* fix: upstream licensing issue by adopting hmacauth library and changing asserting library for its test cases
Signed-off-by: Jan Larwig <jan@larwig.com>
* fix: golang code quality and linting issues for hmacauth
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
* add new docs version 7.13.x
* update to release version v7.13.0
* doc: add release notes v7.13.0
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add check for constraints to the proxy endpoint
* Add tests for allowed_groups query string
* Add this feature to the changelog
* Apply suggestions from code review
Co-authored-by: Jan Larwig <jan@larwig.com>
* Use explicit key names in TestProxyAllowedGroups
* Document the query parameters on proxy endpoint
* Comment was copied from the AuthOnly handler but on closer inspection is not relevant here
replacing comment with one more relevant
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
The package under pkg/clock is github.com/benbjohnson/clock, which is
archived. It's also way more complex than is what is actually needed
here, so we can entirely remove the dependency and remove the helper
package.
Fixes#2840.
Signed-off-by: David Symonds <dsymonds@gmail.com>
Since Go 1.21 the go toolchain validates strictly the "go" version
directive in go.mod, and downloads and uses the requested toolchain if
necessary. See https://go.dev/doc/toolchain
So we can just run "go list" to tell the Go toolchain to validate our
build environment according to go.mod.
To extract the "go" directive version from go.mod (used to select the
Docker build image) we also use "go list".
* docs: clarify ingress-nginx integration and remove Lua block example for oauth2-proxy
This PR revises the integration guide for oauth2-proxy with ingress-nginx in Kubernetes:
Recommends the minimal configuration: just auth-url and auth-signin annotations.
Removes the Lua block example, as it did not work in practice despite following nginx documentation and extensive testing.
Clearly states that the official ingress-nginx external auth example is the recommended approach for most users.
Notes that advanced Lua/cookie handling is only needed for rare, advanced scenarios.
Signed-off-by: Jan Larwig <jan@larwig.com>
* doc: update 3 latest docs versions
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* fix: use GetSecret() in ticket.go makeCookie
The makeCookie method in ticket.go was using t.options.Secret directly, which
meant cookie-secret-file was not being respected. Updated to use GetSecret()
which handles both cookie-secret and cookie-secret-file properly.
Also added test coverage for cookie-secret-file functionality.
Fixes#3224
Signed-off-by: stagswtf <142280349+stagswtf@users.noreply.github.com>
* docs: update CHANGELOG.md for cookie-secret-file fix
Signed-off-by: stagswtf <142280349+stagswtf@users.noreply.github.com>
* correct PR link and undo file formatting
Signed-off-by: stagswtf <142280349+stagswtf@users.noreply.github.com>
* fix: error wrapping
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: stagswtf <142280349+stagswtf@users.noreply.github.com>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* fix: SourceHut documentation
- Add it to sidebar and provider index
- Fix broken link
This fixes an oversight in #2359, where I had not fully understood how
the documentation works.
Signed-off-by: Conrad Hoffmann <ch@bitfehler.net>
* fix: doc build instructions in docs/README.md
---------
Signed-off-by: Conrad Hoffmann <ch@bitfehler.net>
* bugfix: Gitaa team membership
Gitea doesn't properly fill in all the fields like GitHub,
so implement a series of fallbacks.
Signed-off-by: magic_rb <magic_rb@redalder.org>
* add changelog, documentation and fix groups list
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: magic_rb <magic_rb@redalder.org>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add sensible logging flag to default setup for logger
* Fix default value flag for sensitive logging
* Remove sensitive logging changes
* Add Cidaas provider
* Update CHANGELOG.md
* Add required groups scope to defaults
* Fix tests
* Remove if block with protected resource
* Fix linting
* Adjust provider sorting, fixes
* Directly handle error return
Co-authored-by: Jan Larwig <jan@larwig.com>
* Use less deep nesting
Co-authored-by: Jan Larwig <jan@larwig.com>
* Directly handle returned error
Co-authored-by: Jan Larwig <jan@larwig.com>
* Pass provider options to Cidaas provider
Co-authored-by: Jan Larwig <jan@larwig.com>
* Add import for provider options
* Fix tests
* Fix linting
* Add Cidaas doc page
* Add Cidaas provider doc page to overview
* Fix link in docs
* Fix link in docs
* Add link to Cidaas
* fix provider order in docs and changelog position
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Teko012 <112829523+Teko012@users.noreply.github.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Kevin Kreitner <kevinkreitner@gmail.com>
* add new docs version 7.11.x
* update to release version v7.11.0
* add changelog entry for v7.11.0
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* feat: add feature support for cookie-secret-file
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-Authored-By: Sandy Chen <Yuxuan.Chen@morganstanley.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* Perform a regex replace of $NUM to $$NUM before running envsubst
* Perform a regex replace of $NUM to $$NUM before running envsubst
* add test case; fix linter warnings; add method documentation
Signed-off-by: Jan Larwig <jan@larwig.com>
* add changelog entry
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
* feat: Allow use more possible google admin-sdk api scopes.
* reduce cognitive complexity
Signed-off-by: Bob Du <i@bobdu.cc>
* remove unnecessary else block / indentation
Signed-off-by: Jan Larwig <jan@larwig.com>
* add changelog entry
Signed-off-by: Jan Larwig <jan@larwig.com>
* slight formatting and error message rephrasing
Signed-off-by: Jan Larwig <jan@larwig.com>
---------
Signed-off-by: Bob Du <i@bobdu.cc>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
renovate[bot]
fossabot
Jan Larwig
github-actions[bot]
Jacob Alberty
Michi Gysel
Drew Foehn
David Symonds
Olivier Mengué
Schmitt Paul
Vincent Privat
stagswtf
Richard Ahlquist
Conrad Hoffmann
Richard Brežák
jet
Kevin Kreitner
Theron Boerner
nobletrout
Sourav Agrawal
Michael Cornel
Sandy Chen
Ashkan Daie
Bob Du