summaryrefslogtreecommitdiff
path: root/internal/oauth
AgeCommit message (Collapse)Author
2022-10-19OAuth + Server: Fix ISS for secure internetjwijenbergh
The wrong base url was used. Use the one from the home server NOT the current location
2022-10-19Refactor: Make errors use the parent's error leveljwijenbergh
- All wrapped errors have to be created with types.NewWrappedError to inherit the error level from the parent - Or types.NewWrappedErrorLevel can be used which means a custom error level is given. For example this is done with cancelling OAuth - Client public errors are forwarded with handleError that also logs it with the error's level
2022-10-18OAuth: Do not use url.Values Has(), only use Get()jwijenbergh
Has() was only added in Go 1.17
2022-10-17OAuth: Use values Has and Get functions and check state after ISSjwijenbergh
2022-10-17OAuth: Implement Authorization Server Issuer Identification (ISS)jwijenbergh
- This patch implements ISS checking according to RFC 9207 https://datatracker.ietf.org/doc/html/rfc9207 - This tries to prevent so called "mix-up" attacks where the client is fooled into authorizing with an honest AS through a malicious entity
2022-10-13OAuth: Add a TODO note about ISSjwijenbergh
2022-10-13OAuth: Wrap template errorsjwijenbergh
2022-10-13OAuth: Return HTML response on authorizedjwijenbergh
HTML Template adapted from: https://github.com/eduvpn/apple/blob/5b18f834be7aebfed00570ae0c2f7bcbaf1c69cc/EduVPN/Helpers/Mac/OAuthRedirectHTTPHandler.m#L25
2022-10-13Format: Run gofumptjwijenbergh
2022-10-06OAuth: Use an available port instead of the hard-coded 8000jwijenbergh
2022-09-26OAuth: Verifier and State docs improvementjwijenbergh
2022-09-26OAuth: Add verifier testsjwijenbergh
2022-09-26Refactor: Errors into custom export types and expose typesjwijenbergh
2022-09-20Module: Move to eduvpn/eduvpn-commonjwijenbergh
2022-09-20Golang-ci-lint: Fixesjwijenbergh
2022-09-20Go vet: Fixesjwijenbergh
2022-09-14Refactor: Return without jsonjwijenbergh
2022-09-08OAuth: Separate login functions to get rid of callbackjwijenbergh
2022-09-07Refactor: Remove the usage of the FSM in other internal packagesjwijenbergh
This removes the FSM from being imported and thus used in other internal packages such as `oauth` or `server`. The benefit is that it becomes much easier now to reason about the FSM as it's only used in the public package. Additionally, we do not have to re-initialize the server and the oauth structure with the FSM pointer.
2022-08-23Formatting: Run golinesjwijenbergh
2022-08-09Formatting: Run gofumptjwijenbergh
2022-08-09Refactor: Cleanup time calculations and usagejwijenbergh
2022-07-20Refactor: Do not log in internal packagesjwijenbergh
The reason behind this is that we then do not have to pass a lot to each function. Logging inside internal packages is less useful as we want to let them return errors and only log in the 'public' facing API or let the client decide
2022-07-11OAuth: Make OAuth cancel error less confusingjwijenbergh
2022-07-05Refactor: Handling of different servers and identifiersjwijenbergh
- Uses OrgID for Secure Internet and gets the data from discovery - Uses URL for Institute/Custom and gets the data from discovery - Implements SKIP WAYF as we now have the needed data - Implements an initial change location with a default location (NL right now)
2022-06-20Refactor: Errors to have one custom type that is to be wrappedjwijenbergh
- For this an `internal/types` package is created with a custom error type - This custom error type can give back the cause and traceback of an error
2022-09-20Server: Implement function for checking renewal button visibilityjwijenbergh