github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-07 17:06:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
376 Commits 2 Branches 0 Tags
80738f2a4bd784ae3a623ff401b39112e6c5643d
Commit Graph

59 Commits

Author SHA1 Message Date
Trong Huu Nguyen
80738f2a4b fix(handler/url): use base64 encoding for redirects to preserve query parameters 
Load balancers or reverse proxies may rewrite or modify the Location
header and unescape its value, which would result in redirects not
preserving the original set of query parameters. This was especially
evident for autologins where we need to redirect to `/oauth2/login` with
the `redirect` parameter containing the original requested URL so that
the end-user ultimately ends up at the latter URL.

We avoid this issue by base64-encoding the original URL, before passing
it along as the intended redirect for the login route.
To preserve existing behaviour, we use a separate query parameter
for the `/oauth2/login`-endpoint that accepts and handles base64-encoded
values.
 2022-09-19 11:51:30 +02:00
Trong Huu Nguyen
97d2a88bb1 fix(handler/url): ensure that parameters for original url aren't dropped 2022-09-19 08:41:25 +02:00
Trong Huu Nguyen
ed56aac3d0 style: follow conventions for error variable names 2022-09-19 08:41:23 +02:00
Trong Huu Nguyen
62f0359438 fix(handler/autologin): ensure path has prefix 2022-09-19 08:41:17 +02:00
Trong Huu Nguyen
b4eecfc663 fix(handler/autologin): only trigger for GET requests 2022-09-12 12:33:42 +02:00
Trong Huu Nguyen
43c39c89ad refactor(handler/reverseproxy): skip logging for client context cancellation 2022-09-12 12:32:37 +02:00
Trong Huu Nguyen
fcc6a7472c fix(handler/autologin): return http 303 for autologin redirects 2022-09-09 14:38:46 +02:00
Trong Huu Nguyen
a4ceaeaacc feat(handler/autologin): add favicon.ico and robots.txt to default ignorelist 2022-09-09 13:09:36 +02:00
Trong Huu Nguyen
69ebd9270f refactor(handler/reverseproxy): improve log messages 2022-09-09 10:18:39 +02:00
Trong Huu Nguyen
84d521e968 feat(reverseproxy): configure errorlog to use logrus implementation 2022-09-06 15:34:32 +02:00
Trong Huu Nguyen
00b39276df debug(handler/reverseproxy): log proxy errors 2022-09-06 08:46:41 +02:00
Trong Huu Nguyen
b22c130e60 fix(session/handler): invalidate session state if refresh attempt is a client error 
A client error response for the refresh grant is assumed to be an
irrecoverable error; e.g. the refresh token is invalid, the
authorization is invalid, user is logged out, etc. In such cases we will
consider the session state to be invalid, and a new authorization grant
should be performed.
 2022-09-04 17:15:40 +02:00
Trong Huu Nguyen
989aa1e998 refactor(middleware/logentry): add fields to default logger 2022-09-03 20:05:28 +02:00
Trong Huu Nguyen
08eefbf1d5 refactor(openid): clean up client and provider 2022-09-02 18:08:36 +02:00
Trong Huu Nguyen
92ee6313c5 refactor: remove unnecessary interfaces 2022-09-02 17:39:27 +02:00
Trong Huu Nguyen
c8f48335d4 refactor(openid/config): extract getter for ingresses 2022-09-02 15:17:36 +02:00
Trong Huu Nguyen
9144056e28 refactor(handler): split up request handlers into separate modules 2022-09-02 14:53:11 +02:00
Trong Huu Nguyen
5d00d132dd refactor: decouple handler implementation from router and middleware 2022-09-01 19:39:47 +02:00
Trong Huu Nguyen
d9cc60c4cc refactor: move autologin to handler pkg 2022-09-01 19:35:58 +02:00
Trong Huu Nguyen
619ae52d45 refactor: separate refresh-specific fields from session info; enable endpoint without refresh feature 2022-09-01 19:35:48 +02:00
Trong Huu Nguyen
cdd07838f4 refactor(session/data): separate into object groups 2022-08-29 08:35:03 +02:00
Trong Huu Nguyen
5ec969981d fix(session/handler): ensure access token is not expired before proxying 2022-08-26 17:58:39 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
dc0741f79f refactor(middleware): extract handlers for consistency 2022-08-26 08:34:07 +02:00
Trong Huu Nguyen
c29501d964 refactor(handler): add utility method for path-aware cookie options 2022-08-19 12:09:21 +02:00
Trong Huu Nguyen
5990e4bb71 refactor(session): extract session handler 2022-08-19 11:44:13 +02:00
Trong Huu Nguyen
c15e00469b refactor: clean up session error handling 2022-08-18 21:35:15 +02:00
Trong Huu Nguyen
ae8028cc96 refactor: remove cookie session fallback store 
The implementation is error-prone and difficult to maintain.
We instead just assume that the backing session store is highly
available.
 2022-08-17 20:44:07 +02:00
Trong Huu Nguyen
5a50ba7c3a feat: support multiple ingresses 
Replace hardcoded callback URLs with dynamic generation
of URLs based on incoming requests. These are validated against
a pre-registered list of ingresses for which Wonderwall is considered
authorative for.

We also preserve the cookie behaviour; the most specific ingress path
and domain is used for the cookies.

The `url` package has been moved to the `handler` package, and its
implementation refactored slightly for readability and DRY.
 2022-08-17 20:43:56 +02:00
Trong Huu Nguyen
41a10d8fe7 refactor: replace deprecated ioutil method and magic string 2022-08-17 11:39:43 +02:00
Trong Huu Nguyen
a9e9644764 refactor: move context utils to middleware 2022-08-17 11:39:40 +02:00
Trong Huu Nguyen
e460a5eab2 fix(handler/reverseproxy): do not overwrite host header 2022-08-17 11:39:17 +02:00
Trong Huu Nguyen
cbc49de826 refactor(handler/default): clean up access token getter 2022-08-11 09:31:27 +02:00
Trong Huu Nguyen
13fd194318 refactor(handler/default): extract reverseproxy to avoid unnecessary instantiation 2022-08-11 09:31:10 +02:00
Trong Huu Nguyen
4646c36b74 refactor(autologin): skip -> ignore 2022-07-21 12:50:55 +02:00
Trong Huu Nguyen
d79f31c18d refactor(autologin): use glob-style matching instead of regex 
Regexes are powerful, but completely overkill and error-prone for this
use-case. So instead, we'll use path.Match with its simpler glob-style
patterns.
 2022-07-21 12:01:30 +02:00
Trong Huu Nguyen
31ab8ad3b7 refactor(handler/default): redirect auto-login requests instead of inlining login handler 2022-07-21 08:21:28 +02:00
Trong Huu Nguyen
27ea0793ba refactor(handler): reduce logging severity for spammy statements 2022-07-21 07:49:58 +02:00
Trong Huu Nguyen
595d902dcd fix(handler/default): only assert loginstatus if we already have an active session 2022-07-20 15:56:23 +02:00
Trong Huu Nguyen
b4e6e97448 refactor(metrics): use const label for hpa, ensure provider label is set 2022-07-20 14:50:13 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
09ab8b9e3b refactor(handler): minor cleanups 2022-07-19 20:11:52 +02:00
Trong Huu Nguyen
3e62683cad refactor: use pointer receivers when possible 2022-07-19 19:24:28 +02:00
Trong Huu Nguyen
cbb6be135a feat(metrics): add metrics for successful logins and logouts 2022-07-19 09:25:43 +02:00
Trong Huu Nguyen
0d0f75d21e style(handler/callback): accidentally a letter 2022-07-19 08:39:03 +02:00
Trong Huu Nguyen
b674a0ffa7 refactor(session): wrap own error type instead of using store-specific errors 2022-07-19 08:39:02 +02:00
Trong Huu Nguyen
4ab07e9dc2 refactor: clean up logging 2022-07-19 08:39:02 +02:00
Trong Huu Nguyen
a639ff2903 refactor(retry): extract retry package, add retry for session operations 2022-07-19 08:39:00 +02:00
Trong Huu Nguyen
81fa96ccb8 refactor(handler/default): minor cleanups for loginstatus 2022-07-19 08:38:52 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00