meutel/oauth2_proxy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
135 Commits 6 Branches 12 Tags 1.8 MiB
37f287bef4
Commit Graph

135 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Bland
37f287bef4 Calculate cookie expiration from encoded timestamp 
Found out the hard way that _incoming_ cookies do _not_ have their expiration
timestamps encoded. To perform auto-refresh based on expiration time, we have
to recalculate it from the time encoded in the cookie value.
 2015-05-10 00:11:26 -04:00
Mike Bland
41b21dd0b1 Enforce that cookie_refresh < cookie_expire 2015-05-09 17:37:33 -04:00
Mike Bland
8ec967ac32 Check cookie_secret size when cookie_refresh set 2015-05-09 17:37:33 -04:00
Mike Bland
082b7c0ec8 Set cookie-refresh flag = 0; update README, config 2015-05-09 17:36:17 -04:00
Mike Bland
84190ab19a Validate user during cookie refresh 2015-05-09 16:54:27 -04:00
Mike Bland
610341a068 Make ProcessCookie() fail when cookie parse fails 2015-05-09 16:54:27 -04:00
Mike Bland
bd4eae8fec Store access token when cookie-refresh is set 
cookie-refresh now no longer requires pass-access-token in order to work.
 2015-05-09 16:54:27 -04:00
Mike Bland
b6e07d51b2 Validate access_token when auto-refreshing cookie 2015-05-09 15:09:31 -04:00
Mike Bland
25372567ac ValidateToken() to check access_token validity 2015-05-09 13:17:37 -04:00
Mike Bland
72857018ee Introduce validate-url flag/config 2015-05-08 17:13:35 -04:00
Mike Bland
8e2d83600c Implement cookie auto-refresh 
The intention is to refresh the cookie whenever the user accesses an
authenticated service with less than `cookie-refresh` time to go before the
cookie expires.
 2015-05-08 14:05:09 -04:00
Mike Bland
5cbdb74518 Add ProcessCookie() test 2015-05-08 14:05:09 -04:00
Mike Bland
f554f99abd Ensure all errors are logged in ProcessCookie() 2015-05-08 14:05:09 -04:00
Mike Bland
beed9fb9a2 Extract MakeCookie() 2015-05-08 14:05:09 -04:00
Mike Bland
1bd90cefe7 Extract ProcessCookie() from ServeHTTP() 2015-05-08 12:41:22 -04:00
Jehiah Czebotar
26170c56af Merge pull request #84 from balshor/master 
Add LinkedIn provider
 2015-04-17 23:40:23 -04:00
Darren Lee
5bc77b0ee8 LinkedIn OAuth support. 2015-04-17 17:35:40 -07:00
Jehiah Czebotar
78e080ec46 Merge pull request #83 from 18F/case-insensitive-comparisons 
Make address/domain comparisons case-insensitive
 2015-04-17 20:01:47 -04:00
Mike Bland
781f34e817 Make address/domain comparisons case-insensitive 2015-04-07 17:25:46 -04:00
Jehiah Czebotar
9534808a0d Merge pull request #81 from 18F/access-token-refactor 
Refactor pass_access_token changes from #80
 2015-04-07 16:48:07 -04:00
Mike Bland
83ad43a571 Make proper PassAccessTokenTest methods 2015-04-07 10:11:35 -04:00
Mike Bland
9887ac3be5 Refactor cookie building and parsing 
Extracts buildCookieValue() and parseCookieValue() from OauthProxy.ServeHTTP()
and adds tests for both.
 2015-04-07 05:53:41 -04:00
Mike Bland
cf79fd9e4c Refactor pass_access_token+cookie_secret check 
Moves the check from NewOauthProxy() to Options.Validate() and adds a test.
 2015-04-07 05:53:40 -04:00
Mike Bland
ca32394c6f Add vim .swp files to gitignore 2015-04-07 05:53:40 -04:00
Jehiah Czebotar
b0f0409f2b Merge pull request #82 from 18F/sign-in-redirect 
Redirect to / when /oauth2/sign_in accessed
 2015-04-06 23:20:26 -04:00
Mike Bland
5f747bb768 Redirect to / when /oauth2/sign_in accessed 
Without this change, clicking the sign-in button on /oauth2/sign_in will
always redirect back to /oauth2/sign_in, essentially creating an infinite
loop.
 2015-04-06 22:10:03 -04:00
Jehiah Czebotar
864d4787e9 Merge pull request #80 from 18F/pass-access-token 
Pass the access token to the upstream server
 2015-04-03 15:45:22 -04:00
Mike Bland
ad3c9a886f Pass the access token to the upstream client 
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
 2015-04-03 15:32:01 -04:00
Mike Bland
a9837f90aa Ensure TestNewReverseProxy() passes when offline 
This reflects the apparent intent of TestNewReverseProxy(). Without this
change, the test will fail when run without an Internet connection.
 2015-04-02 21:38:48 -04:00
Jehiah Czebotar
66d4d72d2e Merge pull request #79 from 18F/add-myusa-provider 
Add myusa provider
 2015-03-31 15:59:11 -04:00
Mike Bland
291a0b76b9 Add alternate provider information to README 2015-03-31 15:31:22 -04:00
Mike Bland
59c3ba40f6 Add MyUSA provider 2015-03-31 15:17:17 -04:00
Jehiah Czebotar
243dbb77fb Merge pull request #78 from 18F/generalize-templates 
Add ProviderName field; use in sign_in template
 2015-03-31 13:21:03 -04:00
Mike Bland
666e6ad436 Add ProviderName field; use in sign_in template 2015-03-31 12:59:07 -04:00
Jehiah Czebotar
0136ab01fd Merge pull request #77 from 18F/extract-providers-package 
Extract providers package
 2015-03-31 10:22:52 -04:00
Mike Bland
d9a945ebc3 Integrate Provider into Options and OauthProxy 2015-03-31 09:34:50 -04:00
Mike Bland
e2931da853 Create providers package with Google default 2015-03-31 09:34:50 -04:00
Jehiah Czebotar
41044ecac0 Merge pull request #76 from 18F/extract-api-package 
Extract api package
 2015-03-30 22:47:16 -04:00
Mike Bland
45286af4a4 s/18F/bitly/ in import path 2015-03-30 11:42:37 -04:00
Mike Bland
9d8f932797 Extract api package 
This is the first step towards genericizing the google_auth_proxy to support
OAuth2 providers other than Google as discussed in #65. The `api` package will
enable multiple providers to use the same `api.Request()` implementation.
 2015-03-30 10:23:30 -04:00
Jehiah Czebotar
fd74eae9c3 tag 1.1.1 2015-03-23 09:19:24 -04:00
Jehiah Czebotar
e1f4941522 Merge pull request #74 from jehiah/request_path_74 
request path contains full URL
 2015-03-22 07:56:05 -04:00
Jehiah Czebotar
16f2c981f3 fix upstream request path 2015-03-21 15:29:07 -04:00
Jehiah Czebotar
736ec2aa9f Merge pull request #56 from jehiah/release_56 
Cut a new release
 2015-03-19 23:03:16 -04:00
Jehiah Czebotar
6b771fdd9e show Go version 2015-03-19 23:03:00 -04:00
Jehiah Czebotar
8751f48a4c bump to version 1.1 2015-03-19 22:36:04 -04:00
Jehiah Czebotar
eb67be7ea0 Merge pull request #73 from jehiah/logging_73 
Request Logging:
 2015-03-19 22:35:45 -04:00
Jehiah Czebotar
b9b5e817fc improve request logging (closer to Apache Common Log) 2015-03-19 22:34:01 -04:00
Jehiah Czebotar
c0160c1e4c Merge pull request #72 from jehiah/cookie_fixes_72 
clear cookie fix
 2015-03-19 16:18:50 -04:00
Jehiah Czebotar
07c74f55c6 improve handling of cookie domains 2015-03-19 16:18:02 -04:00