go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-29 01:01:36 +02:00
Code Issues Releases Activity
1,965 Commits 24 Branches 38 Tags
ca9c0fbe7de80464aad4e189e4ba3f19e60fb5df
Commit Graph

314 Commits

Author SHA1 Message Date
Kamal Nasser
ae4e9155d2 implicit/explicit redirect port matching 2019-10-12 23:47:23 +03:00
Kamal Nasser
bfb22506ff allow redirects to whitelisted hosts with ports 2019-10-11 15:39:57 +03:00
Christian Groschupp
a46ee952a6 Move responceCode out of HandleFunc. 2019-10-10 10:14:01 +02:00
Christian Groschupp
dc36836800 Add tests for static upstream 2019-10-10 10:14:01 +02:00
Christian Groschupp
1295f87b33 Add static upstream 2019-10-10 10:14:00 +02:00
Kirill Motkov
e64e6fa514 Some code improvements 
* Remove shadowing of predeclared identifier: new.
* strings.ReplaceAll instead of strings.Replace with -1.
* Change strings.ToLower comparison to strings.EqualFold.
* Rewrite if-else-if-else chain as a switch.
 2019-10-09 15:44:26 +03:00
Ian Hunter
a209a52df1 More fully support X-Auth-Request-Redirect header 
Docs showed that the X-Auth-Request-Redirect header can specify a redirect URI, but only the rd POST parameter was being honored
This fixes that.
 2019-08-17 15:50:44 -05:00
Adam Eijdenberg
d5d4878a29 Made setting of proxied headers deterministic based on configuration 
alone

Previously some headers that are normally set by the proxy (and may be
replied upstream for authorization decisiions) were not being set
depending on values in the users sesssion.

This change ensure that if a given header is sometimes set, it will
always be either set or removed.

It might be worth considerating always deleting these headers if we
didn't add them.
 2019-08-16 11:44:43 +10:00
ferhat elmas
fb52bdb90c Fix some typos 2019-08-13 12:42:23 +02:00
jansinger
7134d22bcc New flag "-ssl-upstream-insecure-skip-validation" (#234) 
* New flag "-ssl-upstream-insecure-skip-validation" to skip SSL validation for upstreams with self generated / invalid SSL certificates.

* Fix tests for modified NewReverseProxy method.

* Added change to the changelog.

* Remove duplicate entries from changelog.
 2019-08-07 17:48:53 +01:00
Karl Skewes
4e10cc76e0 Add silence ping logging flag using ExcludePath 
- Add `ping-path` option to enable switching on and passing to `logger.go`
  Default remains unchanged at: `"/ping"`
- Add note in configuration.md about silence flag taking precedence

Potential tests:
- `options.go` sets `logger.SetExcludePath` based on silence flag?
- Changing `PingPath` reflected in router?
 2019-07-16 09:46:53 +12:00
Joel Speed
630db3769b Merge branch 'master' into refactor 2019-07-15 11:30:43 +01:00
Henry Jenkins
aa37564655 Merge branch 'master' into banner-flag 2019-07-02 14:03:21 +01:00
Henry Jenkins
924eab6355 Adds banner flag 
This is to override what's displayed on the main page.
 2019-06-25 16:41:51 +01:00
Henry Jenkins
d24aacdb5c Fix lint errors 2019-06-23 21:39:13 +01:00
Brian Van Klaveren
bd651df3c2 Ensure groups in JWT Bearer tokens are also validated 
Fix a minor auth logging bug
 2019-06-20 13:40:04 -07:00
Brian Van Klaveren
5a50f6223f Do not infer username from email 2019-06-17 12:58:40 -07:00
Brian Van Klaveren
2f6dcf3b5f Move refreshing code to block acquiring cookied session 2019-06-17 12:52:44 -07:00
Brian Van Klaveren
58b06ce761 Fall back to using sub if email is none (as in PR #57) 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
187960e9d8 Improve token pattern matching 
Unit tests for token discovery
 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
8083501da6 Support JWT Bearer Token and Pass through 2019-06-17 12:51:35 -07:00
Joel Speed
6366690927 Fix gofmt for changed files 2019-06-15 11:34:00 +02:00
Joel Speed
fb9616160e Move logger to pkg/logger 2019-06-15 11:33:58 +02:00
Joel Speed
d1ef14becc Move cookie to pkg/encryption 2019-06-15 11:33:57 +02:00
Adam Eijdenberg
d69560d020 No need for case when only 2 conditions 2019-06-15 18:48:27 +10:00
Adam Eijdenberg
f35c82bb0f The AuthOnly path also needs the response headers set 2019-06-07 14:25:12 +10:00
Adam Eijdenberg
9e59b4f62e Restructure so that serving data from upstream is only done when explicity allowed, rather 
than as implicit dangling else
 2019-06-07 13:50:44 +10:00
Joel Speed
093f9da881 Move cipher creation to options and away from oauth2_proxy.go 2019-05-20 11:26:13 +02:00
Joel Speed
37e31b5f09 Remove dead code 2019-05-20 11:26:11 +02:00
Joel Speed
c61f3a1c65 Use SessionStore for session in proxy 2019-05-20 11:26:10 +02:00
Joel Speed
fbee5eae16 Initialise SessionStore in Options 2019-05-20 11:26:04 +02:00
Joel Speed
2ab8a7d95d Move SessionState to its own package 2019-05-18 13:09:56 +02:00
timothy-spencer
1a8bd70b46 fixing code redemption error string logging 2019-05-07 10:47:15 -07:00
Mister Wil
9eaa9fdcbf Standardizing log messages to colons 2019-04-23 09:36:18 -07:00
MisterWil
d77119be55 Merging changes 2019-04-12 09:26:44 -07:00
MisterWil
c22731afa0 Fixed linting errors. 2019-04-12 08:59:46 -07:00
MisterWil
37c415b889 Self code review changes 2019-04-12 08:59:46 -07:00
MisterWil
8ec025f536 Auth and standard logging with file rolling 2019-04-12 08:59:46 -07:00
Costel Moraru
071d17b521 Expose -cookie-path as configuration parameter 2019-04-10 00:36:35 +03:00
gyson
978c0a33e4 Improve websocket support 2019-03-22 17:19:38 -04:00
Patrick Koenig
6f9eac5190 Set redirect URL path when host is present 2019-03-20 09:25:04 -07:00
einfachchr
f715c9371b Fixes deletion of splitted cookies - Issue #69 (#70) 
* fixes deletion of splitted cookies

* three minor adjustments to improve the tests

* changed cookie name matching to regex

* Update oauthproxy.go

Co-Authored-By: einfachchr <einfachchr@gmail.com>

* removed unused variable

* Changelog
 2019-03-15 07:18:37 +00:00
Joel Speed
e195a74e26 Revert OAuthCallbackPath 2019-03-12 16:46:37 +00:00
Adam Szalkowski
c7193b4085 Merge websocket proxy feature from openshift/oauth-proxy. Original author: Hiram Chirino <hiram@hiramchirino.com> 2019-03-11 14:05:16 +01:00
dt-rush
549766666e fix redirect url param handling (#10) 
* Added conditional to prevent user-supplied redirect URL getting
clobbered

Change-type: patch

* use redirectURL as OAuthCallbackURL (as it should be!)

Change-type: patch
 2019-03-05 14:58:26 +00:00
David Holsgrove
2280b42f59 Access token forwarding through nginx auth request (#68) 
* Access token forwarding through nginx auth request

Related to #420.

(cherry picked from commit b138872bea)
Signed-off-by: David Holsgrove <david.holsgrove@biarri.com>

* Improved documentation for auth request token

(cherry picked from commit 6fab314f72)
Signed-off-by: David Holsgrove <david.holsgrove@biarri.com>

* Update README.md

Example should set header as `X-Access-Token`

Co-Authored-By: davidholsgrove <davidholsgrove@users.noreply.github.com>

* Update Changelog to reference https://github.com/pusher/oauth2_proxy/pull/68

* Fix Changelog message location
 2019-02-22 07:49:57 +00:00
Joel Speed
fb13ee87c8 Merge pull request #34 from marratj/cookie-separator 
Change cookie index separator to underscore
 2019-02-03 13:21:51 +00:00
Joel Speed
fa2545636b Merge pull request #15 from pusher/whitelist-domains 
Whitelist domains
 2019-02-02 18:55:37 +00:00
Marcel Juhnke
a339baf94e change cookie index separator to underscore 2019-01-31 20:07:28 +01:00
Cosmin Cojocar
3326194422 Extract the application/json mime type into a const 2019-01-31 16:23:01 +01:00