1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Commit Graph

1233 Commits

Author SHA1 Message Date
c7bfbdecef Implement graceful shutdown and propagate request context (#468)
* feature: Implement graceful shutdown

Propagate the request context to the Redis client.
It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client.
The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently.

Added handling of Unix signals to http server.

Upgrade go-redis/redis to v7.

* Update dependencies

- Upgrade golang/x/* and google-api-go
- Migrate fsnotify import from gopkg.in to github.com
- Replace bmizerany/assert with stretchr/testify/assert

* add doc for  wrapper interface

* Update CHANGELOG.md

* fix: upgrade fsnotify to v1.4.9

* fix: remove unnessary logging

* fix: wait until  all connections have been closed

* refactor: move chan to main for testing

* add assert to check if stop chan is empty

* add an idiomatic for sync.WaitGroup with timeout
2020-04-04 16:12:38 +01:00
bdc686103e Allow html in banner message (#462)
* allow html in banner message

* Fix changelog (move under new version)
2020-04-04 15:01:11 +01:00
3f7837b955 Add logging in case of invalid redirects (#471)
* Add logging in case of invalid redirects

* update changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-04-02 09:51:38 +01:00
eb31850470 clarify the nginx auth_request_set/set problem with proxy_pass (#454)
* clarify the nginx auth_request_set/set problem with proxy_pass

* reworded/extended as result of review
2020-04-01 20:06:33 +01:00
c02d560bf4 Merge pull request #432 from oauth2-proxy/update-deps
Update ruby dependencies for documentation
2020-03-29 17:41:58 +01:00
8641bc4738 Update docs deps 2020-03-29 17:34:17 +01:00
c0fb7e81fc Merge pull request #464 from oauth2-proxy/migration
Migrate to oauth2-proxy/oauth2-proxy
2020-03-29 16:32:39 +01:00
f832eb1446 Update changelog and readme to reflect migration 2020-03-29 16:24:41 +01:00
802754caad Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
4cdedc8f50 Merge pull request #463 from pusher/release-5.1.0
Update Changelog for Release 5.1.0
v5.1.0
2020-03-29 13:41:30 +01:00
9dcd8255bf Update CHANGELOG for v5.1.0 release 2020-03-29 13:19:38 +01:00
8d69d55de4 Update Go and GolangCI-Lint 2020-03-29 13:17:54 +01:00
362cdf7713 Fix http.Cookie SameSite is not copied. (#450)
* fix: http.Cookie SameSite is not copied.

* Update CHANGELOG.md
2020-03-17 18:48:52 +00:00
3108f765a5 Fix #381, expose acr_values to all providers (#445) 2020-03-17 17:57:33 +00:00
4eef21cf3d Bitbucket Auth Provider docs (#447)
* Bitbucket Auth Provider docs

* Typo fixed
2020-03-16 11:39:12 +00:00
4d7349f9c6 Update CHANGELOG.md (#446)
Fix PR link for #435
2020-03-16 10:14:38 +00:00
81b9a63e51 Support Go 1.14 (#419)
* Upgrade base image tags and golangci-lint

* Upgrade golang and golangci-lint in travis-ci

* fix:  tests, pointed out by golangci-lint and format files

* Upgrade dependencies

* update changelog

* fix: tests related to https://github.com/pusher/oauth2_proxy/pull/418

* Separate tests using go version build tags

* Update CHANGELOG

* Revert "Separate tests using go version build tags"

This reverts commit 9b7e65eb90cae954dc7b6316345d3207205d488a.

* fix test to support go1.14 and go1.13

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-14 10:14:15 +00:00
400aea3653 Document how to use the sign_out endpoint (#443)
Fixes #441

+ a minor link fix
2020-03-14 10:07:23 +00:00
fad6fff16d Cleaned up source to make golangci-lint pass (#418)
* cleaned up source to make golangci-lint pass

* providers/azure_test.go: use build in POST constant

* options_test.go: do not export unnecessary variables

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-14 09:58:29 +00:00
b1c81e2abe Support prompt in addition to auth-prompt (#444)
Fix #380
2020-03-14 09:53:43 +00:00
0fc4131c72 configuration.md: clarify CLI -> config options (#442)
Clarify how to rename CLI options to be able to set them in the config file. I have just spent an hour trying to find out why `whitelist_domain="..."` does not work :-)

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-13 20:21:15 +00:00
8d0149ccf8 Fix issue with group validation called on every request (#435)
* Revert group validation on every request

* Fix syntax

* Remove unit tests associated with reverted change

* Update CHANGELOG
2020-03-13 20:10:38 +00:00
e3fb25efe6 Merge pull request #434 from jordancrawfordnz/pass-user-headers-prefer-email
Support the PreferEmailToUser option on PassUserHeaders
2020-03-08 15:31:34 +00:00
4cd43ef397 Support the PreferEmailToUser option on PassUserHeaders
Previously in #401, an option was added to support forwarding the email
address as the username to the upstream service when the PassBasicAuth
option is used.

The PassBasicAuth option is not appropriate for all users, with PassUserHeaders
allowing very similar functionality without specifying a basic auth headers.

The PreferEmailToUser option has been expanded to support the PassUserHeaders
option.
2020-03-04 11:47:13 +13:00
666d4c3db1 Merge pull request #430 from pusher/stale-action
Add GitHub Action to tidy stale issues
2020-03-02 10:34:51 +00:00
d94cf45ea8 Update .github/workflows/stale.yml
Co-Authored-By: Theo Barber-Bany <theo.barberbany@pusher.com>
2020-03-02 10:09:58 +00:00
8ee8bd8bc2 Update .github/workflows/stale.yml
Co-Authored-By: Theo Barber-Bany <theo.barberbany@pusher.com>
2020-03-02 10:09:52 +00:00
85891a2261 Add GitHub Action to tidy stale issues 2020-03-01 15:59:52 +00:00
d934309b44 Add preferred_username support (OIDC provider) (#420)
* Add support for preferred username.

* Add missing TOC entries.

* Add note about preferred_username support.

* Adjust tests.

* Check on not implemented error for GetPreferredUsername() call.

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-01 15:02:51 +00:00
ume
0bca3564b5 Fix to work with python 3 (#427)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-29 18:13:49 +00:00
51f4d88028 Add option to prefer an Email address to a Username (#401)
With some providers the Username is an upstream Unique ID, like fex. in the
case of Google.

When matching this with downstream databases, it's sometimes preferred to use
the email address as the  known identifier.

However, when _mixing_ this with sometimes other sources, like htaccess, which
doesn't have a concept of an email address, it can turn difficult.

This change makes the headers _prefer_ to use the Email address, if such exists,
for the Username identifier when passing data to downstream services.

Defaults to Off.

Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-29 17:38:32 +00:00
0c7400a924 Bump nokogiri from 1.10.4 to 1.10.8 in /docs (#422)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.8.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.8)

Signed-off-by: dependabot[bot] <support@github.com>
2020-02-28 18:26:40 +00:00
907de4e141 Use OAuthProxy.GetRedirect in /sign_in, honoring the 'rd' query parameter (#405)
* Use OAuthProxy.GetRedirect in /sign_in, honoring the 'rd' query parameter

* CHANGELOG.md - Add a changelog entry for #405
2020-02-28 09:59:27 +00:00
4f553bcfc8 Add nsswitch.conf to Docker image (#400)
* Add nsswitch.conf to Docker image

Created nsswitch.conf to use locally defined translations before DNS. Copied to /etc/nsswitch.conf in the image.

* Add new line

* Updated Changelog

Co-authored-by: Dan Bond <danbond@protonmail.com>
2020-02-23 18:16:18 +00:00
bd79b976da Docs: Fix link to sessions.md (#403) 2020-02-19 13:20:07 +00:00
edd6ad6ae5 Add client-secret-file to main FlagSet (#399) 2020-02-17 14:21:04 +00:00
2033ce81c3 Implement ValidateSessionState for GitHubProvider (#385)
Refactors the setting of the Authorization header into getGitHubHeader.

Refs #382

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-15 15:11:14 +00:00
7a6204c8fd Fix #384 - link to sessions.md (#391)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-15 14:41:35 +00:00
f2661c47ba Support for client secret file. (#355)
* added ClientSecretFile in ProviderData

* add documentation notes on client secret file

* added Changelog entry for Client Secret File PR

* fixing configuration.md

* addressing PR issue of ClientSecret property naming

* Update providers/provider_data.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* corrected changelog entry

* fixed typo in GetClientSecret

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-15 13:44:39 +00:00
3a843f815d GitHub Provider - Fallback to secondary verified email (#372)
* Fallback to secondary verified email

* Add change to changelog
2020-02-15 13:36:28 +00:00
10adb5c516 Support optional id_tokens in refresh responses (#335)
* OIDC Token Refresh works without id_tokens

Addresses https://github.com/pusher/oauth2_proxy/issues/318

Refactoring the OIDC provider so that the refresh process works when there are
no id_tokens present in the response. Added unit tests to the oidc_test.go to prove
the redeem and refresh still work.

The expiry time of the session is now taken from the outh token expiry and not
the id_token (preventing stale access_tokens in sessions).

* Refactoring the to use a KeySetStub in the oidc_test.go. This allows the
elimination of the slightly contrived function passing elements used
previously. (This change is being applied to address the bug #318)

* Changes as per the PR comments and preparing for 5.x release

* Fixup changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-06 18:09:30 +00:00
18d20364a8 Extension of Redis Session Store to Support Redis Cluster (#363)
* Extend the redis session store to support redis cluster

* rename function newRedisClient to newRedisCmdable

* update docs about redis cluster as session store

* update autocomplete script with redis cluster options

* add check about conflict between option redis-use-sentinel and redis-use-cluster

* update change log

* Update docs/configuration/sessions.md

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/sessions/redis/redis_store.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* add the dropped option back

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-06 17:59:12 +00:00
3ae261031e Add sign_out endpoint to endpoint documentation page (#383) 2020-02-05 16:28:51 +00:00
61007250f2 lates version is v5 not v4 (#379) 2020-02-03 15:39:14 +00:00
9670f54dd0 Fix login page fragment handling after soft reload on Firefox (#353)
* Fix login page fragment handling after soft reload on Firefox.

* Add comments.

* Move changelog entry to correct place.

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Felix Fontein <felix@fontein.de>
2020-01-31 11:11:15 +00:00
c49d3628cd Merge pull request #368 from pusher/advisory-notes
Open redirect (security vulnerability) notes
v5.0.0
2020-01-29 12:56:42 +00:00
3b0e8c3cb3 Open redirect (security vulnerability) notes 2020-01-29 12:45:19 +00:00
a316f8a06f Merge pull request from GHSA-qqxw-m5fj-f7gv
check for /\ redirects
2020-01-29 12:37:58 +00:00
e21f09817e note about open redirect vulneravility 2020-01-29 12:36:11 +00:00
8c765779b5 Merge branch 'master' into advisory-fix-1 2020-01-29 12:24:42 +00:00