1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-12-10 11:10:27 +02:00
Commit Graph

1514 Commits

Author SHA1 Message Date
Kevin Kreitner
f648c54d87
Add redis lock feature (#1063)
* Add sensible logging flag to default setup for logger

* Add Redis lock

* Fix default value flag for sensitive logging

* Split RefreshSessionIfNeeded in two methods and use Redis lock

* Small adjustments to doc and code

* Remove sensible logging

* Fix method names in ticket.go

* Revert "Fix method names in ticket.go"

This reverts commit 408ba1a1a5.

* Fix methods name in ticket.go

* Remove block in Redis client get

* Increase lock time to 1 second

* Perform retries, if session store is locked

* Reverse if condition, because it should return if session does not have to be refreshed

* Update go.sum

* Update MockStore

* Return error if loading session fails

* Fix and update tests

* Change validSession to session in docs and strings

* Change validSession to session in docs and strings

* Fix docs

* Fix wrong field name

* Fix linting

* Fix imports for linting

* Revert changes except from locking functionality

* Add lock feature on session state

* Update from master

* Remove errors package, because it is not used

* Only pass context instead of request to lock

* Use lock key

* By default use NoOpLock

* Remove debug output

* Update ticket_test.go

* Map internal error to sessions error

* Add ErrLockNotObtained

* Enable lock peek for all redis clients

* Use lock key prefix consistent

* Fix imports

* Use exists method for peek lock

* Fix imports

* Fix imports

* Fix imports

* Remove own Dockerfile

* Fix imports

* Fix tests for ticket and session store

* Fix session store test

* Update pkg/apis/sessions/interfaces.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Do not wrap lock method

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Use errors package for lock constants

* Use better naming for initLock function

* Add comments

* Add session store lock test

* Fix tests

* Fix tests

* Fix tests

* Fix tests

* Add cookies after saving session

* Add mock lock

* Fix imports for mock_lock.go

* Store mock lock for key

* Apply elapsed time on mock lock

* Check if lock is initially applied

* Reuse existing lock

* Test all lock methods

* Update CHANGELOG.md

* Use redis client methods in redis.lock for release an refresh

* Use lock key suffix instead of prefix for lock key

* Add comments for Lock interface

* Update comment for Lock interface

* Update CHANGELOG.md

* Change LockSuffix to const

* Check lock on already loaded session

* Use global var for loadedSession in lock tests

* Use lock instance for refreshing and releasing of lock

* Update possible error type for Refresh

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-02 19:08:19 +01:00
Joel Speed
67bfa4b43f
Merge pull request #1207 from tarvip/sign-in-fragment-fix
Fix URI fragment handling
2021-05-24 10:33:55 +01:00
Tarvi Pillessaar
818938add2
Fix URI fragment handling
Fixes #1205
2021-05-24 10:17:46 +03:00
Joel Speed
823cb14d01
Merge pull request #1108 from oauth2-proxy/secret-gen
Add alternative ways to generate cookie secrets to docs
2021-05-23 20:21:56 +01:00
Joel Speed
a0e2f785f3
Add alternative ways to generate cookie secrets to docs 2021-05-23 20:12:08 +01:00
Joel Speed
06808704a3
Merge pull request #1142 from oauth2-proxy/writer-funcs
Add pagewriter to upstream proxy
2021-05-10 11:25:07 +01:00
Joel Speed
befcdd9d04
Add pagewriter to upstream proxy 2021-05-10 11:14:05 +01:00
Joel Speed
725ae543d5
Merge pull request #1181 from iTaybb/master
fix: SHOW_DEBUG_ON_ERROR environment variable not working
2021-05-05 10:18:09 +01:00
Itay Brandes
095e1db801 fix: SHOW_DEBUG_ON_ERROR environment variable not working
(Fixes #1178)
2021-05-04 19:17:30 +03:00
Joel Speed
88122f641d
Merge pull request #1171 from oauth2-proxy/release-v7.1.3
Update Changelog for release v7.1.3
2021-04-28 17:48:00 +01:00
Nick Meves
2dd4a9647a
Update Changelog for release v7.1.3 2021-04-28 09:41:18 -07:00
Weinong Wang
f9de0e840c
add oidc issuer to Azure auth provider doc (#1135)
* add oidc issuer to Azure auth provider doc

* updated versioned doc
2021-04-27 18:59:02 +01:00
Nick Meves
d6de11aa98
Merge pull request #1168 from oauth2-proxy/metrics-tls-flag-fix
Fix Metrics cfg option naming typo
2021-04-27 10:15:46 -07:00
Nick Meves
544ba2a21c
Fix Metrics cfg option naming typo 2021-04-23 13:24:28 -07:00
Nick Meves
7eeaea0b3f
Support nonce checks in OIDC Provider (#967)
* Set and verify a nonce with OIDC

* Create a CSRF object to manage nonces & cookies

* Add missing generic cookie unit tests

* Add config flag to control OIDC SkipNonce

* Send hashed nonces in authentication requests

* Encrypt the CSRF cookie

* Add clarity to naming & add more helper methods

* Make CSRF an interface and keep underlying nonces private

* Add ReverseProxy scope to cookie tests

* Align to new 1.16 SameSite cookie default

* Perform SecretBytes conversion on CSRF cookie crypto

* Make state encoding signatures consistent

* Mock time in CSRF struct via Clock

* Improve InsecureSkipNonce docstring
2021-04-21 10:33:27 +01:00
Nick Meves
d3423408c7
Add a clock package for better time mocking (#1136)
* Add a clock package for better time mocking

* Make Clock a struct so it doesn't need initialization

* Test clock package

* Use atomic for live time tests

* Refer to same clock.Mock throughout methods
2021-04-18 18:25:57 +01:00
yanasega
42475c28f7
Multiple providers in alpha config (#947)
* Initial commit of multiple provider logic:
1. Created new provider options.
2. Created legacy provider options and conversion options.
3. Added Providers to alpha Options.
4. Started Validation migration of multiple providers
5. Tests.

* fixed lint issues

* additional lint fixes

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* fixed typo

* removed weird : file

* small CR changes

* Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG

* Update pkg/apis/options/providers.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/apis/options/providers.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/apis/options/providers.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Initial commit of multiple provider logic:
1. Created new provider options.
2. Created legacy provider options and conversion options.
3. Added Providers to alpha Options.
4. Started Validation migration of multiple providers
5. Tests.

* fixed lint issues

* additional lint fixes

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* small CR changes

* auto generates alpha_config.md

* rebase (mainly service alpha options related conflicts)

* removed :

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* small CR changes

* Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG

* "cntd. rebase"

* ran make generate again

* last conflicts

* removed duplicate client id validation

* 1. Removed provider prefixes
2. altered optionsWithNilProvider logic
3. altered default provider logic
4. moved change in CHANELOG to 7.0.0

* fixed TestGoogleGroupOptions test

* ran make generate

* moved CHANGLOG line to 7.1.1

* moved changelog comment to 7.1.2 (additional rebase)

Co-authored-by: Yana Segal <yana.segal@nielsen.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 17:06:30 +01:00
Joel Speed
9d20b4e0e2
Merge pull request #1145 from oauth2-proxy/release-v7.1.2
Update Changelog for release v7.1.2
2021-04-02 11:34:59 +01:00
Joel Speed
fbe5743dd4
Update Changelog for release v7.1.2 2021-04-01 19:07:22 +01:00
Oliver
7ebeecb128
Fix metrics server (#1141)
* fix MetricsSecureAddress cfg tag

* add metrics* flags to docs

* update CHANGELOG
2021-04-01 13:58:13 +01:00
Ian Roberts
3fc194ee72
Minor change to the Dockerfile to improve build speed (#1139)
"go mod download" does not depend on the VERSION env var, so moving the ARG directive after the RUN will allow better use of the Docker build cache - subsequent builds on the same machine need only re-run the "go mod download" if go.mod or go.sum has changed, rather than re-running it any time the VERSION value passed from the Makefile has changed

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-03-29 19:08:40 +01:00
Joel Speed
3315e5d4b8
Merge pull request #1127 from oauth2-proxy/remove-unused-fields
Remove unused fields from OAuthProxy
2021-03-29 19:03:33 +01:00
Joel Speed
c0654e3d9f
Remove unused fields from OAuthProxy 2021-03-29 18:26:48 +01:00
Joel Speed
8c25f5be0b
Merge pull request #1129 from oauth2-proxy/redirect-test-ginkgo
Rewrite OpenRedirect tests in ginkgo
2021-03-29 18:25:21 +01:00
Joel Speed
8c91adcaf0
Rewrite OpenRedirect tests in ginkgo 2021-03-29 18:09:58 +01:00
Joel Speed
4daa66e1c9
Merge pull request #1138 from oauth2-proxy/release-7.1.1
Prepare for release v7.1.1
2021-03-29 16:57:39 +01:00
Joel Speed
46c3296330
Prepare for release v7.1.1 2021-03-28 19:25:46 +01:00
Joel Speed
5497310673
Merge pull request #1133 from oauth2-proxy/fix-metrics-server
Metrics server should be constructed with secure bind address for TLS
2021-03-26 14:36:15 +00:00
Joel Speed
17009d8363
Metrics server should be constructed with secure bind address for TLS 2021-03-26 09:58:39 +00:00
Joel Speed
d64d717e63
Merge pull request #1130 from oauth2-proxy/fix-gitlab-cve-test
Fix GitLab CVE test case
2021-03-25 17:33:57 +00:00
Nick Meves
05c3fa7601
Fix GitLab CVE test case 2021-03-25 10:29:17 -07:00
Joel Speed
333418983c
Merge pull request #1119 from oauth2-proxy/release-7.1.0
Prepare for release v7.1.0
2021-03-25 17:24:36 +00:00
Joel Speed
f86e25aec2
Created versioned docs for v7.1.x
Created with: yarn run docusaurus docs:version 7.0.x
2021-03-25 17:21:08 +00:00
Joel Speed
b0949a4efb
Update changelog for v7.1.0 release 2021-03-25 17:21:08 +00:00
Nick Meves
0279fa7dff
Merge pull request from GHSA-652x-m2gr-hppm
* Populate session Groups from userinfo response

* Fix: gitlab tests

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
2021-03-25 17:20:45 +00:00
Piers Harding
73d9f3809e
Panic with GitLab project repository auth (#1113)
* panic with GitLab project repository auth

* /api/v4/projects/:id can return nil permissions

Signed-off-by: Piers Harding <piers@ompka.net>

* Add GitLab test for group no access

Signed-off-by: Piers Harding <piers@ompka.net>
2021-03-25 08:48:20 -07:00
Frédéric Collonval
5788bebfee
Add example local environment with traefik (#1091)
* Add example with traefik and keycloak

* Switch to dex

* Remove unneeded change in keycloak settings

* Taken into account review comments

* Add changelog entry

Co-authored-by: Frédéric Collonval <frederic.collonval@ariadnext.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-03-22 13:55:25 +00:00
Joel Speed
7262945c6a
Merge pull request #1116 from oauth2-proxy/basic-prefer-email
Reinstate preferEmailToUser behaviour for basic auth sessions
2021-03-22 13:22:45 +00:00
Joel Speed
64f0a9f580
Reinstate preferEmailToUser behaviour for basic auth sessions 2021-03-22 13:13:26 +00:00
Joel Speed
b82182763e
Merge pull request #1115 from oauth2-proxy/remove-force-query
Fix upstream proxy appending `?` to requests
2021-03-22 13:12:35 +00:00
Joel Speed
92ae5d9d24
Remove duplication in proxy directors 2021-03-22 13:07:41 +00:00
Joel Speed
025ef3eca4
Fix upstream proxy appending ? to requests 2021-03-22 13:07:36 +00:00
Joel Speed
f0963b3444
Merge pull request #1117 from oauth2-proxy/deprecate-gcp-healthcheck
Deprecate GCP HealthCheck option
2021-03-21 20:13:19 +00:00
Joel Speed
2e5b229637
Deprecate GCP HealthCheck option 2021-03-21 20:05:13 +00:00
Joel Speed
455d649165
Merge pull request #1104 from oauth2-proxy/robots-page
Allow custom robots text pages
2021-03-21 20:02:57 +00:00
Joel Speed
0615a6a663
Add changelog entry for robots page customisation 2021-03-21 18:34:44 +00:00
Joel Speed
6c6fd4f862
Create seperate page getter 2021-03-21 18:34:43 +00:00
Joel Speed
f3bd61b371
Use pagewriter to render robots txt page 2021-03-21 18:34:42 +00:00
Joel Speed
9782fc7fa4
Add static pages to PageWriter interface 2021-03-21 18:28:37 +00:00
Nick Meves
c1267bb92d
Request ID Logging (#1087)
* Add RequestID to the RequestScope

* Expose RequestID to auth & request loggers

* Use the RequestID in templated HTML pages

* Allow customizing the RequestID header

* Document new Request ID support

* Add more cases to scope/requestID tests

* Split Get vs Generate RequestID funtionality

* Add {{.RequestID}} to the request logger tests

* Move RequestID management to RequestScope

* Use HTML escape instead of sanitization for Request ID rendering
2021-03-21 18:20:57 +00:00