mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-08 23:23:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,476 Commits 20 Branches 50 Tags
a84b76e56a78d6ea213e0d80b74c03872bb571ee
Commit Graph

118 Commits

Author SHA1 Message Date
Ryan Richard
a84b76e56a audit log session ID in token handler for every grant type 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:02 -06:00
Joshua Casey
f388513145 resolve TODO by adding docs 2024-11-27 13:53:02 -06:00
Ryan Richard
c16ebe1707 add unit test for audit logging when token refresh updates groups 2024-11-27 13:53:02 -06:00
Ryan Richard
b54365c199 audit log request params on GET and POST login handlers 2024-11-27 13:53:02 -06:00
Ryan Richard
51d1cc7a96 refactor and add unit test for AuditRequestParams() 2024-11-27 13:53:02 -06:00
Ryan Richard
c06141c871 token handler uses common method to audit HTTP request parameters 2024-11-27 13:53:02 -06:00
Ryan Richard
eab3fde3af introduce common method to audit HTTP request parameters 2024-11-27 13:53:02 -06:00
Joshua Casey
611de03e01 Add audit event 'Incorrect Username Or Password' to auth_handler and audit event 'Using Upstream IDP' to callback_handler 2024-11-27 13:53:01 -06:00
Joshua Casey
de722332b1 Add audit logging to post_login_handler 2024-11-27 13:53:01 -06:00
Joshua Casey
37e12b4024 Start backfilling some audit unit tests in post_login_handler 2024-11-27 13:53:01 -06:00
Ryan Richard
e126ee5495 all callers of Audit() identify which keys may contain PII 2024-11-27 13:53:01 -06:00
Ryan Richard
c5f4cce3ae make Audit() take struct as param for all optional params and redact PII 2024-11-27 13:53:01 -06:00
Ryan Richard
ced8686d11 add config for audit logging, remove Audit() from Logger interface 
Co-authored-by: Joshua Casey <joshuatcasey@gmail.com>
 2024-11-27 13:53:01 -06:00
Joshua Casey
76f6b725b8 Fix some rebase conflicts 2024-11-27 13:53:01 -06:00
Joshua Casey
f4f393e5de Audit event 'HTTP Request Completed' will now log the location with err, error, and error_description query parameters 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:01 -06:00
Joshua Casey
2db5dda266 Add last audit log unit tests to auth_handler 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:01 -06:00
Ryan Richard
8cf9c59957 refactor to move audit event message types to their own pkg 2024-11-27 13:53:01 -06:00
Ryan Richard
088556193d auth handler audit logs headers and params when http method is wrong 
also refactor some related code into a helper, and fix linter errors
 2024-11-27 13:53:01 -06:00
Joshua Casey
18d3ab3d15 The 'HTTP Request Parameters' audit event now logs params as a JSON object 2024-11-27 13:53:01 -06:00
Joshua Casey
dc6faa33bb Log params to token_handler endpoint even during error cases 2024-11-27 13:53:01 -06:00
Joshua Casey
0d22ae2c1a Fix lint and unit test compilation 2024-11-27 13:53:01 -06:00
Joshua Casey
362d982906 Start to backfill some audit unit tests for the token_handler 2024-11-27 13:53:01 -06:00
Ryan Richard
1006dd9379 resolve some todos 2024-11-27 13:53:01 -06:00
Joshua Casey
369316556a Add configuration to audit internal endpoints and backfill unit tests 2024-11-27 13:53:01 -06:00
Joshua Casey
cf4b29de4b Clarify docs 2024-11-27 13:53:00 -06:00
Joshua Casey
09ca7920ea Extract testutil helper function 2024-11-27 13:53:00 -06:00
Joshua Casey
9994e033b2 Add audit event tests for login_handler 2024-11-27 13:53:00 -06:00
Joshua Casey
dd56f2b47f Add audit event tests for callback_handler 2024-11-27 13:53:00 -06:00
Joshua Casey
dd42f35db0 plog.TestLogger returns a buffer that holds the logs 
# Conflicts:
#	internal/controller/apicerts/certs_expirer_test.go
#	internal/plog/plog_test.go
#	internal/plog/testing.go
#	pkg/oidcclient/login_test.go
 2024-11-27 13:53:00 -06:00
Joshua Casey
a67af9455b Refactor: don't copy the loop variable in test loops 2024-11-27 13:53:00 -06:00
Joshua Casey
d729c82f84 fix lint 2024-11-27 13:53:00 -06:00
Joshua Casey
44e218194b Add 'AuthorizeID From Parameters' audit logs to the /callback and /login endpoints 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:00 -06:00
Joshua Casey
bf1e37f149 Use a helper to verify audit messages 2024-11-27 13:53:00 -06:00
Joshua Casey
aee56c388f Check the sessionID as well 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-11-27 13:53:00 -06:00
Joshua Casey
fd5a10bee7 WIP: Add audit event when upstream redirect occurs and backfill tests 2024-11-27 13:53:00 -06:00
Ryan Richard
4f9530eec7 audit logging WIP 2024-11-27 13:53:00 -06:00
Joshua Casey
08abff1cae Bump golanglint-ci to 1.60.3 2024-09-04 20:52:01 -05:00
Ryan Richard
f194594e5b failed token exchanges should show in log at default log config 2024-08-22 10:09:19 -07:00
Joshua Casey
2d5943b21a Move conditions reason Success to conditions_util 2024-08-05 11:32:19 -07:00
Ryan Richard
e5cfa521da remove unnecessary warning log message 
This message is not needed because the IDP chooser page will take
care of the case where a browser-based authorization flow did not
request any specific IDP. For browserless flows (only allowed for
the `pinniped-cli` client), the client must request a specific IDP
(except in backwards-compatibility mode) because there is no browser
in which to show the IDP chooser page. Failing to request a specific
IDP in a browserless flow will result in a helpful error message
being returned.
 2024-07-10 09:32:23 -07:00
Ryan Richard
0380a9ce33 upgrade github.com/go-jose/go-jose and github.com/coreos/go-oidc 
Also standardize some related imports and fix some whitespace in a test
 2024-06-21 11:16:40 -07:00
Joshua Casey
678be9902a Lint new files from the GitHub branch 2024-06-11 10:16:18 -05:00
Joshua Casey
bafd578866 Merge branch 'main' into jtc/add-importas-linter 2024-06-11 09:39:48 -05:00
Joshua Casey
58b4ecc0aa user sees error msg when GitHub login is denied due to allowed orgs 
Also renamed an interface function from GetName to GetResourceName.

Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-06-03 10:56:28 -07:00
Ryan Richard
bb9cb739c6 more unit tests for github in token_handler_test.go 2024-05-29 08:55:41 -07:00
Joshua Casey
cc8d637715 Fix lint 2024-05-28 20:33:55 -05:00
Joshua Casey
d3fb567fdb Add callback_handler tests for GitHub+IdentityTransformations 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 15:59:52 -05:00
Joshua Casey
8b1e5aa320 Add callback_handler tests to confirm GitHub with downstream form_post and GitHub with an error case 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 15:17:04 -05:00
Joshua Casey
37e654faa0 bunch of renames 
Co-authored-by: Ryan Richard <richardry@vmware.com>
 2024-05-28 13:41:52 -05:00
Ryan Richard
f323690049 refactor upstream refresh test helpers to be more specific to IDP type 2024-05-23 13:35:31 -07:00