warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-20 06:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
629 commits 47 branches 34 tags 6.5 MiB
Commit graph

63 commits

Author SHA1 Message Date
Eugene 4afa979de2
bump rust some more 2024-07-16 10:40:27 +02:00
Eugene 72236d004a
fixed #748 - per-protocol external ports (#973) 2024-03-26 10:16:22 +01:00
Eugene 47c943d201
lint 2024-03-23 12:24:52 +01:00
Skyler Mansfield 916d51a4e8
Add support for role mappings on custom SSO providers. (#920) 
This is done using the `role_mappings` property.
Roles to be mapped are gotten from the 'warp_groups` oidc claim:
```sso_providers: 
  - name: custom_sso
    label: Custom SSO
    provider:
      type: custom
      client_id: <client_id>
      client_secret: <client_secret>
      issuer_url: <issuer_url>
      scopes: ["email", "profile", "openid", "warp_groups"] #warp_groups is scope name to request for my demo case, which adds a "warpgate_groups" claim to the userinfo
      role_mappings: 
        - ["warpgate:admin", "warpgate:admin"]
```
This maps the `warpgate:admin` group from OIDC to the `warpgate:admin`
role.

This [video on YouTube](https://youtu.be/XCYSGGCgk9Q) demonstrates the
functionality

---------

Co-authored-by: Eugene <inbox@null.page>
 2024-03-23 12:05:12 +01:00
Eugene bcba6763ae
cargo fmt 2024-03-04 10:15:27 +01:00
Eugene ea07658f0b
fixed test 2024-02-04 21:09:26 +01:00
Néfix Estrada 0ddc7979ea feat(http): add remote_addr to logs 
With this change, the remote address will be logged. This enables other
software, such as fail2ban, to monitor the logs and make actions if
required.

Closes #944
 2024-02-04 21:03:33 +01:00
Eugene 2d6621f5c8
bumped rust 2024-01-23 12:05:59 +01:00
Nicolas SEYS 8c1dab63c5 Move session and cookie age in http config section 2023-11-29 11:03:17 +01:00
Nicolas SEYS 21d6ab4beb Make session and cookie age configurable 2023-11-29 11:03:17 +01:00
Eugene 6cace24fe8
lint 2023-11-23 19:40:53 +01:00
Eugene b346ca3d0b
don't suggest public key auth in the web auth API 2023-11-23 19:36:05 +01:00
Eugene e3b26b2699
fixed GHSA-c94j-vqr5-3mxr - privilege escalation during web auth 2023-11-23 18:35:27 +01:00
Skyler Mansfield d9af7470a4 Add better support for X-Forward- headers when constructing external url 2023-11-16 19:53:14 +01:00
Skyler Mansfield b0a9130a51 Add support for trusting X-Forwarded-For header to get client IP 
falls back to remote ip if header unavailable
 2023-11-16 19:53:14 +01:00
Nicolas SEYS dec0b97a0d Fix redirection with a relative location 2023-09-26 15:53:51 +02:00
Eugene Pankov d9385ca44b lint 2023-08-08 21:06:01 +02:00
Eugene Pankov 49b92cde7a fixed #855 - log client IPs and credentials used 2023-08-08 09:56:41 +02:00
Eugene Pankov 0bc9ae1b1a fixed #854 - show session details during OOB auth 2023-08-07 22:28:15 +02:00
Eugene Pankov 8173f6512a
fixed GHSA-868r-97g5-r9g4 - insufficient authentication for SSO users 2023-07-07 20:41:00 +02:00
Eugene Pankov a38fd2bbb1
ui: added search boxes - #761 2023-05-18 21:59:26 +02:00
Eugene Pankov f13a22f4d0
fixed #747 - don't include port in x-forwarded-for 2023-04-24 08:49:34 -07:00
Cléo REBERT 86daf9f38e
Fix build after cargo update 
* Fix project not building after `cargo update`

* Bump totp-rs from 3.x to 5.x

* Bump sea-orm to 0.10 to 0.11

* Remove `chrono` unused features to get rid of warning during `cargo audit`
 2023-04-19 10:59:19 +02:00
Eugene Pankov eb13e71fb3
bumped rust 2023-01-11 12:59:27 +01:00
Eugene Pankov 1d34e5e4e2
lint 2022-12-14 22:10:35 +01:00
Eugene Pankov 468f4c6582
lint, removed DHAT 2022-11-21 22:01:14 +01:00
Eugene Pankov 8087179ea0
Revert "fixed openapi operation IDs" 
This reverts commit 9b58dbc0c8.
 2022-11-08 22:32:35 +01:00
Eugene Pankov 9b58dbc0c8
fixed openapi operation IDs 2022-11-08 11:48:38 +01:00
Eugene Pankov 2b7baac016
lint, removed lazy_static 2022-11-03 23:44:51 +01:00
Eugene Pankov 42f9c68788
bumped rust 2022-11-03 23:10:51 +01:00
Eugene Pankov 6f39338c36
fixed #406 - construct correct SSO URLs behind a reverse proxy 2022-10-31 23:35:07 +01:00
Eugene Pankov 512396ffb4
#406 - apple id redirection fixes 2022-10-29 20:51:29 +02:00
Eugene Pankov 5bdddd3958
allow cancelling authentication 2022-10-02 20:02:05 +02:00
Eugene Pankov 04e5ecf5cb
#353 - forbid HTTP caching for API endpoints 2022-09-21 20:37:05 +03:00
Eugene Pankov 900426cc75 bumped poem 2022-09-13 22:56:26 +02:00
Eugene Pankov 5ddc260262
Remote port and X11 forwarding - fixes #11, fixes #12 2022-09-04 12:06:09 +02:00
Eugene Pankov a2bbc1690e
lint 2022-09-02 15:57:34 +02:00
Eugene Pankov 51df7083de
database config provider 2022-09-02 14:00:08 +02:00
Eugene Pankov c74dc77700
added the missing host header 2022-08-26 00:10:03 +02:00
Eugene Pankov b0866d296b
fixed #274 - don't pass through the Host header 2022-08-25 23:28:49 +02:00
Eugene 067250652d
Synchronize some ssh ops between client and target (#271) 2022-08-21 23:30:06 +02:00
Eugene Pankov 52edf524ae
fixed infinite redirect (#257) 2022-08-15 09:39:49 +02:00
Eugene Pankov ccabfb1546
don't rewrite cookie domain for target cookies 2022-08-11 21:54:21 +02:00
Eugene Pankov ee1a4650dd
log unknown usernames accordingly 2022-08-09 23:30:56 +02:00
Eugene c6885f18c3
Out-of-band SSO (#245) 2022-08-08 23:30:18 +02:00
Eugene Pankov 1271dee26d
test driven fixes 2022-08-06 00:55:30 +02:00
Eugene f7bb12e44d
OIDC login support (#222) 2022-08-05 20:04:40 +02:00
Eugene Pankov 8ea3250d4b
fixed #196 - HTTP tickets support 2022-07-30 18:40:03 +02:00
Eugene Pankov 112a6581f0
added test-target support for HTTP and MySQL targets 2022-07-29 20:02:10 +02:00
Eugene Pankov 9af4de71c5
http: set cookies for all subdomains 2022-07-27 21:10:59 +02:00