From 16260c53a10a7fa428f5dc913563e09608c1a848 Mon Sep 17 00:00:00 2001
From: haburger <haburger>
Date: Thu, 12 Dec 2024 15:46:44 +0000
Subject: [PATCH] new configuration version

---
 .../k8s-nevisauth-7022472ae407577ae604bbb8.yaml      |  2 +-
 .../nevisauth/default/conf/ensureRecoveryCode.groovy | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
index 35a92e7..adeb4f6 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-1c0759acd254c4baf2150c38f915cea9af509d6d"
+    tag: "r-d19a190ffad492ab91a9ed98a565105e0bd12bf5"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy
index 584d740..041a9ed 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy
@@ -30,14 +30,22 @@ String endPoint = "${parameters.get('utility-service.baseUrl')}/api/v1/recovery/
 def userDto = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
 def recoveryCredential = userDto.'**'.find {node -> node.name() == 'credentials' && node.type.text() == 'CONTEXT_PASSWORD' && node.context.text() == 'RECOVERY'}
 
-// 1a) check if user has a credential
+// Only for aq 100, skip for the rest
+if (Arrays.stream(response.getActualRoles()).filter( r -> r.matches('^.*AGOV-Loi\\.level[2345]00.*$')).findAny().isPresent()) {
+	LOG.debug("Account '${user}' has a higher AQ-level than 100, no need to check code")
+	response.setResult('done')
+	return
+}
+
+
+// 1b) check if user has a credential
 if ( recoveryCredential != null ) {
 	LOG.debug("Account '${user}' has an active recovery code, no need to create new code")
 	response.setResult('done')
 	return
 }
 
-// 1b) check if a recovery is ongoing (nothing to do)
+// 1c) check if a recovery is ongoing (nothing to do)
 if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-AccountStatus.recovery')).findAny().isPresent()) {
 	LOG.debug("Account '${user}' is in recovery, no need to create new code")
 	response.setResult('done')