1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Commit Graph

268 Commits

Author SHA1 Message Date
Nick Meves
d91c3f867d Remove validation for invalid legacy v6.0.0 sessions
The reflect.DeepCopy doesn't play nice with the new Lock and Clock
fields in sessions. And it added unneeded session deserialization
logic to every request.
2021-06-22 17:04:42 -07:00
Nick Meves
593125152d Standarize provider refresh implemention & logging 2021-06-22 17:04:30 -07:00
Nick Meves
7fa6d2d024 Manage session time fields centrally 2021-06-21 21:54:52 -07:00
Nick Meves
7e80e5596b RefreshSessions immediately when called 2021-06-21 21:54:52 -07:00
Joel Speed
bd2fa9d7d8
Add tests for split host port 2021-06-19 11:24:29 +01:00
Joel Speed
e1764d4221
Create AppDirector for getting the application redirect URL 2021-06-19 11:23:32 +01:00
Joel Speed
e7f304fc96
Create redirect validator 2021-06-19 11:23:31 +01:00
Sami Racho
a14c0c2121 Added ADFS Provider 2021-06-13 10:19:56 +02:00
Rishi Kambil
41cd418a5d
Fix - Refresh Session not working for multiple cookies (#1209) (#1227)
* Fix - Refresh Session not working for multiple cookies (#1209)

* added comments for flattenheaders fix

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Updated Changelog.md

Co-authored-by: Rishi Kambil <rishi.kambil@lntinfotech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-09 10:22:33 +01:00
Frederic Pape
cfd82daaf0
Some typos (#1222)
* Some typos

* Also corrected the typo's in the src code

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-02 19:41:30 +01:00
Kevin Kreitner
f648c54d87
Add redis lock feature (#1063)
* Add sensible logging flag to default setup for logger

* Add Redis lock

* Fix default value flag for sensitive logging

* Split RefreshSessionIfNeeded in two methods and use Redis lock

* Small adjustments to doc and code

* Remove sensible logging

* Fix method names in ticket.go

* Revert "Fix method names in ticket.go"

This reverts commit 408ba1a1a5.

* Fix methods name in ticket.go

* Remove block in Redis client get

* Increase lock time to 1 second

* Perform retries, if session store is locked

* Reverse if condition, because it should return if session does not have to be refreshed

* Update go.sum

* Update MockStore

* Return error if loading session fails

* Fix and update tests

* Change validSession to session in docs and strings

* Change validSession to session in docs and strings

* Fix docs

* Fix wrong field name

* Fix linting

* Fix imports for linting

* Revert changes except from locking functionality

* Add lock feature on session state

* Update from master

* Remove errors package, because it is not used

* Only pass context instead of request to lock

* Use lock key

* By default use NoOpLock

* Remove debug output

* Update ticket_test.go

* Map internal error to sessions error

* Add ErrLockNotObtained

* Enable lock peek for all redis clients

* Use lock key prefix consistent

* Fix imports

* Use exists method for peek lock

* Fix imports

* Fix imports

* Fix imports

* Remove own Dockerfile

* Fix imports

* Fix tests for ticket and session store

* Fix session store test

* Update pkg/apis/sessions/interfaces.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Do not wrap lock method

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Use errors package for lock constants

* Use better naming for initLock function

* Add comments

* Add session store lock test

* Fix tests

* Fix tests

* Fix tests

* Fix tests

* Add cookies after saving session

* Add mock lock

* Fix imports for mock_lock.go

* Store mock lock for key

* Apply elapsed time on mock lock

* Check if lock is initially applied

* Reuse existing lock

* Test all lock methods

* Update CHANGELOG.md

* Use redis client methods in redis.lock for release an refresh

* Use lock key suffix instead of prefix for lock key

* Add comments for Lock interface

* Update comment for Lock interface

* Update CHANGELOG.md

* Change LockSuffix to const

* Check lock on already loaded session

* Use global var for loadedSession in lock tests

* Use lock instance for refreshing and releasing of lock

* Update possible error type for Refresh

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-02 19:08:19 +01:00
Tarvi Pillessaar
818938add2
Fix URI fragment handling
Fixes #1205
2021-05-24 10:17:46 +03:00
Joel Speed
befcdd9d04
Add pagewriter to upstream proxy 2021-05-10 11:14:05 +01:00
Itay Brandes
095e1db801 fix: SHOW_DEBUG_ON_ERROR environment variable not working
(Fixes #1178)
2021-05-04 19:17:30 +03:00
Nick Meves
544ba2a21c
Fix Metrics cfg option naming typo 2021-04-23 13:24:28 -07:00
Nick Meves
7eeaea0b3f
Support nonce checks in OIDC Provider (#967)
* Set and verify a nonce with OIDC

* Create a CSRF object to manage nonces & cookies

* Add missing generic cookie unit tests

* Add config flag to control OIDC SkipNonce

* Send hashed nonces in authentication requests

* Encrypt the CSRF cookie

* Add clarity to naming & add more helper methods

* Make CSRF an interface and keep underlying nonces private

* Add ReverseProxy scope to cookie tests

* Align to new 1.16 SameSite cookie default

* Perform SecretBytes conversion on CSRF cookie crypto

* Make state encoding signatures consistent

* Mock time in CSRF struct via Clock

* Improve InsecureSkipNonce docstring
2021-04-21 10:33:27 +01:00
Nick Meves
d3423408c7
Add a clock package for better time mocking (#1136)
* Add a clock package for better time mocking

* Make Clock a struct so it doesn't need initialization

* Test clock package

* Use atomic for live time tests

* Refer to same clock.Mock throughout methods
2021-04-18 18:25:57 +01:00
yanasega
42475c28f7
Multiple providers in alpha config (#947)
* Initial commit of multiple provider logic:
1. Created new provider options.
2. Created legacy provider options and conversion options.
3. Added Providers to alpha Options.
4. Started Validation migration of multiple providers
5. Tests.

* fixed lint issues

* additional lint fixes

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* fixed typo

* removed weird : file

* small CR changes

* Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG

* Update pkg/apis/options/providers.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/apis/options/providers.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/apis/options/providers.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Initial commit of multiple provider logic:
1. Created new provider options.
2. Created legacy provider options and conversion options.
3. Added Providers to alpha Options.
4. Started Validation migration of multiple providers
5. Tests.

* fixed lint issues

* additional lint fixes

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* small CR changes

* auto generates alpha_config.md

* rebase (mainly service alpha options related conflicts)

* removed :

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* small CR changes

* Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG

* "cntd. rebase"

* ran make generate again

* last conflicts

* removed duplicate client id validation

* 1. Removed provider prefixes
2. altered optionsWithNilProvider logic
3. altered default provider logic
4. moved change in CHANELOG to 7.0.0

* fixed TestGoogleGroupOptions test

* ran make generate

* moved CHANGLOG line to 7.1.1

* moved changelog comment to 7.1.2 (additional rebase)

Co-authored-by: Yana Segal <yana.segal@nielsen.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 17:06:30 +01:00
Oliver
7ebeecb128
Fix metrics server (#1141)
* fix MetricsSecureAddress cfg tag

* add metrics* flags to docs

* update CHANGELOG
2021-04-01 13:58:13 +01:00
Joel Speed
64f0a9f580
Reinstate preferEmailToUser behaviour for basic auth sessions 2021-03-22 13:13:26 +00:00
Joel Speed
92ae5d9d24
Remove duplication in proxy directors 2021-03-22 13:07:41 +00:00
Joel Speed
025ef3eca4
Fix upstream proxy appending ? to requests 2021-03-22 13:07:36 +00:00
Joel Speed
6c6fd4f862
Create seperate page getter 2021-03-21 18:34:43 +00:00
Joel Speed
9782fc7fa4
Add static pages to PageWriter interface 2021-03-21 18:28:37 +00:00
Nick Meves
c1267bb92d
Request ID Logging (#1087)
* Add RequestID to the RequestScope

* Expose RequestID to auth & request loggers

* Use the RequestID in templated HTML pages

* Allow customizing the RequestID header

* Document new Request ID support

* Add more cases to scope/requestID tests

* Split Get vs Generate RequestID funtionality

* Add {{.RequestID}} to the request logger tests

* Move RequestID management to RequestScope

* Use HTML escape instead of sanitization for Request ID rendering
2021-03-21 18:20:57 +00:00
Nick Meves
4d9de06b1d
Deprecate GAP-Signature and add a warning on usage (#1103) 2021-03-14 09:47:44 -07:00
Joel Speed
9dbd5f5afd
Ensure redirect URI always has a scheme 2021-03-14 10:16:29 +00:00
Joel Speed
f4b3115dd3
Add complete metrics server configuration 2021-03-07 11:49:12 +00:00
Joel Speed
2c54ee703f
Add server group implementation for running multiple servers at once 2021-03-07 11:49:10 +00:00
Joel Speed
d8aca8ac30
Add new http server implementation 2021-03-07 11:49:09 +00:00
Joel Speed
3d457a8cdf
Create server options struct and move legacy server options to legacyOptions 2021-03-07 11:49:08 +00:00
Nick Meves
602dac7852
Move Logging to Middleware Package (#1070)
* Use a specialized ResponseWriter in middleware

* Track User & Upstream in RequestScope

* Wrap responses in our custom ResponseWriter

* Add tests for logging middleware

* Inject upstream metadata into request scope

* Use custom ResponseWriter only in logging middleware

* Assume RequestScope is never nil
2021-03-06 17:27:16 +00:00
Stefan Sedich
220b3708fc
Add support for setting groups on session when using basic auth (#1064)
* Add support for setting groups on session when using basic auth

* Refactoring based on feedback

* Attribution
2021-02-25 13:02:23 -08:00
Joel Speed
23e545a639
Add option for custom logos on the sign in page 2021-02-19 13:23:55 +00:00
Joel Speed
756d385154
Extract templates to separate files
This allows our users to easily copy the base templates should they wish 
to make changes to them
2021-02-19 11:30:59 +00:00
Joel Speed
5fe947eb07
Update go version to 1.16
This includes a fix for our samesite cookie parsing. The behaviour
changed in 1.16 so that the default value now leaves it empty, so it's
equivalent to not setting it (as per spec)
2021-02-19 11:30:58 +00:00
Joel Speed
9cea4ea89b
Update golangci-lint version in CI workflow 2021-02-17 20:25:37 +00:00
Sean Jones
a7c8a233ba
Add Prometheus metrics endpoint
Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics"
by default). This allows Prometheus to scrape metrics from OAuth2 Proxy.

Add a new middleware NewRequestMetrics and attach it to the preAuth
chain. This will collect metrics on all requests made to OAuth2 Proxy

Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are
equivalent. main() has a strict 50 lines limit so brevity in these
calls appreciated
2021-02-15 13:45:26 +00:00
Joel Speed
225ff478a1
Move all pagewriter related code to dedicated pagewriter package 2021-02-14 10:21:13 +00:00
Joel Speed
e8e2af73df
Wrap templates and page rendering in PageWriter interface 2021-02-14 10:20:26 +00:00
Joel Speed
dba6989054
Move SignIn page rendering to app pkg 2021-02-13 11:35:38 +00:00
Joel Speed
6ecbc7bc4e
Allow users to choose detailed error messages on error pages 2021-02-12 21:12:28 +00:00
Joel Speed
a63ed0225c
Use ErrorPage to render proxy error page 2021-02-12 21:12:27 +00:00
Joel Speed
ef457b1765
Move Error page rendering to app package 2021-02-12 21:12:05 +00:00
Joel Speed
0151ca11f6
Move template loading to app package 2021-02-12 16:55:52 +00:00
Joel Speed
84f76c6060
Move template options to their own struct 2021-02-12 16:55:51 +00:00
Joel Speed
b6cca79cb9
Ensure errors in tests are logged to the GinkgoWriter 2021-02-10 19:50:04 +00:00
Nick Meves
c3f31b4dd5
Flatten array-based response headers 2021-02-03 16:48:26 -08:00
Lida Li
b541805dc1
Use comma separated multiple values for header (#799)
* Use comma separated value for multiple claims

* Fix lint error

* Fix more tests

* Fix one more test

* Always flatten the headers

* Ensure we test the real multi-groups

* Only update map when necessary

* Update CHANGELOG

* Move to the right location of change log

* Fix blank line
2021-01-22 08:48:34 +00:00
Joel Speed
5c64e236fb
Generate reference page in configuration 2021-01-18 09:57:44 +00:00