sinjuginas/oauth2-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,451 Commits 1 Branch 0 Tags
Commit Graph

267 Commits

Author SHA1 Message Date
Stefan Sedich
220b3708fc
Add support for setting groups on session when using basic auth (#1064) 
* Add support for setting groups on session when using basic auth

* Refactoring based on feedback

* Attribution
 2021-02-25 13:02:23 -08:00
Joel Speed
23e545a639
Add option for custom logos on the sign in page 2021-02-19 13:23:55 +00:00
Joel Speed
9cea4ea89b
Update golangci-lint version in CI workflow 2021-02-17 20:25:37 +00:00
Sean Jones
a7c8a233ba
Add Prometheus metrics endpoint 
Add the Prometheus http.Handler to serve metrics at MetricsPath ("/metrics"
by default). This allows Prometheus to scrape metrics from OAuth2 Proxy.

Add a new middleware NewRequestMetrics and attach it to the preAuth
chain. This will collect metrics on all requests made to OAuth2 Proxy

Collapse some calls to Prinf() and os.Exit(1) to Fatalf as they are
equivalent. main() has a strict 50 lines limit so brevity in these
calls appreciated
 2021-02-15 13:45:26 +00:00
Joel Speed
225ff478a1
Move all pagewriter related code to dedicated pagewriter package 2021-02-14 10:21:13 +00:00
Joel Speed
e8e2af73df
Wrap templates and page rendering in PageWriter interface 2021-02-14 10:20:26 +00:00
Joel Speed
dba6989054
Move SignIn page rendering to app pkg 2021-02-13 11:35:38 +00:00
Joel Speed
6ecbc7bc4e
Allow users to choose detailed error messages on error pages 2021-02-12 21:12:28 +00:00
Joel Speed
a63ed0225c
Use ErrorPage to render proxy error page 2021-02-12 21:12:27 +00:00
Joel Speed
ef457b1765
Move Error page rendering to app package 2021-02-12 21:12:05 +00:00
Joel Speed
0151ca11f6
Move template loading to app package 2021-02-12 16:55:52 +00:00
Joel Speed
84f76c6060
Move template options to their own struct 2021-02-12 16:55:51 +00:00
Joel Speed
801edeba23
Update templates to bulma framework 2021-02-12 16:55:45 +00:00
Nick Meves
780ae4f3c9
Merge pull request from GHSA-4mf2-f3wh-gvf2 2021-02-01 18:04:33 +00:00
Nick Meves
da02914a9c
Log IsValidRedirect violations and do a final safety call 2021-01-16 13:56:38 -08:00
Nick Meves
fa6a785eaf
Improve handler vs helper organization in oauthproxy.go 
Additionally, convert a lot of helper methods to be private
 2021-01-16 13:55:49 -08:00
Nick Meves
73fc7706bc
Figure out final app redirect URL with proxy aware request utils 2021-01-16 13:55:49 -08:00
Nick Meves
b625de9490
Track the ReverseProxy option in the request Scope 
This allows for proper handling of reverse proxy based headers throughout
the lifecycle of a request.
 2021-01-16 13:55:48 -08:00
Nikolai Prokoschenko
81bf1ef8ce Adapt isAjax to support mimetype lists 
Fixes #988
 2021-01-12 19:37:30 +01:00
İlteriş Eroğlu
1d74a51cd7
Use X-Forwarded-{Proto,Host,Uri} on redirect as last resort (#957) 2021-01-01 15:23:11 -08:00
Nick Meves
753f6c548a
Add a detailed allowed_groups example to Important Notes 2020-12-24 12:05:12 -08:00
Nick Meves
65e15f24c1
Support only allowed_groups querystring 2020-12-24 12:05:12 -08:00
Nick Meves
025056cba0
Move AuthOnly authorize logic to a dedicated method 2020-12-24 12:05:11 -08:00
Nick Meves
44d83e5f95
Use StatusForbidden to prevent infinite redirects 2020-12-24 12:04:01 -08:00
Nick Meves
23b2355f85
Allow group authZ in AuthOnly endpoint via Querystring 2020-12-24 12:04:01 -08:00
Nick Meves
22f60e9b63
Generalize and extend default CreateSessionFromToken 2020-11-28 10:25:12 -08:00
Nick Meves
3e9717d489
Decouple TokenToSession from OIDC & add a generic VerifyFunc 2020-11-28 10:25:11 -08:00
Nick Meves
e9f787957e
Standardize provider interface method names 2020-11-28 10:25:11 -08:00
Nick Meves
2549b722d3
Add User & Groups to Userinfo 2020-11-25 18:19:48 -08:00
Nick Meves
b9661cb6fe
Return 401 Unauthorized if Authorize fails 2020-11-12 11:18:59 -08:00
Nick Meves
f21b3b8b20
Authorize in Redeem callback flow 2020-11-12 11:18:59 -08:00
Nick Meves
1b3b00443a
Streamline ErrMissingCode in provider Redeem methods 2020-11-12 11:18:59 -08:00
Nick Meves
eb58ea2ed9
Move AllowedGroups to DefaultProvider for default Authorize usage 2020-11-12 11:18:15 -08:00
Nick Meves
e7ac793044
Replace ValidateGroup with Authorize for Provider 2020-11-12 11:17:06 -08:00
ofir-amir
cc6532a282
Use display-htpasswd-form flag (#778) 
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-11-08 18:48:01 +00:00
Joel Speed
8059a812cd
Integrate new header injectors with OAuth2 Proxy 2020-11-07 17:16:58 +00:00
Nick Meves
d9c141ae7c
Remove GetUserName method from Provider 2020-10-19 14:09:46 -07:00
Nick Meves
2b9e1bbba0
Add EnrichSessionState as main post-Redeem session updater 2020-10-19 14:09:45 -07:00
Nick Meves
0bd8eb3191
Setup provider.ErrNotImplemented sentinel error 2020-10-19 14:09:02 -07:00
Nick Meves
add45c360c
Split session enrichment from code redemption 2020-10-19 14:09:02 -07:00
Nick Meves
b7b7ade7c4
Improve AllowedRoute test table formatting 2020-10-07 10:13:41 -07:00
Nick Meves
89a8ac8c1f
Add startup logging for skipped auth routes 2020-10-07 10:13:41 -07:00
Nick Meves
cfd3de807c
Add tests for skip auth functionality 2020-10-07 10:13:41 -07:00
Nick Meves
183cb124a4
Support HTTP method based allowlists 2020-10-07 10:13:40 -07:00
Mitsuo Heijo
3fa42edb73
Fix import path for v7 (#800) 
* fix import path for v7

find ./ -name "*.go" | xargs sed -i -e 's|"github.com/oauth2-proxy/oauth2-proxy|"github.com/oauth2-proxy/oauth2-proxy/v7|'

* fix module path

* go mod tidy

* fix installation docs

* update CHANGELOG

* Update CHANGELOG.md

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-09-29 17:44:42 +01:00
Nick Meves
e0d915cc03
Stop shadowing GetEmailAddress errors in redeemCode 2020-09-24 10:50:18 -07:00
Nick Meves
3371284a36
Remove GetPreferredUsername method from Provider interface 
It isn't used in any providers and we have future plans
to remove the specialness of PreferredUsername and make it
an optional field in the session.

User, Email & Groups will eventually be the only first class
fields on the session that are always set.
 2020-09-24 10:49:50 -07:00
Stefan Sedich
9d59519a96
Add support to ensure user belongs in required groups when using the OIDC provider 2020-09-21 10:43:54 -07:00
Nick Meves
29b24793e3
Use X-Forwarded-Host consistently 2020-08-31 08:31:45 -07:00
Phil Taprogge
d69fd6af22
Allow Logging to stdout with separate Error Log Channel (#718) 
* Add dedicated error logging writer

* Document new errors to stdout flag

* Update changelog

* Thread-safe the log buffer

* Address feedback

* Remove duplication by adding log level

* Clean up error formatting

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
 2020-08-10 11:44:08 +01:00