Commit Graph

715 Commits

Author SHA1 Message Date
Daniel Kimsey
816c2a6da9 Move docker dep commands to earlier in the build
This will let Docker cache the results of the vendor dependencies.
Making re-builds during testing faster.

Also clean-up spurious test & rm in ./configure
2019-07-15 10:00:34 -05:00
Joel Speed
d7e88a4718
Merge pull request #186 from pusher/consistent-config
Make configuration consistent
2019-07-15 15:35:11 +01:00
Joel Speed
874c147e04
Fix tls-key-file and tls-cert-file consistency 2019-07-15 12:01:44 +01:00
Joel Speed
bdcdfb74f9
Update docs and changelog 2019-07-15 12:01:43 +01:00
Joel Speed
f0d006259e
Ensure all options use a consistent format for flag vs cfg vs env 2019-07-15 11:59:46 +01:00
Joel Speed
6311fa2950
Merge pull request #187 from pusher/refactor
Move root packages to pkg folder
2019-07-15 11:43:50 +01:00
Joel Speed
630db3769b
Merge branch 'master' into refactor 2019-07-15 11:30:43 +01:00
Joel Speed
4bc0a91e2e
Merge pull request #210 from steakunderscore/alpine-3-10
Update to Alpine 3.10
2019-07-15 11:25:12 +01:00
Henry Jenkins
e92e2f0cb4 Update CHANGELOG 2019-07-14 13:32:37 +01:00
Henry Jenkins
27bdb194b1 Update to Alpine 3.10 2019-07-13 22:14:05 +01:00
Joel Speed
a83c5eabb6
Merge pull request #159 from djfinlay/wip/allow-unverified-email
Create option to skip verified email check in OIDC provider
2019-07-11 16:38:17 +01:00
Daryl Finlay
9823971b7d Make insecure-oidc-allow-unverified-email configuration usage consistent 2019-07-11 15:58:31 +01:00
Daryl Finlay
776d063b98 Update changelog to include --insecure-oidc-allow-unverified-email 2019-07-11 15:30:57 +01:00
Daryl Finlay
39b6a42d43 Mark option to skip verified email check as insecure 2019-07-11 15:29:48 +01:00
Daryl Finlay
018a25be04 Create option to skip verified email check in OIDC provider 2019-07-11 15:29:48 +01:00
Joel Speed
ecd0f89c84
Merge pull request #206 from nniikkoollaaii/feature/update_docs_nginx_auth_request
update configuration.md auth_request section
2019-07-10 09:38:21 +01:00
Seip, Nikolai
387a7267e1 update configuration.md auth_request section 2019-07-10 10:26:31 +02:00
Joel Speed
4eefc01600
Merge pull request #195 from steakunderscore/banner-flag
Adds banner flag
2019-07-04 11:24:16 +01:00
Henry Jenkins
aa37564655
Merge branch 'master' into banner-flag 2019-07-02 14:03:21 +01:00
Joel Speed
85c5cef783
Merge pull request #198 from steakunderscore/switch_to_golangci-lint
Switch linter to golangci-lint
2019-07-01 16:37:26 +01:00
hjenkins
ce7e384095 Remove TODO vetshadow as it's part of govet 2019-07-01 16:27:19 +01:00
Henry Jenkins
b9cfa8f49f Add changelog entry 2019-06-25 16:42:24 +01:00
Henry Jenkins
924eab6355 Adds banner flag
This is to override what's displayed on the main page.
2019-06-25 16:41:51 +01:00
Henry Jenkins
5bcb998e6b Update changelog 2019-06-23 21:39:13 +01:00
Henry Jenkins
d24aacdb5c Fix lint errors 2019-06-23 21:39:13 +01:00
Henry Jenkins
411adf6f21 Switch linter to golangci-lint 2019-06-23 20:44:16 +01:00
Joel Speed
317f09f41e
Merge pull request #65 from lsst/jwt_bearer_passthrough
JWT bearer passthrough
2019-06-21 15:40:34 +01:00
Brian Van Klaveren
3881955605 Update unit tests for ValidateGroup 2019-06-20 16:57:20 -07:00
Brian Van Klaveren
bd651df3c2 Ensure groups in JWT Bearer tokens are also validated
Fix a minor auth logging bug
2019-06-20 13:40:04 -07:00
Brian Van Klaveren
058ffd1047 Update unit tests for username 2019-06-17 13:11:49 -07:00
Brian Van Klaveren
5a50f6223f Do not infer username from email 2019-06-17 12:58:40 -07:00
Brian Van Klaveren
100f126405 Make JwtIssuer struct private 2019-06-17 12:52:44 -07:00
Brian Van Klaveren
2f6dcf3b5f Move refreshing code to block acquiring cookied session 2019-06-17 12:52:44 -07:00
Brian Van Klaveren
48dbb391bc Move around CHANGELOG.md update 2019-06-17 12:52:44 -07:00
Brian Van Klaveren
54d91c69cc Use logger instead of log 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
350c1cd127 Use JwtIssuer struct when parsing 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
58b06ce761 Fall back to using sub if email is none (as in PR #57) 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
79acef9036 Clarify skip-jwt-bearer-tokens default and add env tags 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
10f65e0381 Add a more realistic test for JWT passthrough 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
1ff74d322a Fix imports 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
69cb34a04e Add unit tests for JWT -> session translation 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
187960e9d8 Improve token pattern matching
Unit tests for token discovery
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
8413c30c26 Update changelog with info about -skip-jwt-bearer-tokens 2019-06-17 12:52:13 -07:00
Brian Van Klaveren
b895f49c52 Use idToken expiry because that's the time checked for refresh
RefreshSessionIfNeeded checks the token expiry, we want to use
the ID token's expiry
2019-06-17 12:51:35 -07:00
Brian Van Klaveren
8083501da6 Support JWT Bearer Token and Pass through 2019-06-17 12:51:35 -07:00
Joel Speed
0af18d6d7c
Merge pull request #141 from openai/googleGroupEmail
Check google group membership based on email address
2019-06-15 14:05:56 +02:00
Joel Speed
77e1fff753
Merge pull request #185 from jonas/check-against-validate-url-string
Only validate tokens if ValidateURL resolves to a non-empty string
2019-06-15 12:30:03 +02:00
Joel Speed
0d6fa6216d
Merge pull request #180 from govau/littletidyups
Minor restructure for greater confidence that only authenticated requests are proxied
2019-06-15 12:21:54 +02:00
Joel Speed
6366690927
Fix gofmt for changed files 2019-06-15 11:34:00 +02:00
Joel Speed
417fde190c
Update changelog 2019-06-15 11:33:59 +02:00