Commit Graph

84 Commits

Author SHA1 Message Date
Daryl Finlay
776d063b98 Update changelog to include --insecure-oidc-allow-unverified-email 2019-07-11 15:30:57 +01:00
Henry Jenkins
aa37564655
Merge branch 'master' into banner-flag 2019-07-02 14:03:21 +01:00
Henry Jenkins
b9cfa8f49f Add changelog entry 2019-06-25 16:42:24 +01:00
Henry Jenkins
5bcb998e6b Update changelog 2019-06-23 21:39:13 +01:00
Henry Jenkins
411adf6f21 Switch linter to golangci-lint 2019-06-23 20:44:16 +01:00
Brian Van Klaveren
48dbb391bc Move around CHANGELOG.md update 2019-06-17 12:52:44 -07:00
Brian Van Klaveren
8413c30c26 Update changelog with info about -skip-jwt-bearer-tokens 2019-06-17 12:52:13 -07:00
Joel Speed
0af18d6d7c
Merge pull request #141 from openai/googleGroupEmail
Check google group membership based on email address
2019-06-15 14:05:56 +02:00
Joel Speed
77e1fff753
Merge pull request #185 from jonas/check-against-validate-url-string
Only validate tokens if ValidateURL resolves to a non-empty string
2019-06-15 12:30:03 +02:00
Adam Eijdenberg
d69560d020 No need for case when only 2 conditions 2019-06-15 18:48:27 +10:00
Jonas Fonseca
7a8fb58ad1
Only validate tokens if ValidateURL resolves to a non-empty string
Fix an unsupported protocol scheme error when validating tokens by
ensuring that the ValidateURL generates a non-empty string. The Azure
provider doesn't define any ValidateURL and therefore uses the default
value of `url.Parse("")` which is not `nil`.

The following log summary shows the issue:

    2019/06/14 12:26:04 oauthproxy.go:799: 10.244.1.3:34112 ("10.244.1.1") refreshing 16h26m29s old session cookie for Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true} (refresh after 1h0m0s)
    2019/06/14 12:26:04 internal_util.go:60: GET ?access_token=eyJ0...
    2019/06/14 12:26:04 internal_util.go:61: token validation request failed: Get ?access_token=eyJ0...: unsupported protocol scheme ""
    2019/06/14 12:26:04 oauthproxy.go:822: 10.244.1.3:34112 ("10.244.1.1") removing session. error validating Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true}
2019-06-14 12:52:22 -04:00
Joel Speed
78feaec6fa
Merge branch 'master' into bumpoidc 2019-06-06 17:38:19 +01:00
Brian Van Klaveren
405f9b3bb0 Update CHANGELOG with descriptions about redis support
Add updates from master
2019-06-05 00:12:11 -07:00
Brian Van Klaveren
fc06e2dbef Update documentation and changelog for redis store 2019-06-05 00:11:42 -07:00
Adam Eijdenberg
b6c60f52ee Bump go-oidc 2019-06-04 10:58:35 +10:00
Joel Speed
1355c1ce30
Merge pull request #170 from zeha/release-tarballs-as-before
Make release tarballs look like bitly's
2019-06-03 16:23:30 +01:00
Joel Speed
f0b6f1525b
Update changelog 2019-06-03 14:59:56 +01:00
Chris Hofstaedtler
076484297e Make release tarballs look like bitly's
Fixes #162
2019-05-31 14:46:54 +02:00
Karl Skewes
d3f0cb43ca Update Alpine to 3.9 2019-05-31 18:54:20 +12:00
Joel Speed
d40a61613e
Update Changelog 2019-05-20 11:39:41 +02:00
Joel Speed
72fd3b96a6
Update changelog 2019-05-18 13:10:59 +02:00
Icelyn Jennings
5d7d0c4b4b
Shorten README.md (#154)
* Update README.md

* Add changelog entry

Co-Authored-By: Joel Speed <Joel.speed@hotmail.co.uk>
2019-05-10 12:25:05 +01:00
Phil Taprogge
d4341ec40c
Add breaking changes section to changelog 2019-05-09 10:26:40 +01:00
Phil Taprogge
39d2f28a40
Add comment; update changelog 2019-05-09 10:14:01 +01:00
Phil Taprogge
8b06d255f7
Merge branch 'master' into goversion 2019-05-03 12:37:15 +01:00
Karl Skewes
8fca58cf49 build: use go 1.12 for arm as well 2019-05-03 22:01:36 +12:00
Karl Skewes
308bcc06a4 fix Docker user on arm
Use simple USER directive.
Using `addgroup` in final `arm` image when building on amd64 doesn't work.
I must have made a mistake during cross build verification.

Alternative is to use qemu-static but it's not worth it for this.
2019-05-03 20:54:21 +12:00
Benjamin Chess
3f2fab10e6 check google group based on email address 2019-05-02 17:11:25 -07:00
Mister Wil
72da47509f
Update CHANGELOG.md 2019-04-23 09:22:46 -07:00
Mister Wil
88c518885c
Merge branch 'master' into enhanced_logging 2019-04-16 06:53:45 -07:00
timothy-spencer
1ae62a3343
added jwt-key-file option, update docs 2019-04-15 09:49:05 -07:00
MisterWil
79bcfebb77 Final conflicts 2019-04-12 09:53:07 -07:00
MisterWil
40ba565975 Requested changes 2019-04-12 09:48:21 -07:00
MisterWil
562db1e2da Updated changelog 2019-04-12 09:00:54 -07:00
Joel Speed
6545a33f93
Update changelog for release v3.2.0 2019-04-12 11:23:14 +01:00
Dan Bond
bf9fedb3cf
build: use go 1.12 (#124)
* build: use go 1.12

* Update CHANGELOG.md
2019-04-12 11:15:29 +01:00
Joel Speed
d00e3bddf5
Merge branch 'master' into verified 2019-04-11 13:49:56 +01:00
Joel Speed
3f4420fd58
Merge pull request #120 from costelmoraru/session_state_email
Encrypting user/email from cookie
2019-04-10 13:57:56 +01:00
Costel Moraru
f5f64e7d6c Update the changelog 2019-04-10 00:42:17 +03:00
Costel Moraru
6da6ee7f84 Encrypting user/email from cookie, add changelog 2019-04-09 15:00:17 +03:00
Tim Spencer
189bda3781
Merge branch 'master' into gcphealthcheck 2019-03-25 09:57:52 -07:00
gyson
b67614c90f Update CHANGELOG.md 2019-03-22 17:41:55 -04:00
timothy-spencer
e9f36fa4b5
added the PR to the changelog 2019-03-20 14:44:01 -07:00
Carlos Alexandro Becker
95ee4358b2
Merge remote-tracking branch 'upstream/master' into verified 2019-03-20 13:46:04 -03:00
YAEGASHI Takeshi
2070fae47c Use encoding/json for SessionState serialization (#63)
* Use encoding/json for SessionState serialization

In order to make it easier to extend in future.

* Store only email and user in cookie when cipher is unavailable

This improves safety and robustness, and also preserves the existing
behaviour.

* Add TestEncodeSessionState/TestDecodeSessionState

Use the test vectors with JSON encoding just introduced.

* Support session state encoding in older versions

* Add test cases for legacy session state strings

* Add check for wrong expiration time in session state strings

* Avoid exposing time.Time zero value when encoding session state string

* Update CHANGELOG.md
2019-03-20 13:59:24 +00:00
Tim Spencer
8cc5fbf859 add login.gov provider (#55)
* first stab at login.gov provider

* fixing bugs now that I think I understand things better

* fixing up dependencies

* remove some debug stuff

* Fixing all dependencies to point at my fork

* forgot to hit save on the github rehome here

* adding options for setting keys and so on, use JWT workflow instead of PKCE

* forgot comma

* was too aggressive with search/replace

* need JWTKey to be byte array

* removed custom refresh stuff

* do our own custom jwt claim and store it in the normal session store

* golang json types are strange

* I have much to learn about golang

* fix time and signing key

* add http lib

* fixed claims up since we don't need custom claims

* add libs

* forgot ioutil

* forgot ioutil

* moved back to pusher location

* changed proxy github location back so that it builds externally, fixed up []byte stuff, removed client_secret if we are using login.gov

* update dependencies

* do JWTs properly

* finished oidc flow, fixed up tests to work better

* updated comments, added test that we set expiresOn properly

* got confused with header and post vs get

* clean up debug and test dir

* add login.gov to README, remove references to my repo

* forgot to remove un-needed code

* can use sample_key* instead of generating your own

* updated changelog

* apparently golint wants comments like this

* linter wants non-standard libs in a separate grouping

* Update options.go

Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov>

* Update options.go

Co-Authored-By: timothy-spencer <timothy.spencer@gsa.gov>

* remove sample_key, improve comments related to client-secret, fix changelog related to PR feedback

* github doesn't seem to do gofmt when merging.  :-)

* update CODEOWNERS

* check the nonce

* validate the JWT fully

* forgot to add pubjwk-url to README

* unexport the struct

* fix up the err masking that travis found

* update nonce comment by request of @JoelSpeed

* argh.  Thought I'd formatted the merge properly, but apparently not.

* fixed test to not fail if the query time was greater than zero
2019-03-20 13:44:51 +00:00
einfachchr
f715c9371b Fixes deletion of splitted cookies - Issue #69 (#70)
* fixes deletion of splitted cookies

* three minor adjustments to improve the tests

* changed cookie name matching to regex

* Update oauthproxy.go

Co-Authored-By: einfachchr <einfachchr@gmail.com>

* removed unused variable

* Changelog
2019-03-15 07:18:37 +00:00
Carlos Alexandro Becker
58b8bbe491
fix: changelog 2019-03-11 14:55:02 -03:00
Adam Szalkowski
c7193b4085 Merge websocket proxy feature from openshift/oauth-proxy. Original author: Hiram Chirino <hiram@hiramchirino.com> 2019-03-11 14:05:16 +01:00
Aigars Mahinovs
4e6593bc60 Update changelog for pull request #57 2019-03-08 13:41:15 +01:00