go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-07-17 01:52:30 +02:00
Code Issues Releases Activity
1,593 Commits 19 Branches 38 Tags
f691252ca8482aff202a5b9ed98a3638eef2b46c
Commit Graph

1593 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Meves
6fb3274ca3 Refactor organization of scope aware request utils 
Reorganized the structure of the Request Utils due to their widespread use
resulting in circular imports issues (mostly because of middleware & logger).
 2021-01-16 13:55:48 -08:00
Nick Meves
b625de9490 Track the ReverseProxy option in the request Scope 
This allows for proper handling of reverse proxy based headers throughout
the lifecycle of a request.
 2021-01-16 13:55:48 -08:00
Nick Meves
8e02fac2cc Merge pull request #995 from oauth2-proxy/security 
Add Security Policy
 2021-01-16 13:54:07 -08:00
Joel Speed
e50e6ed373 Add Security Policy 2021-01-16 19:47:47 +00:00
Nick Meves
a0d37518e0 Merge pull request #989 from rassie/master 
Adapt isAjax to support mimetype lists
 2021-01-12 15:28:07 -08:00
Nikolai Prokoschenko
81bf1ef8ce Adapt isAjax to support mimetype lists 
Fixes #988
 2021-01-12 19:37:30 +01:00
Joel Speed
dd60fe4fef Merge pull request #982 from grnhse/maintainer-update 
Add NickMeves to MAINTAINERS
 2021-01-11 09:03:00 +00:00
Nick Meves
d08b9b7cc4 Add NickMeves to MAINTAINERS 2021-01-10 10:56:01 -08:00
Ilia Pertsev
597ffeb121 Fix joined cookie name for those containing underline in the suffix (#970) 
* properly handle splitted cookies with names ending with _

* test update

* provide cookieName into joinCookies instead of processing the suffix

* changelog update

* test update
 2021-01-04 17:21:17 -08:00
İlteriş Eroğlu
1d74a51cd7 Use X-Forwarded-{Proto,Host,Uri} on redirect as last resort (#957) 2021-01-01 15:23:11 -08:00
Joel Speed
91b3f5973e Merge pull request #953 from grnhse/keycloak-refactor-provider-methods 
Refactor Keycloak Provider Methods
 2021-01-01 10:40:55 +00:00
Nick Meves
4b28e6886c Handle ValidateURL fallback for nil & empty struct cases 2020-12-24 14:04:20 -08:00
Nick Meves
816d9a4566 Use a generic http.HandlerFunc in Keycloak tests 2020-12-24 14:04:19 -08:00
Nick Meves
f07a5630f1 Update Keycloak documentation 2020-12-24 14:04:19 -08:00
Nick Meves
138a6b128a Use ProfileURL for userinfo EnrichSession calls in Keycloak 2020-12-24 14:04:19 -08:00
Nick Meves
0886f8035c Move all Keycloak unit tests to Ginkgo 2020-12-24 14:04:19 -08:00
Nick Meves
3369799853 Migrate Keycloak to EnrichSession & support multiple groups 2020-12-24 14:04:19 -08:00
Nick Meves
89e0a77a8f Merge pull request #849 from grnhse/is-831-auth-querystring-groups 
Group/Role Access Restriction support in `/oauth2/auth` endpoint
 2020-12-24 12:21:40 -08:00
Nick Meves
753f6c548a Add a detailed allowed_groups example to Important Notes 2020-12-24 12:05:12 -08:00
Nick Meves
65e15f24c1 Support only allowed_groups querystring 2020-12-24 12:05:12 -08:00
Nick Meves
025056cba0 Move AuthOnly authorize logic to a dedicated method 2020-12-24 12:05:11 -08:00
Nick Meves
44d83e5f95 Use StatusForbidden to prevent infinite redirects 2020-12-24 12:04:01 -08:00
Nick Meves
23b2355f85 Allow group authZ in AuthOnly endpoint via Querystring 2020-12-24 12:04:01 -08:00
Joel Speed
8bd2409342 Merge pull request #936 from grnhse/oidc-provider-refactor 
OIDC Provider Refactor
 2020-12-23 19:04:51 +00:00
Nick Meves
d2ffef2c7e Use global OIDC fields for Gitlab 2020-12-21 16:54:12 -08:00
Nick Meves
42f6cef7d6 Improve OIDC error handling 2020-12-21 16:53:05 -08:00
Nick Meves
ea5b8cc21f Support non-list and complex groups 2020-12-21 16:52:18 -08:00
Nick Meves
eb56f24d6d Deprecate UserIDClaim in config and docs 2020-12-21 16:52:17 -08:00
Nick Meves
74ac4274c6 Move generic OIDC functionality to be available to all providers 2020-12-21 16:52:04 -08:00
Nick Meves
a1877434b2 Refactor OIDC to EnrichSession 2020-12-21 16:51:52 -08:00
Kirill Müller
4fda907830 Fix and enhance OIDC example (#934) 
* Fix and enhance OIDC example

* Restructure

* Indent

* Add full stop.

* Add link

* Add minimalistic README

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-12-19 15:48:33 +00:00
TAGAMI Yukihiro
a5466bb96d Fix typo and missing InjectResponseHeaders validation (#952) 2020-12-12 10:05:01 -08:00
Mathieu Lecarme
d67d6e3152 Add authorization support for Gitlab projects (#630) 
* Add support for gitlab projets

* Add group membership in state

* Use prefixed allowed groups everywhere

* Fix: remove unused function

* Fix: rename func that add data to session

* Simplify projects and groups session funcs

* Add project access level for gitlab projects

* Fix: default access level

* Add per project access level

* Add user email when missing access level

* Fix: harmonize errors

* Update docs and flags description for gitlab project

* Add test with both projects and groups

* Fix: log error message

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix: make doc a markdown link

* Add notes about read_api scope for projects

* Fix: Verifier override in Gitlab Provider

This commit fixes a bug caused by an override of the Verifier value from *ProviderData inside GitlabProvider struct

* Fix: ensure data in session before using it

* Update providers/gitlab.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Rename gitlab project initializer

* Improve return value readbility

* Use splitN

* Handle space delimiters in set project scope

* Reword comment for AddProjects

* Fix: typo

* Rework error handling in addProjectsToSession

* Reduce branching complexity in addProjectsToSession

* Fix: line returns

* Better comment for addProjectsToSession

* Fix: enrich session comment

* Fix: email domains is handled before provider mechanism

* Add archived project unit test

* Fix: emails handling in gitlab provider

Co-authored-by: Wilfried OLLIVIER <wollivier@bearstech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
 2020-12-05 10:57:33 -08:00
Joel Speed
5117f2314f Merge pull request #943 from aimichal/patch-1 
Update Slack channel name
 2020-12-04 14:39:26 +00:00
Michal Guerquin
f260c3707a Update Slack channel name 2020-12-03 15:20:31 -08:00
Joel Speed
87c67b09a7 Merge pull request #907 from oauth2-proxy/alpha-config 
Introduce alpha configuration option to enable testing of structured configuration
 2020-12-01 09:28:47 +00:00
Joel Speed
d749c11e73 Add changelog entry for adding alpha configuration 2020-12-01 08:57:13 +00:00
Joel Speed
b201dbb2d3 Add convert-config-to-alpha flag to convert existing configuration to alpha structure 2020-12-01 08:56:51 +00:00
Joel Speed
5b683a7631 Add local environment that uses alpha configuration 2020-12-01 08:56:50 +00:00
Joel Speed
f36dfbb494 Introduce alpha configuration loading 2020-12-01 08:56:49 +00:00
Joel Speed
5b003a5657 SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
Joel Speed
d587030019 Merge pull request #938 from grnhse/naming-refactor-tweaks 
Cleanup method name refactors missed in comments
 2020-11-30 19:38:43 +00:00
Nick Meves
26ed080bed Cleanup method name refactors missed in comments 2020-11-29 14:18:14 -08:00
Nick Meves
f6ae15e8c3 Merge pull request #869 from grnhse/streamline-provider-naming 
Streamline Provider Interface & Bearer Session Handlers
 2020-11-28 10:30:09 -08:00
Nick Meves
57a8ef06b4 Fix method renaming in comments and tests 2020-11-28 10:25:12 -08:00
Nick Meves
5f8f856260 Remove failed bearer tokens from logs 2020-11-28 10:25:12 -08:00
Nick Meves
22f60e9b63 Generalize and extend default CreateSessionFromToken 2020-11-28 10:25:12 -08:00
Nick Meves
44fa8316a1 Aggregate error logging on JWT chain failures 2020-11-28 10:25:12 -08:00
Nick Meves
3e9717d489 Decouple TokenToSession from OIDC & add a generic VerifyFunc 2020-11-28 10:25:11 -08:00
Nick Meves
e9f787957e Standardize provider interface method names 2020-11-28 10:25:11 -08:00