3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 02:16:28 +02:00
Code Issues Projects Releases Packages Wiki Activity
3566 commits 156 branches 125 tags 103 MiB
Commit graph

838 commits

Author SHA1 Message Date
Denis Mishin
2db2d66eba
authenticate: add aws cognito (#4137) 2023-05-16 12:28:12 -04:00
Caleb Doxsey
be0104b842
config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00
Caleb Doxsey
facf9ab093
hpke: compress query string (#4147) 
* hpke: compress query string

* only use v2 in authenticate if v2 was used for the initial request

* fix comment
 2023-05-02 14:12:34 -06:00
Denis Mishin
0ab2057714
authenticate: add events (#4051) 2023-05-01 15:11:30 -04:00
Caleb Doxsey
498bc82e81
config: default to authenticate.pomerium.app when authenticate url is not specified (#4132) 2023-04-26 10:32:17 -06:00
Caleb Doxsey
3d9322bd32
autocert: fix certmagic cache logging (#4134) 2023-04-25 14:21:13 -06:00
Caleb Doxsey
18bc86d632
config: add support for wildcard from addresses (#4131) 
* config: add support for wildcards

* update policy matching, header generation

* remove deprecated field

* fix test
 2023-04-25 13:34:38 -06:00
Caleb Doxsey
bbed421cd8
config: remove source, remove deadcode, fix linting issues (#4118) 
* remove source, remove deadcode, fix linting issues

* use github action for lint

* fix missing envoy
 2023-04-21 17:25:11 -06:00
Caleb Doxsey
f63945c0ad
support loading route configuration via rds (#4098) 
* support loading route configuration via rds

* fix any shadowing

* fix test

* add fully static option

* support dynamically defined rds

* fix build

* downgrade opa
 2023-04-17 11:20:12 -06:00
Denis Mishin
ccf15f8f3d
move hpke public key handler out of internal (#4065) 2023-03-20 10:37:00 -04:00
Caleb Doxsey
1dee325b72
authorize: move sign out and jwks urls to route, update issuer for JWT (#4046) 
* authorize: move sign out and jwks urls to route, update issuer for JWT

* fix test
 2023-03-08 12:40:15 -07:00
Caleb Doxsey
0f295d4a63
hpke: move published public keys to a new endpoint (#4044) 2023-03-08 09:17:04 -07:00
Caleb Doxsey
2b8d51def5
urlutil: add version to query string (#4028) 2023-02-28 14:01:13 -07:00
Caleb Doxsey
76a7ce3a6f
authorize: allow access to /.pomerium/webauthn when policy denies access (#4015) 2023-02-27 09:49:06 -07:00
Caleb Doxsey
88915a79c1
use deterministicecdsa to fix test (#4012) 2023-02-24 08:35:48 -07:00
Denis Mishin
62ca7ffaa2
authenticate: fix authenticate_internal_service_url for all in one (#4003) 2023-02-22 10:42:27 -05:00
Caleb Doxsey
b13afc7b0c
derivecert: fix ecdsa code to be deterministic (#3989) 
* derivecert: fix ecdsa code to be deterministic

* lint
 2023-02-17 16:57:15 -07:00
Caleb Doxsey
f2a5bda162
apple: fix userinfo (#3974) 2023-02-14 14:53:15 -07:00
Mike Nestor
1d4474f7c5
Appleid (#3959) 
* appleid oauth works but probably not implemented the best

chore(deps): bump golang from 1.19.5-buster to 1.20.0-buster (#3949)

Bumps golang from 1.19.5-buster to 1.20.0-buster.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>

implemented correct expiration, refresh and revoke

chore(deps): bump golang from 1.19.5-buster to 1.20.0-buster (#3949)

Bumps golang from 1.19.5-buster to 1.20.0-buster.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>

fixed lint issues and maybe ignored G101

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

---------

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>
 2023-02-13 18:01:00 -07:00
Caleb Doxsey
7895bf431f
databroker: add list types method (#3937) 
* databroker: add list types method

* fix test

* Update pkg/storage/redis/redis.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-02-03 13:16:28 -07:00
Caleb Doxsey
7a405abea1
maybe fix flaky test (#3929) 2023-02-02 11:31:30 -07:00
Caleb Doxsey
7b14c90b81
identity: fix nil reference error when there is no authenticator (#3930) 2023-01-31 09:41:09 -07:00
Caleb Doxsey
da46b4a47d
config: use insecure skip verify if derived certificates are not used (#3861) 2023-01-11 13:50:51 -07:00
Caleb Doxsey
bfcd15435f
authenticate: add additional error details for hmac errors (#3878) 2023-01-11 07:53:11 -07:00
Denis Mishin
488bcd6f72
auto tls (#3856) 2023-01-05 16:35:58 -05:00
Caleb Doxsey
78fc4853db
identity: fix expired session deletion (#3855) 2023-01-05 13:48:10 -07:00
Denis Mishin
e019885218
mTLS: allow gRPC TLS for all in one (#3854) 
* make grpc_insecure an optional bool

* use internal addresses for all in one databroker and tls
 2023-01-03 12:45:04 -05:00
Caleb Doxsey
271b0787a8
config: add support for extended TCP route URLs (#3845) 
* config: add support for extended TCP route URLs

* nevermind, add duplicate names
 2022-12-27 12:50:33 -07:00
Caleb Doxsey
67e12101fa
envoyconfig: clean up filter chain construction (#3844) 
* cleanup filter chain construction

* rename domains to server names

* rename to hosts

* fix tests

* update function name

* improved domaain matching
 2022-12-27 10:07:26 -07:00
Caleb Doxsey
3e892a8533
options: support multiple signing keys (#3828) 
* options: support multiple signing keys

* fix controlplane method, errors
 2022-12-22 09:31:09 -07:00
Caleb Doxsey
c048af7523
postgres: upgrade to pgx v5 (#3826) 2022-12-19 12:47:35 -07:00
Caleb Doxsey
c3b9adff20
oidc: fix token revocation (#3810) 2022-12-16 13:24:40 -07:00
Caleb Doxsey
2602b9192d
autocert: use atomic pointer to allow nil (#3816) 2022-12-16 13:24:13 -07:00
Caleb Doxsey
c86ca6f76f
webauthn: require session when accessing /.pomerium/webauthn (#3814) 
* webauthn: require session when accessing /.pomerium/webauthn

* remove dead code

* remove unusued PomeriumDomains field
 2022-12-16 10:59:21 -07:00
Caleb Doxsey
27c94396a8
controlplane: remove gorilla handlers dependency (#3813) 2022-12-15 14:41:29 -07:00
Caleb Doxsey
8d61575ada
autocert: add support for storage in gcs (#3794) 
* autocert: add support for storage in s3

* go mod tidy

* skip on mac

* autocert: add support for storage in gcs
 2022-12-09 08:22:32 -07:00
Caleb Doxsey
6c3ed201da
autocert: add support for storage in s3 (#3793) 
* autocert: add support for storage in s3

* go mod tidy

* skip on mac
 2022-12-08 09:42:20 -07:00
Denis Mishin
ce1b8701da
events: remove xds configuraton update (#3792) 2022-12-06 14:46:45 -05:00
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
a5082f60e7
httputil: ignore errors < 400 (#3781) 2022-12-05 09:00:25 -07:00
Caleb Doxsey
090601873f
urlutil: add time validation functions (#3776) 2022-12-02 11:42:56 -07:00
Caleb Doxsey
457fca08dc
httputil: add cookie chunker (#3775) 2022-12-02 09:41:09 -07:00
Caleb Doxsey
1848a9737f
upgrade to golang-lru v2 (#3771) 2022-12-02 09:25:52 -07:00
Caleb Doxsey
fa26587f19
remove forward auth (#3628) 2022-11-23 15:59:28 -07:00
Caleb Doxsey
ba07afc245
hpke: add HPKE key to JWKS endpoint (#3762) 
* hpke: add HPKE key to JWKS endpoint

* fix test, add http caching headers

* fix error message

* use pointers
 2022-11-23 08:45:59 -07:00
Caleb Doxsey
c1a522cd82
proxy: add userinfo and webauthn endpoints (#3755) 
* proxy: add userinfo and webauthn endpoints

* use TLD for RP id

* use EffectiveTLDPlusOne

* upgrade webauthn

* fix test

* Update internal/handlers/jwks.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-22 10:26:35 -07:00
Caleb Doxsey
9413123c0f
config: generate cookie secret if not set in all-in-one mode (#3742) 
* config: generate cookie secret if not set in all-in-one mode

* fix tests

* config: add warning about cookie_secret

* breakup lines
 2022-11-11 14:14:30 -07:00
Caleb Doxsey
4d10d36509
controlplane: fix /.well-known/pomerium missing CORS headers (#3738) 2022-11-09 12:08:28 -07:00
Eng Zer Jun
45ce6f693a
test: use T.TempDir to create temporary test directory (#3725) 
Prior to this commit, temporary directories in tests were created using
`filepath.Join` and `os.MkdirAll`.

This commit replaces `os.MkdirAll` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-11-08 09:16:32 -07:00
Denis Mishin
a3cfe8fa42
keep trace span context (#3724) 2022-11-04 17:52:13 -04:00