public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,204 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

1204 Commits

Author SHA1 Message Date
Christopher Kohnert 2c851fcd4f
Allow a health/ping request to be identified by User-Agent (#567) 
* Add an option to allow health checks based on User-Agent.

* Formatting fix

* Rename field and avoid unnecessary interface.

* Skip the redirect fix so it can be put into a different PR.

* Add CHANGELOG entry

* Adding a couple tests for the PingUserAgent option.
 2020-06-12 14:56:31 +01:00
Joel Speed 160bbaf98e
Fallback to UserInfo is User ID claim not present (#560) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-06-04 17:41:29 +01:00
Scott Guymer 3aeca4368c
ACR values should not be automatically added when blank (#598) 
* ACR values should not be automatically added when blank

* Added changelog
 2020-06-02 18:17:27 +01:00
Yoshiki Nakagawa d8d43bb51b
Support new option "github-user" (#421) 
* feat(github): support new option "github-user"

* feat(github): rename github-user to github-users

* feat(github): update docs for github-users option

* feat(github): remove unneeded code

* feat(github): remove logging

* feat(github-user): use github-user as flagset options

* feat(github-user): remove optionns.go

* feat(github-user): add github-user flagset

* feat(github): improve readability in the docs

* feat(github-user): refactored SetUsers method

* Update flag description

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-06-01 20:02:07 +01:00
Joel Speed a17c48810f
Merge pull request #548 from oauth2-proxy/move-logging-options 
Separate logging options out of main options structure
 2020-05-31 14:15:18 +01:00
Joel Speed 94e31f8b65
Ensure exclude-logging-paths is consistent with other options 2020-05-31 14:09:28 +01:00
Joel Speed f7c88f53d1
Update changelog for logging options move 2020-05-31 14:09:24 +01:00
Joel Speed bbc4eee17e
Create Logging FlagSet and Default 2020-05-31 14:08:00 +01:00
Joel Speed 3cbac6122d
Move configuration of logger to separate file 2020-05-31 14:08:00 +01:00
Joel Speed 3afcadae76
Move logging options to a struct 2020-05-31 14:08:00 +01:00
Joel Speed f7b28cb1d3
Improvements to Session State code (#536) 
* Drop SessionStateJSON wrapper
* Use EncrpytInto/DecryptInto to reduce sessionstate

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-30 08:53:38 +01:00
Amnay 6a88da7f7a
Parse Redis cluster and sentinel urls (#573) 
* Parse Redis cluster and sentinel urls

* Add changelog entry for #573

* Add unit tests for redis session store

* Use %v for error fmt

Co-authored-by: Amnay Mokhtari <amnay.mokhtari@adevinta.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-05-27 18:40:50 +01:00
Joel Speed 11c8a983c8
Merge pull request #582 from oauth2-proxy/dependabot/bundler/docs/activesupport-6.0.3.1 
Bump activesupport from 6.0.2.1 to 6.0.3.1 in /docs
 2020-05-27 10:03:56 +01:00
dependabot[bot] d1bab0e22e
Bump activesupport from 6.0.2.1 to 6.0.3.1 in /docs 
Bumps [activesupport](https://github.com/rails/rails) from 6.0.2.1 to 6.0.3.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v6.0.3.1/activesupport/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v6.0.2.1...v6.0.3.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-05-27 08:55:47 +00:00
Joel Speed 03a0e1a0e3
Merge pull request #414 from ti-mo/cookie-secret-cipher-xauthrequest 
Always encrypt sessions regardless of configuration
 2020-05-24 21:27:22 +01:00
Timo Beckers 276d1c6f19
Always encrypt sessions regardless of configuration 2020-05-24 21:23:04 +01:00
Amnay 0c9795a964
render error page on 502 proxy status (#574) 
Co-authored-by: Amnay Mokhtari <amnay.mokhtari@adevinta.com>
 2020-05-24 21:09:00 +01:00
Joel Speed 810a9e9967
Rename cookie-domain config to cookie-domains (#559) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-24 20:19:56 +01:00
Isabelle COWAN-BERGMAN fc11d8d508
Updated autocompletion for `--` long options. (#569) 
* Updated autocompletion for `--` long options.

* Added CHANGELOG.md entry.
 2020-05-24 17:12:28 +01:00
Joel Speed a0085e9015
Add changelog entry for 489 (#572) 2020-05-23 18:49:09 +01:00
Joel Speed 236c7fa60e
Merge pull request #489 from oauth2-proxy/move-options 
Move Options and Validation to packages
 2020-05-23 15:59:29 +01:00
Joel Speed cce2c680d8
Move RealClientIP code to IP packages 2020-05-23 15:17:41 +01:00
Joel Speed c3f9cbeb3d
Remove Env tags from Cookie and Session Options 2020-05-21 22:43:42 +01:00
Joel Speed 189ed4de8f
Move FlagSet to Options package 2020-05-21 22:43:42 +01:00
Joel Speed 1fd4ebe546
Remove Env tags from Options 2020-05-21 22:43:42 +01:00
Joel Speed 44b27e0208
Move Options and Validation to package 2020-05-21 22:43:42 +01:00
Amnay de0c92af06
fix small typo in docs (#570) 
Co-authored-by: Amnay Mokhtari <amnay.mokhtari@adevinta.com>
 2020-05-21 21:24:25 +01:00
Nick Meves 7e5c8bb579
Fix secretBytes adding unintended padding (#556) 
* Fix secretBytes adding unintended padding

* Add more SecretBytes test scenarios

* Add CHANGELOG entry about breaking secret padding change

* Add SecretBytes tests explanation comments
 2020-05-21 19:29:45 +01:00
Nick Meves d228d5a928
Refactor the utils package to other areas (#538) 
* Refactor the utils package to other areas

Move cookieSession functions to cookie session store
& align the double implementation of SecretBytes to be
united and housed under encryption

* Remove unused Provider SessionFromCookie/CookieForSession

These implementations aren't used, these are handled in the cookie store.

* Add changelog entry for session/utils refactor
 2020-05-14 10:16:35 +01:00
Isabelle COWAN-BERGMAN 111d17efde
Implements --real-client-ip-header option. (#503) 
* Implements -real-client-ip-header option.

* The -real-client-ip-header determines what HTTP header is used for
  determining the "real client IP" of the remote client.
* The -real-client-ip-header option supports the following headers:
  X-Forwarded-For X-ProxyUser-IP and X-Real-IP (default).
* Introduces new realClientIPParser interface to allow for multiple
  polymorphic classes to decide how to determine the real client IP.
* TODO: implement the more standard, but more complex `Forwarded` HTTP
  header.

* Corrected order of expected/actual in test cases

* Improved error message in getRemoteIP

* Add tests for getRemoteIP and getClientString

* Add comment explaining splitting of header

* Update documentation on -real-client-ip-header w/o -reverse-proxy

* Add PR number in changelog.

* Fix typo repeated word: "it"

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Update extended configuration language

* Simplify the language around dependance on -reverse-proxy

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>

* Added completions

* Reorder real client IP header options

* Update CHANGELOG.md

* Apply suggestions from code review

Co-authored-by: Isabelle COWAN-BERGMAN <Izzette@users.noreply.github.com>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-12 18:41:25 +01:00
Joel Speed d0cfca4b73
Merge pull request #529 from oauth2-proxy/test-environment 
Add local test environments for testing changes and new features
 2020-05-12 16:19:27 +01:00
Joel Speed 2e37da4dc4
Update changelog for test environment addition 2020-05-12 16:07:17 +01:00
Joel Speed afef9c7588
Add nginx test environment to demonstrate protecting multiple subdomains 2020-05-12 16:06:17 +01:00
Joel Speed 0ccfc73ab2
Add test environment docker-compose files 2020-05-12 16:06:16 +01:00
Joel Speed 4e3dd09cf2
Drop fallback to email when user is empty (#537) 2020-05-12 16:04:51 +01:00
John Clayton 7cf685140b
Restrict access using Github collaborators (#497) 
* Allow access based on Github repository
 2020-05-11 18:02:40 +01:00
Mitsuo Heijo e642daef4e Support context in providers (#519) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-10 13:34:59 +01:00
Joel Speed 53d8e99f05
Remove Syscll as a maintainer (#540) 2020-05-10 11:51:15 +01:00
Joel Speed de280824de
Drop support for pre v3.1 cookies (#535) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-10 10:09:53 +01:00
Joel Speed 24cdfa68b6
Set up code coverage within Travis for Code Climate (#533) 
* Set up code coverage within Travis for Code Climate
* Include CodeClimate badges on ReadMe
 2020-05-10 07:29:37 +01:00
n-i-x be9eaaeb48
Add basic string functions to templates (#514) 
* Add basic string functions to templates

Co-authored-by: Oliver <oliver006@users.noreply.github.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-09 21:05:51 +01:00
Nick Meves 9d626265e8 Migrate cookie signing to SHA256 from SHA1 (#524) 
Also, cleanup the code & make the specific
hashing algorithm chosen a function variable.

Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-09 16:14:19 +01:00
Joel Speed 07df29db37
Drop configure script in favour of native Makefile env and checks (#515) 
Co-authored-by: Henry Jenkins <henry@henryjenkins.name>
 2020-05-09 16:07:46 +01:00
Henry Jenkins 9ed5a43516
Use double dashes in docs (#530) 
We only supports double dash (`--`) now, so update docs to reflect this.
 2020-05-09 15:39:47 +01:00
Joel Speed 8d3de2dc75
Tidy changelog and update releases to v5.1.1 (#526) 2020-05-06 19:00:12 +01:00
Joel Speed 0d5fa211df
Merge pull request from GHSA-j7px-6hwj-hpjg 2020-05-06 12:42:02 +01:00
Oliver 36da6e2be9
Add Gitea to auth config docs (#510) 
* add gitea to auth config docs

* PR feedback

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-05-04 21:59:09 +01:00
Joel Speed f7c050e7ba
Switch flags to PFlag to remove StringArray (#487) 2020-05-03 16:55:20 +01:00
Joel Speed eae652d986
Merge pull request #484 from oauth2-proxy/cookie-options-rename 
Replace configuration loading with Viper
 2020-05-03 12:14:17 +01:00
Joel Speed 00fed1a31f
Return an error when unknown options are found in the config file 2020-04-29 20:00:16 +01:00