diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 6af708f887..d88fd96b21 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,10 +1,9 @@ -# Default owner should be a Pusher cloud-team member or another maintainer -# unless overridden by later rules in this file -* @pusher/cloud-team @syscll @steakunderscore @JoelSpeed +# Default owner should be a core maintainer unless overridden by later rules in this file +* @syscll @steakunderscore @JoelSpeed # login.gov provider # Note: If @timothy-spencer terms out of his appointment, your best bet -# for finding somebody who can test the oauth2_proxy would be to ask somebody +# for finding somebody who can test the oauth2-proxy would be to ask somebody # in the login.gov team (https://login.gov/developers/), the cloud.gov team # (https://cloud.gov/docs/help/), or the 18F org (https://18f.gsa.gov/contact/ # or the public devops channel at https://chat.18f.gov/). diff --git a/.gitignore b/.gitignore index aff7b5b342..a2aa729aa4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -oauth2_proxy +oauth2-proxy vendor dist release diff --git a/CHANGELOG.md b/CHANGELOG.md index c361624114..ff77e9da5d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,21 +24,21 @@ N/A ## Changes since v5.0.0 -- [#450](https://github.com/pusher/oauth2_proxy/pull/450) Fix http.Cookie SameSite is not copied (@johejo) -- [#445](https://github.com/pusher/oauth2_proxy/pull/445) Expose `acr_values` to all providers (@holyjak) -- [#419](https://github.com/pusher/oauth2_proxy/pull/419) Support Go 1.14, upgrade dependencies, upgrade golangci-lint to 1.23.6 (@johejo) -- [#444](https://github.com/pusher/oauth2_proxy/pull/444) Support prompt in addition to approval-prompt (@holyjak) -- [#435](https://github.com/pusher/oauth2_proxy/pull/435) Fix issue with group validation calling google directory API on every HTTP request (@ericofusco) -- [#400](https://github.com/pusher/oauth2_proxy/pull/400) Add `nsswitch.conf` to Docker image to allow hosts file to work (@luketainton) -- [#385](https://github.com/pusher/oauth2_proxy/pull/385) Use the `Authorization` header instead of `access_token` for refreshing GitHub Provider sessions (@ibuclaw) -- [#372](https://github.com/pusher/oauth2_proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec) -- [#335](https://github.com/pusher/oauth2_proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat) -- [#363](https://github.com/pusher/oauth2_proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf) -- [#353](https://github.com/pusher/oauth2_proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster) -- [#355](https://github.com/pusher/oauth2_proxy/pull/355) Add Client Secret File support for providers that rotate client secret via file system (@pasha-r) -- [#401](https://github.com/pusher/oauth2_proxy/pull/401) Give the option to pass email address in the Basic auth header instead of upstream usernames. (@Spindel) -- [#405](https://github.com/pusher/oauth2_proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo) -- [#434](https://github.com/pusher/oauth2_proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz) +- [#450](https://github.com/oauth2-proxy/oauth2-proxy/pull/450) Fix http.Cookie SameSite is not copied (@johejo) +- [#445](https://github.com/oauth2-proxy/oauth2-proxy/pull/445) Expose `acr_values` to all providers (@holyjak) +- [#419](https://github.com/oauth2-proxy/oauth2-proxy/pull/419) Support Go 1.14, upgrade dependencies, upgrade golangci-lint to 1.23.6 (@johejo) +- [#444](https://github.com/oauth2-proxy/oauth2-proxy/pull/444) Support prompt in addition to approval-prompt (@holyjak) +- [#435](https://github.com/oauth2-proxy/oauth2-proxy/pull/435) Fix issue with group validation calling google directory API on every HTTP request (@ericofusco) +- [#400](https://github.com/oauth2-proxy/oauth2-proxy/pull/400) Add `nsswitch.conf` to Docker image to allow hosts file to work (@luketainton) +- [#385](https://github.com/oauth2-proxy/oauth2-proxy/pull/385) Use the `Authorization` header instead of `access_token` for refreshing GitHub Provider sessions (@ibuclaw) +- [#372](https://github.com/oauth2-proxy/oauth2-proxy/pull/372) Allow fallback to secondary verified email address in GitHub provider (@dmnemec) +- [#335](https://github.com/oauth2-proxy/oauth2-proxy/pull/335) OIDC Provider support for empty id_tokens in the access token refresh response (@howzat) +- [#363](https://github.com/oauth2-proxy/oauth2-proxy/pull/363) Extension of Redis Session Store to Support Redis Cluster (@yan-dblinf) +- [#353](https://github.com/oauth2-proxy/oauth2-proxy/pull/353) Fix login page fragment handling after soft reload on Firefox (@ffdybuster) +- [#355](https://github.com/oauth2-proxy/oauth2-proxy/pull/355) Add Client Secret File support for providers that rotate client secret via file system (@pasha-r) +- [#401](https://github.com/oauth2-proxy/oauth2-proxy/pull/401) Give the option to pass email address in the Basic auth header instead of upstream usernames. (@Spindel) +- [#405](https://github.com/oauth2-proxy/oauth2-proxy/pull/405) The `/sign_in` page now honors the `rd` query parameter, fixing the redirect after a successful authentication (@ti-mo) +- [#434](https://github.com/oauth2-proxy/oauth2-proxy/pull/434) Give the option to prefer email address in the username header when using the -pass-user-headers option (@jordancrawfordnz) # v5.0.0 @@ -49,23 +49,23 @@ N/A - DigitalOcean provider support added ## Important Notes -- (Security) Fix for [open redirect vulnerability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv).. a bad actor using `/\` in redirect URIs can redirect a session to another domain +- (Security) Fix for [open redirect vulnerability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv).. a bad actor using `/\` in redirect URIs can redirect a session to another domain ## Breaking Changes -- [#321](https://github.com/pusher/oauth2_proxy/pull/331) Add reverse proxy boolean flag to control whether headers like `X-Real-Ip` are accepted. +- [#321](https://github.com/oauth2-proxy/oauth2-proxy/pull/331) Add reverse proxy boolean flag to control whether headers like `X-Real-Ip` are accepted. This defaults to false. **Usage behind a reverse proxy will require this flag to be set to avoid logging the reverse proxy IP address**. ## Changes since v4.1.0 -- [#331](https://github.com/pusher/oauth2_proxy/pull/331) Add reverse proxy setting (@martin-css) -- [#365](https://github.com/pusher/oauth2_proxy/pull/365) Build with CGO=0 (@tomelliff) -- [#339](https://github.com/pusher/oauth2_proxy/pull/339) Add configuration for cookie 'SameSite' value. (@pgroudas) -- [#347](https://github.com/pusher/oauth2_proxy/pull/347) Update keycloak provider configuration documentation. (@sushiMix) -- [#325](https://github.com/pusher/oauth2_proxy/pull/325) dist.sh: use sha256sum (@syscll) -- [#179](https://github.com/pusher/oauth2_proxy/pull/179) Add Nextcloud provider (@Ramblurr) -- [#280](https://github.com/pusher/oauth2_proxy/pull/280) whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7) -- [#351](https://github.com/pusher/oauth2_proxy/pull/351) Add DigitalOcean Auth provider (@kamaln7) +- [#331](https://github.com/oauth2-proxy/oauth2-proxy/pull/331) Add reverse proxy setting (@martin-css) +- [#365](https://github.com/oauth2-proxy/oauth2-proxy/pull/365) Build with CGO=0 (@tomelliff) +- [#339](https://github.com/oauth2-proxy/oauth2-proxy/pull/339) Add configuration for cookie 'SameSite' value. (@pgroudas) +- [#347](https://github.com/oauth2-proxy/oauth2-proxy/pull/347) Update keycloak provider configuration documentation. (@sushiMix) +- [#325](https://github.com/oauth2-proxy/oauth2-proxy/pull/325) dist.sh: use sha256sum (@syscll) +- [#179](https://github.com/oauth2-proxy/oauth2-proxy/pull/179) Add Nextcloud provider (@Ramblurr) +- [#280](https://github.com/oauth2-proxy/oauth2-proxy/pull/280) whitelisted redirect domains: add support for whitelisting specific ports or allowing wildcard ports (@kamaln7) +- [#351](https://github.com/oauth2-proxy/oauth2-proxy/pull/351) Add DigitalOcean Auth provider (@kamaln7) # v4.1.0 @@ -84,29 +84,29 @@ N/A N/A ## Changes since v4.0.0 -- [#292](https://github.com/pusher/oauth2_proxy/pull/292) Added bash >= 4.0 dependency to configure script (@jmfrank63) -- [#227](https://github.com/pusher/oauth2_proxy/pull/227) Add Keycloak provider (@Ofinka) -- [#259](https://github.com/pusher/oauth2_proxy/pull/259) Redirect to HTTPS (@jmickey) -- [#273](https://github.com/pusher/oauth2_proxy/pull/273) Support Go 1.13 (@dio) -- [#275](https://github.com/pusher/oauth2_proxy/pull/275) docker: build from debian buster (@syscll) -- [#258](https://github.com/pusher/oauth2_proxy/pull/258) Add IDToken for Azure provider (@leyshon) - - This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://pusher.github.io/oauth2_proxy/configuration#redis-storage) -- [#286](https://github.com/pusher/oauth2_proxy/pull/286) Requests.go updated with useful error messages (@biotom) -- [#274](https://github.com/pusher/oauth2_proxy/pull/274) Supports many github teams with api pagination support (@toshi-miura, @apratina) -- [#302](https://github.com/pusher/oauth2_proxy/pull/302) Rewrite dist script (@syscll) -- [#304](https://github.com/pusher/oauth2_proxy/pull/304) Add new Logo! :tada: (@JoelSpeed) -- [#300](https://github.com/pusher/oauth2_proxy/pull/300) Added userinfo endpoint (@kbabuadze) -- [#309](https://github.com/pusher/oauth2_proxy/pull/309) Added support for custom CA when connecting to Redis cache (@lleszczu) -- [#248](https://github.com/pusher/oauth2_proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard) -- [#314](https://github.com/pusher/oauth2_proxy/pull/314) Add redirect capability to sign_out (@costelmoraru) -- [#265](https://github.com/pusher/oauth2_proxy/pull/265) Add upstream with static response (@cgroschupp) -- [#317](https://github.com/pusher/oauth2_proxy/pull/317) Add build for FreeBSD (@fnkr) -- [#296](https://github.com/pusher/oauth2_proxy/pull/296) Allow to override provider's name for sign-in page (@ffdybuster) +- [#292](https://github.com/oauth2-proxy/oauth2-proxy/pull/292) Added bash >= 4.0 dependency to configure script (@jmfrank63) +- [#227](https://github.com/oauth2-proxy/oauth2-proxy/pull/227) Add Keycloak provider (@Ofinka) +- [#259](https://github.com/oauth2-proxy/oauth2-proxy/pull/259) Redirect to HTTPS (@jmickey) +- [#273](https://github.com/oauth2-proxy/oauth2-proxy/pull/273) Support Go 1.13 (@dio) +- [#275](https://github.com/oauth2-proxy/oauth2-proxy/pull/275) docker: build from debian buster (@syscll) +- [#258](https://github.com/oauth2-proxy/oauth2-proxy/pull/258) Add IDToken for Azure provider (@leyshon) + - This PR adds the IDToken into the session for the Azure provider allowing requests to a backend to be identified as a specific user. As a consequence, if you are using a cookie to store the session the cookie will now exceed the 4kb size limit and be split into multiple cookies. This can cause problems when using nginx as a proxy, resulting in no cookie being passed at all. Either increase the proxy_buffer_size in nginx or implement the redis session storage (see https://oauth2-proxy.github.io/oauth2-proxy/configuration#redis-storage) +- [#286](https://github.com/oauth2-proxy/oauth2-proxy/pull/286) Requests.go updated with useful error messages (@biotom) +- [#274](https://github.com/oauth2-proxy/oauth2-proxy/pull/274) Supports many github teams with api pagination support (@toshi-miura, @apratina) +- [#302](https://github.com/oauth2-proxy/oauth2-proxy/pull/302) Rewrite dist script (@syscll) +- [#304](https://github.com/oauth2-proxy/oauth2-proxy/pull/304) Add new Logo! :tada: (@JoelSpeed) +- [#300](https://github.com/oauth2-proxy/oauth2-proxy/pull/300) Added userinfo endpoint (@kbabuadze) +- [#309](https://github.com/oauth2-proxy/oauth2-proxy/pull/309) Added support for custom CA when connecting to Redis cache (@lleszczu) +- [#248](https://github.com/oauth2-proxy/oauth2-proxy/pull/248) Fix issue with X-Auth-Request-Redirect header being ignored (@webnard) +- [#314](https://github.com/oauth2-proxy/oauth2-proxy/pull/314) Add redirect capability to sign_out (@costelmoraru) +- [#265](https://github.com/oauth2-proxy/oauth2-proxy/pull/265) Add upstream with static response (@cgroschupp) +- [#317](https://github.com/oauth2-proxy/oauth2-proxy/pull/317) Add build for FreeBSD (@fnkr) +- [#296](https://github.com/oauth2-proxy/oauth2-proxy/pull/296) Allow to override provider's name for sign-in page (@ffdybuster) # v4.0.0 ## Release Highlights -- Documentation is now on a [microsite](https://pusher.github.io/oauth2_proxy/) +- Documentation is now on a [microsite](https://oauth2-proxy.github.io/oauth2-proxy/) - Health check logging can now be disabled for quieter logs - Authorization Header JWTs can now be verified by the proxy to skip authentication for machine users - Sessions can now be stored in Redis. This reduces refresh failures and uses smaller cookies (Recommended for those using OIDC refreshing) @@ -118,11 +118,11 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly. ## Breaking Changes -- [#231](https://github.com/pusher/oauth2_proxy/pull/231) Rework GitLab provider +- [#231](https://github.com/oauth2-proxy/oauth2-proxy/pull/231) Rework GitLab provider - This PR changes the configuration options for the GitLab provider to use a self-hosted instance. You now need to specify a `-oidc-issuer-url` rather than explicit `-login-url`, `-redeem-url` and `-validate-url` parameters. -- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent +- [#186](https://github.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent - This PR changes configuration options so that all flags have a config counterpart of the same name but with underscores (`_`) in place of hyphens (`-`). This change affects the following flags: @@ -138,34 +138,34 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly. This change affects the following existing environment variables: - The `OAUTH2_SKIP_OIDC_DISCOVERY` environment variable is now `OAUTH2_PROXY_SKIP_OIDC_DISCOVERY`. - The `OAUTH2_OIDC_JWKS_URL` environment variable is now `OAUTH2_PROXY_OIDC_JWKS_URL`. -- [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field +- [#146](https://github.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field - This change modifies the contents of the `X-Forwarded-User` header supplied by the proxy for users where the auth response from the IdP did not contain a username. In that case, this header used to only contain the local part of the user's email address (e.g. `john.doe` for `john.doe@example.com`) but now contains the user's full email address instead. -- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Pre-built binary tarballs changed format +- [#170](https://github.com/oauth2-proxy/oauth2-proxy/pull/170) Pre-built binary tarballs changed format - The pre-built binary tarballs again match the format of the [bitly](https://github.com/bitly/oauth2_proxy) repository, where the unpacked directory has the same name as the tarball and the binary is always named `oauth2_proxy`. This was done to restore compatibility with third-party automation recipes like https://github.com/jhoblitt/puppet-oauth2_proxy. ## Changes since v3.2.0 -- [#234](https://github.com/pusher/oauth2_proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates (@jansinger) -- [#224](https://github.com/pusher/oauth2_proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users (@jpalpant) -- [#231](https://github.com/pusher/oauth2_proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider (@Overv) -- [#226](https://github.com/pusher/oauth2_proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone (@aeijdenberg) -- [#178](https://github.com/pusher/oauth2_proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags (@kskewes) -- [#209](https://github.com/pusher/oauth2_proxy/pull/209) Improve docker build caching of layers (@dekimsey) -- [#186](https://github.com/pusher/oauth2_proxy/pull/186) Make config consistent (@JoelSpeed) -- [#187](https://github.com/pusher/oauth2_proxy/pull/187) Move root packages to pkg folder (@JoelSpeed) -- [#65](https://github.com/pusher/oauth2_proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via +- [#234](https://github.com/oauth2-proxy/oauth2-proxy/pull/234) Added option `-ssl-upstream-insecure-skip-validation` to skip validation of upstream SSL certificates (@jansinger) +- [#224](https://github.com/oauth2-proxy/oauth2-proxy/pull/224) Check Google group membership using hasMember to support nested groups and external users (@jpalpant) +- [#231](https://github.com/oauth2-proxy/oauth2-proxy/pull/231) Add optional group membership and email domain checks to the GitLab provider (@Overv) +- [#226](https://github.com/oauth2-proxy/oauth2-proxy/pull/226) Made setting of proxied headers deterministic based on configuration alone (@aeijdenberg) +- [#178](https://github.com/oauth2-proxy/oauth2-proxy/pull/178) Add Silence Ping Logging and Exclude Logging Paths flags (@kskewes) +- [#209](https://github.com/oauth2-proxy/oauth2-proxy/pull/209) Improve docker build caching of layers (@dekimsey) +- [#186](https://github.com/oauth2-proxy/oauth2-proxy/pull/186) Make config consistent (@JoelSpeed) +- [#187](https://github.com/oauth2-proxy/oauth2-proxy/pull/187) Move root packages to pkg folder (@JoelSpeed) +- [#65](https://github.com/oauth2-proxy/oauth2-proxy/pull/65) Improvements to authenticate requests with a JWT bearer token in the `Authorization` header via the `-skip-jwt-bearer-token` options. (@brianv0) - Additional verifiers can be configured via the `-extra-jwt-issuers` flag if the JWT issuers is either an OpenID provider or has a JWKS URL (e.g. `https://example.com/.well-known/jwks.json`). -- [#180](https://github.com/pusher/oauth2_proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg). -- [#175](https://github.com/pusher/oauth2_proxy/pull/175) Bump go-oidc to v2.0.0 (@aeijdenberg). +- [#180](https://github.com/oauth2-proxy/oauth2-proxy/pull/180) Minor refactor of core proxying path (@aeijdenberg). +- [#175](https://github.com/oauth2-proxy/oauth2-proxy/pull/175) Bump go-oidc to v2.0.0 (@aeijdenberg). - Includes fix for potential signature checking issue when OIDC discovery is skipped. -- [#155](https://github.com/pusher/oauth2_proxy/pull/155) Add RedisSessionStore implementation (@brianv0, @JoelSpeed) +- [#155](https://github.com/oauth2-proxy/oauth2-proxy/pull/155) Add RedisSessionStore implementation (@brianv0, @JoelSpeed) - Implement flags to configure the redis session store - `-session-store-type=redis` Sets the store type to redis - `-redis-connection-url` Sets the Redis connection URL @@ -175,18 +175,18 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly. - Introduces the concept of a session ticket. Tickets are composed of the cookie name, a session ID, and a secret. - Redis Sessions are stored encrypted with a per-session secret - Added tests for server based session stores -- [#168](https://github.com/pusher/oauth2_proxy/pull/168) Drop Go 1.11 support in Travis (@JoelSpeed) -- [#169](https://github.com/pusher/oauth2_proxy/pull/169) Update Alpine to 3.9 (@kskewes) -- [#148](https://github.com/pusher/oauth2_proxy/pull/148) Implement SessionStore interface within proxy (@JoelSpeed) -- [#147](https://github.com/pusher/oauth2_proxy/pull/147) Add SessionStore interfaces and initial implementation (@JoelSpeed) +- [#168](https://github.com/oauth2-proxy/oauth2-proxy/pull/168) Drop Go 1.11 support in Travis (@JoelSpeed) +- [#169](https://github.com/oauth2-proxy/oauth2-proxy/pull/169) Update Alpine to 3.9 (@kskewes) +- [#148](https://github.com/oauth2-proxy/oauth2-proxy/pull/148) Implement SessionStore interface within proxy (@JoelSpeed) +- [#147](https://github.com/oauth2-proxy/oauth2-proxy/pull/147) Add SessionStore interfaces and initial implementation (@JoelSpeed) - Allows for multiple different session storage implementations including client and server side - Adds tests suite for interface to ensure consistency across implementations - Refactor some configuration options (around cookies) into packages -- [#114](https://github.com/pusher/oauth2_proxy/pull/114), [#154](https://github.com/pusher/oauth2_proxy/pull/154) Documentation is now available live at our [docs website](https://pusher.github.io/oauth2_proxy/) (@JoelSpeed, @icelynjennings) -- [#146](https://github.com/pusher/oauth2_proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath) -- [#144](https://github.com/pusher/oauth2_proxy/pull/144) Use GO 1.12 for ARM builds (@kskewes) -- [#142](https://github.com/pusher/oauth2_proxy/pull/142) ARM Docker USER fix (@kskewes) -- [#52](https://github.com/pusher/oauth2_proxy/pull/52) Logging Improvements (@MisterWil) +- [#114](https://github.com/oauth2-proxy/oauth2-proxy/pull/114), [#154](https://github.com/oauth2-proxy/oauth2-proxy/pull/154) Documentation is now available live at our [docs website](https://oauth2-proxy.github.io/oauth2-proxy/) (@JoelSpeed, @icelynjennings) +- [#146](https://github.com/oauth2-proxy/oauth2-proxy/pull/146) Use full email address as `User` if the auth response did not contain a `User` field (@gargath) +- [#144](https://github.com/oauth2-proxy/oauth2-proxy/pull/144) Use GO 1.12 for ARM builds (@kskewes) +- [#142](https://github.com/oauth2-proxy/oauth2-proxy/pull/142) ARM Docker USER fix (@kskewes) +- [#52](https://github.com/oauth2-proxy/oauth2-proxy/pull/52) Logging Improvements (@MisterWil) - Implement flags to configure file logging - `-logging-filename` Defines the filename to log to - `-logging-max-size` Defines the maximum @@ -200,21 +200,21 @@ reconfigure their proxies. Please read the Breaking Changes below thoroughly. - Implement two new flags to customize the logging format - `-standard-logging-format` Sets the format for standard logging - `-auth-logging-format` Sets the format for auth logging -- [#111](https://github.com/pusher/oauth2_proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer) -- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha) -- [#185](https://github.com/pusher/oauth2_proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas) -- [#141](https://github.com/pusher/oauth2_proxy/pull/141) Check google group membership based on email address (@bchess) +- [#111](https://github.com/oauth2-proxy/oauth2-proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer) +- [#170](https://github.com/oauth2-proxy/oauth2-proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha) +- [#185](https://github.com/oauth2-proxy/oauth2-proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas) +- [#141](https://github.com/oauth2-proxy/oauth2-proxy/pull/141) Check google group membership based on email address (@bchess) - Google Group membership is additionally checked via email address, allowing users outside a GSuite domain to be authorized. -- [#195](https://github.com/pusher/oauth2_proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore) -- [#198](https://github.com/pusher/oauth2_proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore) -- [#159](https://github.com/pusher/oauth2_proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` (@djfinlay) -- [#210](https://github.com/pusher/oauth2_proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore) -- [#201](https://github.com/pusher/oauth2_proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d) +- [#195](https://github.com/oauth2-proxy/oauth2-proxy/pull/195) Add `-banner` flag for overriding the banner line that is displayed (@steakunderscore) +- [#198](https://github.com/oauth2-proxy/oauth2-proxy/pull/198) Switch from gometalinter to golangci-lint (@steakunderscore) +- [#159](https://github.com/oauth2-proxy/oauth2-proxy/pull/159) Add option to skip the OIDC provider verified email check: `--insecure-oidc-allow-unverified-email` (@djfinlay) +- [#210](https://github.com/oauth2-proxy/oauth2-proxy/pull/210) Update base image from Alpine 3.9 to 3.10 (@steakunderscore) +- [#201](https://github.com/oauth2-proxy/oauth2-proxy/pull/201) Add Bitbucket as new OAuth2 provider, accepts email, team and repository permissions to determine authorization (@aledeganopix4d) - Implement flags to enable Bitbucket authentication: - `-bitbucket-repository` Restrict authorization to users that can access this repository - `-bitbucket-team` Restrict authorization to users that are part of this Bitbucket team -- [#211](https://github.com/pusher/oauth2_proxy/pull/211) Switch from dep to go modules (@steakunderscore) -- [#145](https://github.com/pusher/oauth2_proxy/pull/145) Add support for OIDC UserInfo endpoint email verification (@rtluckie) +- [#211](https://github.com/oauth2-proxy/oauth2-proxy/pull/211) Switch from dep to go modules (@steakunderscore) +- [#145](https://github.com/oauth2-proxy/oauth2-proxy/pull/145) Add support for OIDC UserInfo endpoint email verification (@rtluckie) # v3.2.0 @@ -234,25 +234,25 @@ instead of returning an error ## Changes since v3.1.0 - [#96](https://github.com/bitly/oauth2_proxy/pull/96) Check if email is verified on GitHub (@caarlos0) -- [#110](https://github.com/pusher/oauth2_proxy/pull/110) Added GCP healthcheck option (@timothy-spencer) -- [#112](https://github.com/pusher/oauth2_proxy/pull/112) Improve websocket support (@gyson) -- [#63](https://github.com/pusher/oauth2_proxy/pull/63) Use encoding/json for SessionState serialization (@yaegashi) +- [#110](https://github.com/oauth2-proxy/oauth2-proxy/pull/110) Added GCP healthcheck option (@timothy-spencer) +- [#112](https://github.com/oauth2-proxy/oauth2-proxy/pull/112) Improve websocket support (@gyson) +- [#63](https://github.com/oauth2-proxy/oauth2-proxy/pull/63) Use encoding/json for SessionState serialization (@yaegashi) - Use JSON to encode session state to be stored in browser cookies - Implement legacy decode function to support existing cookies generated by older versions - Add detailed table driven tests in session_state_test.go -- [#120](https://github.com/pusher/oauth2_proxy/pull/120) Encrypting user/email from cookie (@costelmoraru) -- [#55](https://github.com/pusher/oauth2_proxy/pull/55) Added login.gov provider (@timothy-spencer) -- [#55](https://github.com/pusher/oauth2_proxy/pull/55) Added environment variables for all config options (@timothy-spencer) -- [#70](https://github.com/pusher/oauth2_proxy/pull/70) Fix handling of splitted cookies (@einfachchr) -- [#92](https://github.com/pusher/oauth2_proxy/pull/92) Merge websocket proxy feature from openshift/oauth-proxy (@butzist) -- [#57](https://github.com/pusher/oauth2_proxy/pull/57) Fall back to using OIDC Subject instead of Email (@aigarius) -- [#85](https://github.com/pusher/oauth2_proxy/pull/85) Use non-root user in docker images (@kskewes) -- [#68](https://github.com/pusher/oauth2_proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove) -- [#41](https://github.com/pusher/oauth2_proxy/pull/41) Added option to manually specify OIDC endpoints instead of relying on discovery -- [#83](https://github.com/pusher/oauth2_proxy/pull/83) Add `id_token` refresh to Google provider (@leki75) -- [#10](https://github.com/pusher/oauth2_proxy/pull/10) fix redirect url param handling (@dt-rush) -- [#122](https://github.com/pusher/oauth2_proxy/pull/122) Expose -cookie-path as configuration parameter (@costelmoraru) -- [#124](https://github.com/pusher/oauth2_proxy/pull/124) Use Go 1.12 for testing and build environments (@syscll) +- [#120](https://github.com/oauth2-proxy/oauth2-proxy/pull/120) Encrypting user/email from cookie (@costelmoraru) +- [#55](https://github.com/oauth2-proxy/oauth2-proxy/pull/55) Added login.gov provider (@timothy-spencer) +- [#55](https://github.com/oauth2-proxy/oauth2-proxy/pull/55) Added environment variables for all config options (@timothy-spencer) +- [#70](https://github.com/oauth2-proxy/oauth2-proxy/pull/70) Fix handling of splitted cookies (@einfachchr) +- [#92](https://github.com/oauth2-proxy/oauth2-proxy/pull/92) Merge websocket proxy feature from openshift/oauth-proxy (@butzist) +- [#57](https://github.com/oauth2-proxy/oauth2-proxy/pull/57) Fall back to using OIDC Subject instead of Email (@aigarius) +- [#85](https://github.com/oauth2-proxy/oauth2-proxy/pull/85) Use non-root user in docker images (@kskewes) +- [#68](https://github.com/oauth2-proxy/oauth2-proxy/pull/68) forward X-Auth-Access-Token header (@davidholsgrove) +- [#41](https://github.com/oauth2-proxy/oauth2-proxy/pull/41) Added option to manually specify OIDC endpoints instead of relying on discovery +- [#83](https://github.com/oauth2-proxy/oauth2-proxy/pull/83) Add `id_token` refresh to Google provider (@leki75) +- [#10](https://github.com/oauth2-proxy/oauth2-proxy/pull/10) fix redirect url param handling (@dt-rush) +- [#122](https://github.com/oauth2-proxy/oauth2-proxy/pull/122) Expose -cookie-path as configuration parameter (@costelmoraru) +- [#124](https://github.com/oauth2-proxy/oauth2-proxy/pull/124) Use Go 1.12 for testing and build environments (@syscll) # v3.1.0 @@ -273,27 +273,27 @@ instead of returning an error - Streamed responses will now be flushed every 1 second by default. Previously streamed responses were flushed only when the buffer was full. To retain the old behaviour set `--flush-interval=0`. - See [#23](https://github.com/pusher/oauth2_proxy/pull/23) for further details. + See [#23](https://github.com/oauth2-proxy/oauth2-proxy/pull/23) for further details. ## Changes since v3.0.0 -- [#14](https://github.com/pusher/oauth2_proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed) +- [#14](https://github.com/oauth2-proxy/oauth2-proxy/pull/14) OIDC ID Token, Authorization Headers, Refreshing and Verification (@joelspeed) - Implement `pass-authorization-header` and `set-authorization-header` flags - Implement token refreshing in OIDC provider - Split cookies larger than 4k limit into multiple cookies - Implement token validation in OIDC provider -- [#15](https://github.com/pusher/oauth2_proxy/pull/15) WhitelistDomains (@joelspeed) +- [#15](https://github.com/oauth2-proxy/oauth2-proxy/pull/15) WhitelistDomains (@joelspeed) - Add `--whitelist-domain` flag to allow redirection to approved domains after OAuth flow -- [#21](https://github.com/pusher/oauth2_proxy/pull/21) Docker Improvement (@yaegashi) +- [#21](https://github.com/oauth2-proxy/oauth2-proxy/pull/21) Docker Improvement (@yaegashi) - Move Docker base image from debian to alpine - Install ca-certificates in docker image -- [#23](https://github.com/pusher/oauth2_proxy/pull/23) Flushed streaming responses +- [#23](https://github.com/oauth2-proxy/oauth2-proxy/pull/23) Flushed streaming responses - Long-running upstream responses will get flushed every (1 second by default) -- [#24](https://github.com/pusher/oauth2_proxy/pull/24) Redirect fix (@agentgonzo) +- [#24](https://github.com/oauth2-proxy/oauth2-proxy/pull/24) Redirect fix (@agentgonzo) - After a successful login, you will be redirected to your original URL rather than / -- [#35](https://github.com/pusher/oauth2_proxy/pull/35) arm and arm64 binary releases (@kskewes) +- [#35](https://github.com/oauth2-proxy/oauth2-proxy/pull/35) arm and arm64 binary releases (@kskewes) - Add armv6 and arm64 to Makefile `release` target -- [#37](https://github.com/pusher/oauth2_proxy/pull/37) cross build arm and arm64 docker images (@kskewes) +- [#37](https://github.com/oauth2-proxy/oauth2-proxy/pull/37) cross build arm and arm64 docker images (@kskewes) # v3.0.0 @@ -303,7 +303,7 @@ v2.2 as released by Bitly. ## Changes since v2.2: -- [#7](https://github.com/pusher/oauth2_proxy/pull/7) Migration to Pusher (@joelspeed) +- [#7](https://github.com/oauth2-proxy/oauth2-proxy/pull/7) Migration to Pusher (@joelspeed) - Move automated build to debian base image - Add Makefile - Update CI to run `make test` diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 14828c66e1..63fb24277b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,8 +7,8 @@ Download the dependencies using `go mod download`. ```bash cd $GOPATH/src/github.com # Create this directory if it doesn't exist -git clone git@github.com:/oauth2_proxy pusher/oauth2_proxy -cd pusher/oauth2_proxy +git clone git@github.com:/oauth2-proxy oauth2-proxy/oauth2-proxy +cd oauth2-proxy/oauth2-proxy ./configure # Setup your environment variables go mod download ``` diff --git a/Dockerfile b/Dockerfile index bea6fe1e0f..4242e5cd86 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 # Copy sources -WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy +WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy # Fetch dependencies COPY go.mod go.sum ./ @@ -25,9 +25,9 @@ RUN ./configure && make build && touch jwt_signing_key.pem FROM alpine:3.11 COPY nsswitch.conf /etc/nsswitch.conf COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem USER 2000:2000 -ENTRYPOINT ["/bin/oauth2_proxy"] +ENTRYPOINT ["/bin/oauth2-proxy"] diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index 8bfde8ae71..d0b57b7edb 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 # Copy sources -WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy +WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy # Fetch dependencies COPY go.mod go.sum ./ @@ -25,9 +25,9 @@ RUN ./configure && GOARCH=arm64 make build && touch jwt_signing_key.pem FROM arm64v8/alpine:3.11 COPY nsswitch.conf /etc/nsswitch.conf COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem USER 2000:2000 -ENTRYPOINT ["/bin/oauth2_proxy"] +ENTRYPOINT ["/bin/oauth2-proxy"] diff --git a/Dockerfile.armv6 b/Dockerfile.armv6 index da7310d266..cabdfb4333 100644 --- a/Dockerfile.armv6 +++ b/Dockerfile.armv6 @@ -4,7 +4,7 @@ FROM golang:1.14-buster AS builder RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0 # Copy sources -WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy +WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy # Fetch dependencies COPY go.mod go.sum ./ @@ -25,9 +25,9 @@ RUN ./configure && GOARCH=arm GOARM=6 make build && touch jwt_signing_key.pem FROM arm32v6/alpine:3.11 COPY nsswitch.conf /etc/nsswitch.conf COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy -COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy +COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem USER 2000:2000 -ENTRYPOINT ["/bin/oauth2_proxy"] +ENTRYPOINT ["/bin/oauth2-proxy"] diff --git a/Makefile b/Makefile index f0f83b4479..32317998c6 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ include .env -BINARY := oauth2_proxy +BINARY := oauth2-proxy VERSION := $(shell git describe --always --dirty --tags 2>/dev/null || echo "undefined") # Allow to override image registry. -REGISTRY ?= quay.io/pusher +REGISTRY ?= quay.io/oauth2-proxy .NOTPARALLEL: .PHONY: all @@ -25,35 +25,35 @@ lint: build: clean $(BINARY) $(BINARY): - GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/pusher/oauth2_proxy + GO111MODULE=on CGO_ENABLED=0 $(GO) build -a -installsuffix cgo -ldflags="-X main.VERSION=${VERSION}" -o $@ github.com/oauth2-proxy/oauth2-proxy .PHONY: docker docker: - docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:latest . + docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest . .PHONY: docker-all docker-all: docker - docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:latest-amd64 . - docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:${VERSION} . - docker build -f Dockerfile -t $(REGISTRY)/oauth2_proxy:${VERSION}-amd64 . - docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2_proxy:latest-arm64 . - docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2_proxy:${VERSION}-arm64 . - docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2_proxy:latest-armv6 . - docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2_proxy:${VERSION}-armv6 . + docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:latest-amd64 . + docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:${VERSION} . + docker build -f Dockerfile -t $(REGISTRY)/oauth2-proxy:${VERSION}-amd64 . + docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2-proxy:latest-arm64 . + docker build -f Dockerfile.arm64 -t $(REGISTRY)/oauth2-proxy:${VERSION}-arm64 . + docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2-proxy:latest-armv6 . + docker build -f Dockerfile.armv6 -t $(REGISTRY)/oauth2-proxy:${VERSION}-armv6 . .PHONY: docker-push docker-push: - docker push $(REGISTRY)/oauth2_proxy:latest + docker push $(REGISTRY)/oauth2-proxy:latest .PHONY: docker-push-all docker-push-all: docker-push - docker push $(REGISTRY)/oauth2_proxy:latest-amd64 - docker push $(REGISTRY)/oauth2_proxy:${VERSION} - docker push $(REGISTRY)/oauth2_proxy:${VERSION}-amd64 - docker push $(REGISTRY)/oauth2_proxy:latest-arm64 - docker push $(REGISTRY)/oauth2_proxy:${VERSION}-arm64 - docker push $(REGISTRY)/oauth2_proxy:latest-armv6 - docker push $(REGISTRY)/oauth2_proxy:${VERSION}-armv6 + docker push $(REGISTRY)/oauth2-proxy:latest-amd64 + docker push $(REGISTRY)/oauth2-proxy:${VERSION} + docker push $(REGISTRY)/oauth2-proxy:${VERSION}-amd64 + docker push $(REGISTRY)/oauth2-proxy:latest-arm64 + docker push $(REGISTRY)/oauth2-proxy:${VERSION}-arm64 + docker push $(REGISTRY)/oauth2-proxy:latest-armv6 + docker push $(REGISTRY)/oauth2-proxy:${VERSION}-armv6 .PHONY: test test: lint diff --git a/README.md b/README.md index c7ae9e60f7..9b5775e5c6 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ ![OAuth2 Proxy](/docs/logos/OAuth2_Proxy_horizontal.svg) -[![Build Status](https://secure.travis-ci.org/pusher/oauth2_proxy.svg?branch=master)](http://travis-ci.org/pusher/oauth2_proxy) -[![Go Report Card](https://goreportcard.com/badge/github.com/pusher/oauth2_proxy)](https://goreportcard.com/report/github.com/pusher/oauth2_proxy) -[![GoDoc](https://godoc.org/github.com/pusher/oauth2_proxy?status.svg)](https://godoc.org/github.com/pusher/oauth2_proxy) +[![Build Status](https://secure.travis-ci.org/oauth2-proxy/oauth2-proxy.svg?branch=master)](http://travis-ci.org/oauth2-proxy/oauth2-proxy) +[![Go Report Card](https://goreportcard.com/badge/github.com/oauth2-proxy/oauth2-proxy)](https://goreportcard.com/report/github.com/oauth2-proxy/oauth2-proxy) +[![GoDoc](https://godoc.org/github.com/oauth2-proxy/oauth2-proxy?status.svg)](https://godoc.org/github.com/oauth2-proxy/oauth2-proxy) [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](./LICENSE) A reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) @@ -18,31 +18,31 @@ A list of changes can be seen in the [CHANGELOG](CHANGELOG.md). 1. Choose how to deploy: - a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v5.0.0`) + a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.0`) - b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin` + b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin` - c. Using the prebuilt docker image [quay.io/pusher/oauth2_proxy](https://quay.io/pusher/oauth2_proxy) (AMD64, ARMv6 and ARM64 tags available) + c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, ARMv6 and ARM64 tags available) Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. ``` sha256sum -c sha256sum.txt 2>&1 | grep OK -oauth2_proxy-4.0.0.linux-amd64: OK +oauth2-proxy-x.y.z.linux-amd64: OK ``` -2. [Select a Provider and Register an OAuth Application with a Provider](https://pusher.github.io/oauth2_proxy/auth-configuration) -3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://pusher.github.io/oauth2_proxy/configuration) -4. [Configure SSL or Deploy behind a SSL endpoint](https://pusher.github.io/oauth2_proxy/tls-configuration) (example provided for Nginx) +2. [Select a Provider and Register an OAuth Application with a Provider](https://oauth2-proxy.github.io/oauth2-proxy/auth-configuration) +3. [Configure OAuth2 Proxy using config file, command line options, or environment variables](https://oauth2-proxy.github.io/oauth2-proxy/configuration) +4. [Configure SSL or Deploy behind a SSL endpoint](https://oauth2-proxy.github.io/oauth2-proxy/tls-configuration) (example provided for Nginx) ## Security -If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv) +If you are running a version older than v5.0.0 we **strongly recommend you please update** to a current version. RE: [open redirect vulnverability](https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-qqxw-m5fj-f7gv) ## Docs -Read the docs on our [Docs site](https://pusher.github.io/oauth2_proxy). +Read the docs on our [Docs site](https://oauth2-proxy.github.io/oauth2-proxy). ![OAuth2 Proxy Architecture](https://cloud.githubusercontent.com/assets/45028/8027702/bd040b7a-0d6a-11e5-85b9-f8d953d04f39.png) diff --git a/RELEASE.md b/RELEASE.md index 1dc9b888c6..fa5c03046a 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,6 +1,6 @@ # Release -Here's how OAuth2_Proxy releases are created. +Here's how OAuth2 Proxy releases are created. ## Schedule @@ -44,4 +44,4 @@ Note this uses `v4.1.0` as an example release number. ``` Note: Ensure the docker tags don't include `-dirty`. This means you have uncommitted changes. -12. Verify everything looks good at [quay](https://quay.io/repository/pusher/oauth2_proxy?tag=latest&tab=tags) and [github](https://github.com/pusher/oauth2_proxy/releases) +12. Verify everything looks good at [quay](https://quay.io/repository/oauth2-proxy/oauth2-proxy?tag=latest&tab=tags) and [github](https://github.com/oauth2-proxy/oauth2-proxy/releases) diff --git a/contrib/oauth2_proxy.cfg.example b/contrib/oauth2-proxy.cfg.example similarity index 98% rename from contrib/oauth2_proxy.cfg.example rename to contrib/oauth2-proxy.cfg.example index 24dfb5a8ac..f521e0009f 100644 --- a/contrib/oauth2_proxy.cfg.example +++ b/contrib/oauth2-proxy.cfg.example @@ -1,5 +1,5 @@ ## OAuth2 Proxy Config File -## https://github.com/pusher/oauth2_proxy +## https://github.com/oauth2-proxy/oauth2-proxy ## : to listen on for HTTP/HTTPS clients # http_address = "127.0.0.1:4180" diff --git a/contrib/oauth2_proxy.service.example b/contrib/oauth2-proxy.service.example similarity index 68% rename from contrib/oauth2_proxy.service.example rename to contrib/oauth2-proxy.service.example index a5bf1f0df5..7bfc79b58a 100644 --- a/contrib/oauth2_proxy.service.example +++ b/contrib/oauth2-proxy.service.example @@ -1,10 +1,10 @@ -# Systemd service file for oauth2_proxy daemon +# Systemd service file for oauth2-proxy daemon # # Date: Feb 9, 2016 # Author: Srdjan Grubor [Unit] -Description=oauth2_proxy daemon service +Description=oauth2-proxy daemon service After=syslog.target network.target [Service] @@ -12,7 +12,7 @@ After=syslog.target network.target User=www-data Group=www-data -ExecStart=/usr/local/bin/oauth2_proxy -config=/etc/oauth2_proxy.cfg +ExecStart=/usr/local/bin/oauth2-proxy -config=/etc/oauth2-proxy.cfg ExecReload=/bin/kill -HUP $MAINPID KillMode=process diff --git a/contrib/oauth2_proxy_autocomplete.sh b/contrib/oauth2-proxy_autocomplete.sh similarity index 88% rename from contrib/oauth2_proxy_autocomplete.sh rename to contrib/oauth2-proxy_autocomplete.sh index 0d2f395de1..422d2b983c 100644 --- a/contrib/oauth2_proxy_autocomplete.sh +++ b/contrib/oauth2-proxy_autocomplete.sh @@ -1,12 +1,12 @@ # -# Autocompletion for oauth2_proxy +# Autocompletion for oauth2-proxy # # To install this, copy/move this file to /etc/bash.completion.d/ -# or add a line to your ~/.bashrc | ~/.bash_profile that says ". /path/to/oauth2_proxy/contrib/oauth2_proxy_autocomplete.sh" +# or add a line to your ~/.bashrc | ~/.bash_profile that says ". /path/to/oauth2-proxy/contrib/oauth2-proxy_autocomplete.sh" # _oauth2_proxy() { - _oauth2_proxy_commands=$(oauth2_proxy -h 2>&1 | sed -n '/^\s*-/s/ \+/ /gp' | awk '{print $1}' | tr '\n' ' ') + _oauth2_proxy_commands=$(oauth2-proxy -h 2>&1 | sed -n '/^\s*-/s/ \+/ /gp' | awk '{print $1}' | tr '\n' ' ') local cur prev COMPREPLY=() cur="${COMP_WORDS[COMP_CWORD]}" @@ -27,4 +27,4 @@ _oauth2_proxy() { COMPREPLY=( $(compgen -W "${_oauth2_proxy_commands}" -- ${cur}) ) return 0; } -complete -F _oauth2_proxy oauth2_proxy +complete -F _oauth2_proxy oauth2-proxy diff --git a/dist.sh b/dist.sh index 516d86f17a..4d9c584412 100755 --- a/dist.sh +++ b/dist.sh @@ -28,10 +28,10 @@ for ARCH in "${ARCHS[@]}"; do # Create architecture specific binaries if [[ ${GO_ARCH} == "armv6" ]]; then GO111MODULE=on GOOS=${GO_OS} GOARCH=arm GOARM=6 CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \ - -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/pusher/oauth2_proxy + -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/oauth2-proxy/oauth2-proxy else GO111MODULE=on GOOS=${GO_OS} GOARCH=${GO_ARCH} CGO_ENABLED=0 go build -ldflags="-X main.VERSION=${VERSION}" \ - -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/pusher/oauth2_proxy + -o release/${BINARY}-${VERSION}.${ARCH}.${GO_VERSION}/${BINARY} github.com/oauth2-proxy/oauth2-proxy fi cd release diff --git a/docs/0_index.md b/docs/0_index.md index e0e3227d0a..e724e0f886 100644 --- a/docs/0_index.md +++ b/docs/0_index.md @@ -14,7 +14,7 @@ to validate accounts by email, domain or group. Versions v3.0.0 and up are from this fork and will have diverged from any changes in the original fork. A list of changes can be seen in the [CHANGELOG]({{ site.gitweb }}/CHANGELOG.md). -[![Build Status](https://secure.travis-ci.org/pusher/oauth2_proxy.svg?branch=master)](http://travis-ci.org/pusher/oauth2_proxy) +[![Build Status](https://secure.travis-ci.org/oauth2-proxy/oauth2-proxy.svg?branch=master)](http://travis-ci.org/oauth2-proxy/oauth2-proxy) ![Sign In Page](https://cloud.githubusercontent.com/assets/45028/4970624/7feb7dd8-6886-11e4-93e0-c9904af44ea8.png) diff --git a/docs/1_installation.md b/docs/1_installation.md index 8ed72b8175..d7ddef5e66 100644 --- a/docs/1_installation.md +++ b/docs/1_installation.md @@ -9,17 +9,17 @@ nav_order: 1 1. Choose how to deploy: - a. Download [Prebuilt Binary](https://github.com/pusher/oauth2_proxy/releases) (current release is `v4.0.0`) + a. Download [Prebuilt Binary](https://github.com/oauth2-proxy/oauth2-proxy/releases) (current release is `v5.1.0`) - b. Build with `$ go get github.com/pusher/oauth2_proxy` which will put the binary in `$GOROOT/bin` + b. Build with `$ go get github.com/oauth2-proxy/oauth2-proxy` which will put the binary in `$GOROOT/bin` - c. Using the prebuilt docker image [quay.io/pusher/oauth2_proxy](https://quay.io/pusher/oauth2_proxy) (AMD64, ARMv6 and ARM64 tags available) + c. Using the prebuilt docker image [quay.io/oauth2-proxy/oauth2-proxy](https://quay.io/oauth2-proxy/oauth2-proxy) (AMD64, ARMv6 and ARM64 tags available) Prebuilt binaries can be validated by extracting the file and verifying it against the `sha256sum.txt` checksum file provided for each release starting with version `v3.0.0`. ``` $ sha256sum -c sha256sum.txt 2>&1 | grep OK -oauth2_proxy-4.0.0.linux-amd64: OK +oauth2-proxy-x.y.z.linux-amd64: OK ``` 2. [Select a Provider and Register an OAuth Application with a Provider](auth-configuration) diff --git a/docs/2_auth.md b/docs/2_auth.md index 34908c9ab0..23726ef092 100644 --- a/docs/2_auth.md +++ b/docs/2_auth.md @@ -7,7 +7,7 @@ nav_order: 2 ## OAuth Provider Configuration -You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run `oauth2_proxy` on. +You will need to register an OAuth application with a Provider (Google, GitHub or another provider), and configure it with Redirect URI(s) for the domain you intend to run `oauth2-proxy` on. Valid providers are : @@ -67,8 +67,8 @@ https://www.googleapis.com/auth/admin.directory.user.readonly 7. Create or choose an existing administrative email address on the Gmail domain to assign to the `google-admin-email` flag. This email will be impersonated by this client to make calls to the Admin SDK. See the note on the link from step 5 for the reason why. 8. Create or choose an existing email group and set that email to the `google-group` flag. You can pass multiple instances of this flag with different groups and the user will be checked against all the provided groups. -9. Lock down the permissions on the json file downloaded from step 1 so only oauth2_proxy is able to read the file and set the path to the file in the `google-service-account-json` flag. -10. Restart oauth2_proxy. +9. Lock down the permissions on the json file downloaded from step 1 so only oauth2-proxy is able to read the file and set the path to the file in the `google-service-account-json` flag. +10. Restart oauth2-proxy. Note: The user is checked against the group members list on initial authentication and every time the token is refreshed ( about once an hour ). @@ -163,12 +163,12 @@ Take note of your `TenantId` if applicable for your situation. The `TenantId` ca OpenID Connect is a spec for OAUTH 2.0 + identity that is implemented by many major providers and several open source projects. This provider was originally built against CoreOS Dex and we will use it as an example. 1. Launch a Dex instance using the [getting started guide](https://github.com/coreos/dex/blob/master/Documentation/getting-started.md). -2. Setup oauth2_proxy with the correct provider and using the default ports and callbacks. -3. Login with the fixture use in the dex guide and run the oauth2_proxy with the following args: +2. Setup oauth2-proxy with the correct provider and using the default ports and callbacks. +3. Login with the fixture use in the dex guide and run the oauth2-proxy with the following args: -provider oidc -provider-display-name "My OIDC Provider" - -client-id oauth2_proxy + -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 @@ -222,7 +222,7 @@ The `oidc_issuer_url` is based on URL from your **Authorization Server**'s **Iss The `client_id` and `client_secret` are configured in the application settings. Generate a unique `client_secret` to encrypt the cookie. -Then you can start the oauth2_proxy with `./oauth2_proxy -config /etc/example.cfg` +Then you can start the oauth2-proxy with `./oauth2-proxy -config /etc/example.cfg` ### login.gov Provider @@ -251,7 +251,7 @@ First, register your application in the dashboard. The important bits are: Now start the proxy up with the following options: ``` -./oauth2_proxy -provider login.gov \ +./oauth2-proxy -provider login.gov \ -client-id=${LOGINGOV_ISSUER} \ -redirect-url=http://localhost:4180/oauth2/callback \ -oidc-issuer-url=https://idp.int.identitysandbox.gov/ \ @@ -282,13 +282,13 @@ proxy, and you would use real hostnames everywhere. #### Skip OIDC discovery -Some providers do not support OIDC discovery via their issuer URL, so oauth2_proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. +Some providers do not support OIDC discovery via their issuer URL, so oauth2-proxy cannot simply grab the authorization, token and jwks URI endpoints from the provider's metadata. In this case, you can set the `-skip-oidc-discovery` option, and supply those required endpoints manually: ``` -provider oidc - -client-id oauth2_proxy + -client-id oauth2-proxy -client-secret proxy -redirect-url http://127.0.0.1:4180/oauth2/callback -oidc-issuer-url http://127.0.0.1:5556 @@ -330,7 +330,7 @@ Note: in *all* cases the validate-url will *not* have the `index.php`. 1. [Create a new OAuth application](https://cloud.digitalocean.com/account/api/applications) * You can fill in the name, homepage, and description however you wish. - * In the "Application callback URL" field, enter: `https://oauth-proxy/oauth2/callback`, substituting `oauth2-proxy` with the actual hostname that oauth2_proxy is running on. The URL must match oauth2_proxy's configured redirect URL. + * In the "Application callback URL" field, enter: `https://oauth-proxy/oauth2/callback`, substituting `oauth2-proxy` with the actual hostname that oauth2-proxy is running on. The URL must match oauth2-proxy's configured redirect URL. 2. Note the Client ID and Client Secret. To use the provider, pass the following options: @@ -346,7 +346,7 @@ To use the provider, pass the following options: ### Bitbucket Auth Provider 1. [Add a new OAuth consumer](https://confluence.atlassian.com/bitbucket/oauth-on-bitbucket-cloud-238027431.html) - * In "Callback URL" use `https:///oauth2/callback`, substituting `` with the actual hostname that oauth2_proxy is running on. + * In "Callback URL" use `https:///oauth2/callback`, substituting `` with the actual hostname that oauth2-proxy is running on. * In Permissions section select: * Account -> Email * Team membership -> Read @@ -372,5 +372,5 @@ To authorize by email domain use `--email-domain=yourcompany.com`. To authorize Follow the examples in the [`providers` package]({{ site.gitweb }}/providers/) to define a new `Provider` instance. Add a new `case` to -[`providers.New()`]({{ site.gitweb }}/providers/providers.go) to allow `oauth2_proxy` to use the +[`providers.New()`]({{ site.gitweb }}/providers/providers.go) to allow `oauth2-proxy` to use the new `Provider`. diff --git a/docs/4_tls.md b/docs/4_tls.md index c6d40d746e..fcbdc780c1 100644 --- a/docs/4_tls.md +++ b/docs/4_tls.md @@ -11,10 +11,10 @@ There are two recommended configurations. 1. Configure SSL Termination with OAuth2 Proxy by providing a `--tls-cert-file=/path/to/cert.pem` and `--tls-key-file=/path/to/cert.key`. - The command line to run `oauth2_proxy` in this configuration would look like this: + The command line to run `oauth2-proxy` in this configuration would look like this: ```bash - ./oauth2_proxy \ + ./oauth2-proxy \ --email-domain="yourcompany.com" \ --upstream=http://127.0.0.1:8080/ \ --tls-cert-file=/path/to/cert.pem \ @@ -28,12 +28,12 @@ There are two recommended configurations. 2. Configure SSL Termination with [Nginx](http://nginx.org/) (example config below), Amazon ELB, Google Cloud Platform Load Balancing, or .... - Because `oauth2_proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an + Because `oauth2-proxy` listens on `127.0.0.1:4180` by default, to listen on all interfaces (needed when using an external load balancer like Amazon ELB or Google Platform Load Balancing) use `--http-address="0.0.0.0:4180"` or `--http-address="http://:4180"`. - Nginx will listen on port `443` and handle SSL connections while proxying to `oauth2_proxy` on port `4180`. - `oauth2_proxy` will then authenticate requests for an upstream application. The external endpoint for this example + Nginx will listen on port `443` and handle SSL connections while proxying to `oauth2-proxy` on port `4180`. + `oauth2-proxy` will then authenticate requests for an upstream application. The external endpoint for this example would be `https://internal.yourcompany.com/`. An example Nginx config follows. Note the use of `Strict-Transport-Security` header to pin requests to SSL @@ -59,10 +59,10 @@ There are two recommended configurations. } ``` - The command line to run `oauth2_proxy` in this configuration would look like this: + The command line to run `oauth2-proxy` in this configuration would look like this: ```bash - ./oauth2_proxy \ + ./oauth2-proxy \ --email-domain="yourcompany.com" \ --upstream=http://127.0.0.1:8080/ \ --cookie-secret=... \ diff --git a/docs/5_endpoints.md b/docs/5_endpoints.md index 3df2224e5c..b2af8e3dab 100644 --- a/docs/5_endpoints.md +++ b/docs/5_endpoints.md @@ -20,7 +20,7 @@ OAuth2 Proxy responds directly to the following endpoints. All other endpoints w ### Sign out -To sign the user out, redirect them to `/oauth2/sign_out`. This endpoint only removes oauth2_proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the `rd` query parameter, i.e. redirect the user to something like (notice the url-encoding!): +To sign the user out, redirect them to `/oauth2/sign_out`. This endpoint only removes oauth2-proxy's own cookies, i.e. the user is still logged in with the authentication provider and may automatically re-login when accessing the application again. You will also need to redirect the user to the authentication provider's sign out page afterwards using the `rd` query parameter, i.e. redirect the user to something like (notice the url-encoding!): ``` /oauth2/sign_out?rd=https%3A%2F%2Fmy-oidc-provider.example.com%2Fsign_out_page @@ -33,7 +33,7 @@ GET /oauth2/sign_out HTTP/1.1 X-Auth-Request-Redirect: https://my-oidc-provider/sign_out_page ... ``` - + (The "sign_out_page" should be the [`end_session_endpoint`](https://openid.net/specs/openid-connect-session-1_0.html#rfc.section.2.1) from [the metadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig) if your OIDC provider supports Session Management and Discovery.) BEWARE that the domain you want to redirect to (`my-oidc-provider.example.com` in the example) must be added to the [`-whitelist-domain`](configuration) configuration option otherwise the redirect will be ignored. diff --git a/docs/README.md b/docs/README.md index ad5ef46b68..cb133d3fe3 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,7 +1,7 @@ # Docs This folder contains our Jekyll based docs site which is hosted at -https://pusher.github.io/oauth2_proxy. +https://oauth2-proxy.github.io/oauth2-proxy. When making changes to this docs site, please test your changes locally: diff --git a/docs/_config.yml b/docs/_config.yml index a53e9e14e5..ea063cc275 100644 --- a/docs/_config.yml +++ b/docs/_config.yml @@ -13,13 +13,13 @@ # you will see them accessed via {{ site.title }}, {{ site.email }}, and so on. # You can create any custom variable you would like, and they will be accessible # in the templates via {{ site.myvariable }}. -title: OAuth2_Proxy +title: OAuth2 Proxy logo: /logos/OAuth2_Proxy_horizontal.svg description: >- # this means to ignore newlines until "baseurl:" - OAuth2_Proxy documentation site -baseurl: "/oauth2_proxy" # the subpath of your site, e.g. /blog -url: "https://pusher.github.io" # the base hostname & protocol for your site, e.g. http://example.com -gitweb: "https://github.com/pusher/oauth2_proxy/blob/master" + OAuth2-Proxy documentation site +baseurl: "/oauth2-proxy" # the subpath of your site, e.g. /blog +url: "https://oauth2-proxy.github.io" # the base hostname & protocol for your site, e.g. http://example.com +gitweb: "https://github.com/oauth2-proxy/oauth2-proxy/blob/master" # Build settings markdown: kramdown @@ -28,8 +28,8 @@ search_enabled: true # Aux links for the upper right navigation aux_links: - "OAuth2_Proxy on GitHub": - - "https://github.com/pusher/oauth2_proxy" + "OAuth2 Proxy on GitHub": + - "https://github.com/oauth2-proxy/oauth2-proxy" # Exclude from processing. # The following items will not be processed, by default. Create a custom list diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index b7ed66edfd..df8cb8768f 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -8,7 +8,7 @@ nav_order: 3 ## Configuration -`oauth2_proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables). +`oauth2-proxy` can be configured via [config file](#config-file), [command line options](#command-line-options) or [environment variables](#environment-variables). To generate a strong cookie secret use `python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(16)).decode())'` @@ -16,7 +16,7 @@ To generate a strong cookie secret use `python -c 'import os,base64; print(base6 Every command line argument can be specified in a config file by replacing hypens (-) with underscores (\_). If the argument can be specified multiple times, the config option should be plural (trailing s). -An example [oauth2_proxy.cfg]({{ site.gitweb }}/contrib/oauth2_proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2_proxy.cfg` +An example [oauth2-proxy.cfg]({{ site.gitweb }}/contrib/oauth2-proxy.cfg.example) config file is in the contrib directory. It can be used by specifying `-config=/etc/oauth2-proxy.cfg` ### Command Line Options @@ -127,9 +127,9 @@ See below for provider specific options ### Upstreams Configuration -`oauth2_proxy` supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as `http://127.0.0.1:8080/` for the upstream parameter, this will forward all authenticated requests to the upstream server. If you instead provide `http://127.0.0.1:8080/some/path/` then it will only be requests that start with `/some/path/` which are forwarded to the upstream. +`oauth2-proxy` supports having multiple upstreams, and has the option to pass requests on to HTTP(S) servers or serve static files from the file system. HTTP and HTTPS upstreams are configured by providing a URL such as `http://127.0.0.1:8080/` for the upstream parameter, this will forward all authenticated requests to the upstream server. If you instead provide `http://127.0.0.1:8080/some/path/` then it will only be requests that start with `/some/path/` which are forwarded to the upstream. -Static file paths are configured as a file:// URL. `file:///var/www/static/` will serve the files from that directory at `http://[oauth2_proxy url]/var/www/static/`, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at. `file:///var/www/static/#/static/` will ie. make `/var/www/static/` available at `http://[oauth2_proxy url]/static/`. +Static file paths are configured as a file:// URL. `file:///var/www/static/` will serve the files from that directory at `http://[oauth2-proxy url]/var/www/static/`, which may not be what you want. You can provide the path to where the files should be available by adding a fragment to the configured URL. The value of the fragment will then be used to specify which path the files are available at. `file:///var/www/static/#/static/` will ie. make `/var/www/static/` available at `http://[oauth2-proxy url]/static/`. Multiple upstreams can either be configured by supplying a comma separated list to the `-upstream` parameter, supplying the parameter multiple times or provinding a list in the [config file](#config-file). When multiple upstreams are used routing to them will be based on the path they are set up with. @@ -246,7 +246,7 @@ Available variables for standard logging: ## Configuring for use with the Nginx `auth_request` directive -The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) allows Nginx to authenticate requests via the oauth2_proxy's `/auth` endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: +The [Nginx `auth_request` directive](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) allows Nginx to authenticate requests via the oauth2-proxy's `/auth` endpoint, which only returns a 202 Accepted response or a 401 Unauthorized response without proxying the request through. For example: ```nginx server { diff --git a/env_options_test.go b/env_options_test.go index c1937e63e6..eb72a83ef4 100644 --- a/env_options_test.go +++ b/env_options_test.go @@ -4,7 +4,7 @@ import ( "os" "testing" - proxy "github.com/pusher/oauth2_proxy" + proxy "github.com/oauth2-proxy/oauth2-proxy" "github.com/stretchr/testify/assert" ) diff --git a/go.mod b/go.mod index 541bf32093..6fa871c32b 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/pusher/oauth2_proxy +module github.com/oauth2-proxy/oauth2-proxy go 1.14 diff --git a/htpasswd.go b/htpasswd.go index b7c8d57904..670aa72906 100644 --- a/htpasswd.go +++ b/htpasswd.go @@ -7,7 +7,7 @@ import ( "io" "os" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "golang.org/x/crypto/bcrypt" ) diff --git a/http.go b/http.go index 88280c440f..afc8ba378e 100644 --- a/http.go +++ b/http.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // Server represents an HTTP server diff --git a/logging_handler.go b/logging_handler.go index 9915e277ea..1c8574135c 100644 --- a/logging_handler.go +++ b/logging_handler.go @@ -10,7 +10,7 @@ import ( "net/http" "time" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // responseLogger is wrapper of http.ResponseWriter that keeps track of its HTTP status diff --git a/logging_handler_test.go b/logging_handler_test.go index ddc977836c..756329fcbd 100644 --- a/logging_handler_test.go +++ b/logging_handler_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) func TestLoggingHandler_ServeHTTP(t *testing.T) { diff --git a/main.go b/main.go index 11e642dc27..2512e0646d 100644 --- a/main.go +++ b/main.go @@ -12,12 +12,12 @@ import ( "github.com/BurntSushi/toml" options "github.com/mreiferson/go-options" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) func main() { logger.SetFlags(logger.Lshortfile) - flagSet := flag.NewFlagSet("oauth2_proxy", flag.ExitOnError) + flagSet := flag.NewFlagSet("oauth2-proxy", flag.ExitOnError) emailDomains := StringArray{} whitelistDomains := StringArray{} @@ -145,7 +145,7 @@ func main() { flagSet.Parse(os.Args[1:]) if *showVersion { - fmt.Printf("oauth2_proxy %s (built with %s)\n", VERSION, runtime.Version()) + fmt.Printf("oauth2-proxy %s (built with %s)\n", VERSION, runtime.Version()) return } diff --git a/oauthproxy.go b/oauthproxy.go index 4d995b0f89..1dbe78b44b 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -19,11 +19,11 @@ import ( "github.com/coreos/go-oidc" "github.com/mbland/hmacauth" - sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/cookies" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/providers" + sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/providers" "github.com/yhat/wsutil" ) diff --git a/oauthproxy_test.go b/oauthproxy_test.go index 7681d9478a..eebad11eff 100644 --- a/oauthproxy_test.go +++ b/oauthproxy_test.go @@ -18,10 +18,10 @@ import ( "github.com/coreos/go-oidc" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" - "github.com/pusher/oauth2_proxy/providers" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie" + "github.com/oauth2-proxy/oauth2-proxy/providers" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/net/websocket" diff --git a/options.go b/options.go index 6abfa3656a..b5cb859037 100644 --- a/options.go +++ b/options.go @@ -17,12 +17,12 @@ import ( oidc "github.com/coreos/go-oidc" "github.com/dgrijalva/jwt-go" "github.com/mbland/hmacauth" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/sessions" - "github.com/pusher/oauth2_proxy/providers" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions" + "github.com/oauth2-proxy/oauth2-proxy/providers" "gopkg.in/natefinch/lumberjack.v2" ) diff --git a/pkg/apis/options/sessions.go b/pkg/apis/options/sessions.go index 9a2abd77de..3e22278080 100644 --- a/pkg/apis/options/sessions.go +++ b/pkg/apis/options/sessions.go @@ -1,6 +1,6 @@ package options -import "github.com/pusher/oauth2_proxy/pkg/encryption" +import "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" // SessionOptions contains configuration options for the SessionStore providers. type SessionOptions struct { diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go index 0a58b34c88..d3855b1817 100644 --- a/pkg/apis/sessions/session_state.go +++ b/pkg/apis/sessions/session_state.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" ) // SessionState is used to store information about the currently authenticated user session diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go index 9707faef2d..6c9d9e3803 100644 --- a/pkg/apis/sessions/session_state_test.go +++ b/pkg/apis/sessions/session_state_test.go @@ -5,8 +5,8 @@ import ( "testing" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" "github.com/stretchr/testify/assert" ) diff --git a/pkg/cookies/cookies.go b/pkg/cookies/cookies.go index b2a02a129a..c4dd167579 100644 --- a/pkg/cookies/cookies.go +++ b/pkg/cookies/cookies.go @@ -7,8 +7,8 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // MakeCookie constructs a cookie from the given parameters, diff --git a/pkg/requests/requests.go b/pkg/requests/requests.go index 9083b2d4d2..36a8bf8c7c 100644 --- a/pkg/requests/requests.go +++ b/pkg/requests/requests.go @@ -7,7 +7,7 @@ import ( "net/http" "github.com/bitly/go-simplejson" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // Request parses the request body into a simplejson.Json object diff --git a/pkg/sessions/cookie/session_store.go b/pkg/sessions/cookie/session_store.go index 7964bd7190..6698edbe36 100644 --- a/pkg/sessions/cookie/session_store.go +++ b/pkg/sessions/cookie/session_store.go @@ -8,11 +8,11 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/cookies" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/sessions/utils" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/utils" ) const ( diff --git a/pkg/sessions/redis/redis_store.go b/pkg/sessions/redis/redis_store.go index 0d3d361ccd..f4169398e3 100644 --- a/pkg/sessions/redis/redis_store.go +++ b/pkg/sessions/redis/redis_store.go @@ -15,11 +15,11 @@ import ( "time" "github.com/go-redis/redis" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/cookies" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // TicketData is a structure representing the ticket used in server session storage diff --git a/pkg/sessions/session_store.go b/pkg/sessions/session_store.go index 17ef21c24e..992d6ded22 100644 --- a/pkg/sessions/session_store.go +++ b/pkg/sessions/session_store.go @@ -3,10 +3,10 @@ package sessions import ( "fmt" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" - "github.com/pusher/oauth2_proxy/pkg/sessions/redis" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis" ) // NewSessionStore creates a SessionStore from the provided configuration diff --git a/pkg/sessions/session_store_test.go b/pkg/sessions/session_store_test.go index cad4d358a0..0e4d62dd3b 100644 --- a/pkg/sessions/session_store_test.go +++ b/pkg/sessions/session_store_test.go @@ -11,16 +11,16 @@ import ( "time" miniredis "github.com/alicebob/miniredis/v2" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options" + sessionsapi "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + cookiesapi "github.com/oauth2-proxy/oauth2-proxy/pkg/cookies" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions" + sessionscookie "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/cookie" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/redis" + "github.com/oauth2-proxy/oauth2-proxy/pkg/sessions/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "github.com/pusher/oauth2_proxy/pkg/apis/options" - sessionsapi "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - cookiesapi "github.com/pusher/oauth2_proxy/pkg/cookies" - "github.com/pusher/oauth2_proxy/pkg/encryption" - "github.com/pusher/oauth2_proxy/pkg/sessions" - sessionscookie "github.com/pusher/oauth2_proxy/pkg/sessions/cookie" - "github.com/pusher/oauth2_proxy/pkg/sessions/redis" - "github.com/pusher/oauth2_proxy/pkg/sessions/utils" ) func TestSessionStore(t *testing.T) { diff --git a/pkg/sessions/utils/utils.go b/pkg/sessions/utils/utils.go index 1fb27f4ddf..e8de8ae90d 100644 --- a/pkg/sessions/utils/utils.go +++ b/pkg/sessions/utils/utils.go @@ -3,8 +3,8 @@ package utils import ( "encoding/base64" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" ) // CookieForSession serializes a session state for storage in a cookie diff --git a/providers/auth_test.go b/providers/auth_test.go index e17ad8d746..55b98a0fb7 100644 --- a/providers/auth_test.go +++ b/providers/auth_test.go @@ -5,7 +5,7 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" ) var authorizedAccessToken = "imaginary_access_token" diff --git a/providers/azure.go b/providers/azure.go index 5b93064cd2..1f4f9f8d47 100644 --- a/providers/azure.go +++ b/providers/azure.go @@ -11,9 +11,9 @@ import ( "time" "github.com/bitly/go-simplejson" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // AzureProvider represents an Azure based Identity Provider diff --git a/providers/bitbucket.go b/providers/bitbucket.go index 63c1d0fa56..7ddb280ead 100644 --- a/providers/bitbucket.go +++ b/providers/bitbucket.go @@ -5,9 +5,9 @@ import ( "net/url" "strings" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // BitbucketProvider represents an Bitbucket based Identity Provider diff --git a/providers/bitbucket_test.go b/providers/bitbucket_test.go index d6d2cdc6e0..da3182a0c9 100644 --- a/providers/bitbucket_test.go +++ b/providers/bitbucket_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/assert" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" ) func testBitbucketProvider(hostname, team string, repository string) *BitbucketProvider { diff --git a/providers/digitalocean.go b/providers/digitalocean.go index f4d9ce570d..564d32b0f8 100644 --- a/providers/digitalocean.go +++ b/providers/digitalocean.go @@ -6,8 +6,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // DigitalOceanProvider represents a DigitalOcean based Identity Provider diff --git a/providers/digitalocean_test.go b/providers/digitalocean_test.go index 3ef0f2aeab..2b3fede360 100644 --- a/providers/digitalocean_test.go +++ b/providers/digitalocean_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/facebook.go b/providers/facebook.go index abd5382807..94f3e271cd 100644 --- a/providers/facebook.go +++ b/providers/facebook.go @@ -6,8 +6,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // FacebookProvider represents an Facebook based Identity Provider diff --git a/providers/github.go b/providers/github.go index 40ec78d3b9..bacda1bb13 100644 --- a/providers/github.go +++ b/providers/github.go @@ -11,8 +11,8 @@ import ( "strconv" "strings" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // GitHubProvider represents an GitHub based Identity Provider diff --git a/providers/github_test.go b/providers/github_test.go index e73ea40b4f..a454cb48ab 100644 --- a/providers/github_test.go +++ b/providers/github_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/gitlab.go b/providers/gitlab.go index 396d41fced..20421d659f 100644 --- a/providers/gitlab.go +++ b/providers/gitlab.go @@ -10,7 +10,7 @@ import ( "time" oidc "github.com/coreos/go-oidc" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "golang.org/x/oauth2" ) diff --git a/providers/gitlab_test.go b/providers/gitlab_test.go index f75c4bfde8..30ce16e502 100644 --- a/providers/gitlab_test.go +++ b/providers/gitlab_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/google.go b/providers/google.go index 12216a35d8..ec16ded5e5 100644 --- a/providers/google.go +++ b/providers/google.go @@ -13,8 +13,8 @@ import ( "strings" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" "golang.org/x/oauth2" "golang.org/x/oauth2/google" admin "google.golang.org/api/admin/directory/v1" diff --git a/providers/internal_util.go b/providers/internal_util.go index fb33b31de7..4cc502edd4 100644 --- a/providers/internal_util.go +++ b/providers/internal_util.go @@ -5,8 +5,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // stripToken is a helper function to obfuscate "access_token" diff --git a/providers/internal_util_test.go b/providers/internal_util_test.go index ba6d470edd..591c7f3098 100644 --- a/providers/internal_util_test.go +++ b/providers/internal_util_test.go @@ -7,7 +7,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/keycloak.go b/providers/keycloak.go index 271537263d..9475957d1e 100644 --- a/providers/keycloak.go +++ b/providers/keycloak.go @@ -4,9 +4,9 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) type KeycloakProvider struct { diff --git a/providers/keycloak_test.go b/providers/keycloak_test.go index 4d1d1005b0..e00fb0452c 100644 --- a/providers/keycloak_test.go +++ b/providers/keycloak_test.go @@ -7,7 +7,7 @@ import ( "testing" "github.com/bmizerany/assert" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" ) func testKeycloakProvider(hostname, group string) *KeycloakProvider { diff --git a/providers/linkedin.go b/providers/linkedin.go index bca293608e..b69ae933b3 100644 --- a/providers/linkedin.go +++ b/providers/linkedin.go @@ -6,8 +6,8 @@ import ( "net/http" "net/url" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // LinkedInProvider represents an LinkedIn based Identity Provider diff --git a/providers/linkedin_test.go b/providers/linkedin_test.go index 0b7247ff82..9f325eae74 100644 --- a/providers/linkedin_test.go +++ b/providers/linkedin_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/logingov.go b/providers/logingov.go index 3cca13d6ab..db112aa570 100644 --- a/providers/logingov.go +++ b/providers/logingov.go @@ -13,7 +13,7 @@ import ( "time" "github.com/dgrijalva/jwt-go" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "gopkg.in/square/go-jose.v2" ) diff --git a/providers/nextcloud.go b/providers/nextcloud.go index 18855c8cea..6b2932e367 100644 --- a/providers/nextcloud.go +++ b/providers/nextcloud.go @@ -4,9 +4,9 @@ import ( "fmt" "net/http" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/logger" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // NextcloudProvider represents an Nextcloud based Identity Provider diff --git a/providers/nextcloud_test.go b/providers/nextcloud_test.go index c598d7bb4e..0f3a829369 100644 --- a/providers/nextcloud_test.go +++ b/providers/nextcloud_test.go @@ -6,7 +6,7 @@ import ( "net/url" "testing" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/oidc.go b/providers/oidc.go index 0d8112e042..e831ccbab2 100644 --- a/providers/oidc.go +++ b/providers/oidc.go @@ -10,8 +10,8 @@ import ( oidc "github.com/coreos/go-oidc" "golang.org/x/oauth2" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/requests" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/requests" ) // OIDCProvider represents an OIDC based Identity Provider diff --git a/providers/oidc_test.go b/providers/oidc_test.go index 1ae3935a88..675f8fda22 100644 --- a/providers/oidc_test.go +++ b/providers/oidc_test.go @@ -20,7 +20,7 @@ import ( "github.com/dgrijalva/jwt-go" "golang.org/x/oauth2" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" ) const accessToken = "access_token" diff --git a/providers/provider_data.go b/providers/provider_data.go index bc789a9a86..ce80c8b75c 100644 --- a/providers/provider_data.go +++ b/providers/provider_data.go @@ -5,7 +5,7 @@ import ( "io/ioutil" "net/url" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) // ProviderData contains information required to configure all implementations diff --git a/providers/provider_default.go b/providers/provider_default.go index 5e60a0c64f..707e3a6ed2 100644 --- a/providers/provider_default.go +++ b/providers/provider_default.go @@ -10,8 +10,8 @@ import ( "net/url" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" ) // Redeem provides a default implementation of the OAuth2 token redemption process diff --git a/providers/provider_default_test.go b/providers/provider_default_test.go index ffe4aa7448..e8a51f518b 100644 --- a/providers/provider_default_test.go +++ b/providers/provider_default_test.go @@ -4,7 +4,7 @@ import ( "testing" "time" - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" "github.com/stretchr/testify/assert" ) diff --git a/providers/providers.go b/providers/providers.go index 04215f01d7..97cc17a7ec 100644 --- a/providers/providers.go +++ b/providers/providers.go @@ -1,8 +1,8 @@ package providers import ( - "github.com/pusher/oauth2_proxy/pkg/apis/sessions" - "github.com/pusher/oauth2_proxy/pkg/encryption" + "github.com/oauth2-proxy/oauth2-proxy/pkg/apis/sessions" + "github.com/oauth2-proxy/oauth2-proxy/pkg/encryption" ) // Provider represents an upstream identity provider implementation diff --git a/templates.go b/templates.go index 002e2b46ad..b0e9014d57 100644 --- a/templates.go +++ b/templates.go @@ -4,7 +4,7 @@ import ( "html/template" "path" - "github.com/pusher/oauth2_proxy/pkg/logger" + "github.com/oauth2-proxy/oauth2-proxy/pkg/logger" ) func loadTemplates(dir string) *template.Template { @@ -149,7 +149,7 @@ func getTemplates() *template.Template {