Ryan Richard
b99c4773a2
Use CSP headers in auth handler response
...
When response_mode=form_post is requested, some error cases will be
returned to the client using the form_post web page to POST the result
back to the client's redirect URL.
2022-06-02 09:23:34 -07:00
Mo Khan
75a32ae243
Merge pull request #1145 from enj/enj/f/json_logs
...
Switch to go.uber.org/zap for JSON formatted logging
2022-05-24 13:15:22 -04:00
Monis Khan
0674215ef3
Switch to go.uber.org/zap for JSON formatted logging
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-05-24 11:17:42 -04:00
Ryan Richard
03ccef03fe
Merge pull request #1163 from vmware-tanzu/ldap-login-ui
...
Support a browser-based login flow for LDAP and Active Directory providers
2022-05-24 10:19:34 -04:00
Ryan Richard
438ab0a0e1
Merge branch 'main' into ldap-login-ui
2022-05-20 08:40:34 -07:00
Ryan Richard
39fd9ba270
Small refactors and comments for LDAP/AD UI
2022-05-19 16:02:08 -07:00
Ryan Richard
7388097de7
Merge pull request #1116 from vmware-tanzu/proposal-ldap-web-ui
...
ldap/ad web ui proposal
2022-05-16 16:22:17 -07:00
Ryan Richard
f008c081b3
Accept LDAP UI proposal
2022-05-16 16:21:33 -07:00
Ryan Richard
1092fc4a9e
Add PR link to LDAP UI proposal
2022-05-16 16:21:17 -07:00
Ryan Richard
dc6874e9cd
Move remaining open q's to answered q's
2022-05-16 16:20:42 -07:00
Ryan Richard
0f2a984308
Merge branch 'main' into ldap-login-ui
2022-05-11 11:32:15 -07:00
Ryan Richard
4101a55001
Update docs for new LDAP/AD browser-based login flow
...
Also fix some comments that didn't fit onto one line in the yaml
examples, be consistent about putting a blank line above `---` yaml
separators, and some other small doc improvements.
2022-05-11 11:19:08 -07:00
Ryan Richard
aa732a41fb
Add LDAP browser flow login failure tests to supervisor_login_test.go
...
Also do some refactoring to share more common test setup code in
supervisor_login_test.go.
2022-05-10 16:28:08 -07:00
Ryan Richard
0b106c245e
Add LDAP browser flow login test to supervisor_login_test.go
2022-05-10 12:54:40 -07:00
Ryan Richard
ab302cf2b7
Add AD via browser login e2e test and refactor e2e tests to share code
2022-05-10 10:30:32 -07:00
Ryan Richard
a4e32d8f3d
Extract browsertest.LoginToUpstreamLDAP() integration test helper
2022-05-09 15:43:36 -07:00
Margo Crawford
22aea6ab9d
Address some small comments to make the doc more understandable
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-09 12:55:32 -07:00
Pinny
afc73221d6
Updated versions in docs for v0.17.0 release
2022-05-06 19:28:56 +00:00
Ryan Richard
4c44f583e9
Don't add pinniped_idp_name pinniped_idp_type params into upstream state
2022-05-06 12:00:46 -07:00
Margo Crawford
408e390094
Add more detail on how we should display errors
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-06 11:00:01 -07:00
Ryan Richard
ec22b5715b
Add Pinniped favicon to login UI page 🦭
2022-05-05 14:46:07 -07:00
Ryan Richard
6e6e1f4add
Update login page CSS selectors in e2e test
2022-05-05 13:56:38 -07:00
Ryan Richard
00d68845c4
Add --flow
to choose login flow in prepare-supervisor-on-kind.sh
2022-05-05 13:42:23 -07:00
Ryan Richard
cffa353ffb
Login page styling/structure for users, screen readers, passwd managers
...
Also:
- Add CSS to login page
- Refactor login page HTML and CSS into a new package
- New custom CSP headers for the login page, because the requirements
are different from the form_post page
2022-05-05 13:13:25 -07:00
Ryan Richard
6ca7c932ae
Add unit test for rendering form_post response from POST /login
2022-05-05 13:13:25 -07:00
Margo Crawford
b458cd43b9
Merge pull request #1159 from vmware-tanzu/fix-openldap-typo
...
Tiny fix to openldap group name: pinninpeds->pinnipeds
2022-05-05 12:50:43 -07:00
Margo Crawford
07a3faf449
Merge branch 'main' into fix-openldap-typo
2022-05-05 10:51:09 -07:00
Margo Crawford
329d41aac7
Add the full end to end test for ldap web ui
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-05 08:49:58 -07:00
Margo Crawford
079908fb50
Update to reflect further conversations we've had
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 13:28:54 -07:00
anjalitelang
1a59b6a686
Update ROADMAP.md
...
Changes made to reflect status as of May 4th, 2022
2022-05-04 16:06:33 -04:00
Margo Crawford
eb891d77a5
Tiny fix: pinninpeds->pinnipeds
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-04 12:42:55 -07:00
Ryan Richard
572474605f
Merge pull request #1151 from vmware-tanzu/more_unit_tests_for_ldap_escaping
...
More unit tests for LDAP DNs which contain special chars
2022-05-04 09:49:20 -07:00
Ryan Richard
656f221fb7
Merge branch 'main' into ldap-login-ui
2022-05-04 09:29:15 -07:00
Ryan Richard
a36688573b
Merge pull request #1150 from vmware-tanzu/prepare_supervisor_on_kind_active_directory
...
Support AD in hack/prepare-supervisor-on-kind.sh
2022-05-04 09:16:13 -07:00
Ryan Richard
2e031f727b
Use security headers for the form_post page in the POST /login endpoint
...
Also use more specific test assertions where security headers are
expected. And run the unit tests for the login package in parallel.
2022-05-03 16:46:09 -07:00
Ryan Richard
acc6c50e48
More unit tests for LDAP DNs which contain special chars
...
Adding explicit coverage for PerformRefresh().
2022-05-03 15:43:01 -07:00
Margo Crawford
388cdb6ddd
Fix bug where form was posting to the wrong path
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-05-03 15:18:38 -07:00
Ryan Richard
eaa87c7628
support AD in hack/prepare-supervisor-on-kind.sh
2022-05-03 12:59:39 -07:00
Ryan Richard
d6e61012c6
Merge pull request #1149 from vmware-tanzu/update_kube_versions
...
Update kube codegen versions
2022-05-02 15:35:49 -07:00
Ryan Richard
cc1f0b8db9
Merge pull request #1148 from vmware-tanzu/ldap_group_search_escape
...
Escape special characters in LDAP DNs when used in search filters
2022-05-02 14:44:45 -07:00
Ryan Richard
90e88bb83c
Update kube codegen versions
...
Note that attempting to update 1.18.18 to 1.18.20 didn't work for some
reason, so I skipped that one. The code generator didn't like 1.18.20
and it deleted all the generated code. Avoiding 1.18.19 because it is
listed as having a regression at
https://kubernetes.io/releases/patch-releases/#non-active-branch-history
2022-05-02 14:33:33 -07:00
Ryan Richard
2ad181c7dd
Merge branch 'main' into ldap_group_search_escape
2022-05-02 13:49:55 -07:00
Mo Khan
ee881aa406
Merge pull request #1146 from enj/enj/i/bump_0007
...
Bump deps to latest and go mod compat to 1.17
2022-05-02 16:44:49 -04:00
Ryan Richard
c74dea6405
Escape special characters in LDAP DNs when used in search filters
2022-05-02 13:37:32 -07:00
Ryan Richard
69e5169fc5
Implement post_login_handler.go to accept form post and auth to LDAP/AD
...
Also extract some helpers from auth_handler.go so they can be shared
with the new handler.
2022-04-29 16:02:00 -07:00
Margo Crawford
646c6ec9ed
Show error message on login page
...
Also add autocomplete attribute and title element
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-29 10:36:13 -07:00
Monis Khan
2cdb55e7da
Bump deps to latest and go mod compat to 1.17
...
Signed-off-by: Monis Khan <mok@vmware.com>
2022-04-28 15:37:51 -04:00
Margo Crawford
453c69af7d
Fix some errors and pass state as form element
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 12:07:04 -07:00
Margo Crawford
07b2306254
Add basic outline of login get handler
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-28 11:51:36 -07:00
Margo Crawford
77f016fb64
Allow browser_authcode flow for pinniped login command
...
Signed-off-by: Margo Crawford <margaretc@vmware.com>
2022-04-27 08:53:53 -07:00