3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-01 02:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
2883 commits 165 branches 127 tags 104 MiB
Commit graph

265 commits

Author SHA1 Message Date
Kenneth Jenkins
6df4fba832
authorize: populate issuer even when policy is nil (#4211) 2023-05-30 17:07:27 -07:00
Caleb Doxsey
d315e68335
Merge pull request from GHSA-pvrc-wvj2-f59p 
* authorize: use route id from envoy for policy evaluation

* authorize: normalize URL query params

* config: enable envoy normalize_path option

* fix tests

---------

Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com>
 2023-05-26 13:34:21 -07:00
Caleb Doxsey
18bc86d632
config: add support for wildcard from addresses (#4131) 
* config: add support for wildcards

* update policy matching, header generation

* remove deprecated field

* fix test
 2023-04-25 13:34:38 -06:00
Caleb Doxsey
bbed421cd8
config: remove source, remove deadcode, fix linting issues (#4118) 
* remove source, remove deadcode, fix linting issues

* use github action for lint

* fix missing envoy
 2023-04-21 17:25:11 -06:00
Denis Mishin
ccf15f8f3d
move hpke public key handler out of internal (#4065) 2023-03-20 10:37:00 -04:00
Caleb Doxsey
1dee325b72
authorize: move sign out and jwks urls to route, update issuer for JWT (#4046) 
* authorize: move sign out and jwks urls to route, update issuer for JWT

* fix test
 2023-03-08 12:40:15 -07:00
Caleb Doxsey
0f295d4a63
hpke: move published public keys to a new endpoint (#4044) 2023-03-08 09:17:04 -07:00
Caleb Doxsey
2b8d51def5
urlutil: add version to query string (#4028) 2023-02-28 14:01:13 -07:00
Caleb Doxsey
76a7ce3a6f
authorize: allow access to /.pomerium/webauthn when policy denies access (#4015) 2023-02-27 09:49:06 -07:00
Denis Mishin
62ca7ffaa2
authenticate: fix authenticate_internal_service_url for all in one (#4003) 2023-02-22 10:42:27 -05:00
Caleb Doxsey
6b3e34c39f
fix webauthn url (#3983) 2023-02-17 06:58:43 -07:00
Caleb Doxsey
da46b4a47d
config: use insecure skip verify if derived certificates are not used (#3861) 2023-01-11 13:50:51 -07:00
Denis Mishin
e728991bf1
authorize: log check() error (#3846) 2023-01-03 11:05:25 -05:00
Caleb Doxsey
271b0787a8
config: add support for extended TCP route URLs (#3845) 
* config: add support for extended TCP route URLs

* nevermind, add duplicate names
 2022-12-27 12:50:33 -07:00
Denis Mishin
a49f86d023
use tlsClientConfig instead of custom dialer (#3830) 
* use tlsClientConfig instead of custom dialer

* rm debug log
 2022-12-27 09:55:36 -07:00
Caleb Doxsey
3e892a8533
options: support multiple signing keys (#3828) 
* options: support multiple signing keys

* fix controlplane method, errors
 2022-12-22 09:31:09 -07:00
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
1848a9737f
upgrade to golang-lru v2 (#3771) 2022-12-02 09:25:52 -07:00
Denis Mishin
fa0ba60aee
bump envoy to v1.24.0 (#3767) 2022-11-28 09:32:31 -07:00
Caleb Doxsey
fa26587f19
remove forward auth (#3628) 2022-11-23 15:59:28 -07:00
Caleb Doxsey
e1f881f82b
authorize: fix user caching (#3734) 2022-11-08 08:23:41 -07:00
Caleb Doxsey
02df20f10a
authorize: performance improvements (#3723) 2022-11-04 17:09:52 -06:00
Denis Mishin
a3cfe8fa42
keep trace span context (#3724) 2022-11-04 17:52:13 -04:00
Caleb Doxsey
c178819875
move directory providers (#3633) 
* remove directory providers and support for groups

* idp: remove directory providers

* better error messages

* fix errors

* restore postgres

* fix test
 2022-11-03 11:33:56 -06:00
Caleb Doxsey
30bdae3d9e
sessions: check idp id to detect provider changes to force session invalidation (#3707) 
* sessions: check idp id to detect provider changes to force session invalidation

* remove dead code

* fix test
 2022-10-25 16:20:32 -06:00
dependabot[bot]
ec495bb682
chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.48.0 to 1.50.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* lint

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-10-19 09:36:59 -06:00
Caleb Doxsey
47e3176ea4
authorize: enforce service account expiration (#3661) 2022-10-13 09:28:42 -06:00
Caleb Doxsey
c0ca1e1a98
authorize: handle user-unauthenticated response for deny blocks (#3559) 
* authorize: handle user-unauthenticated response for deny blocks

* fix test
 2022-08-22 17:09:26 -06:00
Caleb Doxsey
46703b9419
config: add branding settings (#3558) 2022-08-16 14:51:47 -06:00
Caleb Doxsey
3c63b6c028
authorize: add policy error details for custom error messages (#3542) 
* authorize: add policy error details for custom error messages

* remove fmt.Println

* fix tests

* add docs
 2022-08-09 14:46:31 -06:00
Caleb Doxsey
b5ac7dbc76
sets: convert set types to generics (#3519) 
* sets: convert set types to generics

* sets: use internal sets package
 2022-07-29 12:32:17 -06:00
Caleb Doxsey
0ac7e45a21
atomicutil: use atomicutil.Value wherever possible (#3517) 
* atomicutil: use atomicutil.Value wherever possible

* fix test

* fix mux router
 2022-07-28 15:38:38 -06:00
Caleb Doxsey
89a105c8e6
authorize: add request id to context (#3497) 
* authorize: add request id to context

* fix context keys
 2022-07-26 14:34:48 -06:00
Caleb Doxsey
fe61a74e1b
authorize: fix device synchronization (#3482) 2022-07-15 17:27:06 -06:00
Caleb Doxsey
bc078f8bd2
authorize: fix x-forwarded-uri (#3479) 
* authorize: fix x-forwarded-uri

* fix raw path
 2022-07-14 09:32:48 -06:00
Caleb Doxsey
ca8db7b619
authorize: show plain text error page for traefik and nginx (#3477) 2022-07-13 08:36:18 -06:00
Caleb Doxsey
86625a4ddb
config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453) 2022-06-29 10:44:08 -06:00
Caleb Doxsey
15e3b3a431
authorize: allow missing user for authorization (#3421) 2022-06-14 05:44:34 -06:00
Caleb Doxsey
493148b13f
authorize: fix not found check (#3410) 2022-06-08 09:15:57 -06:00
Caleb Doxsey
f61e7efe73
authorize: use query instead of sync for databroker data (#3377) 2022-06-01 15:40:07 -06:00
Seena Fallah
a2d2f34e24
fix: close the ticker after opened (#3318) 
This may cause a high cpu usage on each call

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
 2022-05-04 09:55:25 -06:00
Caleb Doxsey
f73c5c615f
databroker: add support for putting multiple records (#3291) 
* databroker: add support for putting multiple records

* add OptimumPutRequestsFromRecords function

* replace GetAll with SyncLatest

* fix stream when there are no records
 2022-04-26 16:41:38 -06:00
Caleb Doxsey
74310b3de3
authorize: pass idp id for webauthn url, allow unauthenticated access to static files (#3282) 2022-04-20 11:07:09 -06:00
Caleb Doxsey
c19048649a
authorize: add support for cidr lookups (#3277) 2022-04-19 16:18:34 -06:00
Caleb Doxsey
761c17b8ac
grpc: wait for connect to be ready before making calls (#3253) 
* grpc: wait for connect to be ready before making calls

* make sure to stop the ticker
 2022-04-08 12:18:52 -06:00
Caleb Doxsey
d299b42509
authorize: add name claim (#3238) 2022-04-05 12:08:00 -06:00
Caleb Doxsey
36f73fa6c7
authorize: track session and service account access date (#3220) 
* session: add accessed at date

* authorize: track session and service account access times

* Revert "databroker: add support for field masks on Put (#3210)"

This reverts commit 2dc778035d.

* add test

* fix data race in test

* add deadline for update

* track dropped accesses
 2022-03-31 09:19:04 -06:00
Caleb Doxsey
a0e64b1cf9
authorize: add request IP to rego evaluation (#3107) 2022-03-07 15:07:58 -07:00
Caleb Doxsey
99b9a3ee12
authorize: add support for passing access or id token upstream (#3047) 
* authorize: add support for passing access or id token upstream

* use an enum
 2022-02-17 09:28:31 -07:00
Caleb Doxsey
f9b95a276b
authenticate: support for per-route client id and client secret (#3030) 
* implement dynamic provider support

* authenticate: support per-route client id and secret
 2022-02-16 12:31:55 -07:00