cashier/server/auth/google, branch v1.1.0 Mirror of Cashier, a SSH Certificate Authority (CA). Initial pass at prometheus support. (#56) 2017-02-12T14:38:12+00:00 Kevin Lyda kevin@ie.suberic.net 2017-02-12T14:38:12+00:00 ed8bc523fd0d1a66acf3fa449c453508035efdfc 






Revert "Remove the oauth_callback_url config option"
2017-02-11T20:20:35+00:00

Niall Sheridan
nsheridan@gmail.com

2017-02-11T20:20:35+00:00

9c344a0a95c44ef9cebade7b8a65ac160d9eb900












Remove the oauth_callback_url config option
2017-02-09T12:49:37+00:00

Niall Sheridan
nsheridan@gmail.com

2017-02-04T23:55:31+00:00

44cb8512c9881687e091cca589a0adcb9f72fa7a

Infer the redirect url from the request instead





Infer the redirect url from the request instead







Update authprovider tests
2017-01-16T22:57:26+00:00

Niall Sheridan
nsheridan@gmail.com

2017-01-16T22:57:26+00:00

c598d076f6e09242aa7675d744a0ec5e715caf95












Add more context to errors
2017-01-15T22:43:41+00:00

Niall Sheridan
nsheridan@gmail.com

2017-01-15T21:50:38+00:00

17b17fc8bb690d1f6344e5af1c62b3b37166bc48












Update whitelisting
2016-06-14T21:42:37+00:00

Niall Sheridan
nsheridan@gmail.com

2016-06-14T20:29:48+00:00

cd138ddf742d124aea3d1e7f155735576459be67

Whitelist Google users based on their email address instead of the username part of the email address.
Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse.
Skip testing for a Google Apps domain (ui.Hd) if no domain is configured.
Principals will still be added as the user part of the email address.

For the Github provider, skip checking that the user is a member of an organization is none is configured.





Whitelist Google users based on their email address instead of the username part of the email address.
Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse.
Skip testing for a Google Apps domain (ui.Hd) if no domain is configured.
Principals will still be added as the user part of the email address.

For the Github provider, skip checking that the user is a member of an organization is none is configured.







Add support for a users whitelist
2016-06-14T08:26:29+00:00

Marco Bonetti
marco@intercom.io

2016-06-10T13:11:54+00:00

a03243a826bb4eb5eebad19133f6b15e2f5dfdc2












Save oauth 'state' identifier in the client
2016-06-05T23:31:15+00:00

Niall Sheridan
nsheridan@gmail.com

2016-06-05T23:31:15+00:00

f456753248612222ad9bb6f3de74b7e28771470e












Validate tokens correctly
2016-06-02T19:43:04+00:00

Niall Sheridan
nsheridan@gmail.com

2016-06-02T19:43:04+00:00

a52d19e9e78d08643ffd4aee0483515d8bae2939

This switch statement doesn't do what I thought it does





This switch statement doesn't do what I thought it does







Don't allow wide-open Google or Github configs
2016-05-24T11:25:15+00:00

Patrick O'Doherty
p@trickod.com

2016-05-23T16:56:15+00:00

6f86efb594721bc577c56b284f5f2499e563c45c

Fail loudly if either the google_opts domain value or github_opts organization
values are not set in the configuration. The lack of these values means that
 a) in the Google case any @gmail.com address will be allowed
 b) the Github case any Github user will be allowed.

This was previously documented but left as a foot-gun in the code.

Future commits will allow for explicit wildcards to be set.





Fail loudly if either the google_opts domain value or github_opts organization
values are not set in the configuration. The lack of these values means that
 a) in the Google case any @gmail.com address will be allowed
 b) the Github case any Github user will be allowed.

This was previously documented but left as a foot-gun in the code.

Future commits will allow for explicit wildcards to be set.