* feat: Replace default Go user-agent with oauth2-proxy and version
* Add to CHANGELOG
* Make userAgentTransport configurable and composable
* Use correct naming convention for DefaultHTTPClient
* Move version to own package and use named arguments
* Update version path in Makefile
* Fix import path in Makefile
* Change importpath in dist.sh
* Minor style issues
By using the context created by the test, the goroutines produced in
http.Client is actually closed when cancelled and such, not leaked.
Signed-off-by: Josef Johansson <josef86@gmail.com>
* Session aware logout, backend logout url approach
* Add CHANGELOG.md and documentation for #1876
* Proper http handling and case change for golint compliance
* Update alpha_config.md
* Fix case conformity
* Change placeholder from ${id_token} to {id_token}
As this should be specified in a URL and curly braces should be escaped as %7b and %7d, therefore using {} shouldn't be an issue
* Apply suggestions from code review
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add other suggestions
* Add suggestions and move background logout to generic provider
* Changelog updated
* Update oauthproxy.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Add comment for gosec, remove sensitive data from log
---------
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* chore: bump go to version 1.21
update all depedencies as well
* fix linting issues based on golang 1.20 deprecations
* cleanup go depedencies
* add custom gomega matcher for option intefaces
* revert and upgrade golangci-lint to 1.55.2
* fix lint issues for v1.55.2 of golangci-lint
* fix toml loading test
* remove second runspecs call
* update go.sum
* revert testutil package
* added envsubstring package and added simple test cases.imple tests.
* added documentation
* added changelog entry
* added documentation to wrong file
.
* changed tests to ginkgo format
* update project to use better maintained library
* use defer to clear test variable after tests finished
* updated docs for the new package documentation and fixed bad english
* refactored function to "reduce" complexity.
* updated changelog for new version
updated readme
* minor formatting
---------
Co-authored-by: Haydn Evans <h.evans@douglas.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Add possibility to encode the state param as UrlEncodedBase64
* Update CHANGELOG.md
* Update oauthproxy.go
Co-authored-by: Jan Larwig <jan@larwig.com>
---------
Co-authored-by: Jan Larwig <jan@larwig.com>
* update go-jose dependency by switching gopkg.in/square/go-jose.v2
with github.com/go-jose/go-jose/v3
* updated `CHANGELOG.md` with entry for PR #2356
---------
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Support http.AllowQuerySemicolons
* Docs
* Make it clear we are overriding the handler
* Update documentation for allow-query-semicolons
* Fix changelog format
* Fix formatting
---------
Co-authored-by: MickMake <github@mickmake.com>
* Add support for unix socket as upstream
* Add CHANGELOG.md entry
* Add Unix socket documentation
* Don't export unixRoundTripper, switch from string prefix to Scheme match
* Add basic unix server mock
* Add some tests and comments
* adding append option for custom CA certs
* updated test for changed GetCertPool signature, added testing to check functionality of empty and non-empty store
* adding legacy options as well
* update associated documentation
* fixing code climate complaints - reduce number of return statements
* Apply suggestions from code review
Changes caFilesAppend (and variants) to useSystemTrustStore
Co-authored-by: Jan Larwig <jan@larwig.com>
* Apply suggestions from code review
Fixes extra whitespaces and grammar.
Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
* fix indentation
* update changelog
---------
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Embedding css and webfont dependencies allows the application to present
itself correctly in an environment that does not allow downloading the
files from a cdn.
Inspiration taken from #1492 but reworked to make use of embed.FS
simplifying the approach.
* Validate jsonpath in claim extractor
Signed-off-by: Joseph Weigl <joseph.weigl@audi.de>
* Add test and changelog for claim extractor json path
---------
Signed-off-by: Joseph Weigl <joseph.weigl@audi.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Create session cookie when cookie-expire set 0
* Fix format
* add test
* fix lint error
* fix test code
* fix conflicted test case
* update test case of cookie expiration
* update tests of csrf cookies
* update docs
* Update docs/docs/configuration/overview.md
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
---------
Co-authored-by: tanuki884 <morkazuk@fsi.co.jp>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Ensure sign-in page background is uniform throughout the page
Configured banners that take up large amounts of space leave a gap of blank
background between where the body ends and the footer starts. Fix this by
setting the style for the section containing the banner to match the body and
footer
* Add changelog entry
---------
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
* Fixes CVE-2022-41721 (#1994)
See: https://avd.aquasec.com/nvd/2022/cve-2022-41717/
* update checkout actions (#1981)
* Fix a typo in oauthproxy.go (#2021)
* fix typo (#2001)
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs
---------
Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
Co-authored-by: Jeroen Landheer <jlandheer@bintelligence.nl>
Co-authored-by: Ryuichi Watanabe <ryucrosskey@gmail.com>
Co-authored-by: Ho Kim <ho.kim@ulagbulag.io>
Co-authored-by: Terrell Russell <terrellrussell@gmail.com>
* feat: readiness check
* fix: no need for query param
* docs: add a note
* chore: move the readyness check to its own endpoint
* docs(cr): add godoc
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Update go-redis/redis to v9.
- And updated redislock, testify, ginko and gomega have also been updated.
- Renamed the option `IdleTimeout` to `ConnMaxIdleTime` because of 517938a6b0/CHANGELOG.md
* Update CHANGELOG.md
* Dropping dot import of the types since they created aliases now
* fixing some error messages to make tests happy
* updating more error messages that were changed to make tests happy
* reverting error messages
Co-authored-by: Muhammad Arham <marham@i2cinc.com>
* Add API route config
In addition to requests with Accept header `application/json` return 401 instead of 302 to login page on requests matching API paths regex.
* Update changelog
* Refactor
* Remove unnecessary comment
* Reorder checks
* Lint Api -> API
Co-authored-by: Sebastian Halder <sebastian.halder@boehringer-ingelheim.com>
* dynamically update the htpasswdMap based on the changes made to the htpasswd file
* added tests to validate that htpasswdMap is updated after the htpasswd file is changed
* refactored `htpasswd` and `watcher` to lower cognitive complexity
* returned errors and refactored tests
* added `CHANGELOG.md` entry for #1701 and fixed the codeclimate issue
* Apply suggestions from code review
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Fix lint issue from code suggestion
* Wrap htpasswd load and watch errors with context
* add the htpasswd wrapped error context to the test
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Inconsistent code-challenge-method CLI flag and config file naming
- Allow previous config option for now to prevent breaking configs
Fixes#1667
* Add changelog entry
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* adding IdleTimeout with the redis-connection-idle-timeout flag, to keep redis connections in valid state, when Redis option is set
* docs update - add redis idle timeout configurations
* changelog update for #1691 fix
