discourse
/
discourse-auth-proxy
mirror of https://github.com/discourse/discourse-auth-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
70 Commits 5 Branches 0 Tags 129 KiB
Commit Graph

70 Commits

Author SHA1 Message Date
Saj Goonatilleke 8fe4a0b7c0 dist: authn with concourse-ecr-pull-rtype 
t/124551
 2024-03-27 00:48:09 +11:00
Leonardo Mosquera 85db24a882
FEATURE: add --whitelist-prefix for allowing an entire path prefix (#11) 
Add --whitelist-prefix option to allowlist a path prefix

The existing --whitelist option only allows a fixed string; this one
does a prefix match instead.

Also extract allowedByWhiteList for unit testability, and add tests.
 2024-02-07 15:42:42 -03:00
Saj Goonatilleke 2aca4eb003 dist/concourse/{pipeline.yaml => pipeline-trunk.yaml} 
Follow up to commit 79f3a76.
Typo.  This bit is hard to test prior to trunk merge. ;)
Name is significant.  The superpipeline expects to find the latter.
 2024-01-25 12:05:21 +11:00
Saj Goonatilleke 79f3a76707 build and release with Concourse 
This is a public repository.  This message intentionally redacted.
See t/120483 for rationale.
 2024-01-25 11:59:41 +11:00
Saj Goonatilleke 5bb40a908f docker: debian bullseye -> bookworm 2023-12-05 03:26:54 +11:00
Saj Goonatilleke a2b1e30b12 docker: build with alpine 3.18 (from 3.15) 2023-06-14 01:40:43 +10:00
Saj Goonatilleke 4621c64c2f docker: platform=linux/amd64 
Past releases were all for amd64.  Other archs are implicitly
unsupported at this time.
 2022-05-27 18:17:14 +10:00
Saj Goonatilleke f78b3b04fc docker: build with alpine 3.15 (from 3.14) 2022-05-27 18:15:29 +10:00
Andrew Schleifer 694a442d45
DEV: release Makefile target and documentation 2022-04-06 14:06:08 +00:00
Saj Goonatilleke aba7b4f458 docker: remove -maxdepth from find 
As far as I can recall, my original intent was to perform a recursive
directory entry removal without resorting to a shell glob.  Recursive
descent works a lot better when find is allowed to, y'know, descend.

Suspect this was a brain fart on my part.
 2021-11-12 06:15:52 +11:00
Eleni Michalaki 2421a0c338
Docker: replace alpine with debian bullseye 2021-10-18 15:59:01 +02:00
Saj Goonatilleke 0dbd380fe3 docker: bump to golang:1.16.5-alpine3.13 2021-06-05 05:27:43 +10:00
Andrew Schleifer 21e68c4184 doc: use example.com 
cf. rfc2606
 2020-12-17 06:23:52 +00:00
Sam Saffron f2123554cf FEATURE: add support for allowGroups setting 
This new setting allows you to add a list of comma delimited groups to
the allow list.

Previous to this change auth proxy was able to authenticate admins OR
all users on the site, without any fidelity of allowing specific groups.

This also refactors the tests somewhat and adds a bunch of integration
tests to ensure the new setting is properly respected.

Co-authored-by: Saj Goonatilleke <saj@discourse.org>
 2020-12-16 15:43:35 +11:00
Saj Goonatilleke 6370ef8f24 docker: build with explicit go version 
It is occasionally useful to assert that our output was built with >=x
version of the Go compiler or linked against >=x version of the Go
standard library.  While it is possible to make this assertion after the
fact -- say, by dumping the value of runtime.buildVersion with a
debugger -- it's usually much easier to inspect this file.
 2020-11-19 05:10:43 +11:00
Saj Goonatilleke 7a06dd08e8 make: build against latest mutable alpine tag 2020-11-19 05:06:42 +11:00
Saj Goonatilleke 603e2b7d86 encode /sso_provider query parameters 2020-11-06 09:37:40 +11:00
Saj Goonatilleke 9d9047a2a1 deref pointers 2020-11-06 09:25:38 +11:00
Saj Goonatilleke 6d8aa28a19 remove unused sameHost function 2020-11-06 08:51:26 +11:00
Saj Goonatilleke cc8906ee36 switch to go modules 2020-11-06 08:50:35 +11:00
Kane York 723b8f7872
SECURITY: Properly escape URLs when writing redirections 2020-06-09 11:56:50 -07:00
Kane York 1cb59fc2ce
FIX: Properly query-escape URLs, several other cleanups (#7) 
Use Form.Get() instead of [0].
Move important constants to constants.
Document some functions.
Eliminate a single-use one-line closure.
Avoid bare return when reasonable.
 2020-06-09 11:55:30 -07:00
Matt Palmer f81d3bb030 Explicitly set path on auth cookie 
https://dev.discourse.org/t/15317
 2019-08-13 11:53:56 +10:00
Saj Goonatilleke f0bbe5bd1e Add error logging to aid in SSO debugging 2019-07-24 00:25:54 +10:00
Saj Goonatilleke 6fa4ba03da Remove log noise written on the common path 
Implement analogous functionality in the `logHandler` if you care about
this information.  That middleware can at least be toggled on and off.
 2019-07-13 07:42:17 +10:00
Robin Ward c55602bfb1 FIX: we moved the image 2019-07-03 12:49:57 -04:00
Matt Palmer e9ca223cf8 Support auth-proxy on a subpath 2019-06-25 10:21:39 +10:00
Matt Palmer 329525bfa8 Allow auth-proxy to be fronted via a Unix socket 2019-06-10 08:09:35 +10:00
Saj Goonatilleke d40dcddbdd Allow SRV deadline to be configured at runtime 2019-05-15 23:34:49 +10:00
Saj Goonatilleke ec51e302f5 Add support for optional request logging 
This is a debugging aid only.  The log format is not stable (and thus
not documented).
 2019-05-15 21:26:35 +10:00
Saj Goonatilleke c7a9ad814b Ensure we never inadvertently whitelist an empty path 
I cannot recall whether the Path field is guaranteed to be non-empty on
incoming Request values.  When in doubt...
 2019-05-15 21:26:08 +10:00
Saj Goonatilleke c9b7e27f76 Move all this config gubbins out of the way 
There are two distinct configuration layers in this program:  the 'raw'
types provided by the flag library, and the 'validated' types we present
to the rest of the program.  This commit makes that distinction clear,
and internalises some pointer muck from the flag lib.
 2019-05-15 21:26:02 +10:00
Saj Goonatilleke bdc39cee65 Fix tests 2019-05-15 17:44:44 +10:00
Saj Goonatilleke 33403daf59 Remove Ptr from identifier names 
This is not customary in Go.
 2019-05-15 17:13:43 +10:00
Saj Goonatilleke d776ff7bcd Optionally use DNS SRV records for origin discovery 2019-05-07 04:48:50 +10:00
Andrew Schleifer 0a8b276f34 code block 2018-09-21 15:46:30 +08:00
Andrew Schleifer 8bea12489d option for whitelisted /path 2018-09-21 15:01:59 +08:00
Andrew Schleifer deaf725bae COPY to WORKDIR 
deduplication
 2018-09-21 15:01:59 +08:00
Andrew Schleifer 3931d81e78 define a WORKDIR 
makes cache invalidation less likely
 2018-09-21 15:01:59 +08:00
Andrew Schleifer e2d47b0eec copy file after building OS 
that way changes to the source don't invalidate the cached layers
 2018-09-21 15:01:58 +08:00
Andrew Schleifer 2ed757a038 new build regime 
* use new makefile style, remove two previous build systems
* multi-stage build for the tiniest image
 2018-09-21 15:01:58 +08:00
Guo Xiang Tan 70d2dbea5c
Update README.md 2018-09-14 14:50:06 +08:00
Rafael dos Santos Silva 15ab750172 FIX: Discourse groups now are in CSV format instead of an array 2018-07-23 22:48:33 -03:00
Matt Palmer 017810a752 Allow HTTP timeouts to be configurable 2017-11-22 09:05:10 +11:00
Matt Palmer 50495bc774 Don't push if the build failed 2017-11-22 09:01:32 +11:00
Matt Palmer 21ea40b9ba More logging for basic auth support 
Need to know where things go missing.
 2017-11-10 12:24:42 +11:00
Matt Palmer 385c8aea44 Guard LRU cache against concurrent access 
Our chosen LRU cache implementation is not, as it turns out, thread-safe.
So we need to cast mutexes around to make everything OK.
 2017-10-31 17:18:59 +11:00
Rafael dos Santos Silva 66b01c7acb Merge pull request #6 from discourse/groups_in_sso_provider 
Feature: Group handling
 2017-10-26 21:18:38 -02:00
Matt Palmer 8dcded8013 New build system 
Far more idiomatic.
 2017-10-27 09:52:38 +11:00
Rafael dos Santos Silva 22af9254a5 Feature: Group handling 2017-10-25 23:32:39 -02:00