meutel
/
oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
801 Commits 6 Branches 12 Tags 1.8 MiB
Commit Graph

71 Commits

Author SHA1 Message Date
jansinger 7134d22bcc New flag "-ssl-upstream-insecure-skip-validation" (#234) 
* New flag "-ssl-upstream-insecure-skip-validation" to skip SSL validation for upstreams with self generated / invalid SSL certificates.

* Fix tests for modified NewReverseProxy method.

* Added change to the changelog.

* Remove duplicate entries from changelog.
 2019-08-07 17:48:53 +01:00
Joel Speed 630db3769b
Merge branch 'master' into refactor 2019-07-15 11:30:43 +01:00
Henry Jenkins d24aacdb5c Fix lint errors 2019-06-23 21:39:13 +01:00
Brian Van Klaveren 3881955605 Update unit tests for ValidateGroup 2019-06-20 16:57:20 -07:00
Brian Van Klaveren 058ffd1047 Update unit tests for username 2019-06-17 13:11:49 -07:00
Brian Van Klaveren 54d91c69cc Use logger instead of log 2019-06-17 12:52:13 -07:00
Brian Van Klaveren 10f65e0381 Add a more realistic test for JWT passthrough 2019-06-17 12:52:13 -07:00
Brian Van Klaveren 1ff74d322a Fix imports 2019-06-17 12:52:13 -07:00
Brian Van Klaveren 69cb34a04e Add unit tests for JWT -> session translation 2019-06-17 12:52:13 -07:00
Brian Van Klaveren 187960e9d8 Improve token pattern matching 
Unit tests for token discovery
 2019-06-17 12:52:13 -07:00
Joel Speed 6366690927
Fix gofmt for changed files 2019-06-15 11:34:00 +02:00
Joel Speed fb9616160e
Move logger to pkg/logger 2019-06-15 11:33:58 +02:00
Joel Speed 093f9da881
Move cipher creation to options and away from oauth2_proxy.go 2019-05-20 11:26:13 +02:00
Joel Speed 37e31b5f09
Remove dead code 2019-05-20 11:26:11 +02:00
Joel Speed c61f3a1c65
Use SessionStore for session in proxy 2019-05-20 11:26:10 +02:00
Joel Speed 2ab8a7d95d
Move SessionState to its own package 2019-05-18 13:09:56 +02:00
Phil Taprogge 39d2f28a40
Add comment; update changelog 2019-05-09 10:14:01 +01:00
Phil Taprogge 15f48fb95e
Don't infer username from email local part if username not set 2019-05-07 10:36:00 +01:00
MisterWil 8ec025f536 Auth and standard logging with file rolling 2019-04-12 08:59:46 -07:00
einfachchr f715c9371b Fixes deletion of splitted cookies - Issue #69 (#70) 
* fixes deletion of splitted cookies

* three minor adjustments to improve the tests

* changed cookie name matching to regex

* Update oauthproxy.go

Co-Authored-By: einfachchr <einfachchr@gmail.com>

* removed unused variable

* Changelog
 2019-03-15 07:18:37 +00:00
Adam Szalkowski c7193b4085 Merge websocket proxy feature from openshift/oauth-proxy. Original author: Hiram Chirino <hiram@hiramchirino.com> 2019-03-11 14:05:16 +01:00
Joel Speed fa2545636b
Merge pull request #15 from pusher/whitelist-domains 
Whitelist domains
 2019-02-02 18:55:37 +00:00
Cosmin Cojocar 3326194422 Extract the application/json mime type into a const 2019-01-31 16:23:01 +01:00
Cosmin Cojocar c12db0ebf7 Returns HTTP unauthorized for ajax requests instead of redirecting to the sing-in page 2019-01-31 16:23:01 +01:00
Steve Arch 01c5f5ae3b Implemented flushing interval (#23) 
* Implemented flushing interval

When proxying streaming responses, it would not flush the response writer buffer until some seemingly random point (maybe the number of bytes?). This makes it flush every 1 second by default, but with a configurable interval.

* flushing CHANGELOG

* gofmt and goimports
 2019-01-31 14:02:15 +00:00
Joel Speed 9007d66559
Test explicit subdomain whitelisting 2019-01-30 17:30:49 +00:00
Joel Speed 768a6ce989
Test IsValidRedirect method 2019-01-30 17:30:46 +00:00
Steve Arch 090ff11923 redirect to original path after login (#24) 
* redirect to original path after login

* tests for new redirect behaviour

* fixed comment

* added redirect fix to changelog
 2019-01-29 12:13:02 +00:00
Joel Speed d4b588dbe9
Split large cookies 2019-01-22 11:34:54 +00:00
Joel Speed 8ee802d4e5
Lint for non-comment linter errors 2018-11-29 14:26:41 +00:00
Joel Speed 847cf25228
Move imports from bitly to pusher 2018-11-27 11:45:05 +00:00
Mike Bland e241fe86d3
Switch from 18F/hmacauth to mbland/hmacauth 
Since I'm no longer with 18F, I've re-released hmacauth under the ISC
license as opposed to the previous CC0 license. There have been no
changes to the hmacauth code itself, and all tests still pass.
 2017-11-07 07:55:24 -05:00
Tanvir Alam 8a77cfcac3 Swap out bmizerany/assert package that is deprecated in favor of stretchr/testify/assert 2017-10-23 12:24:17 -04:00
Alan Braithwaite b640a69d63 oauthproxy: fix #284 -skip-provider-button for /sign_in route 2017-06-21 15:05:36 -07:00
idntfy 1e7d2a08a3 #369: Optionally allow skipping authentication for preflight requests 2017-04-07 15:01:47 +03:00
Lukasz Siudut 829b442302 add --set-xauthrequest flag for use in Nginx auth_request mode 
This is enhancement of #173 to use "Auth Request" consistently in
the command-line option, configuration file and response headers.
It always sets the X-Auth-Request-User response header and if the
email is available, sets X-Auth-Request-Email as well.
 2017-03-29 21:28:55 +05:30
Colin Arnott 55085d9697 csrf protection; always set state 2017-03-29 09:31:10 -04:00
Jehiah Czebotar 6c690b699b Merge pull request #339 from omazhary/issue-205 
Allow to pass user headers only
 2017-03-28 21:42:29 -04:00
Jehiah Czebotar b884b36f26 bump easy pkg upgrades; drop Go 1.6 (no httptest.NewRequest) 
This fixes a test w request signing due to a content-length:0 header from Go 1.8
 2017-03-27 20:36:35 -04:00
Omar Elazhary 24f91a0b60 Allow to pass user headers only (issue #205) 
* This fixes https://github.com/bitly/oauth2_proxy/issues/205
* Add new boolean option -pass-user-headers
  to control whether X-Forwarded-User and X-Forwarded-Email
  headers will be set (as opposed to HTTP BASIC auth)
* This is required e.g. for grafana [1] where
  X-Forwarded-User is needed but HTTP BASIC auth fails
  (password is not known and must not be known in this scenario)
* Keep behaviour of PassBasicAuth unchanged for compatibility

[1] http://docs.grafana.org/installation/configuration/#authproxy
 2017-01-24 11:11:58 +01:00
Jehiah Czebotar cdebfd6436
base64 cookie support 2016-06-20 07:45:43 -04:00
Mike Bland e4626c1360 Sign Upstream requests with HMAC. closes #147 2015-11-15 22:09:30 -05:00
Mike Bland e61fc9e7a6 Add /auth endpoint to support Nginx's auth_request 
Closes #152.
 2015-11-09 10:31:41 -05:00
Brandon Philips 6db18804f3 *: rename Oauth to OAuth 
Be consistent with Go capitalization styling and use a single way of
spelling this across the tree.
 2015-11-09 00:57:01 +01:00
Brandon Philips 51a2e4e48c *: rename Url to URL everywhere 
Go coding style says that acronyms should be all lower or all upper. Fix
Url to URL.
 2015-11-09 00:47:44 +01:00
Jeppe Toustrup ffeccfe552 Add support for serving static files from a directory 
The path should be provided as a file:// url with the full operating system path.
An alias to where the directory is available as can be specified by appending
a fragment (ie. "#/static/") at the end of the URL.
 2015-09-24 15:37:45 +02:00
Justin Burnham 7dd5d299e1 Add support for setting the basic auth password. 
For tools that don't like empty passwords, this change allows
one to set a shared secret password for all users.
 2015-07-24 09:17:43 +00:00
Jehiah Czebotar d49c3e167f SessionState refactoring; improve token renewal and cookie refresh 
* New SessionState to consolidate email, access token and refresh token
* split ServeHttp into individual methods
* log on session renewal
* log on access token refresh
* refactor cookie encription/decription and session state serialization
 2015-07-02 23:09:11 -04:00
Jehiah Czebotar e9b5631eed cookie refresh: validation fixes, interval changes 
* refresh now calculated as duration from cookie set
 2015-06-23 07:51:00 -04:00
Jehiah Czebotar d78aa13464 v2.0 & cleanup changes 
* bump version to 2.0
* remove --cookie-https-only option
* add windows build to dist.sh
* rename --cookie-key to --cookie-name
 2015-06-12 13:07:26 -04:00