pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	fa26587f19	remove forward auth (#3628 )	2022-11-23 15:59:28 -07:00
Caleb Doxsey	30bdae3d9e	sessions: check idp id to detect provider changes to force session invalidation (#3707 ) * sessions: check idp id to detect provider changes to force session invalidation * remove dead code * fix test	2022-10-25 16:20:32 -06:00
Caleb Doxsey	c0ca1e1a98	authorize: handle user-unauthenticated response for deny blocks (#3559 ) * authorize: handle user-unauthenticated response for deny blocks * fix test	2022-08-22 17:09:26 -06:00
Caleb Doxsey	0ac7e45a21	atomicutil: use atomicutil.Value wherever possible (#3517 ) * atomicutil: use atomicutil.Value wherever possible * fix test * fix mux router	2022-07-28 15:38:38 -06:00
Caleb Doxsey	f61e7efe73	authorize: use query instead of sync for databroker data (#3377 )	2022-06-01 15:40:07 -06:00
Caleb Doxsey	c19048649a	authorize: add support for cidr lookups (#3277 )	2022-04-19 16:18:34 -06:00
Caleb Doxsey	f9b95a276b	authenticate: support for per-route client id and client secret (#3030 ) * implement dynamic provider support * authenticate: support per-route client id and secret	2022-02-16 12:31:55 -07:00
Caleb Doxsey	0898dd4f34	proxy: fix error page (#3020 ) * fix error page * proxy: fix error page * share dashboard code * fix test	2022-02-09 09:14:24 -07:00
Caleb Doxsey	2824faecbf	frontend: react+mui (#3004 ) * mui v5 wip * wip * wip * wip * use compressor for all controlplane endpoints * wip * wip * add deps * fix authenticate URL * fix test * fix test * fix build * maybe fix build * fix integration test * remove image asset test * add yarn.lock	2022-02-07 08:47:58 -07:00
Caleb Doxsey	3497c39b9b	authorize: add support for webauthn device policy enforcement (#2700 ) * authorize: add support for webauthn device policy enforcement * update docs * group statuses	2021-10-25 09:41:03 -06:00
Caleb Doxsey	efffe57bf0	ppl: pass contextual information through policy (#2612 ) * ppl: pass contextual information through policy * maybe fix nginx * fix nginx * pr comments * go mod tidy	2021-09-20 16:02:26 -06:00
Caleb Doxsey	9dc90d02d0	authorize: only redirect for HTML pages (#2264 ) * authorize: only redirect for HTML pages * authorize: only redirect for HTML pages	2021-06-02 16:18:02 -06:00
Caleb Doxsey	dad35bcfb0	ppl: refactor authorize to evaluate PPL (#2224 ) * ppl: refactor authorize to evaluate PPL * remove opa test step * add log statement * simplify assignment * deny with forbidden if logged in * add safeEval function * create evaluator-specific config and options * embed the headers rego file directly	2021-05-21 09:50:18 -06:00
bobby	9215833a0b	control plane: add request id to all error pages (#2149 ) * controlplane: add request id to all error pages - use a single http error handler for both envoy and go control plane - add http lib style status text for our custom statuses. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>	2021-04-28 15:04:44 -07:00
Caleb Doxsey	d7ab817de7	authorize: add databroker server and record version to result, force sync via polling (#2024 ) * authorize: add databroker server and record version to result, force sync via polling * wrap inmem store to take read lock when grabbing databroker versions * address code review comments * reset max to 0	2021-03-31 10:09:06 -06:00
Caleb Doxsey	3690a32855	config: use getters for authenticate, signout and forward auth urls (#2000 )	2021-03-19 14:49:25 -06:00
Caleb Doxsey	eddabc46c7	envoy: upgrade to v1.17.1 (#1993 )	2021-03-17 19:32:58 -06:00
Caleb Doxsey	1a1cc30c67	config: support map of jwt claim headers (#1906 ) * config: support map of jwt claim headers * fix array handling, add test * update docs * use separate hook, add tests	2021-02-17 13:43:18 -07:00
Caleb Doxsey	7d236ca1af	authorize: move headers and jwt signing to rego (#1856 ) * wip * wip * wip * remove SignedJWT field * set google_cloud_serverless_authentication_service_account * update jwt claim headers * add mock get_google_cloud_serverless_headers for opa test * swap issuer and audience * add comment * change default port in authz	2021-02-08 10:53:21 -07:00
Caleb Doxsey	eed873b263	authorize: remove DataBrokerData (#1846 ) * authorize: remove DataBrokerData * fix method name	2021-02-02 11:40:21 -07:00
wasaga	67f6030e1e	upstream endpoints load balancer weights (#1830 )	2021-01-28 09:11:14 -05:00
Caleb Doxsey	bec98051ae	config: return errors on invalid URLs, fix linting (#1829 )	2021-01-27 07:58:30 -07:00
Caleb Doxsey	a4c7381eba	config: support multiple destination addresses (#1789 ) * config: support multiple destination addresses * use constructor for string slice * add docs * add test for multiple destinations * fix name	2021-01-20 15:18:24 -07:00
Caleb Doxsey	b16236496b	jws: remove issuer (#1754 )	2021-01-11 07:57:54 -07:00
Caleb Doxsey	a19e45334b	proxy: remove impersonate headers for kubernetes (#1394 ) * proxy: remove impersonate headers for kubernetes * master on frontend/statik	2020-09-09 15:24:39 -06:00
Caleb Doxsey	6dee647a16	authorize: use atomic state for properties (#1290 )	2020-08-17 14:24:06 -06:00
Caleb Doxsey	fbf5b403b9	config: allow dynamic configuration of cookie settings (#1267 )	2020-08-13 08:11:34 -06:00
Cuong Manh Le	5d3b551524	authorize: increase test coverage - Add test cases for sync functions - Add test for valid JWT - Add session state to Test_getEvaluatorRequest	2020-08-06 21:02:20 +07:00
Cuong Manh Le	351a449023	authorize: add test for denied response (#1197 )	2020-08-04 21:20:30 +07:00
Cuong Manh Le	fa43db80c1	authorize: derive check response message from reply message (#1193 ) * authorize: derive check response message from reply message While at it, add tests for ok response related functions. * authorize: more test case for ok reply with k8s svc	2020-08-04 09:12:30 +07:00

30 commits