Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow custom key to be used for whitelist and X-Forwarded-User instead of the hardcoded email #1

Merged
merged 28 commits into from
Nov 5, 2022
Merged

Allow custom key to be used for whitelist and X-Forwarded-User instead of the hardcoded email #1

merged 28 commits into from
Nov 5, 2022

Conversation

jordemort
Copy link
Owner

Squashing and merging thomseddon#159

maxisme and others added 28 commits August 1, 2020 13:55
@maxisme
init commit
1b7d054
@maxisme
add github workflow
bcadb3a
@maxisme
fix naming
b290b21
@maxisme
fix missing param
f041759
@maxisme
upgrade Go version to 1.14
0e2bb23
@maxisme
tmp remove of tests
b0f7b17 
update error message
@maxisme
add more specific error message
c792263
@maxisme
put back tests
189e4a1
@maxisme
rename User ID Key to User ID Path
399f3da
@maxisme
upgrade dependencies
40bd110
@maxisme
Revert "upgrade dependencies"
2a2d542 
This reverts commit 40bd110

It prevents GO 1.12 from working 1.13 + 1.14 still work however.
@maxisme
Revert "upgrade dependencies"
22aa772 
This reverts commit 40bd110
@maxisme
mention the user that is not authorized
d9c2ec2
@maxisme
mention the user that is not authorized
cb02259
@maxisme
tidy error message
c77e649
@maxisme
tidy error message
4b554e7
@maxisme
remove actions
c7f5f0a
@maxisme
rename UserIDPath to UserID
fb70085 
remove UserID type
rename comma delimited to comma separated
@maxisme
rename GetUsedID function to GetUser
42b3750
revert docker golang version to 1.13
a33a869
change whitelist comment to indicate userIDs instead of explicitly em…
9ea7d98 
…ails
revert go version
49439c7
Merge branch 'master' of https://github.com/thomseddon/traefik-forwar…
4906a18 
…d-auth

� Conflicts:
�	internal/auth.go
�	internal/auth_test.go
�	internal/server.go
fix conflicts
4091bb1
add tests
58d555c
push to docker for testing
dc20081
@maxisme
Merge pull request #1 from maxisme/fix-conflicts
a98e568 
Fix conflicts
@jordemort
Merge branch 'master' into maxisme
740389b
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 5, 2022
View reviewed changes
internal/server.go
if !valid {
logger.WithField("email", email).Warn("Invalid email")
http.Error(w, "Not authorized", 401)
logger.WithField("user", user).Warn("Invalid user")

Check failure

Code scanning / CodeQL

Log entries created from user input

This log entry depends on a [user-provided value](1).
internal/server.go
logger.WithField("email", email).Warn("Invalid email")
http.Error(w, "Not authorized", 401)
logger.WithField("user", user).Warn("Invalid user")
http.Error(w, fmt.Sprintf("User '%s' is not authorized", user), 401)

Check warning

Code scanning / CodeQL

Reflected cross-site scripting

Cross-site scripting vulnerability due to [user-provided value](1).
@jordemort jordemort merged commit 2425768 into master Nov 5, 2022
@jordemort jordemort deleted the maxisme branch November 5, 2022 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jordemort @maxisme