Márk Sági-Kazár
6384af06e4
Update bug_report.md
2021-05-30 18:27:14 +02:00
Márk Sági-Kazár
cdcf7a4694
Update PULL_REQUEST_TEMPLATE.md
2021-05-30 04:00:44 +02:00
Maksim Nabokikh
5d996661ea
Merge pull request #2144 from flant/bump-linter-version
...
Bump golag-ci lint version to 1.40.1
2021-05-27 21:50:23 +04:00
m.nabokikh
4b54433ec2
Bump golag-ci lint version to 1.40.1
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-27 19:27:06 +04:00
Márk Sági-Kazár
95941506f5
Merge pull request #2142 from dexidp/update-etcd
...
chore(deps): update etcd
2021-05-26 17:59:26 +02:00
Mark Sagi-Kazar
8dbd0c6536
chore(deps): update etcd
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-05-26 17:11:04 +02:00
Márk Sági-Kazár
aef61cea8d
Merge pull request #2141 from dexidp/update-gosundheit
...
Update gosundheit
2021-05-26 17:05:40 +02:00
Mark Sagi-Kazar
0bef10ef80
chore(deps): update gosundheit
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-05-26 14:50:35 +02:00
Márk Sági-Kazár
5451188e29
Merge pull request #2124 from dexidp/update-etcd
...
Update etcd to 3.5.0-beta.3
2021-05-26 13:38:40 +02:00
Mark Sagi-Kazar
ca02fc16bd
chore(deps): update etcd
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-05-26 13:16:05 +02:00
Alastair Houghton
cd0c24ec4d
fix: add an extra endpoint to avoid refresh generating AuthRequests.
...
By adding an extra endpoint and a redirect, we can avoid a situation
where it's trivially easy to generate a large number of AuthRequests
by hitting F5/refresh in the browser.
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:42:52 +01:00
Alastair Houghton
030a6459d6
fix: reinstate TestHandleAuthCode.
...
Reinstating this test as it shouldn't have been removed.
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
88025b3d7c
fix: remove some additional dependencies.
...
Accidentally added some of these back during merge.
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
0284a4c3c9
fix: back link on password page needs to be explicit.
...
The back link on the password page was using Javascript to tell the
browser to navigate back, which won't work if the user has entered a
set of incorrect log-in details. Fix this by using an explicit URL
instead.
Fixes #1851
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:30 +01:00
Alastair Houghton
cdbb5dd94d
fix: defer creation of auth request.
...
Rather than creating the auth request when the user hits /auth, pass
the arguments through to /auth/{connector} and have the auth request
created there. This prevents a database error when using the "Select
another login method" link, and also avoids a few other error cases.
Fixes #1849 , #646 .
Signed-off-by: Alastair Houghton <alastair@alastairs-place.net>
2021-05-21 11:24:23 +01:00
dependabot[bot]
4a874cce89
Merge pull request #2130 from dexidp/dependabot/go_modules/google.golang.org/grpc-1.38.0
2021-05-20 12:35:09 +00:00
dependabot[bot]
461c5f687d
build(deps): bump google.golang.org/grpc from 1.37.0 to 1.38.0
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.37.0 to 1.38.0.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.37.0...v1.38.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-20 12:14:11 +00:00
dependabot[bot]
4e4dad023c
Merge pull request #2131 from dexidp/dependabot/go_modules/google.golang.org/api-0.47.0
2021-05-20 12:08:43 +00:00
dependabot[bot]
1220017f6c
build(deps): bump google.golang.org/api from 0.46.0 to 0.47.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.46.0 to 0.47.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.46.0...v0.47.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-20 06:20:51 +00:00
Maksim Nabokikh
20875c972e
Discard package "version" ( #2107 )
...
* Discard package "version"
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Inject api version
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
* Pass version arg to the dex API
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-18 00:55:24 +02:00
dependabot[bot]
47d029a51b
Merge pull request #2110 from dexidp/dependabot/docker/golang-1.16.4-alpine3.13
2021-05-17 15:47:59 +00:00
Márk Sági-Kazár
18d1f70cee
Merge pull request #1861 from concourse/pr/bcrypt-for-client-secret-sync
...
Use constant time comparison for client secret verification
2021-05-17 17:27:42 +02:00
Rui Yang
fe8085b886
remove client secret encryption option
...
constant time compare for client secret verification will be kept
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-05-17 10:16:50 -04:00
dependabot[bot]
283dd89f4d
Merge pull request #2123 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.2
2021-05-17 07:41:26 +00:00
dependabot[bot]
c65652ed8f
build(deps): bump github.com/lib/pq from 1.10.1 to 1.10.2
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.10.1...v1.10.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 07:11:13 +00:00
m.nabokikh
49adc4e5bb
Fix ent-based postgres storage tests
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-15 09:06:44 +04:00
m.nabokikh
19884d92ac
feat: Add ent-based postgres storage
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-14 23:19:59 +04:00
Rui Yang
ecea593ddd
fix a bug in hash comparison function
...
the client secret coming in should be hashed and the one in storage
is the one in plaintext
Signed-off-by: Rui Yang <ruiya@vmware.com>
2021-05-14 13:32:27 -04:00
dependabot[bot]
47bdbdb1a2
build(deps): bump golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13
...
Bumps golang from 1.16.3-alpine3.13 to 1.16.4-alpine3.13.
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-07 06:46:19 +00:00
Maksim Nabokikh
81c4dc7994
Merge pull request #1906 from flant/ent-sqlite
...
feat: Add ent-based sqlite3 storage
2021-05-05 18:19:25 +04:00
Márk Sági-Kazár
ba2cec3f72
Merge pull request #2103 from flant/add-new-maintainer
...
Add @nabokihms to the maintainers list
2021-05-04 21:22:49 +02:00
dependabot[bot]
fcca5f4b4f
Merge pull request #2104 from dexidp/dependabot/go_modules/google.golang.org/api-0.46.0
2021-05-04 09:18:05 +00:00
dependabot[bot]
b1292bd630
build(deps): bump google.golang.org/api from 0.45.0 to 0.46.0
...
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client ) from 0.45.0 to 0.46.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases )
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md )
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.45.0...v0.46.0 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-04 06:59:24 +00:00
m.nabokikh
8553309db3
Add obsolete tokens, resolve conflicts, bump ent
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-05-02 12:43:21 +04:00
Márk Sági-Kazár
94a2b3ed87
Merge pull request #2010 from flant/switch-device-token-endpoint-to-token
...
fix: use /token endpoint to get tokens with device flow
2021-05-01 13:24:55 +02:00
m.nabokikh
24fa4def5b
chore: update ent
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:48:16 +04:00
m.nabokikh
2e61860d5a
Add ent autogenerated code
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:47:54 +04:00
m.nabokikh
11859166d0
feat: Add ent-based sqlite3 storage
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-30 17:47:54 +04:00
Stephen Augustus
674631c9ab
Merge pull request #2090 from dexidp/security-policy
...
Initial security policy
2021-04-27 20:33:21 -04:00
Márk Sági-Kazár
47b0a2bdf9
Merge pull request #2100 from dexidp/mysql-port
...
Fix MySQL connection to use the provided port
2021-04-28 01:23:41 +02:00
Mark Sagi-Kazar
e2b56d0a09
fix(storage/mysql): add missing port to the address
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-27 14:09:21 +02:00
m.nabokikh
4561214ab2
Add @nabokihms to maintainers list
...
Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com>
2021-04-27 13:11:15 +04:00
dependabot[bot]
afa6f1e03e
Merge pull request #2099 from dexidp/dependabot/go_modules/github.com/felixge/httpsnoop-1.0.2
2021-04-26 09:09:08 +00:00
Mark Sagi-Kazar
df9fc78d2d
ci: run mysql tests on non-standard port
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 11:01:24 +02:00
Mark Sagi-Kazar
bf8c35ad2d
docs: update readme linking to the security policy
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 10:59:17 +02:00
Mark Sagi-Kazar
59fcab281e
docs: initial security policy
...
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2021-04-26 10:59:15 +02:00
dependabot[bot]
05b61a3d86
build(deps): bump github.com/felixge/httpsnoop from 1.0.1 to 1.0.2
...
Bumps [github.com/felixge/httpsnoop](https://github.com/felixge/httpsnoop ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/felixge/httpsnoop/releases )
- [Commits](https://github.com/felixge/httpsnoop/compare/v1.0.1...v1.0.2 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-04-26 08:50:00 +00:00
Márk Sági-Kazár
551229a986
Merge pull request #1846 from flant/refresh-token-expiration-policy
...
feat: Add refresh token expiration and rotation settings
2021-04-24 11:03:40 +02:00
Márk Sági-Kazár
b1ac799073
Merge pull request #1912 from wellplayedgames/microsoft-prompt-type
...
Support setting the prompt type for the Microsoft connector
2021-04-24 10:58:43 +02:00
dependabot[bot]
31c18e557a
Merge pull request #2094 from dexidp/dependabot/go_modules/github.com/lib/pq-1.10.1
2021-04-22 08:26:07 +00:00