github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 01:47:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
884 Commits 2 Branches 0 Tags
155ebc745bc7695ae3552ab466d3cecfc368acce
Commit Graph

528 Commits

Author SHA1 Message Date
Trong Huu Nguyen
155ebc745b docs: clarify forwarded headers 2024-08-23 13:56:21 +02:00
Trong Huu Nguyen
57376643ba build: go 1.23 2024-08-23 13:56:19 +02:00
Trong Huu Nguyen
3876820aee refactor(retry): use DoValue 2024-08-23 13:55:51 +02:00
Trong Huu Nguyen
3465d8aef3 refactor(config): clean up tests 2024-08-23 13:55:49 +02:00
Trong Huu Nguyen
f9761c3437 test(config): add some more cases, remove unneeded parameter 2024-07-02 21:58:14 +02:00
Trong Huu Nguyen
1906024da0 feat(openid/acr): remove old values and backward compatibility for new idporten 
We no longer expect nor accept tokens with old acr values during
validation as ID-porten no longer issues tokens with these values.

This also removes backward compatibility in cases where configured
values targeted the new ID-porten while using old ID-porten.

We still maintain an internal mapping from old values to new values
for forward compatibilty when using old values provided in the login
parameter and the `openid.acr-values` flag.
 2024-06-27 12:34:16 +02:00
Trong Huu Nguyen
f94d81aed7 test(config): add missing tests 2024-06-27 09:54:29 +02:00
Trong Huu Nguyen
d7b0d93f11 refactor: split out config again 2024-06-26 15:32:38 +02:00
Trong Huu Nguyen
d69cf79664 refactor: reduce noisy config logs 
Fixes #262.
 2024-06-26 14:51:05 +02:00
Trong Huu Nguyen
16ccb3a6be feat(config): add explicit toggle for legacy cookies 2024-06-26 12:20:05 +02:00
Trong Huu Nguyen
584f58bb6d refactor(retry): use functional opts, proxy to external lib 2024-05-08 08:39:43 +02:00
Trong Huu Nguyen
fc1454fcbb feat(config) support samesite cookie attribute 2024-04-24 14:47:18 +02:00
Trong Huu Nguyen
10e71a7bb5 feat(handler/reverseproxy): remove x-wonderwall headers 
The use of these headers in upstreams may be risky, espeically
if Wonderwall is accidentally misconfigured or disabled, or requests
are performed directly to the upstream circumventing Wonderwall.

We should prefer using a signed token or similar that can be verified by
the upstreams.
 2024-01-16 08:57:07 +01:00
Trong Huu Nguyen
40497da1b9 feat(handler/reverseproxy): filter relevant access requests 2023-12-20 15:41:29 +01:00
Trong Huu Nguyen
41f4354ce4 revert: "feat(handler/error): remove automatic retry" 
This reverts commit 083cb54df7.
 2023-12-20 11:17:51 +01:00
Trong Huu Nguyen
e71e4a2fda feat(handler/reverseproxy): add toggle for access logs 2023-12-20 08:25:35 +01:00
Trong Huu Nguyen
55839d72f0 feat(handler/login): log existing sid on prompt 2023-12-19 12:19:39 +01:00
Trong Huu Nguyen
50e53330b9 feat(handler/reverseproxy): remove unnecessary log fields 2023-12-19 12:05:01 +01:00
Trong Huu Nguyen
f82c8a7078 feat(handler/login): drop logging sub claim 2023-12-19 11:04:03 +01:00
Trong Huu Nguyen
9c2d1cb520 feat(cookie): remove expiry options 
Always create session cookies instead of
persistent cookies with expiry.
 2023-12-19 08:46:08 +01:00
Trong Huu Nguyen
e00832016b feat(handler/login): remove legacy cookie 
We don't really need to set an additional cookie without SameSite
as we now use SameSite=Lax for the login cookie.
 2023-12-19 08:46:08 +01:00
Trong Huu Nguyen
083cb54df7 feat(handler/error): remove automatic retry 2023-12-19 08:46:06 +01:00
Trong Huu Nguyen
273eb3604a feat(cookie): use samesite lax instead of none for callback 2023-12-19 08:46:03 +01:00
Trong Huu Nguyen
c3904433f2 feat: log and propagate session metadata 
- stop using jti, use sid instead
- store amr and auth_time from id_token in session
- log more metadata on login callback
- log session id where possible
- propagate acr, amr, auth_time, sid to upstreams in headers
- log authenticated reverseproxy requests
 2023-12-19 08:46:02 +01:00
Trong Huu Nguyen
a10da5d0d7 feat(handler/login): add support for prompt param in login 2023-12-19 08:46:01 +01:00
Trong Huu Nguyen
8f3c5cde88 fix(handler/error): redirect callbacks to initial handlers, retry others as-is 2023-12-19 08:45:57 +01:00
Trong Huu Nguyen
3f7af9e232 chore(config): set new default value for idporten acr 2023-12-12 09:12:41 +01:00
Trong Huu Nguyen
6d32363d13 feat(config): drop dirty modifier from version string 2023-11-29 09:21:04 +01:00
Trong Huu Nguyen
70a45e1522 style: formatting 2023-11-28 10:15:32 +01:00
Trong Huu Nguyen
423bb4f22f fix(router): skip middleware if otel is not enabled 2023-11-28 10:12:15 +01:00
Trong Huu Nguyen
35e4953557 fix(session/redis): skip setup if otel is not enabled 2023-11-28 10:08:31 +01:00
Trong Huu Nguyen
de78193361 chore(handler): remove temporary amr-based redirect 2023-11-24 16:52:15 +01:00
Trong Huu Nguyen
b3a7dbf081 refactor(otel): move configuration 2023-11-24 16:52:05 +01:00
Trong Huu Nguyen
14735484c3 refactor(otel): remove unneeded meter provider 2023-11-24 16:39:49 +01:00
J-K. Solbakken
894cc35e47 telemetry for redis 2023-11-23 13:16:43 +01:00
J-K. Solbakken
3e00f8105a add request method to span name 2023-11-23 09:37:43 +01:00
J-K. Solbakken
d28579028e removed unused variable 2023-11-23 08:56:52 +01:00
J-K. Solbakken
38b9891caf use otelchi middleware for http tracing 2023-11-23 08:53:36 +01:00
J-K. Solbakken
5f11c2a5d7 use recommended otel reporting intervals 2023-11-23 08:20:56 +01:00
J-K. Solbakken
795c91950d change otel exporter from stdout to grpc 2023-11-22 10:03:22 +01:00
Jan-Kåre Solbakken
757b9c987c Merge branch 'master' into otel 2023-11-21 09:21:53 +01:00
J-K. Solbakken
23268c6762 starting simple 2023-11-21 08:47:42 +01:00
Trong Huu Nguyen
1b3ba8a7ad refactor(session): skip logging for client context cancellations 
We use the context from the inbound http.Request, which means that this
error generally occurs due to the user agent disconnecting mid-request.
Skip logging these errors as they're not really actionable.
 2023-11-16 14:52:10 +01:00
Trong Huu Nguyen
191f3c3ca8 fix(router): enable cors on session endpoints for sso proxies 2023-11-15 08:42:42 +01:00
Trong Huu Nguyen
2f351a1388 feat(handler/callback): redirect minid passport users to separate landing page 2023-11-06 11:45:15 +01:00
Trong Huu Nguyen
e3022c7923 feat(handler/session): reduce logging level for not found errors 2023-11-02 08:33:09 +01:00
Trong Huu Nguyen
d2d281f38c fix(server): correcter error equality check 2023-10-25 10:37:56 +02:00
Trong Huu Nguyen
305ab1786d fix(reverseproxy/autologin): handle multiple accept headers 2023-10-16 12:01:15 +02:00
Trong Huu Nguyen
3da0ed1019 fix(middleware/prometheus): filter out irrelevant paths 2023-10-16 11:41:57 +02:00
Trong Huu Nguyen
c363bea556 test(reverseproxy): extract common assertions 2023-10-12 09:18:51 +02:00