Cristian Le
9e00b82bdf
Revert oidc_test.go
...
Moving the `preferred_username` to a separate PR
2021-05-05 08:49:03 +09:00
Cristian Le
cd67d64eec
Merge remote-tracking branch 'origin/master'
2021-05-05 08:16:14 +09:00
Cristian Le
decf0fc8ce
Revert using preferred_username
...
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:15:26 +09:00
Cristian Le
21732f213b
Fix shadow issue in CI
2021-05-05 08:15:26 +09:00
Mariano Cano
08e5ec6ad1
Fix IsAdminGroup comment.
2021-05-05 08:15:26 +09:00
Mariano Cano
46c1dc80fb
Use map[string]struct{} instead of map[string]bool
2021-05-05 08:15:26 +09:00
Mariano Cano
aafac179a5
Add test for oidc with preferred usernames.
2021-05-05 08:15:26 +09:00
Cristian Le
f730c0bec4
Sanitize usernames
2021-05-05 08:15:26 +09:00
Cristian Le
48666792c7
Draft: adding usernames to GetIdentityFunc
2021-05-05 08:15:26 +09:00
Cristian Le
79eec83f3e
Rename and reformat to PreferredUsername
2021-05-05 08:15:26 +09:00
Cristian Le
09a21fef26
Implement #550
...
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-05-05 08:15:26 +09:00
Cristian Le
bb1e051b27
Revert using preferred_username
...
It might present a security issue if the users can change this value for themselves. Needs further investigation
2021-05-05 08:12:17 +09:00
Max
1ee288f9fb
Merge pull request #565 from smallstep/max/load-init
...
Init config on load | Add wrapper for cli
2021-05-04 15:02:41 -07:00
max furman
8c709fe3c2
Init config on load | Add wrapper for cli
2021-05-04 14:45:11 -07:00
max furman
9a156d2210
Remove distribution doc.
2021-05-04 12:30:05 -07:00
max furman
bc4bf224e8
[action] Add needs-triage labeler
2021-05-04 11:30:20 -07:00
Cristian Le
e5b206c1de
Fix shadow issue in CI
2021-05-04 13:47:17 +09:00
Carl Tashian
0295280c20
Merge branch 'master' of https://github.com/smallstep/certificates
2021-05-03 16:19:47 -07:00
Carl Tashian
25325b6970
Revert systemd renewer unit change that was incorrect
...
This reverts commit 75f24a103a
.
2021-05-03 16:19:36 -07:00
Mariano Cano
484b30d0a1
Fix IsAdminGroup comment.
2021-04-29 18:47:17 -07:00
Mariano Cano
9cc410b308
Use map[string]struct{} instead of map[string]bool
2021-04-29 18:40:04 -07:00
Mariano Cano
c8eb771a8e
Add test for oidc with preferred usernames.
2021-04-29 18:37:48 -07:00
Cristian Le
8b1ab30212
Sanitize usernames
2021-04-30 09:41:06 +09:00
Cristian Le
bf364f0a5f
Draft: adding usernames to GetIdentityFunc
2021-04-30 09:14:28 +09:00
Cristian Le
861ef80e0d
Rename and reformat to PreferredUsername
2021-04-30 08:44:41 +09:00
Mariano Cano
b9b1ac04d1
Merge pull request #562 from smallstep/renew-db-interface
...
Renew DB interface and Rekey
2021-04-29 16:28:46 -07:00
Mariano Cano
5846314f88
Add missing Rekey method to the ca.Client
...
Fixes #315
2021-04-29 16:06:45 -07:00
Mariano Cano
2cbaee9c1d
Allow to use an alternative interface to store renewed certs.
...
This can be useful to know if a certificate has been renewed and
link one certificate with the 'parent'.
2021-04-29 15:55:22 -07:00
Herman Slatman
68d5f6d0d2
Merge branch 'master' into hs/scep
2021-04-29 22:18:00 +02:00
Cristian Le
55fbcfb3be
Implement #550
...
- Read `preferred_username` from token
- Add `preferred_username` to the default Usernames
- Check the `admin` array for admin groups that the user might belong to
2021-04-29 15:44:21 +09:00
Joe Julian
0369151bfa
use InsecureSkipVerify for validation
...
The server will not yet have a valid certificate so we need to disable
certificate validation in the HTTPGetter.
2021-04-27 08:18:35 -07:00
Mariano Cano
582d6b161d
Merge pull request #531 from smallstep/tls-tunnel
...
Add experimental support for a TLS over TLS tunnel.
2021-04-26 18:51:33 -07:00
Mariano Cano
1328aa3e47
Fix review comments.
2021-04-26 18:45:46 -07:00
Mariano Cano
d3c6bcbcce
Merge pull request #553 from smallstep/store-chain
...
Add extension of db.AuthDB to store the fullchain
2021-04-26 14:37:05 -07:00
Mariano Cano
e6833ecee3
Add extension of db.AuthDB to store the fullchain.
...
Add a temporary solution to allow an extension of an db.AuthDB
interface that logs the fullchain of certificates instead of just
the leaf.
2021-04-26 12:28:51 -07:00
Mariano Cano
50b9aaec57
Add new identity tests.
2021-04-21 18:07:59 -07:00
Mariano Cano
e414d0c8ea
Fix unit tests.
2021-04-21 16:20:53 -07:00
Mariano Cano
c5234e9c61
Refactor tls tunnel connections.
...
New method will use an identity-like file with the configuration
used to create the (m)TLS connection to the tunnel.
2021-04-21 16:20:53 -07:00
Mariano Cano
180b5c3e3c
Fix typo.
2021-04-21 16:20:53 -07:00
Mariano Cano
e75a9409a5
Add experimental support for a TLS over TLS tunnel.
2021-04-21 16:20:53 -07:00
Carl Tashian
75f24a103a
Sync cert renewer service with docs
2021-04-20 17:04:18 -07:00
Carl Tashian
e50c5bc4b1
Remove pronoun
2021-04-19 12:08:42 -07:00
Mariano Cano
3769a2760a
Merge pull request #543 from smallstep/no-nonce-on-get
...
Remove the creation on nonce on get acme directory
2021-04-16 13:20:06 -07:00
Herman Slatman
2336936b5c
Fix typo
2021-04-16 15:49:33 +02:00
Herman Slatman
9787728fbd
Mask challenge password after it has been read
2021-04-16 14:09:34 +02:00
Herman Slatman
0487686f69
Merge branch 'master' into hs/scep
2021-04-16 13:25:01 +02:00
Mariano Cano
2e1524ec2f
Remove the creation on nonce on get acme directory.
...
According to RFC 8555, the replay nonces are only required in POST
requests. And of course in the new-nonce request.
2021-04-15 17:54:22 -07:00
max furman
16c20c9279
[action] codecov token not needed for public repos
2021-04-15 15:43:12 -07:00
Max
b7f8f15619
Merge pull request #541 from smallstep/max/ver
...
VERSION from ENV should always take precedence over CI tags
2021-04-15 15:23:19 -07:00
max furman
78c15805f4
VERSION from ENV should always take precedence over CI tags
2021-04-15 15:16:32 -07:00