The package under pkg/clock is github.com/benbjohnson/clock, which is
archived. It's also way more complex than is what is actually needed
here, so we can entirely remove the dependency and remove the helper
package.
Fixes#2840.
Signed-off-by: David Symonds <dsymonds@gmail.com>
* fix: use GetSecret() in ticket.go makeCookie
The makeCookie method in ticket.go was using t.options.Secret directly, which
meant cookie-secret-file was not being respected. Updated to use GetSecret()
which handles both cookie-secret and cookie-secret-file properly.
Also added test coverage for cookie-secret-file functionality.
Fixes#3224
Signed-off-by: stagswtf <142280349+stagswtf@users.noreply.github.com>
* docs: update CHANGELOG.md for cookie-secret-file fix
Signed-off-by: stagswtf <142280349+stagswtf@users.noreply.github.com>
* correct PR link and undo file formatting
Signed-off-by: stagswtf <142280349+stagswtf@users.noreply.github.com>
* fix: error wrapping
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: stagswtf <142280349+stagswtf@users.noreply.github.com>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* bugfix: Gitaa team membership
Gitea doesn't properly fill in all the fields like GitHub,
so implement a series of fallbacks.
Signed-off-by: magic_rb <magic_rb@redalder.org>
* add changelog, documentation and fix groups list
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: magic_rb <magic_rb@redalder.org>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add sensible logging flag to default setup for logger
* Fix default value flag for sensitive logging
* Remove sensitive logging changes
* Add Cidaas provider
* Update CHANGELOG.md
* Add required groups scope to defaults
* Fix tests
* Remove if block with protected resource
* Fix linting
* Adjust provider sorting, fixes
* Directly handle error return
Co-authored-by: Jan Larwig <jan@larwig.com>
* Use less deep nesting
Co-authored-by: Jan Larwig <jan@larwig.com>
* Directly handle returned error
Co-authored-by: Jan Larwig <jan@larwig.com>
* Pass provider options to Cidaas provider
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add import for provider options
* Fix tests
* Fix linting
* Add Cidaas doc page
* Add Cidaas provider doc page to overview
* Fix link in docs
* Fix link in docs
* Add link to Cidaas
* fix provider order in docs and changelog position
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Teko012 <112829523+Teko012@users.noreply.github.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Kevin Kreitner <kevinkreitner@gmail.com>
* add new docs version 7.11.x
* update to release version v7.11.0
* add changelog entry for v7.11.0
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* feat: add feature support for cookie-secret-file
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-Authored-By: Sandy Chen <Yuxuan.Chen@morganstanley.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Perform a regex replace of $NUM to $$NUM before running envsubst
* Perform a regex replace of $NUM to $$NUM before running envsubst
* add test case; fix linter warnings; add method documentation
Signed-off-by: Jan Larwig <jan@larwig.com>
* add changelog entry
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* feat: Allow use more possible google admin-sdk api scopes.
* reduce cognitive complexity
Signed-off-by: Bob Du <i@bobdu.cc>
* remove unnecessary else block / indentation
Signed-off-by: Jan Larwig <jan@larwig.com>
* add changelog entry
Signed-off-by: Jan Larwig <jan@larwig.com>
* slight formatting and error message rephrasing
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Bob Du <i@bobdu.cc>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* fix: redirect on invalid cookie
* docs: update changelog
* chore: remove duplicated code
* fix: status code handling if wrong http method is used
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Allow setting maximum number of csrf cookies, deleting the oldest if necessary
* Add a test for multiple CSRF cookies to remove the old cookie
* Add docs/changelog
* If limit is <=0 do not clear
Signed-off-by: test <bert@transtrend.com>
* Better docs
Co-authored-by: Jan Larwig <jan@larwig.com>
* direct check of option value
Co-authored-by: Jan Larwig <jan@larwig.com>
* direct use of option value
Co-authored-by: Jan Larwig <jan@larwig.com>
* sort based on clock compare vs time compare
Co-authored-by: Jan Larwig <jan@larwig.com>
* clock.Clock does not implement Compare, fix csrf cookie extraction after rename
Signed-off-by: Bert Helderman <bert@transtrend.com>
* Linter fix
* add method signature documentation and slight formatting
Signed-off-by: Jan Larwig <jan@larwig.com>
* fix: test case for csrf cookie limit and flag
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Bert Helderman <bert@transtrend.com>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: test <bert@transtrend.com>
Co-authored-by: bh-tt <71650427+bh-tt@users.noreply.github.com>
* upgrade to go1.24.5
dependency updates
lint fixes
chore(deps): upgrade github.com/spf13/viper to v1.20.1
Note that this upgrade also implied to upgrade github.com/mitchellh/mapstructure
(nowadays unmaintained: https://gist.github.com/mitchellh/90029601268e59a29e64e55bab1c5bdc)
to github.com/go-viper/mapstructure/v2.
fix: adapt tests to match mapstructure v2 error messages
pkg/apis/options/load_test.go: skip tests on Go 1.23
Add a compile guard for Go < 1.24 for the pkg/apis/options/load_test.go
because the LoadYAML test depends on error messages produced by
encoding/json that changed slightly (names of embedded structs are now
reported). As we updated the test for go1.24, the test now fails on
1.23, but just for a slight difference, so we disable the test there.
fix: adapt tests to match mapstructure v2 error messages
remove pre 1.24 disclaimer
add changelog entry
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-Authored-By: Olivier Mengué <dolmen@cpan.org>
* add exclusion for 'avoid meaningless package names' in .golangci.yml
* chore(dep): upgrade all dependencies
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Olivier Mengué <dolmen@cpan.org>
Co-authored-by: Jan Larwig <jan@larwig.com>
* fix for github teams
* Update github.go
* added errorhandling
* Update github.md
* refactored GitHub provider
refactored hasOrg, hasOrgAndTeams and hasTeam into hasAccess to stay within function limit
* reverted Refactoring
* refactored github.go
- joined hasOrgAndTeamAccess into checkRestrictions
* refactored github.go
- reduced number of returns of function checkRestrictions to 4
* updated GitHub provider to accept legacy team ids
* GoFmt and golangci-lint
Formatted with GoFmt and followed recommendations of GoLint
* added Tests
added Tests for checkRestrictions.
* refactored in maintainer feedback
* Removed code, documentation and tests for legacy ids
* add changelog and update docs
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* add new docs version 7.9.x
* update to release version v7.9.0
* doc: add changelog summary
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* fix: use federated credentials to refresh token in entra id
* fix: add some error handling
* chore: update changelog
* chore: update comments
* chore: update comments
* doc: reference entra id docs and clearer phrasing of comments
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Update Go version in devcontainer
* Add option to change response mode in authorization request
* Fix option name
* Update docs and changelog
* Rename config value to underscore
* Add unit tests for added parameter
* Move change to upcoming release
* Generate alpha config
---------
Co-authored-by: Michael Cornel <michael@stieler.it>
* update to release version v7.8.2
* docs: release letter
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
Remove github.com/oauth2-proxy/tools/reference-gen from dependencies.
Instead we are now running it with "go run" with a version suffix.
Long version:
- github.com/oauth2-proxy/tools/reference-gen is removed from
tools/tool/go
- in pkg/apis/options/doc.go we now run reference-run with a version
suffix (go run package@version) with the version comming from go.mod.
- the "//go:generate" line is split in 2 lines (using the -command
flag) for readability
- "go mod tidy" for cleaning dependencies from go.mod, go.sum
Note: we are not upgrading reference-gen here. That will be a further
separate change.
David Symonds
Jan Larwig
stagswtf
github-actions[bot]
Richard Brežák
jet
Kevin Kreitner
nobletrout
Sourav Agrawal
Michael Cornel
Sandy Chen
Ashkan Daie
Conrad Hoffmann
Bob Du
Johann
Daniel Givens
renovate[bot]
Edward Viaene
Daniel Mersch
ikarius
Guillaume "Elektordi" Genty
Richard Hagen
Enrico
Justin Ryan
Evan Gibler
Olivier Mengué
Matthias Penner
stomekpe
axel7083