From 9ddf8d4bad6b342cf8b9ea22b36793c2750fe611 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Mon, 16 Sep 2024 13:11:20 +0200 Subject: [PATCH] Reverted narrowing external URL's --- client/pom.xml | 2 +- pom.xml | 2 +- provisioning-mock/pom.xml | 2 +- server/pom.xml | 2 +- .../java/access/security/SecurityConfig.java | 8 ++++++-- .../main/java/access/voot/VootController.java | 2 +- .../java/access/voot/VootControllerTest.java | 16 ++++++++++++++++ welcome/pom.xml | 2 +- 8 files changed, 28 insertions(+), 8 deletions(-) diff --git a/client/pom.xml b/client/pom.xml index cab4bce5..afb111d0 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -4,7 +4,7 @@ org.openconext access - 0.0.21-SNAPSHOT + 0.0.21 ../pom.xml access-client diff --git a/pom.xml b/pom.xml index 614618c8..41b14fe2 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 org.openconext access - 0.0.21-SNAPSHOT + 0.0.21 pom access SURFconext Invite diff --git a/provisioning-mock/pom.xml b/provisioning-mock/pom.xml index d1df6bf6..71781823 100644 --- a/provisioning-mock/pom.xml +++ b/provisioning-mock/pom.xml @@ -4,7 +4,7 @@ org.openconext access - 0.0.21-SNAPSHOT + 0.0.21 ../pom.xml provisioning-mock diff --git a/server/pom.xml b/server/pom.xml index 87565dff..77195d40 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -4,7 +4,7 @@ org.openconext access - 0.0.21-SNAPSHOT + 0.0.21 ../pom.xml access-server diff --git a/server/src/main/java/access/security/SecurityConfig.java b/server/src/main/java/access/security/SecurityConfig.java index d904ff46..4fb54720 100644 --- a/server/src/main/java/access/security/SecurityConfig.java +++ b/server/src/main/java/access/security/SecurityConfig.java @@ -190,14 +190,18 @@ private OAuth2AuthorizationRequestResolver authorizationRequestResolver( SecurityFilterChain basicAuthenticationSecurityFilterChain(HttpSecurity http) throws Exception { http.csrf(c -> c.disable()) .securityMatcher( + "/api/voot/**", "/api/external/v1/voot/**", + "/api/teams/**", "/api/external/v1/teams/**", + "/api/profile/**", "/api/external/v1/profile/**", + "/api/aa/**", "/api/external/v1/aa/**", + "/api/deprovision/**", "/api/external/v1/deprovision/**", "/api/external/v1/sp_dashboard/**" - ) - .sessionManagement(c -> c + ).sessionManagement(c -> c .sessionCreationPolicy(SessionCreationPolicy.STATELESS) ) .authorizeHttpRequests(c -> c diff --git a/server/src/main/java/access/voot/VootController.java b/server/src/main/java/access/voot/VootController.java index a4f2cb05..33e6f792 100644 --- a/server/src/main/java/access/voot/VootController.java +++ b/server/src/main/java/access/voot/VootController.java @@ -28,7 +28,7 @@ import static access.SwaggerOpenIdConfig.BASIC_AUTHENTICATION_SCHEME_NAME; @RestController -@RequestMapping(value = {"/api/external/v1/voot"}, produces = MediaType.APPLICATION_JSON_VALUE) +@RequestMapping(value = {"/api/voot", "/api/external/v1/voot"}, produces = MediaType.APPLICATION_JSON_VALUE) @SecurityRequirement(name = BASIC_AUTHENTICATION_SCHEME_NAME) public class VootController { diff --git a/server/src/test/java/access/voot/VootControllerTest.java b/server/src/test/java/access/voot/VootControllerTest.java index 26bd6836..672fb34c 100644 --- a/server/src/test/java/access/voot/VootControllerTest.java +++ b/server/src/test/java/access/voot/VootControllerTest.java @@ -16,6 +16,22 @@ class VootControllerTest extends AbstractTest { @Test void getGroupMemberships() { + List> groups = given() + .when() + .auth().preemptive().basic("voot", "secret") + .accept(ContentType.JSON) + .contentType(ContentType.JSON) + .pathParam("sub", GUEST_SUB) + .get("/api/voot/{sub}") + .as(new TypeRef<>() { + }); + List urns = groups.stream().map(m -> m.get("urn")).sorted().toList(); + assertEquals(3, urns.size()); + assertTrue(urns.get(0).startsWith("urn:mace:surf.nl:test.surfaccess.nl:")); + } + + @Test + void getGroupMembershipsExternal() { List> groups = given() .when() .auth().preemptive().basic("voot", "secret") diff --git a/welcome/pom.xml b/welcome/pom.xml index 86f11b9b..c57578c9 100644 --- a/welcome/pom.xml +++ b/welcome/pom.xml @@ -4,7 +4,7 @@ org.openconext access - 0.0.21-SNAPSHOT + 0.0.21 ../pom.xml access-welcome