go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Code Issues Releases Activity
1,081 Commits 27 Branches 34 Tags 79 MiB
84360114e2
Commit Graph

1081 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Evgeni Gordeev
84360114e2 polish 2020-06-17 19:18:52 -05:00
Evgeni Gordeev
fa7855a99d get rid of test-connection pods for hello-world and httpbin 2020-06-16 16:59:56 -05:00
Evgeni Gordeev
c85e5297b5 * some polish 2020-06-16 16:47:10 -05:00
Evgeni Gordeev
11c033e2c8 * move httpbin and hello-world charts outside. 
* expose kind to 443 port
* make helm optional
* rename folder to kubernetes
 2020-06-16 16:39:11 -05:00
Evgeni Gordeev
9a495e996b Merge remote-tracking branch 'upstream/master' into helm-example 
# Conflicts:
#	CHANGELOG.md
 2020-06-16 16:38:01 -05:00
Evgeni Gordeev
43f214ce8b
Add Keycloak local testing environment (#604) 
* Adding one more example - keycloak - alongside with dex IDP.

* don't expose keycloak and proxy ports to the host

* specify email-domain list option in documentation

* get rid of nginx and socat to simplify the example as per https://github.com/oauth2-proxy/oauth2-proxy/pull/604#issuecomment-640054390

* get rid of the scripts - use static file for keycloak startup

* changelog entry

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-06-14 14:06:12 +01:00
Joel Speed
a197a17bc3
Merge pull request #539 from grnhse/encryption-efficiency-improvements 
Encryption efficiency improvements
 2020-06-14 13:23:14 +01:00
Nick Meves
1979627534
Move Encrypt/Decrypt Into helper to session_state.go 
This helper method is only applicable for Base64 wrapped
encryption since it operated on string -> string primarily.
It wouldn't be used for pure CFB/GCM ciphers. After a messagePack
session refactor, this method would further only be used for
legacy session compatibility - making its placement in cipher.go
not ideal.
 2020-06-12 14:46:35 -07:00
Nick Meves
014fa682be
Add EncryptInto/DecryptInto Unit Tests 2020-06-12 14:42:42 -07:00
Nick Meves
e43c65cc76
Fix SessionOptions struct spacing 2020-06-12 14:37:00 -07:00
Nick Meves
c6939a40c5
Move nested Encrypt/Decrypt test to helper function 2020-06-12 14:36:59 -07:00
Nick Meves
9382293b0b
Ensure Cipher.Encrypt doesn't mangle input data []byte 2020-06-12 14:36:59 -07:00
Nick Meves
7bb5fc0a81
Ensure Cipher.Decrypt doesn't mangle input ciphertext []byte 2020-06-12 14:36:59 -07:00
Nick Meves
e823d874b0
Improve cipher_test.go organization with subtests 2020-06-12 14:36:59 -07:00
Nick Meves
559152a10f
Add subtests inside of encryption unit test loops 2020-06-12 14:36:59 -07:00
Nick Meves
f60e24d9c3
Split non-cipher code to utils.go out of ciphers.go 2020-06-12 14:36:58 -07:00
Nick Meves
ce2e92bc57
Improve design of Base64Cipher wrapping other ciphers. 
Have it take in a cipher init function as an argument.
Remove the confusing `newCipher` method that matched legacy behavior
and returns a Base64Cipher(CFBCipher) -- instead explicitly ask for
that in the uses.
 2020-06-12 14:36:58 -07:00
Nick Meves
b6931aa4ea
Add GCM Cipher support 
During the upcoming encoded session refactor, AES GCM is ideal
to use as the Redis (and other DB like stores) encryption wrapper
around the session because each session is encrypted with a
distinct secret that is passed by the session ticket.
 2020-06-12 14:36:58 -07:00
Nick Meves
f7cca1d0b3
Refactor encryption.Cipher to be an Encrypt/Decrypt Interface 
All Encrypt/Decrypt Cipher implementations will now take
and return []byte to set up usage in future binary compatible
encoding schemes to fix issues with bloat encrypting to strings
(which requires base64ing adding 33% size)
 2020-06-12 14:36:58 -07:00
Nick Meves
b4530b9292
Allow binary values in signed cookies 
Make signedValue & Validate operate on []byte
by default and not assume/cast string. Any casting
will be done from callers.
 2020-06-12 14:36:58 -07:00
Nick Meves
f9025a8f8f
Add binary native AES CFB encryption helpers. 
These will take in []byte and not automatically
Base64 encode/decode.
 2020-06-12 14:36:56 -07:00
Evgeni Gordeev
363eaf1fac changelog entry 2020-06-12 13:55:38 -05:00
Evgeni Gordeev
dbf1b451d9 polish 2020-06-12 13:15:43 -05:00
Evgeni Gordeev
a73d0ec268
Merge branch 'master' into helm-example 2020-06-12 13:14:15 -05:00
Evgeni Gordeev
0f343cf0ad helm kubernetes example based on kind cluster 2020-06-12 13:12:59 -05:00
Joel Speed
1683aa5978
Merge pull request #601 from oauth2-proxy/fix-fallback 
Ensure decrypted user/email are valid UTF8
 2020-06-12 15:47:33 +01:00
Joel Speed
808084b744
Ensure decrypted user/email are valid UTF8 2020-06-12 15:36:55 +01:00
Christopher Kohnert
2c851fcd4f
Allow a health/ping request to be identified by User-Agent (#567) 
* Add an option to allow health checks based on User-Agent.

* Formatting fix

* Rename field and avoid unnecessary interface.

* Skip the redirect fix so it can be put into a different PR.

* Add CHANGELOG entry

* Adding a couple tests for the PingUserAgent option.
 2020-06-12 14:56:31 +01:00
Joel Speed
160bbaf98e
Fallback to UserInfo is User ID claim not present (#560) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-06-04 17:41:29 +01:00
Scott Guymer
3aeca4368c
ACR values should not be automatically added when blank (#598) 
* ACR values should not be automatically added when blank

* Added changelog
 2020-06-02 18:17:27 +01:00
Yoshiki Nakagawa
d8d43bb51b
Support new option "github-user" (#421) 
* feat(github): support new option "github-user"

* feat(github): rename github-user to github-users

* feat(github): update docs for github-users option

* feat(github): remove unneeded code

* feat(github): remove logging

* feat(github-user): use github-user as flagset options

* feat(github-user): remove optionns.go

* feat(github-user): add github-user flagset

* feat(github): improve readability in the docs

* feat(github-user): refactored SetUsers method

* Update flag description

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-06-01 20:02:07 +01:00
Joel Speed
a17c48810f
Merge pull request #548 from oauth2-proxy/move-logging-options 
Separate logging options out of main options structure
 2020-05-31 14:15:18 +01:00
Joel Speed
94e31f8b65
Ensure exclude-logging-paths is consistent with other options 2020-05-31 14:09:28 +01:00
Joel Speed
f7c88f53d1
Update changelog for logging options move 2020-05-31 14:09:24 +01:00
Joel Speed
bbc4eee17e
Create Logging FlagSet and Default 2020-05-31 14:08:00 +01:00
Joel Speed
3cbac6122d
Move configuration of logger to separate file 2020-05-31 14:08:00 +01:00
Joel Speed
3afcadae76
Move logging options to a struct 2020-05-31 14:08:00 +01:00
Joel Speed
f7b28cb1d3
Improvements to Session State code (#536) 
* Drop SessionStateJSON wrapper
* Use EncrpytInto/DecryptInto to reduce sessionstate

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-30 08:53:38 +01:00
Amnay
6a88da7f7a
Parse Redis cluster and sentinel urls (#573) 
* Parse Redis cluster and sentinel urls

* Add changelog entry for #573

* Add unit tests for redis session store

* Use %v for error fmt

Co-authored-by: Amnay Mokhtari <amnay.mokhtari@adevinta.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-05-27 18:40:50 +01:00
Joel Speed
11c8a983c8
Merge pull request #582 from oauth2-proxy/dependabot/bundler/docs/activesupport-6.0.3.1 
Bump activesupport from 6.0.2.1 to 6.0.3.1 in /docs
 2020-05-27 10:03:56 +01:00
dependabot[bot]
d1bab0e22e
Bump activesupport from 6.0.2.1 to 6.0.3.1 in /docs 
Bumps [activesupport](https://github.com/rails/rails) from 6.0.2.1 to 6.0.3.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v6.0.3.1/activesupport/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v6.0.2.1...v6.0.3.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-05-27 08:55:47 +00:00
Joel Speed
03a0e1a0e3
Merge pull request #414 from ti-mo/cookie-secret-cipher-xauthrequest 
Always encrypt sessions regardless of configuration
 2020-05-24 21:27:22 +01:00
Timo Beckers
276d1c6f19
Always encrypt sessions regardless of configuration 2020-05-24 21:23:04 +01:00
Amnay
0c9795a964
render error page on 502 proxy status (#574) 
Co-authored-by: Amnay Mokhtari <amnay.mokhtari@adevinta.com>
 2020-05-24 21:09:00 +01:00
Joel Speed
810a9e9967
Rename cookie-domain config to cookie-domains (#559) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-24 20:19:56 +01:00
Isabelle COWAN-BERGMAN
fc11d8d508
Updated autocompletion for -- long options. (#569) 
* Updated autocompletion for `--` long options.

* Added CHANGELOG.md entry.
 2020-05-24 17:12:28 +01:00
Joel Speed
a0085e9015
Add changelog entry for 489 (#572) 2020-05-23 18:49:09 +01:00
Joel Speed
236c7fa60e
Merge pull request #489 from oauth2-proxy/move-options 
Move Options and Validation to packages
 2020-05-23 15:59:29 +01:00
Joel Speed
cce2c680d8
Move RealClientIP code to IP packages 2020-05-23 15:17:41 +01:00
Joel Speed
c3f9cbeb3d
Remove Env tags from Cookie and Session Options 2020-05-21 22:43:42 +01:00