github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 09:27:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
304 Commits 2 Branches 0 Tags
242dc12be945ae0deb9febd0dd53dfd405f0d533
Commit Graph

250 Commits

Author SHA1 Message Date
Trong Huu Nguyen
242dc12be9 refactor(openid/config): remove unused field 2022-07-20 15:25:28 +02:00
Trong Huu Nguyen
b4e6e97448 refactor(metrics): use const label for hpa, ensure provider label is set 2022-07-20 14:50:13 +02:00
Trong Huu Nguyen
13f1713fc2 refactor(config): move loading and setup into init 2022-07-20 11:21:54 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
09ab8b9e3b refactor(handler): minor cleanups 2022-07-19 20:11:52 +02:00
Trong Huu Nguyen
3e62683cad refactor: use pointer receivers when possible 2022-07-19 19:24:28 +02:00
Trong Huu Nguyen
cbb6be135a feat(metrics): add metrics for successful logins and logouts 2022-07-19 09:25:43 +02:00
Trong Huu Nguyen
0d0f75d21e style(handler/callback): accidentally a letter 2022-07-19 08:39:03 +02:00
Trong Huu Nguyen
b674a0ffa7 refactor(session): wrap own error type instead of using store-specific errors 2022-07-19 08:39:02 +02:00
Trong Huu Nguyen
4ab07e9dc2 refactor: clean up logging 2022-07-19 08:39:02 +02:00
Trong Huu Nguyen
a639ff2903 refactor(retry): extract retry package, add retry for session operations 2022-07-19 08:39:00 +02:00
Trong Huu Nguyen
81fa96ccb8 refactor(handler/default): minor cleanups for loginstatus 2022-07-19 08:38:52 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
445a20f1c1 refactor(middleware/prometheus): add host label 2022-07-18 09:40:18 +02:00
Trong Huu Nguyen
284fa2a76f fix(openid/client): ensure assertion time claims are rounded down instead of up 
Hopefully fixes intermittent 'invalid_grant' errors from IdP.
 2022-07-18 09:24:26 +02:00
Trong Huu Nguyen
4a3f1d3d7e refactor(handler/test): extract upstream and httpclient for readability 2022-07-17 20:20:45 +02:00
Trong Huu Nguyen
ef649e7aaa feat: add allowlisting of paths for autologin 2022-07-17 20:11:55 +02:00
Trong Huu Nguyen
9d32d100f0 refactor(handler/test): consistency passthrough, replace unneeded location parsing with stdlib function 2022-07-15 10:24:24 +02:00
Trong Huu Nguyen
f6afc3cb6b test(handler): add tests for default reverse proxy handler 2022-07-15 10:07:42 +02:00
Trong Huu Nguyen
ee28484829 test(handler): use correct session ID for front-channel logout 2022-07-15 09:07:29 +02:00
Trong Huu Nguyen
24da9ee4f7 refactor(handler/frontchannellogout): ignored request should just return accepted status 2022-07-15 09:06:04 +02:00
Trong Huu Nguyen
4b2bf6e095 fix(mock/openid): ensure tokens have jti claim set 2022-07-15 09:04:55 +02:00
Trong Huu Nguyen
8e45eb1bc2 style: do not use resp before checking for errors 2022-07-15 08:44:54 +02:00
Trong Huu Nguyen
822c37ac20 test: add error handler tests, use httptest lib for requests 2022-07-15 08:43:25 +02:00
Trong Huu Nguyen
e3b9d33296 refactor: split out packages from router 2022-07-15 07:44:54 +02:00
Trong Huu Nguyen
fd630e6dbd test(router): extract some reusable test methods 2022-07-14 13:52:47 +02:00
Trong Huu Nguyen
aab249d78a refactor(jwt): skip parsing access tokens 
Access Tokens are not necessarily JWTs. We also don't
have to validate them as we only pass it on as an opaque
string.

This also means that we don't log the JTI access tokens
anymore.

We also simplify handling of oidc callbacks.
 2022-07-14 12:14:25 +02:00
Trong Huu Nguyen
6469c527a7 refactor(mock/openid): validate params in auth and token requests 2022-07-14 10:08:51 +02:00
Trong Huu Nguyen
0398d17074 test(router): add some missing assertions 2022-07-14 10:06:08 +02:00
Trong Huu Nguyen
9ac091fe91 test(openid/client): fix broken login callback tests 2022-07-14 10:05:34 +02:00
Trong Huu Nguyen
9c29bb180b refactor(mock): ensure scope is correctly set for openid client 2022-07-14 10:04:34 +02:00
Trong Huu Nguyen
aead53c60a refactor(openid/client): expose method for generating code challenge 2022-07-14 10:03:14 +02:00
Trong Huu Nguyen
2b730f1c32 refactor(openid/client): scope is not required for client assertions 2022-07-14 09:42:58 +02:00
Trong Huu Nguyen
1f59173266 refactor(openid/client): scope is already set by oauth2 pkg 2022-07-14 09:14:59 +02:00
Trong Huu Nguyen
66cf08e602 refactor(openid/logout): simplify logout logic 
As we already clear any local sessions before redirecting to the
Identity Provider, and the callback always redirects to a pre-configured URL,
there isn't really any need to maintain and verify state in the logout
callback.

In other words, the logout callback handler is simply a redirect handler.
 2022-07-12 15:09:49 +02:00
Trong Huu Nguyen
c321cff4eb test(openid/client): add missing tests 2022-07-12 14:28:17 +02:00
Trong Huu Nguyen
b937c64dd6 refactor(openid/client): ensure callback cookies are not nil 2022-07-11 14:30:04 +02:00
Trong Huu Nguyen
48160e7986 fix(handler/callback): pass correct error to error handler 2022-07-11 13:39:48 +02:00
Trong Huu Nguyen
b770f22174 refactor(handler/logoutcallback): extract to openid client 2022-07-11 13:37:40 +02:00
Trong Huu Nguyen
ad3201fbfb refactor(handler/logout): extract to openid client 2022-07-11 13:09:10 +02:00
Trong Huu Nguyen
451642caf8 refactor(handler/frontchannellogout): extract to openid client 2022-07-11 13:04:00 +02:00
Trong Huu Nguyen
8c28a3b109 refactor(router): group routes and extract middlewares 2022-07-08 16:10:11 +02:00
Trong Huu Nguyen
2f237ec89c refactor(handler/callback): extract openid specific code to client 2022-07-08 15:07:16 +02:00
Trong Huu Nguyen
aed89bfa94 nit(openid/clients): clean up error messages 2022-07-08 13:31:57 +02:00
Trong Huu Nguyen
5bfb80b934 wip: add todos 2022-07-08 13:29:37 +02:00
Trong Huu Nguyen
42938ee8b3 refactor(handler): deduplicate configuration 2022-07-05 14:43:40 +02:00
Trong Huu Nguyen
a4c3e72fc9 fix(router/handler): use long-lived context for refreshing jwks 2022-07-05 13:18:38 +02:00
Trong Huu Nguyen
1f5635239a refactor: split out openid client, config and provider 
There's a bunch of changes here, but in essence:

- split out openid configuration
- separate openid configuration between client/rp and provider
- consolidate client and provider related code in separate packages

These changes allow for simplification of the Handler, as well as a
bunch of test/mock code as the configuration is now instantiated
seperately from the client/provider code.
 2022-07-05 13:09:00 +02:00
Trong Huu Nguyen
d49db13e5f refactor(openid/clients): consolidate configuration 2022-07-04 15:24:21 +02:00
Trong Huu Nguyen
10dddd00bc refactor(router): begin extraction of openid client 2022-07-04 15:18:42 +02:00