Skip to content

Update with changes from upstream #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 77 commits into from
Feb 3, 2025
Merged

Update with changes from upstream #3

merged 77 commits into from
Feb 3, 2025

Conversation

g-linville
Copy link
Member

@g-linville g-linville commented Jan 31, 2025
edited
Loading

The linter failures in the CI are unconcerning. It also fails on the current otto8 branch.

tuunit and others added 30 commits October 5, 2024 17:29
@tuunit
fix: self signed certificate handling
8fd7312
@tuunit
better handling of default transport modification
bae168f
@tuunit
add changelog entry
4bd920b
@JoelSpeed
Merge pull request oauth2-proxy#2803 from tuunit/bugfix/self-signed-c…
d68336d 
…ertificate-handling

fix: self signed certificate handling in v7.7.0
@rd-danny-fleer
fix: unable to use hyphen in JSON path for oidc-groups-claim option (o…
642ba17 
…auth2-proxy#2619)
@miguelborges99 @tuunit
fix: runtime error: index out of range (0) with length 0 (oauth2-prox…
ff761d2 
…y#2328)

* Issue 2311: runtime error: index out of range [0] with length 0 while extracting state of of the csrf

---------

Co-authored-by: tuunit <jan@larwig.com>
@github-actions @tuunit
update to release version v7.7.1
055a634
@JoelSpeed
Merge pull request oauth2-proxy#2807 from oauth2-proxy/release/v7.7.1
6fb0201 
release v7.7.1
@halkeye
doc: add standard opencontainer docker labels (oauth2-proxy#2800)
ab448cf
@chadmiller-saq
doc: expand on --upstream URL matching and trailing slash behaviour (o…
defc456 
…auth2-proxy#2813)
@joshuacox
chore: removed duplicate image line in docker-compose (oauth2-proxy#2817
c555f5f 
)
@renovate @tuunit
chore(deps): update dependency @easyops-cn/docusaurus-search-local to…
798b846 
… ^0.45.0
@bjencks
feat: add X-Envoy-External-Address as supported header (oauth2-proxy#…
66f1063 
…2755)
@k0ste
fix(contrib): revamped systemd service example (oauth2-proxy#2655)
e00c7a7
@isodude
Allow parsing remote address headers over unix sockets
bc8e716 
When listening to a unix socket there is no RemoteAddr for http.Request.
Instead of setting nil, Go sets it to '@'. Marking the IP as trusted if
RemoteAddr allows rest of the settings for parsing remote address in
headers to be applied.

Signed-off-by: Josef Johansson <josef@oderland.se>
@isodude
Add support for systemd.socket
6743a9c 
When using sockets to pass data between e.g. nginx and oauth2-proxy it's
simpler to use sockets. Systemd can even facilitate this and pass the
actual socket directly.

This also means that only the socket runs with the same group as nginx
while the service runs with DynamicUser.

Does not support TLS yet.

nginx
```
server {
    location /oauth2/ {
      proxy_pass http://unix:/run/oauth2-proxy/oauth2.sock;
}
```

oauth2-proxy.socket
```
[Socket]
ListenStream=%t/oauth2.sock
SocketGroup=www-data
SocketMode=0660
```

Start oauth2-proxy with the parameter `--http-address=fd:3`.

Signed-off-by: Josef Johansson <josef@oderland.se>
@tuunit @JoelSpeed
doc: readme overhaul and azure sponsorship (oauth2-proxy#2826)
9945b68 
* new readme structure

* add adopters file

* add microsoft sponsorship

* add reference to adopter file

* add gopher slack invite link

* slightly rephrase nightly image section

* add sponsor request for action

* better formatting for contributor wall

* add longer wait time for stale PRs and issues and allow for exemption through bug and high-priority labels

* apply review suggestion

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>

---------

Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
@renovate
chore(deps): update module github.com/go-jose/go-jose/v3 to v4 (oauth…
5ec03ab 
…2-proxy#2598)
@JoelSpeed
Merge pull request oauth2-proxy#1985 from isodude/systemd-socket
4d2b5c3 
Add support for systemd socket
@bcremer
doc: fix relative URLs to configuration page (oauth2-proxy#2818)
b4f7e06
@renovate
chore(deps): update dependency node to v22 (oauth2-proxy#2836)
50ec7fa
@renovate
chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 [s…
0bc8dd9 
…ecurity] (oauth2-proxy#2831)
@renovate
chore(deps): update alpine docker tag to v3.20.3 (oauth2-proxy#2682)
96f0288
@rekup
fix: websocket path rewrite (oauth2-proxy#2300)
64e736f
@ondrejsika
feat: add CF-Connecting-IP as supported real ip header (oauth2-proxy#…
3ceef0c 
…2821)
@vishvananda
fix: update code_verifier to use recommended method (oauth2-proxy#2620)
4e2013e 
The [RFC](https://datatracker.ietf.org/doc/html/rfc7636#section-4.1)
says that a code verifier just uses unreserved characters, but the
recommended method is that it is a base64-urlencoded 32-octet url. Some
implementations of PKCE (most notably the one used by salesforce)
require that this is a valid base64 encoded string[1], so this patch
switches to using the recommended approach to make it more compatible.

[1]: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_pkce.htm&type=5
@renovate @tuunit
chore(deps): update gomod
2fd2f8c
@jjlakis @tuunit
chore: extend test cases for oidc provider and documentation regardin…
05b91f3 
…g implicit setting of the groups scope when no scope was specified in the config

Co-authored-by: Jan Larwig <jan@larwig.com>
@renovate @tuunit
chore(deps): update gomod
bc12242
@renovate @tuunit
chore(deps): update docker-compose
5042203
stomekpe and others added 17 commits January 15, 2025 09:06
@stomekpe @tuunit
fix: jwt regex validation error during skip-jwt-bearer-tokens flow (o…
f31e02c 
…auth2-proxy#2888)


---------

Co-authored-by: Jan Larwig <jan@larwig.com>
@tuunit
Merge branch 'master' into fix/missing-version-during-docker-built
a29eda3
@JoelSpeed
Merge pull request oauth2-proxy#2920 from tuunit/fix/missing-version-…
46b3b26 
…during-docker-built

fix: missing oauth2-proxy version for docker builds
@github-actions
update to release version v7.8.1
c580b7f
@tuunit
update release highlights
0edecd3
@JoelSpeed
Merge pull request oauth2-proxy#2922 from oauth2-proxy/release/v7.8.1
04cc932 
release v7.8.1
@renovate @tuunit
chore(deps): update dependency @easyops-cn/docusaurus-search-local to…
b7a8d38 
… ^0.48.0
@renovate
chore(deps): update helm release oauth2-proxy to v7.10.2 (oauth2-prox…
4c823a6 
…y#2934)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@tuunit
chore(build): retrieve go version from go.mod as single point of truth
58527ec
@tuunit
chore(deps): update all go depedencies
9b32699
@tuunit
doc: update changelog
3cf74c2
@tuunit
fix(test): syntax violation of json with one too many closing curly b…
67f3da2 
…rackets
@JoelSpeed
Merge pull request oauth2-proxy#2927 from tuunit/chore/bump-golang-1.23
39bae25 
chore(deps/build): bump golang to 1.23 and use go.mod as single point of truth for all build files
@tuunit
doc: add entra id to issue templates
0364f1b
@JoelSpeed
Merge pull request oauth2-proxy#2941 from tuunit/doc/add-entra-id-to-…
8b6e845 
…issue-template

doc: add entra id to issue templates
@renovate
chore(deps): update gomod (oauth2-proxy#2937)
b72a9f4 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@g-linville
update with commits from upstream
e4d2486 
Signed-off-by: Grant Linville <grant@acorn.io>
@g-linville g-linville marked this pull request as ready for review January 31, 2025 18:32
@g-linville g-linville requested a review from thedadams January 31, 2025 19:59
@g-linville g-linville merged commit 9002f84 into otto8 Feb 3, 2025
3 of 5 checks passed
@g-linville g-linville deleted the otto8-update branch February 3, 2025 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thedadams thedadams thedadams approved these changes

Assignees
No one assigned
Labels
dependencies docker docs go provider tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.