3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
2565 commits 157 branches 125 tags 103 MiB
Commit graph

210 commits

Author SHA1 Message Date
Caleb Doxsey
9413123c0f
config: generate cookie secret if not set in all-in-one mode (#3742) 
* config: generate cookie secret if not set in all-in-one mode

* fix tests

* config: add warning about cookie_secret

* breakup lines
 2022-11-11 14:14:30 -07:00
Caleb Doxsey
2b319822a4
authenticate: update user info dashboard to show group info for enterprise (#3736) 
* authenticate: update user info dashboard to show group info for enterprise

* Update ui/src/components/GroupDetails.tsx

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-09 07:44:35 -07:00
Caleb Doxsey
c178819875
move directory providers (#3633) 
* remove directory providers and support for groups

* idp: remove directory providers

* better error messages

* fix errors

* restore postgres

* fix test
 2022-11-03 11:33:56 -06:00
Caleb Doxsey
3f9dfbef76
device: add generic methods for working with user+session devices (#3710) 2022-10-28 08:41:12 -06:00
Caleb Doxsey
30bdae3d9e
sessions: check idp id to detect provider changes to force session invalidation (#3707) 
* sessions: check idp id to detect provider changes to force session invalidation

* remove dead code

* fix test
 2022-10-25 16:20:32 -06:00
Caleb Doxsey
b68dc1ff4f
controlplane: move jwks.json endpoint to control plane (#3691) 2022-10-25 08:01:33 -06:00
Caleb Doxsey
63b210e51d
httputil: remove error details (#3703) 2022-10-25 08:00:21 -06:00
Caleb Doxsey
75634dfca2
authenticate: remove ecjson (#3688) 2022-10-20 10:37:21 -06:00
Caleb Doxsey
bdd6145e91
authenticate: get/set identity provider id for all sessions (#3597) 2022-09-07 10:06:59 -06:00
Alex
fc21579e4b
Fix typos (#3575) 
typos
 2022-08-30 15:51:40 -07:00
Caleb Doxsey
5f51510e91
authenticate: add CORS headers to jwks endpoint (#3574) 2022-08-25 16:09:11 -06:00
Caleb Doxsey
e9e52d8225
authenticate: fix branding for webauthn device registration page (#3572) 2022-08-24 15:51:34 -06:00
Caleb Doxsey
46703b9419
config: add branding settings (#3558) 2022-08-16 14:51:47 -06:00
Caleb Doxsey
6140ee1d88
controlplane: add well-known endpoint to the controlplane http handler (#3555) 
* controlplane: add well-known endpoint to the controlplane http handler

* add support for trailing /

* remove redundant test
 2022-08-16 09:59:39 -06:00
Caleb Doxsey
0ac7e45a21
atomicutil: use atomicutil.Value wherever possible (#3517) 
* atomicutil: use atomicutil.Value wherever possible

* fix test

* fix mux router
 2022-07-28 15:38:38 -06:00
Caleb Doxsey
86625a4ddb
config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453) 2022-06-29 10:44:08 -06:00
Caleb Doxsey
a938a23ea2
device enrollment: fix ip address (#3430) 2022-06-16 11:30:38 -06:00
Caleb Doxsey
464ccdf767
authenticate: fix internal service URL dashboard redirect (#3305) 2022-04-29 08:09:28 -06:00
Caleb Doxsey
9dbe12fe99
authenticate: save session for bare webauthn redirects, consider external service URL to be a pomerium url (#3280) 2022-04-19 16:03:11 -06:00
Caleb Doxsey
61ffeb837d
authenticate: fix internal service URL CORS check (#3279) 2022-04-19 10:09:47 -06:00
Caleb Doxsey
36f73fa6c7
authorize: track session and service account access date (#3220) 
* session: add accessed at date

* authorize: track session and service account access times

* Revert "databroker: add support for field masks on Put (#3210)"

This reverts commit 2dc778035d.

* add test

* fix data race in test

* add deadline for update

* track dropped accesses
 2022-03-31 09:19:04 -06:00
Caleb Doxsey
69ba511c64
authenticate: fix internal url with webauthn (#3194) 2022-03-28 06:36:48 -06:00
Caleb Doxsey
7d00ad9b7d
remove version (#3184) 2022-03-23 11:51:24 -06:00
Caleb Doxsey
da97546de1
authenticate: show the device enrolled page as the user info page (#3151) 2022-03-17 11:15:57 -07:00
Nathan Hayfield
351f562c42
adds pomerium version to the user info endpoint (#3093) 
* adds pomerium version to the user info endpoint

* linting

* order imports
 2022-03-03 20:00:17 +01:00
Caleb Doxsey
1342523cda
grpc: remove ptypes references (#3078) 2022-02-24 08:37:59 -07:00
Caleb Doxsey
35f697e491
userinfo: add webauthn buttons to user info page (#3075) 
* userinfo: add webauthn buttons to user info page

* use new buttons on original page

* fix test
 2022-02-23 10:08:24 -07:00
Caleb Doxsey
38c7089642
userinfo: fix logout button, add sign out confirm page (#3058) 
* userinfo: fix logout button, add sign out confirm page

* fix test
 2022-02-23 08:15:00 -07:00
Caleb Doxsey
f9b95a276b
authenticate: support for per-route client id and client secret (#3030) 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00
Caleb Doxsey
46c4d5fa7e
session: remove unused session state properties (#3022) 
* fix error page

* share dashboard code

* sessions: remove unused session state properties

* remove programmatic

* remove version
 2022-02-09 10:59:06 -07:00
Caleb Doxsey
0898dd4f34
proxy: fix error page (#3020) 
* fix error page

* proxy: fix error page

* share dashboard code

* fix test
 2022-02-09 09:14:24 -07:00
Caleb Doxsey
2824faecbf
frontend: react+mui (#3004) 
* mui v5 wip

* wip

* wip

* wip

* use compressor for all controlplane endpoints

* wip

* wip

* add deps

* fix authenticate URL

* fix test

* fix test

* fix build

* maybe fix build

* fix integration test

* remove image asset test

* add yarn.lock
 2022-02-07 08:47:58 -07:00
Caleb Doxsey
2f328e7de0
authenticate: fix expiring user info endpoint (#2976) 
* authenticate: fix expiring user info endpoint

* add test
 2022-01-27 16:10:47 -07:00
Caleb Doxsey
95d6d97143
authenticate: support webauthn redirects to non-pomerium domains (#2936) 
* authenticate: support webauthn redirects to non-pomerium domains

* add test

* remove dead code
 2022-01-19 15:10:57 -07:00
Caleb Doxsey
8d882ce9c9
webauthn: use absolute URL for delete redirect (#2935) 
* authenticate: add callback endpoint

* webauthn: use absolute URL for delete redirect
 2022-01-14 10:23:27 -07:00
Caleb Doxsey
b019b61ccb
authenticate: add callback endpoint (#2931) 2022-01-14 10:22:46 -07:00
Caleb Doxsey
4583ecc730
devices: treat undefined device types as any (#2927) 2022-01-12 11:04:35 -07:00
Caleb Doxsey
9330f6b0ac
authenticate: add device-enrolled page (#2892) 
* authenticate: add device-enrolled page

* remove device credential id from page
 2022-01-06 10:01:12 -07:00
Caleb Doxsey
838c9e3a3d
dashboard: improve display of device credentials, allow deletion (#2829) 
* dashboard: improve display of device credentials, allow deletion

* fix test
 2021-12-20 12:19:54 -07:00
Caleb Doxsey
a3be1b7cc5
devices: switch "default" device type to two built-in default device types (#2835) 2021-12-20 10:44:29 -07:00
Caleb Doxsey
5a858f5d48
config: add internal service URLs (#2801) 
* config: add internal service URLs

* maybe fix integration tests

* add docs

* fix integration tests

* for databroker connect to external name, but listen on internal name

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-12-10 14:04:37 -05:00
Caleb Doxsey
a8b76bd623
authorize: support X-Pomerium-Authorization in addition to Authorization (#2780) 
* authorize: support X-Pomerium-Authorization in addition to Authorization

* tangentental correction

Co-authored-by: alexfornuto <alex@fornuto.com>
 2021-11-29 12:19:14 -07:00
Caleb Doxsey
a5034aabae
authenticate: redirect / to /.pomerium/ (#2770) 2021-11-18 08:49:23 -07:00
Caleb Doxsey
85bb396555
device: add type id and credential id to enrollment for easier referencing (#2749) 2021-11-05 09:48:45 -06:00
Caleb Doxsey
b0f8c055ec
authenticate: always update user record on login (#2719) 
* authenticate: always update user record on login

* identity: fix user refresh

* add test for manager update

* fix time
 2021-11-01 14:18:18 -06:00
Caleb Doxsey
d390e80b30
authenticate: add databroker versions to session cookie (#2709) 
* authenticate: add databroker versions to session cookie
authorize: wait for databroker synchronization on updated sessions

* fix test
 2021-10-26 14:45:53 -06:00
Caleb Doxsey
9d4ebcf871
webauthn: update session to support device credentials per type (#2699) 2021-10-22 14:33:34 -06:00
Caleb Doxsey
1162585471
authenticate: add support for webauthn (#2688) 
* authenticate: add support for webauthn

* remove rfc4648 library due to missing LICENSE

* fix test

* put state function in separate function
 2021-10-20 13:18:34 -06:00
Caleb Doxsey
33f5190572
config: remove signature_key_algorithm (#2557) 
* config: remove signature_key_algorithm

* typo

* add more tests
 2021-09-02 11:36:43 -06:00
Caleb Doxsey
f5a558d4a0
grpc: disable gRPC connection re-use across services (#2515) 2021-08-24 11:47:16 -06:00