Commit graph

1887 commits

Author SHA1 Message Date
Mariano Cano
aafac179a5 Add test for oidc with preferred usernames. 2021-05-05 08:15:26 +09:00
Cristian Le
f730c0bec4 Sanitize usernames 2021-05-05 08:15:26 +09:00
Cristian Le
48666792c7 Draft: adding usernames to GetIdentityFunc 2021-05-05 08:15:26 +09:00
Cristian Le
79eec83f3e Rename and reformat to PreferredUsername 2021-05-05 08:15:26 +09:00
Cristian Le
09a21fef26 Implement #550
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-05-05 08:15:26 +09:00
Cristian Le
bb1e051b27 Revert using preferred_username
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:12:17 +09:00
Max
1ee288f9fb
Merge pull request #565 from smallstep/max/load-init
Init config on load | Add wrapper for cli
2021-05-04 15:02:41 -07:00
max furman
8c709fe3c2 Init config on load | Add wrapper for cli 2021-05-04 14:45:11 -07:00
max furman
9a156d2210 Remove distribution doc. 2021-05-04 12:30:05 -07:00
max furman
bc4bf224e8 [action] Add needs-triage labeler 2021-05-04 11:30:20 -07:00
Cristian Le
e5b206c1de Fix shadow issue in CI 2021-05-04 13:47:17 +09:00
Carl Tashian
0295280c20 Merge branch 'master' of https://github.com/smallstep/certificates 2021-05-03 16:19:47 -07:00
Carl Tashian
25325b6970 Revert systemd renewer unit change that was incorrect
This reverts commit 75f24a103a.
2021-05-03 16:19:36 -07:00
Mariano Cano
484b30d0a1 Fix IsAdminGroup comment. 2021-04-29 18:47:17 -07:00
Mariano Cano
9cc410b308 Use map[string]struct{} instead of map[string]bool 2021-04-29 18:40:04 -07:00
Mariano Cano
c8eb771a8e Add test for oidc with preferred usernames. 2021-04-29 18:37:48 -07:00
Cristian Le
8b1ab30212 Sanitize usernames 2021-04-30 09:41:06 +09:00
Cristian Le
bf364f0a5f Draft: adding usernames to GetIdentityFunc 2021-04-30 09:14:28 +09:00
Cristian Le
861ef80e0d Rename and reformat to PreferredUsername 2021-04-30 08:44:41 +09:00
Mariano Cano
b9b1ac04d1
Merge pull request #562 from smallstep/renew-db-interface
Renew DB interface and Rekey
2021-04-29 16:28:46 -07:00
Mariano Cano
5846314f88 Add missing Rekey method to the ca.Client
Fixes #315
2021-04-29 16:06:45 -07:00
Mariano Cano
2cbaee9c1d Allow to use an alternative interface to store renewed certs.
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
2021-04-29 15:55:22 -07:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep 2021-04-29 22:18:00 +02:00
Cristian Le
55fbcfb3be Implement #550
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-04-29 15:44:21 +09:00
Mariano Cano
582d6b161d
Merge pull request #531 from smallstep/tls-tunnel
Add experimental support for a TLS over TLS tunnel.
2021-04-26 18:51:33 -07:00
Mariano Cano
1328aa3e47 Fix review comments. 2021-04-26 18:45:46 -07:00
Mariano Cano
d3c6bcbcce
Merge pull request #553 from smallstep/store-chain
Add extension of db.AuthDB to store the fullchain
2021-04-26 14:37:05 -07:00
Mariano Cano
e6833ecee3 Add extension of db.AuthDB to store the fullchain.
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
2021-04-26 12:28:51 -07:00
Mariano Cano
50b9aaec57 Add new identity tests. 2021-04-21 18:07:59 -07:00
Mariano Cano
e414d0c8ea Fix unit tests. 2021-04-21 16:20:53 -07:00
Mariano Cano
c5234e9c61 Refactor tls tunnel connections.
New method will use an identity-like file with the configuration
used to create the (m)TLS connection to the tunnel.
2021-04-21 16:20:53 -07:00
Mariano Cano
180b5c3e3c Fix typo. 2021-04-21 16:20:53 -07:00
Mariano Cano
e75a9409a5 Add experimental support for a TLS over TLS tunnel. 2021-04-21 16:20:53 -07:00
Carl Tashian
75f24a103a Sync cert renewer service with docs 2021-04-20 17:04:18 -07:00
Carl Tashian
e50c5bc4b1 Remove pronoun 2021-04-19 12:08:42 -07:00
Mariano Cano
3769a2760a
Merge pull request #543 from smallstep/no-nonce-on-get
Remove the creation on nonce on get acme directory
2021-04-16 13:20:06 -07:00
Herman Slatman
2336936b5c
Fix typo 2021-04-16 15:49:33 +02:00
Herman Slatman
9787728fbd
Mask challenge password after it has been read 2021-04-16 14:09:34 +02:00
Herman Slatman
0487686f69
Merge branch 'master' into hs/scep 2021-04-16 13:25:01 +02:00
Mariano Cano
2e1524ec2f Remove the creation on nonce on get acme directory.
According to RFC 8555, the replay nonces are only required in POST
requests. And of course in the new-nonce request.
2021-04-15 17:54:22 -07:00
max furman
16c20c9279 [action] codecov token not needed for public repos 2021-04-15 15:43:12 -07:00
Max
b7f8f15619
Merge pull request #541 from smallstep/max/ver
VERSION from ENV should always take precedence over CI tags
2021-04-15 15:23:19 -07:00
max furman
78c15805f4 VERSION from ENV should always take precedence over CI tags 2021-04-15 15:16:32 -07:00
Mariano Cano
7688ca18ac
Merge pull request #540 from smallstep/proxy-always
Always specify a Proxy in all custom transports.
2021-04-14 21:05:32 -07:00
Mariano Cano
02a5879cfe Specify always a Proxy in all custom transports.
Fixes #535
2021-04-14 19:35:31 -07:00
Max
0ec75c98cf
Merge pull request #539 from smallstep/max/escaped-route-fix
Use different method for unescpaed paths for the router
2021-04-14 15:43:12 -07:00
max furman
93c3c2bf2e Error handle non existent provisioner downstream and disable debug route logging 2021-04-14 15:35:43 -07:00
max furman
497ec0c79b Fix linter issues 2021-04-14 15:14:27 -07:00
max furman
b1888fd34d Use different method for unescpaed paths for the router 2021-04-14 15:11:15 -07:00
Max
938cd092b4
Merge pull request #536 from smallstep/max/dev
Move golangci-lint to github action and fix debian build action
2021-04-14 13:14:34 -07:00