pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 02:16:28 +02:00

Author	SHA1	Message	Date
Denis Mishin	ccf15f8f3d	move hpke public key handler out of internal (#4065 )	2023-03-20 10:37:00 -04:00
Caleb Doxsey	0f295d4a63	hpke: move published public keys to a new endpoint (#4044 )	2023-03-08 09:17:04 -07:00
Caleb Doxsey	2b8d51def5	urlutil: add version to query string (#4028 )	2023-02-28 14:01:13 -07:00
Denis Mishin	62ca7ffaa2	authenticate: fix authenticate_internal_service_url for all in one (#4003 )	2023-02-22 10:42:27 -05:00
Caleb Doxsey	da46b4a47d	config: use insecure skip verify if derived certificates are not used (#3861 )	2023-01-11 13:50:51 -07:00
Denis Mishin	a49f86d023	use tlsClientConfig instead of custom dialer (#3830 ) * use tlsClientConfig instead of custom dialer * rm debug log	2022-12-27 09:55:36 -07:00
Caleb Doxsey	3e892a8533	options: support multiple signing keys (#3828 ) * options: support multiple signing keys * fix controlplane method, errors	2022-12-22 09:31:09 -07:00
Caleb Doxsey	753eeff12f	proxy: fix sign out redirect (#3827 ) * proxy: fix sign out redirect * add test	2022-12-20 09:32:49 -07:00
Caleb Doxsey	c86ca6f76f	webauthn: require session when accessing /.pomerium/webauthn (#3814 ) * webauthn: require session when accessing /.pomerium/webauthn * remove dead code * remove unusued PomeriumDomains field	2022-12-16 10:59:21 -07:00
Caleb Doxsey	b375dc4896	jwt: require logged in user to return .pomerium/jwt (#3807 ) * jwt: require logged in user to return .pomerium/jwt * fix test * update test	2022-12-13 13:49:36 -07:00
Caleb Doxsey	57217af7dd	authenticate: implement hpke-based login flow (#3779 ) * urlutil: add time validation functions * authenticate: implement hpke-based login flow * fix import cycle * fix tests * log error * fix callback url * add idp param * fix test * fix test	2022-12-05 15:31:07 -07:00
Caleb Doxsey	fa26587f19	remove forward auth (#3628 )	2022-11-23 15:59:28 -07:00
Caleb Doxsey	c1a522cd82	proxy: add userinfo and webauthn endpoints (#3755 ) * proxy: add userinfo and webauthn endpoints * use TLD for RP id * use EffectiveTLDPlusOne * upgrade webauthn * fix test * Update internal/handlers/jwks.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>	2022-11-22 10:26:35 -07:00
Caleb Doxsey	9413123c0f	config: generate cookie secret if not set in all-in-one mode (#3742 ) * config: generate cookie secret if not set in all-in-one mode * fix tests * config: add warning about cookie_secret * breakup lines	2022-11-11 14:14:30 -07:00
Caleb Doxsey	30bdae3d9e	sessions: check idp id to detect provider changes to force session invalidation (#3707 ) * sessions: check idp id to detect provider changes to force session invalidation * remove dead code * fix test	2022-10-25 16:20:32 -06:00
Caleb Doxsey	63b210e51d	httputil: remove error details (#3703 )	2022-10-25 08:00:21 -06:00
Caleb Doxsey	0ac7e45a21	atomicutil: use atomicutil.Value wherever possible (#3517 ) * atomicutil: use atomicutil.Value wherever possible * fix test * fix mux router	2022-07-28 15:38:38 -06:00
Caleb Doxsey	86625a4ddb	config: support files for shared_secret, client_secret, cookie_secret and signing_key (#3453 )	2022-06-29 10:44:08 -06:00
bobby	ebbb6a7ff2	docs: update references, remove docs dir (#3420 ) * docs: update references, remove docs dir Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * Update README.md Co-authored-by: Alex Fornuto <afornuto@pomerium.com> * Update Docs Paths * precommit Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * remove spellcheck Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * spell the check Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> Co-authored-by: Alex Fornuto <afornuto@pomerium.com>	2022-06-13 16:52:52 -07:00
Caleb Doxsey	fd82cc7870	authenticate: allow changing the authenticate service URL at runtime (#3378 ) * config: better change detection * wip * fix middleware * add middleware before handlers * use ctx	2022-05-31 13:24:40 -06:00
Caleb Doxsey	46c4d5fa7e	session: remove unused session state properties (#3022 ) * fix error page * share dashboard code * sessions: remove unused session state properties * remove programmatic * remove version	2022-02-09 10:59:06 -07:00
Caleb Doxsey	0898dd4f34	proxy: fix error page (#3020 ) * fix error page * proxy: fix error page * share dashboard code * fix test	2022-02-09 09:14:24 -07:00
Caleb Doxsey	2824faecbf	frontend: react+mui (#3004 ) * mui v5 wip * wip * wip * wip * use compressor for all controlplane endpoints * wip * wip * add deps * fix authenticate URL * fix test * fix test * fix build * maybe fix build * fix integration test * remove image asset test * add yarn.lock	2022-02-07 08:47:58 -07:00
Caleb Doxsey	5a858f5d48	config: add internal service URLs (#2801 ) * config: add internal service URLs * maybe fix integration tests * add docs * fix integration tests * for databroker connect to external name, but listen on internal name * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/readme.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/reference/settings.yaml Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>	2021-12-10 14:04:37 -05:00
Caleb Doxsey	a8b76bd623	authorize: support X-Pomerium-Authorization in addition to Authorization (#2780 ) * authorize: support X-Pomerium-Authorization in addition to Authorization * tangentental correction Co-authored-by: alexfornuto <alex@fornuto.com>	2021-11-29 12:19:14 -07:00
Caleb Doxsey	63ee30d69c	options: remove refresh_cooldown, add allow_spdy to proto (#2446 )	2021-08-06 10:06:57 -06:00
wasaga	134ca74ec9	proxy: add idle timeout (#2319 )	2021-07-02 10:29:53 -04:00
Caleb Doxsey	f9675f61cc	deps: upgrade to go-jose v3 (#2284 )	2021-06-10 09:35:44 -06:00
wasaga	db00821001	auth: do not strip query parameters in forward auth (#2216 )	2021-05-28 17:19:18 -04:00
bobby	51655a5502	Revert "authenticate,proxy: add same site lax to cookies (#2159 )" (#2203 ) This reverts commit `d9cc26a2e0`.	2021-05-14 15:36:05 -07:00
Caleb Doxsey	d9cc26a2e0	authenticate,proxy: add same site lax to cookies (#2159 )	2021-04-30 10:24:47 -06:00
Caleb Doxsey	b1d62bb541	config: remove validate side effects (#2109 ) * config: default shared key * handle additional errors * update grpc addr and grpc insecure * update google cloud service authentication service account * fix set response headers * fix qps * fix test	2021-04-22 15:10:50 -06:00
wasaga	e0c09a0998	log context (#2107 )	2021-04-22 10:58:13 -04:00
Caleb Doxsey	6d1d2bec54	crypto: use actual bytes of shared secret, not the base64 encoded representation (#2075 ) * crypto: use actual bytes of shared secret, not the base64 encoded representation * return errors * return errors	2021-04-08 20:04:01 -06:00
Caleb Doxsey	a51c7140ea	cryptutil: use bytes for hmac (#2067 )	2021-04-07 14:57:24 -06:00
Caleb Doxsey	f84f7551d0	authenticate: fix default sign out url (#2061 )	2021-04-06 10:35:08 -06:00
Travis Groth	c7d243d742	proxy: restrict programmatic URLs to localhost (#2049 ) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2021-04-01 10:04:49 -04:00
Travis Groth	0635c838c9	authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out (#2048 ) Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>	2021-04-01 10:04:16 -04:00
Caleb Doxsey	3690a32855	config: use getters for authenticate, signout and forward auth urls (#2000 )	2021-03-19 14:49:25 -06:00
Caleb Doxsey	f396c2a0f7	config: log config source changes (#1959 ) * config: log config source changes * use internal log import	2021-03-03 09:54:08 -07:00
Caleb Doxsey	4f2bb60adb	proxy: redirect to dashboard for logout (#1944 )	2021-02-24 11:52:38 -07:00
Caleb Doxsey	1a1cc30c67	config: support map of jwt claim headers (#1906 ) * config: support map of jwt claim headers * fix array handling, add test * update docs * use separate hook, add tests	2021-02-17 13:43:18 -07:00
bobby	c3e3ed9b50	authenticate: validate origin of signout (#1876 ) * authenticate: validate origin of signout - add a debug task to kill envoy - improve various function docs - userinfo: return "error" page if user is logged out without redirect uri set - remove front channel logout. There's little difference between it, and the signout function. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-02-11 21:37:54 -08:00
Caleb Doxsey	cc85ea601d	policy: add new certificate-authority option for downstream mTLS client certificates (#1835 ) * policy: add new certificate-authority option for downstream mTLS client certificates * update proto, docs	2021-02-01 08:10:32 -07:00
wasaga	67f6030e1e	upstream endpoints load balancer weights (#1830 )	2021-01-28 09:11:14 -05:00
Caleb Doxsey	84e8f6cc05	config: fix databroker policies (#1821 )	2021-01-25 17:18:50 -07:00
Caleb Doxsey	a4c7381eba	config: support multiple destination addresses (#1789 ) * config: support multiple destination addresses * use constructor for string slice * add docs * add test for multiple destinations * fix name	2021-01-20 15:18:24 -07:00
Caleb Doxsey	b16236496b	jws: remove issuer (#1754 )	2021-01-11 07:57:54 -07:00
bobby	f837c92741	dev: update linter (#1728 ) - gofumpt everything - fix TLS MinVersion to be at least 1.2 - add octal syntax - remove newlines - fix potential decompression bomb in ecjson - remove implicit memory aliasing in for loops. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2020-12-30 09:02:57 -08:00
bobby	c199909032	forward-auth: fix special character support for nginx (#1578 )	2020-11-12 13:10:57 -05:00

1 2 3 4 5

212 commits