authenticate: validate origin of signout (#1876)

* authenticate: validate origin of signout

- add a debug task to kill envoy
- improve various function docs
- userinfo: return "error" page if user is logged out without redirect uri set
- remove front channel logout. There's little difference between it, and the signout function.

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
bobby 2021-02-11 21:37:54 -08:00 committed by GitHub
parent 9fd58f9b8a
commit c3e3ed9b50
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 174 additions and 182 deletions

View file

@ -12,7 +12,13 @@
<div class="header clearfix">
<div class="heading">
<a href="{{.RedirectURL}}" class="logo"></a>
<span><a class="button" href="{{.SignOutURL}}">Logout</a></span>
<span>
<form action="{{.SignOutURL}}" method="post">
{{.csrfField}}
<input type="hidden" name="pomerium_redirect_uri" value="{{.RedirectURL}}">
<input class="button" type="submit" value="Logout"/>
</form>
</span>
</div>
</div>
<div class="content">

View file

@ -458,6 +458,7 @@ table tbody tr:nth-child(2n + 1) td {
background: #f6f9fc;
}
input,
button,
a.button {
background: #6e43e8;
@ -468,22 +469,10 @@ a.button {
color: #f6f9fc;
font-weight: 500;
padding: 0 12px;
/* line-height: 32px; */
cursor: pointer;
outline: none;
display: inline-block;
text-decoration: none;
text-transform: none;
}
.button {
background: white;
box-shadow: rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0) 0px 0px 0px 0px,
rgba(0, 0, 0, 0.12) 0px 1px 1px 0px, rgba(60, 66, 87, 0.16) 0px 0px 0px 1px,
rgba(0, 0, 0, 0) 0px 0px 0px 0px, rgba(0, 0, 0, 0) 0px 0px 0px 0px,
rgba(60, 66, 87, 0.12) 0px 2px 5px 0px;
/* box-shadow: 0 2px 5px 0 rgba(50, 50, 93, .20), 0 1px 1px 0 rgba(0, 0, 0, .14); */
color: var(--sail-color-text);
margin-top: 2px;
transition: box-shadow 150ms ease-in-out;
}

File diff suppressed because one or more lines are too long