3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-15 18:28:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
3574 commits 178 branches 133 tags 112 MiB
Commit graph

90 commits

Author SHA1 Message Date
Joe Kralicky
fe31799eb5
 		Fix many instances of contexts and loggers not being propagated () 
This also replaces instances where we manually write "return ctx.Err()"
with "return context.Cause(ctx)" which is functionally identical, but
will also correctly propagate cause errors if present.
 2024-10-25 14:50:56 -04:00
Caleb Doxsey
dad954ae16
 		core/logging: change log.Error function () 
* core/logging: change log.Error function

* use request id
 2024-09-05 15:42:46 -06:00
Kenneth Jenkins
b7896b3153
 		authenticateflow: move stateless flow logic () 
Consolidate all logic specific to the stateless authenticate flow into a
a new Stateless type in a new package internal/authenticateflow. This is
in preparation for adding a new Stateful type implementing the older
stateful authenticate flow (from Pomerium v0.20 and previous).

This change is intended as a pure refactoring of existing logic, with no
changes in functionality.
 2023-12-06 16:55:57 -08:00
Denis Mishin
6e39ebc189
 		store authenticate state on creation () 2023-03-17 18:25:29 -04:00
Caleb Doxsey
539fd51579
 		authenticate: remove databroker dependency () 2022-12-17 09:03:46 -07:00
Caleb Doxsey
c1a522cd82
 		proxy: add userinfo and webauthn endpoints () 
* proxy: add userinfo and webauthn endpoints

* use TLD for RP id

* use EffectiveTLDPlusOne

* upgrade webauthn

* fix test

* Update internal/handlers/jwks.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-22 10:26:35 -07:00
Caleb Doxsey
0ac7e45a21
 		atomicutil: use atomicutil.Value wherever possible () 
* atomicutil: use atomicutil.Value wherever possible

* fix test

* fix mux router
 2022-07-28 15:38:38 -06:00
Caleb Doxsey
86625a4ddb
 		config: support files for shared_secret, client_secret, cookie_secret and signing_key () 2022-06-29 10:44:08 -06:00
Caleb Doxsey
35f697e491
 		userinfo: add webauthn buttons to user info page () 
* userinfo: add webauthn buttons to user info page

* use new buttons on original page

* fix test
 2022-02-23 10:08:24 -07:00
Caleb Doxsey
f9b95a276b
 		authenticate: support for per-route client id and client secret () 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00
Caleb Doxsey
2824faecbf
 		frontend: react+mui () 
* mui v5 wip

* wip

* wip

* wip

* use compressor for all controlplane endpoints

* wip

* wip

* add deps

* fix authenticate URL

* fix test

* fix test

* fix build

* maybe fix build

* fix integration test

* remove image asset test

* add yarn.lock
 2022-02-07 08:47:58 -07:00
Caleb Doxsey
2f328e7de0
 		authenticate: fix expiring user info endpoint () 
* authenticate: fix expiring user info endpoint

* add test
 2022-01-27 16:10:47 -07:00
Caleb Doxsey
9330f6b0ac
 		authenticate: add device-enrolled page () 
* authenticate: add device-enrolled page

* remove device credential id from page
 2022-01-06 10:01:12 -07:00
Caleb Doxsey
a3be1b7cc5
 		devices: switch "default" device type to two built-in default device types () 2021-12-20 10:44:29 -07:00
Caleb Doxsey
5a858f5d48
 		config: add internal service URLs () 
* config: add internal service URLs

* maybe fix integration tests

* add docs

* fix integration tests

* for databroker connect to external name, but listen on internal name

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-12-10 14:04:37 -05:00
Caleb Doxsey
1162585471
 		authenticate: add support for webauthn () 
* authenticate: add support for webauthn

* remove rfc4648 library due to missing LICENSE

* fix test

* put state function in separate function
 2021-10-20 13:18:34 -06:00
Caleb Doxsey
b1d62bb541
 		config: remove validate side effects () 
* config: default shared key

* handle additional errors

* update grpc addr and grpc insecure

* update google cloud service authentication service account

* fix set response headers

* fix qps

* fix test
 2021-04-22 15:10:50 -06:00
wasaga
e0c09a0998
 		log context () 2021-04-22 10:58:13 -04:00
Caleb Doxsey
3690a32855
 		config: use getters for authenticate, signout and forward auth urls () 2021-03-19 14:49:25 -06:00
Caleb Doxsey
f396c2a0f7
 		config: log config source changes () 
* config: log config source changes

* use internal log import
 2021-03-03 09:54:08 -07:00
Caleb Doxsey
664358dfad
 		config: multiple endpoints for authorize and databroker () 
* wip

* update docs

* remove dead code
 2021-03-03 09:53:19 -07:00
Caleb Doxsey
882b6b54ee
 		authenticate: move databroker connection to state () 
* authenticate: move databroker connection to state

* re-use err

* just return

* remove nil checks
 2020-08-18 09:33:43 -06:00
Caleb Doxsey
d608526998
 		authenticate: move properties to atomically updated state () 
* authenticate: remove cookie options

* authenticate: remove shared key field

* authenticate: remove shared cipher property

* authenticate: move properties to separate state struct
 2020-08-14 07:53:11 -06:00
Caleb Doxsey
045c10edc6
 		authenticate: support reloading IDP settings () 
* identity: add name method to provider

* authenticate: support dynamically loading the provider
 2020-08-13 12:14:30 -06:00
Caleb Doxsey
fbf5b403b9
 		config: allow dynamic configuration of cookie settings () 2020-08-13 08:11:34 -06:00
bobby
1b365e52f3
 		authorize: add databroker url check () 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-08-07 09:31:27 -07:00
Cuong Manh Le
73abed0d21
 		all: update outdated comments about OptionsUpdater interface () 
In , OptionsUpdater was removed, but current code still mention it.
This commit updates all comments which still mention about that
interface (authorize is exlcuded, and will be updated in ).
 2020-08-05 21:39:24 +07:00
Caleb Doxsey
97f85481f8
 		fix redirect loop, remove user/session services, remove duplicate deleted_at fields () 
* fix redirect loop, remove user/session services, remove duplicate deleted_at fields

* change loop

* reuse err variable

* wrap errors, use cookie timeout

* wrap error, duplicate if
 2020-07-30 09:41:57 -06:00
Caleb Doxsey
d3a7ee38be
 		options refactor () 
* refactor config loading

* wip

* move autocert to its own config source

* refactor options updaters

* fix stuttering

* fix autocert validate check
 2020-07-16 14:30:15 -06:00
Caleb Doxsey
fae02791f5
 		cryptutil: move to pkg dir, add token generator () 
* cryptutil: move to pkg dir, add token generator

* add gitignored files

* add tests
 2020-06-30 15:55:33 -06:00
Caleb Doxsey
091b71f12e
 		grpc: rename internal/grpc to pkg/grpc () 
* grpc: rename internal/grpc to pkg/grpc

* don't ignore pkg dir

* remove debug line
 2020-06-26 09:17:02 -06:00
bobby
dbd1eac97f
 		identity: support custom code flow request params () 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-06-25 08:28:46 -07:00
Cuong Manh Le
17ba595ced
 		authenticate: support hot reloaded config () 
By implementinng OptionsUpdater interface.

Fixes
2020-06-24 00:18:20 +07:00
Cuong Manh Le
fb4dfaea44
 		authenticate: hide impersonation form from non-admin users () 
Fixes
2020-06-23 22:09:33 +07:00
Travis Groth
88a77c42bb
 		cache: add client telemetry () 2020-06-22 18:18:44 -04:00
Caleb Doxsey
f7760c413e
 		directory: generate user/directory.User ID in a consistent way () 2020-06-22 07:42:57 -06:00
Caleb Doxsey
dbd7f55b20
 		feature/databroker: user data and session refactor project () 
* databroker: add databroker, identity manager, update cache ()

* databroker: add databroker, identity manager, update cache

* fix cache tests

* directory service ()

* directory: add google and okta

* add onelogin

* add directory provider

* initialize before sync, upate google provider, remove dead code

* add azure provider

* fix azure provider

* fix gitlab

* add gitlab test, fix azure test

* hook up okta

* remove dead code

* fix tests

* fix flaky test

* authorize: use databroker data for rego policy ()

* wip

* add directory provider

* initialize before sync, upate google provider, remove dead code

* fix flaky test

* update authorize to use databroker data

* implement signed jwt

* wait for session and user to appear

* fix test

* directory service ()

* directory: add google and okta

* add onelogin

* add directory provider

* initialize before sync, upate google provider, remove dead code

* add azure provider

* fix azure provider

* fix gitlab

* add gitlab test, fix azure test

* hook up okta

* remove dead code

* fix tests

* fix flaky test

* remove log line

* only redirect when no session id exists

* prepare rego query as part of create

* return on ctx done

* retry on disconnect for sync

* move jwt signing

* use !=

* use parent ctx for wait

* remove session state, remove logs

* rename function

* add log message

* pre-allocate slice

* use errgroup

* return nil on eof for sync

* move check

* disable timeout on gRPC requests in envoy

* fix gitlab test

* use v4 backoff

* authenticate: databroker changes ()

* wip

* add directory provider

* initialize before sync, upate google provider, remove dead code

* fix flaky test

* update authorize to use databroker data

* implement signed jwt

* wait for session and user to appear

* fix test

* directory service ()

* directory: add google and okta

* add onelogin

* add directory provider

* initialize before sync, upate google provider, remove dead code

* add azure provider

* fix azure provider

* fix gitlab

* add gitlab test, fix azure test

* hook up okta

* remove dead code

* fix tests

* fix flaky test

* remove log line

* only redirect when no session id exists

* prepare rego query as part of create

* return on ctx done

* retry on disconnect for sync

* move jwt signing

* use !=

* use parent ctx for wait

* remove session state, remove logs

* rename function

* add log message

* pre-allocate slice

* use errgroup

* return nil on eof for sync

* move check

* disable timeout on gRPC requests in envoy

* fix dashboard

* delete session on logout

* permanently delete sessions once they are marked as deleted

* remove permanent delete

* fix tests

* remove groups and refresh test

* databroker: remove dead code, rename cache url, move dashboard ()

* wip

* add directory provider

* initialize before sync, upate google provider, remove dead code

* fix flaky test

* update authorize to use databroker data

* implement signed jwt

* wait for session and user to appear

* fix test

* directory service ()

* directory: add google and okta

* add onelogin

* add directory provider

* initialize before sync, upate google provider, remove dead code

* add azure provider

* fix azure provider

* fix gitlab

* add gitlab test, fix azure test

* hook up okta

* remove dead code

* fix tests

* fix flaky test

* remove log line

* only redirect when no session id exists

* prepare rego query as part of create

* return on ctx done

* retry on disconnect for sync

* move jwt signing

* use !=

* use parent ctx for wait

* remove session state, remove logs

* rename function

* add log message

* pre-allocate slice

* use errgroup

* return nil on eof for sync

* move check

* disable timeout on gRPC requests in envoy

* fix dashboard

* delete session on logout

* permanently delete sessions once they are marked as deleted

* remove permanent delete

* fix tests

* remove cache service

* remove kv

* remove refresh docs

* remove obsolete cache docs

* add databroker url option

* cache: use memberlist to detect multiple instances

* add databroker service url

* remove cache service

* remove kv

* remove refresh docs

* remove obsolete cache docs

* add databroker url option

* cache: use memberlist to detect multiple instances

* add databroker service url

* wip

* remove groups and refresh test

* fix redirect, signout

* remove databroker client from proxy

* remove unused method

* remove user dashboard test

* handle missing session ids

* session: reject sessions with no id

* sessions: invalidate old sessions via databroker server version ()

* session: add a version field tied to the databroker server version that can be used to invalidate sessions

* fix tests

* add log

* authenticate: create user record immediately, call "get" directly in authorize ()
 2020-06-19 07:52:44 -06:00
Caleb Doxsey
12d90a021c
 		authenticate: remove authorize url validate check () 
* authenticate: remove authorize url validate check

* fix test
 2020-05-27 09:23:22 -06:00
Bobby DeSimone
9d7ef85687
 		authenticate: ensure authorize url is set () 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-26 10:44:20 -07:00
Caleb Doxsey
f770ccfedd
 		config: add getters for URLs to avoid nils () 
* config: add getters for URLs to avoid nils

* allow nil url for cache grpc client connection in authenticate
 2020-05-26 11:36:18 -06:00
Bobby DeSimone
3f1faf2e9e
 		authenticate: add jwks and .well-known endpoint () 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-21 11:46:29 -07:00
Bobby DeSimone
666fd6aa35 authenticate: save oauth2 tokens to cache () 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-18 17:10:10 -04:00
Caleb Doxsey
af649d3eb0 envoy: implement header and query param session loading () 
* authorize: refactor session loading, implement headers and query params

* authorize: fix http recorder header, use constant for pomerium authorization header

* fix compile

* remove dead code
 2020-05-18 17:10:10 -04:00
Bobby DeSimone
627a591824
 		identity: abstract identity providers by type () 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-23 10:36:24 -07:00
Bobby DeSimone
ba14ea246d
 		*: remove import path comments () 
- import path comments are obsoleted by the go.mod file's module statement

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-03-16 10:13:47 -07:00
Mihai Todor
c14e3d8b34
 		Make IDP_PROVIDER env var mandatory () 2020-03-15 19:00:23 -07:00
Bobby DeSimone
5716113c2a
 		authenticate: make callback path configurable () 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-02-08 09:06:23 -08:00
Bobby DeSimone
e82477ea5c
 		deployment: throw away golanglint-ci defaults () 
* deployment: throw away golanglint-ci defaults

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-26 12:33:45 -08:00
Bobby DeSimone
dccc7cd2ff
 		cache : add cache service () 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-20 18:25:34 -08:00
Bobby DeSimone
ec029c679b
 		authenticate/proxy: add backend refresh () 2019-12-30 10:47:54 -08:00