Commit Graph

1764 Commits

Author SHA1 Message Date
Joel Speed
2c21b2830d
Update changelog for v7.4.0 release 2022-10-29 13:19:48 +01:00
Joel Speed
4993a5ac8b
Merge pull request #1862 from oauth2-proxy/update-deps
Update dependencies
2022-10-29 12:57:15 +01:00
Joel Speed
d4e3bf4df0
Update changelog 2022-10-29 12:49:54 +01:00
Joel Speed
4a2cf153cf
Fixup update session state handling 2022-10-29 12:49:53 +01:00
Joel Speed
0586a9e072
Update middleware tests 2022-10-29 12:49:52 +01:00
Joel Speed
b333ef89bc
Update providers tests 2022-10-29 12:49:51 +01:00
Joel Speed
7034f0db53
Do not update viper
This breaks our deafult structures tests
2022-10-29 12:49:50 +01:00
Joel Speed
5dfefb6d9b
Update session state handling 2022-10-29 12:49:49 +01:00
Joel Speed
f55d24bfcf
Update dependencies
Ran `go get -u` to update depdendencies automatically to newer versions.
I'm aware of a few CVEs that this should resolve
2022-10-29 12:49:48 +01:00
dulakm
95e56e3445
updated release notes regarding azure provider issue (#1771) 2022-10-28 08:32:19 +01:00
Muhammad Arham
1e21a56f99
Update go-redis/redis to v9. (#1847)
* Update go-redis/redis to v9.
- And updated redislock, testify, ginko and gomega have also been updated.
- Renamed the option `IdleTimeout` to `ConnMaxIdleTime` because of 517938a6b0/CHANGELOG.md

* Update CHANGELOG.md

* Dropping dot import of the types since they created aliases now

* fixing some error messages to make tests happy

* updating more error messages that were changed to make tests happy

* reverting error messages

Co-authored-by: Muhammad Arham <marham@i2cinc.com>
2022-10-24 16:41:06 +01:00
Damien Degois
5b5894af07
Keycloak provider - Retain user and prefered_username in session (#1815)
* Keycloak provider - Retain user and prefered_username in session

* Add CHANGELOG for PR #1815
2022-10-24 08:47:59 +01:00
Centzilius
ece3d62d64
set providerDefaults for oidc consistently (#1828)
* set providerDefaults for oidc consistently

* docs: document #1828 in CHANGELOG
2022-10-23 10:48:20 +01:00
Joel Speed
cfcba1a7fc
Merge pull request #1811 from mdoro-13/warn_about_potential_mistake_in_whitelist-domain
Warn not to include URL instead of domain and port
2022-10-23 11:47:01 +02:00
Joel Speed
d9a33df29d
Merge pull request #1851 from adriananeci/bump_go
Bump golang to 1.19 and min allowed version to 1.18
2022-10-23 11:44:45 +02:00
Adrian Aneci
2f1fecae39 add changelog entry 2022-10-22 17:17:36 +03:00
Adrian Aneci
b3df9aecc2 Bump golang to 1.19 and min allowed version to 1.18 2022-10-21 20:40:58 +03:00
Joel Speed
19bb0d0e86
Merge pull request #1574 from adriananeci/azure_support_upstream
Add Azure groups support and Azure OAuth v2.0
2022-10-21 19:31:10 +02:00
Adrian Aneci
a5d918898c Add azure groups support and oauth2 v2.0 2022-10-21 20:23:21 +03:00
Andrew Hamade
7fe6384f38
Fix Linting Errors (#1835)
* initial commit: add groups to azure

Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>

* fix deprecations and linting errors

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* remove groups testing from azure provider

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* fix test error

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

* verify-generate

Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>

Signed-off-by: andrewphamade@gmail.com <andrewphamade@gmail.com>
Signed-off-by: Andrew Hamade <andrewphamade@gmail.com>
2022-10-21 11:57:51 +01:00
Sven Schliesing
a6c8f6f04a
Change "API Manager" to "APIs & Services" (#1824) 2022-10-15 14:33:53 +01:00
Chris Bednarz
6afcae295a
Updated net and text packages to address CVE-2022-27664 and CVE-2022-32149. (#1825)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-10-15 14:33:44 +01:00
NiteHawk
c395669649
20220802 fix nextcloud (#1750)
* Avoid Nextcloud "Current user is not logged in" (Statuscode 997)

The error message results from oauth2-proxy trying to pass the
access token via URL. Instead it needs to be sent via header,
thus the Nextcloud provider requires a fix similar to what #1502
did before for the keycloak provider.

* Implement EnrichSession() for Nextcloud provider

Parse nested JSON to transform relevant information (groups, id,
email) from the OAuth2 userinfo endpoint into session.

* Update CHANGELOG.md (add link to PR #1750)
2022-10-15 14:25:15 +01:00
mdoro-13
51d3d55a69 Warn not to include URL instead of domain and port 2022-10-04 18:39:55 +03:00
Segfault16
965fab422d
Add API route config (#1760)
* Add API route config

In addition to requests with Accept header `application/json` return 401 instead of 302 to login page on requests matching API paths regex.

* Update changelog

* Refactor

* Remove unnecessary comment

* Reorder checks

* Lint Api -> API

Co-authored-by: Sebastian Halder <sebastian.halder@boehringer-ingelheim.com>
2022-09-11 16:09:32 +01:00
tooptoop4
b82593b9cc
Update base docker image to alpine 3.16 (#1788)
* Update Dockerfile

* Update CHANGELOG.md
2022-09-10 11:59:54 +01:00
Joel Speed
fbe7e6f58d
Merge pull request #1762 from ianldgs/negate-route
Support negating for skip auth routes
2022-09-03 14:02:52 +01:00
Ian Serpa
f53754808b Support negating for skip auth routes 2022-09-02 22:23:29 +02:00
Alexandru Ciobanu
037cb041d3
Watch the htpasswd file for changes and update the htpasswdMap (#1701)
* dynamically update the htpasswdMap based on the changes made to the htpasswd file

* added tests to validate that htpasswdMap is updated after the htpasswd file is changed

* refactored `htpasswd` and `watcher` to lower cognitive complexity

* returned errors and refactored tests

* added `CHANGELOG.md` entry for #1701 and fixed the codeclimate issue

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Fix lint issue from code suggestion

* Wrap htpasswd load and watch errors with context

* add the htpasswd wrapped error context to the test

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-09-01 19:46:00 +01:00
Braunson
fcecbeb13c
Inconsistent code-challenge-method CLI flag and config file naming (#1766)
* Inconsistent code-challenge-method CLI flag and config file naming

- Allow previous config option for now to prevent breaking configs

Fixes #1667

* Add changelog entry

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-09-01 10:58:43 +01:00
Joel Speed
d19182c740
Merge pull request #1723 from crbednarz/allow-tls-cipher-config
Added ability to specify allowed TLS cipher suites.
2022-09-01 10:54:25 +01:00
Chris Bednarz
ebacc2d7e4 Added ability to specify allowed TLS cipher suites. 2022-08-31 17:55:06 -07:00
Nuno Miguel Micaelo Borges
a1ff878fdc
Add flags to define CSRF cookie expiration time and to allow CSRF cookies per request (#1708)
* Add start of state to CSRF cookie name

* Update CHANGELOG.md

* Update CHANGELOG.md

* Support optional flags

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update CHANGELOG.md

* Update overview.md

Add new CSRF flags

* Update overview.md

Describe new CSRF flags

Co-authored-by: Nuno Borges <Nuno.Borges@ctw.bmwgroup.com>
2022-08-31 23:27:56 +01:00
Lorenzo Biava
f8bd853702
Azure AD Doc: change permission to openid and add warning on consent (#1752)
The Azure AD Doc mentioned a very broad and risky permission, which is not really required by the proxy, and some Admins won't even permit.
This change recommends using the much more restricted "openid", and also warns about the consent that could still be required in certain cases.
2022-08-31 22:16:53 +01:00
Felix Stupp
723f6cc5d5
docs/conf/overview: Add hint about cookie prefixes to --cookie-name (#1744)
* docs/conf/overview: Add hint about cookie prefixes to --cookie-name

Cookie Prefixes further restricts the possibilities of session attacks because supporting clients will only accept cookies with one of the prefix if certain requirements were meet, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#cookie_prefixes

* Backport cookie prefixes to older docs

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-08-31 22:08:02 +01:00
Konstantin Shalygin
c228d9e273
docs/docs/configuration/auth: fixed example of oidc-issuer-url for Keycloak (#1758)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-08-31 22:07:49 +01:00
Felipe B. Conti
ff03c43842
Fix vulnerabilities on crypto, net and sys packages and change go ver… (#1774)
* Fix vulnerabilities on crypto, net and sys packages and change go version on Docker builder stage

* Changelog related PR $1774

Co-authored-by: Felipe Bonvicini Conti <felipe.conti@totvs.com.br>
2022-08-31 21:37:07 +01:00
Joel Speed
884c4ee484
Merge pull request #1773 from giautm/patch-1
k8s: fixed invalid cookie_domain
2022-08-31 21:27:24 +01:00
Giau. Tran Minh
3d6ccc7cf7
k8s: fixed invalid cookie_domain 2022-08-28 17:54:32 +07:00
Dmitry Kartsev
0cfb9c6da0
adding IdleTimeout with the redis-connection-idle-timeout flag, to ke… (#1691)
* adding IdleTimeout with the redis-connection-idle-timeout flag, to keep redis connections in valid state, when Redis  option is set

* docs update - add redis idle timeout configurations

* changelog update for #1691 fix
2022-08-09 21:57:13 +01:00
Chris
6e02bb496b
Extract Keycloak roles while creating a session from token (#1720)
* extract roles while creating session

* add test

* adjust changelog

* remove unused func

* shorten implementation

Co-authored-by: Christian Hirsch <christian.hirsch@nitrado.net>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-08-08 23:28:46 +01:00
t-katsumura
bcadad4c30
Fix method deprecated error in lint (#1699)
* fix method deprecated error in lint

* Fix logic of testing GetCertPool() method

* fix typo

* improve comment

* Fix typo

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2022-08-08 23:18:29 +01:00
Joel Speed
7a784a460d
Merge pull request #1709 from aiciobanu/basic-login-failed-message
Show an alert message when basic auth credentials are invalid
2022-07-13 14:50:47 +01:00
Alexandru Ciobanu
33a3a602bc added CHANGELOG.md entry for #1709 2022-07-13 16:26:30 +03:00
Alexandru Ciobanu
52cf162843 added tests for basic auth alert message feature 2022-06-30 18:11:43 +03:00
Alexandru Ciobanu
cbda3cf618 implement an error alert message for invalid basic auth credentials 2022-06-30 18:10:02 +03:00
Joel Speed
db74661e10
Merge pull request #1665 from oauth2-proxy/release-7.3.0
Release 7.3.0
2022-05-29 15:50:17 +01:00
Joel Speed
4344610f80
Create versioned docs for release v7.3.x
Created with: yarn run docusaurus docs:version 7.3.x
2022-05-29 15:43:02 +01:00
Joel Speed
95e1a4973e
Update CHANGELOG for v7.3.0 release 2022-05-29 15:36:50 +01:00
Joel Speed
d3f428a1a6
Discover signature algorithms from OIDC provider (#1662) 2022-05-29 13:48:09 +01:00