3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-03 18:08:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

sessions: check idp id to detect provider changes to force session invalidation

Browse source
This commit is contained in:
Caleb Doxsey 2022-10-25 14:23:06 -06:00
parent 3f7a482815
commit 6ceba8ed72
12 changed files with 265 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

8
proxy/state.go
View file

@ -9,8 +9,6 @@ import (
"github.com/pomerium/pomerium/internal/encoding/jws"
"github.com/pomerium/pomerium/internal/sessions"
"github.com/pomerium/pomerium/internal/sessions/cookie"
"github.com/pomerium/pomerium/internal/sessions/header"
"github.com/pomerium/pomerium/internal/sessions/queryparam"
"github.com/pomerium/pomerium/pkg/cryptutil"
)
@ -26,7 +24,6 @@ type proxyState struct {
encoder encoding.MarshalUnmarshaler
cookieSecret []byte
sessionStore sessions.SessionStore
sessionLoaders []sessions.SessionLoader
jwtClaimHeaders config.JWTClaimHeaders
programmaticRedirectDomainWhitelist []string
@ -84,11 +81,6 @@ func newProxyStateFromConfig(cfg *config.Config) (*proxyState, error) {
if err != nil {
return nil, err
}
state.sessionLoaders = []sessions.SessionLoader{
state.sessionStore,
header.NewStore(state.encoder),
queryparam.NewStore(state.encoder, "pomerium_session"),
}
state.programmaticRedirectDomainWhitelist = cfg.Options.ProgrammaticRedirectDomainWhitelist
return state, nil