1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Commit Graph

333 Commits

Author SHA1 Message Date
Joel Speed
1ccaea7710
Add advisory note to changelog 2021-02-01 18:12:34 +00:00
Joel Speed
d1a249262f
Create v7.0.x versioned docs
Created within: yarn run docusaurus docs:version 7.0.x
2021-02-01 18:05:47 +00:00
Joel Speed
a909d33355
Update CHANGELOG for release v7.0.0 2021-02-01 18:05:44 +00:00
Nishanth Reddy
48b1658e5d
Update alpine version to 3.13 (#1013)
* Update alpine version to 3.13 

alpine 3.12 has a CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28928 which got fixed in recent version

* address review comments
2021-01-30 15:33:28 +00:00
Lida Li
b541805dc1
Use comma separated multiple values for header (#799)
* Use comma separated value for multiple claims

* Fix lint error

* Fix more tests

* Fix one more test

* Always flatten the headers

* Ensure we test the real multi-groups

* Only update map when necessary

* Update CHANGELOG

* Move to the right location of change log

* Fix blank line
2021-01-22 08:48:34 +00:00
Kevin Kreitner
57640764c0
Use logger for sensitive data logging to be able to disable it (#1002)
* Add sensible logging flag to default setup for logger

* Use logger instead of fmt for info logging with sensible data

* Remove sensible logging flag

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-01-20 19:56:13 +00:00
Joel Speed
fbfc0959cb
Add changelog entry for new alpha configuration docs 2021-01-18 09:57:51 +00:00
Nick Meves
da02914a9c
Log IsValidRedirect violations and do a final safety call 2021-01-16 13:56:38 -08:00
Joel Speed
e50e6ed373
Add Security Policy 2021-01-16 19:47:47 +00:00
Nikolai Prokoschenko
81bf1ef8ce Adapt isAjax to support mimetype lists
Fixes #988
2021-01-12 19:37:30 +01:00
Ilia Pertsev
597ffeb121
Fix joined cookie name for those containing underline in the suffix (#970)
* properly handle splitted cookies with names ending with _

* test update

* provide cookieName into joinCookies instead of processing the suffix

* changelog update

* test update
2021-01-04 17:21:17 -08:00
İlteriş Eroğlu
1d74a51cd7
Use X-Forwarded-{Proto,Host,Uri} on redirect as last resort (#957) 2021-01-01 15:23:11 -08:00
Nick Meves
f07a5630f1
Update Keycloak documentation 2020-12-24 14:04:19 -08:00
Nick Meves
753f6c548a
Add a detailed allowed_groups example to Important Notes 2020-12-24 12:05:12 -08:00
Nick Meves
65e15f24c1
Support only allowed_groups querystring 2020-12-24 12:05:12 -08:00
Nick Meves
025056cba0
Move AuthOnly authorize logic to a dedicated method 2020-12-24 12:05:11 -08:00
Nick Meves
23b2355f85
Allow group authZ in AuthOnly endpoint via Querystring 2020-12-24 12:04:01 -08:00
Nick Meves
ea5b8cc21f
Support non-list and complex groups 2020-12-21 16:52:18 -08:00
Nick Meves
eb56f24d6d
Deprecate UserIDClaim in config and docs 2020-12-21 16:52:17 -08:00
Mathieu Lecarme
d67d6e3152
Add authorization support for Gitlab projects (#630)
* Add support for gitlab projets

* Add group membership in state

* Use prefixed allowed groups everywhere

* Fix: remove unused function

* Fix: rename func that add data to session

* Simplify projects and groups session funcs

* Add project access level for gitlab projects

* Fix: default access level

* Add per project access level

* Add user email when missing access level

* Fix: harmonize errors

* Update docs and flags description for gitlab project

* Add test with both projects and groups

* Fix: log error message

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix: make doc a markdown link

* Add notes about read_api scope for projects

* Fix: Verifier override in Gitlab Provider

This commit fixes a bug caused by an override of the Verifier value from *ProviderData inside GitlabProvider struct

* Fix: ensure data in session before using it

* Update providers/gitlab.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Rename gitlab project initializer

* Improve return value readbility

* Use splitN

* Handle space delimiters in set project scope

* Reword comment for AddProjects

* Fix: typo

* Rework error handling in addProjectsToSession

* Reduce branching complexity in addProjectsToSession

* Fix: line returns

* Better comment for addProjectsToSession

* Fix: enrich session comment

* Fix: email domains is handled before provider mechanism

* Add archived project unit test

* Fix: emails handling in gitlab provider

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2020-12-05 10:57:33 -08:00
Joel Speed
d749c11e73
Add changelog entry for adding alpha configuration 2020-12-01 08:57:13 +00:00
Nick Meves
26ed080bed
Cleanup method name refactors missed in comments 2020-11-29 14:18:14 -08:00
Nick Meves
44fa8316a1
Aggregate error logging on JWT chain failures 2020-11-28 10:25:12 -08:00
Nick Meves
2549b722d3
Add User & Groups to Userinfo 2020-11-25 18:19:48 -08:00
Joel Speed
482cd32a17
Fix basic auth legacy header conversion 2020-11-19 20:07:59 +00:00
Joel Speed
8e582ac02a
Add changelog entry for adding alphaoptions struct 2020-11-19 10:35:56 +00:00
Akira Ajisaka
ed92df3537
Support TLS 1.3 (#923)
* Support TLS 1.3

* Set TLS 1.3 explicitly to fix gosec warning.

* Add an entry to changelog.

* Fix typo in the changelog.

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-19 10:25:53 +00:00
Joel Speed
3a4660414a
Fix log calldepth 2020-11-15 18:52:59 +00:00
Nick Meves
f21b3b8b20
Authorize in Redeem callback flow 2020-11-12 11:18:59 -08:00
Nick Meves
b92fd4b0bb
Streamline Google to use default Authorize 2020-11-12 11:18:58 -08:00
Arcadiy Ivanov
45ae87e4b7
Logs provider name on startup
If invalid provider is specified, stop and error out

fixes #895
2020-11-12 10:39:35 -05:00
Joel Speed
66550db7b9
Add changelog entry for v6.1.x docs 2020-11-08 19:39:39 +00:00
ofir-amir
cc6532a282
Use display-htpasswd-form flag (#778)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-08 18:48:01 +00:00
Nick Meves
2b15ba0bcf
Remove v5 JSON session support 2020-11-08 08:52:55 -08:00
Nick Meves
14fd934b32
Flip --skip-auth-strip-headers to true by default 2020-11-07 11:43:45 -08:00
Joel Speed
1270104806
Update changelog to include integration of new header injection 2020-11-07 17:17:43 +00:00
Joel Speed
5a7ae59f2a
Add changelog entry for migrating to docusaurus 2020-11-05 16:09:02 +00:00
Alexander Block
0e119d7c84
Azure token refresh (#754)
* Implement azure token refresh

Based on original PR https://github.com/oauth2-proxy/oauth2-proxy/pull/278

* Update CHANGELOG.md

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Set CreatedAt to Now() on token refresh

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-04 11:25:59 -08:00
Kevin Kreitner
65016c8da1
Enable custom structure for group claim with default name group (#839)
* Allow complex structure for groups in group claim.

* Remove unused constant

* Update variable name

* Fix linting

* Use helper method

* Log error if not possible to append group value

* Add missing import

* Use own logger

* Fix imports

* Remove Dockerfile for testing

* Add Changelog entry

* Use formatGroup helper method and update tests

* Return string instead of string array

* Remove groups variable

* Return error in format method.

* Reorder imports

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2020-11-03 10:10:08 -08:00
Nick Meves
4a54c9421c
Remove EmailDomain verification from GitLab provider
This is handled globally
2020-10-20 10:01:53 -07:00
Nick Meves
2b9e1bbba0
Add EnrichSessionState as main post-Redeem session updater 2020-10-19 14:09:45 -07:00
Joel Speed
132c2cb210
Add changelog for fixing test reporting in github actions 2020-10-07 18:49:32 +01:00
Mitsuo Heijo
f705d2b5d3
Improve CI (#819)
* simplify github actions workflow

no more GOPATH, update Go to 1.15.x

* add script to install golangci-lint

* drop support for Go 1.14

* check docker build in ci

* update alpine linux to 3.12

* update CHANGELOG

* fix golangci-lint installation

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-10-07 18:46:41 +01:00
Joel Speed
c9b3422801
Add changelog entry for generic header injectors 2020-10-07 18:24:59 +01:00
Nick Meves
fa4ba5e7ea
Convert allowlist validation test to Ginkgo 2020-10-07 10:13:41 -07:00
Nick Meves
183cb124a4
Support HTTP method based allowlists 2020-10-07 10:13:40 -07:00
Mitsuo Heijo
fcb83c48f4
Update go-redis/redis to v8 (#801)
* update go-redis/redis to v8

testify, ginko and gomega have also been updated.

* update changelog

* Update pkg/sessions/redis/redis_store_test.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-10-07 11:49:27 +01:00
Mitsuo Heijo
5c62690653 Rename test directory to testdata
See https://golang.org/cmd/go/#hdr-Test_packages
2020-10-06 21:37:25 +09:00
Shinebayar G
dc7dbc5d28
ci: migrate to Github Actions, close #546 (#750)
* ci: migrate to Github Actions

* ci: optimize on feedback

* ci: run gocov in correct dir

* ci: running after-build script always

* ci: giving test script execute permission

* ci: correct error handling on test script

* ci: more verbose test script

* ci: configure CC_TEST_REPORTER_ID env

* ci: check existence of CC_TEST_REPORT_ID variable, skip if unset

* ci: check existence of CC_TEST_REPORT_ID variable, skip if unset

* update changelog

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-10-05 10:29:47 +01:00
Thiago Caiubi
8be97f25e7
Fix build (#813)
* Fix build

Without the v7 path it builds old version of the project (v3.2.0).

* Update CHANGELOG.md
2020-10-03 14:09:40 +01:00