c0654e3d9f
Remove unused fields from OAuthProxy
2021-03-29 18:26:48 +01:00
17009d8363
Metrics server should be constructed with secure bind address for TLS
2021-03-26 09:58:39 +00:00
64f0a9f580
Reinstate preferEmailToUser behaviour for basic auth sessions
2021-03-22 13:13:26 +00:00
2e5b229637
Deprecate GCP HealthCheck option
2021-03-21 20:05:13 +00:00
f3bd61b371
Use pagewriter to render robots txt page
2021-03-21 18:34:42 +00:00
c1267bb92d
Request ID Logging ( #1087 )
...
* Add RequestID to the RequestScope
* Expose RequestID to auth & request loggers
* Use the RequestID in templated HTML pages
* Allow customizing the RequestID header
* Document new Request ID support
* Add more cases to scope/requestID tests
* Split Get vs Generate RequestID funtionality
* Add {{.RequestID}} to the request logger tests
* Move RequestID management to RequestScope
* Use HTML escape instead of sanitization for Request ID rendering
2021-03-21 18:20:57 +00:00
9dbd5f5afd
Ensure redirect URI always has a scheme
2021-03-14 10:16:29 +00:00
8d2fc409d8
Integrate new server implementation into main OAuth2 Proxy
2021-03-07 11:49:11 +00:00
602dac7852
Move Logging to Middleware Package ( #1070 )
...
* Use a specialized ResponseWriter in middleware
* Track User & Upstream in RequestScope
* Wrap responses in our custom ResponseWriter
* Add tests for logging middleware
* Inject upstream metadata into request scope
* Use custom ResponseWriter only in logging middleware
* Assume RequestScope is never nil
2021-03-06 17:27:16 +00:00
220b3708fc
Add support for setting groups on session when using basic auth ( #1064 )
...
* Add support for setting groups on session when using basic auth
* Refactoring based on feedback
* Attribution
2021-02-25 13:02:23 -08:00
23e545a639
Add option for custom logos on the sign in page
2021-02-19 13:23:55 +00:00
9cea4ea89b
Update golangci-lint version in CI workflow
2021-02-17 20:25:37 +00:00
a7c8a233ba
Add Prometheus metrics endpoint
...
Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics"
by default). This allows Prometheus to scrape metrics from OAuth2 Proxy.
Add a new middleware NewRequestMetrics and attach it to the preAuth
chain. This will collect metrics on all requests made to OAuth2 Proxy
Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are
equivalent. main() has a strict 50 lines limit so brevity in these
calls appreciated
2021-02-15 13:45:26 +00:00
225ff478a1
Move all pagewriter related code to dedicated pagewriter package
2021-02-14 10:21:13 +00:00
e8e2af73df
Wrap templates and page rendering in PageWriter interface
2021-02-14 10:20:26 +00:00
dba6989054
Move SignIn page rendering to app pkg
2021-02-13 11:35:38 +00:00
6ecbc7bc4e
Allow users to choose detailed error messages on error pages
2021-02-12 21:12:28 +00:00
a63ed0225c
Use ErrorPage to render proxy error page
2021-02-12 21:12:27 +00:00
ef457b1765
Move Error page rendering to app package
2021-02-12 21:12:05 +00:00
0151ca11f6
Move template loading to app package
2021-02-12 16:55:52 +00:00
84f76c6060
Move template options to their own struct
2021-02-12 16:55:51 +00:00
801edeba23
Update templates to bulma framework
2021-02-12 16:55:45 +00:00
780ae4f3c9
Merge pull request from GHSA-4mf2-f3wh-gvf2
2021-02-01 18:04:33 +00:00
da02914a9c
Log IsValidRedirect violations and do a final safety call
2021-01-16 13:56:38 -08:00
fa6a785eaf
Improve handler vs helper organization in oauthproxy.go
...
Additionally, convert a lot of helper methods to be private
2021-01-16 13:55:49 -08:00
73fc7706bc
Figure out final app redirect URL with proxy aware request utils
2021-01-16 13:55:49 -08:00
b625de9490
Track the ReverseProxy option in the request Scope
...
This allows for proper handling of reverse proxy based headers throughout
the lifecycle of a request.
2021-01-16 13:55:48 -08:00
81bf1ef8ce
Adapt isAjax to support mimetype lists
...
Fixes #988
2021-01-12 19:37:30 +01:00
1d74a51cd7
Use X-Forwarded-{Proto,Host,Uri} on redirect as last resort ( #957 )
2021-01-01 15:23:11 -08:00
753f6c548a
Add a detailed allowed_groups example to Important Notes
2020-12-24 12:05:12 -08:00
65e15f24c1
Support only allowed_groups querystring
2020-12-24 12:05:12 -08:00
025056cba0
Move AuthOnly authorize logic to a dedicated method
2020-12-24 12:05:11 -08:00
44d83e5f95
Use StatusForbidden to prevent infinite redirects
2020-12-24 12:04:01 -08:00
23b2355f85
Allow group authZ in AuthOnly endpoint via Querystring
2020-12-24 12:04:01 -08:00
22f60e9b63
Generalize and extend default CreateSessionFromToken
2020-11-28 10:25:12 -08:00
3e9717d489
Decouple TokenToSession from OIDC & add a generic VerifyFunc
2020-11-28 10:25:11 -08:00
e9f787957e
Standardize provider interface method names
2020-11-28 10:25:11 -08:00
2549b722d3
Add User & Groups to Userinfo
2020-11-25 18:19:48 -08:00
b9661cb6fe
Return 401 Unauthorized if Authorize fails
2020-11-12 11:18:59 -08:00
f21b3b8b20
Authorize in Redeem callback flow
2020-11-12 11:18:59 -08:00
1b3b00443a
Streamline ErrMissingCode in provider Redeem methods
2020-11-12 11:18:59 -08:00
eb58ea2ed9
Move AllowedGroups to DefaultProvider for default Authorize usage
2020-11-12 11:18:15 -08:00
e7ac793044
Replace ValidateGroup with Authorize for Provider
2020-11-12 11:17:06 -08:00
cc6532a282
Use display-htpasswd-form flag ( #778 )
...
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-08 18:48:01 +00:00
8059a812cd
Integrate new header injectors with OAuth2 Proxy
2020-11-07 17:16:58 +00:00
d9c141ae7c
Remove GetUserName method from Provider
2020-10-19 14:09:46 -07:00
2b9e1bbba0
Add EnrichSessionState as main post-Redeem session updater
2020-10-19 14:09:45 -07:00
0bd8eb3191
Setup provider.ErrNotImplemented sentinel error
2020-10-19 14:09:02 -07:00
add45c360c
Split session enrichment from code redemption
2020-10-19 14:09:02 -07:00
b7b7ade7c4
Improve AllowedRoute test table formatting
2020-10-07 10:13:41 -07:00
Joel Speed
Nick Meves
Stefan Sedich
Sean Jones
Nikolai Prokoschenko
İlteriş Eroğlu
ofir-amir