go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-10 22:51:31 +02:00
Code Issues Releases Activity
1,637 Commits 24 Branches 40 Tags
redis-lock
Commit Graph

319 Commits

Author SHA1 Message Date
Joel Speed
5c64e236fb Generate reference page in configuration 2021-01-18 09:57:44 +00:00
Nick Meves
f054682fb7 Make HTTPS Redirect middleware Reverse Proxy aware 2021-01-16 13:55:48 -08:00
Nick Meves
6fb3274ca3 Refactor organization of scope aware request utils 
Reorganized the structure of the Request Utils due to their widespread use
resulting in circular imports issues (mostly because of middleware & logger).
 2021-01-16 13:55:48 -08:00
Nick Meves
b625de9490 Track the ReverseProxy option in the request Scope 
This allows for proper handling of reverse proxy based headers throughout
the lifecycle of a request.
 2021-01-16 13:55:48 -08:00
Ilia Pertsev
597ffeb121 Fix joined cookie name for those containing underline in the suffix (#970) 
* properly handle splitted cookies with names ending with _

* test update

* provide cookieName into joinCookies instead of processing the suffix

* changelog update

* test update
 2021-01-04 17:21:17 -08:00
İlteriş Eroğlu
1d74a51cd7 Use X-Forwarded-{Proto,Host,Uri} on redirect as last resort (#957) 2021-01-01 15:23:11 -08:00
Nick Meves
3369799853 Migrate Keycloak to EnrichSession & support multiple groups 2020-12-24 14:04:19 -08:00
Nick Meves
d2ffef2c7e Use global OIDC fields for Gitlab 2020-12-21 16:54:12 -08:00
Nick Meves
eb56f24d6d Deprecate UserIDClaim in config and docs 2020-12-21 16:52:17 -08:00
Nick Meves
74ac4274c6 Move generic OIDC functionality to be available to all providers 2020-12-21 16:52:04 -08:00
Nick Meves
a1877434b2 Refactor OIDC to EnrichSession 2020-12-21 16:51:52 -08:00
TAGAMI Yukihiro
a5466bb96d Fix typo and missing InjectResponseHeaders validation (#952) 2020-12-12 10:05:01 -08:00
Mathieu Lecarme
d67d6e3152 Add authorization support for Gitlab projects (#630) 
* Add support for gitlab projets

* Add group membership in state

* Use prefixed allowed groups everywhere

* Fix: remove unused function

* Fix: rename func that add data to session

* Simplify projects and groups session funcs

* Add project access level for gitlab projects

* Fix: default access level

* Add per project access level

* Add user email when missing access level

* Fix: harmonize errors

* Update docs and flags description for gitlab project

* Add test with both projects and groups

* Fix: log error message

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix: make doc a markdown link

* Add notes about read_api scope for projects

* Fix: Verifier override in Gitlab Provider

This commit fixes a bug caused by an override of the Verifier value from *ProviderData inside GitlabProvider struct

* Fix: ensure data in session before using it

* Update providers/gitlab.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Rename gitlab project initializer

* Improve return value readbility

* Use splitN

* Handle space delimiters in set project scope

* Reword comment for AddProjects

* Fix: typo

* Rework error handling in addProjectsToSession

* Reduce branching complexity in addProjectsToSession

* Fix: line returns

* Better comment for addProjectsToSession

* Fix: enrich session comment

* Fix: email domains is handled before provider mechanism

* Add archived project unit test

* Fix: emails handling in gitlab provider

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
 2020-12-05 10:57:33 -08:00
Joel Speed
b201dbb2d3 Add convert-config-to-alpha flag to convert existing configuration to alpha structure 2020-12-01 08:56:51 +00:00
Joel Speed
f36dfbb494 Introduce alpha configuration loading 2020-12-01 08:56:49 +00:00
Joel Speed
5b003a5657 SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
Nick Meves
5f8f856260 Remove failed bearer tokens from logs 2020-11-28 10:25:12 -08:00
Nick Meves
22f60e9b63 Generalize and extend default CreateSessionFromToken 2020-11-28 10:25:12 -08:00
Nick Meves
44fa8316a1 Aggregate error logging on JWT chain failures 2020-11-28 10:25:12 -08:00
Nick Meves
3e9717d489 Decouple TokenToSession from OIDC & add a generic VerifyFunc 2020-11-28 10:25:11 -08:00
Joel Speed
482cd32a17 Fix basic auth legacy header conversion 2020-11-19 20:07:59 +00:00
Joel Speed
aed43a54da Add DefaultUpstreamFlushInterval to replace magic time.Second value 2020-11-19 10:39:21 +00:00
Joel Speed
d353d94631 Add AlphaOptions struct and ensure that all children have valid JSON tags 2020-11-19 10:35:31 +00:00
Joel Speed
b6d6f31ac1 Introduce Duration so that marshalling works for duration strings 2020-11-19 10:35:29 +00:00
Joel Speed
3a4660414a Fix log calldepth 2020-11-15 18:52:59 +00:00
Nick Meves
b92fd4b0bb Streamline Google to use default Authorize 2020-11-12 11:18:58 -08:00
Nick Meves
eb58ea2ed9 Move AllowedGroups to DefaultProvider for default Authorize usage 2020-11-12 11:18:15 -08:00
Arcadiy Ivanov
45ae87e4b7 Logs provider name on startup 
If invalid provider is specified, stop and error out

fixes #895
 2020-11-12 10:39:35 -05:00
Nick Meves
2b15ba0bcf Remove v5 JSON session support 2020-11-08 08:52:55 -08:00
Nick Meves
7d6ff03d13 Fix X-Auth-Request-Preferred-Username in response headers 2020-11-07 12:47:42 -08:00
Nick Meves
1c26539ef0 Align tests to SkipAuthStripHeaders default 2020-11-07 12:33:37 -08:00
Nick Meves
14fd934b32 Flip --skip-auth-strip-headers to true by default 2020-11-07 11:43:45 -08:00
Joel Speed
92d09343d2 Add tests for legacy header conversion 2020-11-07 17:17:10 +00:00
Joel Speed
8d1bbf33b1 Add tests for headers validation 2020-11-07 17:17:06 +00:00
Joel Speed
1dac1419b3 Add tests for SecretSource validation 2020-11-07 17:17:02 +00:00
Joel Speed
8059a812cd Integrate new header injectors with OAuth2 Proxy 2020-11-07 17:16:58 +00:00
Joel Speed
d26c65ba8d Add validation for Headers struct 2020-11-07 17:16:54 +00:00
Joel Speed
2dc0d1e7ee Create LegacyHeaders struct and conversion to new Headers 2020-11-07 17:16:49 +00:00
Nick Meves
4a54c9421c Remove EmailDomain verification from GitLab provider 
This is handled globally
 2020-10-20 10:01:53 -07:00
Joel Speed
70990327d1 Make claims list of strings 2020-10-07 18:25:00 +01:00
Joel Speed
6743e3991d Add header injector middlewares 2020-10-07 18:24:58 +01:00
Joel Speed
fc2ff19a19 Add header Injector 2020-10-07 18:24:57 +01:00
Joel Speed
eec7565c52 Add Header option structure 2020-10-07 18:24:56 +01:00
Nick Meves
b7b7ade7c4 Improve AllowedRoute test table formatting 2020-10-07 10:13:41 -07:00
Nick Meves
fa4ba5e7ea Convert allowlist validation test to Ginkgo 2020-10-07 10:13:41 -07:00
Nick Meves
183cb124a4 Support HTTP method based allowlists 2020-10-07 10:13:40 -07:00
Mitsuo Heijo
fcb83c48f4 Update go-redis/redis to v8 (#801) 
* update go-redis/redis to v8

testify, ginko and gomega have also been updated.

* update changelog

* Update pkg/sessions/redis/redis_store_test.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-10-07 11:49:27 +01:00
Mitsuo Heijo
3fa42edb73 Fix import path for v7 (#800) 
* fix import path for v7

find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'

* fix module path

* go mod tidy

* fix installation docs

* update CHANGELOG

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-09-29 17:44:42 +01:00
Nick Meves
6db1aeb9c6 Validate Redis session store health on startup 2020-09-24 10:41:43 -07:00
Nick Meves
56f199a24f Stop accepting legacy SHA1 signed cookies 2020-09-24 10:31:34 -07:00