go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-08 22:46:33 +02:00
Code Issues Releases Activity
1,637 Commits 24 Branches 40 Tags
redis-lock
Commit Graph

319 Commits

Author SHA1 Message Date
Joel Speed
67501f004f Implement refresh relying on obtaining lock 2021-12-06 14:05:58 +00:00
Joel Speed
327211cec9 Refreshing with an invalid session should work 
I would like this test to pass, but it currently doesn't. With the 
current implementation, there is a race, if the session is locked, but 
releases before the "handleObtainLockError" starts, then you'll get an 
error, which is not desirable
 2021-12-03 23:44:18 +00:00
Joel Speed
1478fefe92 Remove lock release via peek 
This doesn't seem right, its not what I'd expect from the session store 
implemented locks.

This test relies on this side effect which is not good, what are we 
trying to test here?
 2021-12-03 23:42:42 +00:00
Kevin Kreitner
b734de16e6 Refactor refreshSession method to reduce number of return 2021-12-03 23:07:40 +00:00
Kevin Kreitner
2781ea1c95 Try to wait for lock, when obtaining lock failed 2021-12-03 23:07:40 +00:00
Kevin Kreitner
360c753d6f Remove unnecessary err variable definition 2021-12-03 23:07:39 +00:00
Kevin Kreitner
0cb8d23222 Simplify for loop for waiting for lock 2021-12-03 23:07:38 +00:00
Kevin Kreitner
d9e0933e54 Move validateSession back into refreshSessionIfNeeded 2021-12-03 23:06:46 +00:00
Kevin Kreitner
ad8ce2f6a4 Add concurrent requests tests 2021-12-03 23:06:45 +00:00
Kevin Kreitner
c5ea345daf Add tests, which consider session lock 2021-12-03 23:06:44 +00:00
Kevin Kreitner
fca2d76f33 Fix tests for stored_session.go in middleware 2021-12-03 23:06:43 +00:00
Kevin Kreitner
d8663a19a9 Remove unnecessary log output 2021-12-03 23:06:42 +00:00
Kevin Kreitner
a8de9862cd Update logger message 2021-12-03 23:06:41 +00:00
Kevin Kreitner
88ab07930e Update update session from store 2021-12-03 23:06:41 +00:00
Kevin Kreitner
ccd7a91b2b Add more specific error when updating from store 2021-12-03 23:06:40 +00:00
Kevin Kreitner
c6d8cd1ea4 Remove one return statement in getValidatedSession 2021-12-03 23:06:39 +00:00
Kevin Kreitner
86ba2f41ce Refactor StoredSessionHandler 2021-12-03 23:06:38 +00:00
Kevin Kreitner
518e619289 Move session locking to refreshSessionIfNeeded method 2021-12-03 23:06:37 +00:00
Kevin Kreitner
76e3cb3e9a Use const for delay and expire time 2021-12-03 23:06:36 +00:00
Kevin Kreitner
0f545e14d4 Lock session state when refreshing 2021-12-03 23:06:35 +00:00
Kevin Kreitner
58b9f0633a Remove sensitive logging changes 2021-12-03 23:06:34 +00:00
Kevin Kreitner
a4ad6bccfb Fix default value flag for sensitive logging 2021-12-03 23:06:33 +00:00
Kevin Kreitner
6b50a55668 Add sensible logging flag to default setup for logger 2021-12-03 23:06:30 +00:00
Hiroyuki Wada
7eb3a4fbd5 Improve TLS handling for Redis to support non-standalone mode with TLS 2021-10-19 20:04:49 +09:00
Maciej Strzelecki
b49e62f9b2 Initalize TLS.Config when connecting to Redis with TLS (#1296) 
* init TLS.Config when connecting to Redis with TLS

* don't overwrite TLS config if it exists

* add tests for Redis with TLS

* remove hardcoded certs

* add GenerateCert func

* use GenerateCert util func

* fix issue reported by go fmt

* limit return statements in GenerateCert
 2021-10-19 09:17:42 +01:00
Joel Speed
d8deaa124b Improve error message when no cookie is found 2021-10-13 19:08:11 +01:00
Luka Zakrajšek
d3e036d619 Add force-json-errors flag 2021-10-05 11:24:47 +02:00
Matt Lilley
3957183fd5 Use the httputil.NewSingleHostReverseProxy instead of yhat/wsutil for … (#1348) 
* Use the httputil.NewSingleHostReverseProxy instad of yhat/wsutil for websocket proxying. This correctly handles 404 responses with keep-alive by terminating the tunnel rather than keeping it alive

* Tidy up dependencies - yhat/wsutil is no longer required

* Update changelog to include reference to 1348

Co-authored-by: Matt Lilley <matt.lilley@securitease.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-10-03 15:38:40 +01:00
Nick Meves
c84a5a418f Adjust GitLab options configuration 2021-09-25 16:48:48 -07:00
Fabian Stelzer
88f32aeaa1 rename Upstreams to UpstreamConfig and its Configs member to Upstreams then 2021-09-17 12:37:57 +00:00
Fabian Stelzer
662fa72e8c Add ProxyRawPath tests 
Refactor proxy_test to set mux/upstream options for each test
individually and add tests for encoded urls with ProxyRawPath set and
unset.
 2021-09-17 12:37:56 +00:00
Fabian Stelzer
d51556515e Introduce ProxyRawPath flag 
Setting this flag will configure the upstream proxy to pass encoded urls
as-is.
 2021-09-17 12:37:56 +00:00
Fabian Stelzer
12ab4ef529 Make the Upstreams mux configurable 
This commit changes Upstreams from []Upstream to a struct{}
moving the previous []Upstream into .Configs and adjusts all uses of it.
 2021-09-17 12:31:18 +00:00
Hedi Harzallah
ccbb98acd9 fix(1356): test if session variable is null (#1357) 
* fix(1356): test if session variable is null

* fix(1356): adding changelog

Co-authored-by: Hedi Harzallah <hharzalla@talend.com>
 2021-09-09 12:12:29 +01:00
Miks Kalnins
54d44ccb8f Allow specifying URL as input for custom sign in logo (#1330) 
* Allow specifying URL as input for custom logos

* Fix typo

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update changelog

* Only allow HTTPS URLs

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nicholas.meves@gmail.com>
 2021-09-05 09:23:22 -07:00
Philippe
7cf3065111 Changing user field type to text (#1337) 
* Changing user field type to text

* Updated changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-08-29 12:39:02 +01:00
Jordie
42c16efa38 Fixed .CustomLogin </form> tag placement for login page (#1317) 
* Fixed .CustomLogin </form> tag placement for login page

* Update changelog (gh-1317)
 2021-08-11 15:57:40 +01:00
Peter Braun
e6223383e5 update keycloak oidc provider and add unit tests 2021-08-02 11:39:50 +02:00
Nick Meves
ab54de38cc Extract roles from Keycloak Access Tokens 2021-07-30 09:46:13 +02:00
Nick Meves
4c0beb373f Add keycloak-oidc provider based on OIDCProvider 2021-07-30 09:46:13 +02:00
JVecsei
8967873659 Updated dependency versions which include CVE fixes (#1276) 
* switched to github.com/golang-jwt/jwt and updated golang.org/x/crypto to include CVE fixes

* added #1276 to changelog

Co-authored-by: Joshua Vécsei <git@vecsei.me>
 2021-07-29 17:45:41 +01:00
wyewata
a35db2ae8a Fix expected error messages (#1269) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-07-28 19:56:23 +01:00
Nick Meves
0b4bc36554 Upgrade go-oidc to v3 (#1264) 2021-07-17 09:55:05 -07:00
wassan128
777556c97e Fix typo s/commmon/common/ 2021-07-08 21:29:43 +09:00
Nick Meves
1faa5c47ce Remove finicky encryption test 
AES-CFB is unauthenticated, in rare circumstances it won't error on
AES-GCM encrypted payloads
 2021-07-01 19:03:01 -07:00
Joel Speed
075cb9c3a0 Ensure upstreams are sorted by longest first 2021-06-23 12:20:48 +01:00
Joel Speed
8a06779d41 Redirect request if it would match with an appended trailing slash 2021-06-23 12:20:47 +01:00
Joel Speed
6c62b25bf1 Allow request paths to be rewritten before proxying to upstream server 2021-06-23 12:20:46 +01:00
Joel Speed
d2d62bb452 Replace standard serve mux with gorilla mux 2021-06-23 12:20:21 +01:00
Nick Meves
ff914d7e17 Use ErrNotImplemented in default refresh implementation 2021-06-22 17:04:42 -07:00