diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml deleted file mode 100644 index 0237b3ac66..0000000000 --- a/.github/workflows/artifacts.yaml +++ /dev/null @@ -1,97 +0,0 @@ -name: Artifacts - -on: - push: - branches: - - master - tags: - - v[0-9]+.[0-9]+.[0-9]+ - pull_request: - -jobs: - container-images: - name: Container images - runs-on: ubuntu-latest - strategy: - matrix: - variant: - - alpine - - distroless - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Gather metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: | - ghcr.io/dexidp/dex - dexidp/dex - flavor: | - latest = false - tags: | - type=ref,event=branch,enable=${{ matrix.variant == 'alpine' }} - type=ref,event=pr,enable=${{ matrix.variant == 'alpine' }} - type=semver,pattern={{raw}},enable=${{ matrix.variant == 'alpine' }} - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && matrix.variant == 'alpine' }} - type=ref,event=branch,suffix=-${{ matrix.variant }} - type=ref,event=pr,suffix=-${{ matrix.variant }} - type=semver,pattern={{raw}},suffix=-${{ matrix.variant }} - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }},suffix=-${{ matrix.variant }} - labels: | - org.opencontainers.image.documentation=https://dexidp.io/docs/ - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: all - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ github.token }} - if: github.event_name == 'push' - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - if: github.event_name == 'push' - - - name: Build and push - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le - # cache-from: type=gha - # cache-to: type=gha,mode=max - push: ${{ github.event_name == 'push' }} - tags: ${{ steps.meta.outputs.tags }} - build-args: | - BASE_IMAGE=${{ matrix.variant }} - VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} - COMMIT_HASH=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} - BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 - with: - image-ref: "ghcr.io/dexidp/dex:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}" - format: "sarif" - output: "trivy-results.sarif" - if: github.event_name == 'push' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-results.sarif" - if: github.event_name == 'push' diff --git a/.github/workflows/checks.yaml b/.github/workflows/checks.yaml deleted file mode 100644 index c7eb4ea73c..0000000000 --- a/.github/workflows/checks.yaml +++ /dev/null @@ -1,18 +0,0 @@ -name: PR Checks - -on: - pull_request: - types: [opened, labeled, unlabeled, synchronize] - -jobs: - release-label: - name: Release note label - runs-on: ubuntu-latest - - steps: - - name: Check minimum labels - uses: mheap/github-action-required-labels@v2 - with: - mode: minimum - count: 1 - labels: "release-note/ignore, kind/feature, release-note/new-feature, kind/enhancement, release-note/enhancement, kind/bug, release-note/bug-fix, release-note/breaking-change, release-note/deprecation, area/dependencies, release-note/dependency-update" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index c38ed934a7..0000000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,129 +0,0 @@ -name: CI - -on: - push: - branches: - - master - pull_request: - -jobs: - build: - name: Build - runs-on: ubuntu-latest - env: - GOFLAGS: -mod=readonly - - services: - postgres: - image: postgres:10.8 - ports: - - 5432 - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - postgres-ent: - image: postgres:10.8 - ports: - - 5432 - options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 - - mysql: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: root - MYSQL_DATABASE: dex - ports: - - 3306 - options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5 - - mysql-ent: - image: mysql:5.7 - env: - MYSQL_ROOT_PASSWORD: root - MYSQL_DATABASE: dex - ports: - - 3306 - options: --health-cmd "mysql -proot -e \"show databases;\"" --health-interval 10s --health-timeout 5s --health-retries 5 - - etcd: - image: gcr.io/etcd-development/etcd:v3.5.0 - ports: - - 2379 - env: - ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379 - ETCD_ADVERTISE_CLIENT_URLS: http://0.0.0.0:2379 - options: --health-cmd "ETCDCTL_API=3 etcdctl --endpoints http://localhost:2379 endpoint health" --health-interval 10s --health-timeout 5s --health-retries 5 - - keystone: - image: openio/openstack-keystone:rocky - ports: - - 5000 - - 35357 - options: --health-cmd "curl --fail http://localhost:5000/v3" --health-interval 10s --health-timeout 5s --health-retries 5 - - steps: - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: 1.18 - - - name: Checkout code - uses: actions/checkout@v3 - - - name: Start services - run: docker-compose -f docker-compose.test.yaml up -d - - - name: Create kind cluster - uses: helm/kind-action@v1.4.0 - with: - version: v0.11.1 - node_image: kindest/node:v1.19.11@sha256:07db187ae84b4b7de440a73886f008cf903fcf5764ba8106a9fd5243d6f32729 - - - name: Download tool dependencies - run: make deps - - - name: Test - run: make testall - env: - DEX_MYSQL_DATABASE: dex - DEX_MYSQL_USER: root - DEX_MYSQL_PASSWORD: root - DEX_MYSQL_HOST: 127.0.0.1 - DEX_MYSQL_PORT: ${{ job.services.mysql.ports[3306] }} - - DEX_MYSQL_ENT_DATABASE: dex - DEX_MYSQL_ENT_USER: root - DEX_MYSQL_ENT_PASSWORD: root - DEX_MYSQL_ENT_HOST: 127.0.0.1 - DEX_MYSQL_ENT_PORT: ${{ job.services.mysql-ent.ports[3306] }} - - DEX_POSTGRES_DATABASE: postgres - DEX_POSTGRES_USER: postgres - DEX_POSTGRES_PASSWORD: postgres - DEX_POSTGRES_HOST: localhost - DEX_POSTGRES_PORT: ${{ job.services.postgres.ports[5432] }} - - DEX_POSTGRES_ENT_DATABASE: postgres - DEX_POSTGRES_ENT_USER: postgres - DEX_POSTGRES_ENT_PASSWORD: postgres - DEX_POSTGRES_ENT_HOST: localhost - DEX_POSTGRES_ENT_PORT: ${{ job.services.postgres-ent.ports[5432] }} - - DEX_ETCD_ENDPOINTS: http://localhost:${{ job.services.etcd.ports[2379] }} - - DEX_LDAP_HOST: localhost - DEX_LDAP_PORT: 389 - DEX_LDAP_TLS_PORT: 636 - - DEX_KEYSTONE_URL: http://localhost:${{ job.services.keystone.ports[5000] }} - DEX_KEYSTONE_ADMIN_URL: http://localhost:${{ job.services.keystone.ports[35357] }} - DEX_KEYSTONE_ADMIN_USER: demo - DEX_KEYSTONE_ADMIN_PASS: DEMO_PASS - - DEX_KUBERNETES_CONFIG_PATH: ~/.kube/config - - - name: Lint - run: make lint - - # Ensure proto generation doesn't depend on external packages. - - name: Verify proto - run: make verify-proto diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml deleted file mode 100644 index 926f8be539..0000000000 --- a/.github/workflows/codeql-analysis.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ master, v1 ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '28 10 * * 6' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml deleted file mode 100644 index f841d55640..0000000000 --- a/.github/workflows/docker.yaml +++ /dev/null @@ -1,111 +0,0 @@ -name: Docker - -on: - # push: - # branches: - # - master - # tags: - # - v[0-9]+.[0-9]+.[0-9]+ - pull_request: - -jobs: - docker: - name: Docker - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Calculate Docker image tags - id: tags - env: - DOCKER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex" - run: | - case $GITHUB_REF in - refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};; - refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');; - refs/pull/*) VERSION=pr-${{ github.event.number }};; - *) VERSION=sha-${GITHUB_SHA::8};; - esac - - TAGS=() - for image in $DOCKER_IMAGES; do - TAGS+=("${image}:${VERSION}") - - if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then - TAGS+=("${image}:latest") - fi - done - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}") - echo ::set-output name=commit_hash::${GITHUB_SHA::8} - echo ::set-output name=build_date::$(git show -s --format=%cI) - - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: all - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - with: - install: true - version: latest - # TODO: Remove driver-opts once fix is released docker/buildx#386 - driver-opts: image=moby/buildkit:master - - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ github.token }} - if: github.event_name == 'push' - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - if: github.event_name == 'push' - - - name: Build and push - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le - # cache-from: type=gha - # cache-to: type=gha,mode=max - push: ${{ github.event_name == 'push' }} - tags: ${{ steps.tags.outputs.tags }} - build-args: | - VERSION=${{ steps.tags.outputs.version }} - COMMIT_HASH=${{ steps.tags.outputs.commit_hash }} - BUILD_DATE=${{ steps.tags.outputs.build_date }} - labels: | - org.opencontainers.image.title=${{ github.event.repository.name }} - org.opencontainers.image.description=${{ github.event.repository.description }} - org.opencontainers.image.url=${{ github.event.repository.html_url }} - org.opencontainers.image.source=${{ github.event.repository.clone_url }} - org.opencontainers.image.version=${{ steps.tags.outputs.version }} - org.opencontainers.image.created=${{ steps.tags.outputs.build_date }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} - org.opencontainers.image.documentation=https://dexidp.io/docs/ - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 - with: - image-ref: "ghcr.io/dexidp/dex:${{ steps.tags.outputs.version }}" - format: "template" - template: "@/contrib/sarif.tpl" - output: "trivy-results.sarif" - if: github.event_name == 'push' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-results.sarif" - if: github.event_name == 'push' diff --git a/Dockerfile b/Dockerfile index 3462ae52ac..12b3a7a739 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG BASE_IMAGE=alpine -FROM golang:1.19.1-alpine3.16 AS builder +FROM golang:1.19.2-alpine3.16 AS builder WORKDIR /usr/local/src/dex @@ -34,7 +34,7 @@ ARG TARGETOS ARG TARGETARCH ARG TARGETVARIANT -ENV GOMPLATE_VERSION=v3.11.2 +ENV GOMPLATE_VERSION=v3.11.3 RUN wget -O /usr/local/bin/gomplate \ "https://github.com/hairyhenderson/gomplate/releases/download/${GOMPLATE_VERSION}/gomplate_${TARGETOS:-linux}-${TARGETARCH:-amd64}${TARGETVARIANT}" \ diff --git a/README.md b/README.md index 271376d65e..5d3785265b 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,7 @@ Dex implements the following connectors: | [Atlassian Crowd](https://dexidp.io/docs/connectors/atlassiancrowd/) | yes | yes | yes * | beta | preferred_username claim must be configured through config | | [Gitea](https://dexidp.io/docs/connectors/gitea/) | yes | no | yes | beta | | | [OpenStack Keystone](https://dexidp.io/docs/connectors/keystone/) | yes | yes | no | alpha | | +| [Cloud Foundry](https://dexidp.io/docs/connectors/cloudfoundry/) | no | yes | no | alpha | This connector is community maintained by [Concourse](https://github.com/concourse) | Stable, beta, and alpha are defined as: diff --git a/cmd/dex/config.go b/cmd/dex/config.go index 7bb7fbb780..0a0a14e1f6 100644 --- a/cmd/dex/config.go +++ b/cmd/dex/config.go @@ -10,14 +10,14 @@ import ( "golang.org/x/crypto/bcrypt" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/server" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent" - "github.com/dexidp/dex/storage/etcd" - "github.com/dexidp/dex/storage/kubernetes" - "github.com/dexidp/dex/storage/memory" - "github.com/dexidp/dex/storage/sql" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/server" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent" + "github.com/concourse/dex/storage/etcd" + "github.com/concourse/dex/storage/kubernetes" + "github.com/concourse/dex/storage/memory" + "github.com/concourse/dex/storage/sql" ) // Config is the config format for the main application. diff --git a/cmd/dex/config_test.go b/cmd/dex/config_test.go index 8ee02d5aa2..2f7bc8447e 100644 --- a/cmd/dex/config_test.go +++ b/cmd/dex/config_test.go @@ -7,11 +7,11 @@ import ( "github.com/ghodss/yaml" "github.com/kylelemons/godebug/pretty" - "github.com/dexidp/dex/connector/mock" - "github.com/dexidp/dex/connector/oidc" - "github.com/dexidp/dex/server" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/sql" + "github.com/concourse/dex/connector/mock" + "github.com/concourse/dex/connector/oidc" + "github.com/concourse/dex/server" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/sql" ) var _ = yaml.YAMLToJSON diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go index c8fb95eb16..cd867abf54 100644 --- a/cmd/dex/serve.go +++ b/cmd/dex/serve.go @@ -31,9 +31,9 @@ import ( "google.golang.org/grpc/reflection" "github.com/dexidp/dex/api/v2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/server" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/server" + "github.com/concourse/dex/storage" ) type serveOptions struct { diff --git a/connector/atlassiancrowd/atlassiancrowd.go b/connector/atlassiancrowd/atlassiancrowd.go index e2ca94b0de..16605be799 100644 --- a/connector/atlassiancrowd/atlassiancrowd.go +++ b/connector/atlassiancrowd/atlassiancrowd.go @@ -12,9 +12,9 @@ import ( "strings" "time" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) // Config holds configuration options for Atlassian Crowd connector. diff --git a/connector/authproxy/authproxy.go b/connector/authproxy/authproxy.go index 8715412146..aea4512f46 100644 --- a/connector/authproxy/authproxy.go +++ b/connector/authproxy/authproxy.go @@ -9,8 +9,8 @@ import ( "net/url" "strings" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) // Config holds the configuration parameters for a connector which returns an diff --git a/connector/authproxy/authproxy_test.go b/connector/authproxy/authproxy_test.go index 5d42530e07..0d58cfbc3d 100644 --- a/connector/authproxy/authproxy_test.go +++ b/connector/authproxy/authproxy_test.go @@ -8,7 +8,7 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) const ( diff --git a/connector/bitbucketcloud/bitbucketcloud.go b/connector/bitbucketcloud/bitbucketcloud.go index 27eafb5299..adf18c8a35 100644 --- a/connector/bitbucketcloud/bitbucketcloud.go +++ b/connector/bitbucketcloud/bitbucketcloud.go @@ -14,9 +14,9 @@ import ( "golang.org/x/oauth2" "golang.org/x/oauth2/bitbucket" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) const ( diff --git a/connector/bitbucketcloud/bitbucketcloud_test.go b/connector/bitbucketcloud/bitbucketcloud_test.go index 9545ff09c5..035ec1da3e 100644 --- a/connector/bitbucketcloud/bitbucketcloud_test.go +++ b/connector/bitbucketcloud/bitbucketcloud_test.go @@ -10,7 +10,7 @@ import ( "reflect" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestUserGroups(t *testing.T) { diff --git a/connector/cloudfoundry/cloudfoundry.go b/connector/cloudfoundry/cloudfoundry.go new file mode 100644 index 0000000000..faa86bbab1 --- /dev/null +++ b/connector/cloudfoundry/cloudfoundry.go @@ -0,0 +1,394 @@ +package cloudfoundry + +import ( + "context" + "crypto/tls" + "crypto/x509" + "encoding/json" + "errors" + "fmt" + "net" + "net/http" + "os" + "sort" + "strings" + "time" + + "golang.org/x/oauth2" + + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" +) + +type cloudfoundryConnector struct { + clientID string + clientSecret string + redirectURI string + apiURL string + tokenURL string + authorizationURL string + userInfoURL string + httpClient *http.Client + logger log.Logger +} + +type connectorData struct { + AccessToken string +} + +type Config struct { + ClientID string `json:"clientID"` + ClientSecret string `json:"clientSecret"` + RedirectURI string `json:"redirectURI"` + APIURL string `json:"apiURL"` + RootCAs []string `json:"rootCAs"` + InsecureSkipVerify bool `json:"insecureSkipVerify"` +} + +type ccResponse struct { + NextURL string `json:"next_url"` + Resources []resource `json:"resources"` + TotalResults int `json:"total_results"` +} + +type resource struct { + Metadata metadata `json:"metadata"` + Entity entity `json:"entity"` +} + +type metadata struct { + GUID string `json:"guid"` +} + +type entity struct { + Name string `json:"name"` + OrganizationGUID string `json:"organization_guid"` +} + +type space struct { + Name string + GUID string + OrgGUID string + Role string +} + +type org struct { + Name string + GUID string +} + +func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) { + var err error + + cloudfoundryConn := &cloudfoundryConnector{ + clientID: c.ClientID, + clientSecret: c.ClientSecret, + apiURL: c.APIURL, + redirectURI: c.RedirectURI, + logger: logger, + } + + cloudfoundryConn.httpClient, err = newHTTPClient(c.RootCAs, c.InsecureSkipVerify) + if err != nil { + return nil, err + } + + apiURL := strings.TrimRight(c.APIURL, "/") + apiResp, err := cloudfoundryConn.httpClient.Get(fmt.Sprintf("%s/v2/info", apiURL)) + if err != nil { + logger.Errorf("failed-to-send-request-to-cloud-controller-api", err) + return nil, err + } + + defer apiResp.Body.Close() + + if apiResp.StatusCode != http.StatusOK { + err = fmt.Errorf("request failed with status %d", apiResp.StatusCode) + logger.Errorf("failed-get-info-response-from-api", err) + return nil, err + } + + var apiResult map[string]interface{} + json.NewDecoder(apiResp.Body).Decode(&apiResult) + + uaaURL := strings.TrimRight(apiResult["authorization_endpoint"].(string), "/") + uaaResp, err := cloudfoundryConn.httpClient.Get(fmt.Sprintf("%s/.well-known/openid-configuration", uaaURL)) + if err != nil { + logger.Errorf("failed-to-send-request-to-uaa-api", err) + return nil, err + } + + if apiResp.StatusCode != http.StatusOK { + err = fmt.Errorf("request failed with status %d", apiResp.StatusCode) + logger.Errorf("failed-to-get-well-known-config-response-from-api", err) + return nil, err + } + + defer uaaResp.Body.Close() + + var uaaResult map[string]interface{} + err = json.NewDecoder(uaaResp.Body).Decode(&uaaResult) + + if err != nil { + logger.Errorf("failed-to-decode-response-from-uaa-api", err) + return nil, err + } + + cloudfoundryConn.tokenURL, _ = uaaResult["token_endpoint"].(string) + cloudfoundryConn.authorizationURL, _ = uaaResult["authorization_endpoint"].(string) + cloudfoundryConn.userInfoURL, _ = uaaResult["userinfo_endpoint"].(string) + + return cloudfoundryConn, err +} + +func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { + pool, err := x509.SystemCertPool() + if err != nil { + return nil, err + } + + tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} + for _, rootCA := range rootCAs { + rootCABytes, err := os.ReadFile(rootCA) + if err != nil { + return nil, fmt.Errorf("failed to read root-ca: %v", err) + } + if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { + return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) + } + } + + return &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tlsConfig, + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + DualStack: true, + }).DialContext, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + }, + }, nil +} + +func (c *cloudfoundryConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) { + if c.redirectURI != callbackURL { + return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI) + } + + oauth2Config := &oauth2.Config{ + ClientID: c.clientID, + ClientSecret: c.clientSecret, + Endpoint: oauth2.Endpoint{TokenURL: c.tokenURL, AuthURL: c.authorizationURL}, + RedirectURL: c.redirectURI, + Scopes: []string{"openid", "cloud_controller.read"}, + } + + return oauth2Config.AuthCodeURL(state), nil +} + +func fetchRoleSpaces(baseURL, path, role string, client *http.Client) ([]space, error) { + resources, err := fetchResources(baseURL, path, client) + if err != nil { + return nil, fmt.Errorf("failed to fetch resources: %v", err) + } + + spaces := make([]space, len(resources)) + for i, resource := range resources { + spaces[i] = space{ + Name: resource.Entity.Name, + GUID: resource.Metadata.GUID, + OrgGUID: resource.Entity.OrganizationGUID, + Role: role, + } + } + + return spaces, nil +} + +func fetchOrgs(baseURL, path string, client *http.Client) ([]org, error) { + resources, err := fetchResources(baseURL, path, client) + if err != nil { + return nil, fmt.Errorf("failed to fetch resources: %v", err) + } + + orgs := make([]org, len(resources)) + for i, resource := range resources { + orgs[i] = org{ + Name: resource.Entity.Name, + GUID: resource.Metadata.GUID, + } + } + + return orgs, nil +} + +func fetchResources(baseURL, path string, client *http.Client) ([]resource, error) { + var ( + resources []resource + url string + ) + + for { + url = fmt.Sprintf("%s%s", baseURL, path) + + resp, err := client.Get(url) + if err != nil { + return nil, fmt.Errorf("failed to execute request: %v", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + return nil, fmt.Errorf("unsuccessful status code %d", resp.StatusCode) + } + + response := ccResponse{} + err = json.NewDecoder(resp.Body).Decode(&response) + if err != nil { + return nil, fmt.Errorf("failed to parse spaces: %v", err) + } + + resources = append(resources, response.Resources...) + + path = response.NextURL + if path == "" { + break + } + } + + return resources, nil +} + +func getGroupsClaims(orgs []org, spaces []space) []string { + var ( + orgMap = map[string]string{} + orgSpaces = map[string][]space{} + groupsClaims = map[string]bool{} + ) + + for _, org := range orgs { + orgMap[org.GUID] = org.Name + orgSpaces[org.Name] = []space{} + groupsClaims[org.GUID] = true + groupsClaims[org.Name] = true + } + + for _, space := range spaces { + orgName := orgMap[space.OrgGUID] + orgSpaces[orgName] = append(orgSpaces[orgName], space) + groupsClaims[space.GUID] = true + groupsClaims[fmt.Sprintf("%s:%s", space.GUID, space.Role)] = true + } + + for orgName, spaces := range orgSpaces { + for _, space := range spaces { + groupsClaims[fmt.Sprintf("%s:%s", orgName, space.Name)] = true + groupsClaims[fmt.Sprintf("%s:%s:%s", orgName, space.Name, space.Role)] = true + } + } + + groups := make([]string, 0, len(groupsClaims)) + for group := range groupsClaims { + groups = append(groups, group) + } + + sort.Strings(groups) + + return groups +} + +func (c *cloudfoundryConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) { + q := r.URL.Query() + if errType := q.Get("error"); errType != "" { + return identity, errors.New(q.Get("error_description")) + } + + oauth2Config := &oauth2.Config{ + ClientID: c.clientID, + ClientSecret: c.clientSecret, + Endpoint: oauth2.Endpoint{TokenURL: c.tokenURL, AuthURL: c.authorizationURL}, + RedirectURL: c.redirectURI, + Scopes: []string{"openid", "cloud_controller.read"}, + } + + ctx := context.WithValue(r.Context(), oauth2.HTTPClient, c.httpClient) + + token, err := oauth2Config.Exchange(ctx, q.Get("code")) + if err != nil { + return identity, fmt.Errorf("CF connector: failed to get token: %v", err) + } + + client := oauth2.NewClient(ctx, oauth2.StaticTokenSource(token)) + + userInfoResp, err := client.Get(c.userInfoURL) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to execute request to userinfo: %v", err) + } + + if userInfoResp.StatusCode != http.StatusOK { + return identity, fmt.Errorf("CF Connector: failed to execute request to userinfo: status %d", userInfoResp.StatusCode) + } + + defer userInfoResp.Body.Close() + + var userInfoResult map[string]interface{} + err = json.NewDecoder(userInfoResp.Body).Decode(&userInfoResult) + + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to parse userinfo: %v", err) + } + + identity.UserID, _ = userInfoResult["user_id"].(string) + identity.Username, _ = userInfoResult["user_name"].(string) + identity.PreferredUsername, _ = userInfoResult["user_name"].(string) + identity.Email, _ = userInfoResult["email"].(string) + identity.EmailVerified, _ = userInfoResult["email_verified"].(bool) + + var ( + devPath = fmt.Sprintf("/v2/users/%s/spaces", identity.UserID) + auditorPath = fmt.Sprintf("/v2/users/%s/audited_spaces", identity.UserID) + managerPath = fmt.Sprintf("/v2/users/%s/managed_spaces", identity.UserID) + orgsPath = fmt.Sprintf("/v2/users/%s/organizations", identity.UserID) + ) + + if s.Groups { + orgs, err := fetchOrgs(c.apiURL, orgsPath, client) + if err != nil { + return identity, fmt.Errorf("failed to fetch organizaitons: %v", err) + } + + developerSpaces, err := fetchRoleSpaces(c.apiURL, devPath, "developer", client) + if err != nil { + return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) + } + + auditorSpaces, err := fetchRoleSpaces(c.apiURL, auditorPath, "auditor", client) + if err != nil { + return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) + } + + managerSpaces, err := fetchRoleSpaces(c.apiURL, managerPath, "manager", client) + if err != nil { + return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err) + } + + developerSpaces = append(developerSpaces, append(auditorSpaces, managerSpaces...)...) + + identity.Groups = getGroupsClaims(orgs, developerSpaces) + } + + if s.OfflineAccess { + data := connectorData{AccessToken: token.AccessToken} + connData, err := json.Marshal(data) + if err != nil { + return identity, fmt.Errorf("CF Connector: failed to parse connector data for offline access: %v", err) + } + identity.ConnectorData = connData + } + + return identity, nil +} diff --git a/connector/cloudfoundry/cloudfoundry_test.go b/connector/cloudfoundry/cloudfoundry_test.go new file mode 100644 index 0000000000..1e6af394de --- /dev/null +++ b/connector/cloudfoundry/cloudfoundry_test.go @@ -0,0 +1,259 @@ +package cloudfoundry + +import ( + "encoding/json" + "errors" + "fmt" + "net/http" + "net/http/httptest" + "reflect" + "strings" + "testing" + + "github.com/sirupsen/logrus" + + "github.com/concourse/dex/connector" +) + +func TestOpen(t *testing.T) { + testServer := testSetup() + defer testServer.Close() + + conn := newConnector(t, testServer.URL) + + expectEqual(t, conn.clientID, "test-client") + expectEqual(t, conn.clientSecret, "secret") + expectEqual(t, conn.redirectURI, testServer.URL+"/callback") +} + +func TestHandleCallback(t *testing.T) { + testServer := testSetup() + defer testServer.Close() + + cloudfoundryConn := &cloudfoundryConnector{ + tokenURL: fmt.Sprintf("%s/token", testServer.URL), + authorizationURL: fmt.Sprintf("%s/authorize", testServer.URL), + userInfoURL: fmt.Sprintf("%s/userinfo", testServer.URL), + apiURL: testServer.URL, + clientSecret: "secret", + clientID: "test-client", + redirectURI: "localhost:8080/sky/dex/callback", + httpClient: http.DefaultClient, + } + + req, err := http.NewRequest("GET", testServer.URL, nil) + expectEqual(t, err, nil) + + t.Run("CallbackWithGroupsScope", func(t *testing.T) { + identity, err := cloudfoundryConn.HandleCallback(connector.Scopes{Groups: true}, req) + expectEqual(t, err, nil) + + expectEqual(t, len(identity.Groups), 24) + expectEqual(t, identity.Groups[0], "some-org-guid-1") + expectEqual(t, identity.Groups[1], "some-org-guid-2") + expectEqual(t, identity.Groups[2], "some-org-guid-3") + expectEqual(t, identity.Groups[3], "some-org-guid-4") + expectEqual(t, identity.Groups[4], "some-org-name-1") + expectEqual(t, identity.Groups[5], "some-org-name-1:some-space-name-1") + expectEqual(t, identity.Groups[6], "some-org-name-1:some-space-name-1:auditor") + expectEqual(t, identity.Groups[7], "some-org-name-1:some-space-name-1:developer") + expectEqual(t, identity.Groups[8], "some-org-name-1:some-space-name-1:manager") + expectEqual(t, identity.Groups[9], "some-org-name-2") + expectEqual(t, identity.Groups[10], "some-org-name-2:some-space-name-2") + expectEqual(t, identity.Groups[11], "some-org-name-2:some-space-name-2:auditor") + expectEqual(t, identity.Groups[12], "some-org-name-2:some-space-name-2:developer") + expectEqual(t, identity.Groups[13], "some-org-name-2:some-space-name-2:manager") + expectEqual(t, identity.Groups[14], "some-org-name-3") + expectEqual(t, identity.Groups[15], "some-org-name-4") + expectEqual(t, identity.Groups[16], "some-space-guid-1") + expectEqual(t, identity.Groups[17], "some-space-guid-1:auditor") + expectEqual(t, identity.Groups[18], "some-space-guid-1:developer") + expectEqual(t, identity.Groups[19], "some-space-guid-1:manager") + expectEqual(t, identity.Groups[20], "some-space-guid-2") + expectEqual(t, identity.Groups[21], "some-space-guid-2:auditor") + expectEqual(t, identity.Groups[22], "some-space-guid-2:developer") + expectEqual(t, identity.Groups[23], "some-space-guid-2:manager") + }) + + t.Run("CallbackWithoutGroupsScope", func(t *testing.T) { + identity, err := cloudfoundryConn.HandleCallback(connector.Scopes{}, req) + + expectEqual(t, err, nil) + expectEqual(t, identity.UserID, "12345") + expectEqual(t, identity.Username, "test-user") + }) + + t.Run("CallbackWithOfflineAccessScope", func(t *testing.T) { + identity, err := cloudfoundryConn.HandleCallback(connector.Scopes{OfflineAccess: true}, req) + + expectEqual(t, err, nil) + expectNotEqual(t, len(identity.ConnectorData), 0) + + cData := connectorData{} + err = json.Unmarshal(identity.ConnectorData, &cData) + + expectEqual(t, err, nil) + expectNotEqual(t, cData.AccessToken, "") + }) +} + +func testSpaceHandler(reqURL, spaceAPIEndpoint string) (result map[string]interface{}) { + fullURL := fmt.Sprintf("%s?order-direction=asc&page=2&results-per-page=50", spaceAPIEndpoint) + if strings.Contains(reqURL, fullURL) { + result = map[string]interface{}{ + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-space-guid-2"}, + "entity": map[string]string{"name": "some-space-name-2", "organization_guid": "some-org-guid-2"}, + }, + }, + } + } else { + nextURL := fmt.Sprintf("/v2/users/12345/%s?order-direction=asc&page=2&results-per-page=50", spaceAPIEndpoint) + result = map[string]interface{}{ + "next_url": nextURL, + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-space-guid-1"}, + "entity": map[string]string{"name": "some-space-name-1", "organization_guid": "some-org-guid-1"}, + }, + }, + } + } + return result +} + +func testOrgHandler(reqURL string) (result map[string]interface{}) { + if strings.Contains(reqURL, "organizations?order-direction=asc&page=2&results-per-page=50") { + result = map[string]interface{}{ + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-org-guid-3"}, + "entity": map[string]string{"name": "some-org-name-3"}, + }, + { + "metadata": map[string]string{"guid": "some-org-guid-4"}, + "entity": map[string]string{"name": "some-org-name-4"}, + }, + }, + } + } else { + result = map[string]interface{}{ + "next_url": "/v2/users/12345/organizations?order-direction=asc&page=2&results-per-page=50", + "resources": []map[string]interface{}{ + { + "metadata": map[string]string{"guid": "some-org-guid-1"}, + "entity": map[string]string{"name": "some-org-name-1"}, + }, + { + "metadata": map[string]string{"guid": "some-org-guid-2"}, + "entity": map[string]string{"name": "some-org-name-2"}, + }, + }, + } + } + return result +} + +func testSetup() *httptest.Server { + mux := http.NewServeMux() + mux.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) { + token := "eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiIxMjk4MTNhZjJiNGM0ZDNhYmYyNjljMzM4OTFkZjNiZCIsInN1YiI6ImNmMWFlODk4LWQ1ODctNDBhYS1hNWRiLTE5ZTY3MjI0N2I1NyIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIucmVhZCIsIm9wZW5pZCJdLCJjbGllbnRfaWQiOiJjb25jb3Vyc2UiLCJjaWQiOiJjb25jb3Vyc2UiLCJhenAiOiJjb25jb3Vyc2UiLCJncmFudF90eXBlIjoiYXV0aG9yaXphdGlvbl9jb2RlIiwidXNlcl9pZCI6ImNmMWFlODk4LWQ1ODctNDBhYS1hNWRiLTE5ZTY3MjI0N2I1NyIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6ImFkbWluIiwiZW1haWwiOiJhZG1pbiIsImF1dGhfdGltZSI6MTUyMzM3NDIwNCwicmV2X3NpZyI6IjYxNWJjMTk0IiwiaWF0IjoxNTIzMzc3MTUyLCJleHAiOjE1MjM0MjAzNTIsImlzcyI6Imh0dHBzOi8vdWFhLnN0eXgucHVzaC5nY3AuY2YtYXBwLmNvbS9vYXV0aC90b2tlbiIsInppZCI6InVhYSIsImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIiwiY29uY291cnNlIiwib3BlbmlkIl19.FslbnwvW0WScVRNK8IWghRX0buXfl6qaI1K7z_dzjPUVrdEyMtaYa3kJI8srA-2G1PjSSEWa_3Vzs_BEnTc3iG0JQWU0XlcjdCdAFTvnmKiHSzffy1O_oGYyH47KXtnZOxHf3rdV_Xgw4XTqPrfKXQxnPemUAJyKf2tjgs3XToGaqqBw-D_2BQVY79kF0_GgksQsViqq1GW0Dur6m2CgBhtc2h1AQGO16izXl3uNbpW6ClhaW43NQXlE4wqtr7kfmxyOigHJb2MSQ3wwPc6pqYdUT6ka_TMqavqbxEJ4QcS6SoEcVsDTmEQ4c8dmWUgXM0AZjd0CaEGTB6FDHxH5sw" + w.Header().Add("Content-Type", "application/json") + json.NewEncoder(w).Encode(map[string]string{ + "access_token": token, + }) + }) + + mux.HandleFunc("/v2/info", func(w http.ResponseWriter, r *http.Request) { + url := fmt.Sprintf("http://%s", r.Host) + + json.NewEncoder(w).Encode(map[string]string{ + "authorization_endpoint": url, + }) + }) + + mux.HandleFunc("/.well-known/openid-configuration", func(w http.ResponseWriter, r *http.Request) { + url := fmt.Sprintf("http://%s", r.Host) + + json.NewEncoder(w).Encode(map[string]string{ + "token_endpoint": url, + "authorization_endpoint": url, + "userinfo_endpoint": url, + }) + }) + + mux.HandleFunc("/callback", func(w http.ResponseWriter, r *http.Request) { + }) + + mux.HandleFunc("/userinfo", func(w http.ResponseWriter, r *http.Request) { + json.NewEncoder(w).Encode(map[string]string{ + "user_id": "12345", + "user_name": "test-user", + "email": "blah-email", + }) + }) + + mux.HandleFunc("/v2/users/", func(w http.ResponseWriter, r *http.Request) { + var result map[string]interface{} + + reqURL := r.URL.String() + if strings.Contains(reqURL, "/spaces") { + result = testSpaceHandler(reqURL, "spaces") + } + + if strings.Contains(reqURL, "/audited_spaces") { + result = testSpaceHandler(reqURL, "audited_spaces") + } + + if strings.Contains(reqURL, "/managed_spaces") { + result = testSpaceHandler(reqURL, "managed_spaces") + } + + if strings.Contains(reqURL, "organizations") { + result = testOrgHandler(reqURL) + } + + json.NewEncoder(w).Encode(result) + }) + + return httptest.NewServer(mux) +} + +func newConnector(t *testing.T, serverURL string) *cloudfoundryConnector { + callBackURL := fmt.Sprintf("%s/callback", serverURL) + + testConfig := Config{ + APIURL: serverURL, + ClientID: "test-client", + ClientSecret: "secret", + RedirectURI: callBackURL, + InsecureSkipVerify: true, + } + + log := logrus.New() + + conn, err := testConfig.Open("id", log) + if err != nil { + t.Fatal(err) + } + + cloudfoundryConn, ok := conn.(*cloudfoundryConnector) + if !ok { + t.Fatal(errors.New("it is not a cloudfoundry conn")) + } + + return cloudfoundryConn +} + +func expectEqual(t *testing.T, a interface{}, b interface{}) { + if !reflect.DeepEqual(a, b) { + t.Fatalf("Expected %+v to equal %+v", a, b) + } +} + +func expectNotEqual(t *testing.T, a interface{}, b interface{}) { + if reflect.DeepEqual(a, b) { + t.Fatalf("Expected %+v to NOT equal %+v", a, b) + } +} diff --git a/connector/gitea/gitea.go b/connector/gitea/gitea.go index 6b02099414..fa11769159 100644 --- a/connector/gitea/gitea.go +++ b/connector/gitea/gitea.go @@ -14,8 +14,8 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) // Config holds configuration options for gitea logins. diff --git a/connector/gitea/gitea_test.go b/connector/gitea/gitea_test.go index a71d79956e..c4576d0fd2 100644 --- a/connector/gitea/gitea_test.go +++ b/connector/gitea/gitea_test.go @@ -9,7 +9,7 @@ import ( "reflect" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) // tests that the email is used as their username when they have no username set diff --git a/connector/github/github.go b/connector/github/github.go index ef8d418fa8..c0cba8aefa 100644 --- a/connector/github/github.go +++ b/connector/github/github.go @@ -3,26 +3,22 @@ package github import ( "context" - "crypto/tls" - "crypto/x509" "encoding/json" "errors" "fmt" "io" - "net" "net/http" - "os" "regexp" "strconv" "strings" - "time" "golang.org/x/oauth2" "golang.org/x/oauth2/github" - "github.com/dexidp/dex/connector" - groups_pkg "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + groups_pkg "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/log" ) const ( @@ -106,7 +102,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) g.rootCA = c.RootCA var err error - if g.httpClient, err = newHTTPClient(g.rootCA); err != nil { + if g.httpClient, err = httpclient.NewHTTPClient([]string{g.rootCA}, false); err != nil { return nil, fmt.Errorf("failed to create HTTP client: %v", err) } } @@ -208,34 +204,6 @@ func (e *oauth2Error) Error() string { return e.error + ": " + e.errorDescription } -// newHTTPClient returns a new HTTP client that trusts the custom declared rootCA cert. -func newHTTPClient(rootCA string) (*http.Client, error) { - tlsConfig := tls.Config{RootCAs: x509.NewCertPool()} - rootCABytes, err := os.ReadFile(rootCA) - if err != nil { - return nil, fmt.Errorf("failed to read root-ca: %v", err) - } - if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { - return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) - } - - return &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tlsConfig, - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - DualStack: true, - }).DialContext, - MaxIdleConns: 100, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 1 * time.Second, - }, - }, nil -} - func (c *githubConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) { q := r.URL.Query() if errType := q.Get("error"); errType != "" { @@ -356,9 +324,11 @@ func formatTeamName(org string, team string) string { // groupsForOrgs enforces org and team constraints on user authorization // Cases in which user is authorized: -// N orgs, no teams: user is member of at least 1 org -// N orgs, M teams per org: user is member of any team from at least 1 org -// N-1 orgs, M teams per org, 1 org with no teams: user is member of any team +// +// N orgs, no teams: user is member of at least 1 org +// N orgs, M teams per org: user is member of any team from at least 1 org +// N-1 orgs, M teams per org, 1 org with no teams: user is member of any team +// // from at least 1 org, or member of org with no teams func (c *githubConnector) groupsForOrgs(ctx context.Context, client *http.Client, userName string) ([]string, error) { groups := make([]string, 0) diff --git a/connector/github/github_test.go b/connector/github/github_test.go index 76d7463cf6..b9d10d7d27 100644 --- a/connector/github/github_test.go +++ b/connector/github/github_test.go @@ -12,7 +12,7 @@ import ( "strings" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) type testResponse struct { diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go index f35ac35753..ffdcd709e9 100644 --- a/connector/gitlab/gitlab.go +++ b/connector/gitlab/gitlab.go @@ -13,9 +13,9 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) const ( diff --git a/connector/gitlab/gitlab_test.go b/connector/gitlab/gitlab_test.go index d828b8bd16..f5886ca96c 100644 --- a/connector/gitlab/gitlab_test.go +++ b/connector/gitlab/gitlab_test.go @@ -10,7 +10,7 @@ import ( "reflect" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestUserGroups(t *testing.T) { diff --git a/connector/google/google.go b/connector/google/google.go index 313858f63f..14decfc93d 100644 --- a/connector/google/google.go +++ b/connector/google/google.go @@ -10,14 +10,15 @@ import ( "time" "github.com/coreos/go-oidc/v3/oidc" + "golang.org/x/exp/slices" "golang.org/x/oauth2" "golang.org/x/oauth2/google" admin "google.golang.org/api/admin/directory/v1" "google.golang.org/api/option" - "github.com/dexidp/dex/connector" - pkg_groups "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + pkg_groups "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) const ( @@ -71,13 +72,17 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e scopes = append(scopes, "profile", "email") } - var srv *admin.Service - if len(c.Groups) > 0 { - srv, err = createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger) + var adminSrv *admin.Service + + // Fixing a regression caused by default config fallback: https://github.com/dexidp/dex/issues/2699 + if (c.ServiceAccountFilePath != "" && c.AdminEmail != "") || slices.Contains(scopes, "groups") { + srv, err := createDirectoryService(c.ServiceAccountFilePath, c.AdminEmail, logger) if err != nil { cancel() return nil, fmt.Errorf("could not create directory service: %v", err) } + + adminSrv = srv } clientID := c.ClientID @@ -100,7 +105,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e serviceAccountFilePath: c.ServiceAccountFilePath, adminEmail: c.AdminEmail, fetchTransitiveGroupMembership: c.FetchTransitiveGroupMembership, - adminSrv: srv, + adminSrv: adminSrv, }, nil } @@ -286,7 +291,9 @@ func (c *googleConnector) getGroups(email string, fetchTransitiveGroupMembership // the google admin api. If no serviceAccountFilePath is defined, the application default credential // is used. func createDirectoryService(serviceAccountFilePath, email string, logger log.Logger) (*admin.Service, error) { - if email == "" { + // We know impersonation is required when using a service account credential + // TODO: or is it? + if email == "" && serviceAccountFilePath != "" { return nil, fmt.Errorf("directory service requires adminEmail") } @@ -311,7 +318,12 @@ func createDirectoryService(serviceAccountFilePath, email string, logger log.Log if err != nil { return nil, fmt.Errorf("unable to parse credentials to config: %v", err) } - config.Subject = email + + // Only attempt impersonation when there is a user configured + if email != "" { + config.Subject = email + } + return admin.NewService(ctx, option.WithHTTPClient(config.Client(ctx))) } diff --git a/connector/google/google_test.go b/connector/google/google_test.go index 26241ab696..b0c4f3a2f8 100644 --- a/connector/google/google_test.go +++ b/connector/google/google_test.go @@ -72,22 +72,13 @@ func TestOpen(t *testing.T) { assert.Nil(t, err) for name, reference := range map[string]testCase{ - "not_requesting_groups": { - config: &Config{ - ClientID: "testClient", - ClientSecret: "testSecret", - RedirectURI: ts.URL + "/callback", - Scopes: []string{"openid"}, - }, - expectedErr: "", - }, "missing_admin_email": { config: &Config{ - ClientID: "testClient", - ClientSecret: "testSecret", - RedirectURI: ts.URL + "/callback", - Scopes: []string{"openid", "groups"}, - Groups: []string{"someGroup"}, + ClientID: "testClient", + ClientSecret: "testSecret", + RedirectURI: ts.URL + "/callback", + Scopes: []string{"openid", "groups"}, + ServiceAccountFilePath: serviceAccountFilePath, }, expectedErr: "requires adminEmail", }, @@ -99,7 +90,6 @@ func TestOpen(t *testing.T) { Scopes: []string{"openid", "groups"}, AdminEmail: "foo@bar.com", ServiceAccountFilePath: "not_found.json", - Groups: []string{"someGroup"}, }, expectedErr: "error reading credentials", }, @@ -111,7 +101,6 @@ func TestOpen(t *testing.T) { Scopes: []string{"openid", "groups"}, AdminEmail: "foo@bar.com", ServiceAccountFilePath: serviceAccountFilePath, - Groups: []string{"someGroup"}, }, expectedErr: "", }, @@ -122,7 +111,6 @@ func TestOpen(t *testing.T) { RedirectURI: ts.URL + "/callback", Scopes: []string{"openid", "groups"}, AdminEmail: "foo@bar.com", - Groups: []string{"someGroup"}, }, adc: serviceAccountFilePath, expectedErr: "", @@ -135,7 +123,6 @@ func TestOpen(t *testing.T) { Scopes: []string{"openid", "groups"}, AdminEmail: "foo@bar.com", ServiceAccountFilePath: serviceAccountFilePath, - Groups: []string{"someGroup"}, }, adc: "/dev/null", expectedErr: "", diff --git a/connector/keystone/keystone.go b/connector/keystone/keystone.go index 03f473310b..ecdb3f1742 100644 --- a/connector/keystone/keystone.go +++ b/connector/keystone/keystone.go @@ -9,8 +9,8 @@ import ( "io" "net/http" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) type conn struct { diff --git a/connector/keystone/keystone_test.go b/connector/keystone/keystone_test.go index 8f1ea1bbcd..1a93f565db 100644 --- a/connector/keystone/keystone_test.go +++ b/connector/keystone/keystone_test.go @@ -11,7 +11,7 @@ import ( "strings" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) const ( diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go index 543402718c..59f91fcbb8 100644 --- a/connector/ldap/ldap.go +++ b/connector/ldap/ldap.go @@ -12,8 +12,8 @@ import ( "github.com/go-ldap/ldap/v3" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) // Config holds the configuration parameters for the LDAP connector. The LDAP diff --git a/connector/ldap/ldap_test.go b/connector/ldap/ldap_test.go index 83f9f4790c..4abc5c83d1 100644 --- a/connector/ldap/ldap_test.go +++ b/connector/ldap/ldap_test.go @@ -10,7 +10,7 @@ import ( "github.com/kylelemons/godebug/pretty" "github.com/sirupsen/logrus" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) // connectionMethod indicates how the test should connect to the LDAP server. diff --git a/connector/linkedin/linkedin.go b/connector/linkedin/linkedin.go index f79f1c49d8..c5b02fd863 100644 --- a/connector/linkedin/linkedin.go +++ b/connector/linkedin/linkedin.go @@ -11,8 +11,8 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) const ( diff --git a/connector/microsoft/microsoft.go b/connector/microsoft/microsoft.go index 3952c94be6..f743158cc0 100644 --- a/connector/microsoft/microsoft.go +++ b/connector/microsoft/microsoft.go @@ -15,9 +15,9 @@ import ( "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - groups_pkg "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + groups_pkg "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) // GroupNameFormat represents the format of the group identifier diff --git a/connector/microsoft/microsoft_test.go b/connector/microsoft/microsoft_test.go index 67be660fce..34381bc3fb 100644 --- a/connector/microsoft/microsoft_test.go +++ b/connector/microsoft/microsoft_test.go @@ -10,7 +10,7 @@ import ( "reflect" "testing" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) type testResponse struct { diff --git a/connector/mock/connectortest.go b/connector/mock/connectortest.go index e7ee438625..9ed7fdafae 100644 --- a/connector/mock/connectortest.go +++ b/connector/mock/connectortest.go @@ -8,8 +8,8 @@ import ( "net/http" "net/url" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/log" ) // NewCallbackConnector returns a mock connector which requires no user interaction. It always returns diff --git a/connector/oauth/oauth.go b/connector/oauth/oauth.go index 237d075e83..40b3dc72bf 100644 --- a/connector/oauth/oauth.go +++ b/connector/oauth/oauth.go @@ -2,22 +2,18 @@ package oauth import ( "context" - "crypto/tls" - "crypto/x509" "encoding/base64" "encoding/json" "errors" "fmt" - "net" "net/http" - "os" "strings" - "time" "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/log" ) type oauthConnector struct { @@ -112,7 +108,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) emailVerifiedKey: emailVerifiedKey, } - oauthConn.httpClient, err = newHTTPClient(c.RootCAs, c.InsecureSkipVerify) + oauthConn.httpClient, err = httpclient.NewHTTPClient(c.RootCAs, c.InsecureSkipVerify) if err != nil { return nil, err } @@ -120,40 +116,6 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) return oauthConn, err } -func newHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { - pool, err := x509.SystemCertPool() - if err != nil { - return nil, err - } - - tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} - for _, rootCA := range rootCAs { - rootCABytes, err := os.ReadFile(rootCA) - if err != nil { - return nil, fmt.Errorf("failed to read root-ca: %v", err) - } - if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { - return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) - } - } - - return &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tlsConfig, - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - DualStack: true, - }).DialContext, - MaxIdleConns: 100, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 1 * time.Second, - }, - }, nil -} - func (c *oauthConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) { if c.redirectURI != callbackURL { return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", callbackURL, c.redirectURI) diff --git a/connector/oauth/oauth_test.go b/connector/oauth/oauth_test.go index 3a5ec6bf59..c547c3ca30 100644 --- a/connector/oauth/oauth_test.go +++ b/connector/oauth/oauth_test.go @@ -16,7 +16,7 @@ import ( "github.com/stretchr/testify/assert" jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestOpen(t *testing.T) { diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index e345dca0b2..89929a76f4 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -14,8 +14,9 @@ import ( "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/log" ) // Config holds configuration options for OpenID Connect logins. @@ -34,7 +35,10 @@ type Config struct { Scopes []string `json:"scopes"` // defaults to "profile" and "email" - // Override the value of email_verified to true in the returned claims + // Certificates for SSL validation + RootCAs []string `json:"rootCAs"` + + // Override the value of email_verifed to true in the returned claims InsecureSkipEmailVerified bool `json:"insecureSkipEmailVerified"` // InsecureEnableGroups enables groups claims. This is disabled by default until https://github.com/dexidp/dex/issues/1065 is resolved @@ -45,6 +49,9 @@ type Config struct { // processing requests from this Client, with the values appearing in order of preference. AcrValues []string `json:"acrValues"` + // Disable certificate verification + InsecureSkipVerify bool `json:"insecureSkipVerify"` + // GetUserInfo uses the userinfo endpoint to get additional claims for // the token. This is especially useful where upstreams return "thin" // id tokens @@ -105,7 +112,13 @@ func knownBrokenAuthHeaderProvider(issuerURL string) bool { // Open returns a connector which can be used to login users through an upstream // OpenID Connect provider. func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, err error) { + httpClient, err := httpclient.NewHTTPClient(c.RootCAs, c.InsecureSkipVerify) + if err != nil { + return nil, err + } + ctx, cancel := context.WithCancel(context.Background()) + ctx = context.WithValue(ctx, oauth2.HTTPClient, httpClient) provider, err := oidc.NewProvider(ctx, c.Issuer) if err != nil { @@ -152,6 +165,7 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e ), logger: logger, cancel: cancel, + httpClient: httpClient, insecureSkipEmailVerified: c.InsecureSkipEmailVerified, insecureEnableGroups: c.InsecureEnableGroups, acrValues: c.AcrValues, @@ -178,6 +192,7 @@ type oidcConnector struct { verifier *oidc.IDTokenVerifier cancel context.CancelFunc logger log.Logger + httpClient *http.Client insecureSkipEmailVerified bool insecureEnableGroups bool acrValues []string @@ -238,7 +253,10 @@ func (c *oidcConnector) HandleCallback(s connector.Scopes, r *http.Request) (ide if errType := q.Get("error"); errType != "" { return identity, &oauth2Error{errType, q.Get("error_description")} } - token, err := c.oauth2Config.Exchange(r.Context(), q.Get("code")) + + ctx := context.WithValue(r.Context(), oauth2.HTTPClient, c.httpClient) + + token, err := c.oauth2Config.Exchange(ctx, q.Get("code")) if err != nil { return identity, fmt.Errorf("oidc: failed to get token: %v", err) } diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go index d94af79de8..98d366d488 100644 --- a/connector/oidc/oidc_test.go +++ b/connector/oidc/oidc_test.go @@ -19,7 +19,7 @@ import ( "github.com/sirupsen/logrus" "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) func TestKnownBrokenAuthHeaderProvider(t *testing.T) { diff --git a/connector/openshift/openshift.go b/connector/openshift/openshift.go index 81d2b35633..727ac29567 100644 --- a/connector/openshift/openshift.go +++ b/connector/openshift/openshift.go @@ -2,23 +2,19 @@ package openshift import ( "context" - "crypto/tls" - "crypto/x509" "encoding/json" "fmt" "io" - "net" "net/http" - "os" "strings" - "time" "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) const ( @@ -67,7 +63,12 @@ type user struct { // Open returns a connector which can be used to login users through an upstream // OpenShift OAuth2 provider. func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, err error) { - httpClient, err := newHTTPClient(c.InsecureCA, c.RootCA) + var rootCAs []string + if c.RootCA != "" { + rootCAs = append(rootCAs, c.RootCA) + } + + httpClient, err := httpclient.NewHTTPClient(rootCAs, c.InsecureCA) if err != nil { return nil, fmt.Errorf("failed to create HTTP client: %w", err) } @@ -262,36 +263,3 @@ func validateAllowedGroups(userGroups, allowedGroups []string) bool { return len(matchingGroups) != 0 } - -// newHTTPClient returns a new HTTP client -func newHTTPClient(insecureCA bool, rootCA string) (*http.Client, error) { - tlsConfig := tls.Config{} - if insecureCA { - tlsConfig = tls.Config{InsecureSkipVerify: true} - } else if rootCA != "" { - tlsConfig = tls.Config{RootCAs: x509.NewCertPool()} - rootCABytes, err := os.ReadFile(rootCA) - if err != nil { - return nil, fmt.Errorf("failed to read root-ca: %w", err) - } - if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { - return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) - } - } - - return &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tlsConfig, - Proxy: http.ProxyFromEnvironment, - DialContext: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - DualStack: true, - }).DialContext, - MaxIdleConns: 100, - IdleConnTimeout: 90 * time.Second, - TLSHandshakeTimeout: 10 * time.Second, - ExpectContinueTimeout: 1 * time.Second, - }, - }, nil -} diff --git a/connector/openshift/openshift_test.go b/connector/openshift/openshift_test.go index 6280b831de..6aedf78e27 100644 --- a/connector/openshift/openshift_test.go +++ b/connector/openshift/openshift_test.go @@ -14,8 +14,9 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/oauth2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/httpclient" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) func TestOpen(t *testing.T) { @@ -70,7 +71,7 @@ func TestGetUser(t *testing.T) { _, err = http.NewRequest("GET", hostURL.String(), nil) expectNil(t, err) - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) @@ -128,7 +129,7 @@ func TestVerifyGroup(t *testing.T) { _, err = http.NewRequest("GET", hostURL.String(), nil) expectNil(t, err) - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) @@ -164,7 +165,7 @@ func TestCallbackIdentity(t *testing.T) { req, err := http.NewRequest("GET", hostURL.String(), nil) expectNil(t, err) - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) @@ -198,7 +199,7 @@ func TestRefreshIdentity(t *testing.T) { }) defer s.Close() - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) oc := openshiftConnector{apiURL: s.URL, httpClient: h, oauth2Config: &oauth2.Config{ @@ -237,7 +238,7 @@ func TestRefreshIdentityFailure(t *testing.T) { }) defer s.Close() - h, err := newHTTPClient(true, "") + h, err := httpclient.NewHTTPClient(nil, true) expectNil(t, err) oc := openshiftConnector{apiURL: s.URL, httpClient: h, oauth2Config: &oauth2.Config{ diff --git a/connector/saml/saml.go b/connector/saml/saml.go index 908ec703c9..6215ee5f5e 100644 --- a/connector/saml/saml.go +++ b/connector/saml/saml.go @@ -19,9 +19,9 @@ import ( dsig "github.com/russellhaering/goxmldsig" "github.com/russellhaering/goxmldsig/etreeutils" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/pkg/groups" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/pkg/groups" + "github.com/concourse/dex/pkg/log" ) // nolint diff --git a/connector/saml/saml_test.go b/connector/saml/saml_test.go index 95d513ed19..3ac421899e 100644 --- a/connector/saml/saml_test.go +++ b/connector/saml/saml_test.go @@ -14,7 +14,7 @@ import ( dsig "github.com/russellhaering/goxmldsig" "github.com/sirupsen/logrus" - "github.com/dexidp/dex/connector" + "github.com/concourse/dex/connector" ) // responseTest maps a SAML 2.0 response object to a set of expected values. diff --git a/examples/go.mod b/examples/go.mod index d66c118a7f..64a8e825c3 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -1,4 +1,4 @@ -module github.com/dexidp/dex/examples +module github.com/concourse/dex/examples go 1.17 diff --git a/go.mod b/go.mod index 7df6421600..56c29b3edf 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/dexidp/dex +module github.com/concourse/dex go 1.19 @@ -26,11 +26,12 @@ require ( github.com/prometheus/client_golang v1.13.0 github.com/russellhaering/goxmldsig v1.2.0 github.com/sirupsen/logrus v1.9.0 - github.com/spf13/cobra v1.5.0 - github.com/stretchr/testify v1.8.0 + github.com/spf13/cobra v1.6.0 + github.com/stretchr/testify v1.8.2 go.etcd.io/etcd/client/pkg/v3 v3.5.5 go.etcd.io/etcd/client/v3 v3.5.5 golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be + golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 golang.org/x/net v0.0.0-20220927171203-f486391704dc golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 google.golang.org/api v0.98.0 @@ -64,7 +65,7 @@ require ( github.com/hashicorp/hcl/v2 v2.13.0 // indirect github.com/huandu/xstrings v1.3.1 // indirect github.com/imdario/mergo v0.3.11 // indirect - github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/inconshreveable/mousetrap v1.0.1 // indirect github.com/jonboulle/clockwork v0.2.2 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect diff --git a/go.sum b/go.sum index a3d41b73d6..376bc3b01b 100644 --- a/go.sum +++ b/go.sum @@ -267,8 +267,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= +github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -371,15 +371,16 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= -github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= +github.com/spf13/cobra v1.6.0 h1:42a0n6jwCot1pUmomAp4T7DeMD+20LFv4Q54pxLf2LI= +github.com/spf13/cobra v1.6.0/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/objx v0.4.0 h1:M2gUjqZET1qApGOWNSnZ49BAIMX4F/1plDv3+l31EJ4= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -388,8 +389,9 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -440,6 +442,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 h1:fGZugkZk2UgYBxtpKmvub51Yno1LJDeEsRp2xGD+0gY= +golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= diff --git a/pkg/groups/groups_test.go b/pkg/groups/groups_test.go index 0be62fb430..2ff38a2df8 100644 --- a/pkg/groups/groups_test.go +++ b/pkg/groups/groups_test.go @@ -5,7 +5,7 @@ import ( "github.com/stretchr/testify/assert" - "github.com/dexidp/dex/pkg/groups" + "github.com/concourse/dex/pkg/groups" ) func TestFilter(t *testing.T) { diff --git a/pkg/httpclient/httpclient.go b/pkg/httpclient/httpclient.go new file mode 100644 index 0000000000..04837a7da0 --- /dev/null +++ b/pkg/httpclient/httpclient.go @@ -0,0 +1,45 @@ +package httpclient + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "net" + "net/http" + "os" + "time" +) + +func NewHTTPClient(rootCAs []string, insecureSkipVerify bool) (*http.Client, error) { + pool, err := x509.SystemCertPool() + if err != nil { + return nil, err + } + + tlsConfig := tls.Config{RootCAs: pool, InsecureSkipVerify: insecureSkipVerify} + for _, rootCA := range rootCAs { + rootCABytes, err := os.ReadFile(rootCA) + if err != nil { + return nil, fmt.Errorf("failed to read root-ca: %v", err) + } + if !tlsConfig.RootCAs.AppendCertsFromPEM(rootCABytes) { + return nil, fmt.Errorf("no certs found in root CA file %q", rootCA) + } + } + + return &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tlsConfig, + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + DualStack: true, + }).DialContext, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, + }, + }, nil +} diff --git a/pkg/httpclient/httpclient_test.go b/pkg/httpclient/httpclient_test.go new file mode 100644 index 0000000000..567778e10b --- /dev/null +++ b/pkg/httpclient/httpclient_test.go @@ -0,0 +1,68 @@ +package httpclient_test + +import ( + "crypto/tls" + "fmt" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/concourse/dex/pkg/httpclient" +) + +func TestRootCAs(t *testing.T) { + ts, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, "Hello, client") + })) + assert.Nil(t, err) + defer ts.Close() + + rootCAs := []string{"testdata/rootCA.pem"} + testClient, err := httpclient.NewHTTPClient(rootCAs, false) + assert.Nil(t, err) + + res, err := testClient.Get(ts.URL) + assert.Nil(t, err) + + greeting, err := io.ReadAll(res.Body) + res.Body.Close() + assert.Nil(t, err) + + assert.Equal(t, "Hello, client", string(greeting)) +} + +func TestInsecureSkipVerify(t *testing.T) { + ts, err := NewLocalHTTPSTestServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + fmt.Fprint(w, "Hello, client") + })) + assert.Nil(t, err) + defer ts.Close() + + insecureSkipVerify := true + + testClient, err := httpclient.NewHTTPClient(nil, insecureSkipVerify) + assert.Nil(t, err) + + res, err := testClient.Get(ts.URL) + assert.Nil(t, err) + + greeting, err := io.ReadAll(res.Body) + res.Body.Close() + assert.Nil(t, err) + + assert.Equal(t, "Hello, client", string(greeting)) +} + +func NewLocalHTTPSTestServer(handler http.Handler) (*httptest.Server, error) { + ts := httptest.NewUnstartedServer(handler) + cert, err := tls.LoadX509KeyPair("testdata/server.crt", "testdata/server.key") + if err != nil { + return nil, err + } + ts.TLS = &tls.Config{Certificates: []tls.Certificate{cert}} + ts.StartTLS() + return ts, nil +} diff --git a/pkg/httpclient/readme.md b/pkg/httpclient/readme.md new file mode 100644 index 0000000000..cc26252293 --- /dev/null +++ b/pkg/httpclient/readme.md @@ -0,0 +1,44 @@ +# Regenerate testdata + +### server.csr.cnf + +``` +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C=US +ST=RandomState +L=RandomCity +O=RandomOrganization +OU=RandomOrganizationUnit +emailAddress=hello@example.com +CN = localhost +``` + +and + +### v3.ext +``` +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +IP.1 = 127.0.0.1 +``` + +### Then enter the following commands: + +`openssl genrsa -out rootCA.key 2048` + +`openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem -config server.csr.cnf` + +`openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config server.csr.cnf` + +`openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile v3.ext` diff --git a/pkg/httpclient/testdata/rootCA.key b/pkg/httpclient/testdata/rootCA.key new file mode 100644 index 0000000000..9c4eeee12a --- /dev/null +++ b/pkg/httpclient/testdata/rootCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4dB5aQCjCmMsW71u9F0WNm1TYjXQBZ4p7oNT+BQwCc/MZ2xc +5NexS2O86nbRkw5jwyfAAMSMKRr9s2FluVTHqiln78rg+XUgmrmNT3ZroLmW6QL6 +Ca8dbMPky+tQclZsvMd3HAeCyyrs4pf7wM1AyUJD7H0xAlVD1fsohkg7jhBFUfV+ +q2VMMdnsaV5vFrW/2vPBWz1SNPW/Xm+Ilny7xg9njQLcPMNtVtF+7EPB6sxD6qrj +BC+Kj5zQ3bZOfdrh7yy63dbh/Kh+3NScgO+k+x92HlAjRIvj5y4KrbGZl7CmOth5 +y7fPywApVbDfZRWJChI1PVflOyDdnC+vhMLbHQIDAQABAoIBAEmjrrQrXP/6L3EL +aa+O27uME3Enk1sBpTL+6Ncx3iiU91eS4whNvqeTMvxTGy0VuDrgL6EQd5TAFJP2 +4zF5EFPRhO+R/aPcKnHKqOaM+7RCUZBTRC78SGA70dUeO/HNdVBqy9D8Mg8HRJDw +d0z8om//iB8LBHx6SdDyQtjnnWRKFTzQRurBBoyLe2vPMFtINKtNUkahjc8HE4GO +aIv1LICJUzf4ZnkntKd5cFHZ42R2Tmfj0Y9G9DyJbuSA3+0u5IhYB39Uy6jFxLi8 +I5PoIVhgYZ0aivsVBIviShwQ9kgv6807YBxt22eSNovBDrSp+cAnIF9+p0b3MnkU +aCHSiBECgYEA84lssi6AqfCEsSiQMSM9kMCXJ4KQI/l7pmrIA50+V5HSEby9lg2Y +N6XJ4V4q46t8FcZBjmMvzn9fwiPMRw5e995cVNBQ31a1FX/1Hy6RNtEiLZRnkHI5 +WznY9IxQ+c9JXJeFY1sO0BfO0TS3WvOf1rwqOb92q+cQaItnPQ+4Ya8CgYEA7V7e +IqW3PpO4H+c5hH9egM0BjAxH71C9YpYzZpF9uiPIkuMnJ8nm9bB6RiuDaYCxvrfE +A0h/SQewoYJKL4OfKGjrbG7U4zLMZHIWlf8Za55Zik5BNjvgBqFFrrSgLUGxdRTX +N0+TlWlW1bvJblWpdjIbJbg/6kCU98TzK852fvMCgYAWYa/apElw1MjtGyQ9T9bN +odWCbQ5gMAJ8Jd4h7uaW17DtrmHiE3fEzXjDPItGhzENMz49HsJ7ANvFFNMmSJzT +vNzRcp+sFuTnh+34Iqh32DqC49usu8KnrqZQu0CJ5NICL26z1d+DolyAf47GThOH +gZ2D1yPJ4p9wbDddtj8kwwKBgCFKB68mPG+rOcxHmjppvnAj0A66/i+izBySYf0F +dHNxZ0SqVKhw2VIlgNBsc86M/OB5VyT6utccG/paklrdg6mgJTwcwwBl9GI12dMJ +ZqBAIeCSnvSjKwTjAynALSKLrv5zgMdCArmWf1YUMuilXNG1rzb4AwawLfQdi9jd +6KJfAoGBALFl6ldywl3sGPk9K2xCDYYhb1TNQyheA5YvoZzZ6XCo1q0Lbwy/FamZ +0TSWkoEmGB/Hck3HgtZDRo3CTI1vYfbpAtgI7oD1NA1zMaLulNQxKjH3iVvyb+R7 +ZcIT7EVPZgkUwr0bsp22yVDekh/CHoB6FZPCyoAb8WnfJfooTBzB +-----END RSA PRIVATE KEY----- diff --git a/pkg/httpclient/testdata/rootCA.pem b/pkg/httpclient/testdata/rootCA.pem new file mode 100644 index 0000000000..c03bdac0c0 --- /dev/null +++ b/pkg/httpclient/testdata/rootCA.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1jCCAr4CCQCG4JBeSi6cDjANBgkqhkiG9w0BAQsFADCBrDELMAkGA1UEBhMC +VVMxFDASBgNVBAgMC1JhbmRvbVN0YXRlMRMwEQYDVQQHDApSYW5kb21DaXR5MRsw +GQYDVQQKDBJSYW5kb21Pcmdhbml6YXRpb24xHzAdBgNVBAsMFlJhbmRvbU9yZ2Fu +aXphdGlvblVuaXQxIDAeBgkqhkiG9w0BCQEWEWhlbGxvQGV4YW1wbGUuY29tMRIw +EAYDVQQDDAlsb2NhbGhvc3QwHhcNMjIxMDA3MjIwNjQwWhcNMzIxMDA0MjIwNjQw +WjCBrDELMAkGA1UEBhMCVVMxFDASBgNVBAgMC1JhbmRvbVN0YXRlMRMwEQYDVQQH +DApSYW5kb21DaXR5MRswGQYDVQQKDBJSYW5kb21Pcmdhbml6YXRpb24xHzAdBgNV +BAsMFlJhbmRvbU9yZ2FuaXphdGlvblVuaXQxIDAeBgkqhkiG9w0BCQEWEWhlbGxv +QGV4YW1wbGUuY29tMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDh0HlpAKMKYyxbvW70XRY2bVNiNdAFninug1P4FDAJ +z8xnbFzk17FLY7zqdtGTDmPDJ8AAxIwpGv2zYWW5VMeqKWfvyuD5dSCauY1Pdmug +uZbpAvoJrx1sw+TL61ByVmy8x3ccB4LLKuzil/vAzUDJQkPsfTECVUPV+yiGSDuO +EEVR9X6rZUwx2expXm8Wtb/a88FbPVI09b9eb4iWfLvGD2eNAtw8w21W0X7sQ8Hq +zEPqquMEL4qPnNDdtk592uHvLLrd1uH8qH7c1JyA76T7H3YeUCNEi+PnLgqtsZmX +sKY62HnLt8/LAClVsN9lFYkKEjU9V+U7IN2cL6+EwtsdAgMBAAEwDQYJKoZIhvcN +AQELBQADggEBAN6g0qit/3R2X+KdR0LgRXF/h4qQFgcV6cxnhRAmLIDNJlxKSHqN +IE5+bxzCbkblzGfr/jNPqW0s+yaN4CyMgKNYSzkLBPE4FF+19Uv+dyYfFms3mDJ7 +0rGjS5bCscThWhpaSw20LcwQcr/+X+/fGzJ01dVFK1UOjBKg4d4dMwxklbIkZqIq +siRW0GMy26mgVZ/BSjeh5kEjs6h6H3cJsGl7xYT+BI7wnxHwGeT9tkBgiyT5FwaS +vtdZkBpQ9q8f7FwsEm3woLHdWuOnrtUtVpY/oc6WFGdROQdGzjSk0D3kHs9YhueC +GSzZKrqX+TSIgpPrLYNHX4uxlo5TAwP/5GM= +-----END CERTIFICATE----- diff --git a/pkg/httpclient/testdata/rootCA.srl b/pkg/httpclient/testdata/rootCA.srl new file mode 100644 index 0000000000..214ae68bf1 --- /dev/null +++ b/pkg/httpclient/testdata/rootCA.srl @@ -0,0 +1 @@ +C1B35F0051A641BB diff --git a/pkg/httpclient/testdata/server.crt b/pkg/httpclient/testdata/server.crt new file mode 100644 index 0000000000..9b0f12ec58 --- /dev/null +++ b/pkg/httpclient/testdata/server.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE5TCCA82gAwIBAgIJAMGzXwBRpkG7MA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD +VQQGEwJVUzEUMBIGA1UECAwLUmFuZG9tU3RhdGUxEzARBgNVBAcMClJhbmRvbUNp +dHkxGzAZBgNVBAoMElJhbmRvbU9yZ2FuaXphdGlvbjEfMB0GA1UECwwWUmFuZG9t +T3JnYW5pemF0aW9uVW5pdDEgMB4GCSqGSIb3DQEJARYRaGVsbG9AZXhhbXBsZS5j +b20xEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMjEwMDcyMjA3MDhaFw0zMjEwMDQy +MjA3MDhaMIGsMQswCQYDVQQGEwJVUzEUMBIGA1UECAwLUmFuZG9tU3RhdGUxEzAR +BgNVBAcMClJhbmRvbUNpdHkxGzAZBgNVBAoMElJhbmRvbU9yZ2FuaXphdGlvbjEf +MB0GA1UECwwWUmFuZG9tT3JnYW5pemF0aW9uVW5pdDEgMB4GCSqGSIb3DQEJARYR +aGVsbG9AZXhhbXBsZS5jb20xEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMuKdpXP87Q7Kg3iafXzvBuVIyV1K5UmMYiN +koztkC5XrCzHaQRS/CoIb7/nUqmtAxx7RL0jzhZ93zBN4HY/Zcnrd9tXoPPxi0mG +ZZWfFU6nN8nOkMHWzEbHVBmhxpfGtwmLcajQ4HrK1TZwJUn6GqclHQRy/gjxkiw5 +KPqzfVOVlA6ht4KdKstKazQkWZ5gdWT4d8yrEy/IT4oaW05xALBMQ7YGjkzWKsSF +6ygXI7xqF9rg9jCnUsPYg4f8ut3N0c00KjsfKOOj2dF/ZyjedQ5c0u4hHmxSo3Ka +0ZTmIrMfbVXgGjxRG2HZXLpPvQKoCf/fOX8Irdr+lahFVKASxN0CAwEAAaOCAQYw +ggECMIHLBgNVHSMEgcMwgcChgbKkga8wgawxCzAJBgNVBAYTAlVTMRQwEgYDVQQI +DAtSYW5kb21TdGF0ZTETMBEGA1UEBwwKUmFuZG9tQ2l0eTEbMBkGA1UECgwSUmFu +ZG9tT3JnYW5pemF0aW9uMR8wHQYDVQQLDBZSYW5kb21Pcmdhbml6YXRpb25Vbml0 +MSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BleGFtcGxlLmNvbTESMBAGA1UEAwwJbG9j +YWxob3N0ggkAhuCQXkounA4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBPAwGgYDVR0R +BBMwEYIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCWmh5ebpkm +v2B1yQgarSCSSkLZ5DZSAJjrPgW2IJqCW2q2D1HworbW1Yn5jqrM9FKGnJfjCyve +zBB5AOlGp+0bsZGgMRMCavgv4QhTThXUoJqqHcfEu4wHndcgrqSadxmV5aisSR4u +gXnjW43o3akby+h1K40RR3vVkpzPaoC3/bgk7WVpfpPiP32E24a01gETozRb/of/ +ATN3JBe0xh+e63CrPX1sago5+u3UETIoOr0fW8M/gU9GApmJiFAXwHag6j54hLCG +23EtVDwmlarG8Pj+i0yru8s22QqzAJi5E0OwR4aB8tqicLKYBVfzyLCOielIBUrK +OkuFKp+VjxQX +-----END CERTIFICATE----- diff --git a/pkg/httpclient/testdata/server.csr b/pkg/httpclient/testdata/server.csr new file mode 100644 index 0000000000..f422a853c3 --- /dev/null +++ b/pkg/httpclient/testdata/server.csr @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIC8jCCAdoCAQAwgawxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtSYW5kb21TdGF0 +ZTETMBEGA1UEBwwKUmFuZG9tQ2l0eTEbMBkGA1UECgwSUmFuZG9tT3JnYW5pemF0 +aW9uMR8wHQYDVQQLDBZSYW5kb21Pcmdhbml6YXRpb25Vbml0MSAwHgYJKoZIhvcN +AQkBFhFoZWxsb0BleGFtcGxlLmNvbTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4p2lc/ztDsqDeJp9fO8G5UjJXUr +lSYxiI2SjO2QLlesLMdpBFL8Kghvv+dSqa0DHHtEvSPOFn3fME3gdj9lyet321eg +8/GLSYZllZ8VTqc3yc6QwdbMRsdUGaHGl8a3CYtxqNDgesrVNnAlSfoapyUdBHL+ +CPGSLDko+rN9U5WUDqG3gp0qy0prNCRZnmB1ZPh3zKsTL8hPihpbTnEAsExDtgaO +TNYqxIXrKBcjvGoX2uD2MKdSw9iDh/y63c3RzTQqOx8o46PZ0X9nKN51DlzS7iEe +bFKjcprRlOYisx9tVeAaPFEbYdlcuk+9AqgJ/985fwit2v6VqEVUoBLE3QIDAQAB +oAAwDQYJKoZIhvcNAQELBQADggEBADjuujIFoDJllR6Xo/w7j5vfNOeHO5GSgxF2 +XnuuDOI9Tomi7vURFZNbz3VAYiehpxRxYqLwFoQUwFtux2qRuGyg0P9fP1iQXPUE +QUfFXmvB80uf2bG4lkbUwnmlZLFOEwhGZyPxpvsrxp2Ei2ppkUopCkzOMsSk3m0X +MC50ZsTHOxfkA3r1WmS7oE2c0p0Fvyx+UJw0URAXFvDS1X0ONgww3FxqbBbm9W37 +5N4FZzGAK6j1wzuynKKXrn20YDCANXYH55PZyupfCeSZT0H0AZifWL7rz/G9uqme +RzbIYc/CNQQTympjinBegQdVeB3yjVNZIvpGOuPSKQqhwFtmDFo= +-----END CERTIFICATE REQUEST----- diff --git a/pkg/httpclient/testdata/server.csr.cnf b/pkg/httpclient/testdata/server.csr.cnf new file mode 100644 index 0000000000..6ff57d1a35 --- /dev/null +++ b/pkg/httpclient/testdata/server.csr.cnf @@ -0,0 +1,14 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C=US +ST=RandomState +L=RandomCity +O=RandomOrganization +OU=RandomOrganizationUnit +emailAddress=hello@example.com +CN = localhost diff --git a/pkg/httpclient/testdata/server.key b/pkg/httpclient/testdata/server.key new file mode 100644 index 0000000000..9708e1e6ea --- /dev/null +++ b/pkg/httpclient/testdata/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLinaVz/O0OyoN +4mn187wblSMldSuVJjGIjZKM7ZAuV6wsx2kEUvwqCG+/51KprQMce0S9I84Wfd8w +TeB2P2XJ63fbV6Dz8YtJhmWVnxVOpzfJzpDB1sxGx1QZocaXxrcJi3Go0OB6ytU2 +cCVJ+hqnJR0Ecv4I8ZIsOSj6s31TlZQOobeCnSrLSms0JFmeYHVk+HfMqxMvyE+K +GltOcQCwTEO2Bo5M1irEhesoFyO8ahfa4PYwp1LD2IOH/LrdzdHNNCo7Hyjjo9nR +f2co3nUOXNLuIR5sUqNymtGU5iKzH21V4Bo8URth2Vy6T70CqAn/3zl/CK3a/pWo +RVSgEsTdAgMBAAECggEAU6cxu7q+54kVbKVsdThaTF/MFR4F7oPHAd9lpuQQSOuh +iLngMHXGy6OyAgYZlEDWMYN8KdwoXFgZPaoUIaVGuWk8Vnq6XOgeHfbNk2PRhwT0 +yc1K80/Lnx9XMj2p+EEkgxi7eu12BSGN5ZTLzo6rG50GQwjb3WMjd2d6rybL0GjC +wg2arcBk3sSMYmvZOqlAsaQmtgwkJhvhVkVfEQSD3VKF7g0dh/h3LIPyM0Ff4M67 +KpLMPPwzUJ/0Z4ewAP06mMKUA86R93M+dWs2eh1oBGnRkVQdhCJLXJpuGHZ6BTiB +Ry0AeorHfnVXPbtpUeAq6m5/BBl6qX0ooB08BIFwAQKBgQDqJpTZS/ZzqL6Kcs14 +MyFu+7DungSxQ5oK9ju7EFSosanSk4UEa/lw992kM6nsIMwgSVQgba5zKcVMeSmk +AVbpznegQD1BYCwOGwbGvkJ8jbhPy+WLbbRjWT/E6AItZgUK+fyTIcNvSehcQqsT +fhgWsK7ueZCmLQfVhK1AxtvY3QKBgQDeiKuo8plsH/7IxDn7KVHBOHKPC2ZPzg03 +i7La6zomiRckwwPnhicRSYsjtfCCW6Ms+uzjTEItgFM+5PdrXheeku+z/sExRtZu +emqPqDomixlXDRQ6RN3gnBSk4RU+ROB1u1uBLWXqRz8Gp2zJGRxhHfYt2zefBv4w +/cIuPC3cAQKBgD2UsAkGJWb9tj8LOmama+CYaUwYWvuT3+uKHuNvxBQpxZQQICet +jgjb53rL66Cib4z+PBXbQsoe7jjSlNUBVS5gkq2et31+IZgEG6AhYbMIQrUZ1uD4 +lTybuF289vWhoynj3T2E37VhJq89CWky/HrbNOabKiPKLAlHv5kNs7wxAoGBANEJ +XQbU7J2O6Iy7FyQBSlTQq3wHX1Iz4mJ9DcNrFzK/sEfOEMrZT7WDefpPm984KW3F +P+S766ZGVuxLtMbcmh9RM23HLr8VJbSdtZ/AjO9L1r/Y/1lE+49TzmibLpNRq++r +0WbkuEl8J44ek6fLuMbZmDi3JeZycTCgDlnUGdgBAoGAYdliovtURZCm46t1uE3F +idCLCXCccjkt1hcNGNjck/b0trHA7wOEqICIguoWDlEBTc0PDvHEq6PfKyqptGkj +AgaZTMF/aZiGqlT7VRpBuzxM/uV5xzCg+i2ViaW/p3xq0z2PRljVZiEfe5aWcjiM +ouTtnC3TgmcjhTgGmb48QQE= +-----END PRIVATE KEY----- diff --git a/pkg/httpclient/testdata/v3.ext b/pkg/httpclient/testdata/v3.ext new file mode 100644 index 0000000000..68e35be863 --- /dev/null +++ b/pkg/httpclient/testdata/v3.ext @@ -0,0 +1,8 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +IP.1 = 127.0.0.1 diff --git a/server/api.go b/server/api.go index a68742b3cc..7370a114f5 100644 --- a/server/api.go +++ b/server/api.go @@ -8,9 +8,9 @@ import ( "golang.org/x/crypto/bcrypt" "github.com/dexidp/dex/api/v2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) // apiVersion increases every time a new call is added to the API. Clients should use this info diff --git a/server/api_test.go b/server/api_test.go index 01c59cf875..b69a6b0b06 100644 --- a/server/api_test.go +++ b/server/api_test.go @@ -12,10 +12,10 @@ import ( "google.golang.org/grpc/credentials/insecure" "github.com/dexidp/dex/api/v2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/memory" ) // apiClient is a test gRPC client. When constructed, it runs a server in diff --git a/server/deviceflowhandlers.go b/server/deviceflowhandlers.go index 95fed3b3c3..72ea5e923f 100644 --- a/server/deviceflowhandlers.go +++ b/server/deviceflowhandlers.go @@ -13,8 +13,8 @@ import ( "golang.org/x/net/html" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) type deviceCodeResponse struct { diff --git a/server/deviceflowhandlers_test.go b/server/deviceflowhandlers_test.go index 9a9f28584e..c7a67474c1 100644 --- a/server/deviceflowhandlers_test.go +++ b/server/deviceflowhandlers_test.go @@ -13,7 +13,7 @@ import ( "testing" "time" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) func TestDeviceVerificationURI(t *testing.T) { diff --git a/server/handlers.go b/server/handlers.go index 11dcdd07fd..f23e9db6ea 100755 --- a/server/handlers.go +++ b/server/handlers.go @@ -20,9 +20,9 @@ import ( "github.com/gorilla/mux" jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) const ( @@ -812,6 +812,8 @@ func (s *Server) handleToken(w http.ResponseWriter, r *http.Request) { s.withClientFromStorage(w, r, s.handleRefreshToken) case grantTypePassword: s.withClientFromStorage(w, r, s.handlePasswordGrant) + case grantTypeClientCredentials: + s.withClientFromStorage(w, r, s.handleClientCredentialsGrant) default: s.tokenErrHelper(w, errUnsupportedGrantType, "", http.StatusBadRequest) } @@ -1062,6 +1064,35 @@ func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) { w.Write(claims) } +func (s *Server) handleClientCredentialsGrant(w http.ResponseWriter, r *http.Request, client storage.Client) { + if err := r.ParseForm(); err != nil { + s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest) + return + } + q := r.Form + + nonce := q.Get("nonce") + scopes := strings.Fields(q.Get("scope")) + + claims := storage.Claims{UserID: client.ID} + + accessToken, err := s.newAccessToken(client.ID, claims, scopes, nonce, "client") + if err != nil { + s.logger.Errorf("failed to create new access token: %v", err) + s.tokenErrHelper(w, errServerError, err.Error(), http.StatusInternalServerError) + return + } + + idToken, expiry, err := s.newIDToken(client.ID, claims, scopes, nonce, accessToken, "", "client") + if err != nil { + s.tokenErrHelper(w, errServerError, fmt.Sprintf("failed to create ID token: %v", err), http.StatusInternalServerError) + return + } + + resp := s.toAccessTokenResponse(idToken, accessToken, "", expiry) + s.writeAccessToken(w, resp) +} + func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) { // Parse the fields if err := r.ParseForm(); err != nil { diff --git a/server/handlers_test.go b/server/handlers_test.go index fb1a05064f..44e4888531 100644 --- a/server/handlers_test.go +++ b/server/handlers_test.go @@ -18,7 +18,7 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/oauth2" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) func TestHandleHealth(t *testing.T) { diff --git a/server/oauth2.go b/server/oauth2.go index 67223fa1c0..9bb58c0b9e 100644 --- a/server/oauth2.go +++ b/server/oauth2.go @@ -23,9 +23,9 @@ import ( jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) // TODO(ericchiang): clean this file up and figure out more idiomatic error handling. @@ -132,6 +132,7 @@ const ( grantTypeImplicit = "implicit" grantTypePassword = "password" grantTypeDeviceCode = "urn:ietf:params:oauth:grant-type:device_code" + grantTypeClientCredentials = "client_credentials" ) const ( diff --git a/server/oauth2_test.go b/server/oauth2_test.go index 710382aa23..b11ecaa3d8 100644 --- a/server/oauth2_test.go +++ b/server/oauth2_test.go @@ -12,8 +12,8 @@ import ( "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/memory" ) func TestParseAuthorizationRequest(t *testing.T) { diff --git a/server/refreshhandlers.go b/server/refreshhandlers.go index ecfda137f0..f043396acc 100644 --- a/server/refreshhandlers.go +++ b/server/refreshhandlers.go @@ -8,9 +8,9 @@ import ( "strings" "time" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) func contains(arr []string, item string) bool { diff --git a/server/refreshhandlers_test.go b/server/refreshhandlers_test.go index c64c50b330..9dc953b7f7 100644 --- a/server/refreshhandlers_test.go +++ b/server/refreshhandlers_test.go @@ -13,8 +13,8 @@ import ( "github.com/stretchr/testify/require" - "github.com/dexidp/dex/server/internal" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/server/internal" + "github.com/concourse/dex/storage" ) func mockRefreshTokenTestStorage(t *testing.T, s storage.Storage, useObsolete bool) { diff --git a/server/rotation.go b/server/rotation.go index 98489767e0..8a4af3dfa7 100644 --- a/server/rotation.go +++ b/server/rotation.go @@ -12,8 +12,8 @@ import ( "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) var errAlreadyRotated = errors.New("keys already rotated by another server instance") diff --git a/server/rotation_test.go b/server/rotation_test.go index e279bf543e..9a7972dbae 100644 --- a/server/rotation_test.go +++ b/server/rotation_test.go @@ -9,8 +9,8 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/memory" ) func signingKeyID(t *testing.T, s storage.Storage) string { diff --git a/server/server.go b/server/server.go index df16e655cf..04228405c4 100755 --- a/server/server.go +++ b/server/server.go @@ -25,26 +25,27 @@ import ( "github.com/prometheus/client_golang/prometheus" "golang.org/x/crypto/bcrypt" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/connector/atlassiancrowd" - "github.com/dexidp/dex/connector/authproxy" - "github.com/dexidp/dex/connector/bitbucketcloud" - "github.com/dexidp/dex/connector/gitea" - "github.com/dexidp/dex/connector/github" - "github.com/dexidp/dex/connector/gitlab" - "github.com/dexidp/dex/connector/google" - "github.com/dexidp/dex/connector/keystone" - "github.com/dexidp/dex/connector/ldap" - "github.com/dexidp/dex/connector/linkedin" - "github.com/dexidp/dex/connector/microsoft" - "github.com/dexidp/dex/connector/mock" - "github.com/dexidp/dex/connector/oauth" - "github.com/dexidp/dex/connector/oidc" - "github.com/dexidp/dex/connector/openshift" - "github.com/dexidp/dex/connector/saml" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/web" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/connector/atlassiancrowd" + "github.com/concourse/dex/connector/authproxy" + "github.com/concourse/dex/connector/bitbucketcloud" + "github.com/concourse/dex/connector/cloudfoundry" + "github.com/concourse/dex/connector/gitea" + "github.com/concourse/dex/connector/github" + "github.com/concourse/dex/connector/gitlab" + "github.com/concourse/dex/connector/google" + "github.com/concourse/dex/connector/keystone" + "github.com/concourse/dex/connector/ldap" + "github.com/concourse/dex/connector/linkedin" + "github.com/concourse/dex/connector/microsoft" + "github.com/concourse/dex/connector/mock" + "github.com/concourse/dex/connector/oauth" + "github.com/concourse/dex/connector/oidc" + "github.com/concourse/dex/connector/openshift" + "github.com/concourse/dex/connector/saml" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/web" ) // LocalConnector is the local passwordDB connector which is an internal @@ -213,7 +214,7 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy) c.SupportedResponseTypes = []string{responseTypeCode} } - supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode} // default + supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode, grantTypeClientCredentials} // default supportedRes := make(map[string]bool) for _, respType := range c.SupportedResponseTypes { @@ -554,6 +555,7 @@ var ConnectorsConfig = map[string]func() ConnectorConfig{ "bitbucket-cloud": func() ConnectorConfig { return new(bitbucketcloud.Config) }, "openshift": func() ConnectorConfig { return new(openshift.Config) }, "atlassian-crowd": func() ConnectorConfig { return new(atlassiancrowd.Config) }, + "cloudfoundry": func() ConnectorConfig { return new(cloudfoundry.Config) }, // Keep around for backwards compatibility. "samlExperimental": func() ConnectorConfig { return new(saml.Config) }, } diff --git a/server/server_test.go b/server/server_test.go index 828e7faf95..a955669918 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -31,10 +31,10 @@ import ( "golang.org/x/oauth2" jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/connector" - "github.com/dexidp/dex/connector/mock" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/memory" + "github.com/concourse/dex/connector" + "github.com/concourse/dex/connector/mock" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/memory" ) func mustLoad(s string) *rsa.PrivateKey { @@ -1745,17 +1745,17 @@ func TestServerSupportedGrants(t *testing.T) { { name: "Simple", config: func(c *Config) {}, - resGrants: []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode}, + resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeRefreshToken, grantTypeDeviceCode}, }, { name: "With password connector", config: func(c *Config) { c.PasswordConnector = "local" }, - resGrants: []string{grantTypeAuthorizationCode, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode}, + resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode}, }, { name: "With token response", config: func(c *Config) { c.SupportedResponseTypes = append(c.SupportedResponseTypes, responseTypeToken) }, - resGrants: []string{grantTypeAuthorizationCode, grantTypeImplicit, grantTypeRefreshToken, grantTypeDeviceCode}, + resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeImplicit, grantTypeRefreshToken, grantTypeDeviceCode}, }, { name: "All", @@ -1763,7 +1763,7 @@ func TestServerSupportedGrants(t *testing.T) { c.PasswordConnector = "local" c.SupportedResponseTypes = append(c.SupportedResponseTypes, responseTypeToken) }, - resGrants: []string{grantTypeAuthorizationCode, grantTypeImplicit, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode}, + resGrants: []string{grantTypeAuthorizationCode, grantTypeClientCredentials, grantTypeImplicit, grantTypePassword, grantTypeRefreshToken, grantTypeDeviceCode}, }, } diff --git a/storage/conformance/conformance.go b/storage/conformance/conformance.go index 1b45b76c3a..8bdda0d981 100644 --- a/storage/conformance/conformance.go +++ b/storage/conformance/conformance.go @@ -11,7 +11,7 @@ import ( "golang.org/x/crypto/bcrypt" jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // ensure that values being tested on never expire. diff --git a/storage/conformance/transactions.go b/storage/conformance/transactions.go index 1d4011a423..cffe06a28a 100644 --- a/storage/conformance/transactions.go +++ b/storage/conformance/transactions.go @@ -6,7 +6,7 @@ import ( "golang.org/x/crypto/bcrypt" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // RunTransactionTests runs a test suite aimed a verifying the transaction diff --git a/storage/ent/client/authcode.go b/storage/ent/client/authcode.go index b6b263bff8..31fd891f9a 100644 --- a/storage/ent/client/authcode.go +++ b/storage/ent/client/authcode.go @@ -3,7 +3,7 @@ package client import ( "context" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateAuthCode saves provided auth code into the database. diff --git a/storage/ent/client/authrequest.go b/storage/ent/client/authrequest.go index d68fd438a1..a54acfcaf9 100644 --- a/storage/ent/client/authrequest.go +++ b/storage/ent/client/authrequest.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateAuthRequest saves provided auth request into the database. diff --git a/storage/ent/client/client.go b/storage/ent/client/client.go index 07434bd60b..ae9da0b415 100644 --- a/storage/ent/client/client.go +++ b/storage/ent/client/client.go @@ -3,7 +3,7 @@ package client import ( "context" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateClient saves provided oauth2 client settings into the database. diff --git a/storage/ent/client/connector.go b/storage/ent/client/connector.go index bfec4418dd..3c7461bb18 100644 --- a/storage/ent/client/connector.go +++ b/storage/ent/client/connector.go @@ -3,7 +3,7 @@ package client import ( "context" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateConnector saves a connector into the database. diff --git a/storage/ent/client/devicerequest.go b/storage/ent/client/devicerequest.go index 6e9c25001d..d200997e87 100644 --- a/storage/ent/client/devicerequest.go +++ b/storage/ent/client/devicerequest.go @@ -3,8 +3,8 @@ package client import ( "context" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/devicerequest" ) // CreateDeviceRequest saves provided device request into the database. diff --git a/storage/ent/client/devicetoken.go b/storage/ent/client/devicetoken.go index 99cf077d02..2fb412fb03 100644 --- a/storage/ent/client/devicetoken.go +++ b/storage/ent/client/devicetoken.go @@ -3,8 +3,8 @@ package client import ( "context" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/devicetoken" ) // CreateDeviceToken saves provided token into the database. diff --git a/storage/ent/client/keys.go b/storage/ent/client/keys.go index f65d40fc21..3f06032735 100644 --- a/storage/ent/client/keys.go +++ b/storage/ent/client/keys.go @@ -4,8 +4,8 @@ import ( "context" "errors" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db" ) func getKeys(client *db.KeysClient) (storage.Keys, error) { diff --git a/storage/ent/client/main.go b/storage/ent/client/main.go index bc4c1600ac..cf7abc8ec3 100644 --- a/storage/ent/client/main.go +++ b/storage/ent/client/main.go @@ -6,13 +6,13 @@ import ( "hash" "time" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/migrate" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/migrate" ) var _ storage.Storage = (*Database)(nil) diff --git a/storage/ent/client/offlinesession.go b/storage/ent/client/offlinesession.go index 9f54ea1d3c..df6cf240e5 100644 --- a/storage/ent/client/offlinesession.go +++ b/storage/ent/client/offlinesession.go @@ -5,7 +5,7 @@ import ( "encoding/json" "fmt" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateOfflineSessions saves provided offline session into the database. diff --git a/storage/ent/client/password.go b/storage/ent/client/password.go index daaae30cea..ce36559e70 100644 --- a/storage/ent/client/password.go +++ b/storage/ent/client/password.go @@ -4,8 +4,8 @@ import ( "context" "strings" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/password" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/password" ) // CreatePassword saves provided password into the database. diff --git a/storage/ent/client/refreshtoken.go b/storage/ent/client/refreshtoken.go index eca048f463..c861385959 100644 --- a/storage/ent/client/refreshtoken.go +++ b/storage/ent/client/refreshtoken.go @@ -3,7 +3,7 @@ package client import ( "context" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // CreateRefresh saves provided refresh token into the database. diff --git a/storage/ent/client/types.go b/storage/ent/client/types.go index 397d4d30a2..3b0eed0a73 100644 --- a/storage/ent/client/types.go +++ b/storage/ent/client/types.go @@ -4,8 +4,8 @@ import ( "encoding/json" "strings" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db" ) const keysRowID = "keys" diff --git a/storage/ent/client/utils.go b/storage/ent/client/utils.go index 65c037ac3c..daf0f2fa6b 100644 --- a/storage/ent/client/utils.go +++ b/storage/ent/client/utils.go @@ -6,8 +6,8 @@ import ( "github.com/pkg/errors" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db" ) func rollback(tx *db.Tx, t string, err error) error { diff --git a/storage/ent/db/authcode.go b/storage/ent/db/authcode.go index 6ddbeb57dc..3f60c2d918 100644 --- a/storage/ent/db/authcode.go +++ b/storage/ent/db/authcode.go @@ -9,7 +9,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authcode" ) // AuthCode is the model entity for the AuthCode schema. diff --git a/storage/ent/db/authcode/where.go b/storage/ent/db/authcode/where.go index be1954d7bb..abf54ddba6 100644 --- a/storage/ent/db/authcode/where.go +++ b/storage/ent/db/authcode/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/authcode_create.go b/storage/ent/db/authcode_create.go index c075c3d3fc..ef1f824b59 100644 --- a/storage/ent/db/authcode_create.go +++ b/storage/ent/db/authcode_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authcode" ) // AuthCodeCreate is the builder for creating a AuthCode entity. diff --git a/storage/ent/db/authcode_delete.go b/storage/ent/db/authcode_delete.go index 3471394ad2..27dbd1c593 100644 --- a/storage/ent/db/authcode_delete.go +++ b/storage/ent/db/authcode_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthCodeDelete is the builder for deleting a AuthCode entity. diff --git a/storage/ent/db/authcode_query.go b/storage/ent/db/authcode_query.go index a82a450686..199f106999 100644 --- a/storage/ent/db/authcode_query.go +++ b/storage/ent/db/authcode_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthCodeQuery is the builder for querying AuthCode entities. diff --git a/storage/ent/db/authcode_update.go b/storage/ent/db/authcode_update.go index 5d9764bcf4..9b70a5ac3f 100644 --- a/storage/ent/db/authcode_update.go +++ b/storage/ent/db/authcode_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthCodeUpdate is the builder for updating AuthCode entities. diff --git a/storage/ent/db/authrequest.go b/storage/ent/db/authrequest.go index 095427ae2d..80ea77eb5a 100644 --- a/storage/ent/db/authrequest.go +++ b/storage/ent/db/authrequest.go @@ -9,7 +9,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/authrequest" ) // AuthRequest is the model entity for the AuthRequest schema. diff --git a/storage/ent/db/authrequest/where.go b/storage/ent/db/authrequest/where.go index 1fd1d4e49a..813571d3c2 100644 --- a/storage/ent/db/authrequest/where.go +++ b/storage/ent/db/authrequest/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/authrequest_create.go b/storage/ent/db/authrequest_create.go index c353c18201..cd48d15dbe 100644 --- a/storage/ent/db/authrequest_create.go +++ b/storage/ent/db/authrequest_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/authrequest" ) // AuthRequestCreate is the builder for creating a AuthRequest entity. diff --git a/storage/ent/db/authrequest_delete.go b/storage/ent/db/authrequest_delete.go index 495f467609..3b8873e42e 100644 --- a/storage/ent/db/authrequest_delete.go +++ b/storage/ent/db/authrequest_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthRequestDelete is the builder for deleting a AuthRequest entity. diff --git a/storage/ent/db/authrequest_query.go b/storage/ent/db/authrequest_query.go index 577da17b06..dafd295c2b 100644 --- a/storage/ent/db/authrequest_query.go +++ b/storage/ent/db/authrequest_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthRequestQuery is the builder for querying AuthRequest entities. diff --git a/storage/ent/db/authrequest_update.go b/storage/ent/db/authrequest_update.go index f0bf9b341e..144f63dc3c 100644 --- a/storage/ent/db/authrequest_update.go +++ b/storage/ent/db/authrequest_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // AuthRequestUpdate is the builder for updating AuthRequest entities. diff --git a/storage/ent/db/client.go b/storage/ent/db/client.go index 4bf5586513..472644e5c6 100644 --- a/storage/ent/db/client.go +++ b/storage/ent/db/client.go @@ -8,18 +8,18 @@ import ( "fmt" "log" - "github.com/dexidp/dex/storage/ent/db/migrate" - - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/migrate" + + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/refreshtoken" "entgo.io/ent/dialect" "entgo.io/ent/dialect/sql" diff --git a/storage/ent/db/connector.go b/storage/ent/db/connector.go index 65cd4d25e8..58113c412a 100644 --- a/storage/ent/db/connector.go +++ b/storage/ent/db/connector.go @@ -7,7 +7,7 @@ import ( "strings" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/connector" ) // Connector is the model entity for the Connector schema. diff --git a/storage/ent/db/connector/where.go b/storage/ent/db/connector/where.go index e48576de93..82017f2496 100644 --- a/storage/ent/db/connector/where.go +++ b/storage/ent/db/connector/where.go @@ -4,7 +4,7 @@ package connector import ( "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/connector_create.go b/storage/ent/db/connector_create.go index ecff1c2f18..02cf77052e 100644 --- a/storage/ent/db/connector_create.go +++ b/storage/ent/db/connector_create.go @@ -9,7 +9,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/connector" ) // ConnectorCreate is the builder for creating a Connector entity. diff --git a/storage/ent/db/connector_delete.go b/storage/ent/db/connector_delete.go index 0c5381eef5..a9d821fa62 100644 --- a/storage/ent/db/connector_delete.go +++ b/storage/ent/db/connector_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ConnectorDelete is the builder for deleting a Connector entity. diff --git a/storage/ent/db/connector_query.go b/storage/ent/db/connector_query.go index 32d6020499..4f3c721b4b 100644 --- a/storage/ent/db/connector_query.go +++ b/storage/ent/db/connector_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ConnectorQuery is the builder for querying Connector entities. diff --git a/storage/ent/db/connector_update.go b/storage/ent/db/connector_update.go index 736d0a62fb..e0bbe02070 100644 --- a/storage/ent/db/connector_update.go +++ b/storage/ent/db/connector_update.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ConnectorUpdate is the builder for updating Connector entities. diff --git a/storage/ent/db/devicerequest.go b/storage/ent/db/devicerequest.go index d358f1741f..494ef89a70 100644 --- a/storage/ent/db/devicerequest.go +++ b/storage/ent/db/devicerequest.go @@ -9,7 +9,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicerequest" ) // DeviceRequest is the model entity for the DeviceRequest schema. diff --git a/storage/ent/db/devicerequest/where.go b/storage/ent/db/devicerequest/where.go index 5cb5ce4489..a1a87f8376 100644 --- a/storage/ent/db/devicerequest/where.go +++ b/storage/ent/db/devicerequest/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/devicerequest_create.go b/storage/ent/db/devicerequest_create.go index ae7644ca0c..cc61023295 100644 --- a/storage/ent/db/devicerequest_create.go +++ b/storage/ent/db/devicerequest_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicerequest" ) // DeviceRequestCreate is the builder for creating a DeviceRequest entity. diff --git a/storage/ent/db/devicerequest_delete.go b/storage/ent/db/devicerequest_delete.go index 635a8a498d..3e210730c6 100644 --- a/storage/ent/db/devicerequest_delete.go +++ b/storage/ent/db/devicerequest_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceRequestDelete is the builder for deleting a DeviceRequest entity. diff --git a/storage/ent/db/devicerequest_query.go b/storage/ent/db/devicerequest_query.go index 3fd43dd89d..ca48028354 100644 --- a/storage/ent/db/devicerequest_query.go +++ b/storage/ent/db/devicerequest_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceRequestQuery is the builder for querying DeviceRequest entities. diff --git a/storage/ent/db/devicerequest_update.go b/storage/ent/db/devicerequest_update.go index 2bf38af697..839d3e0e4a 100644 --- a/storage/ent/db/devicerequest_update.go +++ b/storage/ent/db/devicerequest_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceRequestUpdate is the builder for updating DeviceRequest entities. diff --git a/storage/ent/db/devicetoken.go b/storage/ent/db/devicetoken.go index 0daa128064..a84a360570 100644 --- a/storage/ent/db/devicetoken.go +++ b/storage/ent/db/devicetoken.go @@ -8,7 +8,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/devicetoken" ) // DeviceToken is the model entity for the DeviceToken schema. diff --git a/storage/ent/db/devicetoken/where.go b/storage/ent/db/devicetoken/where.go index a8e33f1e00..41567acc65 100644 --- a/storage/ent/db/devicetoken/where.go +++ b/storage/ent/db/devicetoken/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/devicetoken_create.go b/storage/ent/db/devicetoken_create.go index bbf67e5a29..58e7093bcf 100644 --- a/storage/ent/db/devicetoken_create.go +++ b/storage/ent/db/devicetoken_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/devicetoken" ) // DeviceTokenCreate is the builder for creating a DeviceToken entity. diff --git a/storage/ent/db/devicetoken_delete.go b/storage/ent/db/devicetoken_delete.go index 3c196aac09..f3644bea99 100644 --- a/storage/ent/db/devicetoken_delete.go +++ b/storage/ent/db/devicetoken_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceTokenDelete is the builder for deleting a DeviceToken entity. diff --git a/storage/ent/db/devicetoken_query.go b/storage/ent/db/devicetoken_query.go index 1860a841ad..f4007ea1e0 100644 --- a/storage/ent/db/devicetoken_query.go +++ b/storage/ent/db/devicetoken_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceTokenQuery is the builder for querying DeviceToken entities. diff --git a/storage/ent/db/devicetoken_update.go b/storage/ent/db/devicetoken_update.go index cc0b92f5ba..3a42da85f2 100644 --- a/storage/ent/db/devicetoken_update.go +++ b/storage/ent/db/devicetoken_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/predicate" ) // DeviceTokenUpdate is the builder for updating DeviceToken entities. diff --git a/storage/ent/db/ent.go b/storage/ent/db/ent.go index ed76b32b51..6d28a816c3 100644 --- a/storage/ent/db/ent.go +++ b/storage/ent/db/ent.go @@ -10,16 +10,16 @@ import ( "entgo.io/ent" "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // ent aliases to avoid import conflicts in user's code. diff --git a/storage/ent/db/enttest/enttest.go b/storage/ent/db/enttest/enttest.go index ecbb02d930..73dc40add5 100644 --- a/storage/ent/db/enttest/enttest.go +++ b/storage/ent/db/enttest/enttest.go @@ -5,12 +5,12 @@ package enttest import ( "context" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage/ent/db" // required by schema hooks. - _ "github.com/dexidp/dex/storage/ent/db/runtime" + _ "github.com/concourse/dex/storage/ent/db/runtime" "entgo.io/ent/dialect/sql/schema" - "github.com/dexidp/dex/storage/ent/db/migrate" + "github.com/concourse/dex/storage/ent/db/migrate" ) type ( diff --git a/storage/ent/db/hook/hook.go b/storage/ent/db/hook/hook.go index 856e5e5949..b8ad6c6a8b 100644 --- a/storage/ent/db/hook/hook.go +++ b/storage/ent/db/hook/hook.go @@ -6,7 +6,7 @@ import ( "context" "fmt" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/storage/ent/db" ) // The AuthCodeFunc type is an adapter to allow the use of ordinary diff --git a/storage/ent/db/keys.go b/storage/ent/db/keys.go index d307ad8ed2..5361dbff45 100644 --- a/storage/ent/db/keys.go +++ b/storage/ent/db/keys.go @@ -9,8 +9,8 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/keys" jose "gopkg.in/square/go-jose.v2" ) diff --git a/storage/ent/db/keys/where.go b/storage/ent/db/keys/where.go index f918579da8..d87592c7fc 100644 --- a/storage/ent/db/keys/where.go +++ b/storage/ent/db/keys/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/keys_create.go b/storage/ent/db/keys_create.go index 818ca27891..b1b55bf3bc 100644 --- a/storage/ent/db/keys_create.go +++ b/storage/ent/db/keys_create.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/keys" jose "gopkg.in/square/go-jose.v2" ) diff --git a/storage/ent/db/keys_delete.go b/storage/ent/db/keys_delete.go index 5bcf970f58..1c678db8b7 100644 --- a/storage/ent/db/keys_delete.go +++ b/storage/ent/db/keys_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/predicate" ) // KeysDelete is the builder for deleting a Keys entity. diff --git a/storage/ent/db/keys_query.go b/storage/ent/db/keys_query.go index 7d9ea9082d..f946238250 100644 --- a/storage/ent/db/keys_query.go +++ b/storage/ent/db/keys_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/predicate" ) // KeysQuery is the builder for querying Keys entities. diff --git a/storage/ent/db/keys_update.go b/storage/ent/db/keys_update.go index b5fbefff67..7310e03c28 100644 --- a/storage/ent/db/keys_update.go +++ b/storage/ent/db/keys_update.go @@ -11,9 +11,9 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/predicate" jose "gopkg.in/square/go-jose.v2" ) diff --git a/storage/ent/db/mutation.go b/storage/ent/db/mutation.go index 85e1af7240..fae7c4dad0 100644 --- a/storage/ent/db/mutation.go +++ b/storage/ent/db/mutation.go @@ -9,18 +9,18 @@ import ( "sync" "time" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/predicate" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/refreshtoken" jose "gopkg.in/square/go-jose.v2" "entgo.io/ent" diff --git a/storage/ent/db/oauth2client.go b/storage/ent/db/oauth2client.go index f96ca218e1..30418fcf54 100644 --- a/storage/ent/db/oauth2client.go +++ b/storage/ent/db/oauth2client.go @@ -8,7 +8,7 @@ import ( "strings" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/oauth2client" ) // OAuth2Client is the model entity for the OAuth2Client schema. diff --git a/storage/ent/db/oauth2client/where.go b/storage/ent/db/oauth2client/where.go index d74a6ab78e..17927306b8 100644 --- a/storage/ent/db/oauth2client/where.go +++ b/storage/ent/db/oauth2client/where.go @@ -4,7 +4,7 @@ package oauth2client import ( "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/oauth2client_create.go b/storage/ent/db/oauth2client_create.go index 02c41a8377..ac0719dfe1 100644 --- a/storage/ent/db/oauth2client_create.go +++ b/storage/ent/db/oauth2client_create.go @@ -9,7 +9,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/oauth2client" ) // OAuth2ClientCreate is the builder for creating a OAuth2Client entity. diff --git a/storage/ent/db/oauth2client_delete.go b/storage/ent/db/oauth2client_delete.go index 239d904dc2..cc70c8fe0a 100644 --- a/storage/ent/db/oauth2client_delete.go +++ b/storage/ent/db/oauth2client_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OAuth2ClientDelete is the builder for deleting a OAuth2Client entity. diff --git a/storage/ent/db/oauth2client_query.go b/storage/ent/db/oauth2client_query.go index 1776c943d2..bed780975c 100644 --- a/storage/ent/db/oauth2client_query.go +++ b/storage/ent/db/oauth2client_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OAuth2ClientQuery is the builder for querying OAuth2Client entities. diff --git a/storage/ent/db/oauth2client_update.go b/storage/ent/db/oauth2client_update.go index aeddbba63c..6913f3f079 100644 --- a/storage/ent/db/oauth2client_update.go +++ b/storage/ent/db/oauth2client_update.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OAuth2ClientUpdate is the builder for updating OAuth2Client entities. diff --git a/storage/ent/db/offlinesession.go b/storage/ent/db/offlinesession.go index 4b797e2672..50b55c0440 100644 --- a/storage/ent/db/offlinesession.go +++ b/storage/ent/db/offlinesession.go @@ -7,7 +7,7 @@ import ( "strings" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/offlinesession" ) // OfflineSession is the model entity for the OfflineSession schema. diff --git a/storage/ent/db/offlinesession/where.go b/storage/ent/db/offlinesession/where.go index 2dbab2537e..6eca11d738 100644 --- a/storage/ent/db/offlinesession/where.go +++ b/storage/ent/db/offlinesession/where.go @@ -4,7 +4,7 @@ package offlinesession import ( "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/offlinesession_create.go b/storage/ent/db/offlinesession_create.go index 82b8014f1b..54f26f82e5 100644 --- a/storage/ent/db/offlinesession_create.go +++ b/storage/ent/db/offlinesession_create.go @@ -9,7 +9,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/offlinesession" ) // OfflineSessionCreate is the builder for creating a OfflineSession entity. diff --git a/storage/ent/db/offlinesession_delete.go b/storage/ent/db/offlinesession_delete.go index b9c60ba9a3..fa84b062ae 100644 --- a/storage/ent/db/offlinesession_delete.go +++ b/storage/ent/db/offlinesession_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OfflineSessionDelete is the builder for deleting a OfflineSession entity. diff --git a/storage/ent/db/offlinesession_query.go b/storage/ent/db/offlinesession_query.go index e5e09cf16d..754bee5b8f 100644 --- a/storage/ent/db/offlinesession_query.go +++ b/storage/ent/db/offlinesession_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OfflineSessionQuery is the builder for querying OfflineSession entities. diff --git a/storage/ent/db/offlinesession_update.go b/storage/ent/db/offlinesession_update.go index f9f1d9cbf1..bcc69f299c 100644 --- a/storage/ent/db/offlinesession_update.go +++ b/storage/ent/db/offlinesession_update.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/predicate" ) // OfflineSessionUpdate is the builder for updating OfflineSession entities. diff --git a/storage/ent/db/password.go b/storage/ent/db/password.go index cd30ec54ed..d2fcf46db7 100644 --- a/storage/ent/db/password.go +++ b/storage/ent/db/password.go @@ -7,7 +7,7 @@ import ( "strings" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/password" ) // Password is the model entity for the Password schema. diff --git a/storage/ent/db/password/where.go b/storage/ent/db/password/where.go index e33c134f2e..60b20ec13b 100644 --- a/storage/ent/db/password/where.go +++ b/storage/ent/db/password/where.go @@ -4,7 +4,7 @@ package password import ( "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/password_create.go b/storage/ent/db/password_create.go index 277a5c8321..bd54d36161 100644 --- a/storage/ent/db/password_create.go +++ b/storage/ent/db/password_create.go @@ -9,7 +9,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/password" ) // PasswordCreate is the builder for creating a Password entity. diff --git a/storage/ent/db/password_delete.go b/storage/ent/db/password_delete.go index 6bbe5af57b..70b5aa42cd 100644 --- a/storage/ent/db/password_delete.go +++ b/storage/ent/db/password_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/predicate" ) // PasswordDelete is the builder for deleting a Password entity. diff --git a/storage/ent/db/password_query.go b/storage/ent/db/password_query.go index 0da4d08aef..f993949794 100644 --- a/storage/ent/db/password_query.go +++ b/storage/ent/db/password_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/predicate" ) // PasswordQuery is the builder for querying Password entities. diff --git a/storage/ent/db/password_update.go b/storage/ent/db/password_update.go index 8d149991a8..f709cb5f19 100644 --- a/storage/ent/db/password_update.go +++ b/storage/ent/db/password_update.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/predicate" ) // PasswordUpdate is the builder for updating Password entities. diff --git a/storage/ent/db/refreshtoken.go b/storage/ent/db/refreshtoken.go index b5c75bb101..f19e696d2b 100644 --- a/storage/ent/db/refreshtoken.go +++ b/storage/ent/db/refreshtoken.go @@ -9,7 +9,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshToken is the model entity for the RefreshToken schema. diff --git a/storage/ent/db/refreshtoken/where.go b/storage/ent/db/refreshtoken/where.go index e6abf9824b..37c81885c6 100644 --- a/storage/ent/db/refreshtoken/where.go +++ b/storage/ent/db/refreshtoken/where.go @@ -6,7 +6,7 @@ import ( "time" "entgo.io/ent/dialect/sql" - "github.com/dexidp/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/predicate" ) // ID filters vertices based on their ID field. diff --git a/storage/ent/db/refreshtoken_create.go b/storage/ent/db/refreshtoken_create.go index e2bd6c2fad..252d273dd2 100644 --- a/storage/ent/db/refreshtoken_create.go +++ b/storage/ent/db/refreshtoken_create.go @@ -10,7 +10,7 @@ import ( "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshTokenCreate is the builder for creating a RefreshToken entity. diff --git a/storage/ent/db/refreshtoken_delete.go b/storage/ent/db/refreshtoken_delete.go index 2c8d7c1e80..92ba71c168 100644 --- a/storage/ent/db/refreshtoken_delete.go +++ b/storage/ent/db/refreshtoken_delete.go @@ -9,8 +9,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/predicate" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshTokenDelete is the builder for deleting a RefreshToken entity. diff --git a/storage/ent/db/refreshtoken_query.go b/storage/ent/db/refreshtoken_query.go index a90ac2f912..5cc467dd77 100644 --- a/storage/ent/db/refreshtoken_query.go +++ b/storage/ent/db/refreshtoken_query.go @@ -10,8 +10,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/predicate" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshTokenQuery is the builder for querying RefreshToken entities. diff --git a/storage/ent/db/refreshtoken_update.go b/storage/ent/db/refreshtoken_update.go index 6c11c7f73c..84b13f1f1c 100644 --- a/storage/ent/db/refreshtoken_update.go +++ b/storage/ent/db/refreshtoken_update.go @@ -11,8 +11,8 @@ import ( "entgo.io/ent/dialect/sql" "entgo.io/ent/dialect/sql/sqlgraph" "entgo.io/ent/schema/field" - "github.com/dexidp/dex/storage/ent/db/predicate" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/db/predicate" + "github.com/concourse/dex/storage/ent/db/refreshtoken" ) // RefreshTokenUpdate is the builder for updating RefreshToken entities. diff --git a/storage/ent/db/runtime.go b/storage/ent/db/runtime.go index 797c97613b..d3c86c6f27 100644 --- a/storage/ent/db/runtime.go +++ b/storage/ent/db/runtime.go @@ -5,17 +5,17 @@ package db import ( "time" - "github.com/dexidp/dex/storage/ent/db/authcode" - "github.com/dexidp/dex/storage/ent/db/authrequest" - "github.com/dexidp/dex/storage/ent/db/connector" - "github.com/dexidp/dex/storage/ent/db/devicerequest" - "github.com/dexidp/dex/storage/ent/db/devicetoken" - "github.com/dexidp/dex/storage/ent/db/keys" - "github.com/dexidp/dex/storage/ent/db/oauth2client" - "github.com/dexidp/dex/storage/ent/db/offlinesession" - "github.com/dexidp/dex/storage/ent/db/password" - "github.com/dexidp/dex/storage/ent/db/refreshtoken" - "github.com/dexidp/dex/storage/ent/schema" + "github.com/concourse/dex/storage/ent/db/authcode" + "github.com/concourse/dex/storage/ent/db/authrequest" + "github.com/concourse/dex/storage/ent/db/connector" + "github.com/concourse/dex/storage/ent/db/devicerequest" + "github.com/concourse/dex/storage/ent/db/devicetoken" + "github.com/concourse/dex/storage/ent/db/keys" + "github.com/concourse/dex/storage/ent/db/oauth2client" + "github.com/concourse/dex/storage/ent/db/offlinesession" + "github.com/concourse/dex/storage/ent/db/password" + "github.com/concourse/dex/storage/ent/db/refreshtoken" + "github.com/concourse/dex/storage/ent/schema" ) // The init function reads all schema descriptors with runtime code diff --git a/storage/ent/mysql.go b/storage/ent/mysql.go index 4a9407f95c..23824db367 100644 --- a/storage/ent/mysql.go +++ b/storage/ent/mysql.go @@ -15,10 +15,10 @@ import ( entSQL "entgo.io/ent/dialect/sql" "github.com/go-sql-driver/mysql" // Register mysql driver. - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/client" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/client" + "github.com/concourse/dex/storage/ent/db" ) const ( diff --git a/storage/ent/mysql_test.go b/storage/ent/mysql_test.go index 6c2dfa1ddf..db51c3fe7e 100644 --- a/storage/ent/mysql_test.go +++ b/storage/ent/mysql_test.go @@ -8,8 +8,8 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) const ( diff --git a/storage/ent/postgres.go b/storage/ent/postgres.go index 1953f5992f..0b006657e4 100644 --- a/storage/ent/postgres.go +++ b/storage/ent/postgres.go @@ -14,10 +14,10 @@ import ( entSQL "entgo.io/ent/dialect/sql" _ "github.com/lib/pq" // Register postgres driver. - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/client" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/client" + "github.com/concourse/dex/storage/ent/db" ) // nolint diff --git a/storage/ent/postgres_test.go b/storage/ent/postgres_test.go index c8e3a54df2..92bd8ba154 100644 --- a/storage/ent/postgres_test.go +++ b/storage/ent/postgres_test.go @@ -8,8 +8,8 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) const ( diff --git a/storage/ent/schema/keys.go b/storage/ent/schema/keys.go index ec5cd3f6bb..c4b4c8adb2 100644 --- a/storage/ent/schema/keys.go +++ b/storage/ent/schema/keys.go @@ -5,7 +5,7 @@ import ( "entgo.io/ent/schema/field" "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) /* Original SQL table: diff --git a/storage/ent/sqlite.go b/storage/ent/sqlite.go index c0b442f400..cee8872c8c 100644 --- a/storage/ent/sqlite.go +++ b/storage/ent/sqlite.go @@ -8,10 +8,10 @@ import ( "entgo.io/ent/dialect/sql" _ "github.com/mattn/go-sqlite3" // Register sqlite driver. - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/ent/client" - "github.com/dexidp/dex/storage/ent/db" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/ent/client" + "github.com/concourse/dex/storage/ent/db" ) // SQLite3 options for creating an SQL db. diff --git a/storage/ent/sqlite_test.go b/storage/ent/sqlite_test.go index 301d769b4a..440aff8b9c 100644 --- a/storage/ent/sqlite_test.go +++ b/storage/ent/sqlite_test.go @@ -6,8 +6,8 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) func newSQLiteStorage() storage.Storage { diff --git a/storage/etcd/config.go b/storage/etcd/config.go index 7f1a7b4fb7..10d1aeb962 100644 --- a/storage/etcd/config.go +++ b/storage/etcd/config.go @@ -7,8 +7,8 @@ import ( clientv3 "go.etcd.io/etcd/client/v3" "go.etcd.io/etcd/client/v3/namespace" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) var defaultDialTimeout = 2 * time.Second diff --git a/storage/etcd/etcd.go b/storage/etcd/etcd.go index 13e815ec8d..7fdc9b7adf 100644 --- a/storage/etcd/etcd.go +++ b/storage/etcd/etcd.go @@ -9,8 +9,8 @@ import ( clientv3 "go.etcd.io/etcd/client/v3" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) const ( diff --git a/storage/etcd/etcd_test.go b/storage/etcd/etcd_test.go index 8a9af5c9d5..e9e56678e5 100644 --- a/storage/etcd/etcd_test.go +++ b/storage/etcd/etcd_test.go @@ -12,8 +12,8 @@ import ( "github.com/sirupsen/logrus" clientv3 "go.etcd.io/etcd/client/v3" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) func withTimeout(t time.Duration, f func()) { diff --git a/storage/etcd/types.go b/storage/etcd/types.go index 91199ab655..b786e2e217 100644 --- a/storage/etcd/types.go +++ b/storage/etcd/types.go @@ -5,7 +5,7 @@ import ( jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // AuthCode is a mirrored struct from storage with JSON struct tags diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go index 57f21e00cd..c08359059a 100644 --- a/storage/kubernetes/client.go +++ b/storage/kubernetes/client.go @@ -26,9 +26,9 @@ import ( "github.com/ghodss/yaml" "golang.org/x/net/http2" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) type client struct { diff --git a/storage/kubernetes/client_test.go b/storage/kubernetes/client_test.go index cfd04857b6..34801639be 100644 --- a/storage/kubernetes/client_test.go +++ b/storage/kubernetes/client_test.go @@ -13,7 +13,7 @@ import ( "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) // This test does not have an explicit error condition but is used diff --git a/storage/kubernetes/storage.go b/storage/kubernetes/storage.go index 0979f14ac0..4d3543afe3 100644 --- a/storage/kubernetes/storage.go +++ b/storage/kubernetes/storage.go @@ -9,9 +9,9 @@ import ( "strings" "time" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) const ( diff --git a/storage/kubernetes/storage_test.go b/storage/kubernetes/storage_test.go index d0048506be..e394dbd9a7 100644 --- a/storage/kubernetes/storage_test.go +++ b/storage/kubernetes/storage_test.go @@ -17,8 +17,8 @@ import ( "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) const kubeconfigPathVariableName = "DEX_KUBERNETES_CONFIG_PATH" diff --git a/storage/kubernetes/transport.go b/storage/kubernetes/transport.go index 5d39c27fba..e764630034 100644 --- a/storage/kubernetes/transport.go +++ b/storage/kubernetes/transport.go @@ -6,7 +6,7 @@ import ( "sync" "time" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) // transport is a simple http.Transport wrapper diff --git a/storage/kubernetes/types.go b/storage/kubernetes/types.go index a5ec29afd4..57bec68e8a 100644 --- a/storage/kubernetes/types.go +++ b/storage/kubernetes/types.go @@ -6,8 +6,8 @@ import ( jose "gopkg.in/square/go-jose.v2" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/kubernetes/k8sapi" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/kubernetes/k8sapi" ) const ( diff --git a/storage/memory/memory.go b/storage/memory/memory.go index a940665714..447d058735 100644 --- a/storage/memory/memory.go +++ b/storage/memory/memory.go @@ -6,8 +6,8 @@ import ( "sync" "time" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) // New returns an in memory storage. diff --git a/storage/memory/memory_test.go b/storage/memory/memory_test.go index 84a8826ef2..9c020ee095 100644 --- a/storage/memory/memory_test.go +++ b/storage/memory/memory_test.go @@ -6,8 +6,8 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) func TestStorage(t *testing.T) { diff --git a/storage/memory/static_test.go b/storage/memory/static_test.go index 8513e0ee89..fdca32882d 100644 --- a/storage/memory/static_test.go +++ b/storage/memory/static_test.go @@ -8,7 +8,7 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) func TestStaticClients(t *testing.T) { diff --git a/storage/sql/config.go b/storage/sql/config.go index 1aedf04cae..ee846fab06 100644 --- a/storage/sql/config.go +++ b/storage/sql/config.go @@ -15,8 +15,8 @@ import ( "github.com/go-sql-driver/mysql" "github.com/lib/pq" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) const ( diff --git a/storage/sql/config_test.go b/storage/sql/config_test.go index 1178728c1a..1eca0194a8 100644 --- a/storage/sql/config_test.go +++ b/storage/sql/config_test.go @@ -10,9 +10,9 @@ import ( "github.com/sirupsen/logrus" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" - "github.com/dexidp/dex/storage/conformance" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" + "github.com/concourse/dex/storage/conformance" ) func withTimeout(t time.Duration, f func()) { diff --git a/storage/sql/crud.go b/storage/sql/crud.go index 1583c17741..4a1d6e6767 100644 --- a/storage/sql/crud.go +++ b/storage/sql/crud.go @@ -9,7 +9,7 @@ import ( "strings" "time" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/storage" ) // TODO(ericchiang): The update, insert, and select methods queries are all diff --git a/storage/sql/sql.go b/storage/sql/sql.go index 0a29216936..dad6a79ad4 100644 --- a/storage/sql/sql.go +++ b/storage/sql/sql.go @@ -10,7 +10,7 @@ import ( _ "github.com/lib/pq" _ "github.com/mattn/go-sqlite3" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/pkg/log" ) // flavor represents a specific SQL implementation, and is used to translate query strings diff --git a/storage/sql/sqlite.go b/storage/sql/sqlite.go index 43df671a7c..eb0d7fcaad 100644 --- a/storage/sql/sqlite.go +++ b/storage/sql/sqlite.go @@ -9,8 +9,8 @@ import ( sqlite3 "github.com/mattn/go-sqlite3" - "github.com/dexidp/dex/pkg/log" - "github.com/dexidp/dex/storage" + "github.com/concourse/dex/pkg/log" + "github.com/concourse/dex/storage" ) // SQLite3 options for creating an SQL db. diff --git a/storage/static.go b/storage/static.go index 806b61f9cd..c5a8acaf90 100644 --- a/storage/static.go +++ b/storage/static.go @@ -4,7 +4,7 @@ import ( "errors" "strings" - "github.com/dexidp/dex/pkg/log" + "github.com/concourse/dex/pkg/log" ) // Tests for this code are in the "memory" package, since this package doesn't