go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-12-12 11:15:02 +02:00
Code Issues Releases Activity
849 Commits 33 Branches 34 Tags 79 MiB
3a84033989
Commit Graph

849 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kamal Nasser
3a84033989
Merge branch 'master' into kamal/whitelist-redirects-with-ports 2019-10-23 16:41:04 +03:00
Kamal Nasser
a12bae35ca update port whitelisting rules, refactor IsValidRedirect tests 2019-10-23 16:38:44 +03:00
Joel Speed
6b8d2bdcc3
Merge pull request #285 from jmickey/Issue#259-RedirectToHTTPS 
Redirect to HTTPS
 2019-10-22 14:46:42 +01:00
Josh Michielsen
c0bfe0357a
Confirm that the proto is not empty, and change condition to OR 
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
 2019-10-22 14:21:06 +01:00
Josh Michielsen
fe9efba0c5
Documentation change 
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
 2019-10-22 14:19:39 +01:00
Josh Michielsen
8d1a4c527f
Merge branch 'master' into Issue#259-RedirectToHTTPS 2019-10-21 23:23:48 +01:00
Josh Michielsen
dcc430f6f1 Check X-Forwared-Proto for https (via another reverse proxy) 
Signed-off-by: Josh Michielsen <github@mickey.dev>
 2019-10-21 23:21:35 +01:00
Dan Bond
9d0a0c7426
remove unnecessary validator tests (#288) 
* remove unnecessary validator tests

* fix WriteString error
 2019-10-18 08:49:33 -07:00
Josh Michielsen
052451edef Merge branch 'Issue#259-RedirectToHTTPS' of github.com:jmickey/oauth2_proxy into Issue#259-RedirectToHTTPS 2019-10-17 22:20:21 +01:00
Josh Michielsen
56d195a433 Docs and changelog 
Signed-off-by: Josh Michielsen <github@mickey.dev>
 2019-10-17 22:20:15 +01:00
Josh Michielsen
9cecc01aac
Merge branch 'master' into Issue#259-RedirectToHTTPS 2019-10-17 22:13:07 +01:00
Josh Michielsen
bed0336608 Add SSL check and test no redirect when HTTPS 
Signed-off-by: Josh Michielsen <github@mickey.dev>
 2019-10-17 22:04:24 +01:00
Joel Speed
86977f7c7f
Merge pull request #258 from leyshon/feature/azure-idtoken 
Add IDToken for Azure provider
 2019-10-17 20:49:08 +01:00
Josh Michielsen
271efe776e Added tests 
Signed-off-by: Josh Michielsen <github@mickey.dev>
 2019-10-17 16:37:36 +01:00
Josh Michielsen
aae91b0ad6 Add new handler to redirect to HTTPS if flag is set 
Signed-off-by: Josh Michielsen <github@mickey.dev>
 2019-10-17 16:30:48 +01:00
Josh Michielsen
e24e4ef880 Add force-https option and flag 
Signed-off-by: Josh Michielsen <github@mickey.dev>
 2019-10-17 16:30:18 +01:00
leyshon
c3cdcae49b
Merge branch 'master' into feature/azure-idtoken 2019-10-14 11:04:04 +01:00
Alex
e04411a789 Update README - add more badges (#281) 2019-10-13 15:33:18 -07:00
Kamal Nasser
ae4e9155d2 implicit/explicit redirect port matching 2019-10-12 23:47:23 +03:00
Kamal Nasser
bfb22506ff allow redirects to whitelisted hosts with ports 2019-10-11 15:39:57 +03:00
Christian Franke
62bf233682 Update CONTRIBUTING.md (#277) 
Commit e245ef4854 switched dependency management from dep to go module.

This should be reflected in `CONTRIBUTING.md`.
 2019-10-09 09:57:59 -07:00
Joel Speed
1afaf46656
Merge pull request #276 from sosiska/patch-1 
Some code improvements
 2019-10-09 17:41:36 +01:00
Kirill Motkov
e64e6fa514 Some code improvements 
* Remove shadowing of predeclared identifier: new.
* strings.ReplaceAll instead of strings.Replace with -1.
* Change strings.ToLower comparison to strings.EqualFold.
* Rewrite if-else-if-else chain as a switch.
 2019-10-09 15:44:26 +03:00
Joel Speed
63da5c64db
Merge pull request #275 from syscll/debian-buster 
docker: build from debian buster
 2019-10-08 11:22:36 +01:00
Dan Bond
486521da96 fix previous CHANGELOG error 2019-10-07 17:11:38 -07:00
Dan Bond
a97710d3d2 update CHANGELOG 2019-10-07 17:11:14 -07:00
Dan Bond
e270dd0066 docker: build from debian buster 2019-10-07 17:03:15 -07:00
Dhi Aurrahman
de16df232d Support Go 1.13.x and allow to override REGISTRY (#273) 
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
 2019-10-07 13:53:46 -07:00
leyshon
ef22a0f4b6
Merge branch 'master' into feature/azure-idtoken 2019-10-04 13:32:29 +01:00
Joel Speed
ac10bc04ed
Merge pull request #272 from pusher/fix-links 
Fix permalinks for configuration and sessions
 2019-10-03 17:19:37 +01:00
leyshon
0b2eb91fa4
Update docs/2_auth.md 
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
 2019-10-03 11:46:04 +01:00
Joel Speed
b515b90b34
Fix permalinks for configuration and sessions 2019-10-03 11:10:06 +01:00
leyshon
d8d4c687df
Merge branch 'master' into feature/azure-idtoken 2019-10-02 10:33:08 +01:00
Joel Speed
49f1320be6
Merge pull request #269 from YenTheFirst/escape-k8s-auth-signin 
Escape original request URI in sample kubernetes ingress configuration
 2019-10-02 09:33:54 +01:00
T S
513af9b714 Escape original request URI in sample kubernetes ingress configuration 
The current sample configuration for kubernetes ingress demonstrates
using the `auth-signin` annotation to redirect a user to oauth2_proxy's
signin page. It constructs the link to do so by directly concatenating
`$request_uri` as the `rd` parameter, so the sign-in page knows where to
send the user after signin is complete.

However, this does not work correctly if the original request URI
contains multiple query parameters separated by an ampersand, as that
ampersand is interpereted as separating query parameters of the
`/oauth2/start` URI. For example:

If the user requests a URL:
  https://example.com/foo?q1=v1&q2=v2
they may be redirected to the signin url
  https://example.com/oauth2/start?rd=https://example.com/foo?q1=v1&q2=v2
and after completing signin, oauth2_proxy will redirect them to
  https://example.com/foo?q1=v1

nginx-ingress added an $escaped_request_uri variable about a year ago,
to help resolve this kind of issue
(https://github.com/kubernetes/ingress-nginx/pull/2811)
 2019-10-01 12:28:00 -07:00
Joel Speed
721d28bd4f
Merge pull request #248 from VidAngel/support-x-auth-request-redirect 
More fully support X-Auth-Request-Redirect header
 2019-09-30 17:53:26 +01:00
Joel Speed
ac0d010371
Merge branch 'master' into support-x-auth-request-redirect 2019-09-30 17:21:05 +01:00
Joel Speed
44cdcc79c3
Merge pull request #227 from Ofinka/keycloak-provider 
Add keycloak provider
 2019-09-25 21:39:11 +01:00
Dan Bond
a122ac60e4
Fix CHANGELOG errors 2019-09-25 13:33:58 -07:00
Dan Bond
85a1ed5135
Merge branch 'master' into keycloak-provider 2019-09-25 13:21:46 -07:00
Ian Hunter
8098094fc2 Merge branch 'master' of github.com:pusher/oauth2_proxy into support-x-auth-request-redirect 2019-09-19 11:27:27 -05:00
Ian Hunter
18a77e6618 Reflect #248 PR in CHANGELOG.md 2019-09-19 11:26:18 -05:00
leyshon
1aad87d7ca Fixing a small typo in the docs 2019-09-02 16:03:48 +01:00
leyshon
21aba50ea5 Adding a note to the Azure provider documentation to mention issues with the size of the cookie session storage 2019-09-02 16:00:28 +01:00
leyshon
b4afbae0d3 Merge branch 'feature/azure-idtoken' of github.com:leyshon/oauth2_proxy into feature/azure-idtoken 2019-09-02 15:18:14 +01:00
leyshon
41ed9f7429 Updating the changelog to include details of the change 2019-09-02 14:56:20 +01:00
leyshon
eb5a31e48f
Merge branch 'master' into feature/azure-idtoken 2019-08-29 15:43:18 +01:00
leyshon
311f14c7eb Fixing linting errors: Making sure err is checked in azure_test and gofmt has been run 2019-08-29 15:37:25 +01:00
leyshon
0c541f6f5e Adding additional asserts to the TestAzureProviderREdeemReturnsIdToken to ensure that the refresh token and expires on date are both being set 2019-08-29 15:01:15 +01:00
leyshon
c8a89eca08 Adding the IDToken to the session for the Azure Provider. 2019-08-29 14:32:01 +01:00