Commits · 81b8bd243b5e8d2e321a71cad5a26d34bc8f524b · id / go-sso

May 04, 2020
- Stricter Content-Security-Policy headers · 81b8bd24
  ale authored 4 years ago
  
  Adds the 'base-uri', 'form-action' and 'frame-ancestors' properties.
  81b8bd24
- Set SameSite policy on CSRF cookies · 72bb1ac7
  ale authored 4 years ago
  
  72bb1ac7
Apr 28, 2020
- Add some error logging on saml-server · fb63c3d1
  ale authored 4 years ago
  
  fb63c3d1
Apr 27, 2020
- Fix X-Frame-Options header (uppercase) · 65b137a4
  ale authored 4 years ago
  
  65b137a4
- Fix X-Frame-Options header · 8af8979f
  ale authored 4 years ago
  
  8af8979f
Mar 29, 2020
- Set default timeouts on the proxy http.Transport · d1e6a380
  ale authored 4 years ago
  
  d1e6a380
Mar 20, 2020
- Handle the double-logout case more cleanly · 28fcb558
  ale authored 4 years ago
  
  Do not attempt to call backends (keystore) with empty usernames.
  28fcb558
Mar 14, 2020
- Fix URLs for flipping between otp/u2f · f3fd32c0
  ale authored 5 years ago
  
  f3fd32c0
Feb 12, 2020
- Upgrade id/auth (tracing) · 72395351
  ale authored 5 years ago
  
  72395351
Feb 06, 2020
- Upgrade go-common: handle a nil pointer deref · a1bb2db9
  ale authored 5 years ago
  
  a1bb2db9
- Upgrade go-common (enforce rpc timeouts) · 7c1711be
  ale authored 5 years ago
  
  7c1711be
Jan 06, 2020
- Update ai3/go-common/clientutil · 3ecaec92
  ale authored 5 years ago
  
  3ecaec92
Dec 20, 2019
- Register the Prometheus metrics · 0c0c8424
  ale authored 5 years ago
  
  0c0c8424
- Add Prometheus instrumentation for sso server internals · 1d049ac2
  ale authored 5 years ago
  
  Metrics cover specifically the authentication workflow.
  1d049ac2
- Trim spaces on submitted usernames · 5d8f8021
  ale authored 5 years ago
  
  5d8f8021
- Log the shard when we are unlocking a key · a7b1ae99
  ale authored 5 years ago
  
  a7b1ae99
- Always set the keystore shard in maybeUnlockKeystore() · 8d3f4507
  ale authored 5 years ago
  
  8d3f4507
- Pass a valid UserInfo to the login callback · 0a0ca7d5
  ale authored 5 years ago
  
  The sess.UserInfo is still unset at that stage, use valid information instead. This fixes a bug where keys were not being unlocked for users.
  0a0ca7d5
- Improve keystore test · 79a14158
  ale authored 5 years ago
  
  79a14158
- Remove debugging printf · 7417d7d5
  ale authored 5 years ago
  
  7417d7d5
- Add a grace time to the keystore TTL · 10aba630
  ale authored 5 years ago
  
  Just to cover edge cases when sessions are about to expire.
  10aba630
- Log successful authorizations (with ttl) · c31919d0
  ale authored 5 years ago
  
  c31919d0
- Check the deadline independently from securecookie · ca680333
  ale authored 5 years ago
  
  ca680333
Dec 19, 2019
- Use short names for fields in the JSON-encoded session · 79c42231
  ale authored 5 years ago
  
  Makes the authentication cookie quite shorter.
  79c42231
- Do not generate SSO tickets valid for longer than the auth session · ab1f1f82
  ale authored 5 years ago
  
  This prevents an error where the keystore will have invalid keys even in presence of a valid SSO ticket (because the parent auth session has expired already).
  ab1f1f82
- Add tests for the /exchange HTTP endpoint · e3651fe8
  ale authored 5 years ago
  
  e3651fe8
- Add tests for the Exchange method · 8238fdff
  ale authored 5 years ago
  
  8238fdff
- Add test for OTP login failure · babd8cbf
  ale authored 5 years ago
  
  babd8cbf
- Return 404 for unauthenticated requests to URLs that do not exist · 188a0870
  ale authored 5 years ago
  
  This avoids browsers messing up the session state (given that /login calls session.Reset) with requests to various kinds of well-known URLs that might not exist. Also add an integration test for a server with non-nil URL prefix.
  188a0870
- Save the UserInfo after a successful login · e0a361b6
  ale authored 5 years ago
  
  Fix a pretty fundamental error where group memberships could not be verified. Also adds tests to ensure this does not happen again.
  e0a361b6
- Add the URL prefix on the main webapp · 9ded75b5
  ale authored 5 years ago
  
  9ded75b5
- Update bindata for templates · 50b09416
  ale authored 5 years ago
  
  50b09416
- Added missing URL prefix to the unauthenticated redirect to login · 9220c57f
  ale authored 5 years ago
  
  9220c57f
- Add URL prefix to the site logo · 61369670
  ale authored 5 years ago
  
  61369670
- Merge branch 'better-login' into 'master' · 58b34085
  ale authored 5 years ago
  
  Refactor the login handler See merge request !6
  58b34085
Dec 18, 2019
- Add an integration test · dfe0056b
  ale authored 5 years ago
  
  dfe0056b
Dec 17, 2019

We no longer need a gorilla/mux in the main app · c2e0f43c
ale authored 5 years ago
```
Session handling no longer depends on gorilla/sessions.
```
c2e0f43c

Switch to a simpler session implementation · 1418640d

ale authored 5 years ago

Drop gorilla/sessions in favor of using gorilla/securecookie
directly (we use a single cookie anyway). Since securecookie already
has its own expiration timestamp, we can drop some stuff from httputil
as well.

1418640d

Fix callers of SSOWrapper · 655b0a9f
ale authored 5 years ago

655b0a9f

Dec 16, 2019

Use securecookie for the httpsso handler · 42482e82

ale authored 5 years ago

There is no need for the complex gorilla/sessions machinery for what
is basically a single cookie, so we switch to using
gorilla/securecookie directly.

42482e82