github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 17:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
185 Commits 2 Branches 0 Tags
413b8dfc19d9a03f0458fdcf8aa9593a2d1ff63e
Commit Graph

152 Commits

Author SHA1 Message Date
ybelMekk
413b8dfc19 fix: revert frontChannelLogout impl. 2022-01-25 11:36:41 +01:00
ybelMekk
768aa7af49 fix: test to only check for generated session_state, remove frontChannel from CheckIframe test. 2022-01-25 11:35:56 +01:00
ybelMekk
8df169e6e0 debug: remove print statm. 2022-01-24 23:13:10 +01:00
ybelMekk
f996c4a6fe fix: remove omitempty from check_session_iframe, more robust checking of empty values in checkIframe configuration function. Fix bug in extractExternalSessionID in frontChannelLogout, return first match. 2022-01-24 23:12:07 +01:00
ybelMekk
74c1592d0a remove: unused function 2022-01-24 22:57:43 +01:00
ybelMekk
bc5f5138e4 add: handle trigger of logout for third-party and session_state 2022-01-24 22:44:45 +01:00
ybelMekk
a23595b9b4 add: handle trigger of logout for third-party and session_state 2022-01-23 23:14:25 +01:00
ybelMekk
e4c47f59e8 fix: create function for externalSessionId add random string generator. fix tests to reflect provider with checkSessionIframe Session management. 2022-01-23 21:37:36 +01:00
ybelMekk
65a0b5de52 fix: create function for externalSessionId add random string generator. 2022-01-23 14:31:01 +01:00
ybelMekk
7f6d323dde add: session management check to get session_state from OP response, generate a externalSessionID if none supported. 2022-01-22 16:23:16 +01:00
ybelMekk
f5e5d842e6 wip: sid claim only required if frontchannel_logout_session_supported && frontchannel_logout_supported. 2022-01-22 15:03:54 +01:00
Trong Huu Nguyen
6411f168e2 refactor(handler/login): move user agent debug statement to field 2022-01-10 11:12:54 +01:00
Trong Huu Nguyen
7432f86b64 refactor(cookie): set expires to epoch zero time on deletion 2022-01-07 15:29:49 +01:00
Trong Huu Nguyen
879319cd2a fix(router/login): alleviate SameSite issues for login cookie 
A login cookie is set as part of the redirection flow between the RP
and OP, and thus inherently involves cross-site requests. Our client
uses the response_mode=query parameter for authorization requests, which
should work with the SameSite attribute set to Lax. However, there are
certain versions of user agents on certain operating systems (e.g.
Safari 12.2 on iOS<12.2, MacOS<10.14.4, Android WebView<72) that do not
properly handle cookies with the SameSite attribute set.

This commit attempts to alleviate this issue for legacy browsers by
introducing a fallback cookie without the SameSite attribute set.

Additionally, we also set the SameSite value for the original login
cookie to None to ensure that the cookie persists through the
cross-origin redirection requests.
 2022-01-07 14:16:46 +01:00
Trong Huu Nguyen
a4461ad294 fix(router/frontchannellogout): do not write response headers before clearing cookies 2022-01-07 14:16:40 +01:00
Trong Huu Nguyen
05e2509fac refactor: separate cookie operations to own package 2022-01-07 11:03:22 +01:00
Trong Huu Nguyen
2d4ced719f feat: remove custom header for id_token 
This isn't really needed, and might cause headaches if headers are
proxied further downstream and logged by components that do not
properly mask or redact its contents.
 2022-01-06 09:58:17 +01:00
Trong Huu Nguyen
c311f46219 revert: "fix: ensure deletion of cookies have SameSite set to None" 
This reverts commit 826f16f4df.

This doesn't actually work unless the original cookie set has the same
value for SameSite.
 2021-12-14 15:10:45 +01:00
Trong Huu Nguyen
826f16f4df fix: ensure deletion of cookies have SameSite set to None 2021-12-14 12:46:12 +01:00
Trong Huu Nguyen
4446d4c5b8 fix: ensure that frontchannel logout unconditionally returns OK 2021-12-14 12:45:28 +01:00
Trong Huu Nguyen
8b7e76d6c4 refactor(router/handler): reduce log severity for certain error handler responses 2021-12-06 09:46:19 +01:00
Trong Huu Nguyen
8127d944f3 feat(middleware/logentry): log user agent and cookie names on errors 2021-12-06 09:44:09 +01:00
Trong Huu Nguyen
a87fd1834e fix: increase lifetime for login cookie 2021-11-19 07:55:29 +01:00
Trong Huu Nguyen
a6a11656f9 refactor: rename openid base config for clarity 2021-11-01 11:05:32 +01:00
Trong Huu Nguyen
c70037bd4c refactor: clean up main 2021-11-01 11:04:54 +01:00
Trong Huu Nguyen
40f8177a5f refactor: add provider label to http metrics 2021-11-01 10:57:00 +01:00
Trong Huu Nguyen
e3439e27ab test: use miniredis for testing redis session store 2021-11-01 10:56:59 +01:00
Trong Huu Nguyen
b85ea7136e refactor: only delete fallback session cookies if set 2021-11-01 10:56:49 +01:00
Trong Huu Nguyen
325caeac34 nit: drop import alias 2021-10-20 09:18:50 +02:00
Trong Huu Nguyen
693b1b3bbe test: add missing test for client assertion 2021-10-20 09:05:06 +02:00
Trong Huu Nguyen
3a35584a21 refactor: restructure and group related packages into subpackages 2021-10-20 09:03:14 +02:00
Trong Huu Nguyen
008e486e72 feat: print openid provider and client configuration on startup 2021-10-18 20:29:43 +02:00
Trong Huu Nguyen
204f77581d refactor: move redirect URI creation to openid pkg 2021-10-18 19:33:21 +02:00
Trong Huu Nguyen
62e9e91c73 fix: correct join of paths for redirect URI 2021-10-18 14:22:41 +02:00
Trong Huu Nguyen
1b4ce5cab7 Revert "Revert "refactor: infer redirect URI from configured ingress"" 
This reverts commit 8cf9d22324.
 2021-10-18 14:12:41 +02:00
Trong Huu Nguyen
8cf9d22324 Revert "refactor: infer redirect URI from configured ingress" 
This reverts commit 5f0b0df7cf.
 2021-10-18 14:06:10 +02:00
Trong Huu Nguyen
6f2520078e feat: add id_token to downstream header 
Co-Authored-By: Kim Tore Jensen <kim.tore.jensen@nav.no>
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-18 12:42:34 +02:00
Trong Huu Nguyen
5f0b0df7cf refactor: infer redirect URI from configured ingress 2021-10-18 11:26:55 +02:00
Trong Huu Nguyen
be585f9902 refactor: simplify config for acr_values and ui_locales; validate on startup 2021-10-17 20:24:34 +02:00
Trong Huu Nguyen
5d2f8c3e84 refactor: cleanups for error template; embed and load on startup 2021-10-17 20:24:06 +02:00
Trong Huu Nguyen
c1482d09e1 refactor: generalize config to allow more providers; add azure 2021-10-16 12:44:59 +02:00
Trong Huu Nguyen
e8e1fc7632 refactor: clean up tests and mock setup 2021-10-16 10:50:22 +02:00
Trong Huu Nguyen
c702f8ff6c refactor: introduce generic provider for openid configs 2021-10-16 10:42:49 +02:00
Trong Huu Nguyen
2f0243b69a refactor: move openid related structs to own pkg 2021-10-16 10:39:00 +02:00
Trong Huu Nguyen
e7d5a6073c refactor: add jwks pkg for generating jwk sets 2021-10-16 10:28:49 +02:00
Trong Huu Nguyen
9b15da6251 refactor: move scopes to own pkg 2021-10-16 10:27:17 +02:00
Trong Huu Nguyen
8711f6e0d3 style: clean up imports 2021-10-16 10:25:47 +02:00
Trong Huu Nguyen
5ce7d979c7 refactor: use httputil.ReverseProxy for default route 2021-10-15 08:42:42 +02:00
Trong Huu Nguyen
8724e37e0d refactor: minor cleanups for callback handler 2021-10-14 20:34:26 +02:00
Trong Huu Nguyen
d766e247a9 refactor: safer implementation for getting sid claim from id_token 2021-10-14 20:34:24 +02:00