Commit Graph

667 Commits

Author SHA1 Message Date
Brian Van Klaveren
b895f49c52 Use idToken expiry because that's the time checked for refresh
RefreshSessionIfNeeded checks the token expiry, we want to use
the ID token's expiry
2019-06-17 12:51:35 -07:00
Brian Van Klaveren
8083501da6 Support JWT Bearer Token and Pass through 2019-06-17 12:51:35 -07:00
Joel Speed
0af18d6d7c
Merge pull request #141 from openai/googleGroupEmail
Check google group membership based on email address
2019-06-15 14:05:56 +02:00
Joel Speed
77e1fff753
Merge pull request #185 from jonas/check-against-validate-url-string
Only validate tokens if ValidateURL resolves to a non-empty string
2019-06-15 12:30:03 +02:00
Joel Speed
0d6fa6216d
Merge pull request #180 from govau/littletidyups
Minor restructure for greater confidence that only authenticated requests are proxied
2019-06-15 12:21:54 +02:00
Adam Eijdenberg
d69560d020 No need for case when only 2 conditions 2019-06-15 18:48:27 +10:00
Jonas Fonseca
7a8fb58ad1
Only validate tokens if ValidateURL resolves to a non-empty string
Fix an unsupported protocol scheme error when validating tokens by
ensuring that the ValidateURL generates a non-empty string. The Azure
provider doesn't define any ValidateURL and therefore uses the default
value of `url.Parse("")` which is not `nil`.

The following log summary shows the issue:

    2019/06/14 12:26:04 oauthproxy.go:799: 10.244.1.3:34112 ("10.244.1.1") refreshing 16h26m29s old session cookie for Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true} (refresh after 1h0m0s)
    2019/06/14 12:26:04 internal_util.go:60: GET ?access_token=eyJ0...
    2019/06/14 12:26:04 internal_util.go:61: token validation request failed: Get ?access_token=eyJ0...: unsupported protocol scheme ""
    2019/06/14 12:26:04 oauthproxy.go:822: 10.244.1.3:34112 ("10.244.1.1") removing session. error validating Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true}
2019-06-14 12:52:22 -04:00
Adam Eijdenberg
f35c82bb0f The AuthOnly path also needs the response headers set 2019-06-07 14:25:12 +10:00
Adam Eijdenberg
9e59b4f62e Restructure so that serving data from upstream is only done when explicity allowed, rather
than as implicit dangling else
2019-06-07 13:50:44 +10:00
Joel Speed
572646e0d5
Merge pull request #175 from govau/bumpoidc
Bump go-oidc
2019-06-06 17:54:25 +01:00
Joel Speed
78feaec6fa
Merge branch 'master' into bumpoidc 2019-06-06 17:38:19 +01:00
Joel Speed
55a853cf51
Merge pull request #155 from lsst/redis-session-store
Redis session store
2019-06-05 11:39:47 +01:00
Brian Van Klaveren
405f9b3bb0 Update CHANGELOG with descriptions about redis support
Add updates from master
2019-06-05 00:12:11 -07:00
Joel Speed
4721da02f2 Ensure SessionStores can handle recieving cookies for the wrong implementation
(cherry picked from commit 131206cf41)
2019-06-05 00:11:42 -07:00
Joel Speed
c1ae0ca807 Make sure the cookie exists before we clear the session in redis
(cherry picked from commit 6d7f0ab57d)
2019-06-05 00:11:42 -07:00
Joel Speed
22199fa417 Fix ticket retrieval with an invalid ticket
(cherry picked from commit 66bbf146ec)
2019-06-05 00:11:42 -07:00
Joel Speed
3155ada287 Ensure sessions are refreshable in redis session store
(cherry picked from commit 48edce3003)
2019-06-05 00:11:42 -07:00
Joel Speed
2e2327af6c Check SaveSession works when an existing session is present
(cherry picked from commit 9dc1a96d81)
2019-06-05 00:11:42 -07:00
Brian Van Klaveren
ae0258a203 Documentation updates around Redis and Redis Sentinel use 2019-06-05 00:11:42 -07:00
Joel Speed
518c1d3e8e Add Redis sentinel compatibility
(cherry picked from commit ff36b61f8c)
2019-06-05 00:11:42 -07:00
Brian Van Klaveren
fc06e2dbef Update documentation and changelog for redis store 2019-06-05 00:11:42 -07:00
Joel Speed
5095c3647d Add redis-connection-url flag 2019-06-05 00:10:51 -07:00
Joel Speed
4f5dbace9f Refactor persistent tests with more Context 2019-06-05 00:10:51 -07:00
Joel Speed
7e7bfb5daf Stop miniredis after each test 2019-06-05 00:10:51 -07:00
Joel Speed
bc3d75a2ed Run persistent tests with multiple option groups 2019-06-05 00:10:51 -07:00
Joel Speed
42f14a41d9 Clean up persistent SessionStore tests 2019-06-05 00:10:51 -07:00
Joel Speed
a7693cc72a Tranfser all cookies in tests 2019-06-05 00:10:51 -07:00
Joel Speed
93df7d9132 Remove spurious comment 2019-06-05 00:10:51 -07:00
Joel Speed
a6b8f7bde2 Rename expire -> expiration 2019-06-05 00:10:51 -07:00
Joel Speed
2f61e42c37 More obvious comment on CFB 2019-06-05 00:10:51 -07:00
Joel Speed
f435fa68ab Make loadSessionFromString private 2019-06-05 00:10:51 -07:00
Joel Speed
130d03758d Fix comments on Redis options 2019-06-05 00:10:51 -07:00
Joel Speed
7a1fc52e33 Fix go-redis version pin 2019-06-05 00:10:51 -07:00
Joel Speed
b255ed56ef Sign cookies in the Redis Session store 2019-06-05 00:10:51 -07:00
Joel Speed
2c566a5f5b Use session CreatedAt for cookie timings 2019-06-05 00:10:51 -07:00
Joel Speed
296d989e58 Simplify redis store options 2019-06-05 00:10:51 -07:00
Brian Van Klaveren
f2562e8973 Pin version of go-redis 2019-06-05 00:10:51 -07:00
Brian Van Klaveren
42731f0617 Check cookie error and doc on cookie handling 2019-06-05 00:10:51 -07:00
Brian Van Klaveren
b1bd3280db Add support for a redis session store 2019-06-05 00:10:51 -07:00
Brian Van Klaveren
e881612ea6 Fix session_state type 2019-06-05 00:10:51 -07:00
Adam Eijdenberg
b6c60f52ee Bump go-oidc 2019-06-04 10:58:35 +10:00
Joel Speed
1355c1ce30
Merge pull request #170 from zeha/release-tarballs-as-before
Make release tarballs look like bitly's
2019-06-03 16:23:30 +01:00
Joel Speed
df6b6b7ce0
Merge pull request #176 from govau/fixnogopath
Stop assuming that GOPATH is always set, and is a single directory
2019-06-03 16:21:39 +01:00
Joel Speed
40cf6b2626
Merge pull request #168 from pusher/drop-1.11
Drop Go 1.11 from Travis CI
2019-06-03 15:22:35 +01:00
Joel Speed
006322562d
Bump go version in configure to check for go 1.12 2019-06-03 14:59:58 +01:00
Joel Speed
f0b6f1525b
Update changelog 2019-06-03 14:59:56 +01:00
Joel Speed
29fb71fac5
Drop Go 1.11 from Travis CI 2019-06-03 14:59:16 +01:00
Adam Eijdenberg
37475637cd Install gometalinter in travis instead 2019-06-03 17:53:47 +10:00
Adam Eijdenberg
e7d29590cd Fix travis so that if "configure" fails, it doesn't try to run make 2019-06-03 17:47:51 +10:00
Adam Eijdenberg
b05eb71adf Stop assuming that GOPATH is always set, and is a single directory
As of I think go1.8 GOPATH is by default $HOME/go so it is incorrect to
assume that it is set.

If not set, then the Makefile assumes gometalinter will be in
/bin/gometalinter, which it likely is not, and thus fails.

We could change configure to set GOPATH in the .env, however then we
would be assuming that GOPATH is a single entry - whereas like other
paths, it can contain more than one value.

So instead this commit stops trying to install gometalinter, and like
dep, it assumes that it is installed prior.

(and since the current behaviour of the Makefile is affecting state
external to the project, that seems more logical)
2019-06-03 17:25:48 +10:00