Commit Graph

1560 Commits

Author SHA1 Message Date
Joel Speed
d05e08cba3
Create generic Authorization Header constructor 2020-08-16 20:04:34 +01:00
Joel Speed
9a338d8a34
Merge pull request #715 from oauth2-proxy/session-nil-time
Ensure session times are not nil before printing them
2020-08-16 19:57:55 +01:00
Joel Speed
16a30002df
Ensure session times are not nil before printing them 2020-08-16 19:53:52 +01:00
Joel Speed
aceb9e2762
Merge pull request #700 from grnhse/oidc-no-email-tokens
Allow OIDC Bearer Tokens without emails
2020-08-16 13:03:43 +01:00
Nick Meves
0645e19c24
Cleanup internalSession params & handle profileURL Bearer case better
`findClaimsFromIDToken` would always have a `nil` access token and not be
able to hit the userinfo endpoint in Bearer case. If access token is nil,
default to legacy `session.Email = claim.Subject` that all JWT bearers used
to have, even if a valid profileURL is present.
2020-08-14 13:31:38 -07:00
Nick Meves
dcc75410a8
Handle claim finding differently in bearer vs standard IDTokens 2020-08-14 13:31:38 -07:00
Nick Meves
514db45d1a
Allow OIDC Bearer Tokens without emails
This reverts to functionality before #499 where an OIDC
provider could be used with `--skip-jwt-bearer-tokens` and
tokens without an email or profileURL would still be valid.
This logic mirrors `middleware.createSessionStateFromBearerToken`
which used to be the universal logic before #499.
2020-08-14 13:31:38 -07:00
Joel Speed
8515da3e91
Merge pull request #714 from grnhse/redis-sentinel-password
Support Password & SentinelPassword in Redis session store
2020-08-14 14:09:54 +01:00
Nick Meves
51a9062044
Support Password & SentinelPassword in Redis session store 2020-08-11 12:22:05 -07:00
Nick Meves
35ed7a313b
Merge pull request #719 from grnhse/gosec-x-oauth-basic-skip
Add `x-oauth-basic` nosec annotation & address gosec unhandled errors
2020-08-11 11:56:07 -07:00
Nick Meves
b6e78efc1e
Add x-oauth-basic nosec annotation & address gosec unhandled errors 2020-08-10 15:15:16 -07:00
Phil Taprogge
d69fd6af22
Allow Logging to stdout with separate Error Log Channel (#718)
* Add dedicated error logging writer

* Document new errors to stdout flag

* Update changelog

* Thread-safe the log buffer

* Address feedback

* Remove duplication by adding log level

* Clean up error formatting

* Apply suggestions from code review

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2020-08-10 11:44:08 +01:00
Nick Meves
33e04cc52f
Merge pull request #690 from grnhse/gosec-findings-fixes
Address gosec findings
2020-08-09 08:24:37 -07:00
Nick Meves
a1358d2070
Panic on any logger errors
Any template errors instead of IO
errors are caught in validation.
2020-08-09 07:55:41 -07:00
Nick Meves
e88d29f16a
Refactor SignInMessage out of main 2020-08-09 07:55:41 -07:00
Nick Meves
46cc21d8cf
Skip gosec linting on tests 2020-08-09 07:55:41 -07:00
Nick Meves
45222395e0
Attempt to log still on template errors 2020-08-09 07:55:40 -07:00
Nick Meves
542bf1fad1
Add gosec to .golangci.yml 2020-08-09 07:55:40 -07:00
Nick Meves
ad52587ae6
Document GoSec nosec skip comments 2020-08-09 07:55:40 -07:00
Nick Meves
2bb0160bf3
Streamline error page usage 2020-08-09 07:55:40 -07:00
Nick Meves
1c8c5b08d7
Handle cookie signing errors 2020-08-09 07:55:40 -07:00
Nick Meves
65c228394f
Address gosec findings
Mostly handling unhandled errors appropriately.
If logging to STDERR fails, we panic. Added #nosec
comments to findings we are OK with.
2020-08-09 07:55:39 -07:00
Joel Speed
7b21f53aad
Merge pull request #689 from grnhse/finicky-logging-time-test
Fix time issue causing finicky failures in logging tests
2020-08-07 08:32:17 +01:00
Nick Meves
81ec9edf53
Fix time issue causing finicky failures in logging tests 2020-08-06 15:44:05 -07:00
Nick Meves
0cf0fd88e8
Merge pull request #710 from ryandesign/patch-1
Fix typos and other minor edits
2020-08-04 07:58:53 -07:00
Ryan Schmidt
6e31eb28d5
Fix typos and other minor edits 2020-08-04 01:29:00 -05:00
Joel Speed
bbf00bc92b
Merge pull request #701 from jhutchings1/patch-1
Add pull request events to CodeQL action
2020-07-29 12:23:08 +01:00
Justin Hutchings
43189a7854
Add pull request events to CodeQL action
This will validate pull requests from forks to ensure that changes don't end up impacting you negatively.
2020-07-28 21:42:21 -07:00
Joel Speed
2318716a89
Merge pull request #699 from grnhse/refactor-persistence-tests
Align persistence ginkgo tests to conventions
2020-07-22 11:23:49 +01:00
Nick Meves
19836f85ac
Align persistence ginkgo tests to conventions 2020-07-21 22:13:17 -07:00
Andy Voltz
88ef888752
Preserve query when building redirect (fix for #695) (#696)
* Add test for GetRedirect to check query and fragments.

* Preserve query and fragment when building redirect.

* Add changelog entry for redirect fix
2020-07-21 16:38:13 +01:00
Joel Speed
c5da3dff9c
Merge pull request #561 from oauth2-proxy/provider-urls-refactor
Move provider URLs to package level vars
2020-07-20 11:50:47 +01:00
Nick Meves
9643a0b10c
Centralize Ticket management of persistent stores (#682)
* Centralize Ticket management of persistent stores

persistence package with Manager & Ticket will handle
all the details about keys, secrets, ticket into cookies,
etc. Persistent stores just need to pass Save, Load &
Clear function handles to the persistent manager now.

* Shift to persistence.Manager wrapping a persistence.Store

* Break up the Redis client builder logic

* Move error messages to Store from Manager

* Convert ticket to private for Manager use only

* Add persistence Manager & ticket tests

* Make a custom MockStore that handles time FastForwards
2020-07-19 21:25:13 +01:00
Joel Speed
f141f7cea0
Merge pull request #688 from oauth2-proxy/session-middlewares
Refactor session loading to make use of middleware pattern
2020-07-19 20:40:17 +01:00
Joel Speed
1aac37d2b1
Merge pull request #593 from oauth2-proxy/proxy-refactor
Integrate upstream package with OAuth2 Proxy
2020-07-19 20:10:56 +01:00
Joel Speed
d4dd34a65a
Move provider URLs to package level vars 2020-07-19 18:34:55 +01:00
Joel Speed
3f00143175
Add changelog entry for session middleware refactor 2020-07-19 17:24:58 +01:00
Joel Speed
eb234011eb
Integrate sessions middlewares 2020-07-19 17:24:12 +01:00
Joel Speed
034f057b60
Add session loader from session storage 2020-07-19 17:21:42 +01:00
Joel Speed
7d6f2a3f45
Add Basic Auth session loader middleware 2020-07-19 17:21:42 +01:00
Joel Speed
c81a7ed197
Add JWT session loader middleware 2020-07-19 17:21:42 +01:00
Joel Speed
2768321929
Add request scope middleware 2020-07-19 17:21:42 +01:00
Joel Speed
d43b372ca9
Use bool pointers for upstream options that default to true 2020-07-19 14:01:36 +01:00
Joel Speed
6b27069812
Add changelog entry for integrating new upstream proxy 2020-07-19 14:01:36 +01:00
Joel Speed
71dc70222b
Break legacy upstream options into LegacyUpstreams struct 2020-07-19 14:01:36 +01:00
Joel Speed
5dbcd73722
Configure OAuth2 Proxy to use new upstreams package and LegacyConfig 2020-07-19 08:17:53 +01:00
Joel Speed
e932381ba7
Add LegacyOptions and conversion to new Options
This will be temporary until we switch to structured config, then we can remove the LegacyOptions and conversions
2020-07-19 08:17:53 +01:00
Joel Speed
e02f99eb58
Merge pull request #687 from oauth2-proxy/htpasswd-validator
Refactor HTPasswd Validator
2020-07-18 17:29:50 +01:00
Joel Speed
e73db7df7b
Add HTPasswd validator refactor to changelog 2020-07-18 11:01:49 +01:00
Joel Speed
2981a5ed1a
Integrate HTPasswdValidator into OAuth2 Proxy 2020-07-18 11:01:49 +01:00