github/wonderwall
1
0
Fork 0
mirror of https://github.com/nais/wonderwall.git synced 2026-05-09 09:56:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
253 Commits 2 Branches 0 Tags
d49db13e5f267dee24fe69d33d7307a8f2bf1cef
Commit Graph

202 Commits

Author SHA1 Message Date
Trong Huu Nguyen
d49db13e5f refactor(openid/clients): consolidate configuration 2022-07-04 15:24:21 +02:00
Trong Huu Nguyen
10dddd00bc refactor(router): begin extraction of openid client 2022-07-04 15:18:42 +02:00
Trong Huu Nguyen
a19cbe375c refactor(router/session): extract cookie store 2022-07-04 15:18:40 +02:00
Trong Huu Nguyen
31eb0d5a1e refactor(router/cookies): move related functions to cookies pkg 2022-07-04 15:18:38 +02:00
Trong Huu Nguyen
a752978f8f refactor(session): move data to own file 2022-07-04 15:18:37 +02:00
Trong Huu Nguyen
d73a5f24bb refactor(session): move session id generator to relevant pkg 2022-07-04 15:18:36 +02:00
Trong Huu Nguyen
debf97efda feat(session): store metadata 2022-07-04 15:18:36 +02:00
Trong Huu Nguyen
402d8b940f refactor: use expiry in token response instead of jwt claim 2022-07-04 15:18:35 +02:00
Trong Huu Nguyen
497cf9fba7 feat: store refresh tokens in session 2022-07-04 15:18:34 +02:00
Trong Huu Nguyen
543d7b387c router/request: add some test cases for canonical redirects 
(cherry picked from commit 53e4d257c906941a24ceda462f610846a209e50d)
 2022-07-04 13:27:06 +02:00
Trong Huu Nguyen
303708ea65 router/request: add some clarifying comments 2022-07-04 13:26:51 +02:00
André Roaldseth
1f830b5dc8 fix(router/request): add query string when redirecting back to referrer (#37) 
* Add query string when redirecting back to referrer

Fixes #36

* Manipulate URL object for more consistent stringify

Co-authored-by: thokra-nav <85170275+thokra-nav@users.noreply.github.com>

Co-authored-by: thokra-nav <85170275+thokra-nav@users.noreply.github.com>
 2022-07-04 13:25:41 +02:00
Trong Huu Nguyen
414b7a9c68 refactor(handler/default): remove unneeded modifications for reverse proxy requests 2022-06-15 08:37:57 +02:00
Trong Huu Nguyen
184102d365 perf(session/redis): set minIdleConns to alleviate cold start performance 2022-06-14 14:26:42 +02:00
Trong Huu Nguyen
9cc9bd72b9 refactor(middleware/logentry): only include relevant cookies 2022-06-13 15:43:02 +02:00
Trong Huu Nguyen
65ac98f5a8 fix(middleware/logentry): use fallback logger if not set in context 2022-05-10 15:56:41 +02:00
Trong Huu Nguyen
32dd80b5da feat: add handler for logout callbacks 2022-05-10 08:52:07 +02:00
Trong Huu Nguyen
b3dfa54768 refactor: change default post-logout redirect uri for idporten 2022-05-09 11:49:44 +02:00
Trong Huu Nguyen
441d890fe7 refactor: move random string generator to own pkg 2022-05-09 11:48:44 +02:00
Trong Huu Nguyen
04fab6104a feat(handler/callback): add retries for requests to external services 2022-05-06 12:28:58 +02:00
Trong Huu Nguyen
18fffcc755 deps: migrate from lestrrat-go/jwx to lestrrat-go/jwx/v2 2022-05-05 11:09:03 +02:00
Trong Huu Nguyen
f10bb80f9e refactor(handler): use logger with request context 2022-05-05 09:15:59 +02:00
Trong Huu Nguyen
cd57e72d56 refactor(router/request): clean up construction of canonical redirect uris; add missing tests 2022-05-05 08:12:23 +02:00
Trong Huu Nguyen
2252b1dbce refactor(handler/callback): unconditionally clear callback cookies 2022-03-25 11:26:24 +01:00
Trong Huu Nguyen
cc78d2195b fix: ensure canonical redirect URL is not empty 2022-03-10 11:03:27 +01:00
Trong Huu Nguyen
f0318b269e fix: ensure jwk set is refreshed regularly 2022-03-01 07:49:51 +01:00
Trong Huu Nguyen
9c114f198a feat: set path for cookies for ingresses with subpaths 2022-02-14 13:18:29 +01:00
Trong Huu Nguyen
502d5f73f0 refactor(frontchannel-logout): accidentally a level too high 2022-02-11 11:42:08 +01:00
Trong Huu Nguyen
785186bf5a refactor: route errors should still log at least warning 2022-02-11 09:12:28 +01:00
Trong Huu Nguyen
714fc7e34f refactor: reduce log level severity for front-channel logout 2022-02-10 14:52:11 +01:00
Trong Huu Nguyen
8362722929 fix: don't log all requests at info level 2022-02-10 14:25:52 +01:00
Trong Huu Nguyen
de27328a84 refactor: improve error page 2022-02-10 13:38:02 +01:00
Trong Huu Nguyen
e5917964ba refactor: reduce log level severity for some spammy warnings 2022-02-10 13:31:58 +01:00
Trong Huu Nguyen
5373360c41 refactor: improve some log statements 2022-02-07 15:32:48 +01:00
Trong Huu Nguyen
3d45cfb998 refactor(config): remove features stanza 2022-02-03 13:52:48 +01:00
Trong Huu Nguyen
72f64b6c4c refactor(handler/frontchannellogout): better log statements 2022-02-03 12:17:56 +01:00
Trong Huu Nguyen
f95e618585 refactor(jwt): azure ad sets uti claim instead of jti 2022-02-03 11:41:44 +01:00
Trong Huu Nguyen
3828437dc5 refactor(jwt): clean up and deduplicate 2022-02-03 11:41:43 +01:00
Trong Huu Nguyen
b449ab2191 refactor: token -> jwt for accuracy 2022-02-03 11:41:43 +01:00
Trong Huu Nguyen
eeccebc5dd feat: log jwt IDs for tracability 2022-02-03 11:41:42 +01:00
Trong Huu Nguyen
e4e95ef5c6 refactor: move token parsing to own package; prepare for audit logs 2022-02-03 11:41:41 +01:00
Trong Huu Nguyen
c3da899190 feat(loginstatus): ensure that cookie is set in default route 2022-02-03 11:41:41 +01:00
Trong Huu Nguyen
fcba6815b9 feat: add feature toggled support for loginstatus 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
Co-Authored-By: Tommy Trøen <tommy.troen@nav.no>
 2022-02-03 11:41:40 +01:00
Trong Huu Nguyen
f36d65a6ba fix(openid/config): close response body after get 2022-02-03 11:41:39 +01:00
Trong Huu Nguyen
05fae6ca5e refactor: get or generate session ID with fallbacks 
Turns out that Azure AD doesn't support the `check_session_iframe` property.
However it still returns the session ID in the `session_state` parameter during
callbacks, and optionally can be configured to return the `sid` claim in id_tokens.

This commit changes the behaviour of the SessionID method to get the session ID
if found, with the order of preference being:

1. from the `sid` claim in the id_token,
2. from the `session_state` parameter provided by the OP during callbacks

If neither are found, and the OP's configuration does not indicate that either
should be (e.g. no support for front-channel logout and/or session
management), we fall back to generating our own session ID.
 2022-01-27 12:57:52 +01:00
Trong Huu Nguyen
834c79ef1d style: go fmt 2022-01-25 15:59:57 +01:00
Trong Huu Nguyen
b40dbffa19 refactor: clean up tests 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
 2022-01-25 15:58:19 +01:00
Trong Huu Nguyen
24cae11ba2 refactor: split out session ID generation to own file, add tests 
Co-Authored-By: Youssef Bel Mekki <youssef.bel.mekki@nav.no>
 2022-01-25 15:33:45 +01:00
ybelMekk
abc8bd1835 fix: clean up tests and fix name 2022-01-25 12:08:42 +01:00
ybelMekk
1a2b85a5f5 fix: rename from externalSessionId to sessionID. 
Better impl. for generating a random sessionID.
 2022-01-25 11:38:17 +01:00