| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-12-08 | OAuth: Remove ISS check | jwijenbergh | |
| Too many issues with upstream servers. Needs disco v3 changes | |||
| 2023-10-25 | Format: Run Gofumpt | jwijenbergh | |
| 2023-04-18 | OAuth Token: Set previous refresh token if new refresh token is empty | jwijenbergh | |
| This is for 2.x servers that return an empty refresh token after refreshing | |||
| 2023-03-01 | Format: Run black and gofumpt | jwijenbergh | |
| 2023-02-28 | API + OAuth: Add some debug logging for tokens | jwijenbergh | |
| 2023-02-27 | OAuth: Use a sync.Once to only handle the request once | jwijenbergh | |
| This prevents someone from spamming the local redirect URI and sending additional outgoing token requests to the legitimate server | |||
| 2023-02-17 | Refactor: Improve some errors by using errors.New and add context | jwijenbergh | |
| 2023-02-16 | OAuth: Make ISS required | jwijenbergh | |
| 2023-02-16 | Format: Run gofumpt | jwijenbergh | |
| 2023-01-31 | HTTP + Util: Always set the scheme to HTTPS | jwijenbergh | |
| 2023-01-12 | OAuth: Properly cache the Client ID | jwijenbergh | |
| 2023-01-06 | Refactor: Re-use a HTTP client | jwijenbergh | |
| 2023-01-04 | OAuth: Add auth url test | jwijenbergh | |
| 2023-01-04 | OAuth Test: Include tests for state, challenger and tokens | jwijenbergh | |
| 2023-01-03 | Format: Run gofumpt | jwijenbergh | |
| 2022-12-21 | Exports + OAuth + Server: Forward tokens to getting a config | jwijenbergh | |
| 2022-12-21 | OAuth: Do not export ExchangeSession | jwijenbergh | |
| 2022-12-21 | OAuth: Use a mutex to protect the token structure | jwijenbergh | |
| 2022-12-15 | OAuth: Ignore liniting error when closing server | jwijenbergh | |
| 2022-12-15 | OAuth: Use a channel to communicate handler errors | jwijenbergh | |
| 2022-12-12 | Format: Run gofumpt | jwijenbergh | |
| 2022-12-12 | OAuth: Minor style changes | jwijenbergh | |
| 2022-12-12 | simplify error handling | Aleksandar Pesic | |
| fixes #6 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com> | |||
| 2022-12-08 | OAuth: Comment fixes | jwijenbergh | |
| Minor changes from PR #9 Co-authored-by: fkooman <fkooman@tuxed.net> | |||
| 2022-11-28 | OAuth: Define ReadHeaderTimeout | jwijenbergh | |
| 2022-11-28 | OAuth Listener: Explicitly specify localhost | jwijenbergh | |
| 2022-11-28 | Formatting: Run golines | jwijenbergh | |
| 2022-11-28 | Formatting: Run gofumpt -w | jwijenbergh | |
| 2022-11-28 | Refactor: Fix revive linter errors by deleting redundant prefixes | jwijenbergh | |
| 2022-11-28 | OAuth: Refactor Token getting and do not save them in the config | jwijenbergh | |
| This commit refactors getting the tokens into receiver methods. This means that functions do not have to call the cryptic "EnsureTokens" method. The receiver getter then already verifier whether or not the tokens could be obtained (and refreshes too). The downside is that some things are now private, so testing for invalid tokens needs to be done somewhere else. This needs another patch such that clients can save the tokens themselves using a keyring. | |||
| 2022-11-28 | Lint: Run godot fix | jwijenbergh | |
| Full command: golangci-lint run --disable-all -E godot --fix | |||
| 2022-11-28 | Refactor: Remove most get prefixes for receiver functions | jwijenbergh | |
| 2022-11-28 | Document: Add comments for most functions and packages | jwijenbergh | |
| Errors and test files still need to be done. Also some getters are changed by removing the 'get' prefix | |||
| 2022-11-24 | Style: Use stylecheck and fix errors | jwijenbergh | |
| 2022-11-24 | Util: Get rid of current time helper | jwijenbergh | |
| Fixes #5 | |||
| 2022-10-19 | OAuth + Server: Fix ISS for secure internet | jwijenbergh | |
| The wrong base url was used. Use the one from the home server NOT the current location | |||
| 2022-10-19 | Refactor: Make errors use the parent's error level | jwijenbergh | |
| - All wrapped errors have to be created with types.NewWrappedError to inherit the error level from the parent - Or types.NewWrappedErrorLevel can be used which means a custom error level is given. For example this is done with cancelling OAuth - Client public errors are forwarded with handleError that also logs it with the error's level | |||
| 2022-10-18 | OAuth: Do not use url.Values Has(), only use Get() | jwijenbergh | |
| Has() was only added in Go 1.17 | |||
| 2022-10-17 | OAuth: Use values Has and Get functions and check state after ISS | jwijenbergh | |
| 2022-10-17 | OAuth: Implement Authorization Server Issuer Identification (ISS) | jwijenbergh | |
| - This patch implements ISS checking according to RFC 9207 https://datatracker.ietf.org/doc/html/rfc9207 - This tries to prevent so called "mix-up" attacks where the client is fooled into authorizing with an honest AS through a malicious entity | |||
| 2022-10-13 | OAuth: Add a TODO note about ISS | jwijenbergh | |
| 2022-10-13 | OAuth: Wrap template errors | jwijenbergh | |
| 2022-10-13 | OAuth: Return HTML response on authorized | jwijenbergh | |
| HTML Template adapted from: https://github.com/eduvpn/apple/blob/5b18f834be7aebfed00570ae0c2f7bcbaf1c69cc/EduVPN/Helpers/Mac/OAuthRedirectHTTPHandler.m#L25 | |||
| 2022-10-13 | Format: Run gofumpt | jwijenbergh | |
| 2022-10-06 | OAuth: Use an available port instead of the hard-coded 8000 | jwijenbergh | |
| 2022-09-26 | OAuth: Verifier and State docs improvement | jwijenbergh | |
| 2022-09-26 | OAuth: Add verifier tests | jwijenbergh | |
| 2022-09-26 | Refactor: Errors into custom export types and expose types | jwijenbergh | |
| 2022-09-20 | Module: Move to eduvpn/eduvpn-common | jwijenbergh | |
| 2022-09-20 | Golang-ci-lint: Fixes | jwijenbergh | |
 |
index : eduvpn-common | |
| Fork of codeberg.org/eduVPN/eduvpn-common for <b>reasons</b> | herk |
| summaryrefslogtreecommitdiff |