Commit Graph

105 Commits

Author SHA1 Message Date
Mike Bland
8ec967ac32 Check cookie_secret size when cookie_refresh set 2015-05-09 17:37:33 -04:00
Mike Bland
84190ab19a Validate user during cookie refresh 2015-05-09 16:54:27 -04:00
Mike Bland
610341a068 Make ProcessCookie() fail when cookie parse fails 2015-05-09 16:54:27 -04:00
Mike Bland
bd4eae8fec Store access token when cookie-refresh is set
cookie-refresh now no longer requires pass-access-token in order to work.
2015-05-09 16:54:27 -04:00
Mike Bland
b6e07d51b2 Validate access_token when auto-refreshing cookie 2015-05-09 15:09:31 -04:00
Mike Bland
25372567ac ValidateToken() to check access_token validity 2015-05-09 13:17:37 -04:00
Mike Bland
72857018ee Introduce validate-url flag/config 2015-05-08 17:13:35 -04:00
Mike Bland
8e2d83600c Implement cookie auto-refresh
The intention is to refresh the cookie whenever the user accesses an
authenticated service with less than `cookie-refresh` time to go before the
cookie expires.
2015-05-08 14:05:09 -04:00
Mike Bland
f554f99abd Ensure all errors are logged in ProcessCookie() 2015-05-08 14:05:09 -04:00
Mike Bland
beed9fb9a2 Extract MakeCookie() 2015-05-08 14:05:09 -04:00
Mike Bland
1bd90cefe7 Extract ProcessCookie() from ServeHTTP() 2015-05-08 12:41:22 -04:00
Mike Bland
9887ac3be5 Refactor cookie building and parsing
Extracts buildCookieValue() and parseCookieValue() from OauthProxy.ServeHTTP()
and adds tests for both.
2015-04-07 05:53:41 -04:00
Mike Bland
cf79fd9e4c Refactor pass_access_token+cookie_secret check
Moves the check from NewOauthProxy() to Options.Validate() and adds a test.
2015-04-07 05:53:40 -04:00
Mike Bland
5f747bb768 Redirect to / when /oauth2/sign_in accessed
Without this change, clicking the sign-in button on /oauth2/sign_in will
always redirect back to /oauth2/sign_in, essentially creating an infinite
loop.
2015-04-06 22:10:03 -04:00
Mike Bland
ad3c9a886f Pass the access token to the upstream client
This is accomplished by encoding the access_token in the auth cookie and
unpacking it as the X-Forwarded-Access-Token header for upstream requests.
2015-04-03 15:32:01 -04:00
Mike Bland
666e6ad436 Add ProviderName field; use in sign_in template 2015-03-31 12:59:07 -04:00
Mike Bland
d9a945ebc3 Integrate Provider into Options and OauthProxy 2015-03-31 09:34:50 -04:00
Mike Bland
45286af4a4 s/18F/bitly/ in import path 2015-03-30 11:42:37 -04:00
Mike Bland
9d8f932797 Extract api package
This is the first step towards genericizing the google_auth_proxy to support
OAuth2 providers other than Google as discussed in #65. The `api` package will
enable multiple providers to use the same `api.Request()` implementation.
2015-03-30 10:23:30 -04:00
Jehiah Czebotar
16f2c981f3 fix upstream request path 2015-03-21 15:29:07 -04:00
Jehiah Czebotar
b9b5e817fc improve request logging (closer to Apache Common Log) 2015-03-19 22:34:01 -04:00
Jehiah Czebotar
07c74f55c6 improve handling of cookie domains 2015-03-19 16:18:02 -04:00
Jehiah Czebotar
de04e0c519 rename cookie secure flag 2015-03-19 14:08:17 -04:00
Jehiah Czebotar
ebae065b11 make redirect_uri optional 2015-03-19 14:03:05 -04:00
Jehiah Czebotar
71ae70834d pass raw unencoded request URI upstream 2015-03-19 13:18:49 -04:00
Jehiah Czebotar
2b2324e410 support (optional) custom templates 2015-03-17 18:11:58 -04:00
Jehiah Czebotar
263e16eeea add --proxy-host-header option 2015-03-17 15:53:01 -04:00
John Boxall
24ef555547 Requests are proxied to the Host specified by the target. 2015-03-17 15:04:27 -04:00
John Boxall
20a152261c Adds failing test for using upstream Host header. 2015-03-17 15:04:27 -04:00
Jehiah Czebotar
601ae6f4ec Merge pull request #60 from tomtaylor/gofmt-fixes
Run gofmt over source
2015-01-19 12:48:57 -05:00
Tom Taylor
5201f26ffc Run gofmt over source. 2015-01-19 16:10:37 +00:00
Tom Taylor
132e3d91d6 Add flag to enable/disable cookie's HttpOnly flag. 2015-01-19 16:00:49 +00:00
vishnu chilamakuru
c4d25d271f Adding Support for multi white listed urls with regex url match. 2015-01-12 14:48:41 +05:30
drew
69804e588a Allow hiding custom login UI even if an htpasswd file is provided. 2014-12-09 14:38:57 -06:00
Jehiah Czebotar
1f515eba3c options bug fixes; set https cookies on by default 2014-11-09 22:21:46 -05:00
Jehiah Czebotar
a49eadadeb template updates to display version 2014-11-09 22:01:50 -05:00
Jehiah Czebotar
9060feb436 better environment parsing 2014-11-09 21:12:36 -05:00
Jehiah Czebotar
d4fe9a4f57 Add config file support 2014-11-09 20:33:12 -05:00
Jehiah Czebotar
bc26835076 always set httponly (there is no good reason not to); simplify httponly and expire flags 2014-11-08 14:32:35 -05:00
Igor Dolgiy
6cdf05e7f2 Added cookie settings 2014-11-08 13:35:45 -05:00
Jehiah Czebotar
23a89b06de Merge pull request #22 from dbrgn/empty_upstream_path
Handle upstreams without a trailing slash
2014-11-08 19:17:44 +01:00
Roger Hu
ec9c11ed28 Pass in the original email address too as X-Forwarded-Email. 2014-11-08 07:33:14 -08:00
Jason Swank
1e29aa1c12 Make /ping endpoint respond with "OK" 2014-10-14 17:05:59 -04:00
Jason Swank
8702ad2e52 Add /ping endpoint 2014-10-14 16:22:38 -04:00
Jehiah Czebotar
98fb800de4 update to new scopes 2014-08-07 20:49:28 +00:00
Danilo Bargen
b3bbc3ca20 Handle upstreams without a trailing slash 2014-07-08 15:06:41 +02:00
Danilo Bargen
cfe186d6cb Fixed wrong error message 2014-07-08 14:07:07 +02:00
Sean O'Connor
11ce460209 Updated redirect arg handling to only happen when needed. 2013-10-24 17:40:29 +00:00
Sean O'Connor
d2b1815d43 After authentication, redirect to original URI. 2013-10-23 20:29:39 +00:00
Jehiah Czebotar
c97de52200 handle sign in directly (if using htpasswd) 2012-12-26 18:26:03 +00:00
Jehiah Czebotar
4367e47a46 don't promote htpasswd auth; auth directly 2012-12-26 16:55:20 +00:00
Jehiah Czebotar
c459806ab0 promote basic auth to cookie 2012-12-26 10:35:02 -05:00
Jehiah Czebotar
42f539109e testing 2012-12-17 13:38:33 -05:00
Jehiah Czebotar
42359333b2 cleanup error handling 2012-12-17 13:15:23 -05:00
Jehiah Czebotar
fb636396a3 initial code import 2012-12-10 20:59:23 -05:00