pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-05-08 14:56:01 +02:00

Author	SHA1	Message	Date
backport-actions-token[bot]	9f541438ef	authenticate: save the session cookie with a different name (#3984 ) authenticate: save the session cookie with a different name (#3978) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2023-02-16 15:53:54 +00:00
backport-actions-token[bot]	3ba74b38ae	authenticate: always trust the passed in idp (#3931 ) authenticate: always trust the passed in idp (#3917) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2023-01-30 19:06:35 -07:00
Caleb Doxsey	bfcd15435f	authenticate: add additional error details for hmac errors (#3878 )	2023-01-11 07:53:11 -07:00
Caleb Doxsey	3e892a8533	options: support multiple signing keys (#3828 ) * options: support multiple signing keys * fix controlplane method, errors	2022-12-22 09:31:09 -07:00
Caleb Doxsey	539fd51579	authenticate: remove databroker dependency (#3820 )	2022-12-17 09:03:46 -07:00
Caleb Doxsey	c86ca6f76f	webauthn: require session when accessing /.pomerium/webauthn (#3814 ) * webauthn: require session when accessing /.pomerium/webauthn * remove dead code * remove unusued PomeriumDomains field	2022-12-16 10:59:21 -07:00
Caleb Doxsey	57217af7dd	authenticate: implement hpke-based login flow (#3779 ) * urlutil: add time validation functions * authenticate: implement hpke-based login flow * fix import cycle * fix tests * log error * fix callback url * add idp param * fix test * fix test	2022-12-05 15:31:07 -07:00
Caleb Doxsey	fa26587f19	remove forward auth (#3628 )	2022-11-23 15:59:28 -07:00
Caleb Doxsey	c1a522cd82	proxy: add userinfo and webauthn endpoints (#3755 ) * proxy: add userinfo and webauthn endpoints * use TLD for RP id * use EffectiveTLDPlusOne * upgrade webauthn * fix test * Update internal/handlers/jwks.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>	2022-11-22 10:26:35 -07:00
Caleb Doxsey	9413123c0f	config: generate cookie secret if not set in all-in-one mode (#3742 ) * config: generate cookie secret if not set in all-in-one mode * fix tests * config: add warning about cookie_secret * breakup lines	2022-11-11 14:14:30 -07:00
Caleb Doxsey	2b319822a4	authenticate: update user info dashboard to show group info for enterprise (#3736 ) * authenticate: update user info dashboard to show group info for enterprise * Update ui/src/components/GroupDetails.tsx Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>	2022-11-09 07:44:35 -07:00
Caleb Doxsey	c178819875	move directory providers (#3633 ) * remove directory providers and support for groups * idp: remove directory providers * better error messages * fix errors * restore postgres * fix test	2022-11-03 11:33:56 -06:00
Caleb Doxsey	3f9dfbef76	device: add generic methods for working with user+session devices (#3710 )	2022-10-28 08:41:12 -06:00
Caleb Doxsey	30bdae3d9e	sessions: check idp id to detect provider changes to force session invalidation (#3707 ) * sessions: check idp id to detect provider changes to force session invalidation * remove dead code * fix test	2022-10-25 16:20:32 -06:00
Caleb Doxsey	b68dc1ff4f	controlplane: move jwks.json endpoint to control plane (#3691 )	2022-10-25 08:01:33 -06:00
Caleb Doxsey	63b210e51d	httputil: remove error details (#3703 )	2022-10-25 08:00:21 -06:00
Caleb Doxsey	75634dfca2	authenticate: remove ecjson (#3688 )	2022-10-20 10:37:21 -06:00
Caleb Doxsey	bdd6145e91	authenticate: get/set identity provider id for all sessions (#3597 )	2022-09-07 10:06:59 -06:00
Alex	fc21579e4b	Fix typos (#3575 ) typos	2022-08-30 15:51:40 -07:00
Caleb Doxsey	5f51510e91	authenticate: add CORS headers to jwks endpoint (#3574 )	2022-08-25 16:09:11 -06:00
Caleb Doxsey	e9e52d8225	authenticate: fix branding for webauthn device registration page (#3572 )	2022-08-24 15:51:34 -06:00
Caleb Doxsey	46703b9419	config: add branding settings (#3558 )	2022-08-16 14:51:47 -06:00
Caleb Doxsey	6140ee1d88	controlplane: add well-known endpoint to the controlplane http handler (#3555 ) * controlplane: add well-known endpoint to the controlplane http handler * add support for trailing / * remove redundant test	2022-08-16 09:59:39 -06:00
Caleb Doxsey	0ac7e45a21	atomicutil: use atomicutil.Value wherever possible (#3517 ) * atomicutil: use atomicutil.Value wherever possible * fix test * fix mux router	2022-07-28 15:38:38 -06:00
Caleb Doxsey	86625a4ddb	config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453 )	2022-06-29 10:44:08 -06:00
Caleb Doxsey	a938a23ea2	device enrollment: fix ip address (#3430 )	2022-06-16 11:30:38 -06:00
Caleb Doxsey	464ccdf767	authenticate: fix internal service URL dashboard redirect (#3305 )	2022-04-29 08:09:28 -06:00
Caleb Doxsey	9dbe12fe99	authenticate: save session for bare webauthn redirects, consider external service URL to be a pomerium url (#3280 )	2022-04-19 16:03:11 -06:00
Caleb Doxsey	61ffeb837d	authenticate: fix internal service URL CORS check (#3279 )	2022-04-19 10:09:47 -06:00
Caleb Doxsey	36f73fa6c7	authorize: track session and service account access date (#3220 ) * session: add accessed at date * authorize: track session and service account access times * Revert "databroker: add support for field masks on Put (#3210)" This reverts commit `2dc778035d`. * add test * fix data race in test * add deadline for update * track dropped accesses	2022-03-31 09:19:04 -06:00
Caleb Doxsey	69ba511c64	authenticate: fix internal url with webauthn (#3194 )	2022-03-28 06:36:48 -06:00
Caleb Doxsey	7d00ad9b7d	remove version (#3184 )	2022-03-23 11:51:24 -06:00
Caleb Doxsey	da97546de1	authenticate: show the device enrolled page as the user info page (#3151 )	2022-03-17 11:15:57 -07:00
Nathan Hayfield	351f562c42	adds pomerium version to the user info endpoint (#3093 ) * adds pomerium version to the user info endpoint * linting * order imports	2022-03-03 20:00:17 +01:00
Caleb Doxsey	1342523cda	grpc: remove ptypes references (#3078 )	2022-02-24 08:37:59 -07:00
Caleb Doxsey	35f697e491	userinfo: add webauthn buttons to user info page (#3075 ) * userinfo: add webauthn buttons to user info page * use new buttons on original page * fix test	2022-02-23 10:08:24 -07:00
Caleb Doxsey	38c7089642	userinfo: fix logout button, add sign out confirm page (#3058 ) * userinfo: fix logout button, add sign out confirm page * fix test	2022-02-23 08:15:00 -07:00
Caleb Doxsey	f9b95a276b	authenticate: support for per-route client id and client secret (#3030 ) * implement dynamic provider support * authenticate: support per-route client id and secret	2022-02-16 12:31:55 -07:00
Caleb Doxsey	46c4d5fa7e	session: remove unused session state properties (#3022 ) * fix error page * share dashboard code * sessions: remove unused session state properties * remove programmatic * remove version	2022-02-09 10:59:06 -07:00
Caleb Doxsey	0898dd4f34	proxy: fix error page (#3020 ) * fix error page * proxy: fix error page * share dashboard code * fix test	2022-02-09 09:14:24 -07:00
Caleb Doxsey	2824faecbf	frontend: react+mui (#3004 ) * mui v5 wip * wip * wip * wip * use compressor for all controlplane endpoints * wip * wip * add deps * fix authenticate URL * fix test * fix test * fix build * maybe fix build * fix integration test * remove image asset test * add yarn.lock	2022-02-07 08:47:58 -07:00
Caleb Doxsey	2f328e7de0	authenticate: fix expiring user info endpoint (#2976 ) * authenticate: fix expiring user info endpoint * add test	2022-01-27 16:10:47 -07:00
Caleb Doxsey	95d6d97143	authenticate: support webauthn redirects to non-pomerium domains (#2936 ) * authenticate: support webauthn redirects to non-pomerium domains * add test * remove dead code	2022-01-19 15:10:57 -07:00
Caleb Doxsey	8d882ce9c9	webauthn: use absolute URL for delete redirect (#2935 ) * authenticate: add callback endpoint * webauthn: use absolute URL for delete redirect	2022-01-14 10:23:27 -07:00
Caleb Doxsey	b019b61ccb	authenticate: add callback endpoint (#2931 )	2022-01-14 10:22:46 -07:00
Caleb Doxsey	4583ecc730	devices: treat undefined device types as any (#2927 )	2022-01-12 11:04:35 -07:00
Caleb Doxsey	9330f6b0ac	authenticate: add device-enrolled page (#2892 ) * authenticate: add device-enrolled page * remove device credential id from page	2022-01-06 10:01:12 -07:00
Caleb Doxsey	838c9e3a3d	dashboard: improve display of device credentials, allow deletion (#2829 ) * dashboard: improve display of device credentials, allow deletion * fix test	2021-12-20 12:19:54 -07:00
Caleb Doxsey	a3be1b7cc5	devices: switch "default" device type to two built-in default device types (#2835 )	2021-12-20 10:44:29 -07:00
Caleb Doxsey	5a858f5d48	config: add internal service URLs (#2801 ) * config: add internal service URLs * maybe fix integration tests * add docs * fix integration tests * for databroker connect to external name, but listen on internal name * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-12-10 14:04:37 -05:00

1 2 3 4 5

219 commits