Jehiah Czebotar
af7be2d622
Merge pull request #319 from advarisk/auth-request
...
various fixes for getting Nginx auth_request mode working
2017-03-29 12:14:24 -04:00
Ashish Kulkarni
fe44b89f57
update documentation for Nginx auth_request mode
2017-03-29 21:28:55 +05:30
Sjoerd Mulder
90a22b2f39
Use X-Auth-Request-Redirect request header in sign-in page
...
This is useful in Nginx auth_request mode, if a 401 handler is
configured to redirect to the sign-in page. As the request URL
does not reflect the actual URL, the value is taken from the
header "X-Auth-Request-Redirect" instead. Based on #247
2017-03-29 21:28:55 +05:30
Lukasz Siudut
829b442302
add --set-xauthrequest flag for use in Nginx auth_request mode
...
This is enhancement of #173 to use "Auth Request" consistently in
the command-line option, configuration file and response headers.
It always sets the X-Auth-Request-User response header and if the
email is available, sets X-Auth-Request-Email as well.
2017-03-29 21:28:55 +05:30
Jehiah Czebotar
93852a24cb
Merge pull request #362 from jehiah/ssl_insecure_skip_verify_362
...
Option to skip SSL verification
2017-03-29 11:02:26 -04:00
Jehiah Czebotar
dcf62d06df
option for skipping OAuth provider SSL verification
2017-03-29 10:57:07 -04:00
Jehiah Czebotar
bb9b607440
Merge pull request #361 from jehiah/gofmt_361
...
travis: run gofmt and go vet
2017-03-29 09:53:19 -04:00
Jehiah Czebotar
c5fc7baa86
gofmt
2017-03-29 09:36:38 -04:00
Jehiah Czebotar
c1116ea506
travis: run gofmt and go vet
2017-03-29 09:36:23 -04:00
Jehiah Czebotar
4464655276
Merge pull request #360 from jehiah/csrf_validation_360
...
CSRF protection for OAuth flow.
2017-03-29 09:36:04 -04:00
Colin Arnott
55085d9697
csrf protection; always set state
2017-03-29 09:31:10 -04:00
Jehiah Czebotar
6c690b699b
Merge pull request #339 from omazhary/issue-205
...
Allow to pass user headers only
2017-03-28 21:42:29 -04:00
Jehiah Czebotar
107b4811b4
Merge pull request #346 from bdwyertech/patch-1
...
Oversize Cookie Alert
2017-03-28 21:40:11 -04:00
Jehiah Czebotar
cd0d13e3fb
Merge pull request #357 from wrapp/skip-group-lookup-404
...
Skip 404 errors when looking up Google groups
2017-03-28 21:38:55 -04:00
Jehiah Czebotar
86d083266b
Merge pull request #359 from jehiah/redirect_check_359
...
Improve redirect checks
2017-03-28 21:34:23 -04:00
Colin Arnott
289a6ccf46
add check for //.* to prevent open redirect during oauth
2017-03-28 21:12:33 -04:00
Eskil Andreen
652f43ed38
Skip 404 errors when looking up Google groups
...
When checking user membership against Google groups the groups are checked one
at a time and in the order that they were supplied. If one of the groups does
not exist then the checking is halted with the following error.
google.go:201: googleapi: Error 404: Resource Not Found: groupKey, notFound
None of the groups following the missing group are checked either. This means
that something as trivial as a typo in the first group will make it impossible
for anybody to login.
This change catches the 404, logs a message, and then carries on as usual. In
this way a typo will cause a particular group to stop working but will not
affect any other groups.
2017-03-28 16:06:15 +02:00
Jehiah Czebotar
712739f777
Merge pull request #356 from jehiah/bump_dependencies_356
...
Update vendored dependencies.
2017-03-27 21:07:08 -04:00
Jehiah Czebotar
2ebab604eb
bump golang.org/x/... and google.golang.org dependencies
2017-03-27 20:56:15 -04:00
Jehiah Czebotar
b884b36f26
bump easy pkg upgrades; drop Go 1.6 (no httptest.NewRequest)
...
This fixes a test w request signing due to a content-length:0 header from Go 1.8
2017-03-27 20:36:35 -04:00
Jehiah Czebotar
951b5f325b
Merge pull request #355 from ploxiln/dist_updates
...
dist.sh and Godeps updates
2017-03-27 20:16:44 -04:00
Pierce Lopez
9167c8ace8
travis: update go versions, gpm version
2017-03-27 19:40:12 -04:00
Pierce Lopez
a2eeec2b7a
Godeps: remove redundant dep, add missing
...
golang.org/x/oauth2/google is same repo as golang.org/x/oauth2
- this sometimes confused gpm/git
cloud.google.com/go/compute/metadata is a missing dependency
of golang.org/x/oauth2
2017-03-27 19:17:42 -04:00
Pierce Lopez
2024dc34ac
dist.sh: run gpm with GOPATH=$DIR/.godeps
...
so gpm is not affected if module exists in user's GOPATH already
2017-03-27 19:13:05 -04:00
Pierce Lopez
86c9638572
dist.sh: already uses set "-e", remove "|| exit 1"
2017-03-27 18:16:39 -04:00
Jehiah Czebotar
7d920c98a6
Merge pull request #354 from ploxiln/dist_win_exe
...
dist.sh: add .exe for windows build
2017-03-27 14:49:40 -04:00
Pierce Lopez
bc3fe00be4
dist.sh: add .exe for windows build
2017-03-27 14:35:28 -04:00
Jehiah Czebotar
87847316d4
Merge pull request #349 from braincube-io/signout
...
[signout] Implement logout endpoint
2017-03-22 23:08:47 -04:00
Guillaume Bienkowski
562cc2e466
[signout] Implement logout endpoint
2017-03-21 17:40:47 +01:00
Brian Dwyer
3379e05fec
Oversize Cookie Alert
...
Cookies cannot be larger than 4kb
2017-02-23 18:48:34 -05:00
Omar Elazhary
24f91a0b60
Allow to pass user headers only (issue #205 )
...
* This fixes https://github.com/bitly/oauth2_proxy/issues/205
* Add new boolean option -pass-user-headers
to control whether X-Forwarded-User and X-Forwarded-Email
headers will be set (as opposed to HTTP BASIC auth)
* This is required e.g. for grafana [1] where
X-Forwarded-User is needed but HTTP BASIC auth fails
(password is not known and must not be known in this scenario)
* Keep behaviour of PassBasicAuth unchanged for compatibility
[1] http://docs.grafana.org/installation/configuration/#authproxy
2017-01-24 11:11:58 +01:00
Jehiah Czebotar
89ba1d813a
Merge pull request #322 from ReadmeCritic/master
...
Correct the spelling of GitHub in README
2016-11-18 13:00:22 -05:00
ReadmeCritic
4203c26d7c
Correct the spelling of GitHub in README
2016-11-18 09:31:22 -08:00
Jehiah Czebotar
a9c55bd6d1
Merge pull request #299 from tamsky/fix-travis-vs-upstream-golang-dependency
...
repo golang.org/x/oauth2/google has moved, fixes travis build
2016-08-24 22:01:54 -04:00
Marc Tamsky
e0a1831452
upstream vendor import paths have changed.
...
this fixes the travis build, which is broken
2016-08-24 16:58:38 -07:00
Jehiah Czebotar
a0e4a36821
Merge pull request #292 from nickmiller-wf/redact-access-token
...
Strip sensitive URL parameters from provider log output
2016-08-02 23:19:22 -04:00
nickmiller-wf
c566648127
add stripParam and stripToken methods to obfuscate log output
2016-08-02 21:01:44 -06:00
Jehiah Czebotar
78f2fe1306
Merge pull request #290 from MarkHerhold/patch-2
...
Adding skip-provider-button docs
2016-07-30 23:16:30 -04:00
Mark Herhold
116b84906e
Adding skip-provider-button docs
2016-07-30 22:34:28 -04:00
Jehiah Czebotar
2f0f95b523
Merge pull request #279 from tanuck/bump-travis-version
...
Bump travis version
2016-07-19 16:41:44 -04:00
James Tancock
6cbc339442
Bump travis version
2016-07-19 21:29:19 +01:00
tanuck
c015075996
Validate cookie name ( #278 )
...
Validate cookie name passes go's isCookieNameValid check
2016-07-19 15:51:25 -04:00
Nick Semenkovich
17f412e407
docs: working nginx auth_request example ( #273 )
2016-07-05 09:38:34 -04:00
Jehiah Czebotar
da0bb7656a
Merge pull request #274 from ElDiabloComputatore/Azure_provider_mail_fix
...
Getting mail for Azure provider fix + tests
2016-07-03 21:50:51 -04:00
Jehiah Czebotar
9babca599b
bump version to 2.2.0-alpha
2016-07-03 21:50:38 -04:00
Tomas Pramuka
5acf96b75d
Getting mail for Azure provider fix + tests
2016-06-29 09:00:08 +02:00
Jehiah Czebotar
f9e649456b
Merge pull request #272 from semenko/master
...
Fix documentation for auth_request directive
2016-06-27 21:19:00 -04:00
Nick Semenkovich
56bf3f8add
Fix documentation for auth_request directive
...
The correct endpoint is /oauth2/auth
2016-06-27 20:10:22 -05:00
Jehiah Czebotar
a66f7c50ea
Merge pull request #193 from jehiah/release_193
...
A new tag
2016-06-23 10:11:59 -04:00
Jehiah Czebotar
671f00e60e
cookie secret: give helper command for generating a secret
2016-06-23 09:42:32 -04:00