github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-07 00:46:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
159 Commits 2 Branches 0 Tags
c70037bd4c8a87d6c19f88d2911bbe64b189737d
Commit Graph

128 Commits

Author SHA1 Message Date
Trong Huu Nguyen
c70037bd4c refactor: clean up main 2021-11-01 11:04:54 +01:00
Trong Huu Nguyen
40f8177a5f refactor: add provider label to http metrics 2021-11-01 10:57:00 +01:00
Trong Huu Nguyen
e3439e27ab test: use miniredis for testing redis session store 2021-11-01 10:56:59 +01:00
Trong Huu Nguyen
b85ea7136e refactor: only delete fallback session cookies if set 2021-11-01 10:56:49 +01:00
Trong Huu Nguyen
325caeac34 nit: drop import alias 2021-10-20 09:18:50 +02:00
Trong Huu Nguyen
693b1b3bbe test: add missing test for client assertion 2021-10-20 09:05:06 +02:00
Trong Huu Nguyen
3a35584a21 refactor: restructure and group related packages into subpackages 2021-10-20 09:03:14 +02:00
Trong Huu Nguyen
008e486e72 feat: print openid provider and client configuration on startup 2021-10-18 20:29:43 +02:00
Trong Huu Nguyen
204f77581d refactor: move redirect URI creation to openid pkg 2021-10-18 19:33:21 +02:00
Trong Huu Nguyen
62e9e91c73 fix: correct join of paths for redirect URI 2021-10-18 14:22:41 +02:00
Trong Huu Nguyen
1b4ce5cab7 Revert "Revert "refactor: infer redirect URI from configured ingress"" 
This reverts commit 8cf9d22324.
 2021-10-18 14:12:41 +02:00
Trong Huu Nguyen
8cf9d22324 Revert "refactor: infer redirect URI from configured ingress" 
This reverts commit 5f0b0df7cf.
 2021-10-18 14:06:10 +02:00
Trong Huu Nguyen
6f2520078e feat: add id_token to downstream header 
Co-Authored-By: Kim Tore Jensen <kim.tore.jensen@nav.no>
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-18 12:42:34 +02:00
Trong Huu Nguyen
5f0b0df7cf refactor: infer redirect URI from configured ingress 2021-10-18 11:26:55 +02:00
Trong Huu Nguyen
be585f9902 refactor: simplify config for acr_values and ui_locales; validate on startup 2021-10-17 20:24:34 +02:00
Trong Huu Nguyen
5d2f8c3e84 refactor: cleanups for error template; embed and load on startup 2021-10-17 20:24:06 +02:00
Trong Huu Nguyen
c1482d09e1 refactor: generalize config to allow more providers; add azure 2021-10-16 12:44:59 +02:00
Trong Huu Nguyen
e8e1fc7632 refactor: clean up tests and mock setup 2021-10-16 10:50:22 +02:00
Trong Huu Nguyen
c702f8ff6c refactor: introduce generic provider for openid configs 2021-10-16 10:42:49 +02:00
Trong Huu Nguyen
2f0243b69a refactor: move openid related structs to own pkg 2021-10-16 10:39:00 +02:00
Trong Huu Nguyen
e7d5a6073c refactor: add jwks pkg for generating jwk sets 2021-10-16 10:28:49 +02:00
Trong Huu Nguyen
9b15da6251 refactor: move scopes to own pkg 2021-10-16 10:27:17 +02:00
Trong Huu Nguyen
8711f6e0d3 style: clean up imports 2021-10-16 10:25:47 +02:00
Trong Huu Nguyen
5ce7d979c7 refactor: use httputil.ReverseProxy for default route 2021-10-15 08:42:42 +02:00
Trong Huu Nguyen
8724e37e0d refactor: minor cleanups for callback handler 2021-10-14 20:34:26 +02:00
Trong Huu Nguyen
d766e247a9 refactor: safer implementation for getting sid claim from id_token 2021-10-14 20:34:24 +02:00
Trong Huu Nguyen
5db2a01f63 fix: explicitly set status response header for front-channel logout 
Co-Authored-By: Morten Lied Johansen <morten.lied.johansen@nav.no>
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-13 10:44:01 +02:00
Trong Huu Nguyen
d0482b3490 refactor: log session store unavailability, ensure fallback cookies are deleted when no longer needed 2021-10-13 08:49:53 +02:00
Trong Huu Nguyen
f7f476db87 refactor: add toggle for redis tls negotiation 2021-10-13 08:47:58 +02:00
Morten Lied Johansen
6152b94aba Configure HA redis 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-12 15:56:30 +02:00
Trong Huu Nguyen
d58e3339a9 refactor: only log route requests for owned routes 
Co-authored-by: Morten Lied Johansen <morten.lied.johansen@nav.no>
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-12 10:24:27 +02:00
Trong Huu Nguyen
e209516d32 feat: add toggle for auto redirect to login handler for default route 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-11 12:50:11 +02:00
Trong Huu Nguyen
2e10801d0e refactor: move client assertion generation, replace go-jose with jwx 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-11 11:46:11 +02:00
Trong Huu Nguyen
399a8175c8 refactor: user-friendly retry URI for default error page 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-07 10:26:32 +02:00
Trong Huu Nguyen
3bdbfd0030 refactor: only handle single ingress 
As OIDC is very specific on using complete redirect URIs
for the authorization-step, it does not really make sense
to handle multiple ingresses in Wonderwall.

We could dynamically figure out which ingress was used
by looking at the scheme and host for the request and
decide which redirect URI we would use, but such an
implementation is both time-consuming and prone to
errors and vulnerabilities without the proper precautions.
 2021-10-07 08:16:49 +02:00
Trong Huu Nguyen
8b3075f6d0 fix: do not remove login cookies until end of callback 2021-10-07 07:59:48 +02:00
Trong Huu Nguyen
b8a62826ad fix: remove debug error 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-06 14:54:30 +02:00
sindrerh2
1f939d603d feat: add configurable redirect to custom error page 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-10-06 14:49:04 +02:00
Trong Huu Nguyen
7979bb09fb refactor: move request related utilities to own pkg 2021-10-06 12:39:08 +02:00
sindrerh2
fb4adc9cc5 feat: add templated error page 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
 2021-10-05 14:09:09 +02:00
Trong Huu Nguyen
77d0438411 feat: use latest go-chi v5, add middlewares for panic recovery and logging 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-05 11:45:42 +02:00
Trong Huu Nguyen
70516c3efb refactor: more cleanups; split up route handlers 2021-10-04 19:10:19 +02:00
Trong Huu Nguyen
569855cef2 refactor: minor cleanups for middleware 2021-10-04 18:45:40 +02:00
Trong Huu Nguyen
788ef1278a refactor: add correlation ID for error response logs 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 14:36:54 +02:00
Trong Huu Nguyen
ce8d8c6460 refactor: clean up error handling 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 14:07:15 +02:00
Trong Huu Nguyen
5e113f4284 refactor: use common cookie name across all instances 
This will attempt to mitigate cases where many instances
of Wonderwall on the same domain set cookies which will
exceed the header size for Cookies.

Generally, this should result in decryption failures when
transitioning from one app to another, which should omit the
Authorization header and have a new session triggered by the
downstream application.

Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 13:17:12 +02:00
Trong Huu Nguyen
f73b4605a1 refactor: use encrypted cookie as session fallback 
Co-Authored-By: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-04 13:17:04 +02:00
Trong Huu Nguyen
80c7abd70a refactor: update jwx; now infers alg from keys where missing 2021-10-01 12:22:49 +02:00
Morten Lied Johansen
43dd8d7926 More, correct, metrics 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-01 10:28:44 +02:00
Morten Lied Johansen
c70c7d7267 Increase login cookie lifetime 
Co-authored-by: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Co-authored-by: Sindre Rødseth Hansen <sindre.rodseth.hansen@nav.no>
 2021-10-01 09:46:54 +02:00