archive-gh-me/gitpod
1
0
Fork 0
mirror of https://github.com/gitpod-io/gitpod.git synced 2025-12-08 17:36:30 +00:00
Code Issues Projects Releases Wiki Activity
11,481 Commits 1,231 Branches 1,883 Tags
Commit Graph

224 Commits

Author SHA1 Message Date
Milan Pavlik
89e9ad0075
[sso] Validate Issuer URL + fix trailing slash WEB-345 (#17623) 
* [sso] Fix trailing slash in issuer

* fix

* fix

* fix
 2023-05-16 16:08:01 +08:00
Alex Tugarev
02ce06638c
[papi] validate ID token claims – WEB-337 (#17615) 
* [papi] validate ID token claims

Some claims (e.g. email, name) are required. While it's defaults with most IdPs, some require manual configuration to make those claims appear in ID tokens.

* add test cases
 2023-05-16 15:56:01 +08:00
Milan Pavlik
5333826686
[sso] Improve SSO dance logs & user facing error messages WEB-300 (#17570) 
* [sso] Improve SSO dance logs & user facing error messages

* Fix
 2023-05-15 15:18:00 +08:00
Anton Kosyakov
0ba64e3d3e
[public-api] refine mapping of json rpc error codes (#17591) 
* [public-api] refine mapping of json rpc error codes

- map 4xx and 650 codes as invalid argument (client errors)
- map 401, 411 related to unauthedicated and permission denied
- mapp 429 to resource exhausted

* Update errors.go
 2023-05-12 16:09:57 +08:00
Sven Efftinge
b7d01a7e25
Disallow deletion of teams (#17538) 2023-05-10 22:25:55 +08:00
Alex Tugarev
9266c7617c
[papi] select active OIDC config for start request – WEB-316 (#17518) 
* [papi] select active OIDC config for start request

* rename GetActiveOIDCClientConfigByOrgSlug

* add CreateTeams helper

* [papi] Ensure activation of SSO config deactivates previous one

* applied PR review comment
 2023-05-10 19:56:55 +08:00
Sven Efftinge
606e74f6c7
[dashboard] invite link for SSO orgs (#17478) 2023-05-05 17:59:43 +08:00
Milan Pavlik
c1a5e53134
[oidc] Restrict actions to team owners (#17470) 2023-05-03 14:20:41 +08:00
Milan Pavlik
4e983b7998
[public-api] Implement UpdateOIDCClientConfig WEB-278 (#17464) 
* [public-api] Implement UpdateOIDCClientConfig

* fix

* fix

* fix

* fix

* fix

* fix
 2023-05-02 23:48:40 +08:00
Alex Tugarev
7ef79efd91
[SSO] Use ClientConfigID & Subject as composite key for identities WEB-279 (#17463) 
* [SSO] Use ClientConfigID & Subject as composite key for identities

* Add tests for CreateSession
 2023-05-02 21:09:40 +08:00
Christian Weichel
8ed7b7d8a2
Repersist IDP public key when lost (#17422) 
e.g. because Redis restarted.
 2023-05-02 13:54:40 +08:00
Sven Efftinge
cbd56c2592
Frictionless login for dedicated (#17432) 2023-05-02 02:12:40 +08:00
Alex Tugarev
76c61533a6
[OIDC] Enable mark client config as "active" (#17365) 
* [gitpod-db] Add `d_b_oidc_client_config.active` field

* [papi] Add OIDCClientConfig.active to proto def

* [gitpod-db] Add OIDCClientConfig.active

* [papi] Add `activate` param to `/oidc/start` endpoint handler

If provided it should mark the OIDC client config as `active` in the DB.

* Fix propagation of state params and add tests.

* fix import of deprecated ioutil

* refactor GetStartParams

* consider `activate` from create request
 2023-04-27 21:35:36 +08:00
Milan Pavlik
0dc46c5bcc
[public-api] Measure incoming JWT Sessions - WEB-102 (#17345) 
* retest

* retest

* [installer] Add cookie name to config

* Fix

* retest

* [installer] Add cookie name to config

* [public-api] Measure incoming JWT Sessions

* fix

* Fix

* Fix

* fix

* retest
 2023-04-24 21:34:45 +08:00
Milan Pavlik
d9ccc1d141
[papi] OIDC service signs state with HS256, reusing signing PK - WEB-206 (#17328) 
* [papi] OIDC service signs state with RSA256

* Fix

* retest

* fix

* add test
 2023-04-24 17:14:45 +08:00
Milan Pavlik
d069f76edc
[public-api] Refactor JWT Sign/Verify to be reusable for OIDC - WEB-206 (#17327) 
* [public-api] Refactor JWT Sign/Verify to be reusable for OIDC

* fix
 2023-04-24 15:14:45 +08:00
Milan Pavlik
4f55ce16da
[public-api] JWT Signer & Verifier WEB-101 (#17308) 
* [public-api] JWT Signer & Verifier

* upgrade other to v5
 2023-04-21 17:32:42 +08:00
Alex Tugarev
d7480d1cd4
[papi] check for OIDC Discovery support (#17268) 2023-04-20 13:51:52 +08:00
Milan Pavlik
51d1f65a47
[stripe] Actually call the billing service 🤦 (#17175) 2023-04-12 09:57:51 +02:00
Milan Pavlik
fc1ca336f7
[stripe] Re-use constants for event types (#17161) 2023-04-12 09:20:52 +02:00
Milan Pavlik
e001690ad1
[public-api] Fix panic due to incorrect err ref (#17113) 2023-03-31 13:47:40 +02:00
Milan Pavlik
45cf0d2319
[public-api] Explicit panic handler (#17105) 2023-03-31 10:03:40 +02:00
Alex Tugarev
7ecc196baa
Sign in with SSO (#17055) 
* [experiment] Add "Sign in with SSO" to Login

Reusing existing parts:
 * `/complete-auth` page of Dashbaord to forward results of authN flows running in a modal
 * Adding preliminary UI to the Login view: Org-slug and simple button.

* [gitpod-db] get team/org by slug

* [gitpod-db] fix OIDCClientConfig.OrganizationID field's type

* [oidc] consider returnTo URL

* [oidc] consider orgSlug param from start request

* [oidc] fix oauth2 clientId propagation

* [oidc] fix a flaky test

* [onboarding] skip for organizational accounts

* Move SSO Login UI into it's own component

* adjust validation a bit, add useCallbacks

* adding GetOIDCClientConfigByOrgSlug

* add table name

* removing commented out code

---------

Co-authored-by: Brad Harris <bmharris@gmail.com>
 2023-03-29 15:49:39 +02:00
Milan Pavlik
c0cd571e78
[usage] Add OnChargeDispute rpc definition (#17036) 
* [usage] Add OnChargeDispute rpc definition

* [public-api] Setup handler for charge.dispute.created (#17034)

* [public-api] Setup handler for charge.dispute.created

* fix

* fix

* fix
 2023-03-27 15:59:25 +02:00
Alex Tugarev
275e782341
[Orgs] Persist slug (#16923) 
* [orgs] Persist `slug`

* [Orgs] Make `slug` changeable on Settings page

* update to use input/button components and mutation

* [papi] Re-add Team.slug

---------

Co-authored-by: Brad Harris <bmharris@gmail.com>
 2023-03-24 10:51:16 +01:00
Milan Pavlik
b1ab625626
[public-api] Cleanup logging middleware (#16928) 2023-03-21 10:17:13 +01:00
Brad Harris
ff079b96fa
Org SSO Page updates (#16868) 
* Breaking SSO page into components & react-query

* wrapper component not needed anymore

* position off of bottom instead

* add a heading/subheading for consistency

* add clientside validation

* adding oidcConfig.issuer to api response

* updating test

* minor cleanup
 2023-03-16 21:59:08 +01:00
Milan Pavlik
59e58f96c1
[common-go] Composable log fields (#16860) 
* [common-go] Composable log fields

* add test for compose

* use in public api

* fix

* fix
 2023-03-16 20:57:08 +01:00
Milan Pavlik
59ff034d6f
[public-api] Use context logger (#16686) 
* Fix

* Fix

* Fix

* Fix

* Fix

* [public-api] Use context logger

* fix

* Fix

* fix

* Fix

* fix

* fix

* fix

* fix

* fix

* Fix

* fmt

* fix

* retest
 2023-03-15 13:52:07 +01:00
Milan Pavlik
6291b6ce90
[public-api] List teams concurrently (#16848) 
* [public-api] List teams concurrently

* Fix
 2023-03-15 09:00:07 +01:00
Milan Pavlik
7b095abbbe
[public-api] Fix GetIDToken test (#16714) 2023-03-07 20:55:05 +01:00
Milan Pavlik
16b4b1e284
[public-api] Correctly map 401 to Unathenticated (#16711) 2023-03-07 17:31:04 +01:00
Christian Weichel
da4cafd5e5
Gitpod OIDC Identity Provider (#16482) 
* Prototype IDP provider

* [gp cli] Add IDP commands

* [public-api] Remove zitadel based IDP implementation

* [gitpod-cli] Add IDP support for Vault

* [idp] Remove per-org IDP

* [idp] Add key cache and random key IDs

* [idp] Defer GetIDToken authorisation to server

* [idp] Add Redis public key cache

* [gitpod-cli] Hide IDP commands

* [idp] Add key ID to JWT

* [idp] Add unit tests

* [idp] Adress review comments

* [public-api-server] Use logging middleware globally

* [public-api-server] Simplify service registration

* [idp] Add Redis outage resilience
 2023-03-03 17:11:01 +01:00
Alex Tugarev
80dc959279 [oidc] encode and validate state params 
Using JWT tokens for encoding/decoding/validation of state params carried throughout the OIDC/OAuth2 flow.

Validating of integrity is crucial, as this piece of information contains the ID of the OIDC client to continue with when Gitpod receives the callback from a 3rd party. Tests should show that expiration time is checked and signature validation is effective.
 2023-02-15 18:55:20 +01:00
Milan Pavlik
0a7ca4c08a Use context to store and populate origin 2023-02-15 15:39:20 +01:00
Gero Posmyk-Leinemann
1a9094756a [public-api-server] Forward Origin header where provided 2023-02-15 15:39:20 +01:00
Alex Tugarev
f4889ad5e0 [oidc] assertIssuerIsReachable 2023-02-10 08:58:15 +01:00
Milan Pavlik
1dc48fbc23 [teams] Remove slug usage 2023-02-07 07:51:44 +01:00
Gero Posmyk-Leinemann
d2464f6ee8 [server, iam] Attach user to an Organization on OIDC login 2023-02-06 15:10:44 +01:00
Alex Tugarev
3ef29bf278 [papi] Add signing secret for JWTs 
Praparation to use with `golang-jwt/jwt`
 2023-01-30 11:15:37 +01:00
Milan Pavlik
17e83b9985 [iam] Remove component 2023-01-23 17:33:31 +01:00
Milan Pavlik
27f1ba0939 [public-api] Move oidc handler package from iam 2023-01-23 15:45:31 +01:00
Milan Pavlik
0aad145ad4 [public-api] Bind OIDC HTTP service to Public API 2023-01-23 15:24:30 +01:00
Milan Pavlik
e5c8da1491 [oidc] Implement Get OIDC Client Config API 2023-01-20 15:53:28 +01:00
Milan Pavlik
b984390bfb [oidc] Move create RPC directly to public-api 2023-01-20 15:20:28 +01:00
Milan Pavlik
72a31730f7 [oidc] Delete OIDC Client Config API 2023-01-20 15:00:28 +01:00
Alex Tugarev
487b7edfde [public-api] re-generate and adjust callsites 2023-01-20 12:11:27 +01:00
Milan Pavlik
7012fe2ce3 [oidc] List client configs API implementation 2023-01-19 14:30:27 +01:00
Milan Pavlik
371de3f842 [public-api] Reduce duplication in validation functions 2023-01-19 09:18:26 +01:00
Milan Pavlik
e3fb86f950 [oidc] Propagate OrganisationID to IAM component 2023-01-19 09:05:26 +01:00