7ffe9b7620
Reduce docker context to improve build times
2020-07-07 20:51:43 +01:00
a999270cf3
Add req.host to targetURL when redirecting to https ( #668 )
...
* Add req.host to targetURL when redirecting to https
The req.URL.Host might not be present when redirecting to https if the
given req.URL is something like "/". In such scenario, the req.Host is
still present and valid.
This commit adds the original req.Host to the targetURL before returning
the 308 status, to avoid having a `Location: https:/// ` in the response.
* Bring back empty line
* Wrap the setting of targetURL.Host in a condition
* Add a comment to the test explaining why the redirectURL includes example.com
* Add changelog entry
2020-07-07 09:55:38 +01:00
d29766609b
Merge pull request #660 from oauth2-proxy/request-builder
...
Use builder pattern to simplify requests to external endpoints
2020-07-06 21:01:55 +01:00
de9e65a63a
Migrate all requests to result pattern
2020-07-06 20:38:00 +01:00
d0b6c04960
Add tests for request result
2020-07-06 20:37:36 +01:00
fbf4063245
Switch Builder.Do() to return a Result
2020-07-06 18:31:31 +01:00
02410d3919
Update changelog to add request builder entry
2020-07-06 18:31:28 +01:00
028a0ed62e
Remove old requests code
2020-07-06 18:31:11 +01:00
53142455b6
Migrate all requests to new builder pattern
2020-07-06 18:31:09 +01:00
21ef86b594
Add tests for the request builder
2020-07-06 18:29:58 +01:00
0bc0feb4bb
Add request builder to simplify request handling
2020-07-06 18:29:57 +01:00
9d39816709
Merge pull request #662 from johejo/issue-661
...
Do not add Cache-Control header to response from auth only endpoint
2020-07-06 14:33:36 +01:00
830065a128
Merge branch 'master' into issue-661
2020-07-06 13:39:19 +01:00
efa1e9b448
Merge pull request #663 from Jonher937/patch-1
...
Make example args a codeblock for OIDC Provider
2020-07-06 12:18:06 +01:00
97ab3fa005
update CHANGELOG
2020-07-06 19:09:02 +09:00
4c1047866b
fix: do not add Cache-Control header to response from auth only endpoint
...
fix #661
related #453
2020-07-06 19:04:31 +09:00
416c8b0a5c
Make example args a codeblock
...
Making this a code block aligns with the rest of the examples and makes it easier to read
2020-07-06 12:04:16 +02:00
215aeec8b9
Merge pull request #650 from jordancrawfordnz/issue-649
...
Only set healthcheck user agents when the ping-user-agent is set, and don't check blank user agents against healthcheck user agents
2020-07-06 09:00:13 +01:00
6346dafc1e
( #649 ) Remove blank helthcheck user agents and paths when setting up the healthcheck middleware
...
A blank user agent is considered == to an empty string. When no -ping-user-agent option is specified, this is considered to be an empty string.
This reveals two problems:
- When no ping-user-agent is specified, main.go sets up a health check user agent of ""
- When no user agent is specified, the empty string is still checked against the health check user agents.
Now the health check middleware ignores blank user agents and paths in order to sanitise it's input to avoid this issue.
Additional tests have been added to verify these situations.
2020-07-06 14:07:38 +12:00
99481b3a39
Merge pull request #591 from oauth2-proxy/upstream-proxy
...
Introduce upstream package with new reverse proxy implementation
2020-07-05 20:36:47 +01:00
37c76b6376
Update changelog to add upstream proxy entry
2020-07-05 10:22:24 +01:00
5b95ed3033
Add tests for upstream package
2020-07-05 10:21:05 +01:00
fa8e1ee033
Allow file server to handle windows filesystems
2020-07-05 10:21:05 +01:00
e1c3e938cc
Add upstream package with Proxy server implementation
2020-07-05 10:21:05 +01:00
b6b5194190
Add Upstreams options struct with validation
2020-07-05 10:21:05 +01:00
fb1bef2757
Merge pull request #576 from oauth2-proxy/cookie-validation
...
Separate Cookie validation
2020-07-05 09:35:19 +01:00
3e13f3197f
Ensure that cookie names over 256 characters are rejected by validation
2020-07-05 09:18:48 +01:00
eb933cc3f4
Add changelog entry for cookie validation separation
2020-07-05 09:18:45 +01:00
211fd3a010
Rename CookieOptions to Cookie
2020-07-05 09:18:21 +01:00
285c65a2d4
Add tests for cookie validation
...
This also removes the check for the decoded from the valid secret size
check. The code was unreachable because encryption.SecretBytes will only
return the decoded secret if it was the right length after decoding.
2020-07-05 09:17:28 +01:00
900061b88a
Move CookieOptions validation to it's own file
2020-07-05 09:17:28 +01:00
b3ba2594c6
Create Cookie FlagSet and Defaults
2020-07-05 09:17:28 +01:00
016f4aa276
Merge pull request #656 from grnhse/cookie-splitting-precision
...
Split cookies more precisely at 4096 bytes
2020-07-04 11:15:07 -07:00
48a2aaadc1
Count complete cookie content in byte splitting
2020-07-03 23:41:08 -07:00
c6f1daba2f
Split cookies more precisely at 4096 bytes
2020-07-03 20:38:04 -07:00
c4cf15f3e1
Merge pull request #619 from oauth2-proxy/https-redirect-middleware
...
Improve Redirect to HTTPs behaviour
2020-07-03 17:25:24 +01:00
1c1106721e
Move RedirectToHTTPS to middleware package
...
Moves the logic for redirecting to HTTPs to a middleware package and adds tests for this logic.
Also makes the functionality more useful, previously it always redirected to the HTTPS address of the proxy, which may not have been intended, now it will redirect based on if a port is provided in the URL (assume public facing 80 to 443 or 4180 to 8443 for example)
2020-07-03 17:19:09 +01:00
39c01d5930
Merge pull request #654 from oauth2-proxy/redis-test-client-close
...
Close client connections after each redis test
2020-07-03 16:43:42 +01:00
5c8a66bcc9
Close client connections after each redis test
2020-07-03 16:24:47 +01:00
b0375e85fa
Fix #635 : Support specifying alternative provider TLS trust source(s) ( #645 )
...
* Fix #635 : Support specifying alternative provider TLS trust source(s)
* Update pkg/apis/options/options.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Update pkg/validation/options.go
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
* Address review comments
* upd CHANGELOG.md
* refactor test to assert textual subjects + add openssl gen cmd
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-07-03 16:09:17 +01:00
390d479d28
Update CODEOWNERS to request review from reviewers team ( #613 )
...
This means that we can keep the list of reviewers up to date based on team membership, rather than this file. Will make it easier to add and remove people going forward
2020-07-02 21:09:55 +01:00
4313553122
Merge pull request #542 from oauth2-proxy/refactor-session-tests
...
Move SessionStore tests to independent package
2020-07-01 23:00:23 +01:00
34137f7305
Move SessionStore tests to independent package
2020-07-01 06:41:35 +01:00
d9a45a3b47
Merge pull request #577 from oauth2-proxy/session-store-cipher
...
Move Cipher and Session Store initialisation out of Validation
2020-06-28 18:29:48 +01:00
6e1b3b9660
Switch to in session store initialisation
2020-06-28 12:50:55 +01:00
778463906a
Update changelog for session storage initialisation move
2020-06-28 12:32:06 +01:00
5ce9e75c21
Initialise Session Storage in NewOAuthProxy instead of validation
2020-06-28 12:32:06 +01:00
c8dbf1cf60
Move Cipher intialisation to session store initialisation
2020-06-28 12:03:03 +01:00
d9af3ffc5e
Merge pull request #641 from oauth2-proxy/release-v6.0.0
...
Update changelog ready for release v6.0.0
2020-06-27 16:09:26 +01:00
6b43b41638
Fix tests broken by security advisory
2020-06-27 12:41:46 +01:00
Joel Speed
Mariano Vallés
Mitsuo Heijo
Jonathan Herlin
Jordan Crawford
Nick Meves
k-wall