github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-06 16:36:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
688 Commits 2 Branches 0 Tags
d2d281f38c19cffda70c32812e52a342e27216d0
Commit Graph

208 Commits

Author SHA1 Message Date
Trong Huu Nguyen
7029bd1210 fix(router): correct cors setup for session routes 2023-08-22 07:46:24 +02:00
Trong Huu Nguyen
568f9f7683 feat(handler): use 302 instead of 303 for redirects 2023-04-29 08:42:29 +02:00
Trong Huu Nguyen
b4baa96ee4 feat(router): don't handle preflight requests for login/logout routes 2023-04-29 08:30:45 +02:00
Trong Huu Nguyen
28abcb3cf8 feat(router): handle HEAD requests for some routes 2023-04-28 08:01:52 +02:00
Trong Huu Nguyen
6127417767 fix(router): handle preflight requests for sso server 2023-04-28 06:53:47 +02:00
Trong Huu Nguyen
bc651d9082 fix: use 303 instead of 307 for redirects 2023-04-28 01:30:17 +02:00
Trong Huu Nguyen
fba165552d feat(router): disable local logout endpoint for idporten 2023-04-21 15:34:33 +02:00
Trong Huu Nguyen
9eeb6f5e96 feat(router): root path for sso server should redireect to login 2023-04-13 14:30:21 +02:00
Trong Huu Nguyen
5ad603395c fix(handler/sso/proxy): override request path for reverseproxy to sso-server 2023-04-13 14:19:48 +02:00
Trong Huu Nguyen
a2d8d6f7c3 fix(router): register OPTIONS routes for CORS middleware 2023-04-13 09:03:04 +02:00
Trong Huu Nguyen
a375ac774d feat(router): add ping route for health probes 2023-03-01 09:27:06 +01:00
Trong Huu Nguyen
f346e9e91d refactor(router): use a more apt name for wildcard handler 2023-02-24 18:33:41 +01:00
Trong Huu Nguyen
d5b603c98f feat(router): add cors middleware for sso server 2023-02-23 14:30:55 +01:00
Trong Huu Nguyen
a4e4fc752e refactor(handler): remove provider name getter from handler 2023-02-10 14:57:57 +01:00
Trong Huu Nguyen
e7244df4d5 feat: add local logout endpoint 2022-11-24 11:36:49 +01:00
Trong Huu Nguyen
bdec8c662c refactor(router): correct HTTP verb for session refresh endpoint 
Since this changes the state for a user's session, a POST is more
appropriate than just a GET - even though the POST body is empty.

We keep the GET route temporarily to allow any consumers to migrate.
 2022-10-11 09:22:03 +02:00
Trong Huu Nguyen
9144056e28 refactor(handler): split up request handlers into separate modules 2022-09-02 14:53:11 +02:00
Trong Huu Nguyen
5d00d132dd refactor: decouple handler implementation from router and middleware 2022-09-01 19:39:47 +02:00
Trong Huu Nguyen
619ae52d45 refactor: separate refresh-specific fields from session info; enable endpoint without refresh feature 2022-09-01 19:35:48 +02:00
Trong Huu Nguyen
d5bbca9897 feat: rudimentary support for refresh tokens 2022-08-26 14:32:39 +02:00
Trong Huu Nguyen
dc0741f79f refactor(middleware): extract handlers for consistency 2022-08-26 08:34:07 +02:00
Trong Huu Nguyen
5a50ba7c3a feat: support multiple ingresses 
Replace hardcoded callback URLs with dynamic generation
of URLs based on incoming requests. These are validated against
a pre-registered list of ingresses for which Wonderwall is considered
authorative for.

We also preserve the cookie behaviour; the most specific ingress path
and domain is used for the cookies.

The `url` package has been moved to the `handler` package, and its
implementation refactored slightly for readability and DRY.
 2022-08-17 20:43:56 +02:00
Trong Huu Nguyen
5f6c0c01a8 feat: add ingress middleware 2022-08-17 11:39:41 +02:00
Trong Huu Nguyen
31ab8ad3b7 refactor(handler/default): redirect auto-login requests instead of inlining login handler 2022-07-21 08:21:28 +02:00
Trong Huu Nguyen
eac2d5789d refactor: passthrough for consistency in openid configuration 2022-07-20 09:58:49 +02:00
Trong Huu Nguyen
bece03c94e refactor(middleware/logentry): replace zerologger with logrus 2022-07-18 15:47:35 +02:00
Trong Huu Nguyen
e3b9d33296 refactor: split out packages from router 2022-07-15 07:44:54 +02:00
Trong Huu Nguyen
fd630e6dbd test(router): extract some reusable test methods 2022-07-14 13:52:47 +02:00
Trong Huu Nguyen
aab249d78a refactor(jwt): skip parsing access tokens 
Access Tokens are not necessarily JWTs. We also don't
have to validate them as we only pass it on as an opaque
string.

This also means that we don't log the JTI access tokens
anymore.

We also simplify handling of oidc callbacks.
 2022-07-14 12:14:25 +02:00
Trong Huu Nguyen
0398d17074 test(router): add some missing assertions 2022-07-14 10:06:08 +02:00
Trong Huu Nguyen
66cf08e602 refactor(openid/logout): simplify logout logic 
As we already clear any local sessions before redirecting to the
Identity Provider, and the callback always redirects to a pre-configured URL,
there isn't really any need to maintain and verify state in the logout
callback.

In other words, the logout callback handler is simply a redirect handler.
 2022-07-12 15:09:49 +02:00
Trong Huu Nguyen
b937c64dd6 refactor(openid/client): ensure callback cookies are not nil 2022-07-11 14:30:04 +02:00
Trong Huu Nguyen
48160e7986 fix(handler/callback): pass correct error to error handler 2022-07-11 13:39:48 +02:00
Trong Huu Nguyen
b770f22174 refactor(handler/logoutcallback): extract to openid client 2022-07-11 13:37:40 +02:00
Trong Huu Nguyen
ad3201fbfb refactor(handler/logout): extract to openid client 2022-07-11 13:09:10 +02:00
Trong Huu Nguyen
451642caf8 refactor(handler/frontchannellogout): extract to openid client 2022-07-11 13:04:00 +02:00
Trong Huu Nguyen
8c28a3b109 refactor(router): group routes and extract middlewares 2022-07-08 16:10:11 +02:00
Trong Huu Nguyen
2f237ec89c refactor(handler/callback): extract openid specific code to client 2022-07-08 15:07:16 +02:00
Trong Huu Nguyen
42938ee8b3 refactor(handler): deduplicate configuration 2022-07-05 14:43:40 +02:00
Trong Huu Nguyen
a4c3e72fc9 fix(router/handler): use long-lived context for refreshing jwks 2022-07-05 13:18:38 +02:00
Trong Huu Nguyen
1f5635239a refactor: split out openid client, config and provider 
There's a bunch of changes here, but in essence:

- split out openid configuration
- separate openid configuration between client/rp and provider
- consolidate client and provider related code in separate packages

These changes allow for simplification of the Handler, as well as a
bunch of test/mock code as the configuration is now instantiated
seperately from the client/provider code.
 2022-07-05 13:09:00 +02:00
Trong Huu Nguyen
10dddd00bc refactor(router): begin extraction of openid client 2022-07-04 15:18:42 +02:00
Trong Huu Nguyen
a19cbe375c refactor(router/session): extract cookie store 2022-07-04 15:18:40 +02:00
Trong Huu Nguyen
31eb0d5a1e refactor(router/cookies): move related functions to cookies pkg 2022-07-04 15:18:38 +02:00
Trong Huu Nguyen
d73a5f24bb refactor(session): move session id generator to relevant pkg 2022-07-04 15:18:36 +02:00
Trong Huu Nguyen
debf97efda feat(session): store metadata 2022-07-04 15:18:36 +02:00
Trong Huu Nguyen
402d8b940f refactor: use expiry in token response instead of jwt claim 2022-07-04 15:18:35 +02:00
Trong Huu Nguyen
497cf9fba7 feat: store refresh tokens in session 2022-07-04 15:18:34 +02:00
Trong Huu Nguyen
543d7b387c router/request: add some test cases for canonical redirects 
(cherry picked from commit 53e4d257c906941a24ceda462f610846a209e50d)
 2022-07-04 13:27:06 +02:00
Trong Huu Nguyen
303708ea65 router/request: add some clarifying comments 2022-07-04 13:26:51 +02:00