3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-16 01:32:56 +02:00
Code Issues Projects Releases Packages Wiki Activity
3224 commits 165 branches 127 tags 106 MiB
Commit graph

745 commits

Author SHA1 Message Date
Caleb Doxsey
df8ff26332
autocert: suppress OCSP stapling errors (#4371) 
* autocert: suppress OCSP stapling errors

* check level, add test
 2023-07-19 13:56:36 -06:00
Caleb Doxsey
78e7a3e7d0
config: validate log levels (#4367) 
* config: validate log levels

* fix SetLevel

* document unset, merge warn/warning
 2023-07-17 16:41:48 -06:00
Kenneth Jenkins
a1388592d8
stub out HPKE public key fetch for self-hosted authenticate (#4360) 
Fetch the HPKE public key only when configured to use the hosted
authenticate service. Determine whether we are using the hosted
authenticate service by comparing the resolved authenticate domain with
a hard-coded list of hosted authenticate domains.

Extract this list of hosted authenticate domains to the internal/urlutil
package in order to keep a single source of truth for this data.
 2023-07-13 10:04:34 -07:00
Kenneth Jenkins
2bf83e20d8
Allow clearing default Azure and Google auth code options (#4315) 
Allow users to clear the default IdP auth code options, by explicitly
setting an empty idp_request_params map.

To do this in a YAML config file, set:

    idp_request_params: {}
 2023-06-27 09:11:54 -07:00
Caleb Doxsey
baf964f44a
config: update logic for checking overlapping certificates (#4216) 
* config: update logic for checking overlapping certificates

* add test

* go mod tidy
 2023-06-01 09:30:46 -06:00
Caleb Doxsey
10662d7034
databroker: fix fast forward (#4192) 
* databroker: sort configs

* databroker: fix fast-forward

* newest not oldest
 2023-05-23 15:30:27 -06:00
Caleb Doxsey
fe8e788076
databroker: sort configs (#4190) 2023-05-23 10:08:29 -06:00
Denis Mishin
2db2d66eba
authenticate: add aws cognito (#4137) 2023-05-16 12:28:12 -04:00
Caleb Doxsey
be0104b842
config: add cookie_same_site option (#4148) 2023-05-03 14:36:42 -06:00
Caleb Doxsey
facf9ab093
hpke: compress query string (#4147) 
* hpke: compress query string

* only use v2 in authenticate if v2 was used for the initial request

* fix comment
 2023-05-02 14:12:34 -06:00
Denis Mishin
0ab2057714
authenticate: add events (#4051) 2023-05-01 15:11:30 -04:00
Caleb Doxsey
498bc82e81
config: default to authenticate.pomerium.app when authenticate url is not specified (#4132) 2023-04-26 10:32:17 -06:00
Caleb Doxsey
3d9322bd32
autocert: fix certmagic cache logging (#4134) 2023-04-25 14:21:13 -06:00
Caleb Doxsey
18bc86d632
config: add support for wildcard from addresses (#4131) 
* config: add support for wildcards

* update policy matching, header generation

* remove deprecated field

* fix test
 2023-04-25 13:34:38 -06:00
Caleb Doxsey
bbed421cd8
config: remove source, remove deadcode, fix linting issues (#4118) 
* remove source, remove deadcode, fix linting issues

* use github action for lint

* fix missing envoy
 2023-04-21 17:25:11 -06:00
Caleb Doxsey
f63945c0ad
support loading route configuration via rds (#4098) 
* support loading route configuration via rds

* fix any shadowing

* fix test

* add fully static option

* support dynamically defined rds

* fix build

* downgrade opa
 2023-04-17 11:20:12 -06:00
Denis Mishin
ccf15f8f3d
move hpke public key handler out of internal (#4065) 2023-03-20 10:37:00 -04:00
Caleb Doxsey
1dee325b72
authorize: move sign out and jwks urls to route, update issuer for JWT (#4046) 
* authorize: move sign out and jwks urls to route, update issuer for JWT

* fix test
 2023-03-08 12:40:15 -07:00
Caleb Doxsey
0f295d4a63
hpke: move published public keys to a new endpoint (#4044) 2023-03-08 09:17:04 -07:00
Caleb Doxsey
2b8d51def5
urlutil: add version to query string (#4028) 2023-02-28 14:01:13 -07:00
Caleb Doxsey
76a7ce3a6f
authorize: allow access to /.pomerium/webauthn when policy denies access (#4015) 2023-02-27 09:49:06 -07:00
Caleb Doxsey
88915a79c1
use deterministicecdsa to fix test (#4012) 2023-02-24 08:35:48 -07:00
Denis Mishin
62ca7ffaa2
authenticate: fix authenticate_internal_service_url for all in one (#4003) 2023-02-22 10:42:27 -05:00
Caleb Doxsey
b13afc7b0c
derivecert: fix ecdsa code to be deterministic (#3989) 
* derivecert: fix ecdsa code to be deterministic

* lint
 2023-02-17 16:57:15 -07:00
Caleb Doxsey
f2a5bda162
apple: fix userinfo (#3974) 2023-02-14 14:53:15 -07:00
Mike Nestor
1d4474f7c5
Appleid (#3959) 
* appleid oauth works but probably not implemented the best

chore(deps): bump golang from 1.19.5-buster to 1.20.0-buster (#3949)

Bumps golang from 1.19.5-buster to 1.20.0-buster.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>

implemented correct expiration, refresh and revoke

chore(deps): bump golang from 1.19.5-buster to 1.20.0-buster (#3949)

Bumps golang from 1.19.5-buster to 1.20.0-buster.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>

fixed lint issues and maybe ignored G101

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

---------

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>
 2023-02-13 18:01:00 -07:00
Caleb Doxsey
7895bf431f
databroker: add list types method (#3937) 
* databroker: add list types method

* fix test

* Update pkg/storage/redis/redis.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-02-03 13:16:28 -07:00
Caleb Doxsey
7a405abea1
maybe fix flaky test (#3929) 2023-02-02 11:31:30 -07:00
Caleb Doxsey
7b14c90b81
identity: fix nil reference error when there is no authenticator (#3930) 2023-01-31 09:41:09 -07:00
Caleb Doxsey
da46b4a47d
config: use insecure skip verify if derived certificates are not used (#3861) 2023-01-11 13:50:51 -07:00
Caleb Doxsey
bfcd15435f
authenticate: add additional error details for hmac errors (#3878) 2023-01-11 07:53:11 -07:00
Denis Mishin
488bcd6f72
auto tls (#3856) 2023-01-05 16:35:58 -05:00
Caleb Doxsey
78fc4853db
identity: fix expired session deletion (#3855) 2023-01-05 13:48:10 -07:00
Denis Mishin
e019885218
mTLS: allow gRPC TLS for all in one (#3854) 
* make grpc_insecure an optional bool

* use internal addresses for all in one databroker and tls
 2023-01-03 12:45:04 -05:00
Caleb Doxsey
271b0787a8
config: add support for extended TCP route URLs (#3845) 
* config: add support for extended TCP route URLs

* nevermind, add duplicate names
 2022-12-27 12:50:33 -07:00
Caleb Doxsey
67e12101fa
envoyconfig: clean up filter chain construction (#3844) 
* cleanup filter chain construction

* rename domains to server names

* rename to hosts

* fix tests

* update function name

* improved domaain matching
 2022-12-27 10:07:26 -07:00
Caleb Doxsey
3e892a8533
options: support multiple signing keys (#3828) 
* options: support multiple signing keys

* fix controlplane method, errors
 2022-12-22 09:31:09 -07:00
Caleb Doxsey
c048af7523
postgres: upgrade to pgx v5 (#3826) 2022-12-19 12:47:35 -07:00
Caleb Doxsey
c3b9adff20
oidc: fix token revocation (#3810) 2022-12-16 13:24:40 -07:00
Caleb Doxsey
2602b9192d
autocert: use atomic pointer to allow nil (#3816) 2022-12-16 13:24:13 -07:00
Caleb Doxsey
c86ca6f76f
webauthn: require session when accessing /.pomerium/webauthn (#3814) 
* webauthn: require session when accessing /.pomerium/webauthn

* remove dead code

* remove unusued PomeriumDomains field
 2022-12-16 10:59:21 -07:00
Caleb Doxsey
27c94396a8
controlplane: remove gorilla handlers dependency (#3813) 2022-12-15 14:41:29 -07:00
Caleb Doxsey
8d61575ada
autocert: add support for storage in gcs (#3794) 
* autocert: add support for storage in s3

* go mod tidy

* skip on mac

* autocert: add support for storage in gcs
 2022-12-09 08:22:32 -07:00
Caleb Doxsey
6c3ed201da
autocert: add support for storage in s3 (#3793) 
* autocert: add support for storage in s3

* go mod tidy

* skip on mac
 2022-12-08 09:42:20 -07:00
Denis Mishin
ce1b8701da
events: remove xds configuraton update (#3792) 2022-12-06 14:46:45 -05:00
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
a5082f60e7
httputil: ignore errors < 400 (#3781) 2022-12-05 09:00:25 -07:00
Caleb Doxsey
090601873f
urlutil: add time validation functions (#3776) 2022-12-02 11:42:56 -07:00
Caleb Doxsey
457fca08dc
httputil: add cookie chunker (#3775) 2022-12-02 09:41:09 -07:00
Caleb Doxsey
1848a9737f
upgrade to golang-lru v2 (#3771) 2022-12-02 09:25:52 -07:00