ef457b1765
Move Error page rendering to app package
2021-02-12 21:12:05 +00:00
0151ca11f6
Move template loading to app package
2021-02-12 16:55:52 +00:00
84f76c6060
Move template options to their own struct
2021-02-12 16:55:51 +00:00
801edeba23
Update templates to bulma framework
2021-02-12 16:55:45 +00:00
780ae4f3c9
Merge pull request from GHSA-4mf2-f3wh-gvf2
2021-02-01 18:04:33 +00:00
da02914a9c
Log IsValidRedirect violations and do a final safety call
2021-01-16 13:56:38 -08:00
fa6a785eaf
Improve handler vs helper organization in oauthproxy.go
...
Additionally, convert a lot of helper methods to be private
2021-01-16 13:55:49 -08:00
73fc7706bc
Figure out final app redirect URL with proxy aware request utils
2021-01-16 13:55:49 -08:00
b625de9490
Track the ReverseProxy option in the request Scope
...
This allows for proper handling of reverse proxy based headers throughout
the lifecycle of a request.
2021-01-16 13:55:48 -08:00
81bf1ef8ce
Adapt isAjax to support mimetype lists
...
Fixes #988
2021-01-12 19:37:30 +01:00
1d74a51cd7
Use X-Forwarded-{Proto,Host,Uri} on redirect as last resort ( #957 )
2021-01-01 15:23:11 -08:00
753f6c548a
Add a detailed allowed_groups example to Important Notes
2020-12-24 12:05:12 -08:00
65e15f24c1
Support only allowed_groups querystring
2020-12-24 12:05:12 -08:00
025056cba0
Move AuthOnly authorize logic to a dedicated method
2020-12-24 12:05:11 -08:00
44d83e5f95
Use StatusForbidden to prevent infinite redirects
2020-12-24 12:04:01 -08:00
23b2355f85
Allow group authZ in AuthOnly endpoint via Querystring
2020-12-24 12:04:01 -08:00
22f60e9b63
Generalize and extend default CreateSessionFromToken
2020-11-28 10:25:12 -08:00
3e9717d489
Decouple TokenToSession from OIDC & add a generic VerifyFunc
2020-11-28 10:25:11 -08:00
e9f787957e
Standardize provider interface method names
2020-11-28 10:25:11 -08:00
2549b722d3
Add User & Groups to Userinfo
2020-11-25 18:19:48 -08:00
b9661cb6fe
Return 401 Unauthorized if Authorize fails
2020-11-12 11:18:59 -08:00
f21b3b8b20
Authorize in Redeem callback flow
2020-11-12 11:18:59 -08:00
1b3b00443a
Streamline ErrMissingCode in provider Redeem methods
2020-11-12 11:18:59 -08:00
eb58ea2ed9
Move AllowedGroups to DefaultProvider for default Authorize usage
2020-11-12 11:18:15 -08:00
e7ac793044
Replace ValidateGroup with Authorize for Provider
2020-11-12 11:17:06 -08:00
cc6532a282
Use display-htpasswd-form flag ( #778 )
...
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-11-08 18:48:01 +00:00
8059a812cd
Integrate new header injectors with OAuth2 Proxy
2020-11-07 17:16:58 +00:00
d9c141ae7c
Remove GetUserName method from Provider
2020-10-19 14:09:46 -07:00
2b9e1bbba0
Add EnrichSessionState as main post-Redeem session updater
2020-10-19 14:09:45 -07:00
0bd8eb3191
Setup provider.ErrNotImplemented sentinel error
2020-10-19 14:09:02 -07:00
add45c360c
Split session enrichment from code redemption
2020-10-19 14:09:02 -07:00
b7b7ade7c4
Improve AllowedRoute test table formatting
2020-10-07 10:13:41 -07:00
89a8ac8c1f
Add startup logging for skipped auth routes
2020-10-07 10:13:41 -07:00
cfd3de807c
Add tests for skip auth functionality
2020-10-07 10:13:41 -07:00
183cb124a4
Support HTTP method based allowlists
2020-10-07 10:13:40 -07:00
3fa42edb73
Fix import path for v7 ( #800 )
...
* fix import path for v7
find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'
* fix module path
* go mod tidy
* fix installation docs
* update CHANGELOG
* Update CHANGELOG.md
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-09-29 17:44:42 +01:00
e0d915cc03
Stop shadowing GetEmailAddress errors in redeemCode
2020-09-24 10:50:18 -07:00
3371284a36
Remove GetPreferredUsername method from Provider interface
...
It isn't used in any providers and we have future plans
to remove the specialness of PreferredUsername and make it
an optional field in the session.
User, Email & Groups will eventually be the only first class
fields on the session that are always set.
2020-09-24 10:49:50 -07:00
9d59519a96
Add support to ensure user belongs in required groups when using the OIDC provider
2020-09-21 10:43:54 -07:00
29b24793e3
Use X-Forwarded-Host consistently
2020-08-31 08:31:45 -07:00
d69fd6af22
Allow Logging to stdout with separate Error Log Channel ( #718 )
...
* Add dedicated error logging writer
* Document new errors to stdout flag
* Update changelog
* Thread-safe the log buffer
* Address feedback
* Remove duplication by adding log level
* Clean up error formatting
* Apply suggestions from code review
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-08-10 11:44:08 +01:00
e88d29f16a
Refactor SignInMessage out of main
2020-08-09 07:55:41 -07:00
45222395e0
Attempt to log still on template errors
2020-08-09 07:55:40 -07:00
ad52587ae6
Document GoSec nosec skip comments
2020-08-09 07:55:40 -07:00
2bb0160bf3
Streamline error page usage
2020-08-09 07:55:40 -07:00
65c228394f
Address gosec findings
...
Mostly handling unhandled errors appropriately.
If logging to STDERR fails, we panic. Added #nosec
comments to findings we are OK with.
2020-08-09 07:55:39 -07:00
88ef888752
Preserve query when building redirect (fix for #695 ) ( #696 )
...
* Add test for GetRedirect to check query and fragments.
* Preserve query and fragment when building redirect.
* Add changelog entry for redirect fix
2020-07-21 16:38:13 +01:00
eb234011eb
Integrate sessions middlewares
2020-07-19 17:24:12 +01:00
5dbcd73722
Configure OAuth2 Proxy to use new upstreams package and LegacyConfig
2020-07-19 08:17:53 +01:00
2981a5ed1a
Integrate HTPasswdValidator into OAuth2 Proxy
2020-07-18 11:01:49 +01:00
Joel Speed
Nick Meves
Nikolai Prokoschenko
İlteriş Eroğlu
ofir-amir
Mitsuo Heijo
Stefan Sedich
Phil Taprogge
Andy Voltz