Commit Graph

740 Commits

Author SHA1 Message Date
Ryan Luckie
0d94f5e515 fix lint error 2019-07-19 08:53:20 -05:00
Ryan Luckie
2eecf756e4 Add OIDC support for UserInfo Endpoint Email Verification
* Current OIDC implementation asserts that user email check must come
from JWT token claims. OIDC specification also allows for source
of user email to be fetched from userinfo profile endpoint.
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

* First, attempt to retrieve email from JWT token claims.  Then fall back to
requesting email from userinfo endpoint.

* Don't fallback to subject for email

https://github.com/bitly/oauth2_proxy/pull/481
2019-07-19 08:53:20 -05:00
Joel Speed
8635391543
Merge pull request #178 from kskewes/pinglog
Add silence-ping-logging flag
2019-07-19 11:30:31 +01:00
Karl
f29e353586
Update options.go
Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
2019-07-19 22:11:53 +12:00
Joel Speed
2c104c4e7d
Merge pull request #211 from steakunderscore/go-mod
Switch from dep to go modules
2019-07-17 10:21:09 +01:00
Joel Speed
7bf00b7f4a
Merge pull request #213 from pusher/fix-tls-flags
Correct TLS Flags broken in #186
2019-07-17 10:10:18 +01:00
Joel Speed
7b1132df13
Fix tls-*-file docs 2019-07-17 09:58:11 +01:00
Karl Skewes
6bf3f2a51b
Correct tls cert flag name per 186 2019-07-16 13:32:57 +01:00
Karl Skewes
f00a474d91 Correct tls cert flag name per 186 2019-07-16 11:39:06 +12:00
Karl Skewes
b57d7f77e1 Use ok naming convention for map presence check 2019-07-16 10:06:29 +12:00
Karl Skewes
84da3c3d8c update changelog with both flags 2019-07-16 10:06:29 +12:00
Karl Skewes
9ed5623f2a Change env vars to suit incoming PR186 2019-07-16 10:05:10 +12:00
Karl Skewes
7236039b9d remove remnant from rebase 2019-07-16 10:04:09 +12:00
Karl Skewes
289dfce28a logger.go ExcludedPaths changed to slice of paths.
- `logger.go` convert slice of paths to map for quicker lookup
- `options.go` combines csv paths and pingpath into slice
2019-07-16 10:04:09 +12:00
Karl Skewes
4e10cc76e0 Add silence ping logging flag using ExcludePath
- Add `ping-path` option to enable switching on and passing to `logger.go`
  Default remains unchanged at: `"/ping"`
- Add note in configuration.md about silence flag taking precedence

Potential tests:
- `options.go` sets `logger.SetExcludePath` based on silence flag?
- Changing `PingPath` reflected in router?
2019-07-16 09:46:53 +12:00
Karl Skewes
08021429ea formatting and extra test
Can probably slim down the `ExcludePath` tests.
2019-07-16 09:43:48 +12:00
Karl Skewes
c4f20fff3d Add exclude logging path option
Useful for excluding /ping endpoint to reduce log volume.
This is somewhat more verbose than a simple bool to disable logging of
the `/ping` endpoint.

Perhaps better to add `-silence-ping-logging` bool flag to `options.go` and
pass in the `/ping` endpoint as part of `logger` declaration in `options.go`.

Could be extended into a slice of paths similar to go-gin's `SkipPaths`:
https://github.com/gin-gonic/gin/blob/master/logger.go#L46
2019-07-16 09:43:47 +12:00
Karl Skewes
ec97000169 Add silence ping logging flag
Add ability to silence logging of requests to /ping endpoint, reducing
log clutter

Pros:
- Don't have to change all handlers to set/not set silent ping logging
- Don't have to duplicate `loggingHandler` (this could be preferable yet)

Cons:
- Leaking oauth2proxy logic into `package logger`
- Defining default pingPath in two locations

Alternative:
- Add generic exclude path to `logger.go` and pass in `/ping`.
2019-07-16 09:42:24 +12:00
Henry Jenkins
03f218a63c Ensure gomodules are used when downloading 2019-07-15 21:49:38 +01:00
Henry Jenkins
bc81a0f6e4 Merge branch 'master' into go-mod
* master:
  Move docker dep commands to earlier in the build
2019-07-15 21:38:55 +01:00
Joel Speed
e952ab4bdf
Merge pull request #209 from dekimsey/improve-docker-rebuild-caching
Move docker dep commands to earlier in the build
2019-07-15 16:09:22 +01:00
Henry Jenkins
56f51417ae
Merge branch 'master' into go-mod 2019-07-15 16:08:21 +01:00
Daniel Kimsey
816c2a6da9 Move docker dep commands to earlier in the build
This will let Docker cache the results of the vendor dependencies.
Making re-builds during testing faster.

Also clean-up spurious test & rm in ./configure
2019-07-15 10:00:34 -05:00
Joel Speed
d7e88a4718
Merge pull request #186 from pusher/consistent-config
Make configuration consistent
2019-07-15 15:35:11 +01:00
Joel Speed
874c147e04
Fix tls-key-file and tls-cert-file consistency 2019-07-15 12:01:44 +01:00
Joel Speed
bdcdfb74f9
Update docs and changelog 2019-07-15 12:01:43 +01:00
Joel Speed
f0d006259e
Ensure all options use a consistent format for flag vs cfg vs env 2019-07-15 11:59:46 +01:00
Joel Speed
6311fa2950
Merge pull request #187 from pusher/refactor
Move root packages to pkg folder
2019-07-15 11:43:50 +01:00
Joel Speed
630db3769b
Merge branch 'master' into refactor 2019-07-15 11:30:43 +01:00
Joel Speed
4bc0a91e2e
Merge pull request #210 from steakunderscore/alpine-3-10
Update to Alpine 3.10
2019-07-15 11:25:12 +01:00
Henry Jenkins
179ee6c2db Update CHANGELOG 2019-07-14 13:51:46 +01:00
Henry Jenkins
e92e2f0cb4 Update CHANGELOG 2019-07-14 13:32:37 +01:00
Henry Jenkins
27bdb194b1 Update to Alpine 3.10 2019-07-13 22:14:05 +01:00
Henry Jenkins
c98ff79aba Update other docker files 2019-07-13 22:12:20 +01:00
Henry Jenkins
e245ef4854 Switch from dep to go mod
Update modules to avoid issues with golangci-lint
2019-07-13 21:54:45 +01:00
Joel Speed
a83c5eabb6
Merge pull request #159 from djfinlay/wip/allow-unverified-email
Create option to skip verified email check in OIDC provider
2019-07-11 16:38:17 +01:00
Daryl Finlay
9823971b7d Make insecure-oidc-allow-unverified-email configuration usage consistent 2019-07-11 15:58:31 +01:00
Daryl Finlay
776d063b98 Update changelog to include --insecure-oidc-allow-unverified-email 2019-07-11 15:30:57 +01:00
Daryl Finlay
39b6a42d43 Mark option to skip verified email check as insecure 2019-07-11 15:29:48 +01:00
Daryl Finlay
018a25be04 Create option to skip verified email check in OIDC provider 2019-07-11 15:29:48 +01:00
Joel Speed
ecd0f89c84
Merge pull request #206 from nniikkoollaaii/feature/update_docs_nginx_auth_request
update configuration.md auth_request section
2019-07-10 09:38:21 +01:00
Seip, Nikolai
387a7267e1 update configuration.md auth_request section 2019-07-10 10:26:31 +02:00
Joel Speed
4eefc01600
Merge pull request #195 from steakunderscore/banner-flag
Adds banner flag
2019-07-04 11:24:16 +01:00
Henry Jenkins
aa37564655
Merge branch 'master' into banner-flag 2019-07-02 14:03:21 +01:00
Joel Speed
85c5cef783
Merge pull request #198 from steakunderscore/switch_to_golangci-lint
Switch linter to golangci-lint
2019-07-01 16:37:26 +01:00
hjenkins
ce7e384095 Remove TODO vetshadow as it's part of govet 2019-07-01 16:27:19 +01:00
Henry Jenkins
b9cfa8f49f Add changelog entry 2019-06-25 16:42:24 +01:00
Henry Jenkins
924eab6355 Adds banner flag
This is to override what's displayed on the main page.
2019-06-25 16:41:51 +01:00
Henry Jenkins
5bcb998e6b Update changelog 2019-06-23 21:39:13 +01:00
Henry Jenkins
d24aacdb5c Fix lint errors 2019-06-23 21:39:13 +01:00