public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,233 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

1233 Commits

Author SHA1 Message Date
Nick Meves 56f199a24f
Stop accepting legacy SHA1 signed cookies 2020-09-24 10:31:34 -07:00
Nick Meves 55a941b76e
Merge pull request #788 from blz-ea/patch-1 
docs: fix Keycloak provider documentation
 2020-09-23 09:54:40 -07:00
blz-ea 4a04ff4529
docs: fix Keycloak provider documentation 2020-09-22 20:13:00 -04:00
Nick Meves 8eb9c69a9a
Merge pull request #616 from stefansedich/group-claim 
Add support to ensure user belongs in required groups when using the OIDC provider
 2020-09-21 13:04:27 -07:00
Stefan Sedich 9d59519a96
Add support to ensure user belongs in required groups when using the OIDC provider 2020-09-21 10:43:54 -07:00
Joel Speed a87beab1a0
Merge pull request #764 from lentzi90/patch-1 
Document bcrypt encryption for htpasswd
 2020-09-11 14:26:03 +01:00
Lennart Jern e14d6ab791 Document bcrypt encryption for htpasswd 
Remove mention of (insecure) SHA option for encryption.
 2020-09-11 13:32:00 +03:00
Joel Speed ef08d01b98
Merge pull request #757 from ManoManoTech/doc/cookieSession 
Doc: cookie-secret is a mandatory field for cookie session
 2020-09-04 15:30:47 +01:00
Aurélien LAJOIE 0eb0024e87 Doc: cookie-secret is a mandatory field for cookie session 2020-09-04 16:20:41 +02:00
Joel Speed e4e5580852
Merge pull request #748 from oauth2-proxy/release-6.1.1 
Prepare CHANGELOG for v6.1.1 release
 2020-08-31 17:18:45 +01:00
Joel Speed 1337f56188
Prepare CHANGELOG for v6.1.1 release 2020-08-31 17:01:52 +01:00
Joel Speed 841bf77f7f
Merge pull request #746 from oauth2-proxy/fix-static 
Fix conversion of static responses in upstreams
 2020-08-31 16:58:55 +01:00
Joel Speed bd619ab63e
Fix conversion of file upstreams 2020-08-31 16:54:13 +01:00
Joel Speed b40517bbe3
Fix conversion of static responses in upstreams 2020-08-31 16:54:01 +01:00
Joel Speed 73f0094486
Merge pull request #729 from grnhse/x-forwarded-host-redirect 
Use X-Forwarded-Host in Redirects
 2020-08-31 16:48:20 +01:00
Nick Meves 29b24793e3
Use X-Forwarded-Host consistently 2020-08-31 08:31:45 -07:00
Tomoyuki KOYAMA bd5fab478d
fix docs: command line options (#744) 2020-08-29 09:26:24 +01:00
Joel Speed 37026b60ce
Merge pull request #741 from oauth2-proxy/release-6.1.0 
Prepare changelog for v6.1.0 release
 2020-08-27 15:15:24 +01:00
Joel Speed 43bf36425d
Prepare changelog for v6.1.0 release 2020-08-27 15:08:46 +01:00
Joel Speed 4134a9010e
Merge pull request #742 from oauth2-proxy/domain-log 
Only log no cookie match if cookie domains specified
 2020-08-27 15:01:32 +01:00
Joel Speed 105d5acb7b
Only log no cookie match if cookie domains specified 2020-08-27 14:48:00 +01:00
Dan Bond d7abd56981
dist.sh: remove go version from asset links (#733) 
* dist.sh: remove go version from asset links

* update changelog
 2020-08-25 08:41:14 -07:00
Joel Speed 5fa5b3186f
Merge pull request #562 from oauth2-proxy/auth-header-helper 
Create generic Authorization Header constructor
 2020-08-17 16:44:38 +01:00
Joel Speed d05e08cba3
Create generic Authorization Header constructor 2020-08-16 20:04:34 +01:00
Joel Speed 9a338d8a34
Merge pull request #715 from oauth2-proxy/session-nil-time 
Ensure session times are not nil before printing them
 2020-08-16 19:57:55 +01:00
Joel Speed 16a30002df
Ensure session times are not nil before printing them 2020-08-16 19:53:52 +01:00
Joel Speed aceb9e2762
Merge pull request #700 from grnhse/oidc-no-email-tokens 
Allow OIDC Bearer Tokens without emails
 2020-08-16 13:03:43 +01:00
Nick Meves 0645e19c24
Cleanup internalSession params & handle profileURL Bearer case better 
`findClaimsFromIDToken` would always have a `nil` access token and not be
able to hit the userinfo endpoint in Bearer case. If access token is nil,
default to legacy `session.Email = claim.Subject` that all JWT bearers used
to have, even if a valid profileURL is present.
 2020-08-14 13:31:38 -07:00
Nick Meves dcc75410a8
Handle claim finding differently in bearer vs standard IDTokens 2020-08-14 13:31:38 -07:00
Nick Meves 514db45d1a
Allow OIDC Bearer Tokens without emails 
This reverts to functionality before #499 where an OIDC
provider could be used with `--skip-jwt-bearer-tokens` and
tokens without an email or profileURL would still be valid.
This logic mirrors `middleware.createSessionStateFromBearerToken`
which used to be the universal logic before #499.
 2020-08-14 13:31:38 -07:00
Joel Speed 8515da3e91
Merge pull request #714 from grnhse/redis-sentinel-password 
Support Password & SentinelPassword in Redis session store
 2020-08-14 14:09:54 +01:00
Nick Meves 51a9062044
Support Password & SentinelPassword in Redis session store 2020-08-11 12:22:05 -07:00
Nick Meves 35ed7a313b
Merge pull request #719 from grnhse/gosec-x-oauth-basic-skip 
Add `x-oauth-basic` nosec annotation & address gosec unhandled errors
 2020-08-11 11:56:07 -07:00
Nick Meves b6e78efc1e
Add `x-oauth-basic` nosec annotation & address gosec unhandled errors 2020-08-10 15:15:16 -07:00
Phil Taprogge d69fd6af22
Allow Logging to stdout with separate Error Log Channel (#718) 
* Add dedicated error logging writer

* Document new errors to stdout flag

* Update changelog

* Thread-safe the log buffer

* Address feedback

* Remove duplication by adding log level

* Clean up error formatting

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-08-10 11:44:08 +01:00
Nick Meves 33e04cc52f
Merge pull request #690 from grnhse/gosec-findings-fixes 
Address gosec findings
 2020-08-09 08:24:37 -07:00
Nick Meves a1358d2070
Panic on any logger errors 
Any template errors instead of IO
errors are caught in validation.
 2020-08-09 07:55:41 -07:00
Nick Meves e88d29f16a
Refactor SignInMessage out of main 2020-08-09 07:55:41 -07:00
Nick Meves 46cc21d8cf
Skip gosec linting on tests 2020-08-09 07:55:41 -07:00
Nick Meves 45222395e0
Attempt to log still on template errors 2020-08-09 07:55:40 -07:00
Nick Meves 542bf1fad1
Add gosec to .golangci.yml 2020-08-09 07:55:40 -07:00
Nick Meves ad52587ae6
Document GoSec nosec skip comments 2020-08-09 07:55:40 -07:00
Nick Meves 2bb0160bf3
Streamline error page usage 2020-08-09 07:55:40 -07:00
Nick Meves 1c8c5b08d7
Handle cookie signing errors 2020-08-09 07:55:40 -07:00
Nick Meves 65c228394f
Address gosec findings 
Mostly handling unhandled errors appropriately.
If logging to STDERR fails, we panic. Added #nosec
comments to findings we are OK with.
 2020-08-09 07:55:39 -07:00
Joel Speed 7b21f53aad
Merge pull request #689 from grnhse/finicky-logging-time-test 
Fix time issue causing finicky failures in logging tests
 2020-08-07 08:32:17 +01:00
Nick Meves 81ec9edf53
Fix time issue causing finicky failures in logging tests 2020-08-06 15:44:05 -07:00
Nick Meves 0cf0fd88e8
Merge pull request #710 from ryandesign/patch-1 
Fix typos and other minor edits
 2020-08-04 07:58:53 -07:00
Ryan Schmidt 6e31eb28d5
Fix typos and other minor edits 2020-08-04 01:29:00 -05:00
Joel Speed bbf00bc92b
Merge pull request #701 from jhutchings1/patch-1 
Add pull request events to CodeQL action
 2020-07-29 12:23:08 +01:00