1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Commit Graph

344 Commits

Author SHA1 Message Date
Joel Speed
9cea4ea89b
Update golangci-lint version in CI workflow 2021-02-17 20:25:37 +00:00
Praveen Chinthala
76269a13b7
Support Traefik ForwardAuth without a 401 handler (#1023)
* GH-1015 Adds support for Traefik to OauthStart on '/oauth2/auth' endpoint

* Fix incorrect reference to signout path and point to signin path

- remove commented out alternative solutions and debug log statements

* Remove skip provider button check as SignIn method already does this

* Updated traefik example to match existing file configuration reference, updated tests

* Update doc and refactor nested conditional statements

* Revert code changes as static upstream provides the same functionality

- Add doc on using static upstream with Traefik ForwardAuth middleware

* update changelog

* Move the doc changes to 7.0.x versioned docs

* Re-add traefik docs update in the main docs overview.md

* add missing oauth2-proxy routing

Co-authored-by: Praveen Chinthala <PraveenChinthala@hollandandbarrett.com>
2021-02-15 19:31:08 +00:00
Sean Jones
b2d0b728ef
Fix #980 CHANGELOG link 2021-02-15 16:19:28 +00:00
Sean Jones
a7c8a233ba
Add Prometheus metrics endpoint
Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics"
by default). This allows Prometheus to scrape metrics from OAuth2 Proxy.

Add a new middleware NewRequestMetrics and attach it to the preAuth
chain. This will collect metrics on all requests made to OAuth2 Proxy

Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are
equivalent. main() has a strict 50 lines limit so brevity in these
calls appreciated
2021-02-15 13:45:26 +00:00
Joel Speed
425cff7af1
Add changelog entry for introduction of pagewriter package 2021-02-14 10:21:15 +00:00
Joel Speed
9e8c2af86b
Update docs for new show-debug-on-error option 2021-02-13 10:48:03 +00:00
Joel Speed
881f43f793
Add changelog entry for refactored templates 2021-02-12 16:56:25 +00:00
Joel Speed
b6cca79cb9
Ensure errors in tests are logged to the GinkgoWriter 2021-02-10 19:50:04 +00:00
Joel Speed
e87a51f0e5
Prepare for release v7.0.1 2021-02-10 18:25:39 +00:00
Joel Speed
ae17e38403
Ensure config flags get parsed correctly when other flags preceed them 2021-02-06 15:25:08 +00:00
Nick Meves
c3f31b4dd5
Flatten array-based response headers 2021-02-03 16:48:26 -08:00
Joel Speed
1ccaea7710
Add advisory note to changelog 2021-02-01 18:12:34 +00:00
Joel Speed
d1a249262f
Create v7.0.x versioned docs
Created within: yarn run docusaurus docs:version 7.0.x
2021-02-01 18:05:47 +00:00
Joel Speed
a909d33355
Update CHANGELOG for release v7.0.0 2021-02-01 18:05:44 +00:00
Nishanth Reddy
48b1658e5d
Update alpine version to 3.13 (#1013)
* Update alpine version to 3.13 

alpine 3.12 has a CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28928 which got fixed in recent version

* address review comments
2021-01-30 15:33:28 +00:00
Lida Li
b541805dc1
Use comma separated multiple values for header (#799)
* Use comma separated value for multiple claims

* Fix lint error

* Fix more tests

* Fix one more test

* Always flatten the headers

* Ensure we test the real multi-groups

* Only update map when necessary

* Update CHANGELOG

* Move to the right location of change log

* Fix blank line
2021-01-22 08:48:34 +00:00
Kevin Kreitner
57640764c0
Use logger for sensitive data logging to be able to disable it (#1002)
* Add sensible logging flag to default setup for logger

* Use logger instead of fmt for info logging with sensible data

* Remove sensible logging flag

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-01-20 19:56:13 +00:00
Joel Speed
fbfc0959cb
Add changelog entry for new alpha configuration docs 2021-01-18 09:57:51 +00:00
Nick Meves
da02914a9c
Log IsValidRedirect violations and do a final safety call 2021-01-16 13:56:38 -08:00
Joel Speed
e50e6ed373
Add Security Policy 2021-01-16 19:47:47 +00:00
Nikolai Prokoschenko
81bf1ef8ce Adapt isAjax to support mimetype lists
Fixes #988
2021-01-12 19:37:30 +01:00
Ilia Pertsev
597ffeb121
Fix joined cookie name for those containing underline in the suffix (#970)
* properly handle splitted cookies with names ending with _

* test update

* provide cookieName into joinCookies instead of processing the suffix

* changelog update

* test update
2021-01-04 17:21:17 -08:00
İlteriş Eroğlu
1d74a51cd7
Use X-Forwarded-{Proto,Host,Uri} on redirect as last resort (#957) 2021-01-01 15:23:11 -08:00
Nick Meves
f07a5630f1
Update Keycloak documentation 2020-12-24 14:04:19 -08:00
Nick Meves
753f6c548a
Add a detailed allowed_groups example to Important Notes 2020-12-24 12:05:12 -08:00
Nick Meves
65e15f24c1
Support only allowed_groups querystring 2020-12-24 12:05:12 -08:00
Nick Meves
025056cba0
Move AuthOnly authorize logic to a dedicated method 2020-12-24 12:05:11 -08:00
Nick Meves
23b2355f85
Allow group authZ in AuthOnly endpoint via Querystring 2020-12-24 12:04:01 -08:00
Nick Meves
ea5b8cc21f
Support non-list and complex groups 2020-12-21 16:52:18 -08:00
Nick Meves
eb56f24d6d
Deprecate UserIDClaim in config and docs 2020-12-21 16:52:17 -08:00
Mathieu Lecarme
d67d6e3152
Add authorization support for Gitlab projects (#630)
* Add support for gitlab projets

* Add group membership in state

* Use prefixed allowed groups everywhere

* Fix: remove unused function

* Fix: rename func that add data to session

* Simplify projects and groups session funcs

* Add project access level for gitlab projects

* Fix: default access level

* Add per project access level

* Add user email when missing access level

* Fix: harmonize errors

* Update docs and flags description for gitlab project

* Add test with both projects and groups

* Fix: log error message

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix: make doc a markdown link

* Add notes about read_api scope for projects

* Fix: Verifier override in Gitlab Provider

This commit fixes a bug caused by an override of the Verifier value from *ProviderData inside GitlabProvider struct

* Fix: ensure data in session before using it

* Update providers/gitlab.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Rename gitlab project initializer

* Improve return value readbility

* Use splitN

* Handle space delimiters in set project scope

* Reword comment for AddProjects

* Fix: typo

* Rework error handling in addProjectsToSession

* Reduce branching complexity in addProjectsToSession

* Fix: line returns

* Better comment for addProjectsToSession

* Fix: enrich session comment

* Fix: email domains is handled before provider mechanism

* Add archived project unit test

* Fix: emails handling in gitlab provider

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2020-12-05 10:57:33 -08:00
Joel Speed
d749c11e73
Add changelog entry for adding alpha configuration 2020-12-01 08:57:13 +00:00
Nick Meves
26ed080bed
Cleanup method name refactors missed in comments 2020-11-29 14:18:14 -08:00
Nick Meves
44fa8316a1
Aggregate error logging on JWT chain failures 2020-11-28 10:25:12 -08:00
Nick Meves
2549b722d3
Add User & Groups to Userinfo 2020-11-25 18:19:48 -08:00
Joel Speed
482cd32a17
Fix basic auth legacy header conversion 2020-11-19 20:07:59 +00:00
Joel Speed
8e582ac02a
Add changelog entry for adding alphaoptions struct 2020-11-19 10:35:56 +00:00
Akira Ajisaka
ed92df3537
Support TLS 1.3 (#923)
* Support TLS 1.3

* Set TLS 1.3 explicitly to fix gosec warning.

* Add an entry to changelog.

* Fix typo in the changelog.

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-19 10:25:53 +00:00
Joel Speed
3a4660414a
Fix log calldepth 2020-11-15 18:52:59 +00:00
Nick Meves
f21b3b8b20
Authorize in Redeem callback flow 2020-11-12 11:18:59 -08:00
Nick Meves
b92fd4b0bb
Streamline Google to use default Authorize 2020-11-12 11:18:58 -08:00
Arcadiy Ivanov
45ae87e4b7
Logs provider name on startup
If invalid provider is specified, stop and error out

fixes #895
2020-11-12 10:39:35 -05:00
Joel Speed
66550db7b9
Add changelog entry for v6.1.x docs 2020-11-08 19:39:39 +00:00
ofir-amir
cc6532a282
Use display-htpasswd-form flag (#778)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-08 18:48:01 +00:00
Nick Meves
2b15ba0bcf
Remove v5 JSON session support 2020-11-08 08:52:55 -08:00
Nick Meves
14fd934b32
Flip --skip-auth-strip-headers to true by default 2020-11-07 11:43:45 -08:00
Joel Speed
1270104806
Update changelog to include integration of new header injection 2020-11-07 17:17:43 +00:00
Joel Speed
5a7ae59f2a
Add changelog entry for migrating to docusaurus 2020-11-05 16:09:02 +00:00
Alexander Block
0e119d7c84
Azure token refresh (#754)
* Implement azure token refresh

Based on original PR https://github.com/oauth2-proxy/oauth2-proxy/pull/278

* Update CHANGELOG.md

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Set CreatedAt to Now() on token refresh

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-04 11:25:59 -08:00
Kevin Kreitner
65016c8da1
Enable custom structure for group claim with default name group (#839)
* Allow complex structure for groups in group claim.

* Remove unused constant

* Update variable name

* Fix linting

* Use helper method

* Log error if not possible to append group value

* Add missing import

* Use own logger

* Fix imports

* Remove Dockerfile for testing

* Add Changelog entry

* Use formatGroup helper method and update tests

* Return string instead of string array

* Remove groups variable

* Return error in format method.

* Reorder imports

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2020-11-03 10:10:08 -08:00