crypt/step-ca-cli
1
0
Fork 0
mirror of https://github.com/smallstep/cli.git synced 2025-08-09 03:22:43 +03:00
Code Activity
3,767 Commits 19 Branches 342 Tags
master
Commit Graph

86 Commits

Author SHA1 Message Date
Herman Slatman
31c9b1438d Format code using make fmt 2025-02-25 10:39:43 +01:00
Joe Doss
191dc06137 Adjust if statement from PR feedback. 2025-02-25 10:38:40 +01:00
Joe Doss
c8872948a4 Add STEP_OPEN_BROWSER env var to skip opening a browser and just output the authURL. 2025-02-25 10:38:40 +01:00
Herman Slatman
de85fd0cef Use github.com/smallstep/cli-utils and reorder imports 2024-09-30 13:25:46 +02:00
Mariano Cano
2a6e644000 Add console flag to ssh commands 
This commit adds the `--console` flag to the following commands:
 * `step ssh certificate`
 * `step ssh config`
 * `step ssh hosts`
 * `step ssh login`
 * `step ssh proxycommand`
 2024-07-15 18:47:24 -07:00
Herman Slatman
9d1b9a0327 Return HTTP OK on CORS Options request 2024-03-26 15:58:03 +01:00
Mariano Cano
3f2963d64a Merge branch 'master' into sort-ca-kms 2023-11-28 18:24:19 -08:00
Mariano Cano
0b51ad0f70 Upgrade go-pkcs12 and use modern encoders 
This PR upgrades go-pkcs12 and switches the default encoder to a modern
version PBES2 with PBKDF2-HMAC-SHA-256 and AES-256-CBC. It also adds
a legacy flag to use the previous version.

This PR also fixes some linter issues.

Fixes #1061
 2023-11-28 18:01:27 -08:00
Mariano Cano
0f2ff58435 Sort step certificate create flags 
This commit sorts the flags in step certificate create command. It also
adds flags for the hidden insecure and subtle and replaces them in other
commands.
 2023-11-28 17:21:24 -08:00
Mariano Cano
25d4a50495 Prevent re-use of TCP connections on step oauth 
This commit fixes a reported problem of EOF errors on device
authentication flows. This fix prevents reusing the TCP connection
between request to the same host, that seems to resolve the issue.
 2023-03-01 13:00:22 -08:00
Paul Thomson
2640518d43 Add scope token response param 
The OAuth2.0 spec (https://www.rfc-editor.org/rfc/rfc6749#section-5.1)
dictates that there should/could be a `scope` parameter in responses
from calls to the `/token` endpoint. Including this in the cli output is
useful for debugging access tokens etc.
 2022-12-22 15:13:45 +11:00
Mariano Cano
35b82d3772 Remove commented code 2022-11-10 19:08:30 -08:00
Mariano Cano
a769a24744 Add support for OAuth using GitHub 
It adds the header "Accept: application/json" so OAuth services like
GitHub returns the data in the appropriate form instead of using
application/x-www-form-urlencoded. It also configures GitHub as a new
provider as it does not have a well-known url.

This header does not cause any issues on Google or Microsoft.

Fixes #740
 2022-11-10 18:55:39 -08:00
Mariano Cano
4c3f5f9600 Remove condition to use Google OOB 2022-11-09 16:06:50 -08:00
Mariano Cano
133357f8ea Merge branch 'master' into use/crypto 2022-10-06 17:12:04 -07:00
Josh Soref
4afe4cfb73 Spelling 
* access
* adminclient
* ampersand
* and
* ascii
* associated
* auto-detected
* browser
* certificate
* certificates
* characters
* command
* compatibility
* consist
* decodes
* digital
* distinguished
* doesn't
* encoded
* encrypted
* encrypting
* entities
* error
* extension
* from the
* from
* github
* herd
* inspecting
* interchangeable
* interchangeably
* issuing
* json
* macos
* mixed
* onboarding
* outer
* parameter
* parses
* password
* preexisting
* processed
* publickey
* reference
* remaining
* renegotiate
* represents
* secrecy
* serialization
* smartypants
* smartypantsable
* subcommand
* subject
* subtle
* suppression
* the
* tidiness
* too-soon
* truststore
* unmarshaling
* use
* wrapping

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-06 18:25:44 -04:00
Mariano Cano
d63010ef16 Use go.step.sm/jose 2022-10-04 15:26:08 -07:00
Mariano Cano
116600896d Use pemutil, randutil, and keyutil from go.step.sm/crypto 2022-09-30 14:30:40 -07:00
Mariano Cano
825c600a4a Minor change to oauth success page 2022-09-12 18:01:12 -07:00
Raal Goff
3aa366ee01 fix linter errors 2022-09-09 07:58:36 +08:00
Raal Goff
34b7378cb2 nicer success page - now with colour! 2022-09-08 12:59:32 +08:00
max furman
b9b48800ea A bunch more sensible linters and fixes 2022-08-18 22:39:04 -07:00
max furman
a62a7fa71c nolinlint 2022-08-18 19:22:46 -07:00
max furman
85fa03947f Fix or ignore gosec issues 
* fix a few other linting issues
 2022-08-18 18:55:38 -07:00
Mariano Cano
4924084ee1 Fix panic on step oauth --help 
Fixes #706
 2022-08-08 16:13:25 -07:00
max furman
4cfcad6f2b Default to device flow even for google after Oct, 3 2022. 2022-07-06 14:51:03 -07:00
max furman
dfbbf953b5 A few more fixes 
- set maximum poll time to 5 minutes
- avoid panics for missing or invalid values in Authz discover response
 2022-06-26 21:37:49 -07:00
max furman
8d1b0cb938 Fixing flag to string flag rather than bool 2022-06-24 16:30:03 -07:00
max furman
df4d5e3f44 Update the changelog and the examples in step oauth 2022-06-24 16:26:01 -07:00
max furman
5d374684ea Add --console-flow flag to oauth for selecting alternative flows 2022-06-24 16:19:14 -07:00
max furman
10d3818877 Remove --device, figure out flow based on provider 
- We'll fully remove the OOB flow once Google discontinues it
- In the mean time we've added the DEVICE env var to `step oauth` which
allows users to select the device authz grant flow even when using a
Google provider.
 2022-06-23 19:59:07 -07:00
max furman
514f6ec10c Simply a few variable declarations in conditionals 2022-06-23 19:59:07 -07:00
max furman
bf5edf188c Improvements | see details 
- use default interval for polling (if necessary)
- use a timeout so that we return error when the grant expires
- replace a few WithStack with Wrap
 2022-06-23 19:59:07 -07:00
max furman
db92bc0ee4 fix linter error 2022-06-23 19:59:07 -07:00
max furman
bc414076c6 A few improvements from PR review 
- default client for device authz flow
- simplify code
- open default browser on input
 2022-06-23 19:59:07 -07:00
max furman
8767839ea4 fix wrong function name 2022-06-23 19:59:07 -07:00
max furman
537d8bfeca A few fixes for comments from PR review 2022-06-23 19:59:07 -07:00
max furman
79666f0167 Fix linter errors 2022-06-23 19:59:06 -07:00
max furman
1a13c635ea device authorization grant flow first pass 2022-06-23 19:59:06 -07:00
max furman
f11d88abe1 Merge url.Values and update conditional logic 2022-01-21 18:18:21 -08:00
max furman
ad5c6a8e09 Cleanup for PR comments 2022-01-20 23:24:11 -08:00
max furman
9212e57d96 Add --auth-param flag to oauth command 
fixes #614
 2022-01-20 18:46:17 -08:00
max furman
e1ce7de736 Merge branch 'master' into max/steppath 2021-11-17 12:39:07 -08:00
max furman
e3d4f67527 Fixing linter warning errors 2021-11-16 11:39:14 -08:00
max furman
f816f1a621 move errs package to cli-utils 2021-10-27 15:55:18 -07:00
max furman
860c213b97 Initial step path contexts commit 
- move config and command packages to cli-utils
 2021-10-27 15:55:16 -07:00
Mariano Cano
b224c95331 Respond only to the path on --listen-url or / 
If a user runs:
  step oauth --listen :1234 --listen-url http://localhost:1234/callback

The http handler should respond to /callback. Before this, the http
handler was only responding to /, and showing a 404 for /callback.

Fixes #562
 2021-10-14 11:15:08 -07:00
max furman
6407b1b75f fixing gocritic linter feedback 2021-10-07 17:59:57 -04:00
Mariano Cano
8ed7c9f1f8 Fix typo in help. 2021-09-30 12:03:10 -07:00
Mariano Cano
fd9614ca1c Allow to specify a fixed redirect_uri. 
In some environments like containers it might be difficult to
redirect to 127.0.0.1 and we might need to listen in 0.0.0.0, but
at the same time we cannot use http://0.0.0.0:10000 as the redirect_uri.
This parameters allows to override the redirect_uri in a loopback
authorization.

The name is set to --listen-url instead of --redirect-uri to avoid
confusion with --redirect-url. And generally --listen and --listen-url
will be used together.
 2021-09-29 19:52:44 -07:00