1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-24 08:52:25 +02:00
Commit Graph

123 Commits

Author SHA1 Message Date
Dan Bond
f40dab8748 Rewrite dist script (#302)
* Rewrite dist scripts

* add changelog entry

* remove multiple loops in dist

* styling
2019-10-29 17:27:08 +00:00
Dan Bond
ba21c90c7a
fix broken changelog link (#301)
* fix broken changelog link

* Update CHANGELOG.md
2019-10-28 10:42:43 -07:00
Johannes-Maria Frank
292d2dc639 Added version check for bash version gteq 4 (#292)
* Added version check for bash version gteq 4

* Added entry to CHANGELOG for bash 4.0 configure script dependency

* Corrected changelog entry to right format

* Fixed link in changelog entry

* Remove uneeded new line.
2019-10-28 09:39:22 -07:00
Tom Deadman
35f2ae9a36 Improved request errors (#286)
* worked on wrapping errors in requests.go, added defer statements

* removed .idea (generated by goland)

* added another require.NoError

* Update pkg/requests/requests.go

Co-Authored-By: Dan Bond <pm@danbond.io>

* fixed out-of-order imports

* changelog entry added

* swapped error definitions to use fmt.Errorf rather than Wrap()

* formatting changes, added new defers to requests_test.go

* suppot for go1.12 pipeline removed from travis pipeline, .idea/ added to gitignore

* Reorder changelog entry
2019-10-23 09:55:34 -07:00
Josh Michielsen
052451edef Merge branch 'Issue#259-RedirectToHTTPS' of github.com:jmickey/oauth2_proxy into Issue#259-RedirectToHTTPS 2019-10-17 22:20:21 +01:00
Josh Michielsen
56d195a433 Docs and changelog
Signed-off-by: Josh Michielsen <github@mickey.dev>
2019-10-17 22:20:15 +01:00
leyshon
c3cdcae49b
Merge branch 'master' into feature/azure-idtoken 2019-10-14 11:04:04 +01:00
Dan Bond
486521da96 fix previous CHANGELOG error 2019-10-07 17:11:38 -07:00
Dan Bond
a97710d3d2 update CHANGELOG 2019-10-07 17:11:14 -07:00
Dhi Aurrahman
de16df232d Support Go 1.13.x and allow to override REGISTRY (#273)
Signed-off-by: Dhi Aurrahman <dio@tetrate.io>
2019-10-07 13:53:46 -07:00
leyshon
d8d4c687df
Merge branch 'master' into feature/azure-idtoken 2019-10-02 10:33:08 +01:00
Joel Speed
ac0d010371
Merge branch 'master' into support-x-auth-request-redirect 2019-09-30 17:21:05 +01:00
Dan Bond
a122ac60e4
Fix CHANGELOG errors 2019-09-25 13:33:58 -07:00
Ian Hunter
18a77e6618 Reflect #248 PR in CHANGELOG.md 2019-09-19 11:26:18 -05:00
leyshon
41ed9f7429 Updating the changelog to include details of the change 2019-09-02 14:56:20 +01:00
Henry Jenkins
71dfd44149
Merge branch 'master' into keycloak-provider 2019-08-17 08:10:37 +01:00
Joel Speed
44ea6920a7
Update changelog for v4.0.0 release 2019-08-16 15:06:53 +01:00
aledeganopix4d
fa6c4792a1 Add Bitbucket provider. (#201)
Add a new provider for Bitbucket,
can be configured from the options
specifying team and/or repository
that the user must be part/have access
to in order to grant login.
2019-08-16 14:53:22 +01:00
Adam Eijdenberg
d5d4878a29 Made setting of proxied headers deterministic based on configuration
alone

Previously some headers that are normally set by the proxy (and may be
replied upstream for authorization decisiions) were not being set
depending on values in the users sesssion.

This change ensure that if a given header is sometimes set, it will
always be either set or removed.

It might be worth considerating always deleting these headers if we
didn't add them.
2019-08-16 11:44:43 +10:00
Ryan Luckie
c457eeb711
Merge branch 'master' into feature/add_oidc_userinfo_support 2019-08-12 17:32:29 -05:00
hjenkins
02dfa87f11 Fix typos in changelog 2019-08-07 18:00:37 +01:00
jansinger
7134d22bcc New flag "-ssl-upstream-insecure-skip-validation" (#234)
* New flag "-ssl-upstream-insecure-skip-validation" to skip SSL validation for upstreams with self generated / invalid SSL certificates.

* Fix tests for modified NewReverseProxy method.

* Added change to the changelog.

* Remove duplicate entries from changelog.
2019-08-07 17:48:53 +01:00
Alexander Overvoorde
4de49983fb Rework GitLab provider (#231)
* Initial version of OIDC based GitLab provider

* Add support for email domain check to GitLab provider

* Add gitlab.com as default issuer for GitLab provider

* Update documentation for GitLab provider

* Update unit tests for new GitLab provider implementation

* Update CHANGELOG for GitLab provider

* Rename GitLab test access token as response to linter
2019-08-06 12:20:54 +01:00
Justin Palpant
7d910c0ae8 Check Google group membership with hasMember and get. (#224)
* Check Google group membership with hasMember and get.

This PR is an enhancement built on
https://github.com/pusher/oauth2_proxy/pull/160. That PR reduces the
number of calls to the Google Admin API and simplifies the code by
using the hasMember method. It also supports checking membership in
nested groups.

However, the above message doesn't handle members who are not a part
of the domain. The hasMember API returns a 400 for that case. As a
fallback, when the API returns a 400, this change will try using the
`get` API which works as expected for members who aren't a part of the
domain. Supporting members who belong to the Google group but aren't
part of the domain is a requested feature from
https://github.com/pusher/oauth2_proxy/issues/95.

https://developers.google.com/admin-sdk/directory/v1/reference/members/get

Note that nested members who are not a part of the domain will not be
correctly detected with this change.

* Update CHANGELOG.

* Fix incorrect JSON and stop escaping strings.

* Add comments for each scenario.
2019-08-06 10:38:24 +01:00
Reilly Brogan
1ab63304a1 Fix a bunch of places where the repo link was incorrect 2019-08-03 13:22:42 -05:00
Karel Pokorny
800a3694c2 Add docs and record in CHANGELOG 2019-07-28 16:26:09 +02:00
Ryan Luckie
4a6b703c54 Update CHANGELOG 2019-07-19 09:03:01 -05:00
Joel Speed
8635391543
Merge pull request #178 from kskewes/pinglog
Add silence-ping-logging flag
2019-07-19 11:30:31 +01:00
Karl Skewes
84da3c3d8c update changelog with both flags 2019-07-16 10:06:29 +12:00
Karl Skewes
ec97000169 Add silence ping logging flag
Add ability to silence logging of requests to /ping endpoint, reducing
log clutter

Pros:
- Don't have to change all handlers to set/not set silent ping logging
- Don't have to duplicate `loggingHandler` (this could be preferable yet)

Cons:
- Leaking oauth2proxy logic into `package logger`
- Defining default pingPath in two locations

Alternative:
- Add generic exclude path to `logger.go` and pass in `/ping`.
2019-07-16 09:42:24 +12:00
Henry Jenkins
bc81a0f6e4 Merge branch 'master' into go-mod
* master:
  Move docker dep commands to earlier in the build
2019-07-15 21:38:55 +01:00
Henry Jenkins
56f51417ae
Merge branch 'master' into go-mod 2019-07-15 16:08:21 +01:00
Daniel Kimsey
816c2a6da9 Move docker dep commands to earlier in the build
This will let Docker cache the results of the vendor dependencies.
Making re-builds during testing faster.

Also clean-up spurious test & rm in ./configure
2019-07-15 10:00:34 -05:00
Joel Speed
874c147e04
Fix tls-key-file and tls-cert-file consistency 2019-07-15 12:01:44 +01:00
Joel Speed
bdcdfb74f9
Update docs and changelog 2019-07-15 12:01:43 +01:00
Joel Speed
630db3769b
Merge branch 'master' into refactor 2019-07-15 11:30:43 +01:00
Henry Jenkins
179ee6c2db Update CHANGELOG 2019-07-14 13:51:46 +01:00
Henry Jenkins
e92e2f0cb4 Update CHANGELOG 2019-07-14 13:32:37 +01:00
Daryl Finlay
776d063b98 Update changelog to include --insecure-oidc-allow-unverified-email 2019-07-11 15:30:57 +01:00
Henry Jenkins
aa37564655
Merge branch 'master' into banner-flag 2019-07-02 14:03:21 +01:00
Henry Jenkins
b9cfa8f49f Add changelog entry 2019-06-25 16:42:24 +01:00
Henry Jenkins
5bcb998e6b Update changelog 2019-06-23 21:39:13 +01:00
Henry Jenkins
411adf6f21 Switch linter to golangci-lint 2019-06-23 20:44:16 +01:00
Brian Van Klaveren
48dbb391bc Move around CHANGELOG.md update 2019-06-17 12:52:44 -07:00
Brian Van Klaveren
8413c30c26 Update changelog with info about -skip-jwt-bearer-tokens 2019-06-17 12:52:13 -07:00
Joel Speed
0af18d6d7c
Merge pull request #141 from openai/googleGroupEmail
Check google group membership based on email address
2019-06-15 14:05:56 +02:00
Joel Speed
77e1fff753
Merge pull request #185 from jonas/check-against-validate-url-string
Only validate tokens if ValidateURL resolves to a non-empty string
2019-06-15 12:30:03 +02:00
Joel Speed
417fde190c
Update changelog 2019-06-15 11:33:59 +02:00
Adam Eijdenberg
d69560d020 No need for case when only 2 conditions 2019-06-15 18:48:27 +10:00
Jonas Fonseca
7a8fb58ad1
Only validate tokens if ValidateURL resolves to a non-empty string
Fix an unsupported protocol scheme error when validating tokens by
ensuring that the ValidateURL generates a non-empty string. The Azure
provider doesn't define any ValidateURL and therefore uses the default
value of `url.Parse("")` which is not `nil`.

The following log summary shows the issue:

    2019/06/14 12:26:04 oauthproxy.go:799: 10.244.1.3:34112 ("10.244.1.1") refreshing 16h26m29s old session cookie for Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true} (refresh after 1h0m0s)
    2019/06/14 12:26:04 internal_util.go:60: GET ?access_token=eyJ0...
    2019/06/14 12:26:04 internal_util.go:61: token validation request failed: Get ?access_token=eyJ0...: unsupported protocol scheme ""
    2019/06/14 12:26:04 oauthproxy.go:822: 10.244.1.3:34112 ("10.244.1.1") removing session. error validating Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true}
2019-06-14 12:52:22 -04:00