Merge pull request #5 from OpenConext/develop

Prepare release 2.1.1
OpenConext · Jul 4, 2023 · 8e18473 · 8e18473
2 parents d8ee606 + df44fd9
commit 8e18473
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 16 deletions.
diff --git a/oc-sso-notificatie/pom.xml b/oc-sso-notificatie/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>oc-sso-notificatie-parent</artifactId>
         <groupId>nl.kennisnet.services</groupId>
-        <version>2.1.0</version>
+        <version>2.1.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

diff --git a/...ficatie/src/main/java/nl/kennisnet/services/web/controller/SsoNotificationController.java b/...ficatie/src/main/java/nl/kennisnet/services/web/controller/SsoNotificationController.java
@@ -63,6 +63,8 @@ public class SsoNotificationController {
 
     private static final String EXCEPTION_ID_NOT_PROVIDED = "Required String parameter 'id' is not present";
 
+    private static final String EXCEPTION_ID_EMPTY = "Required String parameter 'id' is empty";
+
     private static final String EXCEPTION_NO_VALID_URL_EXPRESSION_IDP =
             "No valid URL expression associated with the IdP available for IdP with ID: ";
 
@@ -164,14 +166,17 @@ public void processSsoNotification(@RequestParam(required = false) String id,
         try {
             verifyIdP(idp, id, redirectUri);
         } catch (NoMatchFoundException nmfe) {
-            response.sendRedirect(MessageFormat.format(passthruEndpoint, URLEncoder.encode(id, StandardCharsets.UTF_8),
-                    URLEncoder.encode(url, StandardCharsets.UTF_8),
-                    URLEncoder.encode(redirectUri, StandardCharsets.UTF_8)));
-
-            if (null != referrer) {
-                response.setHeader(HttpHeaders.REFERER, referrer);
+            if (null != passthruEndpoint) {
+                EVENT_LOGGER.info("No match found for id ('{}'). Redirecting to passthru", id);
+                LOGGER.info("No match found for id ('{}'). Redirecting to passthru", id);
+                response.sendRedirect(MessageFormat.format(passthruEndpoint, encodeParam(id), encodeParam(url),
+                        encodeParam(redirectUri)));
+
+                if (null != referrer) {
+                    response.setHeader(HttpHeaders.REFERER, referrer);
+                }
+                return;
             }
-            return;
         }
         URL createdUrl = determineAndVerifyURL(idp, url, referrer);
 
@@ -252,6 +257,11 @@ private void verifyIdP(IdP idp, String id, String redirectUri) throws NoMatchFou
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, EXCEPTION_ID_NOT_PROVIDED);
         }
 
+        if (id.length() == 0) {
+            EVENT_LOGGER.warn(EXCEPTION_ID_EMPTY);
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, EXCEPTION_ID_EMPTY);
+        }
+
         if (null == idp) {
             EVENT_LOGGER.warn("Unknown 'id' parameter found in request: {}", id);
             if (null != passthruEndpoint) {
@@ -334,4 +344,8 @@ private URL determineAndVerifyURL(IdP idp, String url, String referrer) {
         }
         return result;
     }
+
+    private String encodeParam(String param) {
+        return (null != param && param.length() > 0) ? URLEncoder.encode(param, StandardCharsets.UTF_8) : "";
+    }
 }
diff --git a/pom.xml b/pom.xml
@@ -21,7 +21,7 @@
     <groupId>nl.kennisnet.services</groupId>
     <artifactId>oc-sso-notificatie-parent</artifactId>
     <packaging>pom</packaging>
-    <version>2.1.0</version>
+    <version>2.1.1</version>
     <modules>
         <module>oc-sso-notificatie</module>
         <module>release</module>
@@ -35,9 +35,9 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <java.version>17</java.version>
-        <jacoco.version>0.8.8</jacoco.version>
-        <dependency-check-maven.version>8.2.1</dependency-check-maven.version>
-        <guava.version>31.1-jre</guava.version>
+        <jacoco.version>0.8.10</jacoco.version>
+        <dependency-check-maven.version>8.3.1</dependency-check-maven.version>
+        <guava.version>32.1.1-jre</guava.version>
         <javax.bind>2.3.1</javax.bind>
         <maven.deploy.skip>true</maven.deploy.skip>
         <maven.compiler.version>3.8.1</maven.compiler.version>
@@ -156,7 +156,7 @@
                         <version>${dependency-check-maven.version}</version>
                         <configuration>
                             <format>ALL</format>
-                            <failBuildOnCVSS>7</failBuildOnCVSS>
+                            <failBuildOnCVSS>8</failBuildOnCVSS>
                             <suppressionFile>release/src/suppressions/ignore.xml</suppressionFile>
                             <failBuildOnAnyVulnerability>false</failBuildOnAnyVulnerability>
                         </configuration>

diff --git a/release/pom.xml b/release/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <artifactId>oc-sso-notificatie-parent</artifactId>
         <groupId>nl.kennisnet.services</groupId>
-        <version>2.1.0</version>
+        <version>2.1.1</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -31,7 +31,7 @@
     <properties>
         <!-- A list of all the previous versions in reverse order, separated by a comma separator -->
         <!-- The current version is automatically added in the release-notes-all overview. -->
-        <versions>2.1.0,2.0.6,2.0.5,2.0.4,2.0.3,2.0.2,2.0.1,1.0.0</versions>
+        <versions>2.1.1,2.1.0,2.0.6,2.0.5,2.0.4,2.0.3,2.0.2,2.0.1,1.0.0</versions>
         <maven.deploy.skip>false</maven.deploy.skip>
         <maven.project.info.version>2.8</maven.project.info.version>
         <maven.site.version>3.8.2</maven.site.version>

diff --git a/release/src/site/markdown/docs/2.1.1/release-notes.md b/release/src/site/markdown/docs/2.1.1/release-notes.md
@@ -0,0 +1,29 @@
+# OC SSO Notification Service - Release Notes
+
+| Field                     | Value                       |
+|:--------------------------|:----------------------------|
+| Application               | OC SSO Notification Service |
+| Version                   | 2.1.1                       |
+| Changes since version     | 2.1.0                       |
+| Release date              | 04-07-2023 (dd-mm-yyyy)     |
+| Delivery type             | Full release                |
+
+## Changes
+
+| #        | Description                                                  |
+|:---------|:-------------------------------------------------------------|
+| ENT-4730 | Improve handling SSO notification request without parameters |
+| ENT-4731 | Build release OC SSO notification 2.1.1                      |
+
+## Configuration changes
+
+None.
+
+## Known vulnerabilities
+
+This version of the application consists of the following known vulnerabilities with a CVE of 8 or higher:
+
+### snakeyaml-1.33.jar: CVE-2022-1471 (9.8)
+
+This dependency is used by the latest version of Spring Boot (3.0.7) and yet unresolved. This vulnerability is a false
+positive (see: https://github.com/spring-projects/spring-boot/issues/33457) and added to the ignore list.
diff --git a/release/src/site/markdown/docs/release-notes-template.md b/release/src/site/markdown/docs/release-notes-template.md
@@ -20,7 +20,7 @@
 
 ## Known vulnerabilities
 
-This version of the application consists of the following known vulnerabilities with a CVE of 7 or higher:
+This version of the application consists of the following known vulnerabilities with a CVE of 8 or higher:
 
 ### snakeyaml-1.33.jar: CVE-2022-1471 (9.8)