github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-07 00:46:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
587 Commits 2 Branches 0 Tags
cbfa3fe2e23378ffc382fe8983d0d9d4b97c19dc
Commit Graph

58 Commits

Author SHA1 Message Date
Trong Huu Nguyen
46852be025 feat(openid): prepare acr mappings for migration to new idporten 2023-05-25 15:54:29 +02:00
Trong Huu Nguyen
6151aa3279 feat(openid, handler): support runtime override of redirect after single-logout 
Fixes #100.
 2023-05-04 14:45:13 +02:00
Trong Huu Nguyen
568f9f7683 feat(handler): use 302 instead of 303 for redirects 2023-04-29 08:42:29 +02:00
Trong Huu Nguyen
bc651d9082 fix: use 303 instead of 307 for redirects 2023-04-28 01:30:17 +02:00
Trong Huu Nguyen
5342913676 refactor: move cookie options to handler constructors 2023-02-24 18:21:36 +01:00
Trong Huu Nguyen
3274cc5c65 refactor: move redirect package into url, clean up naming 2023-02-16 09:24:39 +01:00
Trong Huu Nguyen
5a56c24bcc refactor(crypto): replace aes-256-gcm with xchacha20-poly1305 2023-02-13 21:48:23 +01:00
Trong Huu Nguyen
473e4a95a7 refactor: remove loginstatus 
Loginstatus is no longer needed with the SSO setup.
Fixes #50.
 2023-02-10 14:58:17 +01:00
Trong Huu Nguyen
99e3e7d699 refactor(mock/openid): use redis as session store for integration tests 2023-02-10 14:58:16 +01:00
Trong Huu Nguyen
54a43d832a feat(redirect): extract package for creating and validating canonical redirects 2023-02-10 14:58:13 +01:00
Trong Huu Nguyen
1f60d750f2 fix(mock): correct middleware for request generator 2023-02-10 14:58:13 +01:00
Trong Huu Nguyen
0e73c9b4d8 refactor(mock): configure relying party ingress before server start 2023-02-10 14:58:11 +01:00
Trong Huu Nguyen
c3c0c01926 feat(sso): partially implement handlers 2023-02-10 14:58:09 +01:00
Trong Huu Nguyen
a4e4fc752e refactor(handler): remove provider name getter from handler 2023-02-10 14:57:57 +01:00
Trong Huu Nguyen
c3a5033968 test(handler): add test for authorization headers, ensure upstream validates token 2023-02-10 14:57:45 +01:00
Trong Huu Nguyen
2a80bd7765 refactor(mock/openid): use interface for handler 2022-09-02 18:43:59 +02:00
Trong Huu Nguyen
08eefbf1d5 refactor(openid): clean up client and provider 2022-09-02 18:08:36 +02:00
Trong Huu Nguyen
92ee6313c5 refactor: remove unnecessary interfaces 2022-09-02 17:39:27 +02:00
Trong Huu Nguyen
c8f48335d4 refactor(openid/config): extract getter for ingresses 2022-09-02 15:17:36 +02:00
Trong Huu Nguyen
9144056e28 refactor(handler): split up request handlers into separate modules 2022-09-02 14:53:11 +02:00
Trong Huu Nguyen
5d00d132dd refactor: decouple handler implementation from router and middleware 2022-09-01 19:39:47 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
cafebabea5 fix(openid/client): set redirect_uri param when redeeming auth code 2022-08-23 08:27:34 +02:00
Trong Huu Nguyen
5990e4bb71 refactor(session): extract session handler 2022-08-19 11:44:13 +02:00
Trong Huu Nguyen
5a50ba7c3a feat: support multiple ingresses 
Replace hardcoded callback URLs with dynamic generation
of URLs based on incoming requests. These are validated against
a pre-registered list of ingresses for which Wonderwall is considered
authorative for.

We also preserve the cookie behaviour; the most specific ingress path
and domain is used for the cookies.

The `url` package has been moved to the `handler` package, and its
implementation refactored slightly for readability and DRY.
 2022-08-17 20:43:56 +02:00
Trong Huu Nguyen
d79f31c18d refactor(autologin): use glob-style matching instead of regex 
Regexes are powerful, but completely overkill and error-prone for this
use-case. So instead, we'll use path.Match with its simpler glob-style
patterns.
 2022-07-21 12:01:30 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
3e62683cad refactor: use pointer receivers when possible 2022-07-19 19:24:28 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
284fa2a76f fix(openid/client): ensure assertion time claims are rounded down instead of up 
Hopefully fixes intermittent 'invalid_grant' errors from IdP.
 2022-07-18 09:24:26 +02:00
Trong Huu Nguyen
ef649e7aaa feat: add allowlisting of paths for autologin 2022-07-17 20:11:55 +02:00
Trong Huu Nguyen
4b2bf6e095 fix(mock/openid): ensure tokens have jti claim set 2022-07-15 09:04:55 +02:00
Trong Huu Nguyen
e3b9d33296 refactor: split out packages from router 2022-07-15 07:44:54 +02:00
Trong Huu Nguyen
fd630e6dbd test(router): extract some reusable test methods 2022-07-14 13:52:47 +02:00
Trong Huu Nguyen
6469c527a7 refactor(mock/openid): validate params in auth and token requests 2022-07-14 10:08:51 +02:00
Trong Huu Nguyen
9c29bb180b refactor(mock): ensure scope is correctly set for openid client 2022-07-14 10:04:34 +02:00
Trong Huu Nguyen
66cf08e602 refactor(openid/logout): simplify logout logic 
As we already clear any local sessions before redirecting to the
Identity Provider, and the callback always redirects to a pre-configured URL,
there isn't really any need to maintain and verify state in the logout
callback.

In other words, the logout callback handler is simply a redirect handler.
 2022-07-12 15:09:49 +02:00
Trong Huu Nguyen
c321cff4eb test(openid/client): add missing tests 2022-07-12 14:28:17 +02:00
Trong Huu Nguyen
42938ee8b3 refactor(handler): deduplicate configuration 2022-07-05 14:43:40 +02:00
Trong Huu Nguyen
a4c3e72fc9 fix(router/handler): use long-lived context for refreshing jwks 2022-07-05 13:18:38 +02:00
Trong Huu Nguyen
1f5635239a refactor: split out openid client, config and provider 
There's a bunch of changes here, but in essence:

- split out openid configuration
- separate openid configuration between client/rp and provider
- consolidate client and provider related code in separate packages

These changes allow for simplification of the Handler, as well as a
bunch of test/mock code as the configuration is now instantiated
seperately from the client/provider code.
 2022-07-05 13:09:00 +02:00
Trong Huu Nguyen
10dddd00bc refactor(router): begin extraction of openid client 2022-07-04 15:18:42 +02:00
Trong Huu Nguyen
32dd80b5da feat: add handler for logout callbacks 2022-05-10 08:52:07 +02:00
Trong Huu Nguyen
18fffcc755 deps: migrate from lestrrat-go/jwx to lestrrat-go/jwx/v2 2022-05-05 11:09:03 +02:00
Trong Huu Nguyen
f0318b269e fix: ensure jwk set is refreshed regularly 2022-03-01 07:49:51 +01:00
Trong Huu Nguyen
834c79ef1d style: go fmt 2022-01-25 15:59:57 +01:00
Trong Huu Nguyen
b40dbffa19 refactor: clean up tests 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
 2022-01-25 15:58:19 +01:00
Trong Huu Nguyen
24cae11ba2 refactor: split out session ID generation to own file, add tests 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
 2022-01-25 15:33:45 +01:00
ybelMekk
abc8bd1835 fix: clean up tests and fix name 2022-01-25 12:08:42 +01:00
ybelMekk
768aa7af49 fix: test to only check for generated session_state, remove frontChannel from CheckIframe test. 2022-01-25 11:35:56 +01:00