Joel Speed
4bc0a91e2e
Merge pull request #210 from steakunderscore/alpine-3-10
...
Update to Alpine 3.10
2019-07-15 11:25:12 +01:00
Henry Jenkins
179ee6c2db
Update CHANGELOG
2019-07-14 13:51:46 +01:00
Henry Jenkins
e92e2f0cb4
Update CHANGELOG
2019-07-14 13:32:37 +01:00
Henry Jenkins
27bdb194b1
Update to Alpine 3.10
2019-07-13 22:14:05 +01:00
Henry Jenkins
c98ff79aba
Update other docker files
2019-07-13 22:12:20 +01:00
Henry Jenkins
e245ef4854
Switch from dep to go mod
...
Update modules to avoid issues with golangci-lint
2019-07-13 21:54:45 +01:00
Joel Speed
a83c5eabb6
Merge pull request #159 from djfinlay/wip/allow-unverified-email
...
Create option to skip verified email check in OIDC provider
2019-07-11 16:38:17 +01:00
Daryl Finlay
9823971b7d
Make insecure-oidc-allow-unverified-email configuration usage consistent
2019-07-11 15:58:31 +01:00
Daryl Finlay
776d063b98
Update changelog to include --insecure-oidc-allow-unverified-email
2019-07-11 15:30:57 +01:00
Daryl Finlay
39b6a42d43
Mark option to skip verified email check as insecure
2019-07-11 15:29:48 +01:00
Daryl Finlay
018a25be04
Create option to skip verified email check in OIDC provider
2019-07-11 15:29:48 +01:00
Joel Speed
ecd0f89c84
Merge pull request #206 from nniikkoollaaii/feature/update_docs_nginx_auth_request
...
update configuration.md auth_request section
2019-07-10 09:38:21 +01:00
Seip, Nikolai
387a7267e1
update configuration.md auth_request section
2019-07-10 10:26:31 +02:00
Joel Speed
4eefc01600
Merge pull request #195 from steakunderscore/banner-flag
...
Adds banner flag
2019-07-04 11:24:16 +01:00
Henry Jenkins
aa37564655
Merge branch 'master' into banner-flag
2019-07-02 14:03:21 +01:00
Joel Speed
85c5cef783
Merge pull request #198 from steakunderscore/switch_to_golangci-lint
...
Switch linter to golangci-lint
2019-07-01 16:37:26 +01:00
hjenkins
ce7e384095
Remove TODO vetshadow as it's part of govet
2019-07-01 16:27:19 +01:00
Henry Jenkins
b9cfa8f49f
Add changelog entry
2019-06-25 16:42:24 +01:00
Henry Jenkins
924eab6355
Adds banner flag
...
This is to override what's displayed on the main page.
2019-06-25 16:41:51 +01:00
Henry Jenkins
5bcb998e6b
Update changelog
2019-06-23 21:39:13 +01:00
Henry Jenkins
d24aacdb5c
Fix lint errors
2019-06-23 21:39:13 +01:00
Henry Jenkins
411adf6f21
Switch linter to golangci-lint
2019-06-23 20:44:16 +01:00
Joel Speed
317f09f41e
Merge pull request #65 from lsst/jwt_bearer_passthrough
...
JWT bearer passthrough
2019-06-21 15:40:34 +01:00
Brian Van Klaveren
3881955605
Update unit tests for ValidateGroup
2019-06-20 16:57:20 -07:00
Brian Van Klaveren
bd651df3c2
Ensure groups in JWT Bearer tokens are also validated
...
Fix a minor auth logging bug
2019-06-20 13:40:04 -07:00
Brian Van Klaveren
058ffd1047
Update unit tests for username
2019-06-17 13:11:49 -07:00
Brian Van Klaveren
5a50f6223f
Do not infer username from email
2019-06-17 12:58:40 -07:00
Brian Van Klaveren
100f126405
Make JwtIssuer struct private
2019-06-17 12:52:44 -07:00
Brian Van Klaveren
2f6dcf3b5f
Move refreshing code to block acquiring cookied session
2019-06-17 12:52:44 -07:00
Brian Van Klaveren
48dbb391bc
Move around CHANGELOG.md update
2019-06-17 12:52:44 -07:00
Brian Van Klaveren
54d91c69cc
Use logger instead of log
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
350c1cd127
Use JwtIssuer struct when parsing
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
58b06ce761
Fall back to using sub if email is none (as in PR #57 )
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
79acef9036
Clarify skip-jwt-bearer-tokens default and add env tags
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
10f65e0381
Add a more realistic test for JWT passthrough
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
1ff74d322a
Fix imports
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
69cb34a04e
Add unit tests for JWT -> session translation
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
187960e9d8
Improve token pattern matching
...
Unit tests for token discovery
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
8413c30c26
Update changelog with info about -skip-jwt-bearer-tokens
2019-06-17 12:52:13 -07:00
Brian Van Klaveren
b895f49c52
Use idToken expiry because that's the time checked for refresh
...
RefreshSessionIfNeeded checks the token expiry, we want to use
the ID token's expiry
2019-06-17 12:51:35 -07:00
Brian Van Klaveren
8083501da6
Support JWT Bearer Token and Pass through
2019-06-17 12:51:35 -07:00
Joel Speed
0af18d6d7c
Merge pull request #141 from openai/googleGroupEmail
...
Check google group membership based on email address
2019-06-15 14:05:56 +02:00
Joel Speed
77e1fff753
Merge pull request #185 from jonas/check-against-validate-url-string
...
Only validate tokens if ValidateURL resolves to a non-empty string
2019-06-15 12:30:03 +02:00
Joel Speed
0d6fa6216d
Merge pull request #180 from govau/littletidyups
...
Minor restructure for greater confidence that only authenticated requests are proxied
2019-06-15 12:21:54 +02:00
Joel Speed
6366690927
Fix gofmt for changed files
2019-06-15 11:34:00 +02:00
Joel Speed
417fde190c
Update changelog
2019-06-15 11:33:59 +02:00
Joel Speed
fb9616160e
Move logger to pkg/logger
2019-06-15 11:33:58 +02:00
Joel Speed
d1ef14becc
Move cookie to pkg/encryption
2019-06-15 11:33:57 +02:00
Adam Eijdenberg
d69560d020
No need for case when only 2 conditions
2019-06-15 18:48:27 +10:00
Jonas Fonseca
7a8fb58ad1
Only validate tokens if ValidateURL resolves to a non-empty string
...
Fix an unsupported protocol scheme error when validating tokens by
ensuring that the ValidateURL generates a non-empty string. The Azure
provider doesn't define any ValidateURL and therefore uses the default
value of `url.Parse("")` which is not `nil`.
The following log summary shows the issue:
2019/06/14 12:26:04 oauthproxy.go:799: 10.244.1.3:34112 ("10.244.1.1") refreshing 16h26m29s old session cookie for Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true} (refresh after 1h0m0s)
2019/06/14 12:26:04 internal_util.go:60: GET ?access_token=eyJ0...
2019/06/14 12:26:04 internal_util.go:61: token validation request failed: Get ?access_token=eyJ0...: unsupported protocol scheme ""
2019/06/14 12:26:04 oauthproxy.go:822: 10.244.1.3:34112 ("10.244.1.1") removing session. error validating Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true}
2019-06-14 12:52:22 -04:00