public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,634 Commits 30 Branches 42 Tags 51 MiB
Commit Graph

316 Commits

Author SHA1 Message Date
Kevin Kreitner b734de16e6
Refactor refreshSession method to reduce number of return 2021-12-03 23:07:40 +00:00
Kevin Kreitner 2781ea1c95
Try to wait for lock, when obtaining lock failed 2021-12-03 23:07:40 +00:00
Kevin Kreitner 360c753d6f
Remove unnecessary err variable definition 2021-12-03 23:07:39 +00:00
Kevin Kreitner 0cb8d23222
Simplify for loop for waiting for lock 2021-12-03 23:07:38 +00:00
Kevin Kreitner d9e0933e54
Move validateSession back into refreshSessionIfNeeded 2021-12-03 23:06:46 +00:00
Kevin Kreitner ad8ce2f6a4
Add concurrent requests tests 2021-12-03 23:06:45 +00:00
Kevin Kreitner c5ea345daf
Add tests, which consider session lock 2021-12-03 23:06:44 +00:00
Kevin Kreitner fca2d76f33
Fix tests for stored_session.go in middleware 2021-12-03 23:06:43 +00:00
Kevin Kreitner d8663a19a9
Remove unnecessary log output 2021-12-03 23:06:42 +00:00
Kevin Kreitner a8de9862cd
Update logger message 2021-12-03 23:06:41 +00:00
Kevin Kreitner 88ab07930e
Update update session from store 2021-12-03 23:06:41 +00:00
Kevin Kreitner ccd7a91b2b
Add more specific error when updating from store 2021-12-03 23:06:40 +00:00
Kevin Kreitner c6d8cd1ea4
Remove one return statement in getValidatedSession 2021-12-03 23:06:39 +00:00
Kevin Kreitner 86ba2f41ce
Refactor StoredSessionHandler 2021-12-03 23:06:38 +00:00
Kevin Kreitner 518e619289
Move session locking to refreshSessionIfNeeded method 2021-12-03 23:06:37 +00:00
Kevin Kreitner 76e3cb3e9a
Use const for delay and expire time 2021-12-03 23:06:36 +00:00
Kevin Kreitner 0f545e14d4
Lock session state when refreshing 2021-12-03 23:06:35 +00:00
Kevin Kreitner 58b9f0633a
Remove sensitive logging changes 2021-12-03 23:06:34 +00:00
Kevin Kreitner a4ad6bccfb
Fix default value flag for sensitive logging 2021-12-03 23:06:33 +00:00
Kevin Kreitner 6b50a55668
Add sensible logging flag to default setup for logger 2021-12-03 23:06:30 +00:00
Hiroyuki Wada 7eb3a4fbd5 Improve TLS handling for Redis to support non-standalone mode with TLS 2021-10-19 20:04:49 +09:00
Maciej Strzelecki b49e62f9b2
Initalize TLS.Config when connecting to Redis with TLS (#1296) 
* init TLS.Config when connecting to Redis with TLS

* don't overwrite TLS config if it exists

* add tests for Redis with TLS

* remove hardcoded certs

* add GenerateCert func

* use GenerateCert util func

* fix issue reported by go fmt

* limit return statements in GenerateCert
 2021-10-19 09:17:42 +01:00
Joel Speed d8deaa124b
Improve error message when no cookie is found 2021-10-13 19:08:11 +01:00
Luka Zakrajšek d3e036d619 Add force-json-errors flag 2021-10-05 11:24:47 +02:00
Matt Lilley 3957183fd5
Use the httputil.NewSingleHostReverseProxy instead of yhat/wsutil for … (#1348) 
* Use the httputil.NewSingleHostReverseProxy instad of yhat/wsutil for websocket proxying. This correctly handles 404 responses with keep-alive by terminating the tunnel rather than keeping it alive

* Tidy up dependencies - yhat/wsutil is no longer required

* Update changelog to include reference to 1348

Co-authored-by: Matt Lilley <matt.lilley@securitease.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-10-03 15:38:40 +01:00
Nick Meves c84a5a418f Adjust GitLab options configuration 2021-09-25 16:48:48 -07:00
Fabian Stelzer 88f32aeaa1
rename Upstreams to UpstreamConfig and its Configs member to Upstreams then 2021-09-17 12:37:57 +00:00
Fabian Stelzer 662fa72e8c
Add ProxyRawPath tests 
Refactor proxy_test to set mux/upstream options for each test
individually and add tests for encoded urls with ProxyRawPath set and
unset.
 2021-09-17 12:37:56 +00:00
Fabian Stelzer d51556515e
Introduce ProxyRawPath flag 
Setting this flag will configure the upstream proxy to pass encoded urls
as-is.
 2021-09-17 12:37:56 +00:00
Fabian Stelzer 12ab4ef529
Make the Upstreams mux configurable 
This commit changes Upstreams from []Upstream to a struct{}
moving the previous []Upstream into .Configs and adjusts all uses of it.
 2021-09-17 12:31:18 +00:00
Hedi Harzallah ccbb98acd9
fix(1356): test if session variable is null (#1357) 
* fix(1356): test if session variable is null

* fix(1356): adding changelog

Co-authored-by: Hedi Harzallah <hharzalla@talend.com>
 2021-09-09 12:12:29 +01:00
Miks Kalnins 54d44ccb8f
Allow specifying URL as input for custom sign in logo (#1330) 
* Allow specifying URL as input for custom logos

* Fix typo

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update changelog

* Only allow HTTPS URLs

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nicholas.meves@gmail.com>
 2021-09-05 09:23:22 -07:00
Philippe 7cf3065111
Changing user field type to text (#1337) 
* Changing user field type to text

* Updated changelog

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-08-29 12:39:02 +01:00
Jordie 42c16efa38
Fixed .CustomLogin </form> tag placement for login page (#1317) 
* Fixed .CustomLogin </form> tag placement for login page

* Update changelog (gh-1317)
 2021-08-11 15:57:40 +01:00
Peter Braun e6223383e5 update keycloak oidc provider and add unit tests 2021-08-02 11:39:50 +02:00
Nick Meves ab54de38cc Extract roles from Keycloak Access Tokens 2021-07-30 09:46:13 +02:00
Nick Meves 4c0beb373f Add keycloak-oidc provider based on OIDCProvider 2021-07-30 09:46:13 +02:00
JVecsei 8967873659
Updated dependency versions which include CVE fixes (#1276) 
* switched to github.com/golang-jwt/jwt and updated golang.org/x/crypto to include CVE fixes

* added #1276 to changelog

Co-authored-by: Joshua Vécsei <git@vecsei.me>
 2021-07-29 17:45:41 +01:00
wyewata a35db2ae8a
Fix expected error messages (#1269) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2021-07-28 19:56:23 +01:00
Nick Meves 0b4bc36554
Upgrade go-oidc to v3 (#1264) 2021-07-17 09:55:05 -07:00
wassan128 777556c97e Fix typo s/commmon/common/ 2021-07-08 21:29:43 +09:00
Nick Meves 1faa5c47ce Remove finicky encryption test 
AES-CFB is unauthenticated, in rare circumstances it won't error on
AES-GCM encrypted payloads
 2021-07-01 19:03:01 -07:00
Joel Speed 075cb9c3a0
Ensure upstreams are sorted by longest first 2021-06-23 12:20:48 +01:00
Joel Speed 8a06779d41
Redirect request if it would match with an appended trailing slash 2021-06-23 12:20:47 +01:00
Joel Speed 6c62b25bf1
Allow request paths to be rewritten before proxying to upstream server 2021-06-23 12:20:46 +01:00
Joel Speed d2d62bb452
Replace standard serve mux with gorilla mux 2021-06-23 12:20:21 +01:00
Nick Meves ff914d7e17 Use `ErrNotImplemented` in default refresh implementation 2021-06-22 17:04:42 -07:00
Nick Meves baf6cf3816 Remove mutex from local Clock instances 
They will only be used in tests, but it doesn't play
nice with copy operations many tests use. The linter was
not happy. While the global clock needs mutexes for parallelism,
local Clocks only used it for Set/Add and didn't even use the
mutex for actual time functions.
 2021-06-22 17:04:42 -07:00
Nick Meves d91c3f867d Remove validation for invalid legacy v6.0.0 sessions 
The reflect.DeepCopy doesn't play nice with the new Lock and Clock
fields in sessions. And it added unneeded session deserialization
logic to every request.
 2021-06-22 17:04:42 -07:00
Nick Meves 593125152d Standarize provider refresh implemention & logging 2021-06-22 17:04:30 -07:00