1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-12-10 11:10:27 +02:00
Commit Graph

982 Commits

Author SHA1 Message Date
Siim Tiilen
bdc686103e
Allow html in banner message (#462)
* allow html in banner message

* Fix changelog (move under new version)
2020-04-04 15:01:11 +01:00
Phil Taprogge
3f7837b955
Add logging in case of invalid redirects (#471)
* Add logging in case of invalid redirects

* update changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-04-02 09:51:38 +01:00
Christopher J. Ruwe
eb31850470
clarify the nginx auth_request_set/set problem with proxy_pass (#454)
* clarify the nginx auth_request_set/set problem with proxy_pass

* reworded/extended as result of review
2020-04-01 20:06:33 +01:00
Joel Speed
c02d560bf4
Merge pull request #432 from oauth2-proxy/update-deps
Update ruby dependencies for documentation
2020-03-29 17:41:58 +01:00
Theo
8641bc4738
Update docs deps 2020-03-29 17:34:17 +01:00
Joel Speed
c0fb7e81fc
Merge pull request #464 from oauth2-proxy/migration
Migrate to oauth2-proxy/oauth2-proxy
2020-03-29 16:32:39 +01:00
Joel Speed
f832eb1446
Update changelog and readme to reflect migration 2020-03-29 16:24:41 +01:00
Joel Speed
802754caad
Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
Joel Speed
4cdedc8f50
Merge pull request #463 from pusher/release-5.1.0
Update Changelog for Release 5.1.0
2020-03-29 13:41:30 +01:00
Joel Speed
9dcd8255bf
Update CHANGELOG for v5.1.0 release 2020-03-29 13:19:38 +01:00
Joel Speed
8d69d55de4
Update Go and GolangCI-Lint 2020-03-29 13:17:54 +01:00
Mitsuo Heijo
362cdf7713
Fix http.Cookie SameSite is not copied. (#450)
* fix: http.Cookie SameSite is not copied.

* Update CHANGELOG.md
2020-03-17 18:48:52 +00:00
Jakub Holy
3108f765a5
Fix #381, expose acr_values to all providers (#445) 2020-03-17 17:57:33 +00:00
Mariusz Strzelecki
4eef21cf3d
Bitbucket Auth Provider docs (#447)
* Bitbucket Auth Provider docs

* Typo fixed
2020-03-16 11:39:12 +00:00
Erico Fusco
4d7349f9c6
Update CHANGELOG.md (#446)
Fix PR link for #435
2020-03-16 10:14:38 +00:00
Mitsuo Heijo
81b9a63e51
Support Go 1.14 (#419)
* Upgrade base image tags and golangci-lint

* Upgrade golang and golangci-lint in travis-ci

* fix:  tests, pointed out by golangci-lint and format files

* Upgrade dependencies

* update changelog

* fix: tests related to https://github.com/pusher/oauth2_proxy/pull/418

* Separate tests using go version build tags

* Update CHANGELOG

* Revert "Separate tests using go version build tags"

This reverts commit 9b7e65eb90cae954dc7b6316345d3207205d488a.

* fix test to support go1.14 and go1.13

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-14 10:14:15 +00:00
Jakub Holy
400aea3653
Document how to use the sign_out endpoint (#443)
Fixes #441

+ a minor link fix
2020-03-14 10:07:23 +00:00
Wolfgang Richter
fad6fff16d
Cleaned up source to make golangci-lint pass (#418)
* cleaned up source to make golangci-lint pass

* providers/azure_test.go: use build in POST constant

* options_test.go: do not export unnecessary variables

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-14 09:58:29 +00:00
Jakub Holy
b1c81e2abe
Support prompt in addition to auth-prompt (#444)
Fix #380
2020-03-14 09:53:43 +00:00
Jakub Holy
0fc4131c72
configuration.md: clarify CLI -> config options (#442)
Clarify how to rename CLI options to be able to set them in the config file. I have just spent an hour trying to find out why `whitelist_domain="..."` does not work :-)

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-13 20:21:15 +00:00
Erico Fusco
8d0149ccf8
Fix issue with group validation called on every request (#435)
* Revert group validation on every request

* Fix syntax

* Remove unit tests associated with reverted change

* Update CHANGELOG
2020-03-13 20:10:38 +00:00
Joel Speed
e3fb25efe6
Merge pull request #434 from jordancrawfordnz/pass-user-headers-prefer-email
Support the PreferEmailToUser option on PassUserHeaders
2020-03-08 15:31:34 +00:00
Jordan Crawford
4cd43ef397 Support the PreferEmailToUser option on PassUserHeaders
Previously in #401, an option was added to support forwarding the email
address as the username to the upstream service when the PassBasicAuth
option is used.

The PassBasicAuth option is not appropriate for all users, with PassUserHeaders
allowing very similar functionality without specifying a basic auth headers.

The PreferEmailToUser option has been expanded to support the PassUserHeaders
option.
2020-03-04 11:47:13 +13:00
Joel Speed
666d4c3db1
Merge pull request #430 from pusher/stale-action
Add GitHub Action to tidy stale issues
2020-03-02 10:34:51 +00:00
Dan Bond
d94cf45ea8
Update .github/workflows/stale.yml
Co-Authored-By: Theo Barber-Bany <theo.barberbany@pusher.com>
2020-03-02 10:09:58 +00:00
Dan Bond
8ee8bd8bc2
Update .github/workflows/stale.yml
Co-Authored-By: Theo Barber-Bany <theo.barberbany@pusher.com>
2020-03-02 10:09:52 +00:00
Joel Speed
85891a2261
Add GitHub Action to tidy stale issues 2020-03-01 15:59:52 +00:00
Felix Fontein
d934309b44
Add preferred_username support (OIDC provider) (#420)
* Add support for preferred username.

* Add missing TOC entries.

* Add note about preferred_username support.

* Adjust tests.

* Check on not implemented error for GetPreferredUsername() call.

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-03-01 15:02:51 +00:00
ume
0bca3564b5
Fix to work with python 3 (#427)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-29 18:13:49 +00:00
D. Spindel
51f4d88028
Add option to prefer an Email address to a Username (#401)
With some providers the Username is an upstream Unique ID, like fex. in the
case of Google.

When matching this with downstream databases, it's sometimes preferred to use
the email address as the  known identifier.

However, when _mixing_ this with sometimes other sources, like htaccess, which
doesn't have a concept of an email address, it can turn difficult.

This change makes the headers _prefer_ to use the Email address, if such exists,
for the Username identifier when passing data to downstream services.

Defaults to Off.

Signed-off-by: D.S. Ljungmark <ljungmark@modio.se>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-29 17:38:32 +00:00
dependabot[bot]
0c7400a924
Bump nokogiri from 1.10.4 to 1.10.8 in /docs (#422)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.4 to 1.10.8.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.4...v1.10.8)

Signed-off-by: dependabot[bot] <support@github.com>
2020-02-28 18:26:40 +00:00
Timo Beckers
907de4e141
Use OAuthProxy.GetRedirect in /sign_in, honoring the 'rd' query parameter (#405)
* Use OAuthProxy.GetRedirect in /sign_in, honoring the 'rd' query parameter

* CHANGELOG.md - Add a changelog entry for #405
2020-02-28 09:59:27 +00:00
Luke Tainton
4f553bcfc8
Add nsswitch.conf to Docker image (#400)
* Add nsswitch.conf to Docker image

Created nsswitch.conf to use locally defined translations before DNS. Copied to /etc/nsswitch.conf in the image.

* Add new line

* Updated Changelog

Co-authored-by: Dan Bond <danbond@protonmail.com>
2020-02-23 18:16:18 +00:00
Jakub Holy
bd79b976da
Docs: Fix link to sessions.md (#403) 2020-02-19 13:20:07 +00:00
Nir Aizik
edd6ad6ae5
Add client-secret-file to main FlagSet (#399) 2020-02-17 14:21:04 +00:00
Iain Buclaw
2033ce81c3
Implement ValidateSessionState for GitHubProvider (#385)
Refactors the setting of the Authorization header into getGitHubHeader.

Refs #382

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-15 15:11:14 +00:00
Jakub Holy
7a6204c8fd
Fix #384 - link to sessions.md (#391)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-15 14:41:35 +00:00
Pavel Kirichenko
f2661c47ba
Support for client secret file. (#355)
* added ClientSecretFile in ProviderData

* add documentation notes on client secret file

* added Changelog entry for Client Secret File PR

* fixing configuration.md

* addressing PR issue of ClientSecret property naming

* Update providers/provider_data.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* corrected changelog entry

* fixed typo in GetClientSecret

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-15 13:44:39 +00:00
Devin Nemec
3a843f815d
GitHub Provider - Fallback to secondary verified email (#372)
* Fallback to secondary verified email

* Add change to changelog
2020-02-15 13:36:28 +00:00
Ben Letton
10adb5c516
Support optional id_tokens in refresh responses (#335)
* OIDC Token Refresh works without id_tokens

Addresses https://github.com/pusher/oauth2_proxy/issues/318

Refactoring the OIDC provider so that the refresh process works when there are
no id_tokens present in the response. Added unit tests to the oidc_test.go to prove
the redeem and refresh still work.

The expiry time of the session is now taken from the outh token expiry and not
the id_token (preventing stale access_tokens in sessions).

* Refactoring the to use a KeySetStub in the oidc_test.go. This allows the
elimination of the slightly contrived function passing elements used
previously. (This change is being applied to address the bug #318)

* Changes as per the PR comments and preparing for 5.x release

* Fixup changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-06 18:09:30 +00:00
Yan Yao
18d20364a8
Extension of Redis Session Store to Support Redis Cluster (#363)
* Extend the redis session store to support redis cluster

* rename function newRedisClient to newRedisCmdable

* update docs about redis cluster as session store

* update autocomplete script with redis cluster options

* add check about conflict between option redis-use-sentinel and redis-use-cluster

* update change log

* Update docs/configuration/sessions.md

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/sessions/redis/redis_store.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* add the dropped option back

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-02-06 17:59:12 +00:00
Nick Watts
3ae261031e
Add sign_out endpoint to endpoint documentation page (#383) 2020-02-05 16:28:51 +00:00
Jakub Holy
61007250f2
lates version is v5 not v4 (#379) 2020-02-03 15:39:14 +00:00
Felix Fontein
9670f54dd0
Fix login page fragment handling after soft reload on Firefox (#353)
* Fix login page fragment handling after soft reload on Firefox.

* Add comments.

* Move changelog entry to correct place.

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Felix Fontein <felix@fontein.de>
2020-01-31 11:11:15 +00:00
David Stark
c49d3628cd
Merge pull request #368 from pusher/advisory-notes
Open redirect (security vulnerability) notes
2020-01-29 12:56:42 +00:00
David Stark
3b0e8c3cb3
Open redirect (security vulnerability) notes 2020-01-29 12:45:19 +00:00
David Stark
a316f8a06f
Merge pull request from GHSA-qqxw-m5fj-f7gv
check for /\ redirects
2020-01-29 12:37:58 +00:00
David Stark
e21f09817e
note about open redirect vulneravility 2020-01-29 12:36:11 +00:00
David Stark
8c765779b5
Merge branch 'master' into advisory-fix-1 2020-01-29 12:24:42 +00:00
David Stark
fc59a6d683
Merge pull request #367 from pusher/feature/changelog-release-5
Release 5.0.0 / changelog update
2020-01-29 12:15:43 +00:00