Commit graph

18 commits

Author SHA1 Message Date
Tejasvi Nareddy
f966e5ab19 (proxy, internal/config, internal/log, docs): opt-in websocket support 2019-06-01 22:39:46 -04:00
u5surf
c274112ecc all: fix incorrect http status codes #135 2019-05-29 12:57:02 +09:00
Bobby DeSimone
66b4c2d3cd
authenticate/proxy: add user impersonation, refresh, dashboard (#123)
proxy: Add user dashboard. [GH-123]
proxy/authenticate: Add manual refresh of their session. [GH-73]
authorize: Add administrator (super user) account support. [GH-110]
internal/policy: Allow administrators to impersonate other users. [GH-110]
2019-05-26 12:33:00 -07:00
Travis Groth
febf9464a4 Switch options parsing to viper 2019-05-25 15:06:32 -04:00
Tejasvi Nareddy
c5d2e40435 (proxy, internal\policy, docs\reference): define new access control option to bypass authentication 2019-05-22 23:12:30 -04:00
Bobby DeSimone
3eff6cce13
internal/sessions: make user state domain scoped
internal/sessions: session state is domain scoped
internal/sessions: infer csrf cookie, route scoped
proxy & authenticate: use shared cookie name
proxy & authenticate: prevent resaving unchanged session
proxy & authenticate: redirect instead of error for no session on login
internal/config: merge cookies
proxy: remove favicon specific route
proxy: use mock server for tests
proxy: add tests for failures
2019-05-20 20:44:05 -07:00
Travis Groth
ebb6df6c3f Refactor to central options struct and parsing 2019-05-18 08:17:36 -04:00
Bobby DeSimone
cfac5f10ff
cmd/pomerium: move middleware for all http handlers to global context (#117) 2019-05-14 13:23:25 -07:00
nitper
45bb2e0a4d
add cors_allow_preflight option to route policy 2019-05-03 15:16:46 -04:00
Bobby DeSimone
c13459bb88
authorize: add authorization (#59)
* authorize: authorization module adds support for per-route access policy. In this release we support the most common forms of identity based access policy: `allowed_users`, `allowed_groups`, and `allowed_domains`. In future versions, the authorization module will also support context and device based authorization policy and decisions. See website documentation for more details.
 * docs: updated `env.example` to include a `POLICY` setting example.
 * docs:  added `IDP_SERVICE_ACCOUNT` to  `env.example` .
 * docs: removed `PROXY_ROOT_DOMAIN` settings which has been replaced by `POLICY`.
 * all: removed `ALLOWED_DOMAINS` settings which has been replaced by `POLICY`. Authorization is now handled by the authorization service and is defined in the policy configuration files.
 * proxy: `ROUTES` settings which has been replaced by `POLICY`.
* internal/log: `http.Server` and `httputil.NewSingleHostReverseProxy` now uses pomerium's logging package instead of the standard library's built in one.

Closes #54
Closes #41
Closes #61
Closes #58
2019-03-07 12:47:07 -08:00
Bobby DeSimone
1187be2bf3
authenticator: support groups (#57)
- authenticate/providers: add group support to azure
- authenticate/providers: add group support to google
- authenticate/providers: add group support to okta
- authenticate/providers: add group support to onelogin
- {authenticate/proxy}: change default cookie lifetime timeout to 14 hours
- proxy: sign group membership
- proxy: add group header
- deployment: add CHANGELOG
- deployment: fix where make release wasn’t including version
2019-02-28 19:34:22 -08:00
Bobby DeSimone
dbafc691c3
all: general cleanup readying for tagged release (#48)
- docs: add code coverage to readme
- internal/sessions: refactor sessions to clarify lifetime
- authenticate: simplified signin flow
- deployment: update go mods
- internal/testutil: removed package
- internal/singleflight: removed package
2019-02-16 12:43:18 -08:00
Bobby DeSimone
805f0198d2
authenticate: add tests, fix signout (#45)
- authenticate: a bug where sign out failed to revoke the remote session
- docs: add code coverage to readme
- authenticate: Rename shorthand receiver variable name
- authenticate: consolidate sign in
2019-02-14 00:01:50 -08:00
Bobby DeSimone
09744f6adb
proxy: add tests (#44) 2019-02-12 16:38:17 -08:00
Bobby DeSimone
4f4f3965aa
proxy: add unit tests (#43) 2019-02-11 20:15:01 -08:00
Bobby DeSimone
cedf9922d3
proxy: add unit tests (#42)
- Fixed pomerium.io site description
- Updated kubernetes examples to use the latest docker images.
- Use cryputil hash function for proxy hmac.
- Add unit tests for proxy handlers.
2019-02-08 22:39:48 -08:00
Bobby DeSimone
ebc1453292
proxy: use internal/httputil for error handling (#36)
- General formatting and comment cleanup.
- Inject pomerium version at compiletime via template package.
2019-01-30 12:22:03 -08:00
Bobby DeSimone
236e5cd7de
authenticate: remove extra login page (#34)
- Fixed a bug where Lifetime TTL was set to a minute.
- Remove nested mux in authenticate handlers.
- Remove extra ping endpoint in authenticate and proxy.
- Simplified sign in flow with multi-catch case statement.
- Removed debugging logging.
- Broke out cmd/pomerium options into own file.
- Renamed msicreant cipher to just cipher.

Closes #23
2019-01-29 20:28:55 -08:00