Joel Speed
b3ba2594c6
Create Cookie FlagSet and Defaults
2020-07-05 09:17:28 +01:00
Nick Meves
016f4aa276
Merge pull request #656 from grnhse/cookie-splitting-precision
...
Split cookies more precisely at 4096 bytes
2020-07-04 11:15:07 -07:00
Nick Meves
48a2aaadc1
Count complete cookie content in byte splitting
2020-07-03 23:41:08 -07:00
Nick Meves
c6f1daba2f
Split cookies more precisely at 4096 bytes
2020-07-03 20:38:04 -07:00
Joel Speed
c4cf15f3e1
Merge pull request #619 from oauth2-proxy/https-redirect-middleware
...
Improve Redirect to HTTPs behaviour
2020-07-03 17:25:24 +01:00
Joel Speed
1c1106721e
Move RedirectToHTTPS to middleware package
...
Moves the logic for redirecting to HTTPs to a middleware package and adds tests for this logic.
Also makes the functionality more useful, previously it always redirected to the HTTPS address of the proxy, which may not have been intended, now it will redirect based on if a port is provided in the URL (assume public facing 80 to 443 or 4180 to 8443 for example)
2020-07-03 17:19:09 +01:00
Joel Speed
39c01d5930
Merge pull request #654 from oauth2-proxy/redis-test-client-close
...
Close client connections after each redis test
2020-07-03 16:43:42 +01:00
Joel Speed
5c8a66bcc9
Close client connections after each redis test
2020-07-03 16:24:47 +01:00
k-wall
b0375e85fa
Fix #635 : Support specifying alternative provider TLS trust source(s) ( #645 )
...
* Fix #635 : Support specifying alternative provider TLS trust source(s)
* Update pkg/apis/options/options.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Update pkg/validation/options.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Address review comments
* upd CHANGELOG.md
* refactor test to assert textual subjects + add openssl gen cmd
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-07-03 16:09:17 +01:00
Joel Speed
390d479d28
Update CODEOWNERS to request review from reviewers team ( #613 )
...
This means that we can keep the list of reviewers up to date based on team membership, rather than this file. Will make it easier to add and remove people going forward
2020-07-02 21:09:55 +01:00
Joel Speed
4313553122
Merge pull request #542 from oauth2-proxy/refactor-session-tests
...
Move SessionStore tests to independent package
2020-07-01 23:00:23 +01:00
Joel Speed
34137f7305
Move SessionStore tests to independent package
2020-07-01 06:41:35 +01:00
Joel Speed
d9a45a3b47
Merge pull request #577 from oauth2-proxy/session-store-cipher
...
Move Cipher and Session Store initialisation out of Validation
2020-06-28 18:29:48 +01:00
Joel Speed
6e1b3b9660
Switch to in session store initialisation
2020-06-28 12:50:55 +01:00
Joel Speed
778463906a
Update changelog for session storage initialisation move
2020-06-28 12:32:06 +01:00
Joel Speed
5ce9e75c21
Initialise Session Storage in NewOAuthProxy instead of validation
2020-06-28 12:32:06 +01:00
Joel Speed
c8dbf1cf60
Move Cipher intialisation to session store initialisation
2020-06-28 12:03:03 +01:00
Joel Speed
d9af3ffc5e
Merge pull request #641 from oauth2-proxy/release-v6.0.0
...
Update changelog ready for release v6.0.0
2020-06-27 16:09:26 +01:00
Joel Speed
6b43b41638
Fix tests broken by security advisory
2020-06-27 12:41:46 +01:00
Joel Speed
25154ede41
Update changelog ready for release v6.0.0
2020-06-27 12:10:27 +01:00
Joel Speed
ee5662e0f5
Merge pull request from GHSA-5m6c-jp6f-2vcv
...
* Add more Open Redirect test cases
* Add whitelisted domain to test
* Add more test cases
* Improve invalid redirect regex
2020-06-27 12:07:24 +01:00
İlteriş Eroğlu
1b6c54cae1
Change how gitlab-group is parsed on options ( #639 )
...
* Changed how gitlab-group is parsed, from string to []string
See #637
* Point out that gitlab-group can be a list
See #637
* Reflect to the []string change on pkg/apis/options/options.go
See #637
* Move cfg option gitlab_group to gitlab_groups
See #637
* Renamed Group to Groups
See #637
* Reflect the change on gitlab.go as well
See #637
* Added #639
* Added the author of #639 to the CHANGELOG
* Add the gitlab_groups env change to CHANGELOG.md
See #639
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-06-26 23:26:07 +01:00
Joel Speed
daedbbd353
Merge pull request #615 from EvgeniGordeev/helm-example
...
helm kubernetes example based on kind cluster and nginx ingress
2020-06-26 19:06:50 +01:00
Evgeni Gordeev
054979978f
Merge remote-tracking branch 'upstream/master' into helm-example
...
# Conflicts:
# CHANGELOG.md
2020-06-25 15:24:00 -05:00
Joel Speed
3686b0b442
Merge pull request #596 from grnhse/extra-jwt-token-session
...
Verify main vs extra JWT bearers differently
2020-06-25 19:16:49 +01:00
Evgeni Gordeev
88a8a70537
update k8s manifest
2020-06-19 22:33:40 -05:00
Evgeni Gordeev
8bec67beb7
code review comments
2020-06-19 22:27:36 -05:00
Evgeni Gordeev
e8fce0b14d
Merge remote-tracking branch 'upstream/master' into helm-example
...
# Conflicts:
# CHANGELOG.md
2020-06-19 22:25:14 -05:00
Nick Meves
a3eef1709a
Improve default CreateSessionStateFromBearerToken tests
2020-06-19 11:48:23 -07:00
Nick Meves
c2c1caa404
Set User = Subject in ExtraJWTBearer sessions
2020-06-19 11:48:23 -07:00
Nick Meves
788d8ecc1b
Verify main v extra JWT bearers differently
...
When using the configured provider JWT Verifier, it makes
sense to use the provider `CreateSessionStateFromBearerToken`
method. For any extra JWT Issuers, they should use a generic
default verifier.
2020-06-19 11:47:36 -07:00
Joel Speed
5817028bb1
Merge pull request #597 from oauth2-proxy/no-log-empty-redirect
...
Don't log invalid redirect if redirect is empty
2020-06-19 19:40:48 +01:00
Joel Speed
dc756b9de3
Don't log invalid redirect if redirect is empty
2020-06-19 18:17:05 +01:00
Joel Speed
713c3927a9
Merge pull request #620 from oauth2-proxy/healthcheck-middleware
...
Add HealthCheck middleware
2020-06-19 18:15:36 +01:00
Evgeni Gordeev
84360114e2
polish
2020-06-17 19:18:52 -05:00
Evgeni Gordeev
fa7855a99d
get rid of test-connection pods for hello-world and httpbin
2020-06-16 16:59:56 -05:00
Evgeni Gordeev
c85e5297b5
* some polish
2020-06-16 16:47:10 -05:00
Evgeni Gordeev
11c033e2c8
* move httpbin and hello-world charts outside.
...
* expose kind to 443 port
* make helm optional
* rename folder to kubernetes
2020-06-16 16:39:11 -05:00
Evgeni Gordeev
9a495e996b
Merge remote-tracking branch 'upstream/master' into helm-example
...
# Conflicts:
# CHANGELOG.md
2020-06-16 16:38:01 -05:00
Joel Speed
ba3e40ab1c
Add changelog entry for healthcheck middleware
2020-06-14 21:06:14 +01:00
Joel Speed
9bbd6adce9
Integrate HealthCheck middleware
2020-06-14 21:05:17 +01:00
Joel Speed
ca416a2ebb
Add HealthCheck middleware
2020-06-14 21:05:17 +01:00
Evgeni Gordeev
43f214ce8b
Add Keycloak local testing environment ( #604 )
...
* Adding one more example - keycloak - alongside with dex IDP.
* don't expose keycloak and proxy ports to the host
* specify email-domain list option in documentation
* get rid of nginx and socat to simplify the example as per https://github.com/oauth2-proxy/oauth2-proxy/pull/604#issuecomment-640054390
* get rid of the scripts - use static file for keycloak startup
* changelog entry
* Update CHANGELOG.md
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-06-14 14:06:12 +01:00
Joel Speed
a197a17bc3
Merge pull request #539 from grnhse/encryption-efficiency-improvements
...
Encryption efficiency improvements
2020-06-14 13:23:14 +01:00
Nick Meves
1979627534
Move Encrypt/Decrypt Into helper to session_state.go
...
This helper method is only applicable for Base64 wrapped
encryption since it operated on string -> string primarily.
It wouldn't be used for pure CFB/GCM ciphers. After a messagePack
session refactor, this method would further only be used for
legacy session compatibility - making its placement in cipher.go
not ideal.
2020-06-12 14:46:35 -07:00
Nick Meves
014fa682be
Add EncryptInto/DecryptInto Unit Tests
2020-06-12 14:42:42 -07:00
Nick Meves
e43c65cc76
Fix SessionOptions struct spacing
2020-06-12 14:37:00 -07:00
Nick Meves
c6939a40c5
Move nested Encrypt/Decrypt test to helper function
2020-06-12 14:36:59 -07:00
Nick Meves
9382293b0b
Ensure Cipher.Encrypt doesn't mangle input data []byte
2020-06-12 14:36:59 -07:00
Nick Meves
7bb5fc0a81
Ensure Cipher.Decrypt doesn't mangle input ciphertext []byte
2020-06-12 14:36:59 -07:00