go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-08 22:46:33 +02:00
Code Issues Releases Activity
2,197 Commits 24 Branches 40 Tags
release/v7.11.0
Commit Graph

410 Commits

Author SHA1 Message Date
Nick Meves
74ac4274c6 Move generic OIDC functionality to be available to all providers 2020-12-21 16:52:04 -08:00
Nick Meves
a1877434b2 Refactor OIDC to EnrichSession 2020-12-21 16:51:52 -08:00
TAGAMI Yukihiro
a5466bb96d Fix typo and missing InjectResponseHeaders validation (#952) 2020-12-12 10:05:01 -08:00
Mathieu Lecarme
d67d6e3152 Add authorization support for Gitlab projects (#630) 
* Add support for gitlab projets

* Add group membership in state

* Use prefixed allowed groups everywhere

* Fix: remove unused function

* Fix: rename func that add data to session

* Simplify projects and groups session funcs

* Add project access level for gitlab projects

* Fix: default access level

* Add per project access level

* Add user email when missing access level

* Fix: harmonize errors

* Update docs and flags description for gitlab project

* Add test with both projects and groups

* Fix: log error message

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix: make doc a markdown link

* Add notes about read_api scope for projects

* Fix: Verifier override in Gitlab Provider

This commit fixes a bug caused by an override of the Verifier value from *ProviderData inside GitlabProvider struct

* Fix: ensure data in session before using it

* Update providers/gitlab.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Rename gitlab project initializer

* Improve return value readbility

* Use splitN

* Handle space delimiters in set project scope

* Reword comment for AddProjects

* Fix: typo

* Rework error handling in addProjectsToSession

* Reduce branching complexity in addProjectsToSession

* Fix: line returns

* Better comment for addProjectsToSession

* Fix: enrich session comment

* Fix: email domains is handled before provider mechanism

* Add archived project unit test

* Fix: emails handling in gitlab provider

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
 2020-12-05 10:57:33 -08:00
Joel Speed
b201dbb2d3 Add convert-config-to-alpha flag to convert existing configuration to alpha structure 2020-12-01 08:56:51 +00:00
Joel Speed
f36dfbb494 Introduce alpha configuration loading 2020-12-01 08:56:49 +00:00
Joel Speed
5b003a5657 SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
Nick Meves
5f8f856260 Remove failed bearer tokens from logs 2020-11-28 10:25:12 -08:00
Nick Meves
22f60e9b63 Generalize and extend default CreateSessionFromToken 2020-11-28 10:25:12 -08:00
Nick Meves
44fa8316a1 Aggregate error logging on JWT chain failures 2020-11-28 10:25:12 -08:00
Nick Meves
3e9717d489 Decouple TokenToSession from OIDC & add a generic VerifyFunc 2020-11-28 10:25:11 -08:00
Joel Speed
482cd32a17 Fix basic auth legacy header conversion 2020-11-19 20:07:59 +00:00
Joel Speed
aed43a54da Add DefaultUpstreamFlushInterval to replace magic time.Second value 2020-11-19 10:39:21 +00:00
Joel Speed
d353d94631 Add AlphaOptions struct and ensure that all children have valid JSON tags 2020-11-19 10:35:31 +00:00
Joel Speed
b6d6f31ac1 Introduce Duration so that marshalling works for duration strings 2020-11-19 10:35:29 +00:00
Joel Speed
3a4660414a Fix log calldepth 2020-11-15 18:52:59 +00:00
Nick Meves
b92fd4b0bb Streamline Google to use default Authorize 2020-11-12 11:18:58 -08:00
Nick Meves
eb58ea2ed9 Move AllowedGroups to DefaultProvider for default Authorize usage 2020-11-12 11:18:15 -08:00
Arcadiy Ivanov
45ae87e4b7 Logs provider name on startup 
If invalid provider is specified, stop and error out

fixes #895
 2020-11-12 10:39:35 -05:00
Nick Meves
2b15ba0bcf Remove v5 JSON session support 2020-11-08 08:52:55 -08:00
Nick Meves
7d6ff03d13 Fix X-Auth-Request-Preferred-Username in response headers 2020-11-07 12:47:42 -08:00
Nick Meves
1c26539ef0 Align tests to SkipAuthStripHeaders default 2020-11-07 12:33:37 -08:00
Nick Meves
14fd934b32 Flip --skip-auth-strip-headers to true by default 2020-11-07 11:43:45 -08:00
Joel Speed
92d09343d2 Add tests for legacy header conversion 2020-11-07 17:17:10 +00:00
Joel Speed
8d1bbf33b1 Add tests for headers validation 2020-11-07 17:17:06 +00:00
Joel Speed
1dac1419b3 Add tests for SecretSource validation 2020-11-07 17:17:02 +00:00
Joel Speed
8059a812cd Integrate new header injectors with OAuth2 Proxy 2020-11-07 17:16:58 +00:00
Joel Speed
d26c65ba8d Add validation for Headers struct 2020-11-07 17:16:54 +00:00
Joel Speed
2dc0d1e7ee Create LegacyHeaders struct and conversion to new Headers 2020-11-07 17:16:49 +00:00
Nick Meves
4a54c9421c Remove EmailDomain verification from GitLab provider 
This is handled globally
 2020-10-20 10:01:53 -07:00
Joel Speed
70990327d1 Make claims list of strings 2020-10-07 18:25:00 +01:00
Joel Speed
6743e3991d Add header injector middlewares 2020-10-07 18:24:58 +01:00
Joel Speed
fc2ff19a19 Add header Injector 2020-10-07 18:24:57 +01:00
Joel Speed
eec7565c52 Add Header option structure 2020-10-07 18:24:56 +01:00
Nick Meves
b7b7ade7c4 Improve AllowedRoute test table formatting 2020-10-07 10:13:41 -07:00
Nick Meves
fa4ba5e7ea Convert allowlist validation test to Ginkgo 2020-10-07 10:13:41 -07:00
Nick Meves
183cb124a4 Support HTTP method based allowlists 2020-10-07 10:13:40 -07:00
Mitsuo Heijo
fcb83c48f4 Update go-redis/redis to v8 (#801) 
* update go-redis/redis to v8

testify, ginko and gomega have also been updated.

* update changelog

* Update pkg/sessions/redis/redis_store_test.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-10-07 11:49:27 +01:00
Mitsuo Heijo
3fa42edb73 Fix import path for v7 (#800) 
* fix import path for v7

find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'

* fix module path

* go mod tidy

* fix installation docs

* update CHANGELOG

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-09-29 17:44:42 +01:00
Nick Meves
6db1aeb9c6 Validate Redis session store health on startup 2020-09-24 10:41:43 -07:00
Nick Meves
56f199a24f Stop accepting legacy SHA1 signed cookies 2020-09-24 10:31:34 -07:00
Stefan Sedich
9d59519a96 Add support to ensure user belongs in required groups when using the OIDC provider 2020-09-21 10:43:54 -07:00
Lennart Jern
e14d6ab791 Document bcrypt encryption for htpasswd 
Remove mention of (insecure) SHA option for encryption.
 2020-09-11 13:32:00 +03:00
Joel Speed
bd619ab63e Fix conversion of file upstreams 2020-08-31 16:54:13 +01:00
Joel Speed
b40517bbe3 Fix conversion of static responses in upstreams 2020-08-31 16:54:01 +01:00
Nick Meves
29b24793e3 Use X-Forwarded-Host consistently 2020-08-31 08:31:45 -07:00
Joel Speed
105d5acb7b Only log no cookie match if cookie domains specified 2020-08-27 14:48:00 +01:00
Joel Speed
16a30002df Ensure session times are not nil before printing them 2020-08-16 19:53:52 +01:00
Nick Meves
51a9062044 Support Password & SentinelPassword in Redis session store 2020-08-11 12:22:05 -07:00
Nick Meves
b6e78efc1e Add x-oauth-basic nosec annotation & address gosec unhandled errors 2020-08-10 15:15:16 -07:00