1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-12-04 10:34:59 +02:00
Commit Graph

772 Commits

Author SHA1 Message Date
Henry Jenkins
c941f3ce0d
Merge branch 'master' into fix-docs-links 2019-08-13 21:23:45 +01:00
Henry Jenkins
9240538939
Merge pull request #244 from ferhatelmas/typo-fix
Fix some typos
2019-08-13 21:23:18 +01:00
Dan Bond
49e124eb87
Merge branch 'master' into typo-fix 2019-08-13 16:25:23 +01:00
Joel Speed
b167744b0a
Merge pull request #145 from rtluckie/feature/add_oidc_userinfo_support
Add OIDC support for UserInfo Endpoint Email Verification
2019-08-13 15:35:51 +01:00
ferhat elmas
fb52bdb90c Fix some typos 2019-08-13 12:42:23 +02:00
Ryan Luckie
c457eeb711
Merge branch 'master' into feature/add_oidc_userinfo_support 2019-08-12 17:32:29 -05:00
Henry Jenkins
8b61559b8d Fix links in docs
- Fixed a bunch of references to the repo, which were 404ing
- Fixed a couple of things that 301/302ed
- Fixed some in page references
2019-08-11 16:07:03 +01:00
Henry Jenkins
e1b70dc9f0
Merge pull request #240 from vitaliytv/patch-1
[docs] Fix link to oauth2_proxy.cfg
2019-08-11 15:20:58 +01:00
Vitalii Tverdokhlib
9e37de53e3
docs: fix path to oauth2_proxy.cfg 2019-08-11 14:55:19 +03:00
Joel Speed
a91cce7ab9
Merge pull request #238 from thought-machine/fix-typo
Fix typos in changelog
2019-08-07 19:36:03 +01:00
hjenkins
02dfa87f11 Fix typos in changelog 2019-08-07 18:00:37 +01:00
jansinger
7134d22bcc New flag "-ssl-upstream-insecure-skip-validation" (#234)
* New flag "-ssl-upstream-insecure-skip-validation" to skip SSL validation for upstreams with self generated / invalid SSL certificates.

* Fix tests for modified NewReverseProxy method.

* Added change to the changelog.

* Remove duplicate entries from changelog.
2019-08-07 17:48:53 +01:00
mikesiegel
d85660248c Adding docs for how to configure Okta for the OIDC provider (#235)
* Adding documentation for Okta OIDC provider.

* additional clean up.

* Clearer heading

* Forgot a word.

* updated documentation based on ReillyProcentive review.

* Per steakunderscore review: removed defaults. Removed extra hardening steps (expiration, https only etc) not directly related to setting up Okta w/ OIDC
2019-08-07 11:57:18 +01:00
Henry Jenkins
64672c34eb
Merge pull request #236 from thought-machine/slack
Adds reference to slack channel in readme
2019-08-06 12:47:10 +01:00
Dan Bond
c3eac4f6d4
Merge branch 'master' into slack 2019-08-06 12:23:45 +01:00
Alexander Overvoorde
4de49983fb Rework GitLab provider (#231)
* Initial version of OIDC based GitLab provider

* Add support for email domain check to GitLab provider

* Add gitlab.com as default issuer for GitLab provider

* Update documentation for GitLab provider

* Update unit tests for new GitLab provider implementation

* Update CHANGELOG for GitLab provider

* Rename GitLab test access token as response to linter
2019-08-06 12:20:54 +01:00
hjenkins
5f9a65f6b1 Adds reference to slack channel in readme 2019-08-06 12:16:03 +01:00
Justin Palpant
7d910c0ae8 Check Google group membership with hasMember and get. (#224)
* Check Google group membership with hasMember and get.

This PR is an enhancement built on
https://github.com/pusher/oauth2_proxy/pull/160. That PR reduces the
number of calls to the Google Admin API and simplifies the code by
using the hasMember method. It also supports checking membership in
nested groups.

However, the above message doesn't handle members who are not a part
of the domain. The hasMember API returns a 400 for that case. As a
fallback, when the API returns a 400, this change will try using the
`get` API which works as expected for members who aren't a part of the
domain. Supporting members who belong to the Google group but aren't
part of the domain is a requested feature from
https://github.com/pusher/oauth2_proxy/issues/95.

https://developers.google.com/admin-sdk/directory/v1/reference/members/get

Note that nested members who are not a part of the domain will not be
correctly detected with this change.

* Update CHANGELOG.

* Fix incorrect JSON and stop escaping strings.

* Add comments for each scenario.
2019-08-06 10:38:24 +01:00
Henry Jenkins
69c723af81
Merge pull request #232 from ReillyBrogan/fix-changelog-typos
[DOCS] Fix a bunch of places where the repo link was incorrect
2019-08-05 11:28:21 +01:00
Joel Speed
a882788efb
Merge branch 'master' into fix-changelog-typos 2019-08-05 11:17:28 +01:00
Joel Speed
88a7f9f483
Merge pull request #233 from steakunderscore/remove-dep
Remove dep from Travis CI & pre-install modules
2019-08-05 09:44:16 +01:00
hjenkins
8a24dd797f Download modules in travis install step 2019-08-05 09:26:42 +01:00
Henry Jenkins
d346219293 Remove dep from Travis CI
Was missed from previous switch to go modules
2019-08-04 21:24:21 +01:00
Reilly Brogan
1ab63304a1 Fix a bunch of places where the repo link was incorrect 2019-08-03 13:22:42 -05:00
Joel Speed
3f219bd85c
Merge pull request #225 from pusher/fix-codeowners
Fix CODEOWNERS file
2019-07-24 09:37:15 +01:00
Joel Speed
23309adc7c
Fix CODEOWNERS file 2019-07-24 09:21:08 +01:00
Joel Speed
6c4aca957e
Merge pull request #223 from pusher/maintainers
Add MAINTAINERS and update CODEOWNERS
2019-07-23 16:45:32 +01:00
Joel Speed
e48d28d1b9
Add MAINTAINERS and update CODEOWNERS 2019-07-23 16:20:45 +01:00
Ryan Luckie
4a6b703c54 Update CHANGELOG 2019-07-19 09:03:01 -05:00
Ryan Luckie
93cb575d7c Fix error message for clarity 2019-07-19 08:59:29 -05:00
Ryan Luckie
f537720b52 fix lint errors 2019-07-19 08:57:05 -05:00
Ryan Luckie
122ec45dd8 Requested changes 2019-07-19 08:55:14 -05:00
Ryan Luckie
0d94f5e515 fix lint error 2019-07-19 08:53:20 -05:00
Ryan Luckie
2eecf756e4 Add OIDC support for UserInfo Endpoint Email Verification
* Current OIDC implementation asserts that user email check must come
from JWT token claims. OIDC specification also allows for source
of user email to be fetched from userinfo profile endpoint.
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

* First, attempt to retrieve email from JWT token claims.  Then fall back to
requesting email from userinfo endpoint.

* Don't fallback to subject for email

https://github.com/bitly/oauth2_proxy/pull/481
2019-07-19 08:53:20 -05:00
Joel Speed
8635391543
Merge pull request #178 from kskewes/pinglog
Add silence-ping-logging flag
2019-07-19 11:30:31 +01:00
Karl
f29e353586
Update options.go
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
2019-07-19 22:11:53 +12:00
Joel Speed
2c104c4e7d
Merge pull request #211 from steakunderscore/go-mod
Switch from dep to go modules
2019-07-17 10:21:09 +01:00
Joel Speed
7bf00b7f4a
Merge pull request #213 from pusher/fix-tls-flags
Correct TLS Flags broken in #186
2019-07-17 10:10:18 +01:00
Joel Speed
7b1132df13
Fix tls-*-file docs 2019-07-17 09:58:11 +01:00
Karl Skewes
6bf3f2a51b
Correct tls cert flag name per 186 2019-07-16 13:32:57 +01:00
Karl Skewes
f00a474d91 Correct tls cert flag name per 186 2019-07-16 11:39:06 +12:00
Karl Skewes
b57d7f77e1 Use ok naming convention for map presence check 2019-07-16 10:06:29 +12:00
Karl Skewes
84da3c3d8c update changelog with both flags 2019-07-16 10:06:29 +12:00
Karl Skewes
9ed5623f2a Change env vars to suit incoming PR186 2019-07-16 10:05:10 +12:00
Karl Skewes
7236039b9d remove remnant from rebase 2019-07-16 10:04:09 +12:00
Karl Skewes
289dfce28a logger.go ExcludedPaths changed to slice of paths.
- `logger.go` convert slice of paths to map for quicker lookup
- `options.go` combines csv paths and pingpath into slice
2019-07-16 10:04:09 +12:00
Karl Skewes
4e10cc76e0 Add silence ping logging flag using ExcludePath
- Add `ping-path` option to enable switching on and passing to `logger.go`
  Default remains unchanged at: `"/ping"`
- Add note in configuration.md about silence flag taking precedence

Potential tests:
- `options.go` sets `logger.SetExcludePath` based on silence flag?
- Changing `PingPath` reflected in router?
2019-07-16 09:46:53 +12:00
Karl Skewes
08021429ea formatting and extra test
Can probably slim down the `ExcludePath` tests.
2019-07-16 09:43:48 +12:00
Karl Skewes
c4f20fff3d Add exclude logging path option
Useful for excluding /ping endpoint to reduce log volume.
This is somewhat more verbose than a simple bool to disable logging of
the `/ping` endpoint.

Perhaps better to add `-silence-ping-logging` bool flag to `options.go` and
pass in the `/ping` endpoint as part of `logger` declaration in `options.go`.

Could be extended into a slice of paths similar to go-gin's `SkipPaths`:
https://github.com/gin-gonic/gin/blob/master/logger.go#L46
2019-07-16 09:43:47 +12:00
Karl Skewes
ec97000169 Add silence ping logging flag
Add ability to silence logging of requests to /ping endpoint, reducing
log clutter

Pros:
- Don't have to change all handlers to set/not set silent ping logging
- Don't have to duplicate `loggingHandler` (this could be preferable yet)

Cons:
- Leaking oauth2proxy logic into `package logger`
- Defining default pingPath in two locations

Alternative:
- Add generic exclude path to `logger.go` and pass in `/ping`.
2019-07-16 09:42:24 +12:00