Use existing code for audit log #63
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* docs/fix-go-install-instruction * use correct tense
<!--- Provide a general summary of your changes in the Title above --> ## Description <!--- Describe your changes in detail --> ## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here. --> ## How Has This Been Tested? <!--- Please describe in detail how you tested your changes. --> <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [ ] My change requires a change to the documentation or CHANGELOG. - [ ] I have updated the documentation/CHANGELOG accordingly. - [ ] I have created a feature (non-master) branch for my PR.
docs: fix search
Upgraded all modules to the latest version
…e-3.x chore(deps): update alpine docker tag to v3.20.0
…ns-configure-pages-5.x chore(deps): update actions/configure-pages action to v5
… v0.44.2 Merge pull request oauth2-proxy#2683 from oauth2-proxy/renovate/npm
chore(deps): update gomod
## Description Isolating PICS custom changes ## Motivation and Context It's hard to understand what are our custom changes and what is from OAuth2-Proxy main repo ## How Has This Been Tested? Created a local container image of the oauth-proxy from this PR and integrated it with Reporting locally. - run in the root of this repo - docker buildx build -t oauth-local . - Updated FROM statement in pics/src/services/Oauth2Proxy/Dockerfile to - FROM oauth-local The following flows were checked: - Login - Audit logs - Logout ## Checklist: - [x] Isolating some dunction in separated files - [x] Creating a folder for Pics packages
…e Go1.22 (loopvar) this linter is no longer relevant. Replaced by copyloopvar
## Description Merge from Upstream/Release/7.7.1 AB#1611455 ## Motivation and Context Keeping OAuth2-Proxy up-to-date with the upstream ## How Has This Been Tested? Created a local container image of the oauth-proxy from this PR and integrated it with Reporting locally. - run in the root of this repo - docker buildx build -t oauth-local . - Updated FROM statement in pics/src/services/Oauth2Proxy/Dockerfile to - FROM oauth-local The following flows were checked: - Login - Audit logs - Logout ## Checklist: - [x] Merge from Upstream/Release/7.7.1
<!--- Provide a general summary of your changes in the Title above --> ## Description <!--- Describe your changes in detail --> For Story AB#1618387 Adding function to audit log 'logout for all session'. Reference documentation: https://hl7.org/fhir/valueset-audit-event-type.html https://hl7.org/fhir/R4/codesystem-dicom-dcim.html#dicom-dcim-110114 ## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here. --> ## How Has This Been Tested? Tested locally with webhook. Build a new docker image in wsl with `docker buildx build -t oauth-local:v0.0.3 .` Update the docker-compose.yml file to Updated the environment variable for .env.oauth2-proxy.us-east Adding => `OAUTH2_PROXY_AUDIT_URL=https://webhook.site/0d7939ba-13f3-4cbc-ac2c-b814a3add0ca` The audit logging is posted to the webhook => ` { "resourceType": "AuditEvent", "event": { "type": { "system": "http://hl7.org/fhir/ValueSet/audit-event-type", "version": "1", "code": "110123", "display": "Logout", "userSelected": "All Sessions" }, "action": "E", "dateTime": "2024-12-19T12:44:30Z", "outcome": "0", "outcomeDesc": "Success" }, "participant": [ { "userId": { "value": "SECRET" }, "altId": "SECRET", "requestor": true } ], "source": { "identifier": { "type": { "system": "http://hl7.org/fhir/ValueSet/audit-source-type", "code": "4", "display": "Application Server" }, "value": "[email protected]" }, "type": [ { "system": "http://hl7.org/fhir/security-source-type", "code": "1", "display": "End-user display device, diagnostic device." } ], "extension": [ { "url": "/worklist", "extension": [ { "url": "applicationName", "valueString": "ReportingTest" }, { "url": "applicationVersion", "valueString": "1" }, { "url": "serverName", "valueString": "oauth2proxy" }, { "url": "componentName", "valueString": "oauth2proxy" }, { "url": "productKey", "valueString": "SECRET" }, { "url": "tenant", "valueString": "SECRET" } ] } ] } } ` ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [ ] My change requires a change to the documentation or CHANGELOG. - [ ] I have updated the documentation/CHANGELOG accordingly. - [ ] I have created a feature (non-master) branch for my PR. - [ ] I have written tests for my code changes.
## Description Adding support for `/sign_out_all_sessions`. /sign_out_all_sessions endpoint will remove the current session and make a POST request to IAM, configured via `OAUTH2_PROXY_BACKEND_LOGOUT_ALL_SESSIONS_URL` env, to invalidate all the tokens and sessions. This will not invalidate other user sessions. Once the tokens and sessions are invalidated, after the refresh token period defined on the `OAUTH2_PROXY_COOKIE_REFRESH` env, OAuth will fail to refresh the access token and clear that session. related to: - philips-internal/pics-foundation-envoy#105 - philips-internal/pics#3006 [AB#1579962](https://tfsemea1.ta.philips.com/tfs/TPC_Region11/0839b845-d626-4499-94ae-563a86a88d0a/_workitems/edit/1579962) ## Motivation and Context Possibility for signing out on all devices. ## How Has This Been Tested? Integrated locally with PICS by running binary. Docs [here](https://github.com/philips-internal/pics/blob/main/src/services/Oauth2Proxy/docs/development.md). ## Checklist: - [x] Add OAUTH2_PROXY_BACKEND_LOGOUT_ALL_SESSIONS_URL env - [x] Add /sign_out_all_sessions endpoint - [x] Remove other user sessions when tokens are invalid
## Description Small fix in the oidc cookie refresh log message (the params were inverted).
## Description - [x] Adding audit log to logout all sessions - [x] Updating variable name AB#1437807 ## Motivation and Context Audit log for logout all sessions ## How Has This Been Tested? Locally integrated with PICS. Used webhook to receive the audit entry. ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] My change requires a change to the documentation or CHANGELOG. - [x] I have updated the documentation/CHANGELOG accordingly. - [x] I have created a feature (non-master) branch for my PR.
|
close pR, wrong branch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Motivation and Context
How Has This Been Tested?
Checklist: