version 2.7.1

Security related:

• #59 #61 more tricky-open-redirect prevention for the post-signin app-redirect: GHSA-5m6c-jp6f-2vcv

Changes:

• #60 do not set cache-control header for auth-only endpoint
• #63 new option --skip-auth-strip-headers, enabled by default, to remove some headers from upstream requests allowed by --skip-auth-regex, that would otherwise be set by the normal auth logic

version 2.7.0

Security related:

• #50 fix another open-redirect vulnerability: GHSA-j7px-6hwj-hpjg

Potentially compatibility-breaking changes:

• #52 The interpretation of cookie-secret was fixed, and may reject a secret that is not valid for an AES key used for encrypting tokens (for cookie-refresh or pass-access-token). It no longer adds base64 padding after base64 decode (in addition to before base64 decode), which accidentally made cookie-secret seem to be the appropriate length.
• #57 Rename some flags and config-file options for consistency:
  • flags: --tls-cert to --tls-cert-file, --tls-key to --tls-key-file
  • config: proxy-prefix to proxy_prefix, google_group to google_groups, github_team to github_teams
  • flag --github-team should now be passed multiple times for multiple teams, rather than taking a single comma-separated value, and --github-team= now means a team named "" instead of no-team-required.
• #55 remove recently-added option/flag xheaders, and replace with new option/flag real-client-ip-header to choose between X-Real-IP or X-Forwarded-For or disabled

Features:

• #45 new option/flag banner to override default sign-in banner html
• #54 new option/flag prompt to replace approval_prompt param to provider
• #56, #58 new option/flag force-https to redirect user requests from http to https (based on X-Forwarded-Proto header because oauth2_proxy listens for either http or https but never both, yet)
• #46 add header Cache-Control: no-store to auth-flow-related responses to prevent inappropriate browser caching

Fixes and refinements:

• #47 websockets now respect ssl-insecure-skip-verify option
• #43 fix sign_in page url fragment after reload in Firefox
• #49 log reason when redirect (to application) URL is invalid
• #51 more precise cookie size check/warning
• #44 clean-up validator tests
• #53 switch from Travis-CI to GitHub Actions for CI, minor test fixes for go-1.14
• update README links, cookie-secret generate example

version 2.6.0

Changes:

• #33 add --cookie-path config option
• #42 add --xheaders config option (set false to disable trust of X-Real-IP request header)
• #37 more robust handling of the original app url to redirect to after auth callback
• #20 add Bitbucket provider
• add nsswitch.conf to docker image to make netgo resolver use /etc/hosts first
• minor updates to build and test scripts, README, example config

Fixes:

• #37 check for /\ redirects (see GHSA-qqxw-m5fj-f7gv)
• #38 filter out headers which oauth2_proxy is responsible for (if not overwriting them)
• #32 improve websocket support with Hijack() method
• #40 GitHub provider: always pass token in header (remove last use of deprecated query param)
• #31 #41 GitHub provider: require verified email, prefer primary
• #36 GitLab provider: honor --scope option when using groups

version 2.5.1

Fixes:

• #29 adjust --redirect-url handling a bit more - fill url path if it is absent (also more compatible with pre-2.5.0 behavior)

Changes:

• #30 update dependency github.com/mreiferson/go-options

version 2.5.0

About half of these are ported from https://github.com/pusher/oauth2_proxy/ pull requests, and link to there in the PR description.

Changes:

• #26 websocket proxying support (hopefully ;)
• #17 add option --flush-interval
• #14 rename import path to github.com/ploxiln/oauth2_proxy
• #15 update vendored dependencies, and version of "dep" used in Travis-CI and Dockerfile
• #16 minor Google and OIDC options handling code cleanup

Fixes:

• #22 #24 fix option --redirect-url handling
• #19 make --ssl-insecure-skip-verify keep most DefaultTransport configuration (timeouts, keepalives, etc)

Provider updates:

• #28 actually support Google nested groups - oauth2_proxy v2.4 claimed this, but didn't
• #13 add Discord provider
• #21 OIDC provider: add option --skip-oidc-discovery
• #25 OIDC provider: fallback from "email" to "sub" (Subject)
• #23 GitHub provider: rename url query param "limit" to "per_page"

version 2.4.1

BUILDS UPDATED 2019-01-26 with go-1.11.5 (with crypto/tls denial-of-service fix)

Fixes:

• #11 fix GitLab provider (related to --gitlab-group flag)

Changes:

• only fetch up to 10 pages of GitLab groups for a user (similar to other providers groups checks)
• refactor FlagSet into a function for testing
• clean up test.sh and dist.sh, add Dockerfile

version 2.4

General changes:

• #3 #8 authenticated-emails-file change-watching refactored a bit, due to flaky tests
  • if file is deleted, will only wait up to 5 seconds for it to re-appear, instead of indefinitely
  • github.com/fsnotify/fsnotify updated to v1.4.7
• update example config and login page project link to point to this "ploxiln" fork
• README updates for this "ploxiln" fork
• #2 travis-ci config updated for this fork, with newer versions of go and dep, and newer base OS

Provider updates:

• bitly#637 #4 GitLab: new option --gitlab-group / gitlab_groups
• bitly#500 #6 Google: refactor groups lookup, support nested groups, fix for large orgs with many groups
• bitly#613 #7 GitHub: fix team lookup for large orgs with many teams
• bitly#620 #5 OpenID Connect: basic support for refreshing tokens (with cookie-refresh equal to token lifetime)

V2.3 first release of ploxiln fork

Changes in this fork:

• #1 fix combination of htpasswd auth and --cookie refresh
• bitly#464 add --whitelist-domain option
• bitly#651 make --ssl-insecure-skip-verify apply to DefaultTransport
• bitly#424 support combination of --set-xauthrequest and --pass-access-token
• bitly#641 add /oauth2/sign_out to docs
• bitly#595 update fsnotify package import
• bitly#577 fix hmacauth package import in Gopkg.toml

Changes in bitly master branch since v2.2:

• bitly#423 add --request-logging-format option
• bitly#549 support bcrypt passwords in htpasswd
• bitly#376 do not set cookie domain by default (it works opposite the way one would assume)
• bitly#510 more robust cookie clearing due to domain default change
• bitly#284 fix --skip-provider-button for /sign_in route
• bitly#426 allow zero upstreams (for auth_request mode)
• bitly#422 strip token from more url logging statements
• bitly#529 fix sign-in page css typo
• bitly#431 bitly#502 better error message for upstream parsing
• bitly#448 switch from 18F/hmacauth to mbland/hmacauth
• bitly#484 tests: replace bmizerany/assert with stretchr/testify/assert
• bitly#503 generate sha256sum.txt for release builds
• bitly#491 switch from gpm to dep for dependency management
• bitly#381 strip dist binary builds (smaller)
• provider updates:
  • bitly#389 add OpenID Connect
  • bitly#472 remove MyUSA
  • bitly#466 add GetUserName() method to Provider for user unrelated to email, use for GitHub
  • bitly#414 GitHub provider: iterate over multiple pages of user organizations
  • bitly#392 GitHub provider: use Authorization header
  • bitly#496 GitLab provider: update to use api v4
  • bitly#447 GitLab provider: reduce default oauth2 scope
  • bitly#421 bitly#561 Google provider: (minor) use base64.RawURLEncoding.DecodeString()
• README updates:
  • bitly#555
  • bitly#514
  • bitly#444
  • bitly#382
  • bitly#402
  • bitly#405
  • bitly#425