pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	2f328e7de0	authenticate: fix expiring user info endpoint (#2976 ) * authenticate: fix expiring user info endpoint * add test	2022-01-27 16:10:47 -07:00
Caleb Doxsey	95d6d97143	authenticate: support webauthn redirects to non-pomerium domains (#2936 ) * authenticate: support webauthn redirects to non-pomerium domains * add test * remove dead code	2022-01-19 15:10:57 -07:00
Caleb Doxsey	8d882ce9c9	webauthn: use absolute URL for delete redirect (#2935 ) * authenticate: add callback endpoint * webauthn: use absolute URL for delete redirect	2022-01-14 10:23:27 -07:00
Caleb Doxsey	b019b61ccb	authenticate: add callback endpoint (#2931 )	2022-01-14 10:22:46 -07:00
Caleb Doxsey	4583ecc730	devices: treat undefined device types as any (#2927 )	2022-01-12 11:04:35 -07:00
Caleb Doxsey	9330f6b0ac	authenticate: add device-enrolled page (#2892 ) * authenticate: add device-enrolled page * remove device credential id from page	2022-01-06 10:01:12 -07:00
Caleb Doxsey	838c9e3a3d	dashboard: improve display of device credentials, allow deletion (#2829 ) * dashboard: improve display of device credentials, allow deletion * fix test	2021-12-20 12:19:54 -07:00
Caleb Doxsey	a3be1b7cc5	devices: switch "default" device type to two built-in default device types (#2835 )	2021-12-20 10:44:29 -07:00
Caleb Doxsey	5a858f5d48	config: add internal service URLs (#2801 ) * config: add internal service URLs * maybe fix integration tests * add docs * fix integration tests * for databroker connect to external name, but listen on internal name * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-12-10 14:04:37 -05:00
Caleb Doxsey	a8b76bd623	authorize: support X-Pomerium-Authorization in addition to Authorization (#2780 ) * authorize: support X-Pomerium-Authorization in addition to Authorization * tangentental correction Co-authored-by: alexfornuto <alex@fornuto.com>	2021-11-29 12:19:14 -07:00
Caleb Doxsey	a5034aabae	authenticate: redirect / to /.pomerium/ (#2770 )	2021-11-18 08:49:23 -07:00
Caleb Doxsey	85bb396555	device: add type id and credential id to enrollment for easier referencing (#2749 )	2021-11-05 09:48:45 -06:00
Caleb Doxsey	b0f8c055ec	authenticate: always update user record on login (#2719 ) * authenticate: always update user record on login * identity: fix user refresh * add test for manager update * fix time	2021-11-01 14:18:18 -06:00
Caleb Doxsey	d390e80b30	authenticate: add databroker versions to session cookie (#2709 ) * authenticate: add databroker versions to session cookie authorize: wait for databroker synchronization on updated sessions * fix test	2021-10-26 14:45:53 -06:00
Caleb Doxsey	9d4ebcf871	webauthn: update session to support device credentials per type (#2699 )	2021-10-22 14:33:34 -06:00
Caleb Doxsey	1162585471	authenticate: add support for webauthn (#2688 ) * authenticate: add support for webauthn * remove rfc4648 library due to missing LICENSE * fix test * put state function in separate function	2021-10-20 13:18:34 -06:00
Caleb Doxsey	33f5190572	config: remove signature_key_algorithm (#2557 ) * config: remove signature_key_algorithm * typo * add more tests	2021-09-02 11:36:43 -06:00
Caleb Doxsey	f5a558d4a0	grpc: disable gRPC connection re-use across services (#2515 )	2021-08-24 11:47:16 -06:00
Caleb Doxsey	bbec2cae9f	grpc: send client traffic through envoy (#2469 ) * wip * wip * handle wildcards in override name * remove wait for ready, add comment about sync, force initial sync complete in test * address comments	2021-08-16 16:12:22 -06:00
Caleb Doxsey	1a95036b8c	sessions: add impersonate_session_id, remove legacy impersonation (#2407 ) * sessions: add impersonate_session_id, remove legacy impersonation * show impersonated user details * fix headers * address feedback * only check impersonate id on non-nil pbSession * Revert "only check impersonate id on non-nil pbSession" This reverts commit `a6f7ca5abd`.	2021-07-30 08:42:36 -06:00
dependabot[bot]	34b8af77d1	chore(deps): bump github.com/rs/cors from 1.7.0 to 1.8.0 (#2334 ) * chore(deps): bump github.com/rs/cors from 1.7.0 to 1.8.0 Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/rs/cors/releases) - [Commits](https://github.com/rs/cors/compare/v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: github.com/rs/cors dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix test to handle 204 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2021-07-14 10:08:03 -06:00
Caleb Doxsey	f9675f61cc	deps: upgrade to go-jose v3 (#2284 )	2021-06-10 09:35:44 -06:00
bobby	51655a5502	Revert "authenticate,proxy: add same site lax to cookies (#2159 )" (#2203 ) This reverts commit `d9cc26a2e0`.	2021-05-14 15:36:05 -07:00
Caleb Doxsey	aeece76928	databroker: store issued at timestamp with session (#2173 )	2021-05-04 10:09:14 -06:00
Caleb Doxsey	d9cc26a2e0	authenticate,proxy: add same site lax to cookies (#2159 )	2021-04-30 10:24:47 -06:00
Caleb Doxsey	0adbf4f24c	controlplane: save configuration events to databroker (#2153 ) * envoy: save events to databroker * controlplane: add tests for envoy configuration events * format imports	2021-04-29 15:51:46 -06:00
Caleb Doxsey	b1d62bb541	config: remove validate side effects (#2109 ) * config: default shared key * handle additional errors * update grpc addr and grpc insecure * update google cloud service authentication service account * fix set response headers * fix qps * fix test	2021-04-22 15:10:50 -06:00
wasaga	e0c09a0998	log context (#2107 )	2021-04-22 10:58:13 -04:00
Caleb Doxsey	6d1d2bec54	crypto: use actual bytes of shared secret, not the base64 encoded representation (#2075 ) * crypto: use actual bytes of shared secret, not the base64 encoded representation * return errors * return errors	2021-04-08 20:04:01 -06:00
Caleb Doxsey	a51c7140ea	cryptutil: use bytes for hmac (#2067 )	2021-04-07 14:57:24 -06:00
Caleb Doxsey	f84f7551d0	authenticate: fix default sign out url (#2061 )	2021-04-06 10:35:08 -06:00
Travis Groth	0635c838c9	authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out (#2048 ) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2021-04-01 10:04:16 -04:00
Caleb Doxsey	e2ebef44ef	telemetry: add installation id (#2017 ) * telemetry: add installation id * set installation id globally * remove unneeded changes	2021-03-24 07:22:54 -06:00
Caleb Doxsey	3690a32855	config: use getters for authenticate, signout and forward auth urls (#2000 )	2021-03-19 14:49:25 -06:00
Caleb Doxsey	f396c2a0f7	config: log config source changes (#1959 ) * config: log config source changes * use internal log import	2021-03-03 09:54:08 -07:00
Caleb Doxsey	664358dfad	config: multiple endpoints for authorize and databroker (#1957 ) * wip * update docs * remove dead code	2021-03-03 09:53:19 -07:00
Caleb Doxsey	5d60cff21e	databroker: refactor databroker to sync all changes (#1879 ) * refactor backend, implement encrypted store * refactor in-memory store * wip * wip * wip * add syncer test * fix redis expiry * fix linting issues * fix test by skipping non-config records * fix backoff import * fix init issues * fix query * wait for initial sync before starting directory sync * add type to SyncLatest * add more log messages, fix deadlock in in-memory store, always return server version from SyncLatest * update sync types and tests * add redis tests * skip macos in github actions * add comments to proto * split getBackend into separate methods * handle errors in initVersion * return different error for not found vs other errors in get * use exponential backoff for redis transaction retry * rename raw to result * use context instead of close channel * store type urls as constants in databroker * use timestampb instead of ptypes * fix group merging not waiting * change locked names * update GetAll to return latest record version * add method to grpcutil to get the type url for a protobuf type	2021-02-18 15:24:33 -07:00
bobby	c3e3ed9b50	authenticate: validate origin of signout (#1876 ) * authenticate: validate origin of signout - add a debug task to kill envoy - improve various function docs - userinfo: return "error" page if user is logged out without redirect uri set - remove front channel logout. There's little difference between it, and the signout function. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-02-11 21:37:54 -08:00
Caleb Doxsey	b7f0242090	authorize: remove admin (#1833 ) * authorize: remove admin * regen rego * add note to upgrading	2021-02-01 15:22:02 -07:00
Caleb Doxsey	5e3aa91f23	authenticate: delay evaluation of OIDC provider (#1802 ) * authenticate: delay evaluation of OIDC provider * add additional error message * address comments	2021-01-26 09:20:56 -07:00
Caleb Doxsey	70b4497595	databroker: rename cache service (#1790 ) * rename cache folder * rename cache service everywhere * skip yaml in examples * Update docs/docs/topics/data-storage.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-01-21 08:41:22 -07:00
bobby	6466efddd5	authenticate: update user info screens (#1774 ) - rename "dashboard" to userinfo to avoid confusion - don't leak version from error page. - fix typo in state.go - make statik determenistic on modtime Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-01-13 13:15:31 -08:00
Caleb Doxsey	ab4a68f56f	remove user impersonation and service account cli (#1768 ) * remove user impersonation and service account cli * update doc * remove user impersonation url query params * fix flaky test	2021-01-12 09:28:29 -07:00
Caleb Doxsey	b16236496b	jws: remove issuer (#1754 )	2021-01-11 07:57:54 -07:00
bobby	f837c92741	dev: update linter (#1728 ) - gofumpt everything - fix TLS MinVersion to be at least 1.2 - add octal syntax - remove newlines - fix potential decompression bomb in ecjson - remove implicit memory aliasing in for loops. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-12-30 09:02:57 -08:00
Philip Wassermann	2d3190c74e	authenticate: oidc frontchannel-logout endpoint (#1586 ) * authenticate: oidc frontchannel-logout endpoint * move frontchannellogout route and extract logout process * add frontchannel_logout_uri to wellknown handler * authenticate: add context to logs in signout process * docs: single sign-out topic * gofmt, wording, refactoring method names Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-12-24 14:30:48 -08:00
bobby	5bbd745934	authorize: add signature algo support (RSA / EdDSA) (#1631 ) Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-11-30 17:14:41 -08:00
Caleb Doxsey	93c257259e	databroker: add audience to session (#1557 ) * add audience to session * update audience * parse next url and add it to audience	2020-10-27 14:22:26 -06:00
Caleb Doxsey	a85b3b04c1	store raw id token so it can be passed to the logout url (#1543 )	2020-10-26 10:20:23 -06:00
Caleb Doxsey	153e438eb6	authorize: implement allowed_idp_claims (#1542 ) * add arbitrary claims to session * add support for maps * update flattened claims * fix eol * fix trailing whitespace * fix tests	2020-10-23 14:05:37 -06:00

1 2 3 4

178 commits