public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,528 Commits 29 Branches 41 Tags 50 MiB
Commit Graph

1528 Commits

Author SHA1 Message Date
Joel Speed 5b95ed3033
Add tests for upstream package 2020-07-05 10:21:05 +01:00
Joel Speed fa8e1ee033
Allow file server to handle windows filesystems 2020-07-05 10:21:05 +01:00
Joel Speed e1c3e938cc
Add upstream package with Proxy server implementation 2020-07-05 10:21:05 +01:00
Joel Speed b6b5194190
Add Upstreams options struct with validation 2020-07-05 10:21:05 +01:00
Joel Speed fb1bef2757
Merge pull request #576 from oauth2-proxy/cookie-validation 
Separate Cookie validation
 2020-07-05 09:35:19 +01:00
Joel Speed 3e13f3197f
Ensure that cookie names over 256 characters are rejected by validation 2020-07-05 09:18:48 +01:00
Joel Speed eb933cc3f4
Add changelog entry for cookie validation separation 2020-07-05 09:18:45 +01:00
Joel Speed 211fd3a010
Rename CookieOptions to Cookie 2020-07-05 09:18:21 +01:00
Joel Speed 285c65a2d4
Add tests for cookie validation 
This also removes the check for the decoded from the valid secret size
check. The code was unreachable because encryption.SecretBytes will only
return the decoded secret if it was the right length after decoding.
 2020-07-05 09:17:28 +01:00
Joel Speed 900061b88a
Move CookieOptions validation to it's own file 2020-07-05 09:17:28 +01:00
Joel Speed b3ba2594c6
Create Cookie FlagSet and Defaults 2020-07-05 09:17:28 +01:00
Nick Meves 016f4aa276
Merge pull request #656 from grnhse/cookie-splitting-precision 
Split cookies more precisely at 4096 bytes
 2020-07-04 11:15:07 -07:00
Nick Meves 48a2aaadc1
Count complete cookie content in byte splitting 2020-07-03 23:41:08 -07:00
Nick Meves c6f1daba2f
Split cookies more precisely at 4096 bytes 2020-07-03 20:38:04 -07:00
Joel Speed c4cf15f3e1
Merge pull request #619 from oauth2-proxy/https-redirect-middleware 
Improve Redirect to HTTPs behaviour
 2020-07-03 17:25:24 +01:00
Joel Speed 1c1106721e
Move RedirectToHTTPS to middleware package 
Moves the logic for redirecting to HTTPs to a middleware package and adds tests for this logic.
Also makes the functionality more useful, previously it always redirected to the HTTPS address of the proxy, which may not have been intended, now it will redirect based on if a port is provided in the URL (assume public facing 80 to 443 or 4180 to 8443 for example)
 2020-07-03 17:19:09 +01:00
Joel Speed 39c01d5930
Merge pull request #654 from oauth2-proxy/redis-test-client-close 
Close client connections after each redis test
 2020-07-03 16:43:42 +01:00
Joel Speed 5c8a66bcc9
Close client connections after each redis test 2020-07-03 16:24:47 +01:00
k-wall b0375e85fa
Fix #635: Support specifying alternative provider TLS trust source(s) (#645) 
* Fix #635: Support specifying alternative provider TLS trust source(s)

* Update pkg/apis/options/options.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/validation/options.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Address review comments

* upd CHANGELOG.md

* refactor test to assert textual subjects + add openssl gen cmd

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-07-03 16:09:17 +01:00
Joel Speed 390d479d28
Update CODEOWNERS to request review from reviewers team (#613) 
This means that we can keep the list of reviewers up to date based on team membership, rather than this file. Will make it easier to add and remove people going forward
 2020-07-02 21:09:55 +01:00
Joel Speed 4313553122
Merge pull request #542 from oauth2-proxy/refactor-session-tests 
Move SessionStore tests to independent package
 2020-07-01 23:00:23 +01:00
Joel Speed 34137f7305
Move SessionStore tests to independent package 2020-07-01 06:41:35 +01:00
Joel Speed d9a45a3b47
Merge pull request #577 from oauth2-proxy/session-store-cipher 
Move Cipher and Session Store initialisation out of Validation
 2020-06-28 18:29:48 +01:00
Joel Speed 6e1b3b9660
Switch to in session store initialisation 2020-06-28 12:50:55 +01:00
Joel Speed 778463906a
Update changelog for session storage initialisation move 2020-06-28 12:32:06 +01:00
Joel Speed 5ce9e75c21
Initialise Session Storage in NewOAuthProxy instead of validation 2020-06-28 12:32:06 +01:00
Joel Speed c8dbf1cf60
Move Cipher intialisation to session store initialisation 2020-06-28 12:03:03 +01:00
Joel Speed d9af3ffc5e
Merge pull request #641 from oauth2-proxy/release-v6.0.0 
Update changelog ready for release v6.0.0
 2020-06-27 16:09:26 +01:00
Joel Speed 6b43b41638
Fix tests broken by security advisory 2020-06-27 12:41:46 +01:00
Joel Speed 25154ede41
Update changelog ready for release v6.0.0 2020-06-27 12:10:27 +01:00
Joel Speed ee5662e0f5
Merge pull request from GHSA-5m6c-jp6f-2vcv 
* Add more Open Redirect test cases

* Add whitelisted domain to test

* Add more test cases

* Improve invalid redirect regex
 2020-06-27 12:07:24 +01:00
İlteriş Eroğlu 1b6c54cae1
Change how gitlab-group is parsed on options (#639) 
* Changed how gitlab-group is parsed, from string to []string

See #637

* Point out that gitlab-group can be a list

See #637

* Reflect to the []string change on pkg/apis/options/options.go

See #637

* Move cfg option gitlab_group to gitlab_groups

See #637

* Renamed Group to Groups

See #637

* Reflect the change on gitlab.go as well

See #637

* Added #639

* Added the author of #639 to the CHANGELOG

* Add the gitlab_groups env change to CHANGELOG.md

See #639

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-06-26 23:26:07 +01:00
Joel Speed daedbbd353
Merge pull request #615 from EvgeniGordeev/helm-example 
helm kubernetes example based on kind cluster and nginx ingress
 2020-06-26 19:06:50 +01:00
Evgeni Gordeev 054979978f Merge remote-tracking branch 'upstream/master' into helm-example 
# Conflicts:
#	CHANGELOG.md
 2020-06-25 15:24:00 -05:00
Joel Speed 3686b0b442
Merge pull request #596 from grnhse/extra-jwt-token-session 
Verify main vs extra JWT bearers differently
 2020-06-25 19:16:49 +01:00
Evgeni Gordeev 88a8a70537 update k8s manifest 2020-06-19 22:33:40 -05:00
Evgeni Gordeev 8bec67beb7 code review comments 2020-06-19 22:27:36 -05:00
Evgeni Gordeev e8fce0b14d Merge remote-tracking branch 'upstream/master' into helm-example 
# Conflicts:
#	CHANGELOG.md
 2020-06-19 22:25:14 -05:00
Nick Meves a3eef1709a
Improve default CreateSessionStateFromBearerToken tests 2020-06-19 11:48:23 -07:00
Nick Meves c2c1caa404
Set User = Subject in ExtraJWTBearer sessions 2020-06-19 11:48:23 -07:00
Nick Meves 788d8ecc1b
Verify main v extra JWT bearers differently 
When using the configured provider JWT Verifier, it makes
sense to use the provider `CreateSessionStateFromBearerToken`
method. For any extra JWT Issuers, they should use a generic
default verifier.
 2020-06-19 11:47:36 -07:00
Joel Speed 5817028bb1
Merge pull request #597 from oauth2-proxy/no-log-empty-redirect 
Don't log invalid redirect if redirect is empty
 2020-06-19 19:40:48 +01:00
Joel Speed dc756b9de3
Don't log invalid redirect if redirect is empty 2020-06-19 18:17:05 +01:00
Joel Speed 713c3927a9
Merge pull request #620 from oauth2-proxy/healthcheck-middleware 
Add HealthCheck middleware
 2020-06-19 18:15:36 +01:00
Evgeni Gordeev 84360114e2 polish 2020-06-17 19:18:52 -05:00
Evgeni Gordeev fa7855a99d get rid of test-connection pods for hello-world and httpbin 2020-06-16 16:59:56 -05:00
Evgeni Gordeev c85e5297b5 * some polish 2020-06-16 16:47:10 -05:00
Evgeni Gordeev 11c033e2c8 * move httpbin and hello-world charts outside. 
* expose kind to 443 port
* make helm optional
* rename folder to kubernetes
 2020-06-16 16:39:11 -05:00
Evgeni Gordeev 9a495e996b Merge remote-tracking branch 'upstream/master' into helm-example 
# Conflicts:
#	CHANGELOG.md
 2020-06-16 16:38:01 -05:00
Joel Speed ba3e40ab1c
Add changelog entry for healthcheck middleware 2020-06-14 21:06:14 +01:00