1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-30 09:16:52 +02:00
Commit Graph

377 Commits

Author SHA1 Message Date
Ian Roberts
16f032bce9 Clarify what rewriteTarget means for a file: upstream 2024-09-02 11:27:28 +01:00
Ian Roberts
cb53401c3a Don't use http.StripPrefix when a file: upstream has rewriteTarget
A regular (non-regex) file: upstream needs to strip the prefix so that it is equivalent to "mounting" the specified directory under the configured path in the URL space, but with regex rewriting the target path is determined by the rewriteTarget.

Fixes oauth2-proxy/oauth2-proxy#2242
2024-09-02 11:27:28 +01:00
Ian Roberts
b618ed7150 Test for a file:/// upstream combined with regex path rewrite 2024-09-02 11:27:28 +01:00
Teko
f9a0a4a280
doc: fix typo in function description (#2738) 2024-08-20 18:41:23 +02:00
Koen van Zuijlen
343bd61ebb
chore(deps): Updated to ginkgo v2 (#2459)
* chore(deps): Updated to ginkgo v2

* fix basic auth test suite cleanup

* fix redis store tests

* add changelog entry

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
2024-07-18 22:41:02 +02:00
af su
211c605875
docs: additional notes about available claims for HeaderValue (#2674)
* docs: additional notes on HeaderValue

* docs: add code comments

* fix missing preferred_username

* regenerate docs

* add changelog entry

---------

Co-authored-by: afsu <saf@zjuici.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
2024-07-18 22:31:19 +02:00
Jacob Middag
3045392c17
feat: Replace default Go user-agent with oauth2-proxy and version (#2570)
* feat: Replace default Go user-agent with oauth2-proxy and version

* Add to CHANGELOG

* Make userAgentTransport configurable and composable

* Use correct naming convention for DefaultHTTPClient

* Move version to own package and use named arguments

* Update version path in Makefile

* Fix import path in Makefile

* Change importpath in dist.sh

* Minor style issues
2024-07-14 21:09:17 +01:00
Blue Falcon
8dfb7e9b26
docs: update README and fix code some commentary typos (#2608)
* Update overview.md

see: fc701bfd6a/pkg/apis/options/options.go (L123)

* docs(code-commentary): typo

- fixed typo

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
2024-06-24 22:15:24 +02:00
Josef Johansson
8f7209ba1a pkg/http: Fix leaking goroutines in tests
By using the context created by the test, the goroutines produced in
http.Client is actually closed when cancelled and such, not leaked.

Signed-off-by: Josef Johansson <josef86@gmail.com>
2024-03-26 12:31:26 +01:00
Josef Johansson
bb6aba4a00 pkg/http/server_test.go: Add gleak to find goroutine leaks
Signed-off-by: Josef Johansson <josef86@gmail.com>
2024-03-26 12:30:41 +01:00
kvanzuijlen
f8efdbae5f
chore: Updated go-jwt to v5 2024-03-04 01:42:00 +01:00
Damien Degois
e7d20519df
Session aware logout, backend logout url approach (#1876)
* Session aware logout, backend logout url approach

* Add CHANGELOG.md and documentation for #1876

* Proper http handling and case change for golint compliance

* Update alpha_config.md

* Fix case conformity

* Change placeholder from ${id_token} to {id_token}

As this should be specified in a URL and curly braces should be escaped as %7b and %7d, therefore using {} shouldn't be an issue

* Apply suggestions from code review

Co-authored-by: Jan Larwig <jan@larwig.com>

* Add other suggestions

* Add suggestions and move background logout to generic provider

* Changelog updated

* Update oauthproxy.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Add comment for gosec, remove sensitive data from log

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2024-01-26 12:48:09 +00:00
Jan Larwig
5e68dad636
upgrading to go 1.21 (#2235)
* chore: bump go to version 1.21

update all depedencies as well

* fix linting issues based on golang 1.20 deprecations

* cleanup go depedencies

* add custom gomega matcher for option intefaces

* revert and upgrade golangci-lint to 1.55.2

* fix lint issues for v1.55.2 of golangci-lint

* fix toml loading test

* remove second runspecs call

* update go.sum

* revert testutil package
2024-01-22 13:39:53 +00:00
Koen van Zuijlen
f88f09f962
Improved dev environment (#2211)
* Improved dev env setup

* Cleanup duplicate checks

* Applied PR feedback

* Updated go.mod/go.sum

* go mod tidy

* Update .devcontainer/devcontainer.json

* Update pkg/http/server_test.go

Co-authored-by: Jan Larwig <jan@larwig.com>

* Create launch.json

* Update .devcontainer/Dockerfile

* Apply suggestions from code review

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
2024-01-20 20:10:37 +00:00
Ross Golder
f3dbca600f
Add ability to configure username for Redis cluster connections (#2381)
* Initial attempt.

* Add CHANGELOG entry.

* Drop commented-out Sentinel test.

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2024-01-20 20:00:02 +00:00
Nils Gustav Stråbø
4c2bf5a2fe
Feature/add option to skip loading claims from profile url (#2329)
* add new flag skip-claims-from-profile-url

* skip passing profile URL if SkipClaimsFromProfileURL

* docs for --skip-claims-from-profile-url flag

* update flag comment

* update docs

* update CHANGELOG.md

* Update providers/provider_data.go

Co-authored-by: Jan Larwig <jan@larwig.com>

* Add tests for SkipClaimsFromProfileURL

* simplify tests for SkipClaimsFromProfileURL

* generate alpha_config.md

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
2024-01-20 19:51:42 +00:00
Jan Larwig
2f3c811e6a
Feature - Add env variable support for alpha struct (#2375)
* added envsubstring package and added simple test cases.imple tests.

* added documentation

* added changelog entry

* added documentation to wrong file


.

* changed tests to ginkgo format

* update project to use better maintained library

* use defer to clear test variable after tests finished

* updated docs for the new package documentation and fixed bad english

* refactored function to "reduce" complexity.

* updated changelog for new version

updated readme

* minor formatting

---------

Co-authored-by: Haydn Evans <h.evans@douglas.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2024-01-20 19:37:24 +00:00
Jan Brezina
bc022fbfd1
Add possibility to encode the state param as UrlEncodedBase64 (#2312)
* Add possibility to encode the state param as UrlEncodedBase64

* Update CHANGELOG.md

* Update oauthproxy.go

Co-authored-by: Jan Larwig <jan@larwig.com>

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
2024-01-20 19:08:30 +00:00
darh
bfd667e4a2
Update go-jose dependency as requested in #2350 (#2356)
* update go-jose dependency by switching gopkg.in/square/go-jose.v2
with github.com/go-jose/go-jose/v3

* updated `CHANGELOG.md` with entry for PR #2356

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2024-01-08 13:08:35 +00:00
Tim White
551b6c9056
Support http.AllowQuerySemicolons (#2248)
* Support http.AllowQuerySemicolons

* Docs

* Make it clear we are overriding the handler

* Update documentation for allow-query-semicolons

* Fix changelog format

* Fix formatting

---------

Co-authored-by: MickMake <github@mickmake.com>
2023-11-20 09:36:03 +00:00
Nuno Miguel Micaelo Borges
1e61b65e28
Issue 978: Fix Custom cookie name breaks redis for session (#1949)
* Issue 978: Fix Custom cookie name breaks redis for session (see https://github.com/oauth2-proxy/oauth2-proxy/issues/978)

* Issue 978: Fix Custom cookie name breaks redis for session (see https://github.com/oauth2-proxy/oauth2-proxy/issues/978)

* Update CHANGELOG.md

* Issue 978: Fix Custom cookie name breaks redis for session

* Issue 978: Fix Custom cookie name breaks redis for session

* Issue 978: Fix Custom cookie name breaks redis for session

* Issue 978: Fix Custom cookie name breaks redis for session

* Issue 978: Fix Custom cookie name breaks redis for session

* Issue 978: Fix Custom cookie name breaks redis for session

* Update CHANGELOG.md

---------

Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-11-18 14:23:00 +00:00
Koen van Zuijlen
76bc2cf73f
Refactored docs (#2284)
* Refactored documentation for providers

* Lots of fixes
- Fixed grammar/typos
- Fixed sidebar config
- Enabled additional prism languages

* Removed useless spaces

* Fixed leftover typos

* Fixes for verify-generate

* Updated package-lock.json
2023-10-31 19:32:59 +00:00
Damien Degois
70571d96e1
Add support for unix socket as upstream (#1866)
* Add support for unix socket as upstream

* Add CHANGELOG.md entry

* Add Unix socket documentation

* Don't export unixRoundTripper, switch from string prefix to Scheme match

* Add basic unix server mock

* Add some tests and comments
2023-10-26 10:57:00 +01:00
Joel Speed
48247d3e79
Merge pull request #2283 from kvanzuijlen/golint
Updated linters
2023-10-25 11:36:44 +01:00
emsixteeen
a5006fd606
Issue: 2236 - adds an option to append CA certificates (#2237)
* adding append option for custom CA certs

* updated test for changed GetCertPool signature, added testing to check functionality of empty and non-empty store

* adding legacy options as well

* update associated documentation

* fixing code climate complaints - reduce number of return statements

* Apply suggestions from code review

Changes caFilesAppend (and variants) to useSystemTrustStore

Co-authored-by: Jan Larwig <jan@larwig.com>

* Apply suggestions from code review

Fixes extra whitespaces and grammar.

Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>

* fix indentation

* update changelog

---------

Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-10-25 11:36:17 +01:00
axel7083
601477a52c
Feature: Allowing relative redirect url though an option (#2183)
* Adding relative redirect url option

* Updating CHANGELOG.md

* tests: adding unit test for getOAuthRedirectURI

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-10-25 10:25:01 +01:00
Koen van Zuijlen
464f3bcf53
Fixed Google ADC functionality (#2282)
* Fixed Google ADC functionality

* Updated CHANGELOG.md

* Redo changes after merge-conflict

* Fixed docs

* Fixed linting issues

* Applied PR suggestions
2023-10-24 20:03:16 +01:00
kvanzuijlen
e13a5048eb Updated linters 2023-10-24 16:37:57 +02:00
vllvll
b78c391adc
Update dependencies (#2128)
* Update dependencies

* Update changelog
2023-10-02 10:26:58 +01:00
Koen van Zuijlen
f3269b3f26
Fixed name for GoogleGroups env variable + unit tests (#2221)
* Fixed name for GoogleGroups env variable + unit tests

* Added changelog

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-09-08 16:27:15 +01:00
Koen van Zuijlen
a6e8ec81e8
Workload identity support (#2126)
* WIP: support for workload identity

* WIP: bugfixes to support WI

* Added support for Workload Identity

* Added missing flag

* Refactoring and typo

* Updated CHANGELOG.md

* Updated docs

* Updated changelog

* Improved readability and fixed codeclimate issues

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fixed if statement

* Apply suggestions from code review

Co-authored-by: Jan Larwig <jan@larwig.com>

* Cleanup

* Removed target principal

* Removed references to target principal

* Added docs

* Fixed header anchor linking

* Update auth.md

* Updated generated code

* Improved code

* Fixed tests

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Jan Larwig <jan@larwig.com>
2023-09-04 10:34:54 +01:00
Cory Bolar
a02ab7c04e Embed static stylesheets and dependencies
Embedding css and webfont dependencies allows the application to present
itself correctly in an environment that does not allow downloading the
files from a cdn.

Inspiration taken from #1492 but reworked to make use of embed.FS
simplifying the approach.
2023-08-24 20:50:17 -04:00
Joseph Weigl
bd867b5138
Bugfix/check json path (#1921)
* Validate jsonpath in claim extractor

Signed-off-by: Joseph Weigl <joseph.weigl@audi.de>

* Add test and changelog for claim extractor json path

---------

Signed-off-by: Joseph Weigl <joseph.weigl@audi.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-08-24 13:40:43 +01:00
t-katsumura
d107d885e4
Session-Cookie Support (#1713)
* Create session cookie when cookie-expire set 0

* Fix format

* add test

* fix lint error

* fix test code

* fix conflicted test case

* update test case of cookie expiration

* update tests of csrf cookies

* update docs

* Update docs/docs/configuration/overview.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

---------

Co-authored-by: tanuki884 <morkazuk@fsi.co.jp>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-08-16 12:23:02 +01:00
Cory Bolar
1bb3fbcea6
Ensure sign-in page background is uniform throughout the page (#1988)
* Ensure sign-in page background is uniform throughout the page

Configured banners that take up large amounts of space leave a gap of blank
background between where the body ends and the footer starts.  Fix this by
setting the style for the section containing the banner to match the body and
footer

* Add changelog entry

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2023-03-05 17:24:35 +00:00
Nuno Miguel Micaelo Borges
e079c60dfe
Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is wri… (#2013)
* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Fixes CVE-2022-41721 (#1994)

See: https://avd.aquasec.com/nvd/2022/cve-2022-41717/

* update checkout actions (#1981)

* Fix a typo in oauthproxy.go (#2021)

* fix typo (#2001)

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

* Issue 1929: Oauth2-proxy v7.4.0 is not using alpine:3.16 as it is written in code & updates versions due to fixed CVEs

---------

Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
Co-authored-by: Jeroen Landheer <jlandheer@bintelligence.nl>
Co-authored-by: Ryuichi Watanabe <ryucrosskey@gmail.com>
Co-authored-by: Ho Kim <ho.kim@ulagbulag.io>
Co-authored-by: Terrell Russell <terrellrussell@gmail.com>
2023-03-05 17:12:55 +00:00
Terrell Russell
f204625791
fix typo (#2001) 2023-02-20 14:21:42 +00:00
Kobi Meirson
f753ec1ca5
feat: readiness check (#1839)
* feat: readiness check

* fix: no need for query param

* docs: add a note

* chore: move the readyness check to its own endpoint

* docs(cr): add godoc

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-12-23 09:08:12 +00:00
Braunson M
311d210ec4 Remove unsupported special characters from the code verifier runes
- Not all special ASCII characters are strictly supported by the spec
2022-12-16 19:57:02 -05:00
Braunson M
f4f5b7756c Fix PKCE code verifier generation to never use UTF-8 characters
- This could result in intermittent/random failures of PKCE enabled IdP's
2022-11-18 20:37:14 -05:00
Damien Degois
86011e8ac7 Protect htpasswd user list from race condition 2022-11-03 15:38:41 +01:00
Joel Speed
4a2cf153cf
Fixup update session state handling 2022-10-29 12:49:53 +01:00
Joel Speed
0586a9e072
Update middleware tests 2022-10-29 12:49:52 +01:00
Joel Speed
5dfefb6d9b
Update session state handling 2022-10-29 12:49:49 +01:00
Muhammad Arham
1e21a56f99
Update go-redis/redis to v9. (#1847)
* Update go-redis/redis to v9.
- And updated redislock, testify, ginko and gomega have also been updated.
- Renamed the option `IdleTimeout` to `ConnMaxIdleTime` because of 517938a6b0/CHANGELOG.md

* Update CHANGELOG.md

* Dropping dot import of the types since they created aliases now

* fixing some error messages to make tests happy

* updating more error messages that were changed to make tests happy

* reverting error messages

Co-authored-by: Muhammad Arham <marham@i2cinc.com>
2022-10-24 16:41:06 +01:00
Adrian Aneci
a5d918898c Add azure groups support and oauth2 v2.0 2022-10-21 20:23:21 +03:00
Andrew Hamade
7fe6384f38
Fix Linting Errors (#1835)
* initial commit: add groups to azure

Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>

* fix deprecations and linting errors

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* remove groups testing from azure provider

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* fix test error

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* verify-generate

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
2022-10-21 11:57:51 +01:00
Segfault16
965fab422d
Add API route config (#1760)
* Add API route config

In addition to requests with Accept header `application/json` return 401 instead of 302 to login page on requests matching API paths regex.

* Update changelog

* Refactor

* Remove unnecessary comment

* Reorder checks

* Lint Api -> API

Co-authored-by: Sebastian Halder <sebastian.halder@boehringer-ingelheim.com>
2022-09-11 16:09:32 +01:00
Ian Serpa
f53754808b Support negating for skip auth routes 2022-09-02 22:23:29 +02:00
Alexandru Ciobanu
037cb041d3
Watch the htpasswd file for changes and update the htpasswdMap (#1701)
* dynamically update the htpasswdMap based on the changes made to the htpasswd file

* added tests to validate that htpasswdMap is updated after the htpasswd file is changed

* refactored `htpasswd` and `watcher` to lower cognitive complexity

* returned errors and refactored tests

* added `CHANGELOG.md` entry for #1701 and fixed the codeclimate issue

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix lint issue from code suggestion

* Wrap htpasswd load and watch errors with context

* add the htpasswd wrapped error context to the test

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-09-01 19:46:00 +01:00