-
Notifications
You must be signed in to change notification settings - Fork 2
Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 in /k8s #33
Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 in /k8s #33
Commits on Nov 22, 2019
-
Implement multiple modes of issuer claim validation
Some IDPs (e.g. Microsoft) create tokens whose `iss` claim can vary from user to user. Under the current version, UAA was unable to integrate with these providers because it requires a single, specific issuer value to be present. To enable UAA to integrate with providers who do this, we implement different modes for validating the `iss` claim, under the `issuerValidationMode` configuration property for OIDC providers The modes are STRICT The default behaviour. The string in the `iss` claim and the configured issuer URL must match exactly. DOMAIN_ONLY The value of the `iss` claim and the configured issuer URL must be URLs. They are considered to match if their domains match. Subdomains are not considered to match a parent domain.
Configuration menu - View commit details
-
Copy full SHA for 8bb0268 - Browse repository at this point
Copy the full SHA 8bb0268View commit details -
Do not expire invitations on GET requests
At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server).
Configuration menu - View commit details
-
Copy full SHA for c5cf77d - Browse repository at this point
Copy the full SHA c5cf77dView commit details
Commits on Feb 10, 2020
-
Implement multiple modes of issuer claim validation
Some IDPs (e.g. Microsoft) create tokens whose `iss` claim can vary from user to user. Under the current version, UAA was unable to integrate with these providers because it requires a single, specific issuer value to be present. To enable UAA to integrate with providers who do this, we implement different modes for validating the `iss` claim, under the `issuerValidationMode` configuration property for OIDC providers The modes are STRICT The default behaviour. The string in the `iss` claim and the configured issuer URL must match exactly. DOMAIN_ONLY The value of the `iss` claim and the configured issuer URL must be URLs. They are considered to match if their domains match. Subdomains are not considered to match a parent domain.
Configuration menu - View commit details
-
Copy full SHA for 939b15d - Browse repository at this point
Copy the full SHA 939b15dView commit details -
Do not expire invitations on GET requests
At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server).
Configuration menu - View commit details
-
Copy full SHA for ecff013 - Browse repository at this point
Copy the full SHA ecff013View commit details
Commits on Feb 12, 2020
-
Merge pull request #15 from alphagov/bump-uaa-74.13
[#171053583] Bump UAA to v74.13.0
Configuration menu - View commit details
-
Copy full SHA for d58f4f8 - Browse repository at this point
Copy the full SHA d58f4f8View commit details
Commits on Feb 21, 2020
-
Implement multiple modes of issuer claim validation
Some IDPs (e.g. Microsoft) create tokens whose `iss` claim can vary from user to user. Under the current version, UAA was unable to integrate with these providers because it requires a single, specific issuer value to be present. To enable UAA to integrate with providers who do this, we implement different modes for validating the `iss` claim, under the `issuerValidationMode` configuration property for OIDC providers The modes are STRICT The default behaviour. The string in the `iss` claim and the configured issuer URL must match exactly. DOMAIN_ONLY The value of the `iss` claim and the configured issuer URL must be URLs. They are considered to match if their domains match. Subdomains are not considered to match a parent domain.
Configuration menu - View commit details
-
Copy full SHA for 35e7d78 - Browse repository at this point
Copy the full SHA 35e7d78View commit details -
Do not expire invitations on GET requests
At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server).
Configuration menu - View commit details
-
Copy full SHA for 078e6e0 - Browse repository at this point
Copy the full SHA 078e6e0View commit details
Commits on Feb 24, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 7180d38 - Browse repository at this point
Copy the full SHA 7180d38View commit details
Commits on Apr 15, 2020
-
Implement multiple modes of issuer claim validation
Some IDPs (e.g. Microsoft) create tokens whose `iss` claim can vary from user to user. Under the current version, UAA was unable to integrate with these providers because it requires a single, specific issuer value to be present. To enable UAA to integrate with providers who do this, we implement different modes for validating the `iss` claim, under the `issuerValidationMode` configuration property for OIDC providers The modes are STRICT The default behaviour. The string in the `iss` claim and the configured issuer URL must match exactly. DOMAIN_ONLY The value of the `iss` claim and the configured issuer URL must be URLs. They are considered to match if their domains match. Subdomains are not considered to match a parent domain.
Configuration menu - View commit details
-
Copy full SHA for 156725b - Browse repository at this point
Copy the full SHA 156725bView commit details -
Do not expire invitations on GET requests
At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server).
Configuration menu - View commit details
-
Copy full SHA for fec6193 - Browse repository at this point
Copy the full SHA fec6193View commit details
Commits on Apr 17, 2020
-
Merge pull request #18 from alphagov/bump-to-74.16.0
Bump UAA to 74.16.0
Toby Lorne authoredApr 17, 2020 Configuration menu - View commit details
-
Copy full SHA for a184d7d - Browse repository at this point
Copy the full SHA a184d7dView commit details
Commits on May 18, 2020
-
Implement multiple modes of issuer claim validation
Some IDPs (e.g. Microsoft) create tokens whose `iss` claim can vary from user to user. Under the current version, UAA was unable to integrate with these providers because it requires a single, specific issuer value to be present. To enable UAA to integrate with providers who do this, we implement different modes for validating the `iss` claim, under the `issuerValidationMode` configuration property for OIDC providers The modes are STRICT The default behaviour. The string in the `iss` claim and the configured issuer URL must match exactly. DOMAIN_ONLY The value of the `iss` claim and the configured issuer URL must be URLs. They are considered to match if their domains match. Subdomains are not considered to match a parent domain.
Configuration menu - View commit details
-
Copy full SHA for e5f734a - Browse repository at this point
Copy the full SHA e5f734aView commit details -
Do not expire invitations on GET requests
At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server).
Configuration menu - View commit details
-
Copy full SHA for c8732a6 - Browse repository at this point
Copy the full SHA c8732a6View commit details
Commits on May 20, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 904108f - Browse repository at this point
Copy the full SHA 904108fView commit details
Commits on May 27, 2020
-
Merge pull request #19 from alphagov/bump-to-74.18.0
[#172697662] Bump UAA to 74.18.0
Lee Porte authoredMay 27, 2020 Configuration menu - View commit details
-
Copy full SHA for 2b47419 - Browse repository at this point
Copy the full SHA 2b47419View commit details
Commits on Nov 26, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 01e1681 - Browse repository at this point
Copy the full SHA 01e1681View commit details
Commits on Jan 20, 2021
-
Do not expire invitations on GET requests
At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server).
Configuration menu - View commit details
-
Copy full SHA for 652bde2 - Browse repository at this point
Copy the full SHA 652bde2View commit details
Commits on Jan 21, 2021
-
Do not expire invitations on GET requests
At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server).
Configuration menu - View commit details
-
Copy full SHA for a1e25aa - Browse repository at this point
Copy the full SHA a1e25aaView commit details
Commits on Feb 1, 2021
-
Configuration menu - View commit details
-
Copy full SHA for cd1eab6 - Browse repository at this point
Copy the full SHA cd1eab6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 727be41 - Browse repository at this point
Copy the full SHA 727be41View commit details
Commits on Feb 2, 2021
-
Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0 in /k8s
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.14.2 to 1.15.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v1.14.2...v1.15.0) Signed-off-by: dependabot[bot] <support@github.com>
Configuration menu - View commit details
-
Copy full SHA for 6230694 - Browse repository at this point
Copy the full SHA 6230694View commit details