Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
D
dex
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
dex
Commits
88d1e2b0
Commit
88d1e2b0
authored
Dec 13, 2018
by
joannano
Committed by
Krzysztof Balka
Jan 11, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
keystone: test cases, refactoring and cleanup
parent
a965365a
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
199 additions
and
278 deletions
+199
-278
.travis.yml
.travis.yml
+3
-2
Dockerfile
Dockerfile
+6
-3
connector.go
connector/connector.go
+0
-1
keystone.go
connector/keystone/keystone.go
+140
-117
keystone_test.go
connector/keystone/keystone_test.go
+0
-0
types.go
connector/keystone/types.go
+45
-94
config-keystone.yaml
examples/config-keystone.yaml
+0
-55
handlers.go
server/handlers.go
+2
-4
server.go
server/server.go
+2
-2
static.go
storage/static.go
+1
-0
No files found.
.travis.yml
View file @
88d1e2b0
...
@@ -13,13 +13,14 @@ services:
...
@@ -13,13 +13,14 @@ services:
-
docker
-
docker
env
:
env
:
-
DEX_POSTGRES_DATABASE=postgres DEX_POSTGRES_USER=postgres DEX_POSTGRES_HOST="localhost" DEX_ETCD_ENDPOINTS=http://localhost:2379 DEX_LDAP_TESTS=1 DEBIAN_FRONTEND=noninteractive
-
DEX_POSTGRES_DATABASE=postgres DEX_POSTGRES_USER=postgres DEX_POSTGRES_HOST="localhost" DEX_ETCD_ENDPOINTS=http://localhost:2379 DEX_LDAP_TESTS=1 DEBIAN_FRONTEND=noninteractive
DEX_KEYSTONE_URL=http://localhost:5000 DEX_KEYSTONE_ADMIN_URL=http://localhost:35357
install
:
install
:
-
sudo -E apt-get install -y --force-yes slapd time ldap-utils
-
sudo -E apt-get install -y --force-yes slapd time ldap-utils
-
sudo /etc/init.d/slapd stop
-
sudo /etc/init.d/slapd stop
-
docker run -d --net=host gcr.io/etcd-development/etcd:v3.2.9
-
docker run -d --net=host gcr.io/etcd-development/etcd:v3.2.9
-
docker run -d -p 0.0.0.0:5000:5000 -p 0.0.0.0:35357:35357 openio/openstack-keystone
-
sleep 60s
script
:
script
:
-
make testall
-
make testall
...
...
Dockerfile
View file @
88d1e2b0
...
@@ -11,12 +11,15 @@ FROM alpine:3.8
...
@@ -11,12 +11,15 @@ FROM alpine:3.8
# experience when this doesn't work out of the box.
# experience when this doesn't work out of the box.
#
#
# OpenSSL is required so wget can query HTTPS endpoints for health checking.
# OpenSSL is required so wget can query HTTPS endpoints for health checking.
RUN
apk add
--update
ca-certificates openssl bash
RUN
apk add
--update
ca-certificates openssl
COPY
--from=0 /go/bin/dex /usr/local/bin/dex
# Import frontend assets and set the correct CWD directory so the assets
# Import frontend assets and set the correct CWD directory so the assets
# are in the default path.
# are in the default path.
COPY
web /web
COPY
web /web
WORKDIR
/
WORKDIR
/
EXPOSE
5500-5600
ENTRYPOINT
["dex"]
CMD
["bash"]
CMD
["version"]
connector/connector.go
View file @
88d1e2b0
...
@@ -35,7 +35,6 @@ type Identity struct {
...
@@ -35,7 +35,6 @@ type Identity struct {
//
//
// This data is never shared with end users, OAuth clients, or through the API.
// This data is never shared with end users, OAuth clients, or through the API.
ConnectorData
[]
byte
ConnectorData
[]
byte
Password
string
}
}
// PasswordConnector is an interface implemented by connectors which take a
// PasswordConnector is an interface implemented by connectors which take a
...
...
connector/keystone/keystone.go
View file @
88d1e2b0
...
@@ -2,163 +2,186 @@
...
@@ -2,163 +2,186 @@
package
keystone
package
keystone
import
(
import
(
"bytes"
"context"
"context"
"fmt"
"github.com/dexidp/dex/connector"
"github.com/sirupsen/logrus"
"encoding/json"
"encoding/json"
"net/http"
"fmt"
"bytes"
"io/ioutil"
"io/ioutil"
"net/http"
"github.com/sirupsen/logrus"
"github.com/dexidp/dex/connector"
)
)
var
(
var
(
_
connector
.
PasswordConnector
=
&
Connector
{}
_
connector
.
PasswordConnector
=
&
keystone
Connector
{}
_
connector
.
RefreshConnector
=
&
Connector
{}
_
connector
.
RefreshConnector
=
&
keystone
Connector
{}
)
)
// Open returns an authentication strategy using Keystone.
// Open returns an authentication strategy using Keystone.
func
(
c
*
Config
)
Open
(
id
string
,
logger
logrus
.
FieldLogger
)
(
connector
.
Connector
,
error
)
{
func
(
c
*
Config
)
Open
(
id
string
,
logger
logrus
.
FieldLogger
)
(
connector
.
Connector
,
error
)
{
return
&
Connector
{
c
.
Domain
,
c
.
KeystoneHost
,
return
&
keystone
Connector
{
c
.
Domain
,
c
.
KeystoneHost
,
c
.
KeystoneUsername
,
c
.
KeystonePassword
,
logger
},
nil
c
.
KeystoneUsername
,
c
.
KeystonePassword
,
logger
},
nil
}
}
func
(
p
Connector
)
Close
()
error
{
return
nil
}
func
(
p
*
keystone
Connector
)
Close
()
error
{
return
nil
}
func
(
p
Connector
)
Login
(
ctx
context
.
Context
,
s
connector
.
Scopes
,
username
,
password
string
)
(
func
(
p
*
keystoneConnector
)
Login
(
ctx
context
.
Context
,
s
connector
.
Scopes
,
username
,
password
string
)
(
identity
connector
.
Identity
,
validPassword
bool
,
err
error
)
{
identity
connector
.
Identity
,
validPassword
bool
,
err
error
)
{
response
,
err
:=
p
.
getTokenResponse
(
username
,
password
)
resp
,
err
:=
p
.
getTokenResponse
(
ctx
,
username
,
password
)
if
err
!=
nil
{
return
identity
,
false
,
fmt
.
Errorf
(
"keystone: error %v"
,
err
)
}
// Providing wrong password or wrong keystone URI throws error
// Providing wrong password or wrong keystone URI throws error
if
err
==
nil
&&
response
.
StatusCode
==
201
{
if
resp
.
StatusCode
==
201
{
token
:=
response
.
Header
[
"X-Subject-Token"
][
0
]
token
:=
resp
.
Header
.
Get
(
"X-Subject-Token"
)
data
,
_
:=
ioutil
.
ReadAll
(
response
.
Body
)
data
,
err
:=
ioutil
.
ReadAll
(
resp
.
Body
)
if
err
!=
nil
{
var
tokenResponse
=
new
(
TokenResponse
)
return
identity
,
false
,
err
err
:=
json
.
Unmarshal
(
data
,
&
tokenResponse
)
}
defer
resp
.
Body
.
Close
()
if
err
!=
nil
{
fmt
.
Printf
(
"keystone: invalid token response: %v"
,
err
)
var
tokenResp
=
new
(
tokenResponse
)
return
identity
,
false
,
err
err
=
json
.
Unmarshal
(
data
,
&
tokenResp
)
}
if
err
!=
nil
{
groups
,
err
:=
p
.
getUserGroups
(
tokenResponse
.
Token
.
User
.
ID
,
token
)
return
identity
,
false
,
fmt
.
Errorf
(
"keystone: invalid token response: %v"
,
err
)
}
if
err
!=
nil
{
groups
,
err
:=
p
.
getUserGroups
(
ctx
,
tokenResp
.
Token
.
User
.
ID
,
token
)
return
identity
,
false
,
err
if
err
!=
nil
{
}
return
identity
,
false
,
err
}
identity
.
Username
=
username
identity
.
UserID
=
tokenResponse
.
Token
.
User
.
ID
identity
.
Username
=
username
identity
.
Groups
=
groups
identity
.
UserID
=
tokenResp
.
Token
.
User
.
ID
identity
.
Groups
=
groups
return
identity
,
true
,
nil
return
identity
,
true
,
nil
}
else
if
err
!=
nil
{
fmt
.
Printf
(
"keystone: error %v"
,
err
)
return
identity
,
false
,
err
}
else
{
data
,
_
:=
ioutil
.
ReadAll
(
response
.
Body
)
fmt
.
Println
(
string
(
data
))
return
identity
,
false
,
err
}
}
return
identity
,
false
,
nil
return
identity
,
false
,
nil
}
}
func
(
p
Connector
)
Prompt
()
string
{
return
"username"
}
func
(
p
*
keystone
Connector
)
Prompt
()
string
{
return
"username"
}
func
(
p
Connector
)
Refresh
(
func
(
p
*
keystone
Connector
)
Refresh
(
ctx
context
.
Context
,
s
connector
.
Scopes
,
identity
connector
.
Identity
)
(
connector
.
Identity
,
error
)
{
ctx
context
.
Context
,
s
connector
.
Scopes
,
identity
connector
.
Identity
)
(
connector
.
Identity
,
error
)
{
if
len
(
identity
.
ConnectorData
)
==
0
{
token
,
err
:=
p
.
getAdminToken
(
ctx
)
return
identity
,
nil
if
err
!=
nil
{
return
identity
,
fmt
.
Errorf
(
"keystone: failed to obtain admin token: %v"
,
err
)
}
}
token
,
err
:=
p
.
getAdminToken
()
ok
,
err
:=
p
.
checkIfUserExists
(
ctx
,
identity
.
UserID
,
token
)
if
err
!=
nil
{
if
err
!=
nil
{
return
identity
,
err
fmt
.
Printf
(
"keystone: failed to obtain admin token"
)
}
return
identity
,
err
if
!
ok
{
}
return
identity
,
fmt
.
Errorf
(
"keystone: user %q does not exist"
,
identity
.
UserID
)
}
ok
:=
p
.
checkIfUserExists
(
identity
.
UserID
,
token
)
if
!
ok
{
fmt
.
Printf
(
"keystone: user %q does not exist
\n
"
,
identity
.
UserID
)
return
identity
,
fmt
.
Errorf
(
"keystone: user %q does not exist"
,
identity
.
UserID
)
}
groups
,
err
:=
p
.
getUserGroups
(
identity
.
UserID
,
token
)
groups
,
err
:=
p
.
getUserGroups
(
ctx
,
identity
.
UserID
,
token
)
if
err
!=
nil
{
if
err
!=
nil
{
fmt
.
Printf
(
"keystone: Failed to fetch user %q groups"
,
identity
.
UserID
)
return
identity
,
err
return
identity
,
fmt
.
Errorf
(
"keystone: failed to fetch user %q groups"
,
identity
.
UserID
)
}
}
identity
.
Groups
=
groups
identity
.
Groups
=
groups
fmt
.
Printf
(
"Identity data after use of refresh token: %v"
,
identity
)
return
identity
,
nil
return
identity
,
nil
}
}
func
(
p
*
keystoneConnector
)
getTokenResponse
(
ctx
context
.
Context
,
username
,
pass
string
)
(
response
*
http
.
Response
,
err
error
)
{
func
(
p
Connector
)
getTokenResponse
(
username
,
password
string
)
(
response
*
http
.
Response
,
err
error
)
{
client
:=
&
http
.
Client
{}
jsonData
:=
L
oginRequestData
{
jsonData
:=
l
oginRequestData
{
Auth
:
A
uth
{
auth
:
a
uth
{
Identity
:
I
dentity
{
Identity
:
i
dentity
{
Methods
:
[]
string
{
"password"
},
Methods
:
[]
string
{
"password"
},
Password
:
P
assword
{
Password
:
p
assword
{
User
:
U
ser
{
User
:
u
ser
{
Name
:
username
,
Name
:
username
,
Domain
:
Domain
{
ID
:
p
.
Domain
},
Domain
:
domain
{
ID
:
p
.
Domain
},
Password
:
pass
word
,
Password
:
pass
,
},
},
},
},
},
},
},
},
}
}
jsonValue
,
_
:=
json
.
Marshal
(
jsonData
)
jsonValue
,
err
:=
json
.
Marshal
(
jsonData
)
loginURI
:=
p
.
KeystoneHost
+
"/v3/auth/tokens"
if
err
!=
nil
{
return
http
.
Post
(
loginURI
,
"application/json"
,
bytes
.
NewBuffer
(
jsonValue
))
return
nil
,
err
}
authTokenURL
:=
p
.
KeystoneHost
+
"/v3/auth/tokens/"
req
,
err
:=
http
.
NewRequest
(
"POST"
,
authTokenURL
,
bytes
.
NewBuffer
(
jsonValue
))
if
err
!=
nil
{
return
nil
,
err
}
req
.
Header
.
Set
(
"Content-Type"
,
"application/json"
)
req
=
req
.
WithContext
(
ctx
)
return
client
.
Do
(
req
)
}
}
func
(
p
Connector
)
getAdminToken
()
(
string
,
error
)
{
func
(
p
*
keystoneConnector
)
getAdminToken
(
ctx
context
.
Context
)
(
string
,
error
)
{
response
,
err
:=
p
.
getTokenResponse
(
p
.
KeystoneUsername
,
p
.
KeystonePassword
)
resp
,
err
:=
p
.
getTokenResponse
(
ctx
,
p
.
KeystoneUsername
,
p
.
KeystonePassword
)
if
err
!=
nil
{
if
err
!=
nil
{
return
""
,
err
return
""
,
err
}
}
token
:=
response
.
Header
[
"X-Subject-Token"
][
0
]
token
:=
resp
.
Header
.
Get
(
"X-Subject-Token"
)
return
token
,
nil
return
token
,
nil
}
}
func
(
p
Connector
)
checkIfUserExists
(
userID
string
,
token
string
)
(
bool
)
{
func
(
p
*
keystoneConnector
)
checkIfUserExists
(
ctx
context
.
Context
,
userID
string
,
token
string
)
(
bool
,
error
)
{
groupsURI
:=
p
.
KeystoneHost
+
"/v3/users/"
+
userID
userURL
:=
p
.
KeystoneHost
+
"/v3/users/"
+
userID
client
:=
&
http
.
Client
{}
client
:=
&
http
.
Client
{}
req
,
_
:=
http
.
NewRequest
(
"GET"
,
groupsURI
,
nil
)
req
,
err
:=
http
.
NewRequest
(
"GET"
,
userURL
,
nil
)
req
.
Header
.
Set
(
"X-Auth-Token"
,
token
)
if
err
!=
nil
{
response
,
err
:=
client
.
Do
(
req
)
return
false
,
err
if
err
==
nil
&&
response
.
StatusCode
==
200
{
}
return
true
}
req
.
Header
.
Set
(
"X-Auth-Token"
,
token
)
return
false
req
=
req
.
WithContext
(
ctx
)
resp
,
err
:=
client
.
Do
(
req
)
if
err
!=
nil
{
return
false
,
err
}
if
resp
.
StatusCode
==
200
{
return
true
,
nil
}
return
false
,
err
}
}
func
(
p
Connector
)
getUserGroups
(
userID
string
,
token
string
)
([]
string
,
error
)
{
func
(
p
*
keystoneConnector
)
getUserGroups
(
ctx
context
.
Context
,
userID
string
,
token
string
)
([]
string
,
error
)
{
groupsURI
:=
p
.
KeystoneHost
+
"/v3/users/"
+
userID
+
"/groups"
client
:=
&
http
.
Client
{}
client
:=
&
http
.
Client
{}
groupsURL
:=
p
.
KeystoneHost
+
"/v3/users/"
+
userID
+
"/groups"
req
,
_
:=
http
.
NewRequest
(
"GET"
,
groupsURI
,
nil
)
req
.
Header
.
Set
(
"X-Auth-Token"
,
token
)
req
,
err
:=
http
.
NewRequest
(
"GET"
,
groupsURL
,
nil
)
response
,
err
:=
client
.
Do
(
req
)
req
.
Header
.
Set
(
"X-Auth-Token"
,
token
)
req
=
req
.
WithContext
(
ctx
)
if
err
!=
nil
{
resp
,
err
:=
client
.
Do
(
req
)
fmt
.
Printf
(
"keystone: error while fetching user %q groups
\n
"
,
userID
)
if
err
!=
nil
{
return
nil
,
err
p
.
Logger
.
Errorf
(
"keystone: error while fetching user %q groups
\n
"
,
userID
)
}
return
nil
,
err
data
,
_
:=
ioutil
.
ReadAll
(
response
.
Body
)
}
var
groupsResponse
=
new
(
GroupsResponse
)
err
=
json
.
Unmarshal
(
data
,
&
groupsResponse
)
data
,
err
:=
ioutil
.
ReadAll
(
resp
.
Body
)
if
err
!=
nil
{
if
err
!=
nil
{
return
nil
,
err
return
nil
,
err
}
}
groups
:=
[]
string
{}
defer
resp
.
Body
.
Close
()
for
_
,
group
:=
range
groupsResponse
.
Groups
{
groups
=
append
(
groups
,
group
.
Name
)
var
groupsResp
=
new
(
groupsResponse
)
}
return
groups
,
nil
err
=
json
.
Unmarshal
(
data
,
&
groupsResp
)
if
err
!=
nil
{
return
nil
,
err
}
groups
:=
make
([]
string
,
len
(
groupsResp
.
Groups
))
for
i
,
group
:=
range
groupsResp
.
Groups
{
groups
[
i
]
=
group
.
Name
}
return
groups
,
nil
}
}
connector/keystone/keystone_test.go
View file @
88d1e2b0
This diff is collapsed.
Click to expand it.
connector/keystone/types.go
View file @
88d1e2b0
...
@@ -4,133 +4,84 @@ import (
...
@@ -4,133 +4,84 @@ import (
"github.com/sirupsen/logrus"
"github.com/sirupsen/logrus"
)
)
type
Connector
struct
{
type
keystone
Connector
struct
{
Domain
string
Domain
string
KeystoneHost
string
KeystoneHost
string
KeystoneUsername
string
KeystoneUsername
string
KeystonePassword
string
KeystonePassword
string
Logger
logrus
.
FieldLogger
Logger
logrus
.
FieldLogger
}
}
type
ConnectorData
struct
{
type
userKeystone
struct
{
AccessToken
string
`json:"accessToken"`
Domain
domainKeystone
`json:"domain"`
ID
string
`json:"id"`
Name
string
`json:"name"`
}
}
type
KeystoneUser
struct
{
type
domainKeystone
struct
{
Domain
KeystoneDomain
`json:"domain"`
ID
string
`json:"id"`
ID
string
`json:"id"`
Name
string
`json:"name"`
}
type
KeystoneDomain
struct
{
ID
string
`json:"id"`
Name
string
`json:"name"`
Name
string
`json:"name"`
}
}
// Config holds the configuration parameters for Keystone connector.
// Keystone should expose API v3
// An example config:
// connectors:
// type: keystone
// id: keystone
// name: Keystone
// config:
// keystoneHost: http://example:5000
// domain: default
// keystoneUsername: demo
// keystonePassword: DEMO_PASS
type
Config
struct
{
type
Config
struct
{
Domain
string
`json:"domain"`
Domain
string
`json:"domain"`
KeystoneHost
string
`json:"keystoneHost"`
KeystoneHost
string
`json:"keystoneHost"`
KeystoneUsername
string
`json:"keystoneUsername"`
KeystoneUsername
string
`json:"keystoneUsername"`
KeystonePassword
string
`json:"keystonePassword"`
KeystonePassword
string
`json:"keystonePassword"`
}
}
type
L
oginRequestData
struct
{
type
l
oginRequestData
struct
{
A
uth
`json:"auth"`
a
uth
`json:"auth"`
}
}
type
A
uth
struct
{
type
a
uth
struct
{
Identity
`json:"identity"`
Identity
identity
`json:"identity"`
}
}
type
I
dentity
struct
{
type
i
dentity
struct
{
Methods
[]
string
`json:"methods"`
Methods
[]
string
`json:"methods"`
Password
`json:"password"`
Password
password
`json:"password"`
}
}
type
P
assword
struct
{
type
p
assword
struct
{
User
`json:"user"`
User
user
`json:"user"`
}
}
type
User
struct
{
type
user
struct
{
Name
string
`json:"name"`
Domain
`json:"domain"`
Password
string
`json:"password"`
}
type
Domain
struct
{
ID
string
`json:"id"`
}
type
Token
struct
{
IssuedAt
string
`json:"issued_at"`
Extras
map
[
string
]
interface
{}
`json:"extras"`
Methods
[]
string
`json:"methods"`
ExpiresAt
string
`json:"expires_at"`
User
KeystoneUser
`json:"user"`
}
type
TokenResponse
struct
{
Token
Token
`json:"token"`
}
type
CreateUserRequest
struct
{
CreateUser
CreateUserForm
`json:"user"`
}
type
CreateUserForm
struct
{
Name
string
`json:"name"`
Name
string
`json:"name"`
Email
string
`json:"email"`
Domain
domain
`json:"domain"`
Enabled
bool
`json:"enabled"`
Password
string
`json:"password"`
Password
string
`json:"password"`
Roles
[]
string
`json:"roles"`
}
type
UserResponse
struct
{
User
CreateUserResponse
`json:"user"`
}
type
CreateUserResponse
struct
{
Username
string
`json:"username"`
Name
string
`json:"name"`
Roles
[]
string
`json:"roles"`
Enabled
bool
`json:"enabled"`
Options
string
`json:"options"`
ID
string
`json:"id"`
Email
string
`json:"email"`
}
type
CreateGroup
struct
{
Group
CreateGroupForm
`json:"group"`
}
type
CreateGroupForm
struct
{
Description
string
`json:"description"`
Name
string
`json:"name"`
}
}
type
GroupID
struct
{
type
domain
struct
{
Group
GroupIDForm
`json:"group
"`
ID
string
`json:"id
"`
}
}
type
GroupIDForm
struct
{
type
token
struct
{
ID
string
`json:"id
"`
User
userKeystone
`json:"user
"`
}
}
type
Links
struct
{
type
tokenResponse
struct
{
Self
string
`json:"self"`
Token
token
`json:"token"`
Previous
string
`json:"previous"`
Next
string
`json:"next"`
}
}
type
Group
struct
{
type
group
struct
{
DomainID
string
`json:"domain_id`
ID
string
`json:"id"`
Description
string
`json:"description"`
Name
string
`json:"name"`
ID
string
`json:"id"`
Links
Links
`json:"links"`
Name
string
`json:"name"`
}
}
type
GroupsResponse
struct
{
type
groupsResponse
struct
{
Links
Links
`json:"links"`
Groups
[]
group
`json:"groups"`
Groups
[]
Group
`json:"groups"`
}
}
examples/config-keystone.yaml
deleted
100644 → 0
View file @
a965365a
# The base path of dex and the external name of the OpenID Connect service.
# This is the canonical URL that all clients MUST use to refer to dex. If a
# path is provided, dex's HTTP service will listen at a non-root URL.
issuer
:
http://0.0.0.0:5556/dex
# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
#
# See the storage document at Documentation/storage.md for further information.
storage
:
type
:
sqlite3
config
:
file
:
examples/dex.db
#be in the dex directory, else change path here
# Configuration for the HTTP endpoints.
web
:
https
:
0.0.0.0:5556
# Uncomment for HTTPS options.
# https: 127.0.0.1:5554
tlsCert
:
./ssl/dex.crt
tlsKey
:
./ssl/dex.key
# Configuration for telemetry
telemetry
:
http
:
0.0.0.0:5558
oauth2
:
responseTypes
:
[
"
id_token"
]
# Instead of reading from an external storage, use this list of clients.
staticClients
:
-
id
:
example-app
redirectURIs
:
-
'
http://127.0.0.1:5555/callback'
name
:
'
Example
App'
secret
:
ZXhhbXBsZS1hcHAtc2VjcmV0
#Provide Keystone connector and its config here
# /v3/auth/tokens
connectors
:
-
type
:
keystone
id
:
keystone
name
:
Keystone
config
:
keystoneHost
:
http://localhost:5000
domain
:
default
keystoneUsername
:
demo
keystonePassword
:
DEMO_PASS
# Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB
:
true
oauth2
:
skipApprovalScreen
:
true
server/handlers.go
View file @
88d1e2b0
...
@@ -211,7 +211,6 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
...
@@ -211,7 +211,6 @@ func (s *Server) handleConnectorLogin(w http.ResponseWriter, r *http.Request) {
}
}
authReqID
:=
r
.
FormValue
(
"req"
)
authReqID
:=
r
.
FormValue
(
"req"
)
s
.
logger
.
Errorf
(
"Auth req id %v"
,
authReqID
)
authReq
,
err
:=
s
.
storage
.
GetAuthRequest
(
authReqID
)
authReq
,
err
:=
s
.
storage
.
GetAuthRequest
(
authReqID
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -346,7 +345,7 @@ func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http.Request)
...
@@ -346,7 +345,7 @@ func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http.Request)
s
.
renderError
(
w
,
http
.
StatusInternalServerError
,
"Requested resource does not exist."
)
s
.
renderError
(
w
,
http
.
StatusInternalServerError
,
"Requested resource does not exist."
)
return
return
}
}
s
.
logger
.
Errorf
(
"
2
Failed to get auth request: %v"
,
err
)
s
.
logger
.
Errorf
(
"Failed to get auth request: %v"
,
err
)
s
.
renderError
(
w
,
http
.
StatusInternalServerError
,
"Database error."
)
s
.
renderError
(
w
,
http
.
StatusInternalServerError
,
"Database error."
)
return
return
}
}
...
@@ -358,7 +357,6 @@ func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http.Request)
...
@@ -358,7 +357,6 @@ func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http.Request)
}
}
conn
,
err
:=
s
.
getConnector
(
authReq
.
ConnectorID
)
conn
,
err
:=
s
.
getConnector
(
authReq
.
ConnectorID
)
s
.
logger
.
Errorf
(
"X Connector %v"
,
conn
)
if
err
!=
nil
{
if
err
!=
nil
{
s
.
logger
.
Errorf
(
"Failed to get connector with id %q : %v"
,
authReq
.
ConnectorID
,
err
)
s
.
logger
.
Errorf
(
"Failed to get connector with id %q : %v"
,
authReq
.
ConnectorID
,
err
)
s
.
renderError
(
w
,
http
.
StatusInternalServerError
,
"Requested resource does not exist."
)
s
.
renderError
(
w
,
http
.
StatusInternalServerError
,
"Requested resource does not exist."
)
...
@@ -437,7 +435,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
...
@@ -437,7 +435,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
func
(
s
*
Server
)
handleApproval
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
)
{
func
(
s
*
Server
)
handleApproval
(
w
http
.
ResponseWriter
,
r
*
http
.
Request
)
{
authReq
,
err
:=
s
.
storage
.
GetAuthRequest
(
r
.
FormValue
(
"req"
))
authReq
,
err
:=
s
.
storage
.
GetAuthRequest
(
r
.
FormValue
(
"req"
))
if
err
!=
nil
{
if
err
!=
nil
{
s
.
logger
.
Errorf
(
"
3
Failed to get auth request: %v"
,
err
)
s
.
logger
.
Errorf
(
"Failed to get auth request: %v"
,
err
)
s
.
renderError
(
w
,
http
.
StatusInternalServerError
,
"Database error."
)
s
.
renderError
(
w
,
http
.
StatusInternalServerError
,
"Database error."
)
return
return
}
}
...
...
server/server.go
View file @
88d1e2b0
...
@@ -27,6 +27,7 @@ import (
...
@@ -27,6 +27,7 @@ import (
"github.com/dexidp/dex/connector/bitbucketcloud"
"github.com/dexidp/dex/connector/bitbucketcloud"
"github.com/dexidp/dex/connector/github"
"github.com/dexidp/dex/connector/github"
"github.com/dexidp/dex/connector/gitlab"
"github.com/dexidp/dex/connector/gitlab"
"github.com/dexidp/dex/connector/keystone"
"github.com/dexidp/dex/connector/ldap"
"github.com/dexidp/dex/connector/ldap"
"github.com/dexidp/dex/connector/linkedin"
"github.com/dexidp/dex/connector/linkedin"
"github.com/dexidp/dex/connector/microsoft"
"github.com/dexidp/dex/connector/microsoft"
...
@@ -34,7 +35,6 @@ import (
...
@@ -34,7 +35,6 @@ import (
"github.com/dexidp/dex/connector/oidc"
"github.com/dexidp/dex/connector/oidc"
"github.com/dexidp/dex/connector/saml"
"github.com/dexidp/dex/connector/saml"
"github.com/dexidp/dex/storage"
"github.com/dexidp/dex/storage"
"github.com/dexidp/dex/connector/keystone"
)
)
// LocalConnector is the local passwordDB connector which is an internal
// LocalConnector is the local passwordDB connector which is an internal
...
@@ -456,7 +456,7 @@ func openConnector(logger logrus.FieldLogger, conn storage.Connector) (connector
...
@@ -456,7 +456,7 @@ func openConnector(logger logrus.FieldLogger, conn storage.Connector) (connector
f
,
ok
:=
ConnectorsConfig
[
conn
.
Type
]
f
,
ok
:=
ConnectorsConfig
[
conn
.
Type
]
if
!
ok
{
if
!
ok
{
return
c
,
fmt
.
Errorf
(
"
x
unknown connector type %q"
,
conn
.
Type
)
return
c
,
fmt
.
Errorf
(
"unknown connector type %q"
,
conn
.
Type
)
}
}
connConfig
:=
f
()
connConfig
:=
f
()
...
...
storage/static.go
View file @
88d1e2b0
...
@@ -3,6 +3,7 @@ package storage
...
@@ -3,6 +3,7 @@ package storage
import
(
import
(
"errors"
"errors"
"strings"
"strings"
"github.com/sirupsen/logrus"
"github.com/sirupsen/logrus"
)
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment