1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-27 00:51:33 +02:00
Commit Graph

1113 Commits

Author SHA1 Message Date
1c1106721e Move RedirectToHTTPS to middleware package
Moves the logic for redirecting to HTTPs to a middleware package and adds tests for this logic.
Also makes the functionality more useful, previously it always redirected to the HTTPS address of the proxy, which may not have been intended, now it will redirect based on if a port is provided in the URL (assume public facing 80 to 443 or 4180 to 8443 for example)
2020-07-03 17:19:09 +01:00
39c01d5930 Merge pull request #654 from oauth2-proxy/redis-test-client-close
Close client connections after each redis test
2020-07-03 16:43:42 +01:00
5c8a66bcc9 Close client connections after each redis test 2020-07-03 16:24:47 +01:00
b0375e85fa Fix #635: Support specifying alternative provider TLS trust source(s) (#645)
* Fix #635: Support specifying alternative provider TLS trust source(s)

* Update pkg/apis/options/options.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/validation/options.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Address review comments

* upd CHANGELOG.md

* refactor test to assert textual subjects + add openssl gen cmd

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-07-03 16:09:17 +01:00
390d479d28 Update CODEOWNERS to request review from reviewers team (#613)
This means that we can keep the list of reviewers up to date based on team membership, rather than this file. Will make it easier to add and remove people going forward
2020-07-02 21:09:55 +01:00
4313553122 Merge pull request #542 from oauth2-proxy/refactor-session-tests
Move SessionStore tests to independent package
2020-07-01 23:00:23 +01:00
34137f7305 Move SessionStore tests to independent package 2020-07-01 06:41:35 +01:00
d9a45a3b47 Merge pull request #577 from oauth2-proxy/session-store-cipher
Move Cipher and Session Store initialisation out of Validation
2020-06-28 18:29:48 +01:00
6e1b3b9660 Switch to in session store initialisation 2020-06-28 12:50:55 +01:00
778463906a Update changelog for session storage initialisation move 2020-06-28 12:32:06 +01:00
5ce9e75c21 Initialise Session Storage in NewOAuthProxy instead of validation 2020-06-28 12:32:06 +01:00
c8dbf1cf60 Move Cipher intialisation to session store initialisation 2020-06-28 12:03:03 +01:00
d9af3ffc5e Merge pull request #641 from oauth2-proxy/release-v6.0.0
Update changelog ready for release v6.0.0
v6.0.0
2020-06-27 16:09:26 +01:00
6b43b41638 Fix tests broken by security advisory 2020-06-27 12:41:46 +01:00
25154ede41 Update changelog ready for release v6.0.0 2020-06-27 12:10:27 +01:00
ee5662e0f5 Merge pull request from GHSA-5m6c-jp6f-2vcv
* Add more Open Redirect test cases

* Add whitelisted domain to test

* Add more test cases

* Improve invalid redirect regex
2020-06-27 12:07:24 +01:00
1b6c54cae1 Change how gitlab-group is parsed on options (#639)
* Changed how gitlab-group is parsed, from string to []string

See #637

* Point out that gitlab-group can be a list

See #637

* Reflect to the []string change on pkg/apis/options/options.go

See #637

* Move cfg option gitlab_group to gitlab_groups

See #637

* Renamed Group to Groups

See #637

* Reflect the change on gitlab.go as well

See #637

* Added #639

* Added the author of #639 to the CHANGELOG

* Add the gitlab_groups env change to CHANGELOG.md

See #639

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-06-26 23:26:07 +01:00
daedbbd353 Merge pull request #615 from EvgeniGordeev/helm-example
helm kubernetes example based on kind cluster and nginx ingress
2020-06-26 19:06:50 +01:00
054979978f Merge remote-tracking branch 'upstream/master' into helm-example
# Conflicts:
#	CHANGELOG.md
2020-06-25 15:24:00 -05:00
3686b0b442 Merge pull request #596 from grnhse/extra-jwt-token-session
Verify main vs extra JWT bearers differently
2020-06-25 19:16:49 +01:00
88a8a70537 update k8s manifest 2020-06-19 22:33:40 -05:00
8bec67beb7 code review comments 2020-06-19 22:27:36 -05:00
e8fce0b14d Merge remote-tracking branch 'upstream/master' into helm-example
# Conflicts:
#	CHANGELOG.md
2020-06-19 22:25:14 -05:00
a3eef1709a Improve default CreateSessionStateFromBearerToken tests 2020-06-19 11:48:23 -07:00
c2c1caa404 Set User = Subject in ExtraJWTBearer sessions 2020-06-19 11:48:23 -07:00
788d8ecc1b Verify main v extra JWT bearers differently
When using the configured provider JWT Verifier, it makes
sense to use the provider `CreateSessionStateFromBearerToken`
method. For any extra JWT Issuers, they should use a generic
default verifier.
2020-06-19 11:47:36 -07:00
5817028bb1 Merge pull request #597 from oauth2-proxy/no-log-empty-redirect
Don't log invalid redirect if redirect is empty
2020-06-19 19:40:48 +01:00
dc756b9de3 Don't log invalid redirect if redirect is empty 2020-06-19 18:17:05 +01:00
713c3927a9 Merge pull request #620 from oauth2-proxy/healthcheck-middleware
Add HealthCheck middleware
2020-06-19 18:15:36 +01:00
84360114e2 polish 2020-06-17 19:18:52 -05:00
fa7855a99d get rid of test-connection pods for hello-world and httpbin 2020-06-16 16:59:56 -05:00
c85e5297b5 * some polish 2020-06-16 16:47:10 -05:00
11c033e2c8 * move httpbin and hello-world charts outside.
* expose kind to 443 port
* make helm optional
* rename folder to kubernetes
2020-06-16 16:39:11 -05:00
9a495e996b Merge remote-tracking branch 'upstream/master' into helm-example
# Conflicts:
#	CHANGELOG.md
2020-06-16 16:38:01 -05:00
ba3e40ab1c Add changelog entry for healthcheck middleware 2020-06-14 21:06:14 +01:00
9bbd6adce9 Integrate HealthCheck middleware 2020-06-14 21:05:17 +01:00
ca416a2ebb Add HealthCheck middleware 2020-06-14 21:05:17 +01:00
43f214ce8b Add Keycloak local testing environment (#604)
* Adding one more example - keycloak - alongside with dex IDP.

* don't expose keycloak and proxy ports to the host

* specify email-domain list option in documentation

* get rid of nginx and socat to simplify the example as per https://github.com/oauth2-proxy/oauth2-proxy/pull/604#issuecomment-640054390

* get rid of the scripts - use static file for keycloak startup

* changelog entry

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-06-14 14:06:12 +01:00
a197a17bc3 Merge pull request #539 from grnhse/encryption-efficiency-improvements
Encryption efficiency improvements
2020-06-14 13:23:14 +01:00
1979627534 Move Encrypt/Decrypt Into helper to session_state.go
This helper method is only applicable for Base64 wrapped
encryption since it operated on string -> string primarily.
It wouldn't be used for pure CFB/GCM ciphers. After a messagePack
session refactor, this method would further only be used for
legacy session compatibility - making its placement in cipher.go
not ideal.
2020-06-12 14:46:35 -07:00
014fa682be Add EncryptInto/DecryptInto Unit Tests 2020-06-12 14:42:42 -07:00
e43c65cc76 Fix SessionOptions struct spacing 2020-06-12 14:37:00 -07:00
c6939a40c5 Move nested Encrypt/Decrypt test to helper function 2020-06-12 14:36:59 -07:00
9382293b0b Ensure Cipher.Encrypt doesn't mangle input data []byte 2020-06-12 14:36:59 -07:00
7bb5fc0a81 Ensure Cipher.Decrypt doesn't mangle input ciphertext []byte 2020-06-12 14:36:59 -07:00
e823d874b0 Improve cipher_test.go organization with subtests 2020-06-12 14:36:59 -07:00
559152a10f Add subtests inside of encryption unit test loops 2020-06-12 14:36:59 -07:00
f60e24d9c3 Split non-cipher code to utils.go out of ciphers.go 2020-06-12 14:36:58 -07:00
ce2e92bc57 Improve design of Base64Cipher wrapping other ciphers.
Have it take in a cipher init function as an argument.
Remove the confusing `newCipher` method that matched legacy behavior
and returns a Base64Cipher(CFBCipher) -- instead explicitly ask for
that in the uses.
2020-06-12 14:36:58 -07:00
b6931aa4ea Add GCM Cipher support
During the upcoming encoded session refactor, AES GCM is ideal
to use as the Redis (and other DB like stores) encryption wrapper
around the session because each session is encrypted with a
distinct secret that is passed by the session ticket.
2020-06-12 14:36:58 -07:00