github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 01:47:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
423 Commits 2 Branches 0 Tags
bd748b9cef040c19399fdedb8a8739d5e626c310
Commit Graph

44 Commits

Author SHA1 Message Date
Trong Huu Nguyen
c3a5033968 test(handler): add test for authorization headers, ensure upstream validates token 2023-02-10 14:57:45 +01:00
Trong Huu Nguyen
2a80bd7765 refactor(mock/openid): use interface for handler 2022-09-02 18:43:59 +02:00
Trong Huu Nguyen
08eefbf1d5 refactor(openid): clean up client and provider 2022-09-02 18:08:36 +02:00
Trong Huu Nguyen
92ee6313c5 refactor: remove unnecessary interfaces 2022-09-02 17:39:27 +02:00
Trong Huu Nguyen
c8f48335d4 refactor(openid/config): extract getter for ingresses 2022-09-02 15:17:36 +02:00
Trong Huu Nguyen
9144056e28 refactor(handler): split up request handlers into separate modules 2022-09-02 14:53:11 +02:00
Trong Huu Nguyen
5d00d132dd refactor: decouple handler implementation from router and middleware 2022-09-01 19:39:47 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
cafebabea5 fix(openid/client): set redirect_uri param when redeeming auth code 2022-08-23 08:27:34 +02:00
Trong Huu Nguyen
5990e4bb71 refactor(session): extract session handler 2022-08-19 11:44:13 +02:00
Trong Huu Nguyen
5a50ba7c3a feat: support multiple ingresses 
Replace hardcoded callback URLs with dynamic generation
of URLs based on incoming requests. These are validated against
a pre-registered list of ingresses for which Wonderwall is considered
authorative for.

We also preserve the cookie behaviour; the most specific ingress path
and domain is used for the cookies.

The `url` package has been moved to the `handler` package, and its
implementation refactored slightly for readability and DRY.
 2022-08-17 20:43:56 +02:00
Trong Huu Nguyen
d79f31c18d refactor(autologin): use glob-style matching instead of regex 
Regexes are powerful, but completely overkill and error-prone for this
use-case. So instead, we'll use path.Match with its simpler glob-style
patterns.
 2022-07-21 12:01:30 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
3e62683cad refactor: use pointer receivers when possible 2022-07-19 19:24:28 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
284fa2a76f fix(openid/client): ensure assertion time claims are rounded down instead of up 
Hopefully fixes intermittent 'invalid_grant' errors from IdP.
 2022-07-18 09:24:26 +02:00
Trong Huu Nguyen
ef649e7aaa feat: add allowlisting of paths for autologin 2022-07-17 20:11:55 +02:00
Trong Huu Nguyen
4b2bf6e095 fix(mock/openid): ensure tokens have jti claim set 2022-07-15 09:04:55 +02:00
Trong Huu Nguyen
e3b9d33296 refactor: split out packages from router 2022-07-15 07:44:54 +02:00
Trong Huu Nguyen
fd630e6dbd test(router): extract some reusable test methods 2022-07-14 13:52:47 +02:00
Trong Huu Nguyen
6469c527a7 refactor(mock/openid): validate params in auth and token requests 2022-07-14 10:08:51 +02:00
Trong Huu Nguyen
9c29bb180b refactor(mock): ensure scope is correctly set for openid client 2022-07-14 10:04:34 +02:00
Trong Huu Nguyen
66cf08e602 refactor(openid/logout): simplify logout logic 
As we already clear any local sessions before redirecting to the
Identity Provider, and the callback always redirects to a pre-configured URL,
there isn't really any need to maintain and verify state in the logout
callback.

In other words, the logout callback handler is simply a redirect handler.
 2022-07-12 15:09:49 +02:00
Trong Huu Nguyen
c321cff4eb test(openid/client): add missing tests 2022-07-12 14:28:17 +02:00
Trong Huu Nguyen
42938ee8b3 refactor(handler): deduplicate configuration 2022-07-05 14:43:40 +02:00
Trong Huu Nguyen
a4c3e72fc9 fix(router/handler): use long-lived context for refreshing jwks 2022-07-05 13:18:38 +02:00
Trong Huu Nguyen
1f5635239a refactor: split out openid client, config and provider 
There's a bunch of changes here, but in essence:

- split out openid configuration
- separate openid configuration between client/rp and provider
- consolidate client and provider related code in separate packages

These changes allow for simplification of the Handler, as well as a
bunch of test/mock code as the configuration is now instantiated
seperately from the client/provider code.
 2022-07-05 13:09:00 +02:00
Trong Huu Nguyen
10dddd00bc refactor(router): begin extraction of openid client 2022-07-04 15:18:42 +02:00
Trong Huu Nguyen
32dd80b5da feat: add handler for logout callbacks 2022-05-10 08:52:07 +02:00
Trong Huu Nguyen
18fffcc755 deps: migrate from lestrrat-go/jwx to lestrrat-go/jwx/v2 2022-05-05 11:09:03 +02:00
Trong Huu Nguyen
f0318b269e fix: ensure jwk set is refreshed regularly 2022-03-01 07:49:51 +01:00
Trong Huu Nguyen
834c79ef1d style: go fmt 2022-01-25 15:59:57 +01:00
Trong Huu Nguyen
b40dbffa19 refactor: clean up tests 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
 2022-01-25 15:58:19 +01:00
Trong Huu Nguyen
24cae11ba2 refactor: split out session ID generation to own file, add tests 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
 2022-01-25 15:33:45 +01:00
ybelMekk
abc8bd1835 fix: clean up tests and fix name 2022-01-25 12:08:42 +01:00
ybelMekk
768aa7af49 fix: test to only check for generated session_state, remove frontChannel from CheckIframe test. 2022-01-25 11:35:56 +01:00
ybelMekk
74c1592d0a remove: unused function 2022-01-24 22:57:43 +01:00
ybelMekk
bc5f5138e4 add: handle trigger of logout for third-party and session_state 2022-01-24 22:44:45 +01:00
ybelMekk
e4c47f59e8 fix: create function for externalSessionId add random string generator. fix tests to reflect provider with checkSessionIframe Session management. 2022-01-23 21:37:36 +01:00
Trong Huu Nguyen
3a35584a21 refactor: restructure and group related packages into subpackages 2021-10-20 09:03:14 +02:00
Trong Huu Nguyen
be585f9902 refactor: simplify config for acr_values and ui_locales; validate on startup 2021-10-17 20:24:34 +02:00
Trong Huu Nguyen
e8e1fc7632 refactor: clean up tests and mock setup 2021-10-16 10:50:22 +02:00
Trong Huu Nguyen
77d0438411 feat: use latest go-chi v5, add middlewares for panic recovery and logging 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-05 11:45:42 +02:00
Trong Huu Nguyen
70516c3efb refactor: more cleanups; split up route handlers 2021-10-04 19:10:19 +02:00