Commit Graph

105 Commits

Author SHA1 Message Date
aledeganopix4d
81f15258a8 Add Bitbucket provider. (#201)
Add a new provider for Bitbucket,
can be configured from the options
specifying team and/or repository
that the user must be part/have access
to in order to grant login.
2019-09-06 16:54:41 +02:00
Adam Eijdenberg
91184c58c7 Made setting of proxied headers deterministic based on configuration
alone

Previously some headers that are normally set by the proxy (and may be
replied upstream for authorization decisiions) were not being set
depending on values in the users sesssion.

This change ensure that if a given header is sometimes set, it will
always be either set or removed.

It might be worth considerating always deleting these headers if we
didn't add them.
2019-09-06 16:54:41 +02:00
Ryan Luckie
c457eeb711
Merge branch 'master' into feature/add_oidc_userinfo_support 2019-08-12 17:32:29 -05:00
hjenkins
02dfa87f11 Fix typos in changelog 2019-08-07 18:00:37 +01:00
jansinger
7134d22bcc New flag "-ssl-upstream-insecure-skip-validation" (#234)
* New flag "-ssl-upstream-insecure-skip-validation" to skip SSL validation for upstreams with self generated / invalid SSL certificates.

* Fix tests for modified NewReverseProxy method.

* Added change to the changelog.

* Remove duplicate entries from changelog.
2019-08-07 17:48:53 +01:00
Alexander Overvoorde
4de49983fb Rework GitLab provider (#231)
* Initial version of OIDC based GitLab provider

* Add support for email domain check to GitLab provider

* Add gitlab.com as default issuer for GitLab provider

* Update documentation for GitLab provider

* Update unit tests for new GitLab provider implementation

* Update CHANGELOG for GitLab provider

* Rename GitLab test access token as response to linter
2019-08-06 12:20:54 +01:00
Justin Palpant
7d910c0ae8 Check Google group membership with hasMember and get. (#224)
* Check Google group membership with hasMember and get.

This PR is an enhancement built on
https://github.com/pusher/oauth2_proxy/pull/160. That PR reduces the
number of calls to the Google Admin API and simplifies the code by
using the hasMember method. It also supports checking membership in
nested groups.

However, the above message doesn't handle members who are not a part
of the domain. The hasMember API returns a 400 for that case. As a
fallback, when the API returns a 400, this change will try using the
`get` API which works as expected for members who aren't a part of the
domain. Supporting members who belong to the Google group but aren't
part of the domain is a requested feature from
https://github.com/pusher/oauth2_proxy/issues/95.

https://developers.google.com/admin-sdk/directory/v1/reference/members/get

Note that nested members who are not a part of the domain will not be
correctly detected with this change.

* Update CHANGELOG.

* Fix incorrect JSON and stop escaping strings.

* Add comments for each scenario.
2019-08-06 10:38:24 +01:00
Reilly Brogan
1ab63304a1 Fix a bunch of places where the repo link was incorrect 2019-08-03 13:22:42 -05:00
Ryan Luckie
4a6b703c54 Update CHANGELOG 2019-07-19 09:03:01 -05:00
Joel Speed
8635391543
Merge pull request #178 from kskewes/pinglog
Add silence-ping-logging flag
2019-07-19 11:30:31 +01:00
Karl Skewes
84da3c3d8c update changelog with both flags 2019-07-16 10:06:29 +12:00
Karl Skewes
ec97000169 Add silence ping logging flag
Add ability to silence logging of requests to /ping endpoint, reducing
log clutter

Pros:
- Don't have to change all handlers to set/not set silent ping logging
- Don't have to duplicate `loggingHandler` (this could be preferable yet)

Cons:
- Leaking oauth2proxy logic into `package logger`
- Defining default pingPath in two locations

Alternative:
- Add generic exclude path to `logger.go` and pass in `/ping`.
2019-07-16 09:42:24 +12:00
Henry Jenkins
bc81a0f6e4 Merge branch 'master' into go-mod
* master:
  Move docker dep commands to earlier in the build
2019-07-15 21:38:55 +01:00
Henry Jenkins
56f51417ae
Merge branch 'master' into go-mod 2019-07-15 16:08:21 +01:00
Daniel Kimsey
816c2a6da9 Move docker dep commands to earlier in the build
This will let Docker cache the results of the vendor dependencies.
Making re-builds during testing faster.

Also clean-up spurious test & rm in ./configure
2019-07-15 10:00:34 -05:00
Joel Speed
874c147e04
Fix tls-key-file and tls-cert-file consistency 2019-07-15 12:01:44 +01:00
Joel Speed
bdcdfb74f9
Update docs and changelog 2019-07-15 12:01:43 +01:00
Joel Speed
630db3769b
Merge branch 'master' into refactor 2019-07-15 11:30:43 +01:00
Henry Jenkins
179ee6c2db Update CHANGELOG 2019-07-14 13:51:46 +01:00
Henry Jenkins
e92e2f0cb4 Update CHANGELOG 2019-07-14 13:32:37 +01:00
Daryl Finlay
776d063b98 Update changelog to include --insecure-oidc-allow-unverified-email 2019-07-11 15:30:57 +01:00
Henry Jenkins
aa37564655
Merge branch 'master' into banner-flag 2019-07-02 14:03:21 +01:00
Henry Jenkins
b9cfa8f49f Add changelog entry 2019-06-25 16:42:24 +01:00
Henry Jenkins
5bcb998e6b Update changelog 2019-06-23 21:39:13 +01:00
Henry Jenkins
411adf6f21 Switch linter to golangci-lint 2019-06-23 20:44:16 +01:00
Brian Van Klaveren
48dbb391bc Move around CHANGELOG.md update 2019-06-17 12:52:44 -07:00
Brian Van Klaveren
8413c30c26 Update changelog with info about -skip-jwt-bearer-tokens 2019-06-17 12:52:13 -07:00
Joel Speed
0af18d6d7c
Merge pull request #141 from openai/googleGroupEmail
Check google group membership based on email address
2019-06-15 14:05:56 +02:00
Joel Speed
77e1fff753
Merge pull request #185 from jonas/check-against-validate-url-string
Only validate tokens if ValidateURL resolves to a non-empty string
2019-06-15 12:30:03 +02:00
Joel Speed
417fde190c
Update changelog 2019-06-15 11:33:59 +02:00
Adam Eijdenberg
d69560d020 No need for case when only 2 conditions 2019-06-15 18:48:27 +10:00
Jonas Fonseca
7a8fb58ad1
Only validate tokens if ValidateURL resolves to a non-empty string
Fix an unsupported protocol scheme error when validating tokens by
ensuring that the ValidateURL generates a non-empty string. The Azure
provider doesn't define any ValidateURL and therefore uses the default
value of `url.Parse("")` which is not `nil`.

The following log summary shows the issue:

    2019/06/14 12:26:04 oauthproxy.go:799: 10.244.1.3:34112 ("10.244.1.1") refreshing 16h26m29s old session cookie for Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true} (refresh after 1h0m0s)
    2019/06/14 12:26:04 internal_util.go:60: GET ?access_token=eyJ0...
    2019/06/14 12:26:04 internal_util.go:61: token validation request failed: Get ?access_token=eyJ0...: unsupported protocol scheme ""
    2019/06/14 12:26:04 oauthproxy.go:822: 10.244.1.3:34112 ("10.244.1.1") removing session. error validating Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true}
2019-06-14 12:52:22 -04:00
Joel Speed
78feaec6fa
Merge branch 'master' into bumpoidc 2019-06-06 17:38:19 +01:00
Brian Van Klaveren
405f9b3bb0 Update CHANGELOG with descriptions about redis support
Add updates from master
2019-06-05 00:12:11 -07:00
Brian Van Klaveren
fc06e2dbef Update documentation and changelog for redis store 2019-06-05 00:11:42 -07:00
Adam Eijdenberg
b6c60f52ee Bump go-oidc 2019-06-04 10:58:35 +10:00
Joel Speed
1355c1ce30
Merge pull request #170 from zeha/release-tarballs-as-before
Make release tarballs look like bitly's
2019-06-03 16:23:30 +01:00
Joel Speed
f0b6f1525b
Update changelog 2019-06-03 14:59:56 +01:00
Chris Hofstaedtler
076484297e Make release tarballs look like bitly's
Fixes #162
2019-05-31 14:46:54 +02:00
Karl Skewes
d3f0cb43ca Update Alpine to 3.9 2019-05-31 18:54:20 +12:00
Joel Speed
d40a61613e
Update Changelog 2019-05-20 11:39:41 +02:00
Joel Speed
72fd3b96a6
Update changelog 2019-05-18 13:10:59 +02:00
Icelyn Jennings
5d7d0c4b4b
Shorten README.md (#154)
* Update README.md

* Add changelog entry

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
2019-05-10 12:25:05 +01:00
Phil Taprogge
d4341ec40c
Add breaking changes section to changelog 2019-05-09 10:26:40 +01:00
Phil Taprogge
39d2f28a40
Add comment; update changelog 2019-05-09 10:14:01 +01:00
Phil Taprogge
8b06d255f7
Merge branch 'master' into goversion 2019-05-03 12:37:15 +01:00
Karl Skewes
8fca58cf49 build: use go 1.12 for arm as well 2019-05-03 22:01:36 +12:00
Karl Skewes
308bcc06a4 fix Docker user on arm
Use simple USER directive.
Using `addgroup` in final `arm` image when building on amd64 doesn't work.
I must have made a mistake during cross build verification.

Alternative is to use qemu-static but it's not worth it for this.
2019-05-03 20:54:21 +12:00
Benjamin Chess
3f2fab10e6 check google group based on email address 2019-05-02 17:11:25 -07:00
Mister Wil
72da47509f
Update CHANGELOG.md 2019-04-23 09:22:46 -07:00