github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-10 02:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
474 Commits 2 Branches 0 Tags
b248dd8875f61116b5b04eb5bbbcbd3268da1713
Commit Graph

384 Commits

Author SHA1 Message Date
Trong Huu Nguyen
3e93423464 refactor(sso/server): redirect requests for wildcard routes to default URL 2023-02-22 10:19:26 +01:00
Trong Huu Nguyen
9ecfdb73ef fix(handler): time-to-refresh in session metadata is disabled for sso 2023-02-22 10:11:39 +01:00
Trong Huu Nguyen
afc8fd6962 style: formatting 2023-02-21 15:37:48 +01:00
Trong Huu Nguyen
2796e1c9bc refactor(session): remove duplicate method, token expiry must be shorter than inactivity timeout 2023-02-21 15:34:50 +01:00
Trong Huu Nguyen
9074547163 docs: clarifications for refresh behaviour 2023-02-21 15:32:43 +01:00
Trong Huu Nguyen
ec572db957 refactor(session): remove internal method from Reader interface 2023-02-21 15:12:45 +01:00
Trong Huu Nguyen
925a1c70e7 fix(config): require redis when sso is enabled 2023-02-21 14:54:29 +01:00
Trong Huu Nguyen
492e0b5625 feat(sso/proxy): implement upstream reverseproxy with prerequisites 2023-02-21 14:50:51 +01:00
Trong Huu Nguyen
94a66fac2a refactor(handler): extract path matcher for reuse 2023-02-21 14:45:14 +01:00
Trong Huu Nguyen
59a2e7b7a0 refactor(session): simplify AccessToken method, don't export methods that are only used within package 2023-02-21 14:40:27 +01:00
Trong Huu Nguyen
27897dad63 refactor(handler/standalone): use new sessionmanager, remove unneeded methods 2023-02-21 14:16:51 +01:00
Trong Huu Nguyen
5b33313ccb feat(session): add GetOrRefresh method 2023-02-21 14:12:56 +01:00
Trong Huu Nguyen
7a52b0d1a3 refactor(handler/reverseproxy): require GetAccessToken from source instead of obsolete session handler 2023-02-21 13:31:06 +01:00
Trong Huu Nguyen
f4ae907a2b refactor(handler/reverseproxy): clean up error handling 2023-02-21 13:30:29 +01:00
Trong Huu Nguyen
820fb733e6 refactor(session): separate handler into manager and reader, use session struct to avoid polluting exported methods 2023-02-21 13:25:07 +01:00
Trong Huu Nguyen
49a90f3dbf refactor(session/ticket): rename method for clarity, add doc comments, clean up error handling 2023-02-21 12:28:21 +01:00
Trong Huu Nguyen
db391a9e44 refactor(session/store): consolidate session errors and use multi-error wrapping 2023-02-21 10:06:44 +01:00
Trong Huu Nguyen
17f39f8c5f feat(session/data): add more validation methods 2023-02-21 09:59:38 +01:00
Trong Huu Nguyen
94d4b1a524 refactor(session): extract external ID function to separate file 2023-02-20 12:40:23 +01:00
Trong Huu Nguyen
c6d3d11072 refactor(url): rename named import 2023-02-20 12:39:05 +01:00
Trong Huu Nguyen
fb28da7241 refactor: consolidate handlers 2023-02-16 10:55:50 +01:00
Trong Huu Nguyen
3274cc5c65 refactor: move redirect package into url, clean up naming 2023-02-16 09:24:39 +01:00
Trong Huu Nguyen
2c5d964983 refactor(handler/reverseproxy): reduce log severity for cookie decrypt failures 2023-02-15 08:43:25 +01:00
Trong Huu Nguyen
411201b3de refactor(redirect): clean up logging 2023-02-14 21:50:33 +01:00
Trong Huu Nguyen
0537c8172f feat(session): use tickets for per-session data encryption 
Replace the usage of a single application-wide session crypter
with per-session crypters.

The application is no longer able to decrypt any session
encrypted with its symmetric key alone. Instead, a session ticket
with its associated data encryption key (DEK) is also required in order
to decrypt the associated session data. The ticket itself is
encrypted with the application's crypter; the latter of which is
effectively a key-encryption key (KEK).

Fixes #49.
 2023-02-14 21:50:19 +01:00
Trong Huu Nguyen
d17feacc34 refactor(handler/autologin): use sync.Map for cache 2023-02-14 14:20:46 +01:00
Trong Huu Nguyen
5a56c24bcc refactor(crypto): replace aes-256-gcm with xchacha20-poly1305 2023-02-13 21:48:23 +01:00
Trong Huu Nguyen
ce2698f2bb refactor(cookie): use rawurlencoding for base64 2023-02-13 20:15:12 +01:00
Trong Huu Nguyen
1b2234f875 refactor(session/data): skip unnecessary base64 (un)marshalling 2023-02-13 20:14:38 +01:00
Trong Huu Nguyen
66dec32de0 feat(sso/proxy): implement handlers for session routes 2023-02-10 14:58:19 +01:00
Trong Huu Nguyen
ea0756784d refactor(handler/reverseproxy): use ReverseProxy.Rewrite instead of Director 2023-02-10 14:58:17 +01:00
Trong Huu Nguyen
473e4a95a7 refactor: remove loginstatus 
Loginstatus is no longer needed with the SSO setup.
Fixes #50.
 2023-02-10 14:58:17 +01:00
Trong Huu Nguyen
99e3e7d699 refactor(mock/openid): use redis as session store for integration tests 2023-02-10 14:58:16 +01:00
Trong Huu Nguyen
c81297c401 build(deps): various bumps, use go-redis v9 2023-02-10 14:58:15 +01:00
Trong Huu Nguyen
c8f148d892 refactor(handler/error): remove custom redirect 
Reduce the risk of exposing oauth query parameters in "dirty dancing" attacks.
 2023-02-10 14:58:14 +01:00
Trong Huu Nguyen
42dcba8367 refactor: replace relative canonical redirect with handler 
This also ensure that we clean any urls that may stem from user input (e.g.
url parameter or login cookie) before performing redirects.
 2023-02-10 14:58:14 +01:00
Trong Huu Nguyen
54a43d832a feat(redirect): extract package for creating and validating canonical redirects 2023-02-10 14:58:13 +01:00
Trong Huu Nguyen
1f60d750f2 fix(mock): correct middleware for request generator 2023-02-10 14:58:13 +01:00
Trong Huu Nguyen
5f74ee08bc refactor(url): extract utility functions 2023-02-10 14:58:12 +01:00
Trong Huu Nguyen
d13525f8a2 fix(handler/error): correct retry url for local logout 2023-02-10 14:58:12 +01:00
Trong Huu Nguyen
0e73c9b4d8 refactor(mock): configure relying party ingress before server start 2023-02-10 14:58:11 +01:00
Trong Huu Nguyen
1fdbe75c9e feat(sso/proxy): implement login handler 2023-02-10 14:58:11 +01:00
Trong Huu Nguyen
c3c0c01926 feat(sso): partially implement handlers 2023-02-10 14:58:09 +01:00
Trong Huu Nguyen
a4e4fc752e refactor(handler): remove provider name getter from handler 2023-02-10 14:57:57 +01:00
Trong Huu Nguyen
3d08d0b4b0 feat: initial skeleton setup for SSO mode 2023-02-10 14:57:56 +01:00
Trong Huu Nguyen
bd748b9cef refactor(openid/provider): use name from config instead of indirection layer 2023-02-10 14:57:56 +01:00
Trong Huu Nguyen
2f6a3682d9 fix(all): use url.ParseRequestURI instead of just url.Parse where necessary 2023-02-10 14:57:55 +01:00
Trong Huu Nguyen
f4bba075a6 refactor(handler/error): reduce log severity for context canceled errors 2023-02-10 14:57:55 +01:00
Trong Huu Nguyen
61a7a8f161 refactor: clean up errors and reverseproxy logging 2023-02-10 14:57:53 +01:00
Trong Huu Nguyen
ce177fb4a5 refactor(handler/url): remove unneeded redirect parameter encoding 2023-02-10 14:57:52 +01:00