1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-23 00:40:46 +02:00
Commit Graph

1629 Commits

Author SHA1 Message Date
d9e0933e54 Move validateSession back into refreshSessionIfNeeded 2021-12-03 23:06:46 +00:00
ad8ce2f6a4 Add concurrent requests tests 2021-12-03 23:06:45 +00:00
c5ea345daf Add tests, which consider session lock 2021-12-03 23:06:44 +00:00
fca2d76f33 Fix tests for stored_session.go in middleware 2021-12-03 23:06:43 +00:00
d8663a19a9 Remove unnecessary log output 2021-12-03 23:06:42 +00:00
a8de9862cd Update logger message 2021-12-03 23:06:41 +00:00
88ab07930e Update update session from store 2021-12-03 23:06:41 +00:00
ccd7a91b2b Add more specific error when updating from store 2021-12-03 23:06:40 +00:00
c6d8cd1ea4 Remove one return statement in getValidatedSession 2021-12-03 23:06:39 +00:00
86ba2f41ce Refactor StoredSessionHandler 2021-12-03 23:06:38 +00:00
518e619289 Move session locking to refreshSessionIfNeeded method 2021-12-03 23:06:37 +00:00
76e3cb3e9a Use const for delay and expire time 2021-12-03 23:06:36 +00:00
0f545e14d4 Lock session state when refreshing 2021-12-03 23:06:35 +00:00
58b9f0633a Remove sensitive logging changes 2021-12-03 23:06:34 +00:00
a4ad6bccfb Fix default value flag for sensitive logging 2021-12-03 23:06:33 +00:00
6b50a55668 Add sensible logging flag to default setup for logger 2021-12-03 23:06:30 +00:00
1b335a056d Merge pull request #1447 from oauth2-proxy/docker-fixes
Fix docker build/push issues found during last release
2021-11-24 17:31:20 +00:00
ceb015ee22 Update changelog for docker fixes 2021-11-24 17:20:25 +00:00
8dea8134eb Drop old makefiles in favour of buildx 2021-11-24 17:20:23 +00:00
60b6dd850a Fix docker build and push for all platforms 2021-11-24 17:20:22 +00:00
6e54ac2745 Update LinkedIn provider validate URL (#1444)
* update LinkedIn validate URL

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update changelog

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update failed unit test

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>
2021-11-19 21:36:33 +00:00
0693856bc3 Explicitly state precedence of config sources in docs (#1439)
I was recently looking into the order in which oauth2-proxy evaluates it configuration options from the various sources.
I think this will also be helpful for other users.
Since oauth2-proxy is using viper, the order of configuration sources is as follows [1]:
> Viper uses the following precedence order. Each item takes precedence over the item below it:
>
>    explicit call to Set
>    flag
>    env
>    config
>    key/value store
>    default

[1] https://github.com/spf13/viper/blob/master/README.md#why-viper

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-11-15 09:24:04 +00:00
7ed4e3c830 Fix docker container multi arch build issue by passing GOARCH details to make build (#1445)
* pass GOARCH details to make process

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>

* update changelog

Signed-off-by: Jeeva Kandasamy <jkandasa@gmail.com>
2021-11-12 21:42:46 +00:00
2c668a52d4 Let authentication fail when session validation fails (fixes #1396) (#1433)
* Error page for session validation failure

* Fix existing tests

* Add test-case for session validation failure

* Simplify test

* Add changelog entry for PR

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-11-12 18:36:29 +00:00
9caf8c7040 Merge pull request #1419 from jangaraj/patch-1
Keycloak OIDC config improvement
2021-11-12 18:25:04 +00:00
1e761bf8fd Keycloak OIDC config improvement 2021-10-25 10:01:35 +01:00
6c379f74db Merge pull request #1412 from oauth2-proxy/release-7.2.0
Release 7.2.0
v7.2.0
2021-10-22 18:19:35 +01:00
4ee3f13c46 Create versioned docs for release v7.2.x
Created with: yarn run docusaurus docs:version 7.2.x
2021-10-22 18:11:28 +01:00
976dc35805 Update CHANGELOG for v7.2.0 release 2021-10-22 18:11:26 +01:00
d82c268696 Merge pull request #1403 from openstandia/fix-redis-tls
Improve TLS handling for Redis to support non-standalone mode with TLS
2021-10-19 13:30:53 +01:00
7eb3a4fbd5 Improve TLS handling for Redis to support non-standalone mode with TLS 2021-10-19 20:04:49 +09:00
b49e62f9b2 Initalize TLS.Config when connecting to Redis with TLS (#1296)
* init TLS.Config when connecting to Redis with TLS

* don't overwrite TLS config if it exists

* add tests for Redis with TLS

* remove hardcoded certs

* add GenerateCert func

* use GenerateCert util func

* fix issue reported by go fmt

* limit return statements in GenerateCert
2021-10-19 09:17:42 +01:00
ea261ca014 fix arg typo in traefik example (#1410)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-10-18 19:01:40 +01:00
543a71efad Merge pull request #1411 from oauth2-proxy/fix-exclude-logging-doc
Fix exclude-logging-path documentation
2021-10-18 18:42:18 +01:00
bdab6feb0c Fix exclude-logging-path documentation 2021-10-18 18:36:56 +01:00
85c02821bf Merge pull request #1391 from oauth2-proxy/docker-buildx-selection
Improve build times by sharing cache and allowing platform selection
2021-10-18 18:36:19 +01:00
2ce93b6b31 Improve build times by sharing cache and allowing platform selection 2021-10-18 18:19:40 +01:00
9d8093f470 Merge pull request #1404 from oauth2-proxy/improve-no-auth-error
Improve error message when no cookie is found
2021-10-18 18:16:40 +01:00
d8deaa124b Improve error message when no cookie is found 2021-10-13 19:08:11 +01:00
6cc7da8993 Merge pull request #1375 from bancek/feature-force-json-errors
Add --force-json-errors flag
2021-10-13 17:09:08 +01:00
d3e036d619 Add force-json-errors flag 2021-10-05 11:24:47 +02:00
fd5e23e1c5 linkedidn: Update provider to v2 (#1315)
* linkedin: Update provider to v2

* changelog: Add change
2021-10-04 15:58:25 +01:00
3957183fd5 Use the httputil.NewSingleHostReverseProxy instead of yhat/wsutil for … (#1348)
* Use the httputil.NewSingleHostReverseProxy instad of yhat/wsutil for websocket proxying. This correctly handles 404 responses with keep-alive by terminating the tunnel rather than keeping it alive

* Tidy up dependencies - yhat/wsutil is no longer required

* Update changelog to include reference to 1348

Co-authored-by: Matt Lilley <matt.lilley@securitease.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-10-03 15:38:40 +01:00
a87c27b6bf Merge pull request #1379 from janrotter/fix-htpasswd-user-group
Store groups from the htpasswd-user-group in the session during the manual sign in process
2021-09-28 11:09:29 +01:00
b0ab60b0b8 Merge branch 'master' into fix-htpasswd-user-group 2021-09-28 10:18:09 +01:00
044b022608 Merge pull request #1381 from matt-cote/keycloak-provider-documentation
Fix formatting of Keycloak provider documentation
2021-09-28 10:15:03 +01:00
6ced2e5ad4 Fix formatting of Keycloak provider documentation 2021-09-27 14:37:19 -04:00
826ebc230a Add changelog entry 2021-09-26 23:47:28 +02:00
81cfd24962 Store the group membership in the session
This change puts the groups from the htpasswd-user-group in the
session during the manual sign in process. This fixes the issue
with being unable to properly authenticate using the manual
sign in form when certain group membership is required (e.g. when
the --gitlab-group option is used).
2021-09-26 23:07:10 +02:00
e25158dda6 Add a test for htpasswd-user-groups in the session
The groups configured in the `htpasswd-user-group` are not
stored in the session, resulting in unauthorized errors when
group membership is required. Please see:
https://gist.github.com/janrotter/b3d806a59292f07fe83bc52c061226e0
for instructions on reproducing the issue.
2021-09-26 23:07:10 +02:00