CookieStore's ClearSession now properly clears the user session cookie by setting MaxAge to -1.
internal/sessions: move encoder interface to encoding package, and rename to MarshalUnmarshaler.
internal/encoding: move mock to own package
authenticate: use INFO log level for authZ error.
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
- pomerium/authenticate: add cookie secure setting
- internal/config: transport security validation moved to options
- internal/config: certificate struct hydrated
- internal/grpcutil: add grpc server mirroring http one
- internal/grpcutil: move grpc middleware
- cmd/pomerium: use run wrapper around main to pass back errors
- cmd/pomerium: add waitgroup (block on) all servers http/grpc
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
- all: prefer `FormValues` to `ParseForm` with subsequent `Form.Get`s
- all: refactor authentication stack to be checked by middleware, and accessible via request context.
- all: replace http.ServeMux with gorilla/mux’s router
- all: replace custom CSRF checks with gorilla/csrf middleware
- authenticate: extract callback path as constant.
- internal/config: implement stringer interface for policy
- internal/cryptutil: add helper func `NewBase64Key`
- internal/cryptutil: rename `GenerateKey` to `NewKey`
- internal/cryptutil: rename `GenerateRandomString` to `NewRandomStringN`
- internal/middleware: removed alice in favor of gorilla/mux
- internal/sessions: remove unused `ValidateRedirectURI` and `ValidateClientSecret`
- internal/sessions: replace custom CSRF with gorilla/csrf fork that supports custom handler protection
- internal/urlutil: add `SignedRedirectURL` to create hmac'd URLs
- internal/urlutil: add `ValidateURL` helper to parse URL options
- internal/urlutil: add `GetAbsoluteURL` which takes a request and returns its absolute URL.
- proxy: remove holdover state verification checks; we no longer are setting sessions in any proxy routes so we don’t need them.
- proxy: replace un-named http.ServeMux with named domain routes.
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
- Rename SessionState to State to avoid stutter.
- Simplified option validation to use a wrapper function for base64 secrets.
- Removed authenticates grpc code.
- Abstracted logic to load and validate a user's authenticate session.
- Removed instances of url.Parse in favor of urlutil's version.
- proxy: replaces grpc refresh logic with forced deadline advancement.
- internal/sessions: remove rest store; parse authorize header as part of session store.
- proxy: refactor request signer
- sessions: remove extend deadline (fixes#294)
- remove AuthenticateInternalAddr
- remove AuthenticateInternalAddrString
- omit type tag.Key from declaration of vars TagKey* it will be inferred
from the right-hand side
- remove compatibility package xerrors
- use cloned http.DefaultTransport as base transport
- authorize: build whitelist from policy's URLs instead of strings.
- internal/httputil: merged httputil and https package.
- internal/config: merged config and policy packages.
- internal/metrics: removed unused measure struct.
- proxy/clients: refactor Addr fields to be urls.
- proxy: remove unused extend deadline function.
- proxy: use handler middleware for reverse proxy leg.
- proxy: change the way websocket requests are made (route based).
General improvements
- omitted value from range in several cases where for loop could be simplified.
- added error checking to many tests.
- standardize url parsing.
- remove unnecessary return statements.
- proxy: add self-signed certificate support. #179
- proxy: add skip tls certificate verification. #179
- proxy: Refactor websocket support to be route based. #204
- authenticate: added a token exchange api endpoint that converts
an identity provider's JWT into a pomerium session.
- internal/identity: authenticate now passes context.
- internal/identity: removed extraneous GetSignInURL from okta.
- internal/sessions: add rest store
- update go.mod / go.sum depedencies.
- docs: add programmatic examples in shell and python
internal/sessions: session state is domain scoped
internal/sessions: infer csrf cookie, route scoped
proxy & authenticate: use shared cookie name
proxy & authenticate: prevent resaving unchanged session
proxy & authenticate: redirect instead of error for no session on login
internal/config: merge cookies
proxy: remove favicon specific route
proxy: use mock server for tests
proxy: add tests for failures
* authorize: authorization module adds support for per-route access policy. In this release we support the most common forms of identity based access policy: `allowed_users`, `allowed_groups`, and `allowed_domains`. In future versions, the authorization module will also support context and device based authorization policy and decisions. See website documentation for more details.
* docs: updated `env.example` to include a `POLICY` setting example.
* docs: added `IDP_SERVICE_ACCOUNT` to `env.example` .
* docs: removed `PROXY_ROOT_DOMAIN` settings which has been replaced by `POLICY`.
* all: removed `ALLOWED_DOMAINS` settings which has been replaced by `POLICY`. Authorization is now handled by the authorization service and is defined in the policy configuration files.
* proxy: `ROUTES` settings which has been replaced by `POLICY`.
* internal/log: `http.Server` and `httputil.NewSingleHostReverseProxy` now uses pomerium's logging package instead of the standard library's built in one.
Closes#54Closes#41Closes#61Closes#58
- authenticate/providers: add group support to azure
- authenticate/providers: add group support to google
- authenticate/providers: add group support to okta
- authenticate/providers: add group support to onelogin
- {authenticate/proxy}: change default cookie lifetime timeout to 14 hours
- proxy: sign group membership
- proxy: add group header
- deployment: add CHANGELOG
- deployment: fix where make release wasn’t including version
* authenticate: set cookie secure as default.
* authenticate: remove single flight provider.
* authenticate/providers: Rename “ProviderData” to “IdentityProvider”
* authenticate/providers: Fixed an issue where scopes were not being overwritten
* proxy/authenticate : http client code removed.
* proxy: standardized session variable names between services.
* docs: change basic docker-config to be an “all-in-one” example with no nginx load.
* docs: nginx balanced docker compose example with intra-ingress settings.
* license: attribution for adaptation of goji’s middleware pattern.
- Fixed a bug where Lifetime TTL was set to a minute.
- Remove nested mux in authenticate handlers.
- Remove extra ping endpoint in authenticate and proxy.
- Simplified sign in flow with multi-catch case statement.
- Removed debugging logging.
- Broke out cmd/pomerium options into own file.
- Renamed msicreant cipher to just cipher.
Closes#23
- Abstract remaining middleware from authenticate into internal.
- Use middleware chaining in authenticate.
- Standardize naming of Request and ResponseWriter to match std lib.
- Add healthcheck / ping as a middleware.
- Internalized wraped_writer package adapted from goji/middleware.
- Fixed indirection issue with reverse proxy map.
- Add UserInfo struct and implementation to gather additional
user information if the endpoint exists.
- Add example docker-compose.yml for on-prem gitlab.
- Add gitlab docs.
- Removed explicit email checks in handlers.
- Providers are now a protected type on provider data.
- Alphabetized provider list.
- Refactored authenticate.New to be more concise.
* Improve test coverage.
* Remove unused http status code argument from SignInPageMethod.
* Removed log package in internal packages.
* Add test to check https scheme is used for authorization url.
* Add unit tests for global logging package.
