. If we want it back we can
revert easily enough.
 2016-10-28 16:08:26 -07:00
rithu leena john
0cfd815d3d Merge pull request #648 from ericchiang/dev-storage-docs 
storage: update godocs
 2016-10-28 13:59:13 -07:00
Eric Chiang
c0aa63ac97 storage: update godocs 2016-10-28 13:00:13 -07:00
Eric Chiang
a7c2fca039 Merge pull request #645 from ericchiang/dev-ldap-fix-switch 
connector/ldap: fix bug in switch statement
 2016-10-28 11:19:40 -07:00
Eric Chiang
4329406158 connector/ldap: fix bug in switch statement 2016-10-28 10:11:18 -07:00
Eric Chiang
d7912a3a97 Merge pull request #638 from ericchiang/dev-share-a-single-callback 
*: allow call connectors to share a single a single callback
 2016-10-27 16:59:04 -07:00
Eric Chiang
44fec87ce1 Merge pull request #642 from ericchiang/k8s-client-id 
storage/kubernetes: allow arbitrary client IDs
 2016-10-27 16:58:57 -07:00
Eric Chiang
d7a75c5b5d storage/kubernetes: allow arbitrary client IDs 
Use a hash algorithm to match client IDs to Kubernetes object names.
Because cryptographic hash algorithms produce sums larger than a
Kubernetes name can fit, a non-cryptographic hash is used instead.
Hash collisions are checked and result in errors.
 2016-10-27 16:37:58 -07:00
Eric Chiang
99717cb56d Merge pull request #635 from ericchiang/dev-transaction-tests 
storage/conformance: add tests for transactional guarantees
 2016-10-27 15:54:53 -07:00
Eric Chiang
acf3d6385e Merge pull request #641 from ericchiang/dev-scripts-fix-get-protoc 
scripts: fix get-protoc script to work directly after a clean
 2016-10-27 14:42:40 -07:00
Eric Chiang
84c3ba0fe3 scripts: fix get-protoc script to work directly after a clean 
Right now `make grpc` only works if a user hasn't run a `make clean`.
Fix this.
 2016-10-27 14:35:38 -07:00
Eric Chiang
c1f18802c9 Merge pull request #624 from ericchiang/dev-ldap-connector 
connector/ldap: expand LDAP connector to include searches
 2016-10-27 13:44:18 -07:00
Eric Chiang
f5a378a4e5 Merge pull request #640 from rithujohn191/openldap-docs 
Documentation: adding documentation for running ldap tests locally
 2016-10-27 13:22:37 -07:00
rithu leena john
27880dba59 Documentation: adding documentation for running ldap tests locally 2016-10-27 13:20:32 -07:00
Eric Chiang
13f7dfaef0 connector/ldap: expand LDAP connector to include searches 2016-10-27 13:11:30 -07:00
Eric Chiang
7c2289e0de *: rename internally used "state" form value to "req" 
"state" means something specific to OAuth2 and SAML so we don't
want to confuse developers who are working on this.

Also don't use "session" which could easily be confused with HTTP
cookies.
 2016-10-27 10:26:01 -07:00
Eric Chiang
a3235d022a *: verify "state" field before passing request to callback connectors 
Let the server handle the state token instead of the connector. As a
result it can throw out bad requests earlier. It can also use that
token to determine which connector was used to generate the request
allowing all connectors to share the same callback URL.

Callbacks now all look like:

    https://dex.example.com/callback

Instead of:

    https://dex.example.com/callback/(connector id)

Even when multiple connectors are being used.
 2016-10-27 10:23:09 -07:00
Eric Chiang
88896eb949 Merge pull request #637 from squat/fix_cache_control 
server/handlers: fix Cache-Control header
 2016-10-26 15:07:18 -07:00
Lucas Serven
5c498ae4df server/handlers: fix Cache-Control header 
fixes: #636

This commit addresses a problem where the `max-age` value is being set
in nanoseconds as opposed to seconds, as required by the specification.
 2016-10-26 14:58:18 -07:00
Eric Chiang
4ab78d0ded storage/kubernetes: run transactional conformance tests 2016-10-26 13:30:45 -07:00
Eric Chiang
5720ecf412 storage/conformance: add tests for transactional guarantees 2016-10-26 13:30:45 -07:00
Eric Chiang
99e312eadd Merge pull request #632 from ericchiang/dev-docs-storage-options 
Documentation: add a document on storage options
 2016-10-26 12:33:37 -07:00
Eric Chiang
6c4839860e Documentation: add a document on storage options 2016-10-26 12:32:45 -07:00
Eric Chiang
d350938fb0 Merge pull request #626 from ericchiang/storage-kubernetes-guess-namespace-from-service-account-token 
storage/kubernetes: guess namespace from the service account token
 2016-10-25 16:54:58 -07:00
Eric Chiang
ff9816464e Merge pull request #627 from ericchiang/dev-expand-envs-in-config 
*: expand environment variables in config
 2016-10-25 15:02:54 -07:00
Eric Chiang
101a2bc22a Merge pull request #634 from rithujohn191/kubeconfig_context 
storage/kubernetes: set CurrentContext when the Kubeconfig file contains only one context
 2016-10-25 14:57:57 -07:00
Eric Chiang
e0b83af981 Merge pull request #629 from ericchiang/dev-storage-kubernetes-dont-print-error 
storage/kubernetes: don't automatically print errors on bad HTTP status codes
 2016-10-25 14:16:32 -07:00
rithu leena john
9de16f2c45 storage/kubernetes: set CurrentContext when the Kubeconfig file contains only one context 2016-10-25 11:59:34 -07:00
Eric Chiang
6c4ad8c04d Merge pull request #630 from ericchiang/dev-storage-kubernetes-kubeconfig-guessing 
storage/kubernetes: don't guess the kubeconfig location and change test env
 2016-10-24 16:14:54 -07:00