Russell Jones
6a1c045fa6
Fix issue where users would get locked out when using OTP tokens.
2017-10-11 22:56:55 +00:00
Alexey Kontsevoy
84f17fd3d4
fix SAML error text
2017-10-10 22:07:15 -04:00
a-palchikov
752c08f4c0
Merge branch 'master' into dmitri/validate-cert-chain
2017-10-06 18:27:19 -07:00
Alexey Kontsevoy
e86fffd28f
(web) adding CSRF protection to OIDC and SAML callbacks
2017-10-06 16:19:05 -04:00
Ev Kontsevoy
272ad17bb5
Removed hard-coded doc versions from error messages
2017-10-05 14:13:53 -07:00
dmitri
1f63b8d596
Address review comments
2017-10-04 18:56:57 -07:00
dmitri
ffcba2f078
ValidateCertificateChain: account for possible invalid PEM data block.
2017-10-04 18:56:57 -07:00
Roman Tkachenko
a8cf2d3464
Fix test
2017-10-03 18:35:05 -07:00
Roman Tkachenko
b9b970162f
Safe redirect for oidc/saml
2017-10-03 18:29:02 -07:00
Alexey Kontsevoy
07783385d3
(web) csrf protection of public API
2017-10-02 00:01:13 -04:00
Sasha Klizhentas
8b44d3e626
fix one more edge case
2017-09-29 18:44:42 -07:00
Sasha Klizhentas
36ebf17d5f
checks in in proxy subsystem, fixes #1336
2017-09-29 18:38:29 -07:00
Ev Kontsevoy
ca4c9691ee
Removed unnecessary check for a file extension
...
fixes #1335
2017-09-22 14:23:16 -07:00
Sasha Klizhentas
1aa583bd5a
fix tests
2017-09-22 12:09:39 -07:00
Sasha Klizhentas
426d4a7a51
export web.TerminalRequest interfaces
...
* Export web.TerminalRequest
* Add option for interactive exec as a parameter
2017-09-22 11:58:30 -07:00
Russell Jones
a0777239b1
By default, no rules.
2017-09-14 13:25:28 -07:00
Russell Jones
0354833211
Additional cleanup (added error messages).
2017-09-14 10:59:25 -07:00
Russell Jones
6bda631584
Refactored Trusted Cluster state change.
2017-09-14 10:53:03 -07:00
Russell Jones
ff63e664de
Refactored Trusted Cluster creation/update.
2017-09-12 18:44:49 -07:00
Russell Jones
6a9a377343
Wrap checks with WithUserLock.
2017-09-12 18:07:21 -07:00
Russell Jones
028eb12aae
Remove VerbConnect.
2017-09-12 15:18:45 -07:00
Ev Kontsevoy
3533903c0e
Lots of documentation edits.
...
Minor code changes too (only comments)
2017-09-11 20:27:42 -07:00
Russell Jones
eca7eec776
Pass principals as traits to remote cluster.
2017-09-11 11:24:17 -07:00
Ev Kontsevoy
5f62b88109
OSS handling of trusted clusters
2017-09-10 15:55:24 -07:00
Ev Kontsevoy
43b2de01bf
Code review suggestions
2017-09-10 14:46:45 -07:00
Ev Kontsevoy
93f7dd3bf9
Better handling of "development mode"
...
Instead of quietly changing behavior because `DEBUG` envar was set to
true, Teleport now explicitly requires scary --insecure flag to enable
this behavior.
2017-09-10 13:45:14 -07:00
Ev Kontsevoy
64558be535
Merge remote-tracking branch 'origin/master' into ev/docs
2017-09-09 20:05:28 -07:00
Ev Kontsevoy
f34a0c4d6f
Minor code changes: better error messages + comments
2017-09-09 20:04:39 -07:00
Alexey Kontsevoy
efadceae0e
include license headers
2017-09-09 00:41:40 -04:00
Alexey Kontsevoy
eb3789ce45
Merge branch 'master' of github.com:gravitational/teleport into features
2017-09-09 00:39:41 -04:00
Ev Kontsevoy
b6cd8374a5
Merge branch 'ev/work' into ev/docs
2017-09-08 18:48:29 -07:00
Russell Jones
1438e40de0
Always include second factor in authentication settings for fallback
...
login and only call CheckAndSetDefaults on the metadata when
unmarshaling a SAML connector.
2017-09-08 23:58:08 +00:00
Alexey Kontsevoy
efe4e94eb4
addressing CR comments
2017-09-08 14:35:31 -04:00
Alexey Kontsevoy
789d5c7f51
retire V1 server schema from web api
2017-09-08 10:06:56 -04:00
Ev Kontsevoy
6d0c933a8a
Documentation edits
2017-09-07 19:12:54 -07:00
Russell Jones
f9ad90f705
Add root to the list of logins for an Enterprise role.
2017-09-07 17:56:11 -07:00
Russell Jones
294f835a9e
Added VerbReadNoSecrets.
2017-09-07 17:00:36 -07:00
Ev Kontsevoy
05b86a4e3f
Merge remote-tracking branch 'origin/master' into ev/1267
2017-09-07 10:09:38 -07:00
Alexey Kontsevoy
88b363ebdd
addressing CR comments
2017-09-07 12:24:04 -04:00
Alexey Kontsevoy
f6b30ca666
Merge branch 'master' of github.com:gravitational/teleport into features
2017-09-07 11:08:07 -04:00
Alexey Kontsevoy
9fa799aa70
add default namespace value to V3 role spec deny section
2017-09-07 11:08:00 -04:00
Ev Kontsevoy
f4b1b7a9d8
Merge branch 'master' into ev/1267
2017-09-06 19:38:37 -07:00
Ev Kontsevoy
0cc39838ae
Removed 'goterm' dependency
...
goterm had no license, I quickly replaced it with our own little table
formatter.
also rewrote some tsh commands, that were using home-made formatting, to
the new table, so the output is now much nicer.
2017-09-06 19:06:48 -07:00
Ev Kontsevoy
fecf6183da
Fixed the unit tests
2017-09-06 14:22:40 -07:00
Ev Kontsevoy
dd5f08c058
Added a global distro flag
...
This allows anywhere in Teleport code to quickly check if it's running
under enterprise or OSS edition
Refs #1267
2017-09-06 14:19:54 -07:00
Ev Kontsevoy
e9bc910f92
Removed the unused "dynamicConfig" flag
...
I noticed we have this setting in code, which is always set to false and
never evaluated.
2017-09-06 14:19:54 -07:00
Ev Kontsevoy
d965e9e0a3
Added cleaner way to specify which distribution of Teleport is running
2017-09-06 14:19:54 -07:00
Russell Jones
f89f18fbf7
Remove allowed logins and labels from implicit role.
2017-09-06 19:57:20 +00:00
Russell Jones
2b60dd9354
Removed cert authority and reverse tunnel permission check for
...
trusted clusters.
2017-09-06 18:42:19 +00:00
Ev Kontsevoy
38127d75b5
Implemented -f (force) flag for tctl create
...
`tctl create` used to create or update (AKA "upsert") resources.
Now there's a difference:
`--force, -f` flag, if not set, means "create only". Otherwise it means
"update".
This means you can fail updating non-existing resources.
2017-09-05 22:52:56 -07:00