github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-06 16:36:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
551 Commits 2 Branches 0 Tags
3a239a95c34760cf29a48e09545be91bc3100b80
Commit Graph

551 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Trong Huu Nguyen
3a239a95c3 feat(reverseproxy): validate acr and redirect if applicable 2023-04-29 11:54:53 +02:00
Trong Huu Nguyen
7c98fe161e refactor(handler/reverseproxy): retrieve both session and token 2023-04-29 11:17:00 +02:00
Trong Huu Nguyen
d76e9ebbb5 feat(session): store acr 2023-04-29 10:27:53 +02:00
Trong Huu Nguyen
2a0c376c4b feat(openid): validate acr in id_token if sent in auth request 2023-04-29 10:27:23 +02:00
Trong Huu Nguyen
19095ccfea feat(openid): store acr in state cookie 2023-04-29 09:09:02 +02:00
Trong Huu Nguyen
efcc276ed5 fix(handler/sso/proxy): redirect logout callbacks to logout 2023-04-29 09:00:28 +02:00
Trong Huu Nguyen
87ffee4a34 fix(handler/sso/proxy): proxy frontchannel logouts 2023-04-29 08:55:14 +02:00
Trong Huu Nguyen
ab2a8b6fec fix(handler/sso/proxy): redirect callback requests to login 2023-04-29 08:52:41 +02:00
Trong Huu Nguyen
568f9f7683 feat(handler): use 302 instead of 303 for redirects 2023-04-29 08:42:29 +02:00
Trong Huu Nguyen
b4baa96ee4 feat(router): don't handle preflight requests for login/logout routes 2023-04-29 08:30:45 +02:00
Trong Huu Nguyen
6a31a0a396 refactor(metrics): minor cleanup 2023-04-29 08:30:08 +02:00
Trong Huu Nguyen
5d75001b7b feat(metrics): attempt to reduce cardinality for redirect label 2023-04-28 11:30:40 +02:00
Trong Huu Nguyen
f8336fa74a feat(metrics): ignore empty hosts for redirect label 2023-04-28 08:02:06 +02:00
Trong Huu Nguyen
28abcb3cf8 feat(router): handle HEAD requests for some routes 2023-04-28 08:01:52 +02:00
Trong Huu Nguyen
6127417767 fix(router): handle preflight requests for sso server 2023-04-28 06:53:47 +02:00
Trong Huu Nguyen
bc651d9082 fix: use 303 instead of 307 for redirects 2023-04-28 01:30:17 +02:00
Trong Huu Nguyen
c60f9478a5 fix(metrics): strip urls for login counter 2023-04-26 09:57:29 +02:00
Trong Huu Nguyen
55d2e0ce3b feat(metrics): add redirect label for login counter 2023-04-26 09:28:00 +02:00
dependabot[bot]
af69c07234 build(deps): bump github.com/alicebob/miniredis/v2 from 2.30.1 to 2.30.2 (#96) 
Bumps [github.com/alicebob/miniredis/v2](https://github.com/alicebob/miniredis) from 2.30.1 to 2.30.2.
- [Release notes](https://github.com/alicebob/miniredis/releases)
- [Changelog](https://github.com/alicebob/miniredis/blob/master/CHANGELOG.md)
- [Commits](https://github.com/alicebob/miniredis/compare/v2.30.1...v2.30.2)

---
updated-dependencies:
- dependency-name: github.com/alicebob/miniredis/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-25 06:36:43 +00:00
dependabot[bot]
b951d381f8 build(deps): bump dependabot/fetch-metadata from 1.3.6 to 1.4.0 (#95) 
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.6 to 1.4.0.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.6...v1.4.0)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 20:12:34 +00:00
dependabot[bot]
50cb7ca696 build(deps): bump docker/metadata-action from 4.3.0 to 4.4.0 (#93) 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](507c2f2dc5...c4ee3adeed)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 20:10:17 +00:00
dependabot[bot]
f904fc0f22 build(deps): bump google-github-actions/auth from 1.0.0 to 1.1.0 (#94) 
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](ef5d53e30b...e8df18b60c)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 20:05:50 +00:00
dependabot[bot]
f08ed3863a build(deps): bump aquasecurity/trivy-action from 0.9.2 to 0.10.0 (#92) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.9.2 to 0.10.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](1f0aa582c8...e5f43133f6)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-24 19:59:32 +00:00
Trong Huu Nguyen
ad7160e04d fix(handler/sso/proxy): local logout should be reverse proxied 2023-04-21 16:43:33 +02:00
Trong Huu Nguyen
0ba41e312a feat(handler): local logout returns 204 instead of redirect 
Redirecting after local logout introduces the possibility of matching a
path that automatically performs login, which for a local logout means
the user is automatically logged in again due to having an SSO session -
which nullifies the whole logout operation.

Applications that want local logout must trigger and handle the response
just like any other API call.
 2023-04-21 16:25:26 +02:00
Trong Huu Nguyen
9f14c94849 build: move tests and checks out from dockerfile 2023-04-21 16:13:09 +02:00
Trong Huu Nguyen
fba165552d feat(router): disable local logout endpoint for idporten 2023-04-21 15:34:33 +02:00
Trong Huu Nguyen
0ba124809a feat(handler): local logout redirects back to preconfigured URL 2023-04-21 15:21:02 +02:00
Trong Huu Nguyen
c308efb3ef docs: fix notes on refresh tokens and inactivity [ci skip] 2023-04-19 13:34:53 +02:00
Trong Huu Nguyen
19b2401831 feat(metrics): add authentication method reference label for successful logins 2023-04-18 12:20:23 +02:00
Trong Huu Nguyen
47218da6d2 refactor(openid): simplify parameter handling for auth url 2023-04-18 11:16:50 +02:00
dependabot[bot]
1e6eed5f53 build(deps): bump github.com/prometheus/client_golang (#90) 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-17 20:07:08 +00:00
dependabot[bot]
bbc91d5838 build(deps): bump github.com/rs/cors from 1.8.3 to 1.9.0 (#91) 
Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.8.3 to 1.9.0.
- [Release notes](https://github.com/rs/cors/releases)
- [Commits](https://github.com/rs/cors/compare/v1.8.3...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/rs/cors
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-17 19:59:57 +00:00
J-K. Solbakken
890159c166 use verified distroless images 2023-04-13 15:09:11 +02:00
Trong Huu Nguyen
9eeb6f5e96 feat(router): root path for sso server should redireect to login 2023-04-13 14:30:21 +02:00
Trong Huu Nguyen
bab62c072b feat(handler/sso/server): return not found instead of redirect for wildcard handler 2023-04-13 14:20:38 +02:00
Trong Huu Nguyen
5ad603395c fix(handler/sso/proxy): override request path for reverseproxy to sso-server 2023-04-13 14:19:48 +02:00
Trong Huu Nguyen
9cb648917b fix(handler/sso/proxy): only set default query parameters for login handler 2023-04-13 09:20:34 +02:00
Trong Huu Nguyen
a2d8d6f7c3 fix(router): register OPTIONS routes for CORS middleware 2023-04-13 09:03:04 +02:00
Trong Huu Nguyen
163d9e42ad fix(handler/reverseproxy): preserve inbound forwarded/x-forwarded headers 2023-04-12 15:05:55 +02:00
Trong Huu Nguyen
b3eac4b118 build: go mod tidy 2023-04-11 14:45:13 +02:00
Trong Huu Nguyen
b36942c38b ci: add workflow for auto-merging dependabot PRs 2023-04-11 14:39:44 +02:00
Trong Huu Nguyen
ba6f689056 build(deps): bump 2023-04-11 14:35:04 +02:00
Trong Huu Nguyen
37557ddf2f ci: only run codeql on schedule 2023-04-11 09:59:02 +02:00
Trong Huu Nguyen
765d4e34b1 refactor(url): extract cleaner and validators to separate implementations 2023-04-11 09:58:35 +02:00
Trong Huu Nguyen
ec4ac2b8e9 fix(redis): set ConnMaxIdleTime, not ConnMaxLifetime 2023-03-29 21:43:11 +02:00
Trong Huu Nguyen
10fd7f2b6c ci: remove race detector 2023-03-29 10:03:37 +02:00
Trong Huu Nguyen
e761810630 feat(redis): allow configuration of idle connection timeout 2023-03-29 09:55:17 +02:00
Trong Huu Nguyen
ef8c7d2cca feat(sso/server): redirect to login for wildcard handler 2023-03-29 09:55:16 +02:00
Trong Huu Nguyen
323362073f ci: enable race detector and shuffle for tests 2023-03-29 09:55:16 +02:00