From 802754caadf6e61212ddb3f106caedfe4e5866fb Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Sun, 29 Mar 2020 14:54:36 +0100 Subject: [PATCH] Migrate to oauth2-proxy/oauth2-proxy --- .github/CODEOWNERS | 7 +- .gitignore | 2 +- CHANGELOG.md | 210 +++++++++--------- CONTRIBUTING.md | 4 +- Dockerfile | 8 +- Dockerfile.arm64 | 8 +- Dockerfile.armv6 | 8 +- Makefile | 38 ++-- README.md | 24 +- RELEASE.md | 4 +- ...y.cfg.example => oauth2-proxy.cfg.example} | 2 +- ...e.example => oauth2-proxy.service.example} | 6 +- ...mplete.sh => oauth2-proxy_autocomplete.sh} | 8 +- dist.sh | 4 +- docs/0_index.md | 2 +- docs/1_installation.md | 8 +- docs/2_auth.md | 26 +-- docs/4_tls.md | 14 +- docs/5_endpoints.md | 4 +- docs/README.md | 2 +- docs/_config.yml | 14 +- docs/configuration/configuration.md | 10 +- env_options_test.go | 2 +- go.mod | 2 +- htpasswd.go | 2 +- http.go | 2 +- logging_handler.go | 2 +- logging_handler_test.go | 2 +- main.go | 6 +- oauthproxy.go | 10 +- oauthproxy_test.go | 8 +- options.go | 12 +- pkg/apis/options/sessions.go | 2 +- pkg/apis/sessions/session_state.go | 2 +- pkg/apis/sessions/session_state_test.go | 4 +- pkg/cookies/cookies.go | 4 +- pkg/requests/requests.go | 2 +- pkg/sessions/cookie/session_store.go | 10 +- pkg/sessions/redis/redis_store.go | 10 +- pkg/sessions/session_store.go | 8 +- pkg/sessions/session_store_test.go | 16 +- pkg/sessions/utils/utils.go | 4 +- providers/auth_test.go | 2 +- providers/azure.go | 6 +- providers/bitbucket.go | 6 +- providers/bitbucket_test.go | 2 +- providers/digitalocean.go | 4 +- providers/digitalocean_test.go | 2 +- providers/facebook.go | 4 +- providers/github.go | 4 +- providers/github_test.go | 2 +- providers/gitlab.go | 2 +- providers/gitlab_test.go | 2 +- providers/google.go | 4 +- providers/internal_util.go | 4 +- providers/internal_util_test.go | 2 +- providers/keycloak.go | 6 +- providers/keycloak_test.go | 2 +- providers/linkedin.go | 4 +- providers/linkedin_test.go | 2 +- providers/logingov.go | 2 +- providers/nextcloud.go | 6 +- providers/nextcloud_test.go | 2 +- providers/oidc.go | 4 +- providers/oidc_test.go | 2 +- providers/provider_data.go | 2 +- providers/provider_default.go | 4 +- providers/provider_default_test.go | 2 +- providers/providers.go | 4 +- templates.go | 4 +- validator.go | 2 +- watcher.go | 2 +- watcher_unsupported.go | 2 +- 73 files changed, 310 insertions(+), 311 deletions(-) rename contrib/{oauth2_proxy.cfg.example => oauth2-proxy.cfg.example} (98%) rename contrib/{oauth2_proxy.service.example => oauth2-proxy.service.example} (68%) rename contrib/{oauth2_proxy_autocomplete.sh => oauth2-proxy_autocomplete.sh} (88%) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 6af708f8..d88fd96b 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,10 +1,9 @@ -# Default owner should be a Pusher cloud-team member or another maintainer -# unless overridden by later rules in this file -* @pusher/cloud-team @syscll @steakunderscore @JoelSpeed +# Default owner should be a core maintainer unless overridden by later rules in this file +* @syscll @steakunderscore @JoelSpeed # login.gov provider # Note: If @timothy-spencer terms out of his appointment, your best bet -# for finding somebody who can test the oauth2_proxy would be to ask somebody +# for finding somebody who can test the oauth2-proxy would be to ask somebody # in the login.gov team (https://login.gov/developers/), the cloud.gov team # (https://cloud.gov/docs/help/), or the 18F org (https://18f.gsa.gov/contact/ # or the public devops channel at https://chat.18f.gov/). diff --git a/.gitignore b/.gitignore index aff7b5b3..a2aa729a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -oauth2_proxy +oauth2-proxy vendor dist release diff --git a/CHANGELOG.md b/CHANGELOG.md index c3616241..ff77e9da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,21 +24,21 @@ N/A ## Changes since v5.0.0 -- [#450](https://github.com/pusher/oauth2_proxy/pull/450) Fix http.Cookie SameSite is not copied (@johejo) -- [#445](https://github.com/pusher/oauth2_proxy/pull/445) Expose `acr_values` to all providers (@holyjak) -- [#419](https://github.com/pusher/oauth2_proxy/pull/419) Support Go 1.14, upgrade dependencies, upgrade golangci-lint to 1.23.6 (@johejo) -- [#444](https://github.com/pusher/oauth2_proxy/pull/444) Support prompt in addition to approval-prompt (@holyjak) -- [#435](https://github.com/pusher/oauth2_proxy/pull/435) Fix issue with group validation calling google directory API on every HTTP request (@ericofusco) -- [#400](https://github.com/pusher/oauth2_proxy/pull/400) Add `nsswitch.conf` to Docker image to allow hosts file to work (@luketainton) -- [#385](https://github.com/pusher/oauth2_proxy/pull/385) Use the `Authorization` header instead of `access_token` for refreshing GitHub Provider sessions (@ibuclaw) -- [#372](https://github.com/pusher/oauth2_proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec) -- [#335](https://github.com/pusher/oauth2_proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat) -- [#363](https://github.com/pusher/oauth2_proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf) -- [#353](https://github.com/pusher/oauth2_proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster) -- [#355](https://github.com/pusher/oauth2_proxy/pull/355) Add Client Secret File support for providers that rotate client secret via file system (@pasha-r) -- [#401](https://github.com/pusher/oauth2_proxy/pull/401) Give the option to pass email address in the Basic auth header instead of upstream usernames. (@Spindel) -- [#405](https://github.com/pusher/oauth2_proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo) -- [#434](https://github.com/pusher/oauth2_proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz) +- [#450](https://github.com/oauth2-proxy/oauth2-proxy/pull/450) Fix http.Cookie SameSite is not copied (@johejo) +- [#445](https://github.com/oauth2-proxy/oauth2-proxy/pull/445) Expose `acr_values` to all providers (@holyjak) +- [#419](https://github.com/oauth2-proxy/oauth2-proxy/pull/419) Support Go 1.14, upgrade dependencies, upgrade golangci-lint to 1.23.6 (@johejo) +- [#444](https://github.com/oauth2-proxy/oauth2-proxy/pull/444) Support prompt in addition to approval-prompt (@holyjak) +- [#435](https://github.com/oauth2-proxy/oauth2-proxy/pull/435) Fix issue with group validation calling google directory API on every HTTP request (@ericofusco) +- [#400](https://github.com/oauth2-proxy/oauth2-proxy/pull/400) Add `nsswitch.conf` to Docker image to allow hosts file to work (@luketainton) +- [#385](https://github.com/oauth2-proxy/oauth2-proxy/pull/385) Use the `Authorization` header instead of `access_token` for refreshing GitHub Provider sessions (@ibuclaw) +- [#372](https://github.com/oauth2-proxy/oauth2-proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec) +- [#335](https://github.com/oauth2-proxy/oauth2-proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat) +- [#363](https://github.com/oauth2-proxy/oauth2-proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf) +- [#353](https://github.com/oauth2-proxy/oauth2-proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster) +- [#355](https://github.com/oauth2-proxy/oauth2-proxy/pull/355) Add Client Secret File support for providers that rotate client secret via file system (@pasha-r) +- [#401](https://github.com/oauth2-proxy/oauth2-proxy/pull/401) Give the option to pass email address in the Basic auth header instead of upstream usernames. (@Spindel) +- [#405](https://github.com/oauth2-proxy/oauth2-proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo) +- [#434](https://github.com/oauth2-proxy/oauth2-proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz) # v5.0.0 @@ -49,23 +49,23 @@ N/A - DigitalOcean provider support added ## Important Notes -- (Security) Fix for [open redirect vulnerability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv).. a bad actor using `/\` in redirect URIs can redirect a session to another domain +- (Security) Fix for [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv).. a bad actor using `/\` in redirect URIs can redirect a session to another domain ## Breaking Changes -- [#321](https://github.com/pusher/oauth2_proxy/pull/331) Add reverse proxy boolean flag to control whether headers like `X-Real-Ip` are accepted. +- [#321](https://github.com/oauth2-proxy/oauth2-proxy/pull/331) Add reverse proxy boolean flag to control whether headers like `X-Real-Ip` are accepted. This defaults to false. **Usage behind a reverse proxy will require this flag to be set to avoid logging the reverse proxy IP address**. ## Changes since v4.1.0 -- [#331](https://github.com/pusher/oauth2_proxy/pull/331) Add reverse proxy setting (@martin-css) -- [#365](https://github.com/pusher/oauth2_proxy/pull/365) Build with CGO=0 (@tomelliff) -- [#339](https://github.com/pusher/oauth2_proxy/pull/339) Add configuration for cookie 'SameSite' value. (@pgroudas) -- [#347](https://github.com/pusher/oauth2_proxy/pull/347) Update keycloak provider configuration documentation. (@sushiMix) -- [#325](https://github.com/pusher/oauth2_proxy/pull/325) dist.sh: use sha256sum (@syscll) -- [#179](https://github.com/pusher/oauth2_proxy/pull/179) Add Nextcloud provider (@Ramblurr) -- [#280](https://github.com/pusher/oauth2_proxy/pull/280) whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7) -- [#351](https://github.com/pusher/oauth2_proxy/pull/351) Add DigitalOcean Auth provider (@kamaln7) +- [#331](https://github.com/oauth2-proxy/oauth2-proxy/pull/331) Add reverse proxy setting (@martin-css) +- [#365](https://github.com/oauth2-proxy/oauth2-proxy/pull/365) Build with CGO=0 (@tomelliff) +- [#339](https://github.com/oauth2-proxy/oauth2-proxy/pull/339) Add configuration for cookie 'SameSite' value. (@pgroudas) +- [#347](https://github.com/oauth2-proxy/oauth2-proxy/pull/347) Update keycloak provider configuration documentation. (@sushiMix) +- [#325](https://github.com/oauth2-proxy/oauth2-proxy/pull/325) dist.sh: use sha256sum (@syscll) +- [#179](https://github.com/oauth2-proxy/oauth2-proxy/pull/179) Add Nextcloud provider (@Ramblurr) +- [#280](https://github.com/oauth2-proxy/oauth2-proxy/pull/280) whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7) +- [#351](https://github.com/oauth2-proxy/oauth2-proxy/pull/351) Add DigitalOcean Auth provider (@kamaln7) # v4.1.0 @@ -84,29 +84,29 @@ N/A N/A ## Changes since v4.0.0 -- [#292](https://github.com/pusher/oauth2_proxy/pull/292) Added bash >= 4.0 dependency to configure script (@jmfrank63) -- [#227](https://github.com/pusher/oauth2_proxy/pull/227) Add Keycloak provider (@Ofinka) -- [#259](https://github.com/pusher/oauth2_proxy/pull/259) Redirect to HTTPS (@jmickey) -- [#273](https://github.com/pusher/oauth2_proxy/pull/273) Support Go 1.13 (@dio) -- [#275](https://github.com/pusher/oauth2_proxy/pull/275) docker: build from debian buster (@syscll) -- [#258](https://github.com/pusher/oauth2_proxy/pull/258) Add IDToken for Azure provider (@leyshon) - - This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://pusher.github.io/oauth2_proxy/configuration#redis-storage) -- [#286](https://github.com/pusher/oauth2_proxy/pull/286) Requests.go updated with useful error messages (@biotom) -- [#274](https://github.com/pusher/oauth2_proxy/pull/274) Supports many github teams with api pagination support (@toshi-miura, @apratina) -- [#302](https://github.com/pusher/oauth2_proxy/pull/302) Rewrite dist script (@syscll) -- [#304](https://github.com/pusher/oauth2_proxy/pull/304) Add new Logo! :tada: (@JoelSpeed) -- [#300](https://github.com/pusher/oauth2_proxy/pull/300) Added userinfo endpoint (@kbabuadze) -- [#309](https://github.com/pusher/oauth2_proxy/pull/309) Added support for custom CA when connecting to Redis cache (@lleszczu) -- [#248](https://github.com/pusher/oauth2_proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard) -- [#314](https://github.com/pusher/oauth2_proxy/pull/314) Add redirect capability to sign_out (@costelmoraru) -- [#265](https://github.com/pusher/oauth2_proxy/pull/265) Add upstream with static response (@cgroschupp) -- [#317](https://github.com/pusher/oauth2_proxy/pull/317) Add build for FreeBSD (@fnkr) -- [#296](https://github.com/pusher/oauth2_proxy/pull/296) Allow to override provider's name for sign-in page (@ffdybuster) +- [#292](https://github.com/oauth2-proxy/oauth2-proxy/pull/292) Added bash >= 4.0 dependency to configure script (@jmfrank63) +- [#227](https://github.com/oauth2-proxy/oauth2-proxy/pull/227) Add Keycloak provider (@Ofinka) +- [#259](https://github.com/oauth2-proxy/oauth2-proxy/pull/259) Redirect to HTTPS (@jmickey) +- [#273](https://github.com/oauth2-proxy/oauth2-proxy/pull/273) Support Go 1.13 (@dio) +- [#275](https://github.com/oauth2-proxy/oauth2-proxy/pull/275) docker: build from debian buster (@syscll) +- [#258](https://github.com/oauth2-proxy/oauth2-proxy/pull/258) Add IDToken for Azure provider (@leyshon) + - This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://oauth2-proxy.github.io/oauth2-proxy/configuration#redis-storage) +- [#286](https://github.com/oauth2-proxy/oauth2-proxy/pull/286) Requests.go updated with useful error messages (@biotom) +- [#274](https://github.com/oauth2-proxy/oauth2-proxy/pull/274) Supports many github teams with api pagination support (@toshi-miura, @apratina) +- [#302](https://github.com/oauth2-proxy/oauth2-proxy/pull/302) Rewrite dist script (@syscll) +- [#304](https://github.com/oauth2-proxy/oauth2-proxy/pull/304) Add new Logo! :tada: (@JoelSpeed) +- [#300](https://github.com/oauth2-proxy/oauth2-proxy/pull/300) Added userinfo endpoint (@kbabuadze) +- [#309](https://github.com/oauth2-proxy/oauth2-proxy/pull/309) Added support for custom CA when connecting to Redis cache (@lleszczu) +- [#248](https://github.com/oauth2-proxy/oauth2-proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard) +- [#314](https://github.com/oauth2-proxy/oauth2-proxy/pull/314) Add redirect capability to sign_out (@costelmoraru) +- [#265](https://github.com/oauth2-proxy/oauth2-proxy/pull/265) Add upstream with static response (@cgroschupp) +- [#317](https://github.com/oauth2-proxy/oauth2-proxy/pull/317) Add build for FreeBSD (@fnkr) +- [#296](https://github.com/oauth2-proxy/oauth2-proxy/pull/296) Allow to override provider's name for sign-in page (@ffdybuster) # v4.0.0 ## Release Highlights -- Documentation is now on a [microsite](https://pusher.github.io/oauth2_proxy/) +- Documentation is now on a [microsite](https://oauth2-proxy.github.io/oauth2-proxy/) - Health check logging can now be disabled for quieter logs - Authorization Header JWTs can now be verified by the proxy to skip authentication for machine users - Sessions can now be stored in Redis. This reduces refresh failures and uses smaller cookies (Recommended for those using OIDC refreshing) @@ -118,11 +118,11 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly. ## Breaking Changes -- [#231](https://github.com/pusher/oauth2_proxy/pull/231) Rework GitLab provider +- [#231](https://github.com/oauth2-proxy/oauth2-proxy/pull/231) Rework GitLab provider - This PR changes the configuration options for the GitLab provider to use a self-hosted instance. You now need to specify a `-oidc-issuer-url` rather than explicit `-login-url`, `-redeem-url` and `-validate-url` parameters. -- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent +- [#186](https://github.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent - This PR changes configuration options so that all flags have a config counterpart of the same name but with underscores (`_`) in place of hyphens (`-`). This change affects the following flags: @@ -138,34 +138,34 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly. This change affects the following existing environment variables: - The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`. - The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`. -- [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field +- [#146](https://github.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field - This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain a username. In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains the user's full email address instead. -- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Pre-built binary tarballs changed format +- [#170](https://github.com/oauth2-proxy/oauth2-proxy/pull/170) Pre-built binary tarballs changed format - The pre-built binary tarballs again match the format of the [bitly](https://github.com/bitly/oauth2_proxy) repository, where the unpacked directory has the same name as the tarball and the binary is always named `oauth2_proxy`. This was done to restore compatibility with third-party automation recipes like https://github.com/jhoblitt/puppet-oauth2_proxy. ## Changes since v3.2.0 -- [#234](https://github.com/pusher/oauth2_proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates (@jansinger) -- [#224](https://github.com/pusher/oauth2_proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users (@jpalpant) -- [#231](https://github.com/pusher/oauth2_proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider (@Overv) -- [#226](https://github.com/pusher/oauth2_proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone (@aeijdenberg) -- [#178](https://github.com/pusher/oauth2_proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags (@kskewes) -- [#209](https://github.com/pusher/oauth2_proxy/pull/209) Improve docker build caching of layers (@dekimsey) -- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent (@JoelSpeed) -- [#187](https://github.com/pusher/oauth2_proxy/pull/187) Move root packages to pkg folder (@JoelSpeed) -- [#65](https://github.com/pusher/oauth2_proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via +- [#234](https://github.com/oauth2-proxy/oauth2-proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates (@jansinger) +- [#224](https://github.com/oauth2-proxy/oauth2-proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users (@jpalpant) +- [#231](https://github.com/oauth2-proxy/oauth2-proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider (@Overv) +- [#226](https://github.com/oauth2-proxy/oauth2-proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone (@aeijdenberg) +- [#178](https://github.com/oauth2-proxy/oauth2-proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags (@kskewes) +- [#209](https://github.com/oauth2-proxy/oauth2-proxy/pull/209) Improve docker build caching of layers (@dekimsey) +- [#186](https://github.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent (@JoelSpeed) +- [#187](https://github.com/oauth2-proxy/oauth2-proxy/pull/187) Move root packages to pkg folder (@JoelSpeed) +- [#65](https://github.com/oauth2-proxy/oauth2-proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via the `-skip-jwt-bearer-token` options. (@brianv0) - Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL (e.g. `https://example.com/.well-known/jwks.json`). -- [#180](https://github.com/pusher/oauth2_proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg). -- [#175](https://github.com/pusher/oauth2_proxy/pull/175) Bump go-oidc to v2.0.0 (@aeijdenberg). +- [#180](https://github.com/oauth2-proxy/oauth2-proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg). +- [#175](https://github.com/oauth2-proxy/oauth2-proxy/pull/175) Bump go-oidc to v2.0.0 (@aeijdenberg). - Includes fix for potential signature checking issue when OIDC discovery is skipped. -- [#155](https://github.com/pusher/oauth2_proxy/pull/155) Add RedisSessionStore implementation (@brianv0, @JoelSpeed) +- [#155](https://github.com/oauth2-proxy/oauth2-proxy/pull/155) Add RedisSessionStore implementation (@brianv0, @JoelSpeed) - Implement flags to configure the redis session store - `-session-store-type=redis` Sets the store type to redis - `-redis-connection-url` Sets the Redis connection URL @@ -175,18 +175,18 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly. - Introduces the concept of a session ticket. Tickets are composed of the cookie name, a session ID, and a secret. - Redis Sessions are stored encrypted with a per-session secret - Added tests for server based session stores -- [#168](https://github.com/pusher/oauth2_proxy/pull/168) Drop Go 1.11 support in Travis (@JoelSpeed) -- [#169](https://github.com/pusher/oauth2_proxy/pull/169) Update Alpine to 3.9 (@kskewes) -- [#148](https://github.com/pusher/oauth2_proxy/pull/148) Implement SessionStore interface within proxy (@JoelSpeed) -- [#147](https://github.com/pusher/oauth2_proxy/pull/147) Add SessionStore interfaces and initial implementation (@JoelSpeed) +- [#168](https://github.com/oauth2-proxy/oauth2-proxy/pull/168) Drop Go 1.11 support in Travis (@JoelSpeed) +- [#169](https://github.com/oauth2-proxy/oauth2-proxy/pull/169) Update Alpine to 3.9 (@kskewes) +- [#148](https://github.com/oauth2-proxy/oauth2-proxy/pull/148) Implement SessionStore interface within proxy (@JoelSpeed) +- [#147](https://github.com/oauth2-proxy/oauth2-proxy/pull/147) Add SessionStore interfaces and initial implementation (@JoelSpeed) - Allows for multiple different session storage implementations including client and server side - Adds tests suite for interface to ensure consistency across implementations - Refactor some configuration options (around cookies) into packages -- [#114](https://github.com/pusher/oauth2_proxy/pull/114), [#154](https://github.com/pusher/oauth2_proxy/pull/154) Documentation is now available live at our [docs website](https://pusher.github.io/oauth2_proxy/) (@JoelSpeed, @icelynjennings) -- [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath) -- [#144](https://github.com/pusher/oauth2_proxy/pull/144) Use GO 1.12 for ARM builds (@kskewes) -- [#142](https://github.com/pusher/oauth2_proxy/pull/142) ARM Docker USER fix (@kskewes) -- [#52](https://github.com/pusher/oauth2_proxy/pull/52) Logging Improvements (@MisterWil) +- [#114](https://github.com/oauth2-proxy/oauth2-proxy/pull/114), [#154](https://github.com/oauth2-proxy/oauth2-proxy/pull/154) Documentation is now available live at our [docs website](https://oauth2-proxy.github.io/oauth2-proxy/) (@JoelSpeed, @icelynjennings) +- [#146](https://github.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath) +- [#144](https://github.com/oauth2-proxy/oauth2-proxy/pull/144) Use GO 1.12 for ARM builds (@kskewes) +- [#142](https://github.com/oauth2-proxy/oauth2-proxy/pull/142) ARM Docker USER fix (@kskewes) +- [#52](https://github.com/oauth2-proxy/oauth2-proxy/pull/52) Logging Improvements (@MisterWil) - Implement flags to configure file logging - `-logging-filename` Defines the filename to log to - `-logging-max-size` Defines the maximum @@ -200,21 +200,21 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly. - Implement two new flags to customize the logging format - `-standard-logging-format` Sets the format for standard logging - `-auth-logging-format` Sets the format for auth logging -- [#111](https://github.com/pusher/oauth2_proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer) -- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha) -- [#185](https://github.com/pusher/oauth2_proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas) -- [#141](https://github.com/pusher/oauth2_proxy/pull/141) Check google group membership based on email address (@bchess) +- [#111](https://github.com/oauth2-proxy/oauth2-proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer) +- [#170](https://github.com/oauth2-proxy/oauth2-proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha) +- [#185](https://github.com/oauth2-proxy/oauth2-proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas) +- [#141](https://github.com/oauth2-proxy/oauth2-proxy/pull/141) Check google group membership based on email address (@bchess) - Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized. -- [#195](https://github.com/pusher/oauth2_proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore) -- [#198](https://github.com/pusher/oauth2_proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore) -- [#159](https://github.com/pusher/oauth2_proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` (@djfinlay) -- [#210](https://github.com/pusher/oauth2_proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore) -- [#201](https://github.com/pusher/oauth2_proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d) +- [#195](https://github.com/oauth2-proxy/oauth2-proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore) +- [#198](https://github.com/oauth2-proxy/oauth2-proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore) +- [#159](https://github.com/oauth2-proxy/oauth2-proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` (@djfinlay) +- [#210](https://github.com/oauth2-proxy/oauth2-proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore) +- [#201](https://github.com/oauth2-proxy/oauth2-proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d) - Implement flags to enable Bitbucket authentication: - `-bitbucket-repository` Restrict authorization to users that can access this repository - `-bitbucket-team` Restrict authorization to users that are part of this Bitbucket team -- [#211](https://github.com/pusher/oauth2_proxy/pull/211) Switch from dep to go modules (@steakunderscore) -- [#145](https://github.com/pusher/oauth2_proxy/pull/145) Add support for OIDC UserInfo endpoint email verification (@rtluckie) +- [#211](https://github.com/oauth2-proxy/oauth2-proxy/pull/211) Switch from dep to go modules (@steakunderscore) +- [#145](https://github.com/oauth2-proxy/oauth2-proxy/pull/145) Add support for OIDC UserInfo endpoint email verification (@rtluckie) # v3.2.0 @@ -234,25 +234,25 @@ instead of returning an error ## Changes since v3.1.0 - [#96](https://github.com/bitly/oauth2_proxy/pull/96) Check if email is verified on GitHub (@caarlos0) -- [#110](https://github.com/pusher/oauth2_proxy/pull/110) Added GCP healthcheck option (@timothy-spencer) -- [#112](https://github.com/pusher/oauth2_proxy/pull/112) Improve websocket support (@gyson) -- [#63](https://github.com/pusher/oauth2_proxy/pull/63) Use encoding/json for SessionState serialization (@yaegashi) +- [#110](https://github.com/oauth2-proxy/oauth2-proxy/pull/110) Added GCP healthcheck option (@timothy-spencer) +- [#112](https://github.com/oauth2-proxy/oauth2-proxy/pull/112) Improve websocket support (@gyson) +- [#63](https://github.com/oauth2-proxy/oauth2-proxy/pull/63) Use encoding/json for SessionState serialization (@yaegashi) - Use JSON to encode session state to be stored in browser cookies - Implement legacy decode function to support existing cookies generated by older versions - Add detailed table driven tests in session_state_test.go -- [#120](https://github.com/pusher/oauth2_proxy/pull/120) Encrypting user/email from cookie (@costelmoraru) -- [#55](https://github.com/pusher/oauth2_proxy/pull/55) Added login.gov provider (@timothy-spencer) -- [#55](https://github.com/pusher/oauth2_proxy/pull/55) Added environment variables for all config options (@timothy-spencer) -- [#70](https://github.com/pusher/oauth2_proxy/pull/70) Fix handling of splitted cookies (@einfachchr) -- [#92](https://github.com/pusher/oauth2_proxy/pull/92) Merge websocket proxy feature from openshift/oauth-proxy (@butzist) -- [#57](https://github.com/pusher/oauth2_proxy/pull/57) Fall back to using OIDC Subject instead of Email (@aigarius) -- [#85](https://github.com/pusher/oauth2_proxy/pull/85) Use non-root user in docker images (@kskewes) -- [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove) -- [#41](https://github.com/pusher/oauth2_proxy/pull/41) Added option to manually specify OIDC endpoints instead of relying on discovery -- [#83](https://github.com/pusher/oauth2_proxy/pull/83) Add `id_token` refresh to Google provider (@leki75) -- [#10](https://github.com/pusher/oauth2_proxy/pull/10) fix redirect url param handling (@dt-rush) -- [#122](https://github.com/pusher/oauth2_proxy/pull/122) Expose -cookie-path as configuration parameter (@costelmoraru) -- [#124](https://github.com/pusher/oauth2_proxy/pull/124) Use Go 1.12 for testing and build environments (@syscll) +- [#120](https://github.com/oauth2-proxy/oauth2-proxy/pull/120) Encrypting user/email from cookie (@costelmoraru) +- [#55](https://github.com/oauth2-proxy/oauth2-proxy/pull/55) Added login.gov provider (@timothy-spencer) +- [#55](https://github.com/oauth2-proxy/oauth2-proxy/pull/55) Added environment variables for all config options (@timothy-spencer) +- [#70](https://github.com/oauth2-proxy/oauth2-proxy/pull/70) Fix handling of splitted cookies (@einfachchr) +- [#92](https://github.com/oauth2-proxy/oauth2-proxy/pull/92) Merge websocket proxy feature from openshift/oauth-proxy (@butzist) +- [#57](https://github.com/oauth2-proxy/oauth2-proxy/pull/57) Fall back to using OIDC Subject instead of Email (@aigarius) +- [#85](https://github.com/oauth2-proxy/oauth2-proxy/pull/85) Use non-root user in docker images (@kskewes) +- [#68](https://github.com/oauth2-proxy/oauth2-proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove) +- [#41](https://github.com/oauth2-proxy/oauth2-proxy/pull/41) Added option to manually specify OIDC endpoints instead of relying on discovery +- [#83](https://github.com/oauth2-proxy/oauth2-proxy/pull/83) Add `id_token` refresh to Google provider (@leki75) +- [#10](https://github.com/oauth2-proxy/oauth2-proxy/pull/10) fix redirect url param handling (@dt-rush) +- [#122](https://github.com/oauth2-proxy/oauth2-proxy/pull/122) Expose -cookie-path as configuration parameter (@costelmoraru) +- [#124](https://github.com/oauth2-proxy/oauth2-proxy/pull/124) Use Go 1.12 for testing and build environments (@syscll) # v3.1.0 @@ -273,27 +273,27 @@ instead of returning an error - Streamed responses will now be flushed every 1 second by default. Previously streamed responses were flushed only when the buffer was full. To retain the old behaviour set `--flush-interval=0`. - See [#23](https://github.com/pusher/oauth2_proxy/pull/23) for further details. + See [#23](https://github.com/oauth2-proxy/oauth2-proxy/pull/23) for further details. ## Changes since v3.0.0 -- [#14](https://github.com/pusher/oauth2_proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed) +- [#14](https://github.com/oauth2-proxy/oauth2-proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed) - Implement `pass-authorization-header` and `set-authorization-header` flags - Implement token refreshing in OIDC provider - Split cookies larger than 4k limit into multiple cookies - Implement token validation in OIDC provider -- [#15](https://github.com/pusher/oauth2_proxy/pull/15) WhitelistDomains (@joelspeed) +- [#15](https://github.com/oauth2-proxy/oauth2-proxy/pull/15) WhitelistDomains (@joelspeed) - Add `--whitelist-domain` flag to allow redirection to approved domains after OAuth flow -- [#21](https://github.com/pusher/oauth2_proxy/pull/21) Docker Improvement (@yaegashi) +- [#21](https://github.com/oauth2-proxy/oauth2-proxy/pull/21) Docker Improvement (@yaegashi) - Move Docker base image from debian to alpine - Install ca-certificates in docker image -- [#23](https://github.com/pusher/oauth2_proxy/pull/23) Flushed streaming responses +- [#23](https://github.com/oauth2-proxy/oauth2-proxy/pull/23) Flushed streaming responses - Long-running upstream responses will get flushed every (1 second by default) -- [#24](https://github.com/pusher/oauth2_proxy/pull/24) Redirect fix (@agentgonzo) +- [#24](https://github.com/oauth2-proxy/oauth2-proxy/pull/24) Redirect fix (@agentgonzo) - After a successful login, you will be redirected to your original URL rather than / -- [#35](https://github.com/pusher/oauth2_proxy/pull/35) arm and arm64 binary releases (@kskewes) +- [#35](https://github.com/oauth2-proxy/oauth2-proxy/pull/35) arm and arm64 binary releases (@kskewes) - Add armv6 and arm64 to Makefile `release` target -- [#37](https://github.com/pusher/oauth2_proxy/pull/37) cross build arm and arm64 docker images (@kskewes) +- [#37](https://github.com/oauth2-proxy/oauth2-proxy/pull/37) cross build arm and arm64 docker images (@kskewes) # v3.0.0 @@ -303,7 +303,7 @@ v2.2 as released by Bitly. ## Changes since v2.2: -- [#7](https://github.com/pusher/oauth2_proxy/pull/7) Migration to Pusher (@joelspeed) +- [#7](https://github.com/oauth2-proxy/oauth2-proxy/pull/7) Migration to Pusher (@joelspeed) - Move automated build to debian base image - Add Makefile - Update CI to run `make test` diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 14828c66..63fb2427 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,8 +7,8 @@ Download the dependencies using `go mod download`. ```bash cd $GOPATH/src/github.com # Create this directory if it doesn't exist -git clone git@github.com:/oauth2_proxy pusher/oauth2_proxy -cd pusher/oauth2_proxy +git clone git@github.com:/oauth2-proxy oauth2-proxy/oauth2-proxy +cd oauth2-proxy/oauth2-proxy ./configure # Setup your environment variables go mod download ``` diff --git a/Dockerfile b/Dockerfile index bea6fe1e..4242e5cd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 # Copy sources -WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy +WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy # Fetch dependencies COPY go.mod go.sum ./ @@ -25,9 +25,9 @@ RUN ./configure && make build && touch jwt_signing_key.pem FROM alpine:3.11 COPY nsswitch.conf /etc/nsswitch.conf COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem USER 2000:2000 -ENTRYPOINT ["/bin/oauth2_proxy"] +ENTRYPOINT ["/bin/oauth2-proxy"] diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index 8bfde8ae..d0b57b7e 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 # Copy sources -WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy +WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy # Fetch dependencies COPY go.mod go.sum ./ @@ -25,9 +25,9 @@ RUN ./configure && GOARCH=arm64 make build && touch jwt_signing_key.pem FROM arm64v8/alpine:3.11 COPY nsswitch.conf /etc/nsswitch.conf COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem USER 2000:2000 -ENTRYPOINT ["/bin/oauth2_proxy"] +ENTRYPOINT ["/bin/oauth2-proxy"] diff --git a/Dockerfile.armv6 b/Dockerfile.armv6 index da7310d2..cabdfb43 100644 --- a/Dockerfile.armv6 +++ b/Dockerfile.armv6 @@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 # Copy sources -WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy +WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy # Fetch dependencies COPY go.mod go.sum ./ @@ -25,9 +25,9 @@ RUN ./configure && GOARCH=arm GOARM=6 make build && touch jwt_signing_key.pem FROM arm32v6/alpine:3.11 COPY nsswitch.conf /etc/nsswitch.conf COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem USER 2000:2000 -ENTRYPOINT ["/bin/oauth2_proxy"] +ENTRYPOINT ["/bin/oauth2-proxy"] diff --git a/Makefile b/Makefile index f0f83b44..32317998 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ include .env -BINARY := oauth2_proxy +BINARY := oauth2-proxy VERSION := $(shell git describe --always --dirty --tags 2>/dev/null || echo "undefined") # Allow to override image registry. -REGISTRY ?= quay.io/pusher +REGISTRY ?= quay.io/oauth2-proxy .NOTPARALLEL: .PHONY: all @@ -25,35 +25,35 @@ lint: build: clean $(BINARY) $(BINARY): - GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/pusher/oauth2_proxy + GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy .PHONY: docker docker: - docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:latest . + docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest . .PHONY: docker-all docker-all: docker - docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:latest-amd64 . - docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:${VERSION} . - docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:${VERSION}-amd64 . - docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2_proxy:latest-arm64 . - docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2_proxy:${VERSION}-arm64 . - docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2_proxy:latest-armv6 . - docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2_proxy:${VERSION}-armv6 . + docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest-amd64 . + docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:${VERSION} . + docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:${VERSION}-amd64 . + docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2-proxy:latest-arm64 . + docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2-proxy:${VERSION}-arm64 . + docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2-proxy:latest-armv6 . + docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2-proxy:${VERSION}-armv6 . .PHONY: docker-push docker-push: - docker push $(REGISTRY)/oauth2_proxy:latest + docker push $(REGISTRY)/oauth2-proxy:latest .PHONY: docker-push-all docker-push-all: docker-push - docker push $(REGISTRY)/oauth2_proxy:latest-amd64 - docker push $(REGISTRY)/oauth2_proxy:${VERSION} - docker push $(REGISTRY)/oauth2_proxy:${VERSION}-amd64 - docker push $(REGISTRY)/oauth2_proxy:latest-arm64 - docker push $(REGISTRY)/oauth2_proxy:${VERSION}-arm64 - docker push $(REGISTRY)/oauth2_proxy:latest-armv6 - docker push $(REGISTRY)/oauth2_proxy:${VERSION}-armv6 + docker push $(REGISTRY)/oauth2-proxy:latest-amd64 + docker push $(REGISTRY)/oauth2-proxy:${VERSION} + docker push $(REGISTRY)/oauth2-proxy:${VERSION}-amd64 + docker push $(REGISTRY)/oauth2-proxy:latest-arm64 + docker push $(REGISTRY)/oauth2-proxy:${VERSION}-arm64 + docker push $(REGISTRY)/oauth2-proxy:latest-armv6 + docker push $(REGISTRY)/oauth2-proxy:${VERSION}-armv6 .PHONY: test test: lint diff --git a/README.md b/README.md index c7ae9e60..9b5775e5 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ ![OAuth2 Proxy](/docs/logos/OAuth2_Proxy_horizontal.svg) -[![Build Status](https://secure.travis-ci.org/pusher/oauth2_proxy.svg?branch=master)](http://travis-ci.org/pusher/oauth2_proxy) -[![Go Report Card](https://goreportcard.com/badge/github.com/pusher/oauth2_proxy)](https://goreportcard.com/report/github.com/pusher/oauth2_proxy) -[![GoDoc](https://godoc.org/github.com/pusher/oauth2_proxy?status.svg)](https://godoc.org/github.com/pusher/oauth2_proxy) +[![Build Status](https://secure.travis-ci.org/oauth2-proxy/oauth2-proxy.svg?branch=master)](http://travis-ci.org/oauth2-proxy/oauth2-proxy) +[![Go Report Card](https://goreportcard.com/badge/github.com/oauth2-proxy/oauth2-proxy)](https://goreportcard.com/report/github.com/oauth2-proxy/oauth2-proxy) +[![GoDoc](https://godoc.org/github.com/oauth2-proxy/oauth2-proxy?status.svg)](https://godoc.org/github.com/oauth2-proxy/oauth2-proxy) [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](./LICENSE) A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) @@ -18,31 +18,31 @@ A list of changes can be seen in the [CHANGELOG](CHANGELOG.md). 1. Choose how to deploy: - a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.0.0`) + a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.0`) - b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin` + b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin` - c. Using the prebuilt docker image [quay.io/pusher/oauth2_proxy](https://quay.io/pusher/oauth2_proxy) (AMD64, ARMv6 and ARM64 tags available) + c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, ARMv6 and ARM64 tags available) Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. ``` sha256sum -c sha256sum.txt 2>&1 | grep OK -oauth2_proxy-4.0.0.linux-amd64: OK +oauth2-proxy-x.y.z.linux-amd64: OK ``` -2. [Select a Provider and Register an OAuth Application with a Provider](https://pusher.github.io/oauth2_proxy/auth-configuration) -3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://pusher.github.io/oauth2_proxy/configuration) -4. [Configure SSL or Deploy behind a SSL endpoint](https://pusher.github.io/oauth2_proxy/tls-configuration) (example provided for Nginx) +2. [Select a Provider and Register an OAuth Application with a Provider](https://oauth2-proxy.github.io/oauth2-proxy/auth-configuration) +3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://oauth2-proxy.github.io/oauth2-proxy/configuration) +4. [Configure SSL or Deploy behind a SSL endpoint](https://oauth2-proxy.github.io/oauth2-proxy/tls-configuration) (example provided for Nginx) ## Security -If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv) +If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv) ## Docs -Read the docs on our [Docs site](https://pusher.github.io/oauth2_proxy). +Read the docs on our [Docs site](https://oauth2-proxy.github.io/oauth2-proxy). ![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png) diff --git a/RELEASE.md b/RELEASE.md index 1dc9b888..fa5c0304 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,6 +1,6 @@ # Release -Here's how OAuth2_Proxy releases are created. +Here's how OAuth2 Proxy releases are created. ## Schedule @@ -44,4 +44,4 @@ Note this uses `v4.1.0` as an example release number. ``` Note: Ensure the docker tags don't include `-dirty`. This means you have uncommitted changes. -12. Verify everything looks good at [quay](https://quay.io/repository/pusher/oauth2_proxy?tag=latest&tab=tags) and [github](https://github.com/pusher/oauth2_proxy/releases) +12. Verify everything looks good at [quay](https://quay.io/repository/oauth2-proxy/oauth2-proxy?tag=latest&tab=tags) and [github](https://github.com/oauth2-proxy/oauth2-proxy/releases) diff --git a/contrib/oauth2_proxy.cfg.example b/contrib/oauth2-proxy.cfg.example similarity index 98% rename from contrib/oauth2_proxy.cfg.example rename to contrib/oauth2-proxy.cfg.example index 24dfb5a8..f521e000 100644 --- a/contrib/oauth2_proxy.cfg.example +++ b/contrib/oauth2-proxy.cfg.example @@ -1,5 +1,5 @@ ## OAuth2 Proxy Config File -## https://github.com/pusher/oauth2_proxy +## https://github.com/oauth2-proxy/oauth2-proxy ## : to listen on for HTTP/HTTPS clients # http_address = "127.0.0.1:4180" diff --git a/contrib/oauth2_proxy.service.example b/contrib/oauth2-proxy.service.example similarity index 68% rename from contrib/oauth2_proxy.service.example rename to contrib/oauth2-proxy.service.example index a5bf1f0d..7bfc79b5 100644 --- a/contrib/oauth2_proxy.service.example +++ b/contrib/oauth2-proxy.service.example @@ -1,10 +1,10 @@ -# Systemd service file for oauth2_proxy daemon +# Systemd service file for oauth2-proxy daemon # # Date: Feb 9, 2016 # Author: Srdjan Grubor [Unit] -Description=oauth2_proxy daemon service +Description=oauth2-proxy daemon service After=syslog.target network.target [Service] @@ -12,7 +12,7 @@ After=syslog.target network.target User=www-data Group=www-data -ExecStart=/usr/local/bin/oauth2_proxy -config=/etc/oauth2_proxy.cfg +ExecStart=/usr/local/bin/oauth2-proxy -config=/etc/oauth2-proxy.cfg ExecReload=/bin/kill -HUP $MAINPID KillMode=process diff --git a/contrib/oauth2_proxy_autocomplete.sh b/contrib/oauth2-proxy_autocomplete.sh similarity index 88% rename from contrib/oauth2_proxy_autocomplete.sh rename to contrib/oauth2-proxy_autocomplete.sh index 0d2f395d..422d2b98 100644 --- a/contrib/oauth2_proxy_autocomplete.sh +++ b/contrib/oauth2-proxy_autocomplete.sh @@ -1,12 +1,12 @@ # -# Autocompletion for oauth2_proxy +# Autocompletion for oauth2-proxy # # To install this, copy/move this file to /etc/bash.completion.d/ -# or add a line to your ~/.bashrc | ~/.bash_profile that says ". /path/to/oauth2_proxy/contrib/oauth2_proxy_autocomplete.sh" +# or add a line to your ~/.bashrc | ~/.bash_profile that says ". /path/to/oauth2-proxy/contrib/oauth2-proxy_autocomplete.sh" # _oauth2_proxy() { - _oauth2_proxy_commands=$(oauth2_proxy -h 2>&1 | sed -n '/^\s*-/s/ \+/ /gp' | awk '{print $1}' | tr '\n' ' ') + _oauth2_proxy_commands=$(oauth2-proxy -h 2>&1 | sed -n '/^\s*-/s/ \+/ /gp' | awk '{print $1}' | tr '\n' ' ') local cur prev COMPREPLY=() cur="${COMP_WORDS[COMP_CWORD]}" @@ -27,4 +27,4 @@ _oauth2_proxy() { COMPREPLY=( $(compgen -W "${_oauth2_proxy_commands}" -- ${cur}) ) return 0; } -complete -F _oauth2_proxy oauth2_proxy +complete -F _oauth2_proxy oauth2-proxy diff --git a/dist.sh b/dist.sh index 516d86f1..4d9c5844 100755 --- a/dist.sh +++ b/dist.sh @@ -28,10 +28,10 @@ for ARCH in "${ARCHS[@]}"; do # Create architecture specific binaries if [[ ${GO_ARCH} == "armv6" ]]; then GO111MODULE=on GOOS=${GO_OS} GOARCH=arm GOARM=6 CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \ - -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/pusher/oauth2_proxy + -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/oauth2-proxy/oauth2-proxy else GO111MODULE=on GOOS=${GO_OS} GOARCH=${GO_ARCH} CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \ - -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/pusher/oauth2_proxy + -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/oauth2-proxy/oauth2-proxy fi cd release diff --git a/docs/0_index.md b/docs/0_index.md index e0e3227d..e724e0f8 100644 --- a/docs/0_index.md +++ b/docs/0_index.md @@ -14,7 +14,7 @@ to validate accounts by email, domain or group. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md). -[![Build Status](https://secure.travis-ci.org/pusher/oauth2_proxy.svg?branch=master)](http://travis-ci.org/pusher/oauth2_proxy) +[![Build Status](https://secure.travis-ci.org/oauth2-proxy/oauth2-proxy.svg?branch=master)](http://travis-ci.org/oauth2-proxy/oauth2-proxy) ![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png) diff --git a/docs/1_installation.md b/docs/1_installation.md index 8ed72b81..d7ddef5e 100644 --- a/docs/1_installation.md +++ b/docs/1_installation.md @@ -9,17 +9,17 @@ nav_order: 1 1. Choose how to deploy: - a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v4.0.0`) + a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.0`) - b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin` + b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin` - c. Using the prebuilt docker image [quay.io/pusher/oauth2_proxy](https://quay.io/pusher/oauth2_proxy) (AMD64, ARMv6 and ARM64 tags available) + c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, ARMv6 and ARM64 tags available) Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. ``` $ sha256sum -c sha256sum.txt 2>&1 | grep OK -oauth2_proxy-4.0.0.linux-amd64: OK +oauth2-proxy-x.y.z.linux-amd64: OK ``` 2. [Select a Provider and Register an OAuth Application with a Provider](auth-configuration) diff --git a/docs/2_auth.md b/docs/2_auth.md index 34908c9a..23726ef0 100644 --- a/docs/2_auth.md +++ b/docs/2_auth.md @@ -7,7 +7,7 @@ nav_order: 2 ## OAuth Provider Configuration -You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run `oauth2_proxy` on. +You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run `oauth2-proxy` on. Valid providers are : @@ -67,8 +67,8 @@ https://www.googleapis.com/auth/admin.directory.user.readonly 7. Create or choose an existing administrative email address on the Gmail domain to assign to the `google-admin-email` flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. 8. Create or choose an existing email group and set that email to the `google-group` flag. You can pass multiple instances of this flag with different groups and the user will be checked against all the provided groups. -9. Lock down the permissions on the json file downloaded from step 1 so only oauth2_proxy is able to read the file and set the path to the file in the `google-service-account-json` flag. -10. Restart oauth2_proxy. +9. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the `google-service-account-json` flag. +10. Restart oauth2-proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ). @@ -163,12 +163,12 @@ Take note of your `TenantId` if applicable for your situation. The `TenantId` ca OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. 1. Launch a Dex instance using the [getting started guide](https://github.com/coreos/dex/blob/master/Documentation/getting-started.md). -2. Setup oauth2_proxy with the correct provider and using the default ports and callbacks. -3. Login with the fixture use in the dex guide and run the oauth2_proxy with the following args: +2. Setup oauth2-proxy with the correct provider and using the default ports and callbacks. +3. Login with the fixture use in the dex guide and run the oauth2-proxy with the following args: -provider oidc -provider-display-name "My OIDC Provider" - -client-id oauth2_proxy + -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 @@ -222,7 +222,7 @@ The `oidc_issuer_url` is based on URL from your **Authorization Server**'s **Iss The `client_id` and `client_secret` are configured in the application settings. Generate a unique `client_secret` to encrypt the cookie. -Then you can start the oauth2_proxy with `./oauth2_proxy -config /etc/example.cfg` +Then you can start the oauth2-proxy with `./oauth2-proxy -config /etc/example.cfg` ### login.gov Provider @@ -251,7 +251,7 @@ First, register your application in the dashboard. The important bits are: Now start the proxy up with the following options: ``` -./oauth2_proxy -provider login.gov \ +./oauth2-proxy -provider login.gov \ -client-id=${LOGINGOV_ISSUER} \ -redirect-url=http://localhost:4180/oauth2/callback \ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \ @@ -282,13 +282,13 @@ proxy, and you would use real hostnames everywhere. #### Skip OIDC discovery -Some providers do not support OIDC discovery via their issuer URL, so oauth2_proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. +Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. In this case, you can set the `-skip-oidc-discovery` option, and supply those required endpoints manually: ``` -provider oidc - -client-id oauth2_proxy + -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 @@ -330,7 +330,7 @@ Note: in *all* cases the validate-url will *not* have the `index.php`. 1. [Create a new OAuth application](https://cloud.digitalocean.com/account/api/applications) * You can fill in the name, homepage, and description however you wish. - * In the "Application callback URL" field, enter: `https://oauth-proxy/oauth2/callback`, substituting `oauth2-proxy` with the actual hostname that oauth2_proxy is running on. The URL must match oauth2_proxy's configured redirect URL. + * In the "Application callback URL" field, enter: `https://oauth-proxy/oauth2/callback`, substituting `oauth2-proxy` with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL. 2. Note the Client ID and Client Secret. To use the provider, pass the following options: @@ -346,7 +346,7 @@ To use the provider, pass the following options: ### Bitbucket Auth Provider 1. [Add a new OAuth consumer](https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html) - * In "Callback URL" use `https:///oauth2/callback`, substituting `` with the actual hostname that oauth2_proxy is running on. + * In "Callback URL" use `https:///oauth2/callback`, substituting `` with the actual hostname that oauth2-proxy is running on. * In Permissions section select: * Account -> Email * Team membership -> Read @@ -372,5 +372,5 @@ To authorize by email domain use `--email-domain=yourcompany.com`. To authorize Follow the examples in the [`providers` package]({{ site.gitweb }}/providers/) to define a new `Provider` instance. Add a new `case` to -[`providers.New()`]({{ site.gitweb }}/providers/providers.go) to allow `oauth2_proxy` to use the +[`providers.New()`]({{ site.gitweb }}/providers/providers.go) to allow `oauth2-proxy` to use the new `Provider`. diff --git a/docs/4_tls.md b/docs/4_tls.md index c6d40d74..fcbdc780 100644 --- a/docs/4_tls.md +++ b/docs/4_tls.md @@ -11,10 +11,10 @@ There are two recommended configurations. 1. Configure SSL Termination with OAuth2 Proxy by providing a `--tls-cert-file=/path/to/cert.pem` and `--tls-key-file=/path/to/cert.key`. - The command line to run `oauth2_proxy` in this configuration would look like this: + The command line to run `oauth2-proxy` in this configuration would look like this: ```bash - ./oauth2_proxy \ + ./oauth2-proxy \ --email-domain="yourcompany.com" \ --upstream=http://127.0.0.1:8080/ \ --tls-cert-file=/path/to/cert.pem \ @@ -28,12 +28,12 @@ There are two recommended configurations. 2. Configure SSL Termination with [Nginx](http://nginx.org/) (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or .... - Because `oauth2_proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an + Because `oauth2-proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use `--http-address="0.0.0.0:4180"` or `--http-address="http://:4180"`. - Nginx will listen on port `443` and handle SSL connections while proxying to `oauth2_proxy` on port `4180`. - `oauth2_proxy` will then authenticate requests for an upstream application. The external endpoint for this example + Nginx will listen on port `443` and handle SSL connections while proxying to `oauth2-proxy` on port `4180`. + `oauth2-proxy` will then authenticate requests for an upstream application. The external endpoint for this example would be `https://internal.yourcompany.com/`. An example Nginx config follows. Note the use of `Strict-Transport-Security` header to pin requests to SSL @@ -59,10 +59,10 @@ There are two recommended configurations. } ``` - The command line to run `oauth2_proxy` in this configuration would look like this: + The command line to run `oauth2-proxy` in this configuration would look like this: ```bash - ./oauth2_proxy \ + ./oauth2-proxy \ --email-domain="yourcompany.com" \ --upstream=http://127.0.0.1:8080/ \ --cookie-secret=... \ diff --git a/docs/5_endpoints.md b/docs/5_endpoints.md index 3df2224e..b2af8e3d 100644 --- a/docs/5_endpoints.md +++ b/docs/5_endpoints.md @@ -20,7 +20,7 @@ OAuth2 Proxy responds directly to the following endpoints. All other endpoints w ### Sign out -To sign the user out, redirect them to `/oauth2/sign_out`. This endpoint only removes oauth2_proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the `rd` query parameter, i.e. redirect the user to something like (notice the url-encoding!): +To sign the user out, redirect them to `/oauth2/sign_out`. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the `rd` query parameter, i.e. redirect the user to something like (notice the url-encoding!): ``` /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page @@ -33,7 +33,7 @@ GET /oauth2/sign_out HTTP/1.1 X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page ... ``` - + (The "sign_out_page" should be the [`end_session_endpoint`](https://openid.net/specs/openid-connect-session-1_0.html#rfc.section.2.1) from [the metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) if your OIDC provider supports Session Management and Discovery.) BEWARE that the domain you want to redirect to (`my-oidc-provider.example.com` in the example) must be added to the [`-whitelist-domain`](configuration) configuration option otherwise the redirect will be ignored. diff --git a/docs/README.md b/docs/README.md index ad5ef46b..cb133d3f 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,7 +1,7 @@ # Docs This folder contains our Jekyll based docs site which is hosted at -https://pusher.github.io/oauth2_proxy. +https://oauth2-proxy.github.io/oauth2-proxy. When making changes to this docs site, please test your changes locally: diff --git a/docs/_config.yml b/docs/_config.yml index a53e9e14..ea063cc2 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -13,13 +13,13 @@ # you will see them accessed via {{ site.title }}, {{ site.email }}, and so on. # You can create any custom variable you would like, and they will be accessible # in the templates via {{ site.myvariable }}. -title: OAuth2_Proxy +title: OAuth2 Proxy logo: /logos/OAuth2_Proxy_horizontal.svg description: >- # this means to ignore newlines until "baseurl:" - OAuth2_Proxy documentation site -baseurl: "/oauth2_proxy" # the subpath of your site, e.g. /blog -url: "https://pusher.github.io" # the base hostname & protocol for your site, e.g. http://example.com -gitweb: "https://github.com/pusher/oauth2_proxy/blob/master" + OAuth2-Proxy documentation site +baseurl: "/oauth2-proxy" # the subpath of your site, e.g. /blog +url: "https://oauth2-proxy.github.io" # the base hostname & protocol for your site, e.g. http://example.com +gitweb: "https://github.com/oauth2-proxy/oauth2-proxy/blob/master" # Build settings markdown: kramdown @@ -28,8 +28,8 @@ search_enabled: true # Aux links for the upper right navigation aux_links: - "OAuth2_Proxy on GitHub": - - "https://github.com/pusher/oauth2_proxy" + "OAuth2 Proxy on GitHub": + - "https://github.com/oauth2-proxy/oauth2-proxy" # Exclude from processing. # The following items will not be processed, by default. Create a custom list diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index b7ed66ed..df8cb876 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -8,7 +8,7 @@ nav_order: 3 ## Configuration -`oauth2_proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables). +`oauth2-proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables). To generate a strong cookie secret use `python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(16)).decode())'` @@ -16,7 +16,7 @@ To generate a strong cookie secret use `python -c 'import os,base64; print(base6 Every command line argument can be specified in a config file by replacing hypens (-) with underscores (\_). If the argument can be specified multiple times, the config option should be plural (trailing s). -An example [oauth2_proxy.cfg]({{ site.gitweb }}/contrib/oauth2_proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2_proxy.cfg` +An example [oauth2-proxy.cfg]({{ site.gitweb }}/contrib/oauth2-proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2-proxy.cfg` ### Command Line Options @@ -127,9 +127,9 @@ See below for provider specific options ### Upstreams Configuration -`oauth2_proxy` supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as `http://127.0.0.1:8080/` for the upstream parameter, this will forward all authenticated requests to the upstream server. If you instead provide `http://127.0.0.1:8080/some/path/` then it will only be requests that start with `/some/path/` which are forwarded to the upstream. +`oauth2-proxy` supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as `http://127.0.0.1:8080/` for the upstream parameter, this will forward all authenticated requests to the upstream server. If you instead provide `http://127.0.0.1:8080/some/path/` then it will only be requests that start with `/some/path/` which are forwarded to the upstream. -Static file paths are configured as a file:// URL. `file:///var/www/static/` will serve the files from that directory at `http://[oauth2_proxy url]/var/www/static/`, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at. `file:///var/www/static/#/static/` will ie. make `/var/www/static/` available at `http://[oauth2_proxy url]/static/`. +Static file paths are configured as a file:// URL. `file:///var/www/static/` will serve the files from that directory at `http://[oauth2-proxy url]/var/www/static/`, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at. `file:///var/www/static/#/static/` will ie. make `/var/www/static/` available at `http://[oauth2-proxy url]/static/`. Multiple upstreams can either be configured by supplying a comma separated list to the `-upstream` parameter, supplying the parameter multiple times or provinding a list in the [config file](#config-file). When multiple upstreams are used routing to them will be based on the path they are set up with. @@ -246,7 +246,7 @@ Available variables for standard logging: ## Configuring for use with the Nginx `auth_request` directive -The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) allows Nginx to authenticate requests via the oauth2_proxy's `/auth` endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: +The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) allows Nginx to authenticate requests via the oauth2-proxy's `/auth` endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: ```nginx server { diff --git a/env_options_test.go b/env_options_test.go index c1937e63..eb72a83e 100644 --- a/env_options_test.go +++ b/env_options_test.go @@ -4,7 +4,7 @@ import ( "os" "testing" - proxy "github.com/pusher/oauth2_proxy" + proxy "github.com/oauth2-proxy/oauth2-proxy" "github.com/stretchr/testify/assert" ) diff --git a/go.mod b/go.mod index 541bf320..6fa871c3 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/pusher/oauth2_proxy +module github.com/oauth2-proxy/oauth2-proxy go 1.14 diff --git a/htpasswd.go b/htpasswd.go index b7c8d579..670aa729 100644 --- a/htpasswd.go +++ b/htpasswd.go @@ -7,7 +7,7 @@ import ( "io" "os" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "golang.org/x/crypto/bcrypt" ) diff --git a/http.go b/http.go index 88280c44..afc8ba37 100644 --- a/http.go +++ b/http.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // Server represents an HTTP server diff --git a/logging_handler.go b/logging_handler.go index 9915e277..1c857413 100644 --- a/logging_handler.go +++ b/logging_handler.go @@ -10,7 +10,7 @@ import ( "net/http" "time" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP status diff --git a/logging_handler_test.go b/logging_handler_test.go index ddc97783..756329fc 100644 --- a/logging_handler_test.go +++ b/logging_handler_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) func TestLoggingHandler_ServeHTTP(t *testing.T) { diff --git a/main.go b/main.go index 11e642dc..2512e064 100644 --- a/main.go +++ b/main.go @@ -12,12 +12,12 @@ import ( "github.com/BurntSushi/toml" options "github.com/mreiferson/go-options" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) func main() { logger.SetFlags(logger.Lshortfile) - flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError) + flagSet := flag.NewFlagSet("oauth2-proxy", flag.ExitOnError) emailDomains := StringArray{} whitelistDomains := StringArray{} @@ -145,7 +145,7 @@ func main() { flagSet.Parse(os.Args[1:]) if *showVersion { - fmt.Printf("oauth2_proxy %s (built with %s)\n", VERSION, runtime.Version()) + fmt.Printf("oauth2-proxy %s (built with %s)\n", VERSION, runtime.Version()) return } diff --git a/oauthproxy.go b/oauthproxy.go index 4d995b0f..1dbe78b4 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -19,11 +19,11 @@ import ( "github.com/coreos/go-oidc" "github.com/mbland/hmacauth" - sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/cookies" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/providers" + sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/providers" "github.com/yhat/wsutil" ) diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 7681d947..eebad11e 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -18,10 +18,10 @@ import ( "github.com/coreos/go-oidc" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" - "github.com/pusher/oauth2_proxy/providers" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie" + "github.com/oauth2-proxy/oauth2-proxy/providers" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/net/websocket" diff --git a/options.go b/options.go index 6abfa365..b5cb8590 100644 --- a/options.go +++ b/options.go @@ -17,12 +17,12 @@ import ( oidc "github.com/coreos/go-oidc" "github.com/dgrijalva/jwt-go" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/sessions" - "github.com/pusher/oauth2_proxy/providers" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions" + "github.com/oauth2-proxy/oauth2-proxy/providers" "gopkg.in/natefinch/lumberjack.v2" ) diff --git a/pkg/apis/options/sessions.go b/pkg/apis/options/sessions.go index 9a2abd77..3e222780 100644 --- a/pkg/apis/options/sessions.go +++ b/pkg/apis/options/sessions.go @@ -1,6 +1,6 @@ package options -import "github.com/pusher/oauth2_proxy/pkg/encryption" +import "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" // SessionOptions contains configuration options for the SessionStore providers. type SessionOptions struct { diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go index 0a58b34c..d3855b18 100644 --- a/pkg/apis/sessions/session_state.go +++ b/pkg/apis/sessions/session_state.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" ) // SessionState is used to store information about the currently authenticated user session diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go index 9707faef..6c9d9e38 100644 --- a/pkg/apis/sessions/session_state_test.go +++ b/pkg/apis/sessions/session_state_test.go @@ -5,8 +5,8 @@ import ( "testing" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" "github.com/stretchr/testify/assert" ) diff --git a/pkg/cookies/cookies.go b/pkg/cookies/cookies.go index b2a02a12..c4dd1675 100644 --- a/pkg/cookies/cookies.go +++ b/pkg/cookies/cookies.go @@ -7,8 +7,8 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // MakeCookie constructs a cookie from the given parameters, diff --git a/pkg/requests/requests.go b/pkg/requests/requests.go index 9083b2d4..36a8bf8c 100644 --- a/pkg/requests/requests.go +++ b/pkg/requests/requests.go @@ -7,7 +7,7 @@ import ( "net/http" "github.com/bitly/go-simplejson" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // Request parses the request body into a simplejson.Json object diff --git a/pkg/sessions/cookie/session_store.go b/pkg/sessions/cookie/session_store.go index 7964bd71..6698edbe 100644 --- a/pkg/sessions/cookie/session_store.go +++ b/pkg/sessions/cookie/session_store.go @@ -8,11 +8,11 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/cookies" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/sessions/utils" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/utils" ) const ( diff --git a/pkg/sessions/redis/redis_store.go b/pkg/sessions/redis/redis_store.go index 0d3d361c..f4169398 100644 --- a/pkg/sessions/redis/redis_store.go +++ b/pkg/sessions/redis/redis_store.go @@ -15,11 +15,11 @@ import ( "time" "github.com/go-redis/redis" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/cookies" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // TicketData is a structure representing the ticket used in server session storage diff --git a/pkg/sessions/session_store.go b/pkg/sessions/session_store.go index 17ef21c2..992d6ded 100644 --- a/pkg/sessions/session_store.go +++ b/pkg/sessions/session_store.go @@ -3,10 +3,10 @@ package sessions import ( "fmt" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" - "github.com/pusher/oauth2_proxy/pkg/sessions/redis" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis" ) // NewSessionStore creates a SessionStore from the provided configuration diff --git a/pkg/sessions/session_store_test.go b/pkg/sessions/session_store_test.go index cad4d358..0e4d62dd 100644 --- a/pkg/sessions/session_store_test.go +++ b/pkg/sessions/session_store_test.go @@ -11,16 +11,16 @@ import ( "time" miniredis "github.com/alicebob/miniredis/v2" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + cookiesapi "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions" + sessionscookie "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - cookiesapi "github.com/pusher/oauth2_proxy/pkg/cookies" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/sessions" - sessionscookie "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" - "github.com/pusher/oauth2_proxy/pkg/sessions/redis" - "github.com/pusher/oauth2_proxy/pkg/sessions/utils" ) func TestSessionStore(t *testing.T) { diff --git a/pkg/sessions/utils/utils.go b/pkg/sessions/utils/utils.go index 1fb27f4d..e8de8ae9 100644 --- a/pkg/sessions/utils/utils.go +++ b/pkg/sessions/utils/utils.go @@ -3,8 +3,8 @@ package utils import ( "encoding/base64" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" ) // CookieForSession serializes a session state for storage in a cookie diff --git a/providers/auth_test.go b/providers/auth_test.go index e17ad8d7..55b98a0f 100644 --- a/providers/auth_test.go +++ b/providers/auth_test.go @@ -5,7 +5,7 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" ) var authorizedAccessToken = "imaginary_access_token" diff --git a/providers/azure.go b/providers/azure.go index 5b93064c..1f4f9f8d 100644 --- a/providers/azure.go +++ b/providers/azure.go @@ -11,9 +11,9 @@ import ( "time" "github.com/bitly/go-simplejson" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // AzureProvider represents an Azure based Identity Provider diff --git a/providers/bitbucket.go b/providers/bitbucket.go index 63c1d0fa..7ddb280e 100644 --- a/providers/bitbucket.go +++ b/providers/bitbucket.go @@ -5,9 +5,9 @@ import ( "net/url" "strings" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // BitbucketProvider represents an Bitbucket based Identity Provider diff --git a/providers/bitbucket_test.go b/providers/bitbucket_test.go index d6d2cdc6..da3182a0 100644 --- a/providers/bitbucket_test.go +++ b/providers/bitbucket_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/assert" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" ) func testBitbucketProvider(hostname, team string, repository string) *BitbucketProvider { diff --git a/providers/digitalocean.go b/providers/digitalocean.go index f4d9ce57..564d32b0 100644 --- a/providers/digitalocean.go +++ b/providers/digitalocean.go @@ -6,8 +6,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // DigitalOceanProvider represents a DigitalOcean based Identity Provider diff --git a/providers/digitalocean_test.go b/providers/digitalocean_test.go index 3ef0f2ae..2b3fede3 100644 --- a/providers/digitalocean_test.go +++ b/providers/digitalocean_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/facebook.go b/providers/facebook.go index abd53828..94f3e271 100644 --- a/providers/facebook.go +++ b/providers/facebook.go @@ -6,8 +6,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // FacebookProvider represents an Facebook based Identity Provider diff --git a/providers/github.go b/providers/github.go index 40ec78d3..bacda1bb 100644 --- a/providers/github.go +++ b/providers/github.go @@ -11,8 +11,8 @@ import ( "strconv" "strings" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // GitHubProvider represents an GitHub based Identity Provider diff --git a/providers/github_test.go b/providers/github_test.go index e73ea40b..a454cb48 100644 --- a/providers/github_test.go +++ b/providers/github_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/gitlab.go b/providers/gitlab.go index 396d41fc..20421d65 100644 --- a/providers/gitlab.go +++ b/providers/gitlab.go @@ -10,7 +10,7 @@ import ( "time" oidc "github.com/coreos/go-oidc" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "golang.org/x/oauth2" ) diff --git a/providers/gitlab_test.go b/providers/gitlab_test.go index f75c4bfd..30ce16e5 100644 --- a/providers/gitlab_test.go +++ b/providers/gitlab_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/google.go b/providers/google.go index 12216a35..ec16ded5 100644 --- a/providers/google.go +++ b/providers/google.go @@ -13,8 +13,8 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "golang.org/x/oauth2" "golang.org/x/oauth2/google" admin "google.golang.org/api/admin/directory/v1" diff --git a/providers/internal_util.go b/providers/internal_util.go index fb33b31d..4cc502ed 100644 --- a/providers/internal_util.go +++ b/providers/internal_util.go @@ -5,8 +5,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // stripToken is a helper function to obfuscate "access_token" diff --git a/providers/internal_util_test.go b/providers/internal_util_test.go index ba6d470e..591c7f30 100644 --- a/providers/internal_util_test.go +++ b/providers/internal_util_test.go @@ -7,7 +7,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/keycloak.go b/providers/keycloak.go index 27153726..9475957d 100644 --- a/providers/keycloak.go +++ b/providers/keycloak.go @@ -4,9 +4,9 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) type KeycloakProvider struct { diff --git a/providers/keycloak_test.go b/providers/keycloak_test.go index 4d1d1005..e00fb045 100644 --- a/providers/keycloak_test.go +++ b/providers/keycloak_test.go @@ -7,7 +7,7 @@ import ( "testing" "github.com/bmizerany/assert" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" ) func testKeycloakProvider(hostname, group string) *KeycloakProvider { diff --git a/providers/linkedin.go b/providers/linkedin.go index bca29360..b69ae933 100644 --- a/providers/linkedin.go +++ b/providers/linkedin.go @@ -6,8 +6,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // LinkedInProvider represents an LinkedIn based Identity Provider diff --git a/providers/linkedin_test.go b/providers/linkedin_test.go index 0b7247ff..9f325eae 100644 --- a/providers/linkedin_test.go +++ b/providers/linkedin_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/logingov.go b/providers/logingov.go index 3cca13d6..db112aa5 100644 --- a/providers/logingov.go +++ b/providers/logingov.go @@ -13,7 +13,7 @@ import ( "time" "github.com/dgrijalva/jwt-go" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "gopkg.in/square/go-jose.v2" ) diff --git a/providers/nextcloud.go b/providers/nextcloud.go index 18855c8c..6b2932e3 100644 --- a/providers/nextcloud.go +++ b/providers/nextcloud.go @@ -4,9 +4,9 @@ import ( "fmt" "net/http" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // NextcloudProvider represents an Nextcloud based Identity Provider diff --git a/providers/nextcloud_test.go b/providers/nextcloud_test.go index c598d7bb..0f3a8293 100644 --- a/providers/nextcloud_test.go +++ b/providers/nextcloud_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/oidc.go b/providers/oidc.go index 0d8112e0..e831ccba 100644 --- a/providers/oidc.go +++ b/providers/oidc.go @@ -10,8 +10,8 @@ import ( oidc "github.com/coreos/go-oidc" "golang.org/x/oauth2" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // OIDCProvider represents an OIDC based Identity Provider diff --git a/providers/oidc_test.go b/providers/oidc_test.go index 1ae3935a..675f8fda 100644 --- a/providers/oidc_test.go +++ b/providers/oidc_test.go @@ -20,7 +20,7 @@ import ( "github.com/dgrijalva/jwt-go" "golang.org/x/oauth2" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" ) const accessToken = "access_token" diff --git a/providers/provider_data.go b/providers/provider_data.go index bc789a9a..ce80c8b7 100644 --- a/providers/provider_data.go +++ b/providers/provider_data.go @@ -5,7 +5,7 @@ import ( "io/ioutil" "net/url" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // ProviderData contains information required to configure all implementations diff --git a/providers/provider_default.go b/providers/provider_default.go index 5e60a0c6..707e3a6e 100644 --- a/providers/provider_default.go +++ b/providers/provider_default.go @@ -10,8 +10,8 @@ import ( "net/url" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" ) // Redeem provides a default implementation of the OAuth2 token redemption process diff --git a/providers/provider_default_test.go b/providers/provider_default_test.go index ffe4aa74..e8a51f51 100644 --- a/providers/provider_default_test.go +++ b/providers/provider_default_test.go @@ -4,7 +4,7 @@ import ( "testing" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/providers.go b/providers/providers.go index 04215f01..97cc17a7 100644 --- a/providers/providers.go +++ b/providers/providers.go @@ -1,8 +1,8 @@ package providers import ( - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" ) // Provider represents an upstream identity provider implementation diff --git a/templates.go b/templates.go index 002e2b46..b0e9014d 100644 --- a/templates.go +++ b/templates.go @@ -4,7 +4,7 @@ import ( "html/template" "path" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) func loadTemplates(dir string) *template.Template { @@ -149,7 +149,7 @@ func getTemplates() *template.Template {