- Aug 27, 2020
-
-
Joel Speed authored
Only log no cookie match if cookie domains specified
-
Joel Speed authored
-
- Aug 25, 2020
-
-
Dan Bond authored
* dist.sh: remove go version from asset links * update changelog
-
- Aug 17, 2020
-
-
Joel Speed authored
Create generic Authorization Header constructor
-
Joel Speed authored
-
Joel Speed authored
Ensure session times are not nil before printing them
-
Joel Speed authored
-
- Aug 16, 2020
-
-
Joel Speed authored
Allow OIDC Bearer Tokens without emails
-
- Aug 15, 2020
-
-
Nick Meves authored
`findClaimsFromIDToken` would always have a `nil` access token and not be able to hit the userinfo endpoint in Bearer case. If access token is nil, default to legacy `session.Email = claim.Subject` that all JWT bearers used to have, even if a valid profileURL is present.
-
Nick Meves authored
-
Nick Meves authored
This reverts to functionality before #499 where an OIDC provider could be used with `--skip-jwt-bearer-tokens` and tokens without an email or profileURL would still be valid. This logic mirrors `middleware.createSessionStateFromBearerToken` which used to be the universal logic before #499.
-
- Aug 14, 2020
-
-
Joel Speed authored
Support Password & SentinelPassword in Redis session store
-
- Aug 12, 2020
-
-
Nick Meves authored
-
Nick Meves authored
Add `x-oauth-basic` nosec annotation & address gosec unhandled errors
-
- Aug 11, 2020
-
-
Nick Meves authored
-
- Aug 10, 2020
-
-
Phil Taprogge authored
* Add dedicated error logging writer * Document new errors to stdout flag * Update changelog * Thread-safe the log buffer * Address feedback * Remove duplication by adding log level * Clean up error formatting * Apply suggestions from code review Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
-
- Aug 09, 2020
-
-
Nick Meves authored
Address gosec findings
-
Nick Meves authored
Any template errors instead of IO errors are caught in validation.
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
-
Nick Meves authored
Mostly handling unhandled errors appropriately. If logging to STDERR fails, we panic. Added #nosec comments to findings we are OK with.
-
- Aug 07, 2020
-
-
Joel Speed authored
Fix time issue causing finicky failures in logging tests
-
Nick Meves authored
-
- Aug 04, 2020
-
-
Nick Meves authored
Fix typos and other minor edits
-
Ryan Schmidt authored
-
- Jul 29, 2020
-
-
Joel Speed authored
Add pull request events to CodeQL action
-
Justin Hutchings authored
This will validate pull requests from forks to ensure that changes don't end up impacting you negatively.
-
- Jul 22, 2020
-
-
Joel Speed authored
Align persistence ginkgo tests to conventions
-
Nick Meves authored
-
- Jul 21, 2020
-
-
Andy Voltz authored
* Add test for GetRedirect to check query and fragments. * Preserve query and fragment when building redirect. * Add changelog entry for redirect fix
-
- Jul 20, 2020
-
-
Joel Speed authored
Move provider URLs to package level vars
-
Nick Meves authored
* Centralize Ticket management of persistent stores persistence package with Manager & Ticket will handle all the details about keys, secrets, ticket into cookies, etc. Persistent stores just need to pass Save, Load & Clear function handles to the persistent manager now. * Shift to persistence.Manager wrapping a persistence.Store * Break up the Redis client builder logic * Move error messages to Store from Manager * Convert ticket to private for Manager use only * Add persistence Manager & ticket tests * Make a custom MockStore that handles time FastForwards
-
Joel Speed authored
Refactor session loading to make use of middleware pattern
-
Joel Speed authored
Integrate upstream package with OAuth2 Proxy
-
Joel Speed authored
-