paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
74,082 Commits 1 Branch 0 Tags
eca61bc02e5bbd7fdc1ab2f6d282ffe3ef9f5569
Commit Graph

151 Commits

Author SHA1 Message Date
Andre Wanlin 2f33a9f63f Fixes for non-breaking typos and typos configuration 
Signed-off-by: Andre Wanlin <awanlin@spotify.com>

More

Signed-off-by: Andre Wanlin <awanlin@spotify.com>
 2026-04-29 16:54:05 -05:00
Fredrik Adelöw e9b78e9698 Remove uuid dependency in favor of crypto.randomUUID() 
The uuid package dropped its CommonJS entry point in v14, making it
incompatible with Backstage's CJS build output and Jest test runner.
Rather than working around the ESM-only issue, replace all usage with
the built-in crypto.randomUUID() which has been available in Node.js
since v16.7 and in all major browsers since March 2022.

Signed-off-by: Fredrik Adelöw <freben@spotify.com>
Made-with: Cursor
 2026-04-23 10:51:43 +02:00
Jack Palmer 208cf5f922 fix(auth): add security hardening and federated config for Auth0 logout 
Add server-side URL validation for logoutUrl (HTTPS + localhost only),
origin validation on the logout endpoint, and a configurable `federated`
option (default false) for Auth0 provider logout. Includes comprehensive
test coverage for all security controls.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jack Palmer <jackpalmer@spotify.com>
 2026-04-01 13:06:43 +01:00
Jack Palmer 3532be4763 fix(auth): harden logout redirect with origin validation and protocol check 
Add origin allowlist validation in the OAuth logout handler (matching
the existing start/refresh pattern) and validate the logoutUrl protocol
on the frontend before redirecting. Also replace inline type annotation
with the named OAuthAuthenticatorLogoutResult type.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jack Palmer <jackpalmer@spotify.com>
 2026-04-01 13:06:43 +01:00
Jonathan Roebuck 9244b70c57 chore: add changesets, update API reports, fix type errors 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>
 2026-03-31 16:20:23 +01:00
Jonathan Roebuck 0ef5a03fb3 feat(auth-node): return logoutUrl in logout response when provided by authenticator 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>
 2026-03-31 16:20:23 +01:00
Jonathan Roebuck fec31bdde5 feat(auth-node): add OAuthAuthenticatorLogoutResult type for provider logout redirects 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jonathan Roebuck <jroebuck@spotify.com>
 2026-03-31 16:20:23 +01:00
Jon Koops fa550786b0 fix: use schema-first generic pattern for Zod type compatibility 
Refactor `SignInResolverFactoryOptions` and `createSchemaFromZod` to use
`TSchema extends ZodType` instead of `ZodSchema<Output, Def, Input>`,
avoiding "excessively deep" TypeScript inference errors when multiple
Zod copies are resolved in a project.

Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2026-03-26 16:31:41 +01:00
Gabriel Dugny e6c41459f5 chore: Switch some zod imports to type only 
Signed-off-by: Gabriel Dugny <gabriel.dugny@believe.com>
 2026-03-17 16:48:43 +01:00
Gabriel Dugny 49171c9de4 chore: Update all imports to zod/v3 
Signed-off-by: Gabriel Dugny <gabriel.dugny@believe.com>
 2026-03-17 16:48:42 +01:00
Fredrik Adelöw 7455dae884 require the use of node prefix on native imports 
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
 2026-01-26 13:22:53 +01:00
Jon Koops 4eeba9ed61 Upgrade zod-validation-error to version 4 
Signed-off-by: Jon Koops <jonkoops@gmail.com>
 2026-01-14 14:46:55 +01:00
Dominik Bargowski b35f8b2ac8 fix(auth): fix edge case related to new chunked oauth token cookie having less chunks than previous one and refactor for readability 
Signed-off-by: Dominik Bargowski <dominik.bargowski@gmail.com>
 2025-12-10 19:58:31 +01:00
Jessica He e9dd634664 fix(auth): update cookie deletion logic for chunked cookies 
Signed-off-by: Jessica He <jhe@redhat.com>
 2025-12-05 09:18:05 -05:00
Fredrik Adelöw 2e09a29a40 improve auth flake 
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
 2025-12-03 12:32:36 +01:00
Jessica He 2389358126 fix(auth): remove leading dot in auth cookie cleanup 
Signed-off-by: Jessica He <jhe@redhat.com>
 2025-11-24 12:25:18 -05:00
Paul Schultz 05f60e1e0a refactor: convert constructor parameter properties for erasableSyntaxOnly compatibility 
Signed-off-by: Paul Schultz <pschultz@pobox.com>
 2025-10-14 08:29:21 -05:00
Jessica He 3aff9e1213 remove domain attribute to set OAuth cookies as host-only 
Signed-off-by: Jessica He <jhe@redhat.com>
 2025-08-19 15:24:18 -04:00
Fredrik Adelöw 0169b23ed3 just a few more circular dependencies 
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
 2025-06-16 10:43:28 +02:00
Jessica He 5cc1f7f3ed Address feedback 
Signed-off-by: Jessica He <jhe@redhat.com>
 2025-05-07 15:19:49 +09:00
Jessica He c30d1a9963 introduce dangerouslyAllowSignInWithoutUserInCatalog auth resolver config 
Signed-off-by: Jessica He <jhe@redhat.com>
 2025-04-30 10:35:39 +09:00
Patrik Oldsberg 332e934112 auth-node: add optional identity to sign-in result 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2025-04-23 19:11:09 +02:00
Patrik Oldsberg b6702ea5a2 auth-backend: move getDefaultOwnershipEntityRefs to resolver context 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2025-02-27 13:38:19 +01:00
Ben Lambert 620de76e57 Merge pull request #28800 from jmadureira/oauth_authenticate_errors 
Handle errors during an oauth start stage
 2025-02-18 15:34:57 +01:00
Patrik Oldsberg ab9a6fb321 auth-node: add scopeAlreadyGranted field 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2025-02-12 12:39:54 +01:00
João Madureira 5838e02101 Fixed some styling issues 
Signed-off-by: João Madureira <jpmadureira@gmail.com>
 2025-02-11 13:47:22 +00:00
João Madureira 3b494fa900 Handle errors during an oauth start stage 
Signed-off-by: João Madureira <jpmadureira@gmail.com>
 2025-02-11 13:21:39 +00:00
Jessica He 61f464e864 support user configuration of auth cookie max age 
Signed-off-by: Jessica He <jhe@redhat.com>
 2025-01-28 12:07:03 -05:00
Patrik Oldsberg f5de08bca8 Merge pull request #28241 from backstage/rugvip/fixes 
internal type fixes
 2024-12-24 10:44:37 +01:00
Fredrik Adelöw 8379bf4a80 remove PluginDatabaseManager and PluginEndpointDiscovery 
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
 2024-12-21 20:49:21 +01:00
Fredrik Adelöw d9d62ef90c remove usages of some backend-common helpers 
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
 2024-12-21 20:39:23 +01:00
Patrik Oldsberg b664b2ae09 internal type fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-12-19 22:04:20 +01:00
Patrik Oldsberg c907440f8a auth-{backend,node}: improved error forwarding from passport helpers 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-11-26 19:03:49 +01:00
Patrik Oldsberg 89401bc74f Merge pull request #25952 from allegro-dbargowski/cookie-chunking-for-too-big-cookies-auth-node 
Fix support for cookies bigger than 4KB in size in plugin-auth-node
 2024-10-22 11:27:18 +02:00
Patrik Oldsberg 387acc4130 Merge pull request #25823 from stephenglass/fix-redirect-error-handling 
Fix error handling using auth redirect flow
 2024-10-14 16:26:23 +02:00
Stephen Glass 5e5e4a850c fix redirect error encoding 
Signed-off-by: Stephen Glass <stephen@stephen.glass>
 2024-10-08 09:25:02 -04:00
Patrik Oldsberg 217458a9a8 auth-node: add allowedDomains options for emailLocalPartMatchingUserEntityName + fixes 
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
 2024-10-08 01:12:10 +02:00
Stephen Glass bbc261bb10 Merge branch 'master' of https://github.com/backstage/backstage into fix-redirect-error-handling 2024-10-01 23:12:47 -04:00
Stephen Glass 4935d29d15 change code to use search params instead of cookie 
Signed-off-by: Stephen Glass <stephen@stephen.glass>
 2024-10-01 23:12:10 -04:00
Gustaf Räntilä f5276a21c7 Adapted to PR feedback 
Signed-off-by: Gustaf Räntilä <g.rantila@gmail.com>
 2024-09-13 16:02:29 +02:00
Gustaf Räntilä 6f409b7942 fix: Try matching emails without plus addressing 
Signed-off-by: Gustaf Räntilä <g.rantila@gmail.com>
 2024-09-13 11:27:15 +02:00
Camila Belo d908d8c246 feat: migrate auth0 provider to nbs 
Signed-off-by: Camila Belo <camilaibs@gmail.com>
 2024-09-09 10:53:31 +02:00
Dominik Bargowski 7c22e9458c Handle edge cases related to refresh token cookie going under/over the limit. 
Signed-off-by: Dominik Bargowski <dominik.bargowski@allegro.com>
 2024-09-04 11:01:57 +02:00
Fredrik Adelöw c46eb0fed2 Extend the "unable to resolve user identity" message 
Signed-off-by: Fredrik Adelöw <freben@gmail.com>
 2024-09-02 10:43:50 +02:00
Dominik Bargowski a0a9a4a8f5 Fix support for cookies bigger than 4KB in size (i.e. refresh tokens). 
Signed-off-by: Dominik Bargowski <dominik.bargowski@allegro.com>
 2024-08-08 17:52:14 +02:00
Patrik Oldsberg b8bbf061fd Merge pull request #25254 from Zaperex/update-auth-node-signin-resolver 
chore(auth-node): allow declarative signin resolvers to take precedence
 2024-08-06 13:43:56 +02:00
Stephen Glass 155b901898 update test name 
Signed-off-by: Stephen Glass <stephen@stephen.glass>
 2024-07-29 00:47:32 -04:00
Stephen Glass 17c9a1a330 add test 
Signed-off-by: Stephen Glass <stephen@stephen.glass>
 2024-07-29 00:45:41 -04:00
Stephen Glass 5d8649d775 update param name 
Signed-off-by: Stephen Glass <stephen@stephen.glass>
 2024-07-28 23:28:13 -04:00
Stephen Glass 8542af998a fix errors with auth redirect flow 
Signed-off-by: Stephen Glass <stephen@stephen.glass>
 2024-07-28 03:15:00 -04:00