k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity
2,099 Commits 1 Branch 0 Tags
6c5286cbfe5278eda4350884a1a4a75d426aba59
Commit Graph

2099 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Sagi-Kazar
0bef10ef80 chore(deps): update gosundheit 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-05-26 14:50:35 +02:00
Márk Sági-Kazár
5451188e29 Merge pull request #2124 from dexidp/update-etcd 
Update etcd to 3.5.0-beta.3
 2021-05-26 13:38:40 +02:00
Mark Sagi-Kazar
ca02fc16bd chore(deps): update etcd 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-05-26 13:16:05 +02:00
m.nabokikh
dea1d3383c Deprecation warning log message 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-24 19:40:28 +04:00
m.nabokikh
13a83d9bba chore: warning about deprecated LDAP groupSearch fields 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-24 19:08:13 +04:00
Alastair Houghton
cd0c24ec4d fix: add an extra endpoint to avoid refresh generating AuthRequests. 
By adding an extra endpoint and a redirect, we can avoid a situation
where it's trivially easy to generate a large number of AuthRequests
by hitting F5/refresh in the browser.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:42:52 +01:00
Alastair Houghton
030a6459d6 fix: reinstate TestHandleAuthCode. 
Reinstating this test as it shouldn't have been removed.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:24:30 +01:00
Alastair Houghton
88025b3d7c fix: remove some additional dependencies. 
Accidentally added some of these back during merge.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:24:30 +01:00
Alastair Houghton
0284a4c3c9 fix: back link on password page needs to be explicit. 
The back link on the password page was using Javascript to tell the
browser to navigate back, which won't work if the user has entered a
set of incorrect log-in details.  Fix this by using an explicit URL
instead.

Fixes #1851

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:24:30 +01:00
Alastair Houghton
cdbb5dd94d fix: defer creation of auth request. 
Rather than creating the auth request when the user hits /auth, pass
the arguments through to /auth/{connector} and have the auth request
created there.  This prevents a database error when using the "Select
another login method" link, and also avoids a few other error cases.

Fixes #1849, #646.

Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
 2021-05-21 11:24:23 +01:00
dependabot[bot]
4a874cce89 Merge pull request #2130 from dexidp/dependabot/go_modules/google.golang.org/grpc-1.38.0 2021-05-20 12:35:09 +00:00
dependabot[bot]
461c5f687d build(deps): bump google.golang.org/grpc from 1.37.0 to 1.38.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.0...v1.38.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-20 12:14:11 +00:00
dependabot[bot]
4e4dad023c Merge pull request #2131 from dexidp/dependabot/go_modules/google.golang.org/api-0.47.0 2021-05-20 12:08:43 +00:00
dependabot[bot]
1220017f6c build(deps): bump google.golang.org/api from 0.46.0 to 0.47.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.46.0 to 0.47.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.46.0...v0.47.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-20 06:20:51 +00:00
Maksim Nabokikh
20875c972e Discard package "version" (#2107) 
* Discard package "version"

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Inject api version

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>

* Pass version arg to the dex API

Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-18 00:55:24 +02:00
dependabot[bot]
47d029a51b Merge pull request #2110 from dexidp/dependabot/docker/golang-1.16.4-alpine3.13 2021-05-17 15:47:59 +00:00
Márk Sági-Kazár
18d1f70cee Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync 
Use constant time comparison for client secret verification
 2021-05-17 17:27:42 +02:00
Rui Yang
fe8085b886 remove client secret encryption option 
constant time compare for client secret verification will be kept

Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-05-17 10:16:50 -04:00
dependabot[bot]
283dd89f4d Merge pull request #2123 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.2 2021-05-17 07:41:26 +00:00
dependabot[bot]
c65652ed8f build(deps): bump github.com/lib/pq from 1.10.1 to 1.10.2 
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.1...v1.10.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-17 07:11:13 +00:00
m.nabokikh
49adc4e5bb Fix ent-based postgres storage tests 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-15 09:06:44 +04:00
m.nabokikh
19884d92ac feat: Add ent-based postgres storage 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-14 23:19:59 +04:00
Rui Yang
ecea593ddd fix a bug in hash comparison function 
the client secret coming in should be hashed and the one in storage
is the one in plaintext

Signed-off-by: Rui Yang <ruiya@vmware.com>
 2021-05-14 13:32:27 -04:00
dependabot[bot]
47bdbdb1a2 build(deps): bump golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13 
Bumps golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13.

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-07 06:46:19 +00:00
Maksim Nabokikh
81c4dc7994 Merge pull request #1906 from flant/ent-sqlite 
feat: Add ent-based sqlite3 storage
 2021-05-05 18:19:25 +04:00
Márk Sági-Kazár
ba2cec3f72 Merge pull request #2103 from flant/add-new-maintainer 
Add @nabokihms to the maintainers list
 2021-05-04 21:22:49 +02:00
dependabot[bot]
fcca5f4b4f Merge pull request #2104 from dexidp/dependabot/go_modules/google.golang.org/api-0.46.0 2021-05-04 09:18:05 +00:00
dependabot[bot]
b1292bd630 build(deps): bump google.golang.org/api from 0.45.0 to 0.46.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.45.0...v0.46.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-04 06:59:24 +00:00
m.nabokikh
8553309db3 Add obsolete tokens, resolve conflicts, bump ent 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-05-02 12:43:21 +04:00
Márk Sági-Kazár
94a2b3ed87 Merge pull request #2010 from flant/switch-device-token-endpoint-to-token 
fix: use /token endpoint to get tokens with device flow
 2021-05-01 13:24:55 +02:00
m.nabokikh
24fa4def5b chore: update ent 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-04-30 17:48:16 +04:00
m.nabokikh
2e61860d5a Add ent autogenerated code 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-04-30 17:47:54 +04:00
m.nabokikh
11859166d0 feat: Add ent-based sqlite3 storage 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-04-30 17:47:54 +04:00
Stephen Augustus
674631c9ab Merge pull request #2090 from dexidp/security-policy 
Initial security policy
 2021-04-27 20:33:21 -04:00
Márk Sági-Kazár
47b0a2bdf9 Merge pull request #2100 from dexidp/mysql-port 
Fix MySQL connection to use the provided port
 2021-04-28 01:23:41 +02:00
Mark Sagi-Kazar
e2b56d0a09 fix(storage/mysql): add missing port to the address 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-04-27 14:09:21 +02:00
m.nabokikh
4561214ab2 Add @nabokihms to maintainers list 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-04-27 13:11:15 +04:00
dependabot[bot]
afa6f1e03e Merge pull request #2099 from dexidp/dependabot/go_modules/github.com/felixge/httpsnoop-1.0.2 2021-04-26 09:09:08 +00:00
Mark Sagi-Kazar
df9fc78d2d ci: run mysql tests on non-standard port 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-04-26 11:01:24 +02:00
Mark Sagi-Kazar
bf8c35ad2d docs: update readme linking to the security policy 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-04-26 10:59:17 +02:00
Mark Sagi-Kazar
59fcab281e docs: initial security policy 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
 2021-04-26 10:59:15 +02:00
dependabot[bot]
05b61a3d86 build(deps): bump github.com/felixge/httpsnoop from 1.0.1 to 1.0.2 
Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/felixge/httpsnoop/releases)
- [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.1...v1.0.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-26 08:50:00 +00:00
Márk Sági-Kazár
551229a986 Merge pull request #1846 from flant/refresh-token-expiration-policy 
feat: Add refresh token expiration and rotation settings
 2021-04-24 11:03:40 +02:00
Márk Sági-Kazár
b1ac799073 Merge pull request #1912 from wellplayedgames/microsoft-prompt-type 
Support setting the prompt type for the Microsoft connector
 2021-04-24 10:58:43 +02:00
dependabot[bot]
31c18e557a Merge pull request #2094 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.1 2021-04-22 08:26:07 +00:00
dependabot[bot]
5bc3cb2ad3 build(deps): bump github.com/lib/pq from 1.10.0 to 1.10.1 
Bumps [github.com/lib/pq](https://github.com/lib/pq) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/lib/pq/releases)
- [Commits](https://github.com/lib/pq/compare/v1.10.0...v1.10.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-22 06:54:28 +00:00
dependabot[bot]
efd9839fd2 Merge pull request #2093 from dexidp/dependabot/go_modules/google.golang.org/api-0.45.0 2021-04-21 10:23:32 +00:00
dependabot[bot]
fa3a4d7f6b build(deps): bump google.golang.org/api from 0.43.0 to 0.45.0 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.43.0 to 0.45.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.43.0...v0.45.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-04-21 06:55:25 +00:00
Márk Sági-Kazár
0b9b588c96 Merge pull request #2089 from flant/remove-go-dev-badge-from-readme 
chore: remove go dev badge from README
 2021-04-17 21:20:47 +02:00
m.nabokikh
026d979073 chore: remove go dev badge from README 
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
 2021-04-17 10:24:02 +04:00