3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-31 01:47:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
3525 commits 164 branches 127 tags 104 MiB
Commit graph

824 commits

Author SHA1 Message Date
Caleb Doxsey
88915a79c1
use deterministicecdsa to fix test (#4012) 2023-02-24 08:35:48 -07:00
Denis Mishin
62ca7ffaa2
authenticate: fix authenticate_internal_service_url for all in one (#4003) 2023-02-22 10:42:27 -05:00
Caleb Doxsey
b13afc7b0c
derivecert: fix ecdsa code to be deterministic (#3989) 
* derivecert: fix ecdsa code to be deterministic

* lint
 2023-02-17 16:57:15 -07:00
Caleb Doxsey
f2a5bda162
apple: fix userinfo (#3974) 2023-02-14 14:53:15 -07:00
Mike Nestor
1d4474f7c5
Appleid (#3959) 
* appleid oauth works but probably not implemented the best

chore(deps): bump golang from 1.19.5-buster to 1.20.0-buster (#3949)

Bumps golang from 1.19.5-buster to 1.20.0-buster.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>

implemented correct expiration, refresh and revoke

chore(deps): bump golang from 1.19.5-buster to 1.20.0-buster (#3949)

Bumps golang from 1.19.5-buster to 1.20.0-buster.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Denis Mishin <dmishin@pomerium.com>

fixed lint issues and maybe ignored G101

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

* Update internal/identity/oauth/apple/apple.go

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>

---------

Co-authored-by: Caleb Doxsey <caleb@doxsey.net>
 2023-02-13 18:01:00 -07:00
Caleb Doxsey
7895bf431f
databroker: add list types method (#3937) 
* databroker: add list types method

* fix test

* Update pkg/storage/redis/redis.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

---------

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2023-02-03 13:16:28 -07:00
Caleb Doxsey
7a405abea1
maybe fix flaky test (#3929) 2023-02-02 11:31:30 -07:00
Caleb Doxsey
7b14c90b81
identity: fix nil reference error when there is no authenticator (#3930) 2023-01-31 09:41:09 -07:00
Caleb Doxsey
da46b4a47d
config: use insecure skip verify if derived certificates are not used (#3861) 2023-01-11 13:50:51 -07:00
Caleb Doxsey
bfcd15435f
authenticate: add additional error details for hmac errors (#3878) 2023-01-11 07:53:11 -07:00
Denis Mishin
488bcd6f72
auto tls (#3856) 2023-01-05 16:35:58 -05:00
Caleb Doxsey
78fc4853db
identity: fix expired session deletion (#3855) 2023-01-05 13:48:10 -07:00
Denis Mishin
e019885218
mTLS: allow gRPC TLS for all in one (#3854) 
* make grpc_insecure an optional bool

* use internal addresses for all in one databroker and tls
 2023-01-03 12:45:04 -05:00
Caleb Doxsey
271b0787a8
config: add support for extended TCP route URLs (#3845) 
* config: add support for extended TCP route URLs

* nevermind, add duplicate names
 2022-12-27 12:50:33 -07:00
Caleb Doxsey
67e12101fa
envoyconfig: clean up filter chain construction (#3844) 
* cleanup filter chain construction

* rename domains to server names

* rename to hosts

* fix tests

* update function name

* improved domaain matching
 2022-12-27 10:07:26 -07:00
Caleb Doxsey
3e892a8533
options: support multiple signing keys (#3828) 
* options: support multiple signing keys

* fix controlplane method, errors
 2022-12-22 09:31:09 -07:00
Caleb Doxsey
c048af7523
postgres: upgrade to pgx v5 (#3826) 2022-12-19 12:47:35 -07:00
Caleb Doxsey
c3b9adff20
oidc: fix token revocation (#3810) 2022-12-16 13:24:40 -07:00
Caleb Doxsey
2602b9192d
autocert: use atomic pointer to allow nil (#3816) 2022-12-16 13:24:13 -07:00
Caleb Doxsey
c86ca6f76f
webauthn: require session when accessing /.pomerium/webauthn (#3814) 
* webauthn: require session when accessing /.pomerium/webauthn

* remove dead code

* remove unusued PomeriumDomains field
 2022-12-16 10:59:21 -07:00
Caleb Doxsey
27c94396a8
controlplane: remove gorilla handlers dependency (#3813) 2022-12-15 14:41:29 -07:00
Caleb Doxsey
8d61575ada
autocert: add support for storage in gcs (#3794) 
* autocert: add support for storage in s3

* go mod tidy

* skip on mac

* autocert: add support for storage in gcs
 2022-12-09 08:22:32 -07:00
Caleb Doxsey
6c3ed201da
autocert: add support for storage in s3 (#3793) 
* autocert: add support for storage in s3

* go mod tidy

* skip on mac
 2022-12-08 09:42:20 -07:00
Denis Mishin
ce1b8701da
events: remove xds configuraton update (#3792) 2022-12-06 14:46:45 -05:00
Caleb Doxsey
57217af7dd
authenticate: implement hpke-based login flow (#3779) 
* urlutil: add time validation functions

* authenticate: implement hpke-based login flow

* fix import cycle

* fix tests

* log error

* fix callback url

* add idp param

* fix test

* fix test
 2022-12-05 15:31:07 -07:00
Caleb Doxsey
a5082f60e7
httputil: ignore errors < 400 (#3781) 2022-12-05 09:00:25 -07:00
Caleb Doxsey
090601873f
urlutil: add time validation functions (#3776) 2022-12-02 11:42:56 -07:00
Caleb Doxsey
457fca08dc
httputil: add cookie chunker (#3775) 2022-12-02 09:41:09 -07:00
Caleb Doxsey
1848a9737f
upgrade to golang-lru v2 (#3771) 2022-12-02 09:25:52 -07:00
Caleb Doxsey
fa26587f19
remove forward auth (#3628) 2022-11-23 15:59:28 -07:00
Caleb Doxsey
ba07afc245
hpke: add HPKE key to JWKS endpoint (#3762) 
* hpke: add HPKE key to JWKS endpoint

* fix test, add http caching headers

* fix error message

* use pointers
 2022-11-23 08:45:59 -07:00
Caleb Doxsey
c1a522cd82
proxy: add userinfo and webauthn endpoints (#3755) 
* proxy: add userinfo and webauthn endpoints

* use TLD for RP id

* use EffectiveTLDPlusOne

* upgrade webauthn

* fix test

* Update internal/handlers/jwks.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2022-11-22 10:26:35 -07:00
Caleb Doxsey
9413123c0f
config: generate cookie secret if not set in all-in-one mode (#3742) 
* config: generate cookie secret if not set in all-in-one mode

* fix tests

* config: add warning about cookie_secret

* breakup lines
 2022-11-11 14:14:30 -07:00
Caleb Doxsey
4d10d36509
controlplane: fix /.well-known/pomerium missing CORS headers (#3738) 2022-11-09 12:08:28 -07:00
Eng Zer Jun
45ce6f693a
test: use T.TempDir to create temporary test directory (#3725) 
Prior to this commit, temporary directories in tests were created using
`filepath.Join` and `os.MkdirAll`.

This commit replaces `os.MkdirAll` with `t.TempDir` in tests. The
directory created by `t.TempDir` is automatically removed when the test
and all its subtests complete.

Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-11-08 09:16:32 -07:00
Denis Mishin
a3cfe8fa42
keep trace span context (#3724) 2022-11-04 17:52:13 -04:00
Caleb Doxsey
c178819875
move directory providers (#3633) 
* remove directory providers and support for groups

* idp: remove directory providers

* better error messages

* fix errors

* restore postgres

* fix test
 2022-11-03 11:33:56 -06:00
Caleb Doxsey
30bdae3d9e
sessions: check idp id to detect provider changes to force session invalidation (#3707) 
* sessions: check idp id to detect provider changes to force session invalidation

* remove dead code

* fix test
 2022-10-25 16:20:32 -06:00
Caleb Doxsey
b68dc1ff4f
controlplane: move jwks.json endpoint to control plane (#3691) 2022-10-25 08:01:33 -06:00
Caleb Doxsey
63b210e51d
httputil: remove error details (#3703) 2022-10-25 08:00:21 -06:00
Caleb Doxsey
75634dfca2
authenticate: remove ecjson (#3688) 2022-10-20 10:37:21 -06:00
dependabot[bot]
ec495bb682
chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667) 
* chore(deps): bump github.com/golangci/golangci-lint

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.48.0 to 1.50.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* lint

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
 2022-10-19 09:36:59 -06:00
Caleb Doxsey
d147846e64
fileutil: update watcher to use fsnotify and polling (#3663) 
* fileutil: update watcher to use fsnotify and polling

* raise timeout

* maybe fix
 2022-10-19 09:13:08 -06:00
Caleb Doxsey
daed2d260c
config: disable envoy admin by default, expose stats via envoy route (#3677) 2022-10-18 16:25:03 -06:00
Alex
fc21579e4b
Fix typos (#3575) 
typos
 2022-08-30 15:51:40 -07:00
Caleb Doxsey
8713108821
autocert: fix flaky test (#3591) 2022-08-30 10:02:15 -06:00
Caleb Doxsey
e5ac784cf4
autocert: add support for ACME TLS-ALPN (#3590) 
* autocert: add support for ACME TLS-ALPN

* always re-create acme tls server
 2022-08-29 16:19:20 -06:00
Caleb Doxsey
46703b9419
config: add branding settings (#3558) 2022-08-16 14:51:47 -06:00
Caleb Doxsey
6140ee1d88
controlplane: add well-known endpoint to the controlplane http handler (#3555) 
* controlplane: add well-known endpoint to the controlplane http handler

* add support for trailing /

* remove redundant test
 2022-08-16 09:59:39 -06:00
Caleb Doxsey
3c63b6c028
authorize: add policy error details for custom error messages (#3542) 
* authorize: add policy error details for custom error messages

* remove fmt.Println

* fix tests

* add docs
 2022-08-09 14:46:31 -06:00