* Perform a regex replace of $NUM to $$NUM before running envsubst
* Perform a regex replace of $NUM to $$NUM before running envsubst
* add test case; fix linter warnings; add method documentation
Signed-off-by: Jan Larwig <jan@larwig.com>
* add changelog entry
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Allow setting maximum number of csrf cookies, deleting the oldest if necessary
* Add a test for multiple CSRF cookies to remove the old cookie
* Add docs/changelog
* If limit is <=0 do not clear
Signed-off-by: test <bert@transtrend.com>
* Better docs
Co-authored-by: Jan Larwig <jan@larwig.com>
* direct check of option value
Co-authored-by: Jan Larwig <jan@larwig.com>
* direct use of option value
Co-authored-by: Jan Larwig <jan@larwig.com>
* sort based on clock compare vs time compare
Co-authored-by: Jan Larwig <jan@larwig.com>
* clock.Clock does not implement Compare, fix csrf cookie extraction after rename
Signed-off-by: Bert Helderman <bert@transtrend.com>
* Linter fix
* add method signature documentation and slight formatting
Signed-off-by: Jan Larwig <jan@larwig.com>
* fix: test case for csrf cookie limit and flag
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Bert Helderman <bert@transtrend.com>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: test <bert@transtrend.com>
Co-authored-by: bh-tt <71650427+bh-tt@users.noreply.github.com>
* upgrade to go1.24.5
dependency updates
lint fixes
chore(deps): upgrade github.com/spf13/viper to v1.20.1
Note that this upgrade also implied to upgrade github.com/mitchellh/mapstructure
(nowadays unmaintained: https://gist.github.com/mitchellh/90029601268e59a29e64e55bab1c5bdc)
to github.com/go-viper/mapstructure/v2.
fix: adapt tests to match mapstructure v2 error messages
pkg/apis/options/load_test.go: skip tests on Go 1.23
Add a compile guard for Go < 1.24 for the pkg/apis/options/load_test.go
because the LoadYAML test depends on error messages produced by
encoding/json that changed slightly (names of embedded structs are now
reported). As we updated the test for go1.24, the test now fails on
1.23, but just for a slight difference, so we disable the test there.
fix: adapt tests to match mapstructure v2 error messages
remove pre 1.24 disclaimer
add changelog entry
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-Authored-By: Olivier Mengué <dolmen@cpan.org>
* add exclusion for 'avoid meaningless package names' in .golangci.yml
* chore(dep): upgrade all dependencies
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Olivier Mengué <dolmen@cpan.org>
Co-authored-by: Jan Larwig <jan@larwig.com>
* docs: clear up multiple-providers is unimplemented
Currently this configuration option is held up by #926. So users don't
assume this solution will work for them, and later find the feature is
not yet implemented -- own the shortcoming clearly.
* doc: add note about missing multi provider implementation to versioned docs
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Update Go version in devcontainer
* Add option to change response mode in authorization request
* Fix option name
* Update docs and changelog
* Rename config value to underscore
* Add unit tests for added parameter
* Move change to upcoming release
* Generate alpha config
---------
Co-authored-by: Michael Cornel <michael@stieler.it>
Remove github.com/oauth2-proxy/tools/reference-gen from dependencies.
Instead we are now running it with "go run" with a version suffix.
Long version:
- github.com/oauth2-proxy/tools/reference-gen is removed from
tools/tool/go
- in pkg/apis/options/doc.go we now run reference-run with a version
suffix (go run package@version) with the version comming from go.mod.
- the "//go:generate" line is split in 2 lines (using the -command
flag) for readability
- "go mod tidy" for cleaning dependencies from go.mod, go.sum
Note: we are not upgrading reference-gen here. That will be a further
separate change.
* Microsoft Entra ID Provider
* fix typo in function name
* documentation tweaks
* documentation and comment tweak
* docs tweaks
* final tweaks
* refactor: drop flag for skipping graph groups
* update legacy / deprecated provider page and sort provider overview
* reformat
* move entra-id provider into switch (treat like every other provider
* fix test case and reformat
* fix sidebar configuration
* apply review suggestions
* add pagination for graph api
* fix: do not error when groups unable to retrieve
* doc: number of groups fix
* restore master packages
* docs: tiny docs tweak
* address review comments
* fix codegen
---------
Co-authored-by: tuunit <jan@larwig.com>
When using sockets to pass data between e.g. nginx and oauth2-proxy it's
simpler to use sockets. Systemd can even facilitate this and pass the
actual socket directly.
This also means that only the socket runs with the same group as nginx
while the service runs with DynamicUser.
Does not support TLS yet.
nginx
```
server {
location /oauth2/ {
proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```
oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```
Start oauth2-proxy with the parameter `--http-address=fd:3`.
Signed-off-by: Josef Johansson <josef@oderland.se>
* Issue 2311: runtime error: index out of range [0] with length 0 while extracting state of of the csrf
---------
Co-authored-by: tuunit <jan@larwig.com>
A regular (non-regex) file: upstream needs to strip the prefix so that it is equivalent to "mounting" the specified directory under the configured path in the URL space, but with regex rewriting the target path is determined by the rewriteTarget.
Fixesoauth2-proxy/oauth2-proxy#2242
* feat: Replace default Go user-agent with oauth2-proxy and version
* Add to CHANGELOG
* Make userAgentTransport configurable and composable
* Use correct naming convention for DefaultHTTPClient
* Move version to own package and use named arguments
* Update version path in Makefile
* Fix import path in Makefile
* Change importpath in dist.sh
* Minor style issues
By using the context created by the test, the goroutines produced in
http.Client is actually closed when cancelled and such, not leaked.
Signed-off-by: Josef Johansson <josef86@gmail.com>
* Session aware logout, backend logout url approach
* Add CHANGELOG.md and documentation for #1876
* Proper http handling and case change for golint compliance
* Update alpha_config.md
* Fix case conformity
* Change placeholder from ${id_token} to {id_token}
As this should be specified in a URL and curly braces should be escaped as %7b and %7d, therefore using {} shouldn't be an issue
* Apply suggestions from code review
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add other suggestions
* Add suggestions and move background logout to generic provider
* Changelog updated
* Update oauthproxy.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Add comment for gosec, remove sensitive data from log
---------
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* chore: bump go to version 1.21
update all depedencies as well
* fix linting issues based on golang 1.20 deprecations
* cleanup go depedencies
* add custom gomega matcher for option intefaces
* revert and upgrade golangci-lint to 1.55.2
* fix lint issues for v1.55.2 of golangci-lint
* fix toml loading test
* remove second runspecs call
* update go.sum
* revert testutil package
* added envsubstring package and added simple test cases.imple tests.
* added documentation
* added changelog entry
* added documentation to wrong file
.
* changed tests to ginkgo format
* update project to use better maintained library
* use defer to clear test variable after tests finished
* updated docs for the new package documentation and fixed bad english
* refactored function to "reduce" complexity.
* updated changelog for new version
updated readme
* minor formatting
---------
Co-authored-by: Haydn Evans <h.evans@douglas.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
