1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-06-15 00:15:00 +02:00
Commit Graph

1068 Commits

Author SHA1 Message Date
e642daef4e Support context in providers (#519)
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-10 13:34:59 +01:00
53d8e99f05 Remove Syscll as a maintainer (#540) 2020-05-10 11:51:15 +01:00
de280824de Drop support for pre v3.1 cookies (#535)
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-10 10:09:53 +01:00
24cdfa68b6 Set up code coverage within Travis for Code Climate (#533)
* Set up code coverage within Travis for Code Climate
* Include CodeClimate badges on ReadMe
2020-05-10 07:29:37 +01:00
be9eaaeb48 Add basic string functions to templates (#514)
* Add basic string functions to templates

Co-authored-by: Oliver <oliver006@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-09 21:05:51 +01:00
9d626265e8 Migrate cookie signing to SHA256 from SHA1 (#524)
Also, cleanup the code & make the specific
hashing algorithm chosen a function variable.

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-09 16:14:19 +01:00
07df29db37 Drop configure script in favour of native Makefile env and checks (#515)
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-05-09 16:07:46 +01:00
9ed5a43516 Use double dashes in docs (#530)
We only supports double dash (`--`) now, so update docs to reflect this.
2020-05-09 15:39:47 +01:00
8d3de2dc75 Tidy changelog and update releases to v5.1.1 (#526) 2020-05-06 19:00:12 +01:00
0d5fa211df Merge pull request from GHSA-j7px-6hwj-hpjg 2020-05-06 12:42:02 +01:00
36da6e2be9 Add Gitea to auth config docs (#510)
* add gitea to auth config docs

* PR feedback

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-05-04 21:59:09 +01:00
f7c050e7ba Switch flags to PFlag to remove StringArray (#487) 2020-05-03 16:55:20 +01:00
eae652d986 Merge pull request #484 from oauth2-proxy/cookie-options-rename
Replace configuration loading with Viper
2020-05-03 12:14:17 +01:00
00fed1a31f Return an error when unknown options are found in the config file 2020-04-29 20:00:16 +01:00
c5be09ca48 Replace options loading with viper 2020-04-29 19:51:24 +01:00
8749cbb424 Add Viper based config loader 2020-04-29 19:51:24 +01:00
e49f8542bc Rename Session Options to improve structure 2020-04-29 19:51:24 +01:00
458710149c Rename Cookie Options to remove extra 'Cookie' 2020-04-29 19:51:24 +01:00
842d764a5f Add code scanning workflow (#507) 2020-04-29 16:29:30 +01:00
e27f7e0bcb typo fixed (#505) 2020-04-28 14:35:42 +01:00
1961424561 Feature/configurable userid claim minimal (#499)
* Add -user-id-claim to support other claims than email

Fix #431 - This is a minimal change to allow the user to configure which claim is
the source of the "user ID".

- Add the option `user-id-claim` (defaults to email)
- OIDC extracts this claim into session.Email (to be renamed later)
- providers: add `CreateSessionStateFromBearerToken` with a default impl taken from
  `GetJwtSession` and overridden by oidc to respect `user-id-claim`

Once #466 is merged, I can continue to rename SessionState.Email to .UserID
and add HTTP headers with a corresponding name.

* Apply suggestions from code review

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Review feedback: Don't extract claims manually

Instead, parse them twice - it might be sligtly slower but less bug-prone as the code evolves.

* Fix indentation

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-04-28 07:46:46 +01:00
4d21b8a04f Make sure websockets respect ssl-upstream-insecure-skip-verify setting. (#494)
* Make sure websockets respect ssl-upstream-insecure-skip-verify setting.

Signed-off-by: Yaroslav Rosomakho <yaroslavros@gmail.com>

* Updated changelog for websockets taking into account ssl-upstream-insecure-skip-verify

Signed-off-by: Yaroslav Rosomakho <yaroslavros@gmail.com>

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
2020-04-19 17:41:29 +01:00
c6294c40a3 Allow the OIDC issuer verification to be skipped if desired. (#467)
* Allow the OIDC issuer verification to be skipped if desired.

* Remove stale warning

* Add CHANGELOG entry

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
Co-authored-by: Dan Bond <pm@danbond.io>
2020-04-19 12:19:21 +01:00
6fa3d6c74c Merge pull request #488 from oauth2-proxy/fix-set-basic-default
Set-Basic-Auth should default to false
2020-04-16 10:27:56 +01:00
5fc6bd0e6f Merge branch 'master' into fix-set-basic-default 2020-04-14 09:37:11 +01:00
dd05e7ff0b Add new linters (#486)
* add new linters and fix issues

* fix deprecated warnings

* simplify return

* update CHANGELOG

* fix staticcheck issues

* remove a deprecated linter, minor fixes of variable initialization
2020-04-14 09:36:44 +01:00
581475feec Set-Basic-Auth should default to false 2020-04-13 14:57:24 +01:00
4341ab4420 Merge pull request #483 from oauth2-proxy/split-warning
Warn users when session cookies are split
2020-04-12 12:36:37 +01:00
fcd52e042e Warn users when session cookies are split 2020-04-12 12:01:38 +01:00
a659b9558e Allow multiple cookie domains to be specified (#412)
* Allow multiple cookie domains to be specified

* Use X-Forwarded-Host, if it exists, when selecting cookie domain

* Perform cookie domain sorting in config validation phase

* Extract get domain cookies to a single function

* Update pkg/cookies/cookies.go

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Update changelog

Co-authored-by: Marcos Lilljedahl <marcosnils@gmail.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-04-12 12:00:44 +01:00
7f72a22227 feature: switch Azure AD graph API to Microsoft Graph API (#440)
* feature: switch Azure AD graph API to Microsoft Graph API

* Update CHANGELOG

* Expand Breaking Changes notice

* Update CHANGELOG.md

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* fix: use constant http method

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-04-12 11:53:30 +01:00
b0b87563dc Add set basic auth param (#413)
* addint redirect capability to sign_out

* updating changelog

* Add a new param to set the Authorization header to up-stream systems as Basic user:password

* Resolving code review

* mutual exclusiv changes for Basic and Bearer Authorization header

* Fixed the merge mixup and comment error

* Updated changelog and fixed typo

* Adding the new entry in changelog

Co-authored-by: Costel Moraru <costel.moraru-germany@ibm.com>
2020-04-10 14:41:28 +01:00
7efc162aaa Prevent browser caching during auth flow (#453)
* Prevent browser caching during auth flow

* simplify no-cache logic, add tests and update changelog

* checking noCacheHeaders does not exists in response headers from upstream

* remove unnecessary codes

* add no-cache headers in SignInPage and OAuthStart for proxy mode

https://github.com/oauth2-proxy/oauth2-proxy/pull/453#discussion_r405072222
2020-04-09 15:39:07 +01:00
7c3efe4f42 Update okta doc (#481)
* updated Okta docs and added localhost example

* add changelog entry

* added pull request # to changelog

Co-authored-by: tbox <tbox@redhat.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-04-08 21:28:00 +01:00
f9f98cb3a7 print full error message when non-api error (#474)
when type asserting fails here, err is reassigned with nil and the
default block of the switch prints out <nil> in the error message. This
makes debugging a configuration or access token issue difficult

The particular error this surfaces is:

Response: {
  "error": "unauthorized_client",
  "error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."
}

Signed-off-by: Josh Bielick <jbielick@gmail.com>
2020-04-06 09:27:24 +01:00
c7bfbdecef Implement graceful shutdown and propagate request context (#468)
* feature: Implement graceful shutdown

Propagate the request context to the Redis client.
It is possible to propagate a context cancel to Redis client if the connection is closed by the HTTP client.
The redis.Cmdable cannot use WithContext, so added the Client interface to handle redis.Client and redis.ClusterClient transparently.

Added handling of Unix signals to http server.

Upgrade go-redis/redis to v7.

* Update dependencies

- Upgrade golang/x/* and google-api-go
- Migrate fsnotify import from gopkg.in to github.com
- Replace bmizerany/assert with stretchr/testify/assert

* add doc for  wrapper interface

* Update CHANGELOG.md

* fix: upgrade fsnotify to v1.4.9

* fix: remove unnessary logging

* fix: wait until  all connections have been closed

* refactor: move chan to main for testing

* add assert to check if stop chan is empty

* add an idiomatic for sync.WaitGroup with timeout
2020-04-04 16:12:38 +01:00
bdc686103e Allow html in banner message (#462)
* allow html in banner message

* Fix changelog (move under new version)
2020-04-04 15:01:11 +01:00
3f7837b955 Add logging in case of invalid redirects (#471)
* Add logging in case of invalid redirects

* update changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-04-02 09:51:38 +01:00
eb31850470 clarify the nginx auth_request_set/set problem with proxy_pass (#454)
* clarify the nginx auth_request_set/set problem with proxy_pass

* reworded/extended as result of review
2020-04-01 20:06:33 +01:00
c02d560bf4 Merge pull request #432 from oauth2-proxy/update-deps
Update ruby dependencies for documentation
2020-03-29 17:41:58 +01:00
8641bc4738 Update docs deps 2020-03-29 17:34:17 +01:00
c0fb7e81fc Merge pull request #464 from oauth2-proxy/migration
Migrate to oauth2-proxy/oauth2-proxy
2020-03-29 16:32:39 +01:00
f832eb1446 Update changelog and readme to reflect migration 2020-03-29 16:24:41 +01:00
802754caad Migrate to oauth2-proxy/oauth2-proxy 2020-03-29 15:40:10 +01:00
4cdedc8f50 Merge pull request #463 from pusher/release-5.1.0
Update Changelog for Release 5.1.0
v5.1.0
2020-03-29 13:41:30 +01:00
9dcd8255bf Update CHANGELOG for v5.1.0 release 2020-03-29 13:19:38 +01:00
8d69d55de4 Update Go and GolangCI-Lint 2020-03-29 13:17:54 +01:00
362cdf7713 Fix http.Cookie SameSite is not copied. (#450)
* fix: http.Cookie SameSite is not copied.

* Update CHANGELOG.md
2020-03-17 18:48:52 +00:00
3108f765a5 Fix #381, expose acr_values to all providers (#445) 2020-03-17 17:57:33 +00:00
4eef21cf3d Bitbucket Auth Provider docs (#447)
* Bitbucket Auth Provider docs

* Typo fixed
2020-03-16 11:39:12 +00:00