1. 03 Mar, 2017 1 commit
  2. 01 Mar, 2017 3 commits
  3. 28 Feb, 2017 3 commits
  4. 27 Feb, 2017 2 commits
  5. 24 Feb, 2017 6 commits
  6. 23 Feb, 2017 2 commits
  7. 22 Feb, 2017 3 commits
  8. 21 Feb, 2017 2 commits
  9. 20 Feb, 2017 1 commit
  10. 15 Feb, 2017 2 commits
  11. 14 Feb, 2017 2 commits
  12. 10 Feb, 2017 2 commits
  13. 07 Feb, 2017 2 commits
  14. 06 Feb, 2017 3 commits
  15. 03 Feb, 2017 1 commit
  16. 02 Feb, 2017 2 commits
    • Eric Chiang's avatar
      {web,server}: use html/template and reduce use of auth request ID · 72a431dd
      Eric Chiang authored
      Switch from using "text/template" to "html/template", which provides
      basic XSS preventions. We haven't identified any particular place
      where unsanitized user data is rendered to the frontend. This is
      just a preventative step.
      
      At the same time, make more templates take pure URL instead of
      forming an URL themselves using an "authReqID" argument. This will
      help us stop using the auth req ID in certain places, preventing
      garbage collection from killing login flows that wait too long at
      the login screen.
      
      Also increase the login session window (time between initial
      redirect and the user logging in) from 30 minutes to 24 hours,
      and display a more helpful error message when the session expires.
      
      How to test:
      
      1. Spin up dex and example with examples/config-dev.yaml.
      2. Login through both the password prompt and the direct redirect.
      3. Edit examples/config-dev.yaml removing the "connectors" section.
      4. Ensure you can still login with a password.
      
      (email/password is "admin@example.com" and "password")
      72a431dd
    • rithu leena john's avatar
      Merge pull request #794 from rithujohn191/saml-doc · 12f96936
      rithu leena john authored
      Documentation: Minor changes to SAML connector doc.
      12f96936
  17. 01 Feb, 2017 3 commits