go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-26 05:27:28 +02:00
Code Issues Releases Activity
1,489 Commits 26 Branches 36 Tags
Commit Graph

249 Commits

Author SHA1 Message Date
Joel Speed
482cd32a17
Fix basic auth legacy header conversion 2020-11-19 20:07:59 +00:00
Joel Speed
aed43a54da
Add DefaultUpstreamFlushInterval to replace magic time.Second value 2020-11-19 10:39:21 +00:00
Joel Speed
d353d94631
Add AlphaOptions struct and ensure that all children have valid JSON tags 2020-11-19 10:35:31 +00:00
Joel Speed
b6d6f31ac1
Introduce Duration so that marshalling works for duration strings 2020-11-19 10:35:29 +00:00
Joel Speed
3a4660414a
Fix log calldepth 2020-11-15 18:52:59 +00:00
Nick Meves
b92fd4b0bb
Streamline Google to use default Authorize 2020-11-12 11:18:58 -08:00
Nick Meves
eb58ea2ed9
Move AllowedGroups to DefaultProvider for default Authorize usage 2020-11-12 11:18:15 -08:00
Arcadiy Ivanov
45ae87e4b7
Logs provider name on startup 
If invalid provider is specified, stop and error out

fixes #895
 2020-11-12 10:39:35 -05:00
Nick Meves
2b15ba0bcf
Remove v5 JSON session support 2020-11-08 08:52:55 -08:00
Nick Meves
7d6ff03d13
Fix X-Auth-Request-Preferred-Username in response headers 2020-11-07 12:47:42 -08:00
Nick Meves
1c26539ef0
Align tests to SkipAuthStripHeaders default 2020-11-07 12:33:37 -08:00
Nick Meves
14fd934b32
Flip --skip-auth-strip-headers to true by default 2020-11-07 11:43:45 -08:00
Joel Speed
92d09343d2
Add tests for legacy header conversion 2020-11-07 17:17:10 +00:00
Joel Speed
8d1bbf33b1
Add tests for headers validation 2020-11-07 17:17:06 +00:00
Joel Speed
1dac1419b3
Add tests for SecretSource validation 2020-11-07 17:17:02 +00:00
Joel Speed
8059a812cd
Integrate new header injectors with OAuth2 Proxy 2020-11-07 17:16:58 +00:00
Joel Speed
d26c65ba8d
Add validation for Headers struct 2020-11-07 17:16:54 +00:00
Joel Speed
2dc0d1e7ee
Create LegacyHeaders struct and conversion to new Headers 2020-11-07 17:16:49 +00:00
Nick Meves
4a54c9421c
Remove EmailDomain verification from GitLab provider 
This is handled globally
 2020-10-20 10:01:53 -07:00
Joel Speed
70990327d1
Make claims list of strings 2020-10-07 18:25:00 +01:00
Joel Speed
6743e3991d
Add header injector middlewares 2020-10-07 18:24:58 +01:00
Joel Speed
fc2ff19a19
Add header Injector 2020-10-07 18:24:57 +01:00
Joel Speed
eec7565c52
Add Header option structure 2020-10-07 18:24:56 +01:00
Nick Meves
b7b7ade7c4
Improve AllowedRoute test table formatting 2020-10-07 10:13:41 -07:00
Nick Meves
fa4ba5e7ea
Convert allowlist validation test to Ginkgo 2020-10-07 10:13:41 -07:00
Nick Meves
183cb124a4
Support HTTP method based allowlists 2020-10-07 10:13:40 -07:00
Mitsuo Heijo
fcb83c48f4
Update go-redis/redis to v8 (#801) 
* update go-redis/redis to v8

testify, ginko and gomega have also been updated.

* update changelog

* Update pkg/sessions/redis/redis_store_test.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-10-07 11:49:27 +01:00
Mitsuo Heijo
3fa42edb73
Fix import path for v7 (#800) 
* fix import path for v7

find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'

* fix module path

* go mod tidy

* fix installation docs

* update CHANGELOG

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-09-29 17:44:42 +01:00
Nick Meves
6db1aeb9c6
Validate Redis session store health on startup 2020-09-24 10:41:43 -07:00
Nick Meves
56f199a24f
Stop accepting legacy SHA1 signed cookies 2020-09-24 10:31:34 -07:00
Stefan Sedich
9d59519a96
Add support to ensure user belongs in required groups when using the OIDC provider 2020-09-21 10:43:54 -07:00
Lennart Jern
e14d6ab791 Document bcrypt encryption for htpasswd 
Remove mention of (insecure) SHA option for encryption.
 2020-09-11 13:32:00 +03:00
Joel Speed
bd619ab63e
Fix conversion of file upstreams 2020-08-31 16:54:13 +01:00
Joel Speed
b40517bbe3
Fix conversion of static responses in upstreams 2020-08-31 16:54:01 +01:00
Nick Meves
29b24793e3
Use X-Forwarded-Host consistently 2020-08-31 08:31:45 -07:00
Joel Speed
105d5acb7b
Only log no cookie match if cookie domains specified 2020-08-27 14:48:00 +01:00
Joel Speed
16a30002df
Ensure session times are not nil before printing them 2020-08-16 19:53:52 +01:00
Nick Meves
51a9062044
Support Password & SentinelPassword in Redis session store 2020-08-11 12:22:05 -07:00
Nick Meves
b6e78efc1e
Add x-oauth-basic nosec annotation & address gosec unhandled errors 2020-08-10 15:15:16 -07:00
Phil Taprogge
d69fd6af22
Allow Logging to stdout with separate Error Log Channel (#718) 
* Add dedicated error logging writer

* Document new errors to stdout flag

* Update changelog

* Thread-safe the log buffer

* Address feedback

* Remove duplication by adding log level

* Clean up error formatting

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-08-10 11:44:08 +01:00
Nick Meves
a1358d2070
Panic on any logger errors 
Any template errors instead of IO
errors are caught in validation.
 2020-08-09 07:55:41 -07:00
Nick Meves
45222395e0
Attempt to log still on template errors 2020-08-09 07:55:40 -07:00
Nick Meves
ad52587ae6
Document GoSec nosec skip comments 2020-08-09 07:55:40 -07:00
Nick Meves
1c8c5b08d7
Handle cookie signing errors 2020-08-09 07:55:40 -07:00
Nick Meves
65c228394f
Address gosec findings 
Mostly handling unhandled errors appropriately.
If logging to STDERR fails, we panic. Added #nosec
comments to findings we are OK with.
 2020-08-09 07:55:39 -07:00
Nick Meves
19836f85ac
Align persistence ginkgo tests to conventions 2020-07-21 22:13:17 -07:00
Nick Meves
9643a0b10c
Centralize Ticket management of persistent stores (#682) 
* Centralize Ticket management of persistent stores

persistence package with Manager & Ticket will handle
all the details about keys, secrets, ticket into cookies,
etc. Persistent stores just need to pass Save, Load &
Clear function handles to the persistent manager now.

* Shift to persistence.Manager wrapping a persistence.Store

* Break up the Redis client builder logic

* Move error messages to Store from Manager

* Convert ticket to private for Manager use only

* Add persistence Manager & ticket tests

* Make a custom MockStore that handles time FastForwards
 2020-07-19 21:25:13 +01:00
Joel Speed
034f057b60
Add session loader from session storage 2020-07-19 17:21:42 +01:00
Joel Speed
7d6f2a3f45
Add Basic Auth session loader middleware 2020-07-19 17:21:42 +01:00
Joel Speed
c81a7ed197
Add JWT session loader middleware 2020-07-19 17:21:42 +01:00