github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 09:27:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
117 Commits 2 Branches 0 Tags
b8a62826ad7bc66b09c3f0ff718faf856492f481
Commit Graph

117 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Trong Huu Nguyen
b8a62826ad fix: remove debug error 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-06 14:54:30 +02:00
sindrerh2
1f939d603d feat: add configurable redirect to custom error page 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-10-06 14:49:04 +02:00
Trong Huu Nguyen
7979bb09fb refactor: move request related utilities to own pkg 2021-10-06 12:39:08 +02:00
sindrerh2
fb4adc9cc5 feat: add templated error page 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-10-05 14:09:09 +02:00
Trong Huu Nguyen
9616587854 chore: go mod tidy 2021-10-05 12:10:47 +02:00
Trong Huu Nguyen
77d0438411 feat: use latest go-chi v5, add middlewares for panic recovery and logging 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-05 11:45:42 +02:00
Trong Huu Nguyen
70516c3efb refactor: more cleanups; split up route handlers 2021-10-04 19:10:19 +02:00
Trong Huu Nguyen
569855cef2 refactor: minor cleanups for middleware 2021-10-04 18:45:40 +02:00
Trong Huu Nguyen
788ef1278a refactor: add correlation ID for error response logs 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 14:36:54 +02:00
Trong Huu Nguyen
ce8d8c6460 refactor: clean up error handling 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 14:07:15 +02:00
Trong Huu Nguyen
5e113f4284 refactor: use common cookie name across all instances 
This will attempt to mitigate cases where many instances
of Wonderwall on the same domain set cookies which will
exceed the header size for Cookies.

Generally, this should result in decryption failures when
transitioning from one app to another, which should omit the
Authorization header and have a new session triggered by the
downstream application.

Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 13:17:12 +02:00
Trong Huu Nguyen
f73b4605a1 refactor: use encrypted cookie as session fallback 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 13:17:04 +02:00
Trong Huu Nguyen
80c7abd70a refactor: update jwx; now infers alg from keys where missing 2021-10-01 12:22:49 +02:00
Morten Lied Johansen
43dd8d7926 More, correct, metrics 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-01 10:28:44 +02:00
Morten Lied Johansen
c70c7d7267 Increase login cookie lifetime 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-01 09:46:54 +02:00
Trong Huu Nguyen
03eec9d2b8 refactor: robustify logout routes 
Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-01 09:35:28 +02:00
Trong Huu Nguyen
cc8ba980ca refactor: deduplicate crypto operations for sessions 2021-09-30 18:27:53 +02:00
Trong Huu Nguyen
8f9cb671c6 fix: set jwt ID for client assertion to prevent token replay 2021-09-30 15:38:23 +02:00
Trong Huu Nguyen
2ec1b7ace9 feat: encrypt session data 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-30 13:47:29 +02:00
Trong Huu Nguyen
cf7ca9c5b8 refactor: separate login param generation 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-30 12:13:38 +02:00
Trong Huu Nguyen
dbc0a47a46 refactor: ensure session lifetime does not exceed access token lifetime 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-30 12:08:23 +02:00
Trong Huu Nguyen
b2e89f32fa refactor: ensure cookies are properly disposed of 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-30 10:05:49 +02:00
Morten Lied Johansen
ae2ca7ae9a Add versions in use panel to dashboard 2021-09-29 22:02:28 +02:00
Morten Lied Johansen
aad2a49591 Register the metrics we collect 2021-09-29 22:01:00 +02:00
Morten Lied Johansen
bf7d877183 Merge pull request #3 from nais/metrics 
Metrics and dashboard
 2021-09-29 15:06:54 +02:00
Morten Lied Johansen
fb6dc12a9a Only in gcp 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
Co-authored-by: Terje Sannum <terje.sannum@nav.no>
 2021-09-29 13:56:59 +02:00
Morten Lied Johansen
535f90a099 Merge pull request #2 from nais/cookies 
Cookies
 2021-09-29 13:51:07 +02:00
Trong Huu Nguyen
25221added rename callbackparams to logincookie for clarity, ensure logincookie is deleted when no longer needed 2021-09-29 13:27:30 +02:00
Morten Lied Johansen
345691eb08 Starting on a dashboard 
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-29 11:24:31 +02:00
Morten Lied Johansen
f551386113 Add Redis latency metrics 
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-29 10:50:27 +02:00
Morten Lied Johansen
b60db493ac Add ClientID to cookie names 
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-29 10:20:11 +02:00
Trong Huu Nguyen
28b750517b wip: cookies 2021-09-29 10:00:42 +02:00
Trong Huu Nguyen
11f860d5dd docs: write an actual readme 
Co-Authored-By: Morten Lied Johansen <morten.lied.johansen@nav.no>
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-09-29 09:38:52 +02:00
Trong Huu Nguyen
bf8441bb1c build: bump go to 1.17 2021-09-29 09:22:25 +02:00
Morten Lied Johansen
7869c3368b Merge pull request #1 from nais/graceful 
Do graceful shutdown on signals
 2021-09-29 09:00:48 +02:00
Morten Lied Johansen
214b14323c Do graceful shutdown on signals 2021-09-28 21:29:33 +02:00
Trong Huu Nguyen
5160987978 feat: allow user-defined post_logout_redirect_uri 2021-09-10 14:46:28 +02:00
Kyrre Havik
9dc5b08d65 ci: byttet til SRVNAIS_REPO_PUSH_PAT 2021-09-08 14:18:54 +02:00
Trong Huu Nguyen
acc32fe893 fix: log actual errors for callback route 2021-09-08 09:26:26 +02:00
Trong Huu Nguyen
c7040b0284 feat: add feature toggle for authorization locale; allow user-supplied parameter 2021-09-08 09:17:08 +02:00
Trong Huu Nguyen
55002e3cfe refactor: separate parsing and validation of id_token 2021-09-07 21:30:38 +02:00
Trong Huu Nguyen
09bbc35df7 fix: ensure acr claim exists if security level is enabled 2021-09-06 11:35:55 +02:00
Trong Huu Nguyen
4237e84de3 feat: add feature toggle for security level; allow user-defined levels 2021-09-06 11:05:19 +02:00
Trong Huu Nguyen
e819cc0de1 use host-agnostic path for default zero-config ingress 2021-09-02 12:23:32 +02:00
Kim Tore Jensen
081921d0fa add http request metrics 2021-09-02 11:16:45 +02:00
Kim Tore Jensen
e0662efa66 default zero-config ingress for testing 2021-08-30 11:50:15 +02:00
Kim Tore Jensen
1aa134ecf0 redirect after successful oauth2 flow - to user-defined location, or referer 2021-08-26 12:54:40 +02:00
Kim Tore Jensen
c1660ad1d0 also unset x-pwned-by when un-authenticated 2021-08-26 12:21:21 +02:00
Trong Huu Nguyen
da4f6dc6a7 use correct session ID for front-channel logout 2021-08-26 10:35:45 +02:00
Trong Huu Nguyen
723f25326c ping redis on startup; fail on error 2021-08-26 08:33:33 +02:00