k-space/dex - dex - Gitea: Git with a cup of tea

Archived

Author	SHA1	Message	Date
Maksim Nabokikh	3fac2ab6bc	Merge pull request #1862 from tkleczek/fix-rfc-errors Improve auth flow error handling	2021-08-03 00:34:54 +04:00
Tomasz Kleczek	4ffaa60d21	Improve auth flow error handling Signed-off-by: Tomasz Kleczek <tomasz.kleczek@gmail.com>	2021-07-21 09:33:39 +02:00
Henning	138364ceeb	handlePasswordGrant: insert connectorData into OfflineSession (#2199 ) * handlePasswordGrant: insert connectorData into OfflineSession This change will insert the ConnectorData from the initial Login into the OfflineSession, as already done in handlePasswordLogin. Signed-off-by: Henning Surmeier <h.surmeier@mittwald.de>	2021-07-21 00:05:35 +04:00
Mark Sagi-Kazar	ceb4324c18	test: quick fix flaky test Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-06-28 23:30:14 +02:00
Márk Sági-Kazár	f6904c38ef	Merge pull request #1865 from WorldProgrammingLtd/fix-1849 fix: defer creation of auth request.	2021-06-25 19:05:41 +02:00
m.nabokikh	21a01ee811	Add sprig v3 functions to web templates Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-06-02 11:11:45 +04:00
m.nabokikh	4b54433ec2	Bump golag-ci lint version to 1.40.1 Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-05-27 19:27:06 +04:00
Mark Sagi-Kazar	0bef10ef80	chore(deps): update gosundheit Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-05-26 14:50:35 +02:00
Alastair Houghton	cd0c24ec4d	fix: add an extra endpoint to avoid refresh generating AuthRequests. By adding an extra endpoint and a redirect, we can avoid a situation where it's trivially easy to generate a large number of AuthRequests by hitting F5/refresh in the browser. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:42:52 +01:00
Alastair Houghton	030a6459d6	fix: reinstate TestHandleAuthCode. Reinstating this test as it shouldn't have been removed. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:24:30 +01:00
Alastair Houghton	88025b3d7c	fix: remove some additional dependencies. Accidentally added some of these back during merge. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:24:30 +01:00
Alastair Houghton	0284a4c3c9	fix: back link on password page needs to be explicit. The back link on the password page was using Javascript to tell the browser to navigate back, which won't work if the user has entered a set of incorrect log-in details. Fix this by using an explicit URL instead. Fixes #1851 Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:24:30 +01:00
Alastair Houghton	cdbb5dd94d	fix: defer creation of auth request. Rather than creating the auth request when the user hits /auth, pass the arguments through to /auth/{connector} and have the auth request created there. This prevents a database error when using the "Select another login method" link, and also avoids a few other error cases. Fixes #1849, #646. Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>	2021-05-21 11:24:23 +01:00
Maksim Nabokikh	20875c972e	Discard package "version" (#2107 ) * Discard package "version" Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Inject api version Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> * Pass version arg to the dex API Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-05-18 00:55:24 +02:00
Márk Sági-Kazár	18d1f70cee	Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync Use constant time comparison for client secret verification	2021-05-17 17:27:42 +02:00
Rui Yang	fe8085b886	remove client secret encryption option constant time compare for client secret verification will be kept Signed-off-by: Rui Yang <ruiya@vmware.com>	2021-05-17 10:16:50 -04:00
Rui Yang	ecea593ddd	fix a bug in hash comparison function the client secret coming in should be hashed and the one in storage is the one in plaintext Signed-off-by: Rui Yang <ruiya@vmware.com>	2021-05-14 13:32:27 -04:00
Márk Sági-Kazár	94a2b3ed87	Merge pull request #2010 from flant/switch-device-token-endpoint-to-token fix: use /token endpoint to get tokens with device flow	2021-05-01 13:24:55 +02:00
Márk Sági-Kazár	551229a986	Merge pull request #1846 from flant/refresh-token-expiration-policy feat: Add refresh token expiration and rotation settings	2021-04-24 11:03:40 +02:00
Mark Sagi-Kazar	95796b04a3	chore(deps): upgrade protobuf and grpc Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-03-24 19:17:26 +01:00
Mark Sagi-Kazar	d25051c867	chore(deps): upgrade protobuf in server/internal package Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-03-22 19:27:47 +01:00
Mark Sagi-Kazar	d1e8b085e2	feat: use embedded assets by default Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-03-22 15:44:03 +01:00
Rui Yang	2f28fc7451	default to ./web when Dir and WebFS are not set update WebFS doc Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>	2021-03-20 20:05:59 +00:00
Rui Yang	4e569024fd	use go 1.16 new package io/fs Unify the interface for reading web statics. Now it could read an OS directory or get the content on live One could use //go:embed static var webFiles embed.FS anywhere and config dex server to take the file system by setting WebConfig{WebFS: webFiles} Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>	2021-03-20 20:05:59 +00:00
Rui Yang	7b50cbf0ac	use pkger for embedding static contents Co-authored-by: Vikram Yadav <vyadav@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>	2021-03-20 20:05:59 +00:00
Rui Yang	1eab25f89f	use web host url for asset hosting Signed-off-by: Rui Yang <ruiya@vmware.com> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>	2021-03-20 20:05:59 +00:00
Rui Yang	10e9054811	Use http.FileSystem for web assets Signed-off-by: Rui Yang <ryang@pivotal.io> Co-authored-by: Aidan Oldershaw <aoldershaw@pivotal.io>	2021-03-20 20:05:59 +00:00
Rui Yang	d658c24e8f	add dex config flag for enabling client secret encryption * if enabled, it will make sure client secret is bcrypted correctly * if not, it falls back to old behaviour that allowing empty client secret and comparing plain text, though now it will do ConstantTimeCompare to avoid a timing attack. So in either way it should provide more secure of client secret verification. Co-authored-by: Alex Surraci <suraci.alex@gmail.com> Signed-off-by: Rui Yang <ruiya@vmware.com>	2021-03-20 20:05:56 +00:00
Josh Winters	ec6f3a2f19	use bcrypt when comparing client secrets - this assumes that the client is already bcrytped when passed to dex. Similar to user passwords. Signed-off-by: Josh Winters <jwinters@pivotal.io> Co-authored-by: Vikram Yadav <vyadav@pivotal.io>	2021-03-20 20:05:56 +00:00
Maksim Nabokikh	568fc06520	Update server/refreshhandlers.go Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk> Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-03-09 09:41:41 +04:00
m.nabokikh	3bd0e91a68	Make /device/token deprecation warning more concise Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-25 11:53:25 +04:00
m.nabokikh	9ed5cc00cf	Add deprecation warning for /device/token endpoint Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-24 17:14:28 +04:00
m.nabokikh	1211a86d58	fix: use /token endpoint to get tokens with device flow Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-24 16:03:25 +04:00
Steffen Pøhner Henriksen	0f68fadb9a	Allow public clients created with API to have no client_secret (#1871 ) Signed-off-by: Steffen Pøhner Henriksen <str3sses@gmail.com>	2021-02-19 10:18:54 +01:00
Mark Sagi-Kazar	7da0a89936	refactor: remove unused health checker Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-02-11 01:29:27 +01:00
Mark Sagi-Kazar	316da70545	refactor: use new health checker Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>	2021-02-11 01:29:25 +01:00
m.nabokikh	9340fee011	Fixes after rebasing to the actual main branch Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-10 23:46:17 +04:00
m.nabokikh	89295a5b4a	More refresh token handler refactoring, more tests Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-10 23:43:19 +04:00
m.nabokikh	4e73f39f57	Do not refresh id token claims if refresh token is allowed to reuse Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-10 23:43:19 +04:00
m.nabokikh	0c75ed12e2	Add refresh token expiration tests and some refactoring Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-10 23:43:19 +04:00
m.nabokikh	06c8ab5aa7	Fixes of naming and code style Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-10 23:37:57 +04:00
m.nabokikh	91de99d57e	feat: Add refresh token expiration and rotation settings Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-02-10 23:37:57 +04:00
Márk Sági-Kazár	5a667bbee0	Merge pull request #1773 from faro-oss/faro-upstream/add-c_hash-to-id_token Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow	2021-02-10 16:12:54 +01:00
Márk Sági-Kazár	9b1ecac0d9	Merge pull request #1952 from flant/auth-code-iinvalid-grant fix: return invalid_grant error for invalid or expired auth codes	2021-02-10 15:50:18 +01:00
Márk Sági-Kazár	1c551fd86b	Merge pull request #1946 from flant/prealloc-unparam-sqlclosecheck Enable unparam, prealloc, sqlclosecheck linters	2021-02-10 13:24:47 +01:00
m.nabokikh	d6b5105d9b	fix: check code presence Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-01-25 18:50:36 +04:00
m.nabokikh	a7667dff38	fix: remove empty RefreshTokens Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-01-25 14:53:19 +04:00
Márk Sági-Kazár	f7156c26eb	Merge pull request #1956 from flant/request-not-supported fix: unsupported request parameter error	2021-01-23 19:43:22 +01:00
Márk Sági-Kazár	186a719ecb	Merge pull request #1948 from flant/add-cache-headers Add Cache-control headers to token responses	2021-01-23 14:13:51 +01:00
m.nabokikh	30a5dade0f	fix: unsupported request parameter error Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>	2021-01-22 18:01:24 +04:00

1 2 3 4 5 ...

296 Commits