Eric Chiang
96fb0733fe
Merge pull request #669 from ericchiang/config-env
...
cmd/dex: only expand from env for storages and connectors
2016-11-05 17:56:11 -07:00
Eric Chiang
5302fefdfb
Merge pull request #671 from ericchiang/fix-server-time-bug
...
server: use seconds instead of nano seconds for expires_in and expiry
2016-11-05 07:56:06 -07:00
Eric Chiang
7f24ebb051
Merge pull request #664 from ericchiang/dev-docs-v2
...
Documentation: add doc describing v2 changes
2016-11-05 07:55:16 -07:00
Eric Chiang
12a5c0ada3
server: use seconds instead of nano seconds for expires_in and expiry
2016-11-04 17:00:10 -07:00
Eric Chiang
c9889683b4
Documentation: add doc describing v2 changes
2016-11-04 16:56:21 -07:00
Eric Chiang
d86a774a29
Merge pull request #670 from ericchiang/example-app-debug
...
cmd/example-app: add a --debug flag
2016-11-04 14:29:39 -07:00
Eric Chiang
015e7cf606
cmd/dex: only expand from env for storages and connectors
...
Bcrypt'd hashes have "$" characters in them. This means that #667
(accepting actually bcrypted values) combined with #627 (expanding
config with environment variables) broke the example config.
For now, allow storages and connectors to expand their configs from
the environment, but don't do this anywhere else.
2016-11-03 21:38:32 -07:00
Eric Chiang
35d6423ac2
cmd/example-app: add a --debug flag
2016-11-03 21:36:15 -07:00
Eric Chiang
ce703a7fe1
Merge pull request #665 from rithujohn191/expose-serv-opts
...
cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config
2016-11-03 18:25:44 -07:00
rithu leena john
600e761266
cmd/dex: expose IDTokensValidFor and RotateKeysAfter server options in config.
2016-11-03 17:25:36 -07:00
Eric Chiang
d11224f2bb
Merge pull request #668 from ericchiang/dev-ldap-conn
...
connector: accept base64 encoded CA and add convience open method
2016-11-03 16:39:22 -07:00
Eric Chiang
0f31566b27
connector: accept base64 encoded CA and add convience open method
2016-11-03 16:28:23 -07:00
Eric Chiang
53852d4e42
Merge pull request #667 from ericchiang/dev-switch-yaml-package
...
*: switch to github.com/ghodss/yaml for more consistent YAML parsing
2016-11-03 15:29:18 -07:00
Eric Chiang
59240f93b1
vendor: revendor
2016-11-03 15:24:47 -07:00
Eric Chiang
df50308713
glide.yaml: add new yaml package
2016-11-03 15:24:35 -07:00
Eric Chiang
ebe51e736d
cmd/dex: accept raw bcrypt'd hash as well as base64'd version of hash
2016-11-03 15:23:56 -07:00
Eric Chiang
aa7f304bc1
*: switch to github.com/ghodss/yaml for more consistent YAML parsing
...
ghodss/yaml converts from YAML to JSON before attempting to unmarshal.
This allows us to:
* Get the correct behavor when decoding base64'd []byte slices.
* Use *json.RawMessage.
* Not have to support extravagant YAML features.
* Let our structs use `json:` tags
2016-11-03 14:39:32 -07:00
Eric Chiang
a78adb0272
Merge pull request #666 from rithujohn191/update-go-version
...
*: travis tests and build scripts should use Go 1.7.3.
2016-11-03 12:37:54 -07:00
rithu leena john
75abce2b19
*: travis tests and build scripts should use Go 1.7.3.
2016-11-03 12:28:53 -07:00
Eric Chiang
74eaec60cb
Merge pull request #661 from rithujohn191/gRPC-client-auth
...
cmd/dex: add option for gRPC client auth CA.
2016-11-02 15:05:15 -07:00
rithu leena john
42dfd3ecec
cmd/dex: add option for gRPC client auth CA.
2016-11-02 14:51:22 -07:00
Eric Chiang
799b3f3ef5
Merge pull request #658 from ericchiang/dev-dont-error-on-invalid-username
...
*: don't error out if a username doesn't exist in the backing connector
2016-11-01 16:06:40 -07:00
Eric Chiang
90e613b328
Merge pull request #649 from rithujohn191/gRPC-endpoints
...
api: add gRPC endpoints for creating, updating and deleting passwords
2016-11-01 14:20:31 -07:00
Eric Chiang
57a59d4631
*: don't error out if a username doesn't exist in the backing connector
...
Instead of throwing a 500 error if a user enters an invalid name,
display the same text box as if the user had entered the wrong
password.
NOTE: An invalid username now returns much quicker than an invalid
password. Consider adding an arbitrary sleep in the future if we
care about masking which was invalid.
2016-11-01 14:10:55 -07:00
rithu leena john
ed7e943406
api: add gRPC endpoints for creating, updating and deleting passwords
2016-11-01 14:10:35 -07:00
Eric Chiang
2a9051c864
Merge pull request #654 from ericchiang/dev-sql-optimistic-concurrency
...
storage/sql: use isolation level "serializable" for transactions
2016-11-01 10:16:23 -07:00
Eric Chiang
8debe68314
Documentation: remove caveat about running multiple instances
2016-10-31 23:18:40 -07:00
Eric Chiang
786e12b15e
storage/conformance: expand transaction test suite
2016-10-31 23:01:31 -07:00
Eric Chiang
52e2a1668c
storage/sql: use isolation level "serializable" for transactions
2016-10-31 23:00:55 -07:00
Eric Chiang
1c51c50b23
Merge pull request #652 from ericchiang/dev-docs-api
...
Documentation: add document on the dex API
2016-10-31 18:16:08 -07:00
Eric Chiang
fe1d27586e
Documentation: add document on the dex API
2016-10-31 15:25:52 -07:00
Eric Chiang
651b406cfd
Merge pull request #651 from ericchiang/dev-remove-openldap-container
...
contrib/openldap: remove OpenLDAP container
2016-10-31 15:19:05 -07:00
Eric Chiang
f672e75a3a
contrib/openldap: remove OpenLDAP container
...
Based on #640 we're going to osixia/openldap instead of rolling our
own container. Removing this work for now. If we want it back we can
revert easily enough.
2016-10-28 16:08:26 -07:00
rithu leena john
0cfd815d3d
Merge pull request #648 from ericchiang/dev-storage-docs
...
storage: update godocs
2016-10-28 13:59:13 -07:00
Eric Chiang
c0aa63ac97
storage: update godocs
2016-10-28 13:00:13 -07:00
Eric Chiang
a7c2fca039
Merge pull request #645 from ericchiang/dev-ldap-fix-switch
...
connector/ldap: fix bug in switch statement
2016-10-28 11:19:40 -07:00
Eric Chiang
4329406158
connector/ldap: fix bug in switch statement
2016-10-28 10:11:18 -07:00
Eric Chiang
d7912a3a97
Merge pull request #638 from ericchiang/dev-share-a-single-callback
...
*: allow call connectors to share a single a single callback
2016-10-27 16:59:04 -07:00
Eric Chiang
44fec87ce1
Merge pull request #642 from ericchiang/k8s-client-id
...
storage/kubernetes: allow arbitrary client IDs
2016-10-27 16:58:57 -07:00
Eric Chiang
d7a75c5b5d
storage/kubernetes: allow arbitrary client IDs
...
Use a hash algorithm to match client IDs to Kubernetes object names.
Because cryptographic hash algorithms produce sums larger than a
Kubernetes name can fit, a non-cryptographic hash is used instead.
Hash collisions are checked and result in errors.
2016-10-27 16:37:58 -07:00
Eric Chiang
99717cb56d
Merge pull request #635 from ericchiang/dev-transaction-tests
...
storage/conformance: add tests for transactional guarantees
2016-10-27 15:54:53 -07:00
Eric Chiang
acf3d6385e
Merge pull request #641 from ericchiang/dev-scripts-fix-get-protoc
...
scripts: fix get-protoc script to work directly after a clean
2016-10-27 14:42:40 -07:00
Eric Chiang
84c3ba0fe3
scripts: fix get-protoc script to work directly after a clean
...
Right now `make grpc` only works if a user hasn't run a `make clean`.
Fix this.
2016-10-27 14:35:38 -07:00
Eric Chiang
c1f18802c9
Merge pull request #624 from ericchiang/dev-ldap-connector
...
connector/ldap: expand LDAP connector to include searches
2016-10-27 13:44:18 -07:00
Eric Chiang
f5a378a4e5
Merge pull request #640 from rithujohn191/openldap-docs
...
Documentation: adding documentation for running ldap tests locally
2016-10-27 13:22:37 -07:00
rithu leena john
27880dba59
Documentation: adding documentation for running ldap tests locally
2016-10-27 13:20:32 -07:00
Eric Chiang
13f7dfaef0
connector/ldap: expand LDAP connector to include searches
2016-10-27 13:11:30 -07:00
Eric Chiang
7c2289e0de
*: rename internally used "state" form value to "req"
...
"state" means something specific to OAuth2 and SAML so we don't
want to confuse developers who are working on this.
Also don't use "session" which could easily be confused with HTTP
cookies.
2016-10-27 10:26:01 -07:00
Eric Chiang
a3235d022a
*: verify "state" field before passing request to callback connectors
...
Let the server handle the state token instead of the connector. As a
result it can throw out bad requests earlier. It can also use that
token to determine which connector was used to generate the request
allowing all connectors to share the same callback URL.
Callbacks now all look like:
https://dex.example.com/callback
Instead of:
https://dex.example.com/callback/ (connector id)
Even when multiple connectors are being used.
2016-10-27 10:23:09 -07:00
Eric Chiang
88896eb949
Merge pull request #637 from squat/fix_cache_control
...
server/handlers: fix Cache-Control header
2016-10-26 15:07:18 -07:00