Commit Graph

1531 Commits

Author SHA1 Message Date
Nick Meves
7e80e5596b RefreshSessions immediately when called 2021-06-21 21:54:52 -07:00
Joel Speed
5f4ac25b1e
Merge pull request #1249 from webnard/patch-1
Simplify sha256sum checking example
2021-06-21 19:43:35 +01:00
Ian Hunter
1c151b4b27
Simplify sha256sum checking example
The previous code didn't consider other languages and hid the output of failures. For example

```
$ LANG=es_ES.UTF-8 sha256sum -c sha256sum.txt
oauth2-proxy-v7.1.3.linux-amd64/oauth2-proxy: La suma coincide
```
2021-06-21 10:44:27 -04:00
Nick Meves
c2325ecbd5
Merge pull request #1226 from oauth2-proxy/app-redirect
Move app redirection logic to its own package
2021-06-19 10:54:00 -07:00
Joel Speed
d8b91efcc7
Add changelog for app redirection split 2021-06-19 11:26:04 +01:00
Joel Speed
bd2fa9d7d8
Add tests for split host port 2021-06-19 11:24:29 +01:00
Joel Speed
273ab1f591
Integrate redirect package with OAuth2 Proxy 2021-06-19 11:24:27 +01:00
Joel Speed
e1764d4221
Create AppDirector for getting the application redirect URL 2021-06-19 11:23:32 +01:00
Joel Speed
e7f304fc96
Create redirect validator 2021-06-19 11:23:31 +01:00
Joel Speed
62436dbc02
Merge pull request #1128 from oauth2-proxy/proxy-router
Use gorilla mux for OAuth Proxy routing
2021-06-19 11:22:37 +01:00
Joel Speed
a8c9b2903d
Use gorilla mux for OAuth Proxy routing 2021-06-19 11:17:16 +01:00
Anders Kiel Hovgaard
c00d36159e
Update Alpine image version to 3.14 (#1244)
* Update Alpine image version to 3.14.

* Update changelog.
2021-06-18 13:12:11 +01:00
Nick Meves
a296936a0f
Merge pull request #1238 from samirachoadi/feature/add_adfs_provider
Added ADFS Provider
2021-06-13 11:13:21 -07:00
Sami Racho
a14c0c2121 Added ADFS Provider 2021-06-13 10:19:56 +02:00
Robin Tweedie
381ac91752
Provide a link to the Helm chart for oauth2-proxy (#1217)
* Update installation.md

Provide a link to the Helm chart for oauth2-proxy

* also document in latest versioned docs
2021-06-09 15:03:51 +01:00
Rishi Kambil
41cd418a5d
Fix - Refresh Session not working for multiple cookies (#1209) (#1227)
* Fix - Refresh Session not working for multiple cookies (#1209)

* added comments for flattenheaders fix

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Updated Changelog.md

Co-authored-by: Rishi Kambil <rishi.kambil@lntinfotech.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-09 10:22:33 +01:00
Frederic Pape
cfd82daaf0
Some typos (#1222)
* Some typos

* Also corrected the typo's in the src code

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-02 19:41:30 +01:00
Kevin Kreitner
f648c54d87
Add redis lock feature (#1063)
* Add sensible logging flag to default setup for logger

* Add Redis lock

* Fix default value flag for sensitive logging

* Split RefreshSessionIfNeeded in two methods and use Redis lock

* Small adjustments to doc and code

* Remove sensible logging

* Fix method names in ticket.go

* Revert "Fix method names in ticket.go"

This reverts commit 408ba1a1a5c55a3cad507a0be8634af1977769cb.

* Fix methods name in ticket.go

* Remove block in Redis client get

* Increase lock time to 1 second

* Perform retries, if session store is locked

* Reverse if condition, because it should return if session does not have to be refreshed

* Update go.sum

* Update MockStore

* Return error if loading session fails

* Fix and update tests

* Change validSession to session in docs and strings

* Change validSession to session in docs and strings

* Fix docs

* Fix wrong field name

* Fix linting

* Fix imports for linting

* Revert changes except from locking functionality

* Add lock feature on session state

* Update from master

* Remove errors package, because it is not used

* Only pass context instead of request to lock

* Use lock key

* By default use NoOpLock

* Remove debug output

* Update ticket_test.go

* Map internal error to sessions error

* Add ErrLockNotObtained

* Enable lock peek for all redis clients

* Use lock key prefix consistent

* Fix imports

* Use exists method for peek lock

* Fix imports

* Fix imports

* Fix imports

* Remove own Dockerfile

* Fix imports

* Fix tests for ticket and session store

* Fix session store test

* Update pkg/apis/sessions/interfaces.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Do not wrap lock method

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Use errors package for lock constants

* Use better naming for initLock function

* Add comments

* Add session store lock test

* Fix tests

* Fix tests

* Fix tests

* Fix tests

* Add cookies after saving session

* Add mock lock

* Fix imports for mock_lock.go

* Store mock lock for key

* Apply elapsed time on mock lock

* Check if lock is initially applied

* Reuse existing lock

* Test all lock methods

* Update CHANGELOG.md

* Use redis client methods in redis.lock for release an refresh

* Use lock key suffix instead of prefix for lock key

* Add comments for Lock interface

* Update comment for Lock interface

* Update CHANGELOG.md

* Change LockSuffix to const

* Check lock on already loaded session

* Use global var for loadedSession in lock tests

* Use lock instance for refreshing and releasing of lock

* Update possible error type for Refresh

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-06-02 19:08:19 +01:00
Joel Speed
67bfa4b43f
Merge pull request #1207 from tarvip/sign-in-fragment-fix
Fix URI fragment handling
2021-05-24 10:33:55 +01:00
Tarvi Pillessaar
818938add2
Fix URI fragment handling
Fixes #1205
2021-05-24 10:17:46 +03:00
Joel Speed
823cb14d01
Merge pull request #1108 from oauth2-proxy/secret-gen
Add alternative ways to generate cookie secrets to docs
2021-05-23 20:21:56 +01:00
Joel Speed
a0e2f785f3
Add alternative ways to generate cookie secrets to docs 2021-05-23 20:12:08 +01:00
Joel Speed
06808704a3
Merge pull request #1142 from oauth2-proxy/writer-funcs
Add pagewriter to upstream proxy
2021-05-10 11:25:07 +01:00
Joel Speed
befcdd9d04
Add pagewriter to upstream proxy 2021-05-10 11:14:05 +01:00
Joel Speed
725ae543d5
Merge pull request #1181 from iTaybb/master
fix: SHOW_DEBUG_ON_ERROR environment variable not working
2021-05-05 10:18:09 +01:00
Itay Brandes
095e1db801 fix: SHOW_DEBUG_ON_ERROR environment variable not working
(Fixes #1178)
2021-05-04 19:17:30 +03:00
Joel Speed
88122f641d
Merge pull request #1171 from oauth2-proxy/release-v7.1.3
Update Changelog for release v7.1.3
2021-04-28 17:48:00 +01:00
Nick Meves
2dd4a9647a
Update Changelog for release v7.1.3 2021-04-28 09:41:18 -07:00
Weinong Wang
f9de0e840c
add oidc issuer to Azure auth provider doc (#1135)
* add oidc issuer to Azure auth provider doc

* updated versioned doc
2021-04-27 18:59:02 +01:00
Nick Meves
d6de11aa98
Merge pull request #1168 from oauth2-proxy/metrics-tls-flag-fix
Fix Metrics cfg option naming typo
2021-04-27 10:15:46 -07:00
Nick Meves
544ba2a21c
Fix Metrics cfg option naming typo 2021-04-23 13:24:28 -07:00
Nick Meves
7eeaea0b3f
Support nonce checks in OIDC Provider (#967)
* Set and verify a nonce with OIDC

* Create a CSRF object to manage nonces & cookies

* Add missing generic cookie unit tests

* Add config flag to control OIDC SkipNonce

* Send hashed nonces in authentication requests

* Encrypt the CSRF cookie

* Add clarity to naming & add more helper methods

* Make CSRF an interface and keep underlying nonces private

* Add ReverseProxy scope to cookie tests

* Align to new 1.16 SameSite cookie default

* Perform SecretBytes conversion on CSRF cookie crypto

* Make state encoding signatures consistent

* Mock time in CSRF struct via Clock

* Improve InsecureSkipNonce docstring
2021-04-21 10:33:27 +01:00
Nick Meves
d3423408c7
Add a clock package for better time mocking (#1136)
* Add a clock package for better time mocking

* Make Clock a struct so it doesn't need initialization

* Test clock package

* Use atomic for live time tests

* Refer to same clock.Mock throughout methods
2021-04-18 18:25:57 +01:00
yanasega
42475c28f7
Multiple providers in alpha config (#947)
* Initial commit of multiple provider logic:
1. Created new provider options.
2. Created legacy provider options and conversion options.
3. Added Providers to alpha Options.
4. Started Validation migration of multiple providers
5. Tests.

* fixed lint issues

* additional lint fixes

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* fixed typo

* removed weird : file

* small CR changes

* Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG

* Update pkg/apis/options/providers.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/apis/options/providers.go

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

* Update pkg/apis/options/providers.go

Co-authored-by: Nick Meves <nick.meves@greenhouse.io>

* Initial commit of multiple provider logic:
1. Created new provider options.
2. Created legacy provider options and conversion options.
3. Added Providers to alpha Options.
4. Started Validation migration of multiple providers
5. Tests.

* fixed lint issues

* additional lint fixes

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* small CR changes

* auto generates alpha_config.md

* rebase (mainly service alpha options related conflicts)

* removed :

* Nits and alterations based on CR: manliy splitting large providers validation function and adding comments to provider options

* small CR changes

* Removed GoogleGroups validation due to new allowed-groups (including tests). Added line in CHANGELOG

* "cntd. rebase"

* ran make generate again

* last conflicts

* removed duplicate client id validation

* 1. Removed provider prefixes
2. altered optionsWithNilProvider logic
3. altered default provider logic
4. moved change in CHANELOG to 7.0.0

* fixed TestGoogleGroupOptions test

* ran make generate

* moved CHANGLOG line to 7.1.1

* moved changelog comment to 7.1.2 (additional rebase)

Co-authored-by: Yana Segal <yana.segal@nielsen.com>
Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
Co-authored-by: Nick Meves <nick.meves@greenhouse.io>
2021-04-03 17:06:30 +01:00
Joel Speed
9d20b4e0e2
Merge pull request #1145 from oauth2-proxy/release-v7.1.2
Update Changelog for release v7.1.2
2021-04-02 11:34:59 +01:00
Joel Speed
fbe5743dd4
Update Changelog for release v7.1.2 2021-04-01 19:07:22 +01:00
Oliver
7ebeecb128
Fix metrics server (#1141)
* fix MetricsSecureAddress cfg tag

* add metrics* flags to docs

* update CHANGELOG
2021-04-01 13:58:13 +01:00
Ian Roberts
3fc194ee72
Minor change to the Dockerfile to improve build speed (#1139)
"go mod download" does not depend on the VERSION env var, so moving the ARG directive after the RUN will allow better use of the Docker build cache - subsequent builds on the same machine need only re-run the "go mod download" if go.mod or go.sum has changed, rather than re-running it any time the VERSION value passed from the Makefile has changed

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
2021-03-29 19:08:40 +01:00
Joel Speed
3315e5d4b8
Merge pull request #1127 from oauth2-proxy/remove-unused-fields
Remove unused fields from OAuthProxy
2021-03-29 19:03:33 +01:00
Joel Speed
c0654e3d9f
Remove unused fields from OAuthProxy 2021-03-29 18:26:48 +01:00
Joel Speed
8c25f5be0b
Merge pull request #1129 from oauth2-proxy/redirect-test-ginkgo
Rewrite OpenRedirect tests in ginkgo
2021-03-29 18:25:21 +01:00
Joel Speed
8c91adcaf0
Rewrite OpenRedirect tests in ginkgo 2021-03-29 18:09:58 +01:00
Joel Speed
4daa66e1c9
Merge pull request #1138 from oauth2-proxy/release-7.1.1
Prepare for release v7.1.1
2021-03-29 16:57:39 +01:00
Joel Speed
46c3296330
Prepare for release v7.1.1 2021-03-28 19:25:46 +01:00
Joel Speed
5497310673
Merge pull request #1133 from oauth2-proxy/fix-metrics-server
Metrics server should be constructed with secure bind address for TLS
2021-03-26 14:36:15 +00:00
Joel Speed
17009d8363
Metrics server should be constructed with secure bind address for TLS 2021-03-26 09:58:39 +00:00
Joel Speed
d64d717e63
Merge pull request #1130 from oauth2-proxy/fix-gitlab-cve-test
Fix GitLab CVE test case
2021-03-25 17:33:57 +00:00
Nick Meves
05c3fa7601
Fix GitLab CVE test case 2021-03-25 10:29:17 -07:00
Joel Speed
333418983c
Merge pull request #1119 from oauth2-proxy/release-7.1.0
Prepare for release v7.1.0
2021-03-25 17:24:36 +00:00
Joel Speed
f86e25aec2
Created versioned docs for v7.1.x
Created with: yarn run docusaurus docs:version 7.0.x
2021-03-25 17:21:08 +00:00