github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 17:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
88 Commits 2 Branches 0 Tags
25221added1aaf470b274223264bd5fe7ef11954
Commit Graph

68 Commits

Author SHA1 Message Date
Trong Huu Nguyen
25221added rename callbackparams to logincookie for clarity, ensure logincookie is deleted when no longer needed 2021-09-29 13:27:30 +02:00
Morten Lied Johansen
b60db493ac Add ClientID to cookie names 
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-29 10:20:11 +02:00
Trong Huu Nguyen
28b750517b wip: cookies 2021-09-29 10:00:42 +02:00
Trong Huu Nguyen
5160987978 feat: allow user-defined post_logout_redirect_uri 2021-09-10 14:46:28 +02:00
Trong Huu Nguyen
acc32fe893 fix: log actual errors for callback route 2021-09-08 09:26:26 +02:00
Trong Huu Nguyen
c7040b0284 feat: add feature toggle for authorization locale; allow user-supplied parameter 2021-09-08 09:17:08 +02:00
Trong Huu Nguyen
55002e3cfe refactor: separate parsing and validation of id_token 2021-09-07 21:30:38 +02:00
Trong Huu Nguyen
09bbc35df7 fix: ensure acr claim exists if security level is enabled 2021-09-06 11:35:55 +02:00
Trong Huu Nguyen
4237e84de3 feat: add feature toggle for security level; allow user-defined levels 2021-09-06 11:05:19 +02:00
Trong Huu Nguyen
e819cc0de1 use host-agnostic path for default zero-config ingress 2021-09-02 12:23:32 +02:00
Kim Tore Jensen
081921d0fa add http request metrics 2021-09-02 11:16:45 +02:00
Kim Tore Jensen
e0662efa66 default zero-config ingress for testing 2021-08-30 11:50:15 +02:00
Kim Tore Jensen
1aa134ecf0 redirect after successful oauth2 flow - to user-defined location, or referer 2021-08-26 12:54:40 +02:00
Kim Tore Jensen
c1660ad1d0 also unset x-pwned-by when un-authenticated 2021-08-26 12:21:21 +02:00
Trong Huu Nguyen
da4f6dc6a7 use correct session ID for front-channel logout 2021-08-26 10:35:45 +02:00
Kim Tore Jensen
c76daf61f7 don't set x-pwned-by header for end-users; only upstream 2021-08-25 17:29:09 +02:00
Kim Tore Jensen
679566977e forward host header correctly 2021-08-25 17:28:46 +02:00
Kent Daleng
8ee87a8a84 get ingresses from naiserator to build router correctly 
Co-Authored-By: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-Authored-By: Kim Tore Jensen <kim.tore.jensen@nav.no>
 2021-08-25 13:15:26 +02:00
Trong Huu Nguyen
5da34f0139 fix: include id_token_hint on self-initiated logout 
This is required when including the post_logout_redirect_uri
parameter.
 2021-08-25 11:55:36 +02:00
Trong Huu Nguyen
e83542b046 fix: prefix local session keys to prevent collisions 
`sid` is a key that refers to the user's unique SSO session at the
Identity Provider, and the same key is present in all tokens
acquired by any Relying Party (such as Wonderwall) during that session.
Thus, we cannot assume that the value of `sid` to uniquely identify the
pair of (user, application session) if using a shared session store.
 2021-08-25 11:26:24 +02:00
Trong Huu Nguyen
cb514c2294 refactor: make SessionMaxLifetime configurable 2021-08-25 10:55:53 +02:00
Trong Huu Nguyen
6e45fa804c refactor: use keygen from liberator 2021-08-25 10:15:45 +02:00
Trong Huu Nguyen
700b6732d7 fix: add acceptable skew for id_token validation 2021-08-25 09:31:21 +02:00
Trong Huu Nguyen
f63bade2b9 chore: remove obsolete fixme, redundant type conversion 2021-08-25 09:29:01 +02:00
Trong Huu Nguyen
de619c6e89 refactor: add constructor for routing handler to deduplicate config 2021-08-25 09:21:40 +02:00
Trong Huu Nguyen
03a14eb2bd refactor: clean up id_token validation 2021-08-25 08:22:34 +02:00
Kim Tore Jensen
f414470910 support entering encryption key as environment variable 2021-08-24 15:46:55 +02:00
Kim Tore Jensen
097f4fd5b2 make redis support configurable 2021-08-24 13:07:57 +02:00
Kim Tore Jensen
55f26fb54c incorporate new session storage code 2021-08-24 12:58:16 +02:00
Kim Tore Jensen
15a7c14324 redis and in-memory session store 2021-08-24 12:49:23 +02:00
Trong Huu Nguyen
2becde51b9 add front-channel logout test 
Co-Authored-By: Kim Tore Jensen <kim.tore.jensen@nav.no>
 2021-08-24 10:52:00 +02:00
Trong Huu Nguyen
b7dbb000aa test self-initiated logout 
Co-Authored-By: Kim Tore Jensen <kim.tore.jensen@nav.no>
 2021-08-24 10:31:49 +02:00
Kent Daleng
1f58b5ae15 write callback test 
Co-Authored-By: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-08-24 10:02:21 +02:00
Trong Huu Nguyen
cf8b4d56cc fix: set path for cookies 2021-08-24 08:49:57 +02:00
Trong Huu Nguyen
43cb01ad00 wip: idporten mock server 2021-08-24 07:44:05 +02:00
Kim Tore Jensen
9354ee7629 wip: mock authorization server 2021-08-23 15:12:47 +02:00
Kim Tore Jensen
764adc3d77 wip: tests for authorize 2021-08-23 14:39:48 +02:00
Kim Tore Jensen
6c23aaa243 test for login url handler 2021-08-23 14:03:35 +02:00
Kim Tore Jensen
b4b9fd1a2a implement front-channel logout 2021-08-23 13:44:26 +02:00
Kim Tore Jensen
612fcaed78 deduplication; store sessions with name 2021-08-23 13:29:15 +02:00
Kent Daleng
d2a3db75c2 refactor cookie handling 2021-08-23 13:11:50 +02:00
Kim Tore Jensen
1d36b8e6a3 code restructuring 2021-08-23 11:17:30 +02:00
Kim Tore Jensen
42d6d93ee3 lock concurrent session writes 2021-08-23 11:10:59 +02:00
Kim Tore Jensen
2d7adb55b5 remove unused session id 2021-08-23 11:01:30 +02:00
Kim Tore Jensen
0677c29c5b fix merge imports 2021-08-23 11:00:13 +02:00
Kim Tore Jensen
a7975d707c fixes after discussion with TT and TH 2021-08-23 10:58:46 +02:00
Trong Huu Nguyen
eb7f18b46d wip: replace generated session value with provided value 2021-08-23 10:56:31 +02:00
Trong Huu Nguyen
7ab8967b91 test: remove debug logging 
Co-Authored-By: Kent Daleng <kent.daleng@nav.no>
 2021-08-23 10:27:45 +02:00
Trong Huu Nguyen
1fcc97819b feat: implement self-initiated logout 
Co-authored-by: Kent Daleng <kent.daleng@nav.no>
 2021-08-23 10:26:47 +02:00
Trong Huu Nguyen
f36848babe feat: validate id_token in auth code flow 
Co-authored-by: Kent Daleng <kent.daleng@nav.no>
 2021-08-23 09:59:15 +02:00