mirror/dex - dex - xhrpb gitea

Commit Graph

Author	SHA1	Message	Date
Eric Chiang	3f4a42eefd	*: remove unused code This change has no functional changes, it only removes dead code.	10 years ago
Eric Chiang	07af73f367	*: don't allow sqlite3 if --no-db flag not specified	10 years ago
Eric Chiang	3b125d6073	*: fix --no-db client decoding	10 years ago
Eric Chiang	dcf5835189	*: remove in memory connector config repo	10 years ago
Eric Chiang	b572b8dd6c	*: remove in memory client repo The DB implementation expects secrets to be base64 encoded blobs. Because of this a bunch of tests broke moving to sqlite. A lot of this commit is fixing those tests.	10 years ago
Eric Chiang	72d1ecab64	*: remove in memory password info repo	10 years ago
Eric Chiang	2726f4dcdf	*: remove in memory user repo	10 years ago
Eric Chiang	95560404a3	*: remove in memory refresh repo	10 years ago
Eric Chiang	7bac93aa20	*: remove in memory session repos Move manager to it's own package so it can import db. Move all references to the in memory session repos to use sqlite3.	10 years ago
Eric Chiang	04cd1851aa	server: add dynamic client registration	10 years ago
Frode Nordahl	5d284e08ae	Change status code used for redirects from StatusTemporaryRedirect (307) to StatusFound (302) HTTP code 307 aka. StatusTemporaryRedirect is used throughout the project. However, the endpoints redirected to explicitly expects the client to make a GET request. If a HTTP client issues a POST request to a server and receives a HTTP 307 redirect, it forwards the POST request to the new URL. When using 302 the HTTP client will issue a GET request. Fixes #287	10 years ago
Eric Chiang	4da143ca2d	server: fix reset password test TestResetPasswordHandler depended on makeToken begin called twice during the initialization of a single test case and later assuming the result would match. Because the token has a timestamp accurate to the second, occasionally the timestamps would be slightly off within a single test case and cause the test to fail. Adding a sleep statement to makeToken would cause the test to fail reliably. Define a single token for each test case outside of the struct initializer so test cases compare the same token. Closes #274 Additionally remove logging statements that dump entire HTML pages.	10 years ago
Eric Chiang	0ada4c8010	*: move user API auth to middleware and fix return status Move client authentication into its own middleware and provide differentiation between HTTP requests that do not provide credentials (401) and requests that authenticate as a non-admin user (403). Closes #152	10 years ago
Eric Chiang	ec3bc7f258	*: allow dexctl set-connector-configs to read from stdin Closes #276	10 years ago
Eric Chiang	5e44b6bc27	*: update all to accommodate changes to go-oidc Update dex to comply with the changes to fieldnames and types of the client and provider metadata structs in coreos/go-oidc.	10 years ago
Bobby Rullo	dc828825e6	server: better UX when remote ID already exists Instead of cryptic message with nowhere to, give them the choice to login with that account or register.	10 years ago
Eric Chiang	ad6e331860	server: fix flow when user logs in through wrong connector This cleans up the code that deals with a user attempting to login through a different connector than they registered with. The only functional change is that `newLoginURLFromSession` is now called with register = false when a user has an existing account.	10 years ago
Eric Chiang	99e1163972	server: fix tests In #210 a field name in the provider config was corrected. However the old, and incorrect, value was hard coded in the tests. This change updates the test case to hold the correct field name. There are no other references to the old name in dex or its vendored packages.	10 years ago
Eric Chiang	f2c3dbc5e6	static, server: add styles for github and bitbucket connectors Add icons and styles for github and bitbucket buttons.	10 years ago
Eric Chiang	f43655a8c3	user/manager: connector must exists when creating remote identity Add ConnectorConfigRepo to UserManager. When trying to create a RemoteIdentity, validate that the connector ID exists. Fixes #198	10 years ago
Eric Chiang	d518447282	user: move user manager to it's own package This commit moves the user.Manage to its own package (user/manager) so it can import the connector package in a later commit. For clarity, it renames "Manager" to "UserManager" using gorname. This commit has no functional changes.	10 years ago
Eric Chiang	8be9396811	registration: trim spaces and sanity check user email from form When a user attempts to register an email, trim prefixed and trailing spaces, then perform a basic sanity check to ensure it's of form "test@example.com". Fixes #163	10 years ago
Joe Bowers	0c854a21d6	server: endpoint and system for sending invitations to dex An invitation allows users to both verify their email address and set a new password.	10 years ago
Marcus Stong	7d0ecf9532	server: add scope to newLoginURLFromSession need to make sure the scope is present otherwise will be considered an invalid request fixes #135	10 years ago
Joe Bowers	792b72ef54	server: spelling of error message	11 years ago
Joe Bowers	ca9227fc19	various: spelling, logging, and commentary cleanup	11 years ago
Bobby Rullo	d1e292eb94	server: pass issuer name to emailer Issuer name can be used in Emailer	11 years ago
Bobby Rullo	2ef1b4beff	user: introduce "invite" emails Invite emails are essentially just reset password emails with a different template (though this can and probably will change (slightly) in the near future)	11 years ago
George Tankersley	07a4d4441e	pkg/crypto: replace old crypto with new crypto	11 years ago
Joe Bowers	85113748a8	server: unify password reset and email verification code and behavior This patch proposes behavioral changes. In particular, referring systems will need to provide client ids under all circumstances.	11 years ago
Yifan Gu	7282dd5187	refreshtoken: return base64 encoded token for in-memory backend. Previously if we use the in-memory backend, it will return a raw binary token for refresh token. This fixes the case.	11 years ago
Gyu-Ho Lee	f06073fbcd	server: use standard lib http.Request.BasicAuth Go 1.4+ has https://golang.org/pkg/net/http/#Request.BasicAuth method for http.Request and it was requested by CoreOS(kelsey) [1] with the same functionalities. If dex's Go development is being done in Go 1.4 or later, we should use the standard library. Thanks! --- [1] https://codereview.appspot.com/76540043/	11 years ago
Bobby Rullo	55040c55fa	server, integration, cmd: Protect Admin API Admin API now requires a 128 byte base64 encoded secret to be passed in Authorization header, closing up a potential security hole for those who expose this service.	11 years ago
Bobby Rullo	d3d6a75b91	fixup - Code review changes.	11 years ago
Bobby Rullo	bf9517fdaa	server,cmd: Add flag for disabling registation For situations where admins add users.	11 years ago
Joe Bowers	e5db302312	server: expose user disable API endpoint	11 years ago
Joe Bowers	fbbb3cc2df	server: all authorizations fail for disabled users	11 years ago
Joe Bowers	ffabe03bc0	server: don't allow disabled users to access the api	11 years ago
Joe Bowers	60a36e2c2e	server,db: flag for disabling user login	11 years ago
Joe Bowers	4c9bab0890	server: user management endpoints strictly conform to schema This change disables the URL fixing behavior or the router associated with the user management schema. After this commit, URLS routing to /api/$VERSION/users must target exactly the specified paths. In addition, `/api/$VERSION/users/` will serve a 404 This change allows users to hit the user create endpoint, which would previously serve a redirect rather than actually making the associated change.	11 years ago
Giulio Iotti	472e4a02a4	*: Remove unnecessary else statements Whenever it makes the code easier to follow, use early return to avoid else statements.	11 years ago
Bobby Rullo	f1820cda14	cmd,server,static/html: Configurable name, logo fixes #47	11 years ago
Yifan Gu	44c6cb44f5	refresh: bcrypt raw bytes rather than base64 encoded string. This enables us to control the length of the bytes that will be bcrypted, by default it's 64. Also changed the token's stored form from string('text') to []byte('bytea') and added some test cases for different types of invalid tokens.	11 years ago
Yifan Gu	93a0830ae0	server: check scope in requests. Require 'openid' in scope for all requests. Require 'offline_access' for returning refresh token.	11 years ago
Yifan Gu	066fd859ec	session: add 'scope' field in session.	11 years ago
Bobby Rullo	d0c199b62c	cmd, server: base64 encode multiple secrets Two things here: * key secrets are now base64 encoded strings, so we get the full key space * we can pass >1 of them in so we can rotate them	11 years ago
Bobby Rullo	66fe201c24	*: move original project to dex	11 years ago

1 2

56 Commits (3f4a42eefd25ccfdf097b5cc0c19e3c13c09ff2c)