From 4c5e30e1b949a3ee830ef9d9936328ce8d261176 Mon Sep 17 00:00:00 2001
From: haburger <haburger>
Date: Mon, 3 Feb 2025 16:04:10 +0000
Subject: [PATCH] new configuration version

---
 .../k8s-nevisauth-7022472ae407577ae604bbb8.yaml  |  2 +-
 .../opt/nevisauth/default/conf/fido2_auth.groovy | 16 ++++++++++++----
 ...8s-nevislogrend-097929211988398a87bcbb0c.yaml |  2 +-
 .../webdata/template/footer.vm                   |  2 +-
 .../webdata/template/footer.vm                   |  2 +-
 ...-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml |  2 +-
 .../resources/errorPages/403.html                |  2 +-
 .../resources/errorPages/404.html                |  2 +-
 .../resources/errorPages/500.html                |  2 +-
 .../resources/errorPages/502.html                |  2 +-
 .../resources/errorPages/Loggedout.html          |  2 +-
 .../resources/errorPages/timeout.html            |  2 +-
 .../resources/index.html                         |  2 +-
 13 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
index c324774..bd0bedd 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec"
+    tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy
index a98babe..3f514f7 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy
@@ -98,9 +98,11 @@ if (path == '/nevisfido/fido2/attestation/options') {
     }
     post(connection, json)
     def responseCode = connection.responseCode
+    def responseText = responseCode == 200 ? connection.inputStream.text : '{"allowCredentials":[]}'
+    def numOfKeys = jsonResponse.allowCredentials ? jsonResponse.allowCredentials.size() : 0
 
-    // non existing account, or account without FIDO2 key case
-    if (responseCode == 404 || responseCode == 400) {
+    // non existing account, account without FIDO2 key , or account with disabled FIDO2 key case
+    if (responseCode == 404 || responseCode == 400 || numOfKeys == 0) {
 
       LOG.debug("Fido2Auth: <== Response: ${responseCode}")
 
@@ -113,8 +115,15 @@ if (path == '/nevisfido/fido2/attestation/options') {
       def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
       def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
       def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000)
+      def details = "no account (404)"
+      if (responseCode == 400 ) {
+        details = "no fido2 keys for account (400)"    
+      } else if (responseCode == 200) {
+        details = "no active fido2 key for account (200, empty allowCredentials array)"    
+      }
       
-      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}', Details='${details}'")
+
       // returning a fake options structure, which shouldn't leak whether the user account exists or not
       // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
       def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
@@ -140,7 +149,6 @@ if (path == '/nevisfido/fido2/attestation/options') {
       return
     }
 
-    def responseText = connection.inputStream.text
     LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
     response.setContent(responseText) // return response from nevisFIDO "as-is"
     response.setContentType('application/json')
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
index 33210a1..8ad1084 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
@@ -44,7 +44,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec"
+    tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
     credentials: "git-credentials"
   podSecurity:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm
index d02200c..45a8a26 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm
@@ -3,7 +3,7 @@
 			$text.get("footer.text")
 			<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
 		</div>
-		<p>1.8.x.2578-20250127T115900Z</p>
+		<p>1.8.x.2598-20250129T202245Z</p>
 	</footer>
 	<script src="${login.appDataPath}/static/bundle.js"></script>
 </body>
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm
index d02200c..45a8a26 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm
@@ -3,7 +3,7 @@
 			$text.get("footer.text")
 			<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
 		</div>
-		<p>1.8.x.2578-20250127T115900Z</p>
+		<p>1.8.x.2598-20250129T202245Z</p>
 	</footer>
 	<script src="${login.appDataPath}/static/bundle.js"></script>
 </body>
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
index e3925cd..223fc69 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
@@ -46,7 +46,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-90fdd9efa6eadd2c367c797bfca194de78d61fec"
+    tag: "r-8a9c62b5262336b92be8323622dfab0068aaceea"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/403.html b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/403.html
index 7decaa5..3bb1f8b 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/403.html
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/403.html
@@ -63,7 +63,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.8.x.2578-20250127T115900Z</p>
+	<p>1.8.x.2598-20250129T202245Z</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/404.html b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/404.html
index ccd5df4..f910dc5 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/404.html
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/404.html
@@ -60,7 +60,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.8.x.2578-20250127T115900Z</p>
+	<p>1.8.x.2598-20250129T202245Z</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/500.html b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/500.html
index feaa2c4..22e6306 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/500.html
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/500.html
@@ -61,7 +61,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.8.x.2578-20250127T115900Z</p>
+	<p>1.8.x.2598-20250129T202245Z</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/502.html b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/502.html
index 7b17385..98d7e31 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/502.html
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/502.html
@@ -62,7 +62,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.8.x.2578-20250127T115900Z</p>
+	<p>1.8.x.2598-20250129T202245Z</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/Loggedout.html b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/Loggedout.html
index fd84ec0..c0b908b 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/Loggedout.html
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/Loggedout.html
@@ -59,7 +59,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.8.x.2578-20250127T115900Z</p>
+	<p>1.8.x.2598-20250129T202245Z</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/timeout.html b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/timeout.html
index 0cd6147..4e9540f 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/timeout.html
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/timeout.html
@@ -66,7 +66,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.8.x.2578-20250127T115900Z</p>
+	<p>1.8.x.2598-20250129T202245Z</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/index.html b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/index.html
index 26e3f93..632a631 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/index.html
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/index.html
@@ -63,7 +63,7 @@
 	</div>
 </div>
 <footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
-	<p>1.8.x.2578-20250127T115900Z</p>
+	<p>1.8.x.2598-20250129T202245Z</p>
 </footer>
 <script src="/resources/static/bundle.js"></script>
 </body>