Commit Graph

1560 Commits

Author SHA1 Message Date
Philippe Bürgisser
45e45303ad
Adding example for auth skiping 2021-08-27 10:53:57 +02:00
Stéphan Kochen
31f7c5bb59
Fix go get instructions (#1271)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-08-18 17:11:18 +01:00
Jordie
42c16efa38
Fixed .CustomLogin </form> tag placement for login page (#1317)
* Fixed .CustomLogin </form> tag placement for login page

* Update changelog (gh-1317)
2021-08-11 15:57:40 +01:00
Nick Meves
526aff8c84
Merge pull request #1210 from pb82/keycloak-oidc-provider
Keycloak oidc provider
2021-08-07 09:57:03 -07:00
Peter Braun
e6223383e5 update keycloak oidc provider and add unit tests 2021-08-02 11:39:50 +02:00
Nick Meves
ab54de38cc Extract roles from Keycloak Access Tokens 2021-07-30 09:46:13 +02:00
Nick Meves
4c0beb373f Add keycloak-oidc provider based on OIDCProvider 2021-07-30 09:46:13 +02:00
JVecsei
8967873659
Updated dependency versions which include CVE fixes (#1276)
* switched to github.com/golang-jwt/jwt and updated golang.org/x/crypto to include CVE fixes

* added #1276 to changelog

Co-authored-by: Joshua Vécsei <git@vecsei.me>
2021-07-29 17:45:41 +01:00
wyewata
a35db2ae8a
Fix expected error messages (#1269)
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-07-28 19:56:23 +01:00
Nick Meves
0b4bc36554
Upgrade go-oidc to v3 (#1264) 2021-07-17 09:55:05 -07:00
Joel Speed
ef697afc6d
Merge pull request #1265 from wassan128/fix/doc-typo
Fix small typo
2021-07-10 13:01:44 +01:00
wassan128
777556c97e Fix typo s/commmon/common/ 2021-07-08 21:29:43 +09:00
Joel Speed
98f8195902
Merge pull request #1262 from oauth2-proxy/fix-encryption-finicky-tests
Remove finicky encryption test
2021-07-02 17:22:57 +01:00
Nick Meves
1faa5c47ce Remove finicky encryption test
AES-CFB is unauthenticated, in rare circumstances it won't error on
AES-GCM encrypted payloads
2021-07-01 19:03:01 -07:00
Moraru Costel
7a83d18f23
Extend email-domain validation with sub-domain capability (#1233)
* Extend email-domain validation with sub-domain capability

* Adding the CHANGELOG entry

* Fixing lint erros

* Fixing lint erros

* Renamed the emailDomains to allowedDomains, plus tests

* Bringing together all basic test-cases

* Fixing unit tests

* Add unit tests to validate additional vulnerability concerns
2021-06-29 19:37:03 +01:00
Joel Speed
d359ab75e1
Merge pull request #1253 from netgusto/patch-1
Update README.md
2021-06-24 12:03:52 +01:00
Jérôme Schneider
5063b31b62
Update README.md
Fixing typo.
2021-06-24 09:34:10 +02:00
Joel Speed
ac188b129f
Merge pull request #1060 from oauth2-proxy/upstream-rewrite
Implement RewriteTarget to allow requests to be rewritten before proxying to upstream servers
2021-06-23 13:36:03 +01:00
Joel Speed
9ce962be08
Add changelog entry for new rewrite target feature 2021-06-23 12:21:40 +01:00
Joel Speed
075cb9c3a0
Ensure upstreams are sorted by longest first 2021-06-23 12:20:48 +01:00
Joel Speed
8a06779d41
Redirect request if it would match with an appended trailing slash 2021-06-23 12:20:47 +01:00
Joel Speed
6c62b25bf1
Allow request paths to be rewritten before proxying to upstream server 2021-06-23 12:20:46 +01:00
Joel Speed
d2d62bb452
Replace standard serve mux with gorilla mux 2021-06-23 12:20:21 +01:00
Nick Meves
16a9893a19
Merge pull request #1086 from oauth2-proxy/early-refresh
Convert RefreshSessionIfNeeded into RefreshSession
2021-06-22 17:13:14 -07:00
Nick Meves
ff914d7e17 Use ErrNotImplemented in default refresh implementation 2021-06-22 17:04:42 -07:00
Nick Meves
baf6cf3816 Remove mutex from local Clock instances
They will only be used in tests, but it doesn't play
nice with copy operations many tests use. The linter was
not happy. While the global clock needs mutexes for parallelism,
local Clocks only used it for Set/Add and didn't even use the
mutex for actual time functions.
2021-06-22 17:04:42 -07:00
Nick Meves
d91c3f867d Remove validation for invalid legacy v6.0.0 sessions
The reflect.DeepCopy doesn't play nice with the new Lock and Clock
fields in sessions. And it added unneeded session deserialization
logic to every request.
2021-06-22 17:04:42 -07:00
Nick Meves
593125152d Standarize provider refresh implemention & logging 2021-06-22 17:04:30 -07:00
Nick Meves
7fa6d2d024 Manage session time fields centrally 2021-06-21 21:54:52 -07:00
Nick Meves
7e80e5596b RefreshSessions immediately when called 2021-06-21 21:54:52 -07:00
Joel Speed
5f4ac25b1e
Merge pull request #1249 from webnard/patch-1
Simplify sha256sum checking example
2021-06-21 19:43:35 +01:00
Ian Hunter
1c151b4b27
Simplify sha256sum checking example
The previous code didn't consider other languages and hid the output of failures. For example

```
$ LANG=es_ES.UTF-8 sha256sum -c sha256sum.txt
oauth2-proxy-v7.1.3.linux-amd64/oauth2-proxy: La suma coincide
```
2021-06-21 10:44:27 -04:00
Nick Meves
c2325ecbd5
Merge pull request #1226 from oauth2-proxy/app-redirect
Move app redirection logic to its own package
2021-06-19 10:54:00 -07:00
Joel Speed
d8b91efcc7
Add changelog for app redirection split 2021-06-19 11:26:04 +01:00
Joel Speed
bd2fa9d7d8
Add tests for split host port 2021-06-19 11:24:29 +01:00
Joel Speed
273ab1f591
Integrate redirect package with OAuth2 Proxy 2021-06-19 11:24:27 +01:00
Joel Speed
e1764d4221
Create AppDirector for getting the application redirect URL 2021-06-19 11:23:32 +01:00
Joel Speed
e7f304fc96
Create redirect validator 2021-06-19 11:23:31 +01:00
Joel Speed
62436dbc02
Merge pull request #1128 from oauth2-proxy/proxy-router
Use gorilla mux for OAuth Proxy routing
2021-06-19 11:22:37 +01:00
Joel Speed
a8c9b2903d
Use gorilla mux for OAuth Proxy routing 2021-06-19 11:17:16 +01:00
Anders Kiel Hovgaard
c00d36159e
Update Alpine image version to 3.14 (#1244)
* Update Alpine image version to 3.14.

* Update changelog.
2021-06-18 13:12:11 +01:00
Nick Meves
a296936a0f
Merge pull request #1238 from samirachoadi/feature/add_adfs_provider
Added ADFS Provider
2021-06-13 11:13:21 -07:00
Sami Racho
a14c0c2121 Added ADFS Provider 2021-06-13 10:19:56 +02:00
Robin Tweedie
381ac91752
Provide a link to the Helm chart for oauth2-proxy (#1217)
* Update installation.md

Provide a link to the Helm chart for oauth2-proxy

* also document in latest versioned docs
2021-06-09 15:03:51 +01:00
Rishi Kambil
41cd418a5d
Fix - Refresh Session not working for multiple cookies (#1209) (#1227)
* Fix - Refresh Session not working for multiple cookies (#1209)

* added comments for flattenheaders fix

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Updated Changelog.md

Co-authored-by: Rishi Kambil <rishi.kambil@lntinfotech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-09 10:22:33 +01:00
Frederic Pape
cfd82daaf0
Some typos (#1222)
* Some typos

* Also corrected the typo's in the src code

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-02 19:41:30 +01:00
Kevin Kreitner
f648c54d87
Add redis lock feature (#1063)
* Add sensible logging flag to default setup for logger

* Add Redis lock

* Fix default value flag for sensitive logging

* Split RefreshSessionIfNeeded in two methods and use Redis lock

* Small adjustments to doc and code

* Remove sensible logging

* Fix method names in ticket.go

* Revert "Fix method names in ticket.go"

This reverts commit 408ba1a1a5c55a3cad507a0be8634af1977769cb.

* Fix methods name in ticket.go

* Remove block in Redis client get

* Increase lock time to 1 second

* Perform retries, if session store is locked

* Reverse if condition, because it should return if session does not have to be refreshed

* Update go.sum

* Update MockStore

* Return error if loading session fails

* Fix and update tests

* Change validSession to session in docs and strings

* Change validSession to session in docs and strings

* Fix docs

* Fix wrong field name

* Fix linting

* Fix imports for linting

* Revert changes except from locking functionality

* Add lock feature on session state

* Update from master

* Remove errors package, because it is not used

* Only pass context instead of request to lock

* Use lock key

* By default use NoOpLock

* Remove debug output

* Update ticket_test.go

* Map internal error to sessions error

* Add ErrLockNotObtained

* Enable lock peek for all redis clients

* Use lock key prefix consistent

* Fix imports

* Use exists method for peek lock

* Fix imports

* Fix imports

* Fix imports

* Remove own Dockerfile

* Fix imports

* Fix tests for ticket and session store

* Fix session store test

* Update pkg/apis/sessions/interfaces.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Do not wrap lock method

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Use errors package for lock constants

* Use better naming for initLock function

* Add comments

* Add session store lock test

* Fix tests

* Fix tests

* Fix tests

* Fix tests

* Add cookies after saving session

* Add mock lock

* Fix imports for mock_lock.go

* Store mock lock for key

* Apply elapsed time on mock lock

* Check if lock is initially applied

* Reuse existing lock

* Test all lock methods

* Update CHANGELOG.md

* Use redis client methods in redis.lock for release an refresh

* Use lock key suffix instead of prefix for lock key

* Add comments for Lock interface

* Update comment for Lock interface

* Update CHANGELOG.md

* Change LockSuffix to const

* Check lock on already loaded session

* Use global var for loadedSession in lock tests

* Use lock instance for refreshing and releasing of lock

* Update possible error type for Refresh

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-02 19:08:19 +01:00
Joel Speed
67bfa4b43f
Merge pull request #1207 from tarvip/sign-in-fragment-fix
Fix URI fragment handling
2021-05-24 10:33:55 +01:00
Tarvi Pillessaar
818938add2
Fix URI fragment handling
Fixes #1205
2021-05-24 10:17:46 +03:00
Joel Speed
823cb14d01
Merge pull request #1108 from oauth2-proxy/secret-gen
Add alternative ways to generate cookie secrets to docs
2021-05-23 20:21:56 +01:00