Nick Meves
b4530b9292
Allow binary values in signed cookies
...
Make signedValue & Validate operate on []byte
by default and not assume/cast string. Any casting
will be done from callers.
2020-06-12 14:36:58 -07:00
Nick Meves
f9025a8f8f
Add binary native AES CFB encryption helpers.
...
These will take in []byte and not automatically
Base64 encode/decode.
2020-06-12 14:36:56 -07:00
Joel Speed
1683aa5978
Merge pull request #601 from oauth2-proxy/fix-fallback
...
Ensure decrypted user/email are valid UTF8
2020-06-12 15:47:33 +01:00
Joel Speed
808084b744
Ensure decrypted user/email are valid UTF8
2020-06-12 15:36:55 +01:00
Christopher Kohnert
2c851fcd4f
Allow a health/ping request to be identified by User-Agent ( #567 )
...
* Add an option to allow health checks based on User-Agent.
* Formatting fix
* Rename field and avoid unnecessary interface.
* Skip the redirect fix so it can be put into a different PR.
* Add CHANGELOG entry
* Adding a couple tests for the PingUserAgent option.
2020-06-12 14:56:31 +01:00
Joel Speed
160bbaf98e
Fallback to UserInfo is User ID claim not present ( #560 )
...
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-06-04 17:41:29 +01:00
Scott Guymer
3aeca4368c
ACR values should not be automatically added when blank ( #598 )
...
* ACR values should not be automatically added when blank
* Added changelog
2020-06-02 18:17:27 +01:00
Yoshiki Nakagawa
d8d43bb51b
Support new option "github-user" ( #421 )
...
* feat(github): support new option "github-user"
* feat(github): rename github-user to github-users
* feat(github): update docs for github-users option
* feat(github): remove unneeded code
* feat(github): remove logging
* feat(github-user): use github-user as flagset options
* feat(github-user): remove optionns.go
* feat(github-user): add github-user flagset
* feat(github): improve readability in the docs
* feat(github-user): refactored SetUsers method
* Update flag description
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-06-01 20:02:07 +01:00
Joel Speed
a17c48810f
Merge pull request #548 from oauth2-proxy/move-logging-options
...
Separate logging options out of main options structure
2020-05-31 14:15:18 +01:00
Joel Speed
94e31f8b65
Ensure exclude-logging-paths is consistent with other options
2020-05-31 14:09:28 +01:00
Joel Speed
f7c88f53d1
Update changelog for logging options move
2020-05-31 14:09:24 +01:00
Joel Speed
bbc4eee17e
Create Logging FlagSet and Default
2020-05-31 14:08:00 +01:00
Joel Speed
3cbac6122d
Move configuration of logger to separate file
2020-05-31 14:08:00 +01:00
Joel Speed
3afcadae76
Move logging options to a struct
2020-05-31 14:08:00 +01:00
Joel Speed
f7b28cb1d3
Improvements to Session State code ( #536 )
...
* Drop SessionStateJSON wrapper
* Use EncrpytInto/DecryptInto to reduce sessionstate
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-30 08:53:38 +01:00
Amnay
6a88da7f7a
Parse Redis cluster and sentinel urls ( #573 )
...
* Parse Redis cluster and sentinel urls
* Add changelog entry for #573
* Add unit tests for redis session store
* Use %v for error fmt
Co-authored-by: Amnay Mokhtari <amnay.mokhtari@adevinta.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-05-27 18:40:50 +01:00
Joel Speed
11c8a983c8
Merge pull request #582 from oauth2-proxy/dependabot/bundler/docs/activesupport-6.0.3.1
...
Bump activesupport from 6.0.2.1 to 6.0.3.1 in /docs
2020-05-27 10:03:56 +01:00
dependabot[bot]
d1bab0e22e
Bump activesupport from 6.0.2.1 to 6.0.3.1 in /docs
...
Bumps [activesupport](https://github.com/rails/rails ) from 6.0.2.1 to 6.0.3.1.
- [Release notes](https://github.com/rails/rails/releases )
- [Changelog](https://github.com/rails/rails/blob/v6.0.3.1/activesupport/CHANGELOG.md )
- [Commits](https://github.com/rails/rails/compare/v6.0.2.1...v6.0.3.1 )
Signed-off-by: dependabot[bot] <support@github.com>
2020-05-27 08:55:47 +00:00
Joel Speed
03a0e1a0e3
Merge pull request #414 from ti-mo/cookie-secret-cipher-xauthrequest
...
Always encrypt sessions regardless of configuration
2020-05-24 21:27:22 +01:00
Timo Beckers
276d1c6f19
Always encrypt sessions regardless of configuration
2020-05-24 21:23:04 +01:00
Amnay
0c9795a964
render error page on 502 proxy status ( #574 )
...
Co-authored-by: Amnay Mokhtari <amnay.mokhtari@adevinta.com>
2020-05-24 21:09:00 +01:00
Joel Speed
810a9e9967
Rename cookie-domain config to cookie-domains ( #559 )
...
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-24 20:19:56 +01:00
Isabelle COWAN-BERGMAN
fc11d8d508
Updated autocompletion for --
long options. ( #569 )
...
* Updated autocompletion for `--` long options.
* Added CHANGELOG.md entry.
2020-05-24 17:12:28 +01:00
Joel Speed
a0085e9015
Add changelog entry for 489 ( #572 )
2020-05-23 18:49:09 +01:00
Joel Speed
236c7fa60e
Merge pull request #489 from oauth2-proxy/move-options
...
Move Options and Validation to packages
2020-05-23 15:59:29 +01:00
Joel Speed
cce2c680d8
Move RealClientIP code to IP packages
2020-05-23 15:17:41 +01:00
Joel Speed
c3f9cbeb3d
Remove Env tags from Cookie and Session Options
2020-05-21 22:43:42 +01:00
Joel Speed
189ed4de8f
Move FlagSet to Options package
2020-05-21 22:43:42 +01:00
Joel Speed
1fd4ebe546
Remove Env tags from Options
2020-05-21 22:43:42 +01:00
Joel Speed
44b27e0208
Move Options and Validation to package
2020-05-21 22:43:42 +01:00
Amnay
de0c92af06
fix small typo in docs ( #570 )
...
Co-authored-by: Amnay Mokhtari <amnay.mokhtari@adevinta.com>
2020-05-21 21:24:25 +01:00
Nick Meves
7e5c8bb579
Fix secretBytes adding unintended padding ( #556 )
...
* Fix secretBytes adding unintended padding
* Add more SecretBytes test scenarios
* Add CHANGELOG entry about breaking secret padding change
* Add SecretBytes tests explanation comments
2020-05-21 19:29:45 +01:00
Nick Meves
d228d5a928
Refactor the utils package to other areas ( #538 )
...
* Refactor the utils package to other areas
Move cookieSession functions to cookie session store
& align the double implementation of SecretBytes to be
united and housed under encryption
* Remove unused Provider SessionFromCookie/CookieForSession
These implementations aren't used, these are handled in the cookie store.
* Add changelog entry for session/utils refactor
2020-05-14 10:16:35 +01:00
Isabelle COWAN-BERGMAN
111d17efde
Implements --real-client-ip-header option. ( #503 )
...
* Implements -real-client-ip-header option.
* The -real-client-ip-header determines what HTTP header is used for
determining the "real client IP" of the remote client.
* The -real-client-ip-header option supports the following headers:
X-Forwarded-For X-ProxyUser-IP and X-Real-IP (default).
* Introduces new realClientIPParser interface to allow for multiple
polymorphic classes to decide how to determine the real client IP.
* TODO: implement the more standard, but more complex `Forwarded` HTTP
header.
* Corrected order of expected/actual in test cases
* Improved error message in getRemoteIP
* Add tests for getRemoteIP and getClientString
* Add comment explaining splitting of header
* Update documentation on -real-client-ip-header w/o -reverse-proxy
* Add PR number in changelog.
* Fix typo repeated word: "it"
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
* Update extended configuration language
* Simplify the language around dependance on -reverse-proxy
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
* Added completions
* Reorder real client IP header options
* Update CHANGELOG.md
* Apply suggestions from code review
Co-authored-by: Isabelle COWAN-BERGMAN <Izzette@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-12 18:41:25 +01:00
Joel Speed
d0cfca4b73
Merge pull request #529 from oauth2-proxy/test-environment
...
Add local test environments for testing changes and new features
2020-05-12 16:19:27 +01:00
Joel Speed
2e37da4dc4
Update changelog for test environment addition
2020-05-12 16:07:17 +01:00
Joel Speed
afef9c7588
Add nginx test environment to demonstrate protecting multiple subdomains
2020-05-12 16:06:17 +01:00
Joel Speed
0ccfc73ab2
Add test environment docker-compose files
2020-05-12 16:06:16 +01:00
Joel Speed
4e3dd09cf2
Drop fallback to email when user is empty ( #537 )
2020-05-12 16:04:51 +01:00
John Clayton
7cf685140b
Restrict access using Github collaborators ( #497 )
...
* Allow access based on Github repository
2020-05-11 18:02:40 +01:00
Mitsuo Heijo
e642daef4e
Support context in providers ( #519 )
...
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-10 13:34:59 +01:00
Joel Speed
53d8e99f05
Remove Syscll as a maintainer ( #540 )
2020-05-10 11:51:15 +01:00
Joel Speed
de280824de
Drop support for pre v3.1 cookies ( #535 )
...
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-10 10:09:53 +01:00
Joel Speed
24cdfa68b6
Set up code coverage within Travis for Code Climate ( #533 )
...
* Set up code coverage within Travis for Code Climate
* Include CodeClimate badges on ReadMe
2020-05-10 07:29:37 +01:00
n-i-x
be9eaaeb48
Add basic string functions to templates ( #514 )
...
* Add basic string functions to templates
Co-authored-by: Oliver <oliver006@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-09 21:05:51 +01:00
Nick Meves
9d626265e8
Migrate cookie signing to SHA256 from SHA1 ( #524 )
...
Also, cleanup the code & make the specific
hashing algorithm chosen a function variable.
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-09 16:14:19 +01:00
Joel Speed
07df29db37
Drop configure script in favour of native Makefile env and checks ( #515 )
...
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-09 16:07:46 +01:00
Henry Jenkins
9ed5a43516
Use double dashes in docs ( #530 )
...
We only supports double dash (`--`) now, so update docs to reflect this.
2020-05-09 15:39:47 +01:00
Joel Speed
8d3de2dc75
Tidy changelog and update releases to v5.1.1 ( #526 )
2020-05-06 19:00:12 +01:00
Joel Speed
0d5fa211df
Merge pull request from GHSA-j7px-6hwj-hpjg
2020-05-06 12:42:02 +01:00