Juan Font
cc3de7e723
Fix error decoding claims ( #744 )
2022-08-17 15:03:10 +00:00
Juan Font
8e56d8b425
Merge branch 'main' into switch-to-db-d
2022-08-11 13:11:38 +02:00
Adrien Raffin-Caboisse
110b01befa
Merge remote-tracking branch 'origin/main' into fix-bug-in-excludecorrectlytaggednodes
2022-08-11 12:49:26 +02:00
Juan Font Alonso
804d70386d
Switch to nodekey in urls
2022-08-11 12:15:16 +02:00
Juan Font Alonso
e91c378bd4
Replace machine key with node key in preparation for Noise in auth related stuff
2022-08-10 15:35:26 +02:00
Juan Font
8a9fe1da4b
Merge branch 'main' into oidc-refactoring
2022-08-09 20:29:02 +02:00
Grigoriy Mikhalkin
a1e7e771ce
refactor OIDC callback aux functions
2022-08-07 13:57:07 +02:00
Grigoriy Mikhalkin
00d2a447f4
decompose OIDCCallback method
2022-08-07 13:27:29 +02:00
Adrien Raffin-Caboisse
79688e6187
chore(all): apply formater
2022-08-04 10:47:00 +02:00
Grigoriy Mikhalkin
911e6ba6de
exported API errors
2022-07-29 17:35:21 +02:00
Juan Font Alonso
ffcc72876c
Lint fixes 7/n
2022-06-26 12:30:52 +02:00
Juan Font Alonso
c810b24eb9
Lint fixes 5/n
2022-06-26 12:21:35 +02:00
Juan Font Alonso
c859bea0cf
Lint fixes 3/n
2022-06-26 12:01:04 +02:00
Juan Font Alonso
a913d1b521
Lint fixes 2/n
2022-06-26 11:55:37 +02:00
Juan Font Alonso
396c3ecdf7
Remove Gin from the OIDC handlers
2022-06-20 12:31:19 +02:00
Juan Font Alonso
d5e331a2fb
Remove Gin from OIDC callback
2022-06-17 17:42:17 +02:00
Kristoffer Dalby
e631c6f7e0
Merge master
2022-05-16 21:41:46 +02:00
Antoine POPINEAU
7cc58af932
Allow more configuration over the OIDC flow.
...
Adds knobs to configure three aspects of the OpenID Connect flow:
* Custom scopes to override the default "openid profile email".
* Custom parameters to be added to the Authorize Endpoint request.
* Domain allowlisting for authenticated principals.
* User allowlisting for authenticated principals.
2022-05-02 17:11:07 +02:00
Kristoffer Dalby
14994cb6cc
Use new logic and fields for dns
2022-04-24 20:55:54 +01:00
Kristoffer Dalby
739653fa71
Merge branch 'main' into feat-add-debug-log
2022-03-18 20:44:21 +00:00
Adrien Raffin-Caboisse
2e04abf4bb
feat(oidc): add debug log
2022-03-18 09:40:12 +01:00
Adrien Raffin-Caboisse
61ebb713f2
fix(oidc): Reset expiry for reauthentication
...
The previous code resetted the expiry time to be expired. So the machine was never reauthenticated
2022-03-18 09:32:07 +01:00
Adrien Raffin-Caboisse
f19c048569
fix: change normalization function name
2022-03-07 22:55:54 +01:00
Adrien Raffin-Caboisse
1114449601
change: update name of method to check and normalize Domain name
2022-03-06 20:46:17 +01:00
Kristoffer Dalby
1f8c7f427b
Add comment
2022-03-02 07:29:56 +00:00
Kristoffer Dalby
ec4dc68524
Use correct machinekey format for oidc reg
2022-03-02 07:29:56 +00:00
Kristoffer Dalby
86ade72c19
Remove err check
2022-03-02 07:29:56 +00:00
Kristoffer Dalby
82cb6b9ddc
Cleanup some unreachable code
2022-02-28 23:00:41 +00:00
Kristoffer Dalby
8bef04d8df
Remove sorted todo
2022-02-28 22:45:42 +00:00
Kristoffer Dalby
5e92ddad43
Remove redundant caches
...
This commit removes the two extra caches (oidc, requested time) and uses
the new central registration cache instead. The requested time is
unified into the main machine object and the oidc key is just added to
the same cache, as a string with the state as a key instead of machine
key.
2022-02-28 22:42:30 +00:00
Kristoffer Dalby
16b21e8158
Remove all references to Machine.Registered
2022-02-28 16:55:57 +00:00
Kristoffer Dalby
35616eb861
Fix oidc error were namespace isnt created #365
2022-02-28 16:41:28 +00:00
Kristoffer Dalby
54cc3c067f
Implement new machine register parameter
2022-02-28 16:34:50 +00:00
Kristoffer Dalby
469551bc5d
Register new machines needing callback in memory
...
This commit stores temporary registration data in cache, instead of
memory allowing us to only have actually registered machines in the
database.
2022-02-28 08:06:39 +00:00
Kristoffer Dalby
fd1e4a1dcd
Generalise registration for openid
2022-02-27 18:42:24 +01:00
Adrien Raffin-Caboisse
046116656b
chore: update formatting
2022-02-23 14:22:21 +01:00
Adrien Raffin-Caboisse
4f1f235a2e
feat: add strip_email_domain to normalization of namespace
2022-02-23 14:03:07 +01:00
Adrien Raffin-Caboisse
afd4a3706e
chore: update formating
2022-02-22 21:05:39 +01:00
Adrien Raffin-Caboisse
0191ea93ff
feat(oidc): bind email to namespace
2022-02-22 19:59:15 +01:00
Csaba Sarkadi
1a6e5d8770
Add support for multiple IP prefixes
2022-01-16 14:18:22 +01:00
wakeful-cloud
1c7cb98042
Template Fixes
2021-12-22 19:43:53 -07:00
Kristoffer Dalby
59aeaa8476
Ensure we always have the key prefix when needed
2021-11-27 20:25:12 +00:00
Kristoffer Dalby
c38f00fab8
Unmarshal keys in the non-deprecated way
2021-11-26 23:50:42 +00:00
Kristoffer Dalby
cfd53bc4aa
Factor wgkey to types/key
...
This commit converts all the uses of wgkey to the new key interfaces.
It now has specific machine, node and discovery keys and we now should
use them correctly.
Please note the new logic which strips a key prefix (in utils.go) that
is now standard inside tailscale.
In theory we could put it in the database, but to preserve backwards
compatibility and not spend a lot of resources on accounting for both,
we just strip them.
2021-11-26 23:30:42 +00:00
Kristoffer Dalby
021c464148
Add cache for requested expiry times
...
This commit adds a sentral cache to keep track of clients whom has
requested an expiry time, but were we need to keep hold of it until the
second request comes in.
2021-11-22 19:32:52 +00:00
Kristoffer Dalby
e600ead3e9
Make sure nodes can reauthenticate
...
This commit fixes an issue where nodes were not able to reauthenticate.
2021-11-22 19:32:11 +00:00
Kristoffer Dalby
200c10e48c
Add missing return in oidc.go
2021-11-22 17:22:47 +00:00
Kristoffer Dalby
74044f62f4
Remove anouther potential error leak
2021-11-21 21:54:19 +00:00
Kristoffer Dalby
fcd4d94927
Clean up logging and error handling in oidc
...
We should never expose errors via web, it gives attackers a lot of info
(Insert OWASP guide).
Also handle error that didnt separate not found gorm issue and other
errors.
2021-11-21 21:51:39 +00:00
Kristoffer Dalby
9aac1fb255
Remove expiry logic, this needs to be redone
2021-11-19 09:02:29 +00:00