public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,294 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

117 Commits

Author SHA1 Message Date
Brian Van Klaveren 058ffd1047 Update unit tests for username 2019-06-17 13:11:49 -07:00
Brian Van Klaveren 54d91c69cc Use logger instead of log 2019-06-17 12:52:13 -07:00
Brian Van Klaveren 10f65e0381 Add a more realistic test for JWT passthrough 2019-06-17 12:52:13 -07:00
Brian Van Klaveren 1ff74d322a Fix imports 2019-06-17 12:52:13 -07:00
Brian Van Klaveren 69cb34a04e Add unit tests for JWT -> session translation 2019-06-17 12:52:13 -07:00
Brian Van Klaveren 187960e9d8 Improve token pattern matching 
Unit tests for token discovery
 2019-06-17 12:52:13 -07:00
Joel Speed 6366690927
Fix gofmt for changed files 2019-06-15 11:34:00 +02:00
Joel Speed fb9616160e
Move logger to pkg/logger 2019-06-15 11:33:58 +02:00
Joel Speed 093f9da881
Move cipher creation to options and away from oauth2_proxy.go 2019-05-20 11:26:13 +02:00
Joel Speed 37e31b5f09
Remove dead code 2019-05-20 11:26:11 +02:00
Joel Speed c61f3a1c65
Use SessionStore for session in proxy 2019-05-20 11:26:10 +02:00
Joel Speed 2ab8a7d95d
Move SessionState to its own package 2019-05-18 13:09:56 +02:00
Phil Taprogge 39d2f28a40
Add comment; update changelog 2019-05-09 10:14:01 +01:00
Phil Taprogge 15f48fb95e
Don't infer username from email local part if username not set 2019-05-07 10:36:00 +01:00
MisterWil 8ec025f536 Auth and standard logging with file rolling 2019-04-12 08:59:46 -07:00
einfachchr f715c9371b Fixes deletion of splitted cookies - Issue #69 (#70) 
* fixes deletion of splitted cookies

* three minor adjustments to improve the tests

* changed cookie name matching to regex

* Update oauthproxy.go

Co-Authored-By: einfachchr <einfachchr@gmail.com>

* removed unused variable

* Changelog
 2019-03-15 07:18:37 +00:00
Adam Szalkowski c7193b4085 Merge websocket proxy feature from openshift/oauth-proxy. Original author: Hiram Chirino <hiram@hiramchirino.com> 2019-03-11 14:05:16 +01:00
Joel Speed fa2545636b
Merge pull request #15 from pusher/whitelist-domains 
Whitelist domains
 2019-02-02 18:55:37 +00:00
Cosmin Cojocar 3326194422 Extract the application/json mime type into a const 2019-01-31 16:23:01 +01:00
Cosmin Cojocar c12db0ebf7 Returns HTTP unauthorized for ajax requests instead of redirecting to the sing-in page 2019-01-31 16:23:01 +01:00
Steve Arch 01c5f5ae3b Implemented flushing interval (#23) 
* Implemented flushing interval

When proxying streaming responses, it would not flush the response writer buffer until some seemingly random point (maybe the number of bytes?). This makes it flush every 1 second by default, but with a configurable interval.

* flushing CHANGELOG

* gofmt and goimports
 2019-01-31 14:02:15 +00:00
Joel Speed 9007d66559
Test explicit subdomain whitelisting 2019-01-30 17:30:49 +00:00
Joel Speed 768a6ce989
Test IsValidRedirect method 2019-01-30 17:30:46 +00:00
Steve Arch 090ff11923 redirect to original path after login (#24) 
* redirect to original path after login

* tests for new redirect behaviour

* fixed comment

* added redirect fix to changelog
 2019-01-29 12:13:02 +00:00
Joel Speed d4b588dbe9
Split large cookies 2019-01-22 11:34:54 +00:00
Joel Speed 8ee802d4e5
Lint for non-comment linter errors 2018-11-29 14:26:41 +00:00
Joel Speed 847cf25228
Move imports from bitly to pusher 2018-11-27 11:45:05 +00:00
Mike Bland e241fe86d3
Switch from 18F/hmacauth to mbland/hmacauth 
Since I'm no longer with 18F, I've re-released hmacauth under the ISC
license as opposed to the previous CC0 license. There have been no
changes to the hmacauth code itself, and all tests still pass.
 2017-11-07 07:55:24 -05:00
Tanvir Alam 8a77cfcac3 Swap out bmizerany/assert package that is deprecated in favor of stretchr/testify/assert 2017-10-23 12:24:17 -04:00
Alan Braithwaite b640a69d63 oauthproxy: fix #284 -skip-provider-button for /sign_in route 2017-06-21 15:05:36 -07:00
idntfy 1e7d2a08a3 #369: Optionally allow skipping authentication for preflight requests 2017-04-07 15:01:47 +03:00
Lukasz Siudut 829b442302 add --set-xauthrequest flag for use in Nginx auth_request mode 
This is enhancement of #173 to use "Auth Request" consistently in
the command-line option, configuration file and response headers.
It always sets the X-Auth-Request-User response header and if the
email is available, sets X-Auth-Request-Email as well.
 2017-03-29 21:28:55 +05:30
Colin Arnott 55085d9697 csrf protection; always set state 2017-03-29 09:31:10 -04:00
Jehiah Czebotar 6c690b699b Merge pull request #339 from omazhary/issue-205 
Allow to pass user headers only
 2017-03-28 21:42:29 -04:00
Jehiah Czebotar b884b36f26 bump easy pkg upgrades; drop Go 1.6 (no httptest.NewRequest) 
This fixes a test w request signing due to a content-length:0 header from Go 1.8
 2017-03-27 20:36:35 -04:00
Omar Elazhary 24f91a0b60 Allow to pass user headers only (issue #205) 
* This fixes https://github.com/bitly/oauth2_proxy/issues/205
* Add new boolean option -pass-user-headers
  to control whether X-Forwarded-User and X-Forwarded-Email
  headers will be set (as opposed to HTTP BASIC auth)
* This is required e.g. for grafana [1] where
  X-Forwarded-User is needed but HTTP BASIC auth fails
  (password is not known and must not be known in this scenario)
* Keep behaviour of PassBasicAuth unchanged for compatibility

[1] http://docs.grafana.org/installation/configuration/#authproxy
 2017-01-24 11:11:58 +01:00
Jehiah Czebotar cdebfd6436
base64 cookie support 2016-06-20 07:45:43 -04:00
Mike Bland e4626c1360 Sign Upstream requests with HMAC. closes #147 2015-11-15 22:09:30 -05:00
Mike Bland e61fc9e7a6 Add /auth endpoint to support Nginx's auth_request 
Closes #152.
 2015-11-09 10:31:41 -05:00
Brandon Philips 6db18804f3 *: rename Oauth to OAuth 
Be consistent with Go capitalization styling and use a single way of
spelling this across the tree.
 2015-11-09 00:57:01 +01:00
Brandon Philips 51a2e4e48c *: rename Url to URL everywhere 
Go coding style says that acronyms should be all lower or all upper. Fix
Url to URL.
 2015-11-09 00:47:44 +01:00
Jeppe Toustrup ffeccfe552 Add support for serving static files from a directory 
The path should be provided as a file:// url with the full operating system path.
An alias to where the directory is available as can be specified by appending
a fragment (ie. "#/static/") at the end of the URL.
 2015-09-24 15:37:45 +02:00
Justin Burnham 7dd5d299e1 Add support for setting the basic auth password. 
For tools that don't like empty passwords, this change allows
one to set a shared secret password for all users.
 2015-07-24 09:17:43 +00:00
Jehiah Czebotar d49c3e167f SessionState refactoring; improve token renewal and cookie refresh 
* New SessionState to consolidate email, access token and refresh token
* split ServeHttp into individual methods
* log on session renewal
* log on access token refresh
* refactor cookie encription/decription and session state serialization
 2015-07-02 23:09:11 -04:00
Jehiah Czebotar e9b5631eed cookie refresh: validation fixes, interval changes 
* refresh now calculated as duration from cookie set
 2015-06-23 07:51:00 -04:00
Jehiah Czebotar d78aa13464 v2.0 & cleanup changes 
* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name
 2015-06-12 13:07:26 -04:00
Jehiah Czebotar b96a078839 Project Rename -> oauth2_proxy 2015-05-21 02:55:04 -04:00
Jehiah Czebotar 37b38dd2f4 Github provider 2015-05-21 02:21:19 -04:00
Mike Bland 8471f972e1 Move ValidateToken() to Provider 2015-05-21 02:06:23 -04:00
Jehiah Czebotar 9047920e90 Merge pull request #88 from 18F/auto-refresh 
Auto refresh auth token
 2015-05-11 22:24:50 -04:00
Mike Bland 5b07d9fcef Provide a robots.txt that denies all crawlers 2015-05-10 15:15:52 -04:00
Mike Bland 37f287bef4 Calculate cookie expiration from encoded timestamp 
Found out the hard way that _incoming_ cookies do _not_ have their expiration
timestamps encoded. To perform auto-refresh based on expiration time, we have
to recalculate it from the time encoded in the cookie value.
 2015-05-10 00:11:26 -04:00
Mike Bland 84190ab19a Validate user during cookie refresh 2015-05-09 16:54:27 -04:00
Mike Bland 610341a068 Make ProcessCookie() fail when cookie parse fails 2015-05-09 16:54:27 -04:00
Mike Bland bd4eae8fec Store access token when cookie-refresh is set 
cookie-refresh now no longer requires pass-access-token in order to work.
 2015-05-09 16:54:27 -04:00
Mike Bland b6e07d51b2 Validate access_token when auto-refreshing cookie 2015-05-09 15:09:31 -04:00
Mike Bland 25372567ac ValidateToken() to check access_token validity 2015-05-09 13:17:37 -04:00
Mike Bland 8e2d83600c Implement cookie auto-refresh 
The intention is to refresh the cookie whenever the user accesses an
authenticated service with less than `cookie-refresh` time to go before the
cookie expires.
 2015-05-08 14:05:09 -04:00
Mike Bland 5cbdb74518 Add ProcessCookie() test 2015-05-08 14:05:09 -04:00
Mike Bland 83ad43a571 Make proper PassAccessTokenTest methods 2015-04-07 10:11:35 -04:00
Mike Bland 5f747bb768 Redirect to / when /oauth2/sign_in accessed 
Without this change, clicking the sign-in button on /oauth2/sign_in will
always redirect back to /oauth2/sign_in, essentially creating an infinite
loop.
 2015-04-06 22:10:03 -04:00
Mike Bland ad3c9a886f Pass the access token to the upstream client 
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
 2015-04-03 15:32:01 -04:00
Mike Bland a9837f90aa Ensure TestNewReverseProxy() passes when offline 
This reflects the apparent intent of TestNewReverseProxy(). Without this
change, the test will fail when run without an Internet connection.
 2015-04-02 21:38:48 -04:00
Jehiah Czebotar 16f2c981f3 fix upstream request path 2015-03-21 15:29:07 -04:00
Jehiah Czebotar 71ae70834d pass raw unencoded request URI upstream 2015-03-19 13:18:49 -04:00
Jehiah Czebotar 263e16eeea add --proxy-host-header option 2015-03-17 15:53:01 -04:00
John Boxall 20a152261c Adds failing test for using upstream Host header. 2015-03-17 15:04:27 -04:00