TAGAMI Yukihiro
a5466bb96d
Fix typo and missing InjectResponseHeaders validation ( #952 )
2020-12-12 10:05:01 -08:00
Mathieu Lecarme
d67d6e3152
Add authorization support for Gitlab projects ( #630 )
...
* Add support for gitlab projets
* Add group membership in state
* Use prefixed allowed groups everywhere
* Fix: remove unused function
* Fix: rename func that add data to session
* Simplify projects and groups session funcs
* Add project access level for gitlab projects
* Fix: default access level
* Add per project access level
* Add user email when missing access level
* Fix: harmonize errors
* Update docs and flags description for gitlab project
* Add test with both projects and groups
* Fix: log error message
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Fix: make doc a markdown link
* Add notes about read_api scope for projects
* Fix: Verifier override in Gitlab Provider
This commit fixes a bug caused by an override of the Verifier value from *ProviderData inside GitlabProvider struct
* Fix: ensure data in session before using it
* Update providers/gitlab.go
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
* Rename gitlab project initializer
* Improve return value readbility
* Use splitN
* Handle space delimiters in set project scope
* Reword comment for AddProjects
* Fix: typo
* Rework error handling in addProjectsToSession
* Reduce branching complexity in addProjectsToSession
* Fix: line returns
* Better comment for addProjectsToSession
* Fix: enrich session comment
* Fix: email domains is handled before provider mechanism
* Add archived project unit test
* Fix: emails handling in gitlab provider
Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2020-12-05 10:57:33 -08:00
Joel Speed
b201dbb2d3
Add convert-config-to-alpha flag to convert existing configuration to alpha structure
2020-12-01 08:56:51 +00:00
Joel Speed
f36dfbb494
Introduce alpha configuration loading
2020-12-01 08:56:49 +00:00
Joel Speed
5b003a5657
SecretSource.Value should be plain text in memory
2020-12-01 08:56:46 +00:00
Nick Meves
5f8f856260
Remove failed bearer tokens from logs
2020-11-28 10:25:12 -08:00
Nick Meves
22f60e9b63
Generalize and extend default CreateSessionFromToken
2020-11-28 10:25:12 -08:00
Nick Meves
44fa8316a1
Aggregate error logging on JWT chain failures
2020-11-28 10:25:12 -08:00
Nick Meves
3e9717d489
Decouple TokenToSession from OIDC & add a generic VerifyFunc
2020-11-28 10:25:11 -08:00
Joel Speed
482cd32a17
Fix basic auth legacy header conversion
2020-11-19 20:07:59 +00:00
Joel Speed
aed43a54da
Add DefaultUpstreamFlushInterval to replace magic time.Second value
2020-11-19 10:39:21 +00:00
Joel Speed
d353d94631
Add AlphaOptions struct and ensure that all children have valid JSON tags
2020-11-19 10:35:31 +00:00
Joel Speed
b6d6f31ac1
Introduce Duration so that marshalling works for duration strings
2020-11-19 10:35:29 +00:00
Joel Speed
3a4660414a
Fix log calldepth
2020-11-15 18:52:59 +00:00
Nick Meves
b92fd4b0bb
Streamline Google to use default Authorize
2020-11-12 11:18:58 -08:00
Nick Meves
eb58ea2ed9
Move AllowedGroups to DefaultProvider for default Authorize usage
2020-11-12 11:18:15 -08:00
Arcadiy Ivanov
45ae87e4b7
Logs provider name on startup
...
If invalid provider is specified, stop and error out
fixes #895
2020-11-12 10:39:35 -05:00
Nick Meves
2b15ba0bcf
Remove v5 JSON session support
2020-11-08 08:52:55 -08:00
Nick Meves
7d6ff03d13
Fix X-Auth-Request-Preferred-Username in response headers
2020-11-07 12:47:42 -08:00
Nick Meves
1c26539ef0
Align tests to SkipAuthStripHeaders default
2020-11-07 12:33:37 -08:00
Nick Meves
14fd934b32
Flip --skip-auth-strip-headers
to true
by default
2020-11-07 11:43:45 -08:00
Joel Speed
92d09343d2
Add tests for legacy header conversion
2020-11-07 17:17:10 +00:00
Joel Speed
8d1bbf33b1
Add tests for headers validation
2020-11-07 17:17:06 +00:00
Joel Speed
1dac1419b3
Add tests for SecretSource validation
2020-11-07 17:17:02 +00:00
Joel Speed
8059a812cd
Integrate new header injectors with OAuth2 Proxy
2020-11-07 17:16:58 +00:00
Joel Speed
d26c65ba8d
Add validation for Headers struct
2020-11-07 17:16:54 +00:00
Joel Speed
2dc0d1e7ee
Create LegacyHeaders struct and conversion to new Headers
2020-11-07 17:16:49 +00:00
Nick Meves
4a54c9421c
Remove EmailDomain verification from GitLab provider
...
This is handled globally
2020-10-20 10:01:53 -07:00
Joel Speed
70990327d1
Make claims list of strings
2020-10-07 18:25:00 +01:00
Joel Speed
6743e3991d
Add header injector middlewares
2020-10-07 18:24:58 +01:00
Joel Speed
fc2ff19a19
Add header Injector
2020-10-07 18:24:57 +01:00
Joel Speed
eec7565c52
Add Header option structure
2020-10-07 18:24:56 +01:00
Nick Meves
b7b7ade7c4
Improve AllowedRoute test table formatting
2020-10-07 10:13:41 -07:00
Nick Meves
fa4ba5e7ea
Convert allowlist validation test to Ginkgo
2020-10-07 10:13:41 -07:00
Nick Meves
183cb124a4
Support HTTP method based allowlists
2020-10-07 10:13:40 -07:00
Mitsuo Heijo
fcb83c48f4
Update go-redis/redis to v8 ( #801 )
...
* update go-redis/redis to v8
testify, ginko and gomega have also been updated.
* update changelog
* Update pkg/sessions/redis/redis_store_test.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-10-07 11:49:27 +01:00
Mitsuo Heijo
3fa42edb73
Fix import path for v7 ( #800 )
...
* fix import path for v7
find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'
* fix module path
* go mod tidy
* fix installation docs
* update CHANGELOG
* Update CHANGELOG.md
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-09-29 17:44:42 +01:00
Nick Meves
6db1aeb9c6
Validate Redis session store health on startup
2020-09-24 10:41:43 -07:00
Nick Meves
56f199a24f
Stop accepting legacy SHA1 signed cookies
2020-09-24 10:31:34 -07:00
Stefan Sedich
9d59519a96
Add support to ensure user belongs in required groups when using the OIDC provider
2020-09-21 10:43:54 -07:00
Lennart Jern
e14d6ab791
Document bcrypt encryption for htpasswd
...
Remove mention of (insecure) SHA option for encryption.
2020-09-11 13:32:00 +03:00
Joel Speed
bd619ab63e
Fix conversion of file upstreams
2020-08-31 16:54:13 +01:00
Joel Speed
b40517bbe3
Fix conversion of static responses in upstreams
2020-08-31 16:54:01 +01:00
Nick Meves
29b24793e3
Use X-Forwarded-Host consistently
2020-08-31 08:31:45 -07:00
Joel Speed
105d5acb7b
Only log no cookie match if cookie domains specified
2020-08-27 14:48:00 +01:00
Joel Speed
16a30002df
Ensure session times are not nil before printing them
2020-08-16 19:53:52 +01:00
Nick Meves
51a9062044
Support Password & SentinelPassword in Redis session store
2020-08-11 12:22:05 -07:00
Nick Meves
b6e78efc1e
Add x-oauth-basic
nosec annotation & address gosec unhandled errors
2020-08-10 15:15:16 -07:00
Phil Taprogge
d69fd6af22
Allow Logging to stdout with separate Error Log Channel ( #718 )
...
* Add dedicated error logging writer
* Document new errors to stdout flag
* Update changelog
* Thread-safe the log buffer
* Address feedback
* Remove duplication by adding log level
* Clean up error formatting
* Apply suggestions from code review
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-08-10 11:44:08 +01:00
Nick Meves
a1358d2070
Panic on any logger errors
...
Any template errors instead of IO
errors are caught in validation.
2020-08-09 07:55:41 -07:00