github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-08 17:37:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
217 Commits 2 Branches 0 Tags
cc78d2195ba8ae2ecbfec554cfbb156066238f07
Commit Graph

217 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Trong Huu Nguyen
cc78d2195b fix: ensure canonical redirect URL is not empty 2022-03-10 11:03:27 +01:00
J-K. Solbakken
2fb145fc00 all repos should have CODEOWNERS and LICENSE files 2022-03-08 14:50:26 +01:00
Trong Huu Nguyen
0792c8a783 deps: bump versions 2022-03-01 07:53:20 +01:00
Trong Huu Nguyen
f0318b269e fix: ensure jwk set is refreshed regularly 2022-03-01 07:49:51 +01:00
Trong Huu Nguyen
9c114f198a feat: set path for cookies for ingresses with subpaths 2022-02-14 13:18:29 +01:00
Trong Huu Nguyen
502d5f73f0 refactor(frontchannel-logout): accidentally a level too high 2022-02-11 11:42:08 +01:00
Trong Huu Nguyen
785186bf5a refactor: route errors should still log at least warning 2022-02-11 09:12:28 +01:00
Trong Huu Nguyen
714fc7e34f refactor: reduce log level severity for front-channel logout 2022-02-10 14:52:11 +01:00
Trong Huu Nguyen
8362722929 fix: don't log all requests at info level 2022-02-10 14:25:52 +01:00
Trong Huu Nguyen
de27328a84 refactor: improve error page 2022-02-10 13:38:02 +01:00
Trong Huu Nguyen
e5917964ba refactor: reduce log level severity for some spammy warnings 2022-02-10 13:31:58 +01:00
Trong Huu Nguyen
5373360c41 refactor: improve some log statements 2022-02-07 15:32:48 +01:00
Trong Huu Nguyen
3d45cfb998 refactor(config): remove features stanza 2022-02-03 13:52:48 +01:00
Trong Huu Nguyen
72f64b6c4c refactor(handler/frontchannellogout): better log statements 2022-02-03 12:17:56 +01:00
Trong Huu Nguyen
f95e618585 refactor(jwt): azure ad sets uti claim instead of jti 2022-02-03 11:41:44 +01:00
Trong Huu Nguyen
3828437dc5 refactor(jwt): clean up and deduplicate 2022-02-03 11:41:43 +01:00
Trong Huu Nguyen
59532eab0f build: add coverprofile for tests 2022-02-03 11:41:43 +01:00
Trong Huu Nguyen
b449ab2191 refactor: token -> jwt for accuracy 2022-02-03 11:41:43 +01:00
Trong Huu Nguyen
eeccebc5dd feat: log jwt IDs for tracability 2022-02-03 11:41:42 +01:00
Trong Huu Nguyen
e4e95ef5c6 refactor: move token parsing to own package; prepare for audit logs 2022-02-03 11:41:41 +01:00
Trong Huu Nguyen
6a4a268e15 docs: update available flags 2022-02-03 11:41:41 +01:00
Trong Huu Nguyen
c3da899190 feat(loginstatus): ensure that cookie is set in default route 2022-02-03 11:41:41 +01:00
Trong Huu Nguyen
fcba6815b9 feat: add feature toggled support for loginstatus 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
Co-Authored-By: Tommy Trøen <tommy.troen@nav.no>
 2022-02-03 11:41:40 +01:00
Trong Huu Nguyen
f36d65a6ba fix(openid/config): close response body after get 2022-02-03 11:41:39 +01:00
ybelMekk
996f543f4d add: dependabot.yml, update workflow with test job and only deploy when its on master. 2022-02-02 13:36:00 +01:00
Trong Huu Nguyen
2668963e94 Merge pull request #8 from nais/support-for-front-channel-logout 2022-01-28 11:01:41 +01:00
Trong Huu Nguyen
05fae6ca5e refactor: get or generate session ID with fallbacks 
Turns out that Azure AD doesn't support the `check_session_iframe` property.
However it still returns the session ID in the `session_state` parameter during
callbacks, and optionally can be configured to return the `sid` claim in id_tokens.

This commit changes the behaviour of the SessionID method to get the session ID
if found, with the order of preference being:

1. from the `sid` claim in the id_token,
2. from the `session_state` parameter provided by the OP during callbacks

If neither are found, and the OP's configuration does not indicate that either
should be (e.g. no support for front-channel logout and/or session
management), we fall back to generating our own session ID.
 2022-01-27 12:57:52 +01:00
Trong Huu Nguyen
834c79ef1d style: go fmt 2022-01-25 15:59:57 +01:00
Trong Huu Nguyen
b40dbffa19 refactor: clean up tests 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
 2022-01-25 15:58:19 +01:00
Trong Huu Nguyen
24cae11ba2 refactor: split out session ID generation to own file, add tests 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
 2022-01-25 15:33:45 +01:00
ybelMekk
abc8bd1835 fix: clean up tests and fix name 2022-01-25 12:08:42 +01:00
ybelMekk
1a2b85a5f5 fix: rename from externalSessionId to sessionID. 
Better impl. for generating a random sessionID.
 2022-01-25 11:38:17 +01:00
ybelMekk
413b8dfc19 fix: revert frontChannelLogout impl. 2022-01-25 11:36:41 +01:00
ybelMekk
768aa7af49 fix: test to only check for generated session_state, remove frontChannel from CheckIframe test. 2022-01-25 11:35:56 +01:00
ybelMekk
8df169e6e0 debug: remove print statm. 2022-01-24 23:13:10 +01:00
ybelMekk
f996c4a6fe fix: remove omitempty from check_session_iframe, more robust checking of empty values in checkIframe configuration function. Fix bug in extractExternalSessionID in frontChannelLogout, return first match. 2022-01-24 23:12:07 +01:00
ybelMekk
74c1592d0a remove: unused function 2022-01-24 22:57:43 +01:00
ybelMekk
bc5f5138e4 add: handle trigger of logout for third-party and session_state 2022-01-24 22:44:45 +01:00
ybelMekk
a23595b9b4 add: handle trigger of logout for third-party and session_state 2022-01-23 23:14:25 +01:00
ybelMekk
e4c47f59e8 fix: create function for externalSessionId add random string generator. fix tests to reflect provider with checkSessionIframe Session management. 2022-01-23 21:37:36 +01:00
ybelMekk
65a0b5de52 fix: create function for externalSessionId add random string generator. 2022-01-23 14:31:01 +01:00
ybelMekk
7f6d323dde add: session management check to get session_state from OP response, generate a externalSessionID if none supported. 2022-01-22 16:23:16 +01:00
ybelMekk
f5e5d842e6 wip: sid claim only required if frontchannel_logout_session_supported && frontchannel_logout_supported. 2022-01-22 15:03:54 +01:00
Trong Huu Nguyen
6411f168e2 refactor(handler/login): move user agent debug statement to field 2022-01-10 11:12:54 +01:00
Trong Huu Nguyen
7432f86b64 refactor(cookie): set expires to epoch zero time on deletion 2022-01-07 15:29:49 +01:00
Trong Huu Nguyen
879319cd2a fix(router/login): alleviate SameSite issues for login cookie 
A login cookie is set as part of the redirection flow between the RP
and OP, and thus inherently involves cross-site requests. Our client
uses the response_mode=query parameter for authorization requests, which
should work with the SameSite attribute set to Lax. However, there are
certain versions of user agents on certain operating systems (e.g.
Safari 12.2 on iOS<12.2, MacOS<10.14.4, Android WebView<72) that do not
properly handle cookies with the SameSite attribute set.

This commit attempts to alleviate this issue for legacy browsers by
introducing a fallback cookie without the SameSite attribute set.

Additionally, we also set the SameSite value for the original login
cookie to None to ensure that the cookie persists through the
cross-origin redirection requests.
 2022-01-07 14:16:46 +01:00
Trong Huu Nguyen
a4461ad294 fix(router/frontchannellogout): do not write response headers before clearing cookies 2022-01-07 14:16:40 +01:00
Trong Huu Nguyen
05e2509fac refactor: separate cookie operations to own package 2022-01-07 11:03:22 +01:00
Trong Huu Nguyen
2d4ced719f feat: remove custom header for id_token 
This isn't really needed, and might cause headaches if headers are
proxied further downstream and logged by components that do not
properly mask or redact its contents.
 2022-01-06 09:58:17 +01:00
Trong Huu Nguyen
c311f46219 revert: "fix: ensure deletion of cookies have SameSite set to None" 
This reverts commit 826f16f4df.

This doesn't actually work unless the original cookie set has the same
value for SameSite.
 2021-12-14 15:10:45 +01:00