wonderwall

mirror of https://github.com/nais/wonderwall.git synced 2026-05-07 08:57:07 +00:00

Author	SHA1	Message	Date
Trong Huu Nguyen	27897dad63	refactor(handler/standalone): use new sessionmanager, remove unneeded methods	2023-02-21 14:16:51 +01:00
Trong Huu Nguyen	3274cc5c65	refactor: move redirect package into url, clean up naming	2023-02-16 09:24:39 +01:00
Trong Huu Nguyen	c8f148d892	refactor(handler/error): remove custom redirect Reduce the risk of exposing oauth query parameters in "dirty dancing" attacks.	2023-02-10 14:58:14 +01:00
Trong Huu Nguyen	42dcba8367	refactor: replace relative canonical redirect with handler This also ensure that we clean any urls that may stem from user input (e.g. url parameter or login cookie) before performing redirects.	2023-02-10 14:58:14 +01:00
Trong Huu Nguyen	5f74ee08bc	refactor(url): extract utility functions	2023-02-10 14:58:12 +01:00
Trong Huu Nguyen	d13525f8a2	fix(handler/error): correct retry url for local logout	2023-02-10 14:58:12 +01:00
Trong Huu Nguyen	0e73c9b4d8	refactor(mock): configure relying party ingress before server start	2023-02-10 14:58:11 +01:00
Trong Huu Nguyen	1fdbe75c9e	feat(sso/proxy): implement login handler	2023-02-10 14:58:11 +01:00
Trong Huu Nguyen	2f6a3682d9	fix(all): use url.ParseRequestURI instead of just url.Parse where necessary	2023-02-10 14:57:55 +01:00
Trong Huu Nguyen	f4bba075a6	refactor(handler/error): reduce log severity for context canceled errors	2023-02-10 14:57:55 +01:00
Trong Huu Nguyen	ce177fb4a5	refactor(handler/url): remove unneeded redirect parameter encoding	2023-02-10 14:57:52 +01:00
Trong Huu Nguyen	002e4ac8ea	feat(handler/error): automatically retry errors before displaying error page	2022-10-11 10:55:14 +02:00
Trong Huu Nguyen	b651db40e4	refactor(handler/url): remove support for Referer header The header isn't guaranteed to be set or sent with requests, and all of our users prefer the `redirect` query parameter anyways.	2022-09-22 13:59:37 +02:00
Trong Huu Nguyen	843bf5dfcd	refactor(handler/error): rename config variable to match intention	2022-09-21 09:39:57 +02:00
Trong Huu Nguyen	80738f2a4b	fix(handler/url): use base64 encoding for redirects to preserve query parameters Load balancers or reverse proxies may rewrite or modify the Location header and unescape its value, which would result in redirects not preserving the original set of query parameters. This was especially evident for autologins where we need to redirect to `/oauth2/login` with the `redirect` parameter containing the original requested URL so that the end-user ultimately ends up at the latter URL. We avoid this issue by base64-encoding the original URL, before passing it along as the intended redirect for the login route. To preserve existing behaviour, we use a separate query parameter for the `/oauth2/login`-endpoint that accepts and handles base64-encoded values.	2022-09-19 11:51:30 +02:00
Trong Huu Nguyen	97d2a88bb1	fix(handler/url): ensure that parameters for original url aren't dropped	2022-09-19 08:41:25 +02:00
Trong Huu Nguyen	92ee6313c5	refactor: remove unnecessary interfaces	2022-09-02 17:39:27 +02:00
Trong Huu Nguyen	9144056e28	refactor(handler): split up request handlers into separate modules	2022-09-02 14:53:11 +02:00

18 Commits