Brian Van Klaveren
b895f49c52
Use idToken expiry because that's the time checked for refresh
...
RefreshSessionIfNeeded checks the token expiry, we want to use
the ID token's expiry
2019-06-17 12:51:35 -07:00
Brian Van Klaveren
8083501da6
Support JWT Bearer Token and Pass through
2019-06-17 12:51:35 -07:00
Joel Speed
0af18d6d7c
Merge pull request #141 from openai/googleGroupEmail
...
Check google group membership based on email address
2019-06-15 14:05:56 +02:00
Joel Speed
77e1fff753
Merge pull request #185 from jonas/check-against-validate-url-string
...
Only validate tokens if ValidateURL resolves to a non-empty string
2019-06-15 12:30:03 +02:00
Joel Speed
0d6fa6216d
Merge pull request #180 from govau/littletidyups
...
Minor restructure for greater confidence that only authenticated requests are proxied
2019-06-15 12:21:54 +02:00
Adam Eijdenberg
d69560d020
No need for case when only 2 conditions
2019-06-15 18:48:27 +10:00
Jonas Fonseca
7a8fb58ad1
Only validate tokens if ValidateURL resolves to a non-empty string
...
Fix an unsupported protocol scheme error when validating tokens by
ensuring that the ValidateURL generates a non-empty string. The Azure
provider doesn't define any ValidateURL and therefore uses the default
value of `url.Parse("")` which is not `nil`.
The following log summary shows the issue:
2019/06/14 12:26:04 oauthproxy.go:799: 10.244.1.3:34112 ("10.244.1.1") refreshing 16h26m29s old session cookie for Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true} (refresh after 1h0m0s)
2019/06/14 12:26:04 internal_util.go:60: GET ?access_token=eyJ0...
2019/06/14 12:26:04 internal_util.go:61: token validation request failed: Get ?access_token=eyJ0...: unsupported protocol scheme ""
2019/06/14 12:26:04 oauthproxy.go:822: 10.244.1.3:34112 ("10.244.1.1") removing session. error validating Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true}
2019-06-14 12:52:22 -04:00
Adam Eijdenberg
f35c82bb0f
The AuthOnly path also needs the response headers set
2019-06-07 14:25:12 +10:00
Adam Eijdenberg
9e59b4f62e
Restructure so that serving data from upstream is only done when explicity allowed, rather
...
than as implicit dangling else
2019-06-07 13:50:44 +10:00
Joel Speed
572646e0d5
Merge pull request #175 from govau/bumpoidc
...
Bump go-oidc
2019-06-06 17:54:25 +01:00
Joel Speed
78feaec6fa
Merge branch 'master' into bumpoidc
2019-06-06 17:38:19 +01:00
Joel Speed
55a853cf51
Merge pull request #155 from lsst/redis-session-store
...
Redis session store
2019-06-05 11:39:47 +01:00
Brian Van Klaveren
405f9b3bb0
Update CHANGELOG with descriptions about redis support
...
Add updates from master
2019-06-05 00:12:11 -07:00
Joel Speed
4721da02f2
Ensure SessionStores can handle recieving cookies for the wrong implementation
...
(cherry picked from commit 131206cf41
)
2019-06-05 00:11:42 -07:00
Joel Speed
c1ae0ca807
Make sure the cookie exists before we clear the session in redis
...
(cherry picked from commit 6d7f0ab57d
)
2019-06-05 00:11:42 -07:00
Joel Speed
22199fa417
Fix ticket retrieval with an invalid ticket
...
(cherry picked from commit 66bbf146ec
)
2019-06-05 00:11:42 -07:00
Joel Speed
3155ada287
Ensure sessions are refreshable in redis session store
...
(cherry picked from commit 48edce3003
)
2019-06-05 00:11:42 -07:00
Joel Speed
2e2327af6c
Check SaveSession works when an existing session is present
...
(cherry picked from commit 9dc1a96d81
)
2019-06-05 00:11:42 -07:00
Brian Van Klaveren
ae0258a203
Documentation updates around Redis and Redis Sentinel use
2019-06-05 00:11:42 -07:00
Joel Speed
518c1d3e8e
Add Redis sentinel compatibility
...
(cherry picked from commit ff36b61f8c
)
2019-06-05 00:11:42 -07:00
Brian Van Klaveren
fc06e2dbef
Update documentation and changelog for redis store
2019-06-05 00:11:42 -07:00
Joel Speed
5095c3647d
Add redis-connection-url flag
2019-06-05 00:10:51 -07:00
Joel Speed
4f5dbace9f
Refactor persistent tests with more Context
2019-06-05 00:10:51 -07:00
Joel Speed
7e7bfb5daf
Stop miniredis after each test
2019-06-05 00:10:51 -07:00
Joel Speed
bc3d75a2ed
Run persistent tests with multiple option groups
2019-06-05 00:10:51 -07:00
Joel Speed
42f14a41d9
Clean up persistent SessionStore tests
2019-06-05 00:10:51 -07:00
Joel Speed
a7693cc72a
Tranfser all cookies in tests
2019-06-05 00:10:51 -07:00
Joel Speed
93df7d9132
Remove spurious comment
2019-06-05 00:10:51 -07:00
Joel Speed
a6b8f7bde2
Rename expire -> expiration
2019-06-05 00:10:51 -07:00
Joel Speed
2f61e42c37
More obvious comment on CFB
2019-06-05 00:10:51 -07:00
Joel Speed
f435fa68ab
Make loadSessionFromString private
2019-06-05 00:10:51 -07:00
Joel Speed
130d03758d
Fix comments on Redis options
2019-06-05 00:10:51 -07:00
Joel Speed
7a1fc52e33
Fix go-redis version pin
2019-06-05 00:10:51 -07:00
Joel Speed
b255ed56ef
Sign cookies in the Redis Session store
2019-06-05 00:10:51 -07:00
Joel Speed
2c566a5f5b
Use session CreatedAt for cookie timings
2019-06-05 00:10:51 -07:00
Joel Speed
296d989e58
Simplify redis store options
2019-06-05 00:10:51 -07:00
Brian Van Klaveren
f2562e8973
Pin version of go-redis
2019-06-05 00:10:51 -07:00
Brian Van Klaveren
42731f0617
Check cookie error and doc on cookie handling
2019-06-05 00:10:51 -07:00
Brian Van Klaveren
b1bd3280db
Add support for a redis session store
2019-06-05 00:10:51 -07:00
Brian Van Klaveren
e881612ea6
Fix session_state type
2019-06-05 00:10:51 -07:00
Adam Eijdenberg
b6c60f52ee
Bump go-oidc
2019-06-04 10:58:35 +10:00
Joel Speed
1355c1ce30
Merge pull request #170 from zeha/release-tarballs-as-before
...
Make release tarballs look like bitly's
2019-06-03 16:23:30 +01:00
Joel Speed
df6b6b7ce0
Merge pull request #176 from govau/fixnogopath
...
Stop assuming that GOPATH is always set, and is a single directory
2019-06-03 16:21:39 +01:00
Joel Speed
40cf6b2626
Merge pull request #168 from pusher/drop-1.11
...
Drop Go 1.11 from Travis CI
2019-06-03 15:22:35 +01:00
Joel Speed
006322562d
Bump go version in configure to check for go 1.12
2019-06-03 14:59:58 +01:00
Joel Speed
f0b6f1525b
Update changelog
2019-06-03 14:59:56 +01:00
Joel Speed
29fb71fac5
Drop Go 1.11 from Travis CI
2019-06-03 14:59:16 +01:00
Adam Eijdenberg
37475637cd
Install gometalinter in travis instead
2019-06-03 17:53:47 +10:00
Adam Eijdenberg
e7d29590cd
Fix travis so that if "configure" fails, it doesn't try to run make
2019-06-03 17:47:51 +10:00
Adam Eijdenberg
b05eb71adf
Stop assuming that GOPATH is always set, and is a single directory
...
As of I think go1.8 GOPATH is by default $HOME/go so it is incorrect to
assume that it is set.
If not set, then the Makefile assumes gometalinter will be in
/bin/gometalinter, which it likely is not, and thus fails.
We could change configure to set GOPATH in the .env, however then we
would be assuming that GOPATH is a single entry - whereas like other
paths, it can contain more than one value.
So instead this commit stops trying to install gometalinter, and like
dep, it assumes that it is installed prior.
(and since the current behaviour of the Makefile is affecting state
external to the project, that seems more logical)
2019-06-03 17:25:48 +10:00