new configuration version

This commit is contained in:
haburger 2024-10-21 07:42:46 +00:00
parent 42684d5271
commit 692dfd46d1
52 changed files with 581 additions and 638 deletions

View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-be4d7b3836489983642da8c01294cab133468c44" tag: "r-7c3dca6bb9792f14907f6128a654a963518cbcca"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

View File

@ -94,11 +94,12 @@ if (!session['ch.adnovum.nevisidm.userDto'].contains("<properties><name>idVerifi
json['items'].eachWithIndex { az, i -> json['items'].eachWithIndex { az, i ->
if (az.roleExtId == level100RoleExtid) { if (az.roleExtId == level100RoleExtid) {
agovAq100AuthEndpoint = "${endpoint}/${az.extId}" aq100AuthRestURL = "${endpoint}/${az.extId}"
} }
} }
} }
endpoint = "${aq100AuthRestURL}/properties" endpoint = "${aq100AuthRestURL}/properties"
def patchRequest = new HTTPRequestWrapper() def patchRequest = new HTTPRequestWrapper()

View File

@ -186,7 +186,7 @@
<!-- source: pattern://f63c475c35b616b7c6c1901c --> <!-- source: pattern://f63c475c35b616b7c6c1901c -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/> <ResultCond name="default" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://f63c475c35b616b7c6c1901c --> <!-- source: pattern://f63c475c35b616b7c6c1901c -->
<ResultCond name="fido2" next="Auth_Realm_Main_IDP_FIDO2_ResetSessionInfos"/> <ResultCond name="fido2" next="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos"/>
<!-- source: pattern://f63c475c35b616b7c6c1901c --> <!-- source: pattern://f63c475c35b616b7c6c1901c -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth_Processing"/> <ResultCond name="ok" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth_Processing"/>
<!-- source: pattern://f63c475c35b616b7c6c1901c --> <!-- source: pattern://f63c475c35b616b7c6c1901c -->
@ -220,18 +220,24 @@
<!-- source: pattern://f63c475c35b616b7c6c1901c --> <!-- source: pattern://f63c475c35b616b7c6c1901c -->
<property name="parameter.recoveryurl" value="https://auth.agov-w.azure.adnovum.net/AUTH/RECOVERY/"/> <property name="parameter.recoveryurl" value="https://auth.agov-w.azure.adnovum.net/AUTH/RECOVERY/"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_FIDO2_ResetSessionInfos" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false"> <AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://887ada57500885703a4a9408 --> <!-- source: pattern://f39352769cb2a1c88e1a176d -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos"/> <ResultCond name="error" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://887ada57500885703a4a9408 --> <!-- source: pattern://f39352769cb2a1c88e1a176d -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<Response value="AUTH_ERROR"> <Response value="AUTH_ERROR">
<!-- source: pattern://887ada57500885703a4a9408 --> <!-- source: pattern://f39352769cb2a1c88e1a176d -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/> <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response> </Response>
<!-- source: pattern://887ada57500885703a4a9408 --> <!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="sess:agov.fido2.X-ReCAPTCHA-Integration" value=""/> <property name="parameter.realIpHttpHeaderName" value="X-Forwarded-For"/>
<!-- source: pattern://887ada57500885703a4a9408 --> <!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="removeOnEmptyValue" value="true"/> <property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v1/configinfo"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="scriptTraceGroup" value="AgovCaptcha"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_Mobile_NLess_Auth_Processing" class="ch.nevis.auth.fido.uaf.authstate.OutOfBandFidoUafAuthState" final="false" resumeState="false"> <AuthState name="Auth_Realm_Main_IDP_Mobile_NLess_Auth_Processing" class="ch.nevis.auth.fido.uaf.authstate.OutOfBandFidoUafAuthState" final="false" resumeState="false">
<!-- source: pattern://f63c475c35b616b7c6c1901c --> <!-- source: pattern://f63c475c35b616b7c6c1901c -->
@ -267,22 +273,37 @@
<!-- source: pattern://d76231eaa88cb1645ce44cf3 --> <!-- source: pattern://d76231eaa88cb1645ce44cf3 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/createuuid.groovy"/> <property name="script" value="file:///var/opt/nevisauth/default/conf/createuuid.groovy"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false"> <AuthState name="Auth_Realm_Main_IDP_Email_Input" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
<!-- source: pattern://f39352769cb2a1c88e1a176d --> <!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/> <ResultCond name="cancel" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d --> <!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/> <ResultCond name="stay" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d --> <!-- source: pattern://e3cac41e75980361d7d26bde -->
<Response value="AUTH_ERROR"> <ResultCond name="timeout" next="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d --> <!-- source: pattern://e3cac41e75980361d7d26bde -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/> <ResultCond name="verifyEmail" next="Auth_Realm_Main_IDP_fido2_fetchCaptchaResult"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<Gui name="user_input">
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="email" type="text" label="prompt.email" value="#{(inargs.getProperty('userInputValue_prompt.email') != null) ? inargs.getProperty('userInputValue_prompt.email') : session.get('ch.nevis.idm.User.email')}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="captchaSettings.enabled" type="hidden" value="${sess:agov.fido2.captchaSettings.enabled}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="friendlyCaptchaSettings.siteKey" type="hidden" value="${sess:agov.fido2.captchaSettings.siteKey}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="friendlyCaptchaSettings.puzzleUrl" type="hidden" value="${sess:agov.fido2.captchaSettings.puzzleUrl}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="cancelFido2" type="submit" label="cancel.button.label" value="cancelFido2"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response> </Response>
<!-- source: pattern://f39352769cb2a1c88e1a176d --> <!-- source: pattern://e3cac41e75980361d7d26bde -->
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v1/configinfo"/> <property name="script" value="file:///var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="scriptTraceGroup" value="AgovCaptcha"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_FidoUAF_VariableStep" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false"> <AuthState name="Auth_Realm_Main_IDP_FidoUAF_VariableStep" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://56c67433c7a47b6cb06f011a --> <!-- source: pattern://56c67433c7a47b6cb06f011a -->
@ -361,37 +382,35 @@
<!-- source: pattern://bfd395eb0dab50aff2f2c01b --> <!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="out.audienceRestriction" value="https://me.agov-d.azure.adnovum.net/registration/api/saml2/service-provider-metadata/agovidpdirect"/> <property name="out.audienceRestriction" value="https://me.agov-d.azure.adnovum.net/registration/api/saml2/service-provider-metadata/agovidpdirect"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_Email_Input" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true"> <AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://e3cac41e75980361d7d26bde --> <!-- source: pattern://826166d230a6a4849f2837ae -->
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="stay" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="timeout" next="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="verifyEmail" next="Auth_Realm_Main_IDP_fido2_fetchCaptchaResult"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<Response value="AUTH_CONTINUE"> <Response value="AUTH_CONTINUE">
<!-- source: pattern://e3cac41e75980361d7d26bde --> <!-- source: pattern://826166d230a6a4849f2837ae -->
<Gui name="user_input"> <Gui name="NotUsed"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="email" type="text" label="prompt.email" value="#{(inargs.getProperty('userInputValue_prompt.email') != null) ? inargs.getProperty('userInputValue_prompt.email') : session.get('ch.nevis.idm.User.email')}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="captchaSettings.enabled" type="hidden" value="${sess:agov.fido2.captchaSettings.enabled}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="friendlyCaptchaSettings.siteKey" type="hidden" value="${sess:agov.fido2.captchaSettings.siteKey}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="friendlyCaptchaSettings.puzzleUrl" type="hidden" value="${sess:agov.fido2.captchaSettings.puzzleUrl}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="cancelFido2" type="submit" label="cancel.button.label" value="cancelFido2"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response> </Response>
<!-- source: pattern://e3cac41e75980361d7d26bde --> <!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy"/> <property name="parameter.cookie.domain" value="agov-w.azure.adnovum.net"/>
<!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaResult" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="exit.1" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fido_Email_Verify"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v2/captcha/"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="scriptTraceGroup" value="AgovCaptcha"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_Mobile_UserID_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false"> <AuthState name="Auth_Realm_Main_IDP_Mobile_UserID_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
<!-- source: pattern://c686c1bdd5355351f7f98cc8 --> <!-- source: pattern://c686c1bdd5355351f7f98cc8 -->
@ -449,35 +468,48 @@
<!-- source: pattern://bfd395eb0dab50aff2f2c01b --> <!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy"/> <property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true"> <AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
<!-- source: pattern://826166d230a6a4849f2837ae --> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Response value="AUTH_CONTINUE"> <ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound"/>
<!-- source: pattern://826166d230a6a4849f2837ae --> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Gui name="NotUsed"/> <ResultCond name="failed" next="Auth_Realm_Main_IDP_Fido_Email_Verify_FailedEmailState"/>
</Response> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<!-- source: pattern://826166d230a6a4849f2837ae --> <ResultCond name="prospect" next="Auth_Realm_Main_IDP_Fido_Email_Verify_IdmGetPropertiesState"/>
<property name="parameter.cookie.domain" value="agov-w.azure.adnovum.net"/> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaResult" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="exit.1" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fido_Email_Verify"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<Response value="AUTH_ERROR"> <Response value="AUTH_ERROR">
<!-- source: pattern://699f22cf1cd4ad08bd973f31 --> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/> <Gui name="internal_error">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<GuiElem name="transferId" type="hidden" value="${system:random.bytes.16}" optional="true"/>
</Gui>
</Response> </Response>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 --> <propertyRef name="nevisIDM_Connector"/>
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v2/captcha/"/> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<!-- source: pattern://699f22cf1cd4ad08bd973f31 --> <property name="user.loginId" value="${inargs:userInputValue_prompt.email}"/>
<property name="scriptTraceGroup" value="AgovCaptcha"/> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<!-- source: pattern://699f22cf1cd4ad08bd973f31 --> <property name="user.loginType" value="EMAIL"/>
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy"/> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="client.name" value="agov"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="presetNoteValues" value="false"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.user" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.profile" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.role" value="MEDIUM"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.authorization" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.dataroom" value="LOW"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.credential" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.property" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.unit" value="LOW"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.default" value="EXCLUDE"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false"> <AuthState name="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://0b3ce3ceec7bfca3ea524983 --> <!-- source: pattern://0b3ce3ceec7bfca3ea524983 -->
@ -549,71 +581,6 @@
<!-- source: pattern://e0fda9336be9c69dafc9b69e --> <!-- source: pattern://e0fda9336be9c69dafc9b69e -->
<property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/> <property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="failed" next="Auth_Realm_Main_IDP_Fido_Email_Verify_FailedEmailState"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="prospect" next="Auth_Realm_Main_IDP_Fido_Email_Verify_IdmGetPropertiesState"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Gui name="internal_error">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<GuiElem name="transferId" type="hidden" value="${system:random.bytes.16}" optional="true"/>
</Gui>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="user.loginId" value="${inargs:userInputValue_prompt.email}"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="user.loginType" value="EMAIL"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="client.name" value="agov"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="presetNoteValues" value="false"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.user" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.profile" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.role" value="MEDIUM"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.authorization" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.dataroom" value="LOW"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.credential" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.property" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.unit" value="LOW"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.default" value="EXCLUDE"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Account_State" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="done" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="failed" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="reload" next="Auth_Realm_Main_IDP_Ensure_Account_State_Reload"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/ensureAccountState.groovy"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.idm.baseUrl" value="https://idm:8989/nevisidm/api"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.unitExtid" value="1000"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.level100.roleExtid" value="aee52e9f-7084-4e55-9aea-9383ac7757f7"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ensure_Account_State"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify_FailedEmailState" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true"> <AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify_FailedEmailState" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
<!-- source: pattern://7fb39bfd6c34685866a22180 --> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_FIDO2_Authentication"/> <ResultCond name="default" next="Auth_Realm_Main_IDP_FIDO2_Authentication"/>
@ -675,6 +642,53 @@
<!-- source: pattern://7fb39bfd6c34685866a22180 --> <!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.default" value="EXCLUDE"/> <property name="detaillevel.default" value="EXCLUDE"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Account_State" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="done" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="failed" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="reload" next="Auth_Realm_Main_IDP_Ensure_Account_State_Reload"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/ensureAccountState.groovy"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.idm.baseUrl" value="https://idm:8989/nevisidm/api"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.unitExtid" value="1000"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.level100.roleExtid" value="${param.agov.level100.roleExtid}"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ensure_Account_State"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_FIDO2_Authentication" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_OnCancel_Dispatch"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fido2_VariableStep"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Gui name="fido2_auth" label="title.login.fido2"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Arg name="fido2UserVerification" value="required"/>
</Response>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.cancel" value="OnCancel_Dispatch"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.fido" value="fido2:9443"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.rpId" value="agov-w.azure.adnovum.net"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_auth.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="false"> <AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="false">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 --> <!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_decryptCode"/> <ResultCond name="ok" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_decryptCode"/>
@ -744,43 +758,6 @@
<!-- source: pattern://f393012a278e525956a362d3 --> <!-- source: pattern://f393012a278e525956a362d3 -->
<property name="detaillevel.default" value="EXCLUDE"/> <property name="detaillevel.default" value="EXCLUDE"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_FIDO2_Authentication" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_OnCancel_Dispatch"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fido2_VariableStep"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Gui name="fido2_auth" label="title.login.fido2"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Arg name="fido2UserVerification" value="required"/>
</Response>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.cancel" value="OnCancel_Dispatch"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.fido" value="fido2:9443"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.rpId" value="agov-w.azure.adnovum.net"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_auth.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_decryptCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoKey" value="secret://8jzQ1+F4HHvx7/tKFYRZb2/hFmyXjzt1HXgMJz+Tb16qSMh5Yv2QNnDH0JqsXHAoqtvZu1Nlo5A="/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoAlgorithm" value="AES/CTR/PKCS5Padding"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="${sess:agov.new.recovery.code.cipher}?notes:agov.new.recovery.code:decrypt-b64" value="${sess:agov.new.recovery.code.cipher}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_OnCancel_Dispatch" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false"> <AuthState name="Auth_Realm_Main_IDP_OnCancel_Dispatch" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://af4ec934e8efbef422f03926 --> <!-- source: pattern://af4ec934e8efbef422f03926 -->
<ResultCond name="AccessApp" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/> <ResultCond name="AccessApp" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
@ -809,6 +786,37 @@
<!-- source: pattern://1a7583c6caa3b5c36599b25e --> <!-- source: pattern://1a7583c6caa3b5c36599b25e -->
<property name="sess:authenticatedWith" value="urn:qa.agov.ch:names:tc:authfactor:fido"/> <property name="sess:authenticatedWith" value="urn:qa.agov.ch:names:tc:authfactor:fido"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_decryptCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoKey" value="secret://8jzQ1+F4HHvx7/tKFYRZb2/hFmyXjzt1HXgMJz+Tb16qSMh5Yv2QNnDH0JqsXHAoqtvZu1Nlo5A="/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoAlgorithm" value="AES/CTR/PKCS5Padding"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="${sess:agov.new.recovery.code.cipher}?notes:agov.new.recovery.code:decrypt-b64" value="${sess:agov.new.recovery.code.cipher}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_clear_request_session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<Response value="AUTH_ERROR">
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="request:loginId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileExtId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileName" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="removeOnEmptyValue" value="true"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false"> <AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 --> <!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="done" next="Auth_Realm_Main_IDP_CheckLoa"/> <ResultCond name="done" next="Auth_Realm_Main_IDP_CheckLoa"/>
@ -843,25 +851,6 @@
<!-- source: pattern://9ff0369f3cf662f95d94ff09 --> <!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/> <property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
</AuthState> </AuthState>
<AuthState name="Auth_Realm_Main_IDP_clear_request_session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<Response value="AUTH_ERROR">
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="request:loginId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileExtId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileName" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="removeOnEmptyValue" value="true"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_CheckLoa" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false"> <AuthState name="Auth_Realm_Main_IDP_CheckLoa" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://2cdd910036aa06b102863a4f --> <!-- source: pattern://2cdd910036aa06b102863a4f -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl"/> <ResultCond name="error" next="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl"/>
@ -1629,6 +1618,8 @@
<Arg name="ch.nevis.isiweb4.response.status" value="403"/> <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response> </Response>
<!-- source: pattern://bea3ca0c85381d07d632be52 --> <!-- source: pattern://bea3ca0c85381d07d632be52 -->
<property name="parameter.realIpHttpHeaderName" value="X-Forwarded-For"/>
<!-- source: pattern://bea3ca0c85381d07d632be52 -->
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v1/configinfo"/> <property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v1/configinfo"/>
<!-- source: pattern://bea3ca0c85381d07d632be52 --> <!-- source: pattern://bea3ca0c85381d07d632be52 -->
<property name="scriptTraceGroup" value="AgovCaptcha"/> <property name="scriptTraceGroup" value="AgovCaptcha"/>

View File

@ -2,38 +2,24 @@ import groovy.json.JsonSlurper
import io.opentelemetry.api.trace.Span import io.opentelemetry.api.trace.Span
def url = parameters.get('url') def url = parameters.get('url')
def realIpHttpHeaderName = parameters.get('realIpHttpHeaderName') ?: 'X-Real-IP'
def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
try { try {
//TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
session.remove('agov.fido2.X-ReCAPTCHA-Integration')
def spanCtxt = Span.current().getSpanContext() def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}" def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
LOG.error('traceparent: ' + traceparent)
def jsonSlurper = new JsonSlurper() def jsonSlurper = new JsonSlurper()
def httpClient = HttpClients.create(parameters) def httpClient = HttpClients.create(parameters)
def httpResponse = Http.get().url(url).build().send(httpClient) def httpResponse = Http.get().url(url).header('traceparent', traceparent)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase()) .header(realIpHttpHeaderName, ip).build().send(httpClient)
LOG.debug('Response Status Code: ' + httpResponse.code()) LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString()) LOG.debug('Response: ' + httpResponse.bodyAsString())
if (httpResponse.code() == 200) { if (httpResponse.code() == 200) {
def json = jsonSlurper.parseText(httpResponse.bodyAsString()) def json = jsonSlurper.parseText(httpResponse.bodyAsString())
// TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
// response.setSessionAttribute('agov.fido2.json.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled))
// response.setSessionAttribute('agov.fido2.json.captchaSettings.reCaptchaInvisibleSiteKey', json.captchaSettings.reCaptchaInvisibleSiteKey)
// response.setSessionAttribute('agov.fido2.json.captchaSettings.reCaptchaVisibleSiteKey', json.captchaSettings.reCaptchaVisibleSiteKey)
//
// if (session.get('agov.fido2.X-ReCAPTCHA-Integration') == null) {
// response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'INVISIBLE')
// } else {
// response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'VISIBLE')
// }
response.setSessionAttribute('agov.fido2.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled)) response.setSessionAttribute('agov.fido2.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled))
response.setSessionAttribute('agov.fido2.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey) response.setSessionAttribute('agov.fido2.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey)
response.setSessionAttribute('agov.fido2.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl) response.setSessionAttribute('agov.fido2.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl)

View File

@ -1,7 +1,10 @@
import io.opentelemetry.api.trace.Span
def url = parameters.get('url') def url = parameters.get('url')
def email = inargs['userInputValue_prompt.email'] def email = inargs['userInputValue_prompt.email']
def token = inargs['captcha_response']?: 'MISSING' def token = inargs['captcha_response']?: 'MISSING'
def enabled = (session['agov.fido2.captchaSettings.enabled']?:'true').toBoolean()
def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
@ -13,11 +16,21 @@ LOG.debug('Payload: ' + payload)
try { try {
if (!enabled) {
LOG.info("FriendlyCAPTCHA is disabled, allowing operation for ${payload}")
response.setResult('ok')
return
}
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def httpClient = HttpClients.create(parameters) def httpClient = HttpClients.create(parameters)
def httpResponse = Http.post() def httpResponse = Http.post()
.url(url) .url(url)
.header("Accept", "application/json") .header("Accept", "application/json")
.header("X-FriendlyCAPTCHA-Token", token) .header("X-FriendlyCAPTCHA-Token", token)
.header("traceparent", traceparent)
.entity(Http.entity() .entity(Http.entity()
.content(payload) .content(payload)
.contentType("application/json") .contentType("application/json")
@ -25,7 +38,6 @@ try {
.build() .build()
.send(httpClient) .send(httpClient)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
LOG.debug('Response Status Code: ' + httpResponse.code()) LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString()) LOG.debug('Response: ' + httpResponse.bodyAsString())
@ -49,53 +61,3 @@ try {
response.setResult('error') response.setResult('error')
response.setError(1, 'Exception during HTTP call') response.setError(1, 'Exception during HTTP call')
} }
// TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
//
// def payload = '{ "email": "' + inargs['userInputValue_prompt.email'] + '", "action": "LOGIN", "userIp": "' + ip + '", "userAgent": "' + userAgent + '"}'
//
// LOG.info('Token: ' + inargs['recaptcha_response'])
// LOG.info('Integration: ' + session['agov.fido2.X-ReCAPTCHA-Integration'])
// LOG.info('Payload: ' + payload)
//
// try {
//
// def httpClient = HttpClients.create(parameters)
// def httpResponse = Http.post()
// .url(url)
// .header("Accept", "application/json")
// .header("X-ReCAPTCHA-Token", inargs['recaptcha_response'])
// .header("X-ReCAPTCHA-Integration", session['agov.fido2.X-ReCAPTCHA-Integration'])
// .entity(Http.entity()
// .content(payload)
// .contentType("application/json")
// .build())
// .build()
// .send(httpClient)
//
// LOG.info('Response Message: ' + httpResponse.reasonPhrase())
// LOG.info('Response Status Code: ' + httpResponse.code())
// LOG.info('Response: ' + httpResponse.bodyAsString())
//
// if (httpResponse.code() == 200) {
// if (httpResponse.bodyAsString().contains('SUCCESSFUL')) {
// response.setResult('ok')
// return
// } else {
//
// response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'VISIBLE')
// response.setResult('exit.1')
// return
// }
// } else {
// LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())
// response.setResult('error')
// response.setError(1, 'Unexpected HTTP reponse')
// }
// } catch (all) {
// // Handle exception and set the transition
// LOG.error('error: ' + all, all)
// response.setResult('error')
// response.setError(1, 'Exception during HTTP call')
// }

View File

@ -1,31 +1,26 @@
import groovy.json.JsonSlurper import groovy.json.JsonSlurper
import io.opentelemetry.api.trace.Span
def url = parameters.get('url') def url = parameters.get('url')
def realIpHttpHeaderName = parameters.get('realIpHttpHeaderName') ?: 'X-Real-IP'
def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
try { try {
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def jsonSlurper = new JsonSlurper() def jsonSlurper = new JsonSlurper()
def httpClient = HttpClients.create(parameters) def httpClient = HttpClients.create(parameters)
def httpResponse = Http.get().url(url).build().send(httpClient) def httpResponse = Http.get().url(url).header('traceparent', traceparent)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase()) .header(realIpHttpHeaderName, ip).build().send(httpClient)
LOG.debug('Response Status Code: ' + httpResponse.code()) LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString()) LOG.debug('Response: ' + httpResponse.bodyAsString())
if (httpResponse.code() == 200) { if (httpResponse.code() == 200) {
def json = jsonSlurper.parseText(httpResponse.bodyAsString()) def json = jsonSlurper.parseText(httpResponse.bodyAsString())
// TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore response.setSessionAttribute('agov.recovery.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled))
// response.setSessionAttribute('agov.recovery.json.accountUrl', json.accountUrl)
// response.setSessionAttribute('agov.recovery.json.registrationUrl', json.registrationUrl)
// response.setSessionAttribute('agov.recovery.json.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled))
// response.setSessionAttribute('agov.recovery.json.captchaSettings.reCaptchaInvisibleSiteKey', json.captchaSettings.reCaptchaInvisibleSiteKey)
// response.setSessionAttribute('agov.recovery.json.captchaSettings.reCaptchaVisibleSiteKey', json.captchaSettings.reCaptchaVisibleSiteKey)
// if (session.get('agov.recovery.X-ReCAPTCHA-Integration') == null) {
// response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'INVISIBLE')
// } else {
// response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'VISIBLE')
// }
response.setSessionAttribute('agov.recovery.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled))
response.setSessionAttribute('agov.recovery.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey) response.setSessionAttribute('agov.recovery.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey)
response.setSessionAttribute('agov.recovery.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl) response.setSessionAttribute('agov.recovery.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl)

View File

@ -1,7 +1,10 @@
import io.opentelemetry.api.trace.Span
def url = parameters.get('url') def url = parameters.get('url')
def email = inargs['email'] def email = inargs['email']
def token = inargs['captcha_response']?: 'MISSING' def token = inargs['captcha_response']?: 'MISSING'
def enabled = (session['agov.recovery.captchaSettings.enabled']?:'true').toBoolean()
def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown' def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown' def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
@ -13,11 +16,21 @@ LOG.debug('Payload: ' + payload)
try { try {
if (!enabled) {
LOG.info("FriendlyCAPTCHA is disabled, allowing operation for ${payload}")
response.setResult('ok')
return
}
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def httpClient = HttpClients.create(parameters) def httpClient = HttpClients.create(parameters)
def httpResponse = Http.post() def httpResponse = Http.post()
.url(url) .url(url)
.header("Accept", "application/json") .header("Accept", "application/json")
.header("X-FriendlyCAPTCHA-Token", token) .header("X-FriendlyCAPTCHA-Token", token)
.header("traceparent", traceparent)
.entity(Http.entity() .entity(Http.entity()
.content(payload) .content(payload)
.contentType("application/json") .contentType("application/json")
@ -25,7 +38,6 @@ try {
.build() .build()
.send(httpClient) .send(httpClient)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
LOG.debug('Response Status Code: ' + httpResponse.code()) LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString()) LOG.debug('Response: ' + httpResponse.bodyAsString())
@ -49,54 +61,3 @@ try {
response.setResult('error') response.setResult('error')
response.setError(1, 'Exception during HTTP call') response.setError(1, 'Exception during HTTP call')
} }
// TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
// def payload = '{ "email": "' + inargs['email'] + '", "action": "LOGIN", "userIp": "' + session.get('agov.recovery.ip') + '", "userAgent": "' + session.get('agov.recovery.userAgent') + '"}'
//
// LOG.info('Token: ' + inargs['recaptcha_response'])
// LOG.info('Integration: ' + session['agov.recovery.X-ReCAPTCHA-Integration'])
// LOG.info('Payload: ' + payload)
//
// try {
//
// def httpClient = HttpClients.create(parameters)
// def httpResponse = Http.post()
// .url(url)
// .header("Accept", "application/json")
// .header("X-ReCAPTCHA-Token", inargs['recaptcha_response'])
// .header("X-ReCAPTCHA-Integration", session['agov.recovery.X-ReCAPTCHA-Integration'])
// .entity(Http.entity()
// .content(payload)
// .contentType("application/json")
// // .charSet("utf-8")
// .build())
// .build()
// .send(httpClient)
//
// LOG.info('Response Message: ' + httpResponse.reasonPhrase())
// LOG.info('Response Status Code: ' + httpResponse.code())
// LOG.info('Response: ' + httpResponse.bodyAsString())
//
// if (httpResponse.code() == 200) {
// if (httpResponse.bodyAsString().contains('SUCCESSFUL')) {
// response.setResult('ok')
// return
// } else {
//
// response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'VISIBLE')
// response.setResult('exit.1')
// return
// }
// } else {
// LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())
// response.setResult('error')
// response.setError(1, 'Unexpected HTTP reponse')
// }
// } catch (all) {
// // Handle exception and set the transition
// LOG.error('error: ' + all, all)
// response.setResult('error')
// response.setError(1, 'Exception during HTTP call')
// }

View File

@ -1,4 +1,5 @@
import ch.nevis.esauth.auth.engine.AuthResponse import ch.nevis.esauth.auth.engine.AuthResponse
if (inargs['cancel'] == 'cancel') { if (inargs['cancel'] == 'cancel') {
//cleanSession() //cleanSession()
response.setStatus(AuthResponse.AUTH_ERROR) response.setStatus(AuthResponse.AUTH_ERROR)

View File

@ -1,19 +1,19 @@
//import ch.nevis.esauth.util.httpclient.api.HttpClient; import io.opentelemetry.api.trace.Span
//import ch.nevis.esauth.util.httpclient.api.HttpClients;
//import ch.nevis.esauth.util.httpclient.api.Http;
def url = parameters.get('url') def url = parameters.get('url')
//def payload = parameters.get('json')
//def url = "https://me.agov-d.azure.adnovum.net:48081/utility/api/v1/email/031"
def email = inargs['email'] def email = inargs['email']
def language = session['ch.nevis.session.user.language'] ?: 'en' def language = session['ch.nevis.session.user.language'] ?: 'en'
def payload = '{ "email": "' + email + '", "language": "' + language + '"}' def payload = '{ "email": "' + email + '", "language": "' + language + '"}'
try { try {
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def httpClient = HttpClients.create(parameters) def httpClient = HttpClients.create(parameters)
def httpResponse = Http.post() def httpResponse = Http.post()
.url(url) .url(url)
.header("Accept", "application/json") .header("Accept", "application/json")
.header("traceparent", traceparent)
.entity(Http.entity() .entity(Http.entity()
.content(payload) .content(payload)
.contentType("application/json") .contentType("application/json")

View File

@ -1,8 +1,6 @@
import groovy.xml.XmlSlurper import groovy.xml.XmlSlurper
import groovy.json.JsonSlurper import groovy.json.JsonSlurper
//import ch.nevis.esauth.util.httpclient.api.HttpClients import io.opentelemetry.api.trace.Span
//import ch.nevis.esauth.util.httpclient.api.Http
int getRequestedLevel(String authnContextClassRef, def roleList){ int getRequestedLevel(String authnContextClassRef, def roleList){
if (!authnContextClassRef) { if (!authnContextClassRef) {
@ -58,11 +56,13 @@ if (requestedRoleLevelNumber == 0 || session.get('ch.nevis.auth.saml.request.sco
} }
try { try {
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def jsonSlurper = new JsonSlurper() def jsonSlurper = new JsonSlurper()
def url = parameters.get('url') + '?entity-id=' + session.get('ch.nevis.auth.saml.request.scoping.requesterId') def url = parameters.get('url') + '?entity-id=' + session.get('ch.nevis.auth.saml.request.scoping.requesterId')
LOG.debug('Request url: ' + url) LOG.debug('Request url: ' + url)
def httpClient = HttpClients.create(parameters) def httpClient = HttpClients.create(parameters)
def httpResponse = Http.get().url(url).build().send(httpClient) def httpResponse = Http.get().url(url).header('traceparent', traceparent).build().send(httpClient)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase()) LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
LOG.debug('Response Status Code: ' + httpResponse.code()) LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString()) LOG.debug('Response: ' + httpResponse.bodyAsString())

View File

@ -1,7 +1,7 @@
apiVersion: "operator.nevis-security.ch/v1" apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore" kind: "NevisTrustStore"
metadata: metadata:
name: "idm-internal-idp-auth-signer-trust" name: "idm-idp-idm-sectoken-signer-trust"
namespace: "adn-agov-nevisidm-01-uat" namespace: "adn-agov-nevisidm-01-uat"
labels: labels:
deploymentTarget: "idm" deploymentTarget: "idm"

View File

@ -46,14 +46,14 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-be4d7b3836489983642da8c01294cab133468c44" tag: "r-7c3dca6bb9792f14907f6128a654a963518cbcca"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:
- "idm-default-identity" - "idm-default-identity"
truststores: truststores:
- "idm-idp-idm-sectoken-signer-trust"
- "idm-technical-trust-store" - "idm-technical-trust-store"
- "idm-internal-idp-auth-signer-trust"
podSecurity: podSecurity:
policy: "baseline" policy: "baseline"
automountServiceAccountToken: false automountServiceAccountToken: false

View File

@ -99,7 +99,7 @@ server.tls.truststore=/var/opt/keys/trust/idm-technical-trust-store/truststore.p
# source: pattern://b8a36646f81c3247cdb5d90b # source: pattern://b8a36646f81c3247cdb5d90b
server.tls.truststore-passphrase=${exec:/var/opt/keys/trust/idm-technical-trust-store/keypass} server.tls.truststore-passphrase=${exec:/var/opt/keys/trust/idm-technical-trust-store/keypass}
# source: pattern://b8a36646f81c3247cdb5d90b # source: pattern://b8a36646f81c3247cdb5d90b
server.auth.ninja.truststore=/var/opt/keys/trust/idm-internal-idp-auth-signer-trust/truststore.jks server.auth.ninja.truststore=/var/opt/keys/trust/idm-idp-idm-sectoken-signer-trust/truststore.jks
# source: pattern://b8a36646f81c3247cdb5d90b # source: pattern://b8a36646f81c3247cdb5d90b
management.healthchecks.enabled=true management.healthchecks.enabled=true
# source: pattern://b8a36646f81c3247cdb5d90b # source: pattern://b8a36646f81c3247cdb5d90b

View File

@ -44,7 +44,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" tag: "r-7c3dca6bb9792f14907f6128a654a963518cbcca"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
credentials: "git-credentials" credentials: "git-credentials"
podSecurity: podSecurity:

View File

@ -0,0 +1,5 @@
document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initQRCode'));
document.dispatchEvent(new Event('initDrawer'));
document.dispatchEvent(new Event('initCantonalBranding'));
});

View File

@ -1,9 +1,3 @@
document.addEventListener('DOMContentLoaded', function() { document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initAnswer')); document.dispatchEvent(new Event('initAnswer'));
}); });
// eslint-disable-next-line no-unused-vars
function setErrorBanner(value) {
document.getElementById('errorBanner').style.display = value ? 'none' : 'flex';
document.getElementById('buttons').style.marginTop = value ? '16px' : '8px';
}

View File

@ -1,9 +1,3 @@
document.addEventListener('DOMContentLoaded', function() { document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initAnswer')); document.dispatchEvent(new Event('initAnswer'));
}); });
// eslint-disable-next-line no-unused-vars
function setErrorBanner(value) {
document.getElementById('errorBanner').style.display = value ? 'none' : 'flex';
console.log(document.getElementById('errorBanner').style.display);
}

View File

@ -83,7 +83,7 @@
</div> </div>
<div class="mt-auto mb-6 sm:mb-0"> <div class="mt-auto mb-6 sm:mb-0">
<agov-button <agov-button
onclick="fido.authenticate()" id="fido_authenticate"
data-type="button" data-type="button"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-fullwidth="true" data-fullwidth="true"

View File

@ -3,7 +3,7 @@
$text.get("footer.text") $text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a> <a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div> </div>
<p>1.6.0.local-20240821T091044Z-haburger: Wed Aug 21 12:02:18 CEST 2024</p> <p>1.6.8.13-20240919T195132Z</p>
</footer> </footer>
<script src="${login.appDataPath}/static/bundle.js"></script> <script src="${login.appDataPath}/static/bundle.js"></script>
</body> </body>

View File

@ -49,6 +49,8 @@
<div id="agovLoginImage" <div id="agovLoginImage"
class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block"> class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block">
<div class="hidden flex items-center p-2 bg-white dark:bg-black rounded-xl w-16 h-16 absolute left-[calc(39%-32px)] top-8"
id="logoDoor"></div>
<img alt="" src="${login.appDataPath}/static/images/login.svg" <img alt="" src="${login.appDataPath}/static/images/login.svg"
class="hidden md:block dark:hidden w-full"> class="hidden md:block dark:hidden w-full">
<img alt="" src="${login.appDataPath}/static/images/login-dark.svg" <img alt="" src="${login.appDataPath}/static/images/login-dark.svg"
@ -362,13 +364,10 @@
</form> </form>
</div> </div>
<script> <script src="${login.appDataPath}/static/js-code/mauth_usernameless.js" defer>
document.addEventListener('DOMContentLoaded', function () {
document.dispatchEvent(new Event('initQRCode'));
document.dispatchEvent(new Event('initDrawer'));
document.dispatchEvent(new Event('initCantonalBranding'));
cantonalBranding.getLogo("$gui.getGuiElem('agov.appSamlRpEntityId').value", "$login.language");
});
</script> </script>
<div id="appSamlRpEntityId" class="hidden" data-value="$gui.getGuiElem('agov.appSamlRpEntityId').value"
data-language="$login.language">
</div>
#parse("${templatePath}/footer.vm") #parse("${templatePath}/footer.vm")

View File

@ -2,8 +2,8 @@
<agov-backdrop></agov-backdrop> <agov-backdrop></agov-backdrop>
<div id="modal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden"> <div id="modal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
<div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" onclick="modal.setInvisible()"></div> <div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" id="modal_light"></div>
<div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" onclick="modal.setInvisible()"></div> <div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" id="modal_dark"></div>
<div id="drawer" <div id="drawer"
class="fixed bg-white dark:bg-surface-black rounded-[20px] p-10 w-11/12 sm:max-w-[660px] top-1/2 left-1/2 -translate-x-1/2 -translate-y-1/2"> class="fixed bg-white dark:bg-surface-black rounded-[20px] p-10 w-11/12 sm:max-w-[660px] top-1/2 left-1/2 -translate-x-1/2 -translate-y-1/2">
@ -26,12 +26,12 @@
<div class="w-full sm:static mt-auto"> <div class="w-full sm:static mt-auto">
<div class="flex justify-end flex-col-reverse sm:flex-row gap-4"> <div class="flex justify-end flex-col-reverse sm:flex-row gap-4">
<agov-button <agov-button
id="recovery_check_code"
class="block" class="block"
data-style="secondary" data-style="secondary"
data-label="$text.get("general.cancel")" data-label="$text.get("general.cancel")"
data-type="button" data-type="button"
data-fullwidth="true" data-fullwidth="true">
onclick="modal.setInvisible()">
</agov-button> </agov-button>
<a href="$text.get("general.help.link")" target="_blank" rel="noopener noreferrer"> <a href="$text.get("general.help.link")" target="_blank" rel="noopener noreferrer">
<agov-button <agov-button
@ -80,6 +80,7 @@
accept-charset="UTF-8" accept-charset="UTF-8"
class="flex flex-col flex-auto block "> class="flex flex-col flex-auto block ">
<agov-input <agov-input
id="recovery_code_input"
class="mb-4 py-16" class="mb-4 py-16"
data-label="$text.get("recovery_check_code.enterRecoveryCode")" data-label="$text.get("recovery_check_code.enterRecoveryCode")"
data-isLabelHidden="true" data-isLabelHidden="true"
@ -89,10 +90,6 @@
data-value="" data-value=""
data-type="text" data-type="text"
data-autofocus="true" data-autofocus="true"
oninput="validateCode.onInputCodeAndroid(event)"
onkeyup="validateCode.onKeyUp(event)"
onkeydown="validateCode.onInputCode(event)"
onpaste="validateCode.paste(event)"
data-email_invalid="$text.get("recovery_check_code.invalid.code")" data-email_invalid="$text.get("recovery_check_code.invalid.code")"
data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")" data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")"
data-email_required="$text.get("recovery_check_code.invalid.code.required")"> data-email_required="$text.get("recovery_check_code.invalid.code.required")">
@ -101,17 +98,18 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0"> <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col flex-row-reverse gap-4"> <div class="flex flex-col flex-row-reverse gap-4">
<agov-button <agov-button
id="recovery_code_btn"
class="block basis-full" class="block basis-full"
data-name="confirm" data-name="confirm"
data-value="confirm" data-value="confirm"
data-id="confirm" data-id="confirm"
data-label="$text.get("general.confirm")" data-label="$text.get("general.confirm")"
data-type="submit" data-type="submit"
data-fullwidth="true" data-fullwidth="true">
onclick="validateCode.validateForm(event)">
</agov-button> </agov-button>
<agov-button <agov-button
id="recovery_code_btn_cancel"
class="block basis-full" class="block basis-full"
data-style="frameless" data-style="frameless"
data-name="cancelFido2" data-name="cancelFido2"
@ -120,8 +118,7 @@
data-label="$text.get("recovery_check_code.noAccess")" data-label="$text.get("recovery_check_code.noAccess")"
data-type="button" data-type="button"
data-fullwidth="true" data-fullwidth="true"
data-validate="false" data-validate="false">
onclick="modal.setVisible()">
</agov-button> </agov-button>
</div> </div>
</div> </div>

View File

@ -56,8 +56,7 @@
data-style="secondary" data-style="secondary"
data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>Reveal code" data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>Reveal code"
data-type="button" data-type="button"
data-fullwidth="true" data-fullwidth="true">
onclick="blurCode.unBlurCode()">
</agov-button> </agov-button>
<a class="mb-20" target="_blank" href="$PDFLink"> <a class="mb-20" target="_blank" href="$PDFLink">
<agov-button <agov-button
@ -77,14 +76,14 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0"> <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col flex-row-reverse gap-4"> <div class="flex flex-col flex-row-reverse gap-4">
<agov-button <agov-button
id="recovery_code_continue"
class="block basis-full" class="block basis-full"
data-name="submit" data-name="submit"
data-value="submit" data-value="submit"
data-id="submit" data-id="submit"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-type="submit" data-type="submit"
data-fullwidth="true" data-fullwidth="true">
onclick="blurCode.continue(event)">
</agov-button> </agov-button>
</div> </div>

View File

@ -61,7 +61,7 @@
<div class="mt-auto mb-6 sm:mb-0"> <div class="mt-auto mb-6 sm:mb-0">
<agov-button <agov-button
onclick="fido.authenticate()" id="recovery_fido"
data-type="button" data-type="button"
data-label="$text.get("recovery_fidokey_auth.button")" data-label="$text.get("recovery_fidokey_auth.button")"
data-fullwidth="true" data-fullwidth="true"

View File

@ -32,6 +32,14 @@
</div> </div>
#end #end
<div id="captchaNotFilled"
class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("error_9909")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off" <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8" accept-charset="UTF-8"
@ -63,21 +71,16 @@
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey")) #set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl")) #set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled")) #set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true") #if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body text-body-l mb-4"> <div class="font-body w-full text-body-l mb-4">
<div class="flex mt-8"> <div class="flex mt-8">
<script>
function onSolution() {
document.getElementById("submit").disabled = false;
}
</script>
<div class="frc-captcha" <div class="frc-captcha"
id="frc-captcha" id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value" data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value" data-sitekey="$siteKey.value"
data-start="auto" data-start="auto"
data-lang="$login.language" data-lang="$login.language"
data-callback="onSolution"
data-solution-field-name="captcha_response"> data-solution-field-name="captcha_response">
</div> </div>
</div> </div>
@ -86,16 +89,31 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0"> <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col sm:flex-row-reverse gap-4"> <div class="flex flex-col sm:flex-row-reverse gap-4">
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<agov-button <agov-button
id="submit_btn_captcha_enabled"
disabled="true" disabled="true"
class="block basis-full" class="block basis-full"
data-name="continue" data-name="continue"
data-value="continue" data-value="continue"
data-id="continue" data-id="submit"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-type="submit" data-type="submit"
data-fullwidth="true"> data-fullwidth="true">
</agov-button> </agov-button>
#else
<agov-button
id="submit_btn_captcha_disabled"
class="block basis-full"
data-name="continue"
data-value="continue"
data-id="submit"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#end ## if
<agov-button <agov-button
class="block basis-full" class="block basis-full"
data-style="secondary" data-style="secondary"

View File

@ -42,11 +42,11 @@
<div id="buttons" class="w-full sm:static mt-auto mb-6 sm:mb-0 mt-24 sm:mt-24"> <div id="buttons" class="w-full sm:static mt-auto mb-6 sm:mb-0 mt-24 sm:mt-24">
<div class="flex sm:flex-row-reverse flex-col gap-2"> <div class="flex sm:flex-row-reverse flex-col gap-2">
<agov-button <agov-button
id="questionnaire_continue_btn"
class="block basis-full" class="block basis-full"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-type="submit" data-type="submit"
data-fullwidth="true" data-fullwidth="true">
onclick="setErrorBanner(validateAnswer.validateFormYesOrNo(event))">
</agov-button> </agov-button>
<agov-button <agov-button
class="block basis-full" class="block basis-full"

View File

@ -60,11 +60,11 @@
<div class="w-full sm:static mt-8 mb-6 sm:mb-0 "> <div class="w-full sm:static mt-8 mb-6 sm:mb-0 ">
<div class="flex sm:flex-row-reverse flex-col gap-2"> <div class="flex sm:flex-row-reverse flex-col gap-2">
<agov-button <agov-button
id="questionnaire_continue_btn_reason"
class="block basis-full" class="block basis-full"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-type="submit" data-type="submit"
data-fullwidth="true" data-fullwidth="true">
onclick="setErrorBanner(validateAnswer.validateForm(event))">
</agov-button> </agov-button>
<agov-button <agov-button

View File

@ -15,6 +15,14 @@
<h4 class="font-header text-h4 text-disabled-grey dark:text-silver">$text.get("general.securityKey")</h4> <h4 class="font-header text-h4 text-disabled-grey dark:text-silver">$text.get("general.securityKey")</h4>
</div> </div>
<div id="captchaNotFilled"
class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("error_9909")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off" <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8" accept-charset="UTF-8"
@ -42,21 +50,16 @@
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey")) #set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl")) #set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled")) #set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true") #if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body text-body-l mb-4"> <div class="w-full font-body text-body-l mb-4">
<div class="flex mt-8"> <div class="flex mt-8">
<script>
function onSolution() {
document.getElementById("submit").disabled = false;
}
</script>
<div class="frc-captcha" <div class="frc-captcha"
id="frc-captcha" id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value" data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value" data-sitekey="$siteKey.value"
data-start="auto" data-start="auto"
data-lang="$login.language" data-lang="$login.language"
data-callback="onSolution"
data-solution-field-name="captcha_response"> data-solution-field-name="captcha_response">
</div> </div>
</div> </div>
@ -65,7 +68,9 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0"> <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col sm:flex-row-reverse gap-4"> <div class="flex flex-col sm:flex-row-reverse gap-4">
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<agov-button <agov-button
id="submit_btn_captcha_enabled"
disabled="true" disabled="true"
class="block basis-full" class="block basis-full"
data-name="submit" data-name="submit"
@ -75,6 +80,18 @@
data-type="submit" data-type="submit"
data-fullwidth="true"> data-fullwidth="true">
</agov-button> </agov-button>
#else
<agov-button
id="submit_btn_captcha_disabled"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.login")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#end ## if
<agov-button <agov-button
class="block basis-full" class="block basis-full"
data-style="secondary" data-style="secondary"

View File

@ -0,0 +1,5 @@
document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initQRCode'));
document.dispatchEvent(new Event('initDrawer'));
document.dispatchEvent(new Event('initCantonalBranding'));
});

View File

@ -1,9 +1,3 @@
document.addEventListener('DOMContentLoaded', function() { document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initAnswer')); document.dispatchEvent(new Event('initAnswer'));
}); });
// eslint-disable-next-line no-unused-vars
function setErrorBanner(value) {
document.getElementById('errorBanner').style.display = value ? 'none' : 'flex';
document.getElementById('buttons').style.marginTop = value ? '16px' : '8px';
}

View File

@ -1,9 +1,3 @@
document.addEventListener('DOMContentLoaded', function() { document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initAnswer')); document.dispatchEvent(new Event('initAnswer'));
}); });
// eslint-disable-next-line no-unused-vars
function setErrorBanner(value) {
document.getElementById('errorBanner').style.display = value ? 'none' : 'flex';
console.log(document.getElementById('errorBanner').style.display);
}

View File

@ -83,7 +83,7 @@
</div> </div>
<div class="mt-auto mb-6 sm:mb-0"> <div class="mt-auto mb-6 sm:mb-0">
<agov-button <agov-button
onclick="fido.authenticate()" id="fido_authenticate"
data-type="button" data-type="button"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-fullwidth="true" data-fullwidth="true"

View File

@ -3,7 +3,7 @@
$text.get("footer.text") $text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a> <a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div> </div>
<p>1.6.0.local-20240821T091044Z-haburger: Wed Aug 21 12:02:18 CEST 2024</p> <p>1.6.8.13-20240919T195132Z</p>
</footer> </footer>
<script src="${login.appDataPath}/static/bundle.js"></script> <script src="${login.appDataPath}/static/bundle.js"></script>
</body> </body>

View File

@ -49,6 +49,8 @@
<div id="agovLoginImage" <div id="agovLoginImage"
class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block"> class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block">
<div class="hidden flex items-center p-2 bg-white dark:bg-black rounded-xl w-16 h-16 absolute left-[calc(39%-32px)] top-8"
id="logoDoor"></div>
<img alt="" src="${login.appDataPath}/static/images/login.svg" <img alt="" src="${login.appDataPath}/static/images/login.svg"
class="hidden md:block dark:hidden w-full"> class="hidden md:block dark:hidden w-full">
<img alt="" src="${login.appDataPath}/static/images/login-dark.svg" <img alt="" src="${login.appDataPath}/static/images/login-dark.svg"
@ -362,13 +364,10 @@
</form> </form>
</div> </div>
<script> <script src="${login.appDataPath}/static/js-code/mauth_usernameless.js" defer>
document.addEventListener('DOMContentLoaded', function () {
document.dispatchEvent(new Event('initQRCode'));
document.dispatchEvent(new Event('initDrawer'));
document.dispatchEvent(new Event('initCantonalBranding'));
cantonalBranding.getLogo("$gui.getGuiElem('agov.appSamlRpEntityId').value", "$login.language");
});
</script> </script>
<div id="appSamlRpEntityId" class="hidden" data-value="$gui.getGuiElem('agov.appSamlRpEntityId').value"
data-language="$login.language">
</div>
#parse("${templatePath}/footer.vm") #parse("${templatePath}/footer.vm")

View File

@ -2,8 +2,8 @@
<agov-backdrop></agov-backdrop> <agov-backdrop></agov-backdrop>
<div id="modal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden"> <div id="modal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
<div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" onclick="modal.setInvisible()"></div> <div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" id="modal_light"></div>
<div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" onclick="modal.setInvisible()"></div> <div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" id="modal_dark"></div>
<div id="drawer" <div id="drawer"
class="fixed bg-white dark:bg-surface-black rounded-[20px] p-10 w-11/12 sm:max-w-[660px] top-1/2 left-1/2 -translate-x-1/2 -translate-y-1/2"> class="fixed bg-white dark:bg-surface-black rounded-[20px] p-10 w-11/12 sm:max-w-[660px] top-1/2 left-1/2 -translate-x-1/2 -translate-y-1/2">
@ -26,12 +26,12 @@
<div class="w-full sm:static mt-auto"> <div class="w-full sm:static mt-auto">
<div class="flex justify-end flex-col-reverse sm:flex-row gap-4"> <div class="flex justify-end flex-col-reverse sm:flex-row gap-4">
<agov-button <agov-button
id="recovery_check_code"
class="block" class="block"
data-style="secondary" data-style="secondary"
data-label="$text.get("general.cancel")" data-label="$text.get("general.cancel")"
data-type="button" data-type="button"
data-fullwidth="true" data-fullwidth="true">
onclick="modal.setInvisible()">
</agov-button> </agov-button>
<a href="$text.get("general.help.link")" target="_blank" rel="noopener noreferrer"> <a href="$text.get("general.help.link")" target="_blank" rel="noopener noreferrer">
<agov-button <agov-button
@ -80,6 +80,7 @@
accept-charset="UTF-8" accept-charset="UTF-8"
class="flex flex-col flex-auto block "> class="flex flex-col flex-auto block ">
<agov-input <agov-input
id="recovery_code_input"
class="mb-4 py-16" class="mb-4 py-16"
data-label="$text.get("recovery_check_code.enterRecoveryCode")" data-label="$text.get("recovery_check_code.enterRecoveryCode")"
data-isLabelHidden="true" data-isLabelHidden="true"
@ -89,10 +90,6 @@
data-value="" data-value=""
data-type="text" data-type="text"
data-autofocus="true" data-autofocus="true"
oninput="validateCode.onInputCodeAndroid(event)"
onkeyup="validateCode.onKeyUp(event)"
onkeydown="validateCode.onInputCode(event)"
onpaste="validateCode.paste(event)"
data-email_invalid="$text.get("recovery_check_code.invalid.code")" data-email_invalid="$text.get("recovery_check_code.invalid.code")"
data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")" data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")"
data-email_required="$text.get("recovery_check_code.invalid.code.required")"> data-email_required="$text.get("recovery_check_code.invalid.code.required")">
@ -101,17 +98,18 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0"> <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col flex-row-reverse gap-4"> <div class="flex flex-col flex-row-reverse gap-4">
<agov-button <agov-button
id="recovery_code_btn"
class="block basis-full" class="block basis-full"
data-name="confirm" data-name="confirm"
data-value="confirm" data-value="confirm"
data-id="confirm" data-id="confirm"
data-label="$text.get("general.confirm")" data-label="$text.get("general.confirm")"
data-type="submit" data-type="submit"
data-fullwidth="true" data-fullwidth="true">
onclick="validateCode.validateForm(event)">
</agov-button> </agov-button>
<agov-button <agov-button
id="recovery_code_btn_cancel"
class="block basis-full" class="block basis-full"
data-style="frameless" data-style="frameless"
data-name="cancelFido2" data-name="cancelFido2"
@ -120,8 +118,7 @@
data-label="$text.get("recovery_check_code.noAccess")" data-label="$text.get("recovery_check_code.noAccess")"
data-type="button" data-type="button"
data-fullwidth="true" data-fullwidth="true"
data-validate="false" data-validate="false">
onclick="modal.setVisible()">
</agov-button> </agov-button>
</div> </div>
</div> </div>

View File

@ -56,8 +56,7 @@
data-style="secondary" data-style="secondary"
data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>Reveal code" data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>Reveal code"
data-type="button" data-type="button"
data-fullwidth="true" data-fullwidth="true">
onclick="blurCode.unBlurCode()">
</agov-button> </agov-button>
<a class="mb-20" target="_blank" href="$PDFLink"> <a class="mb-20" target="_blank" href="$PDFLink">
<agov-button <agov-button
@ -77,14 +76,14 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0"> <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col flex-row-reverse gap-4"> <div class="flex flex-col flex-row-reverse gap-4">
<agov-button <agov-button
id="recovery_code_continue"
class="block basis-full" class="block basis-full"
data-name="submit" data-name="submit"
data-value="submit" data-value="submit"
data-id="submit" data-id="submit"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-type="submit" data-type="submit"
data-fullwidth="true" data-fullwidth="true">
onclick="blurCode.continue(event)">
</agov-button> </agov-button>
</div> </div>

View File

@ -61,7 +61,7 @@
<div class="mt-auto mb-6 sm:mb-0"> <div class="mt-auto mb-6 sm:mb-0">
<agov-button <agov-button
onclick="fido.authenticate()" id="recovery_fido"
data-type="button" data-type="button"
data-label="$text.get("recovery_fidokey_auth.button")" data-label="$text.get("recovery_fidokey_auth.button")"
data-fullwidth="true" data-fullwidth="true"

View File

@ -32,6 +32,14 @@
</div> </div>
#end #end
<div id="captchaNotFilled"
class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("error_9909")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off" <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8" accept-charset="UTF-8"
@ -63,21 +71,16 @@
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey")) #set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl")) #set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled")) #set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true") #if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body text-body-l mb-4"> <div class="font-body w-full text-body-l mb-4">
<div class="flex mt-8"> <div class="flex mt-8">
<script>
function onSolution() {
document.getElementById("submit").disabled = false;
}
</script>
<div class="frc-captcha" <div class="frc-captcha"
id="frc-captcha" id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value" data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value" data-sitekey="$siteKey.value"
data-start="auto" data-start="auto"
data-lang="$login.language" data-lang="$login.language"
data-callback="onSolution"
data-solution-field-name="captcha_response"> data-solution-field-name="captcha_response">
</div> </div>
</div> </div>
@ -86,16 +89,31 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0"> <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col sm:flex-row-reverse gap-4"> <div class="flex flex-col sm:flex-row-reverse gap-4">
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<agov-button <agov-button
id="submit_btn_captcha_enabled"
disabled="true" disabled="true"
class="block basis-full" class="block basis-full"
data-name="continue" data-name="continue"
data-value="continue" data-value="continue"
data-id="continue" data-id="submit"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-type="submit" data-type="submit"
data-fullwidth="true"> data-fullwidth="true">
</agov-button> </agov-button>
#else
<agov-button
id="submit_btn_captcha_disabled"
class="block basis-full"
data-name="continue"
data-value="continue"
data-id="submit"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#end ## if
<agov-button <agov-button
class="block basis-full" class="block basis-full"
data-style="secondary" data-style="secondary"

View File

@ -42,11 +42,11 @@
<div id="buttons" class="w-full sm:static mt-auto mb-6 sm:mb-0 mt-24 sm:mt-24"> <div id="buttons" class="w-full sm:static mt-auto mb-6 sm:mb-0 mt-24 sm:mt-24">
<div class="flex sm:flex-row-reverse flex-col gap-2"> <div class="flex sm:flex-row-reverse flex-col gap-2">
<agov-button <agov-button
id="questionnaire_continue_btn"
class="block basis-full" class="block basis-full"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-type="submit" data-type="submit"
data-fullwidth="true" data-fullwidth="true">
onclick="setErrorBanner(validateAnswer.validateFormYesOrNo(event))">
</agov-button> </agov-button>
<agov-button <agov-button
class="block basis-full" class="block basis-full"

View File

@ -60,11 +60,11 @@
<div class="w-full sm:static mt-8 mb-6 sm:mb-0 "> <div class="w-full sm:static mt-8 mb-6 sm:mb-0 ">
<div class="flex sm:flex-row-reverse flex-col gap-2"> <div class="flex sm:flex-row-reverse flex-col gap-2">
<agov-button <agov-button
id="questionnaire_continue_btn_reason"
class="block basis-full" class="block basis-full"
data-label="$text.get("general.continue")" data-label="$text.get("general.continue")"
data-type="submit" data-type="submit"
data-fullwidth="true" data-fullwidth="true">
onclick="setErrorBanner(validateAnswer.validateForm(event))">
</agov-button> </agov-button>
<agov-button <agov-button

View File

@ -15,6 +15,14 @@
<h4 class="font-header text-h4 text-disabled-grey dark:text-silver">$text.get("general.securityKey")</h4> <h4 class="font-header text-h4 text-disabled-grey dark:text-silver">$text.get("general.securityKey")</h4>
</div> </div>
<div id="captchaNotFilled"
class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("error_9909")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*',''))) #set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off" <form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8" accept-charset="UTF-8"
@ -42,21 +50,16 @@
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey")) #set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl")) #set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled")) #set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true") #if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body text-body-l mb-4"> <div class="w-full font-body text-body-l mb-4">
<div class="flex mt-8"> <div class="flex mt-8">
<script>
function onSolution() {
document.getElementById("submit").disabled = false;
}
</script>
<div class="frc-captcha" <div class="frc-captcha"
id="frc-captcha" id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value" data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value" data-sitekey="$siteKey.value"
data-start="auto" data-start="auto"
data-lang="$login.language" data-lang="$login.language"
data-callback="onSolution"
data-solution-field-name="captcha_response"> data-solution-field-name="captcha_response">
</div> </div>
</div> </div>
@ -65,7 +68,9 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0"> <div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col sm:flex-row-reverse gap-4"> <div class="flex flex-col sm:flex-row-reverse gap-4">
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<agov-button <agov-button
id="submit_btn_captcha_enabled"
disabled="true" disabled="true"
class="block basis-full" class="block basis-full"
data-name="submit" data-name="submit"
@ -75,6 +80,18 @@
data-type="submit" data-type="submit"
data-fullwidth="true"> data-fullwidth="true">
</agov-button> </agov-button>
#else
<agov-button
id="submit_btn_captcha_disabled"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.login")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#end ## if
<agov-button <agov-button
class="block basis-full" class="block basis-full"
data-style="secondary" data-style="secondary"

View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-be4d7b3836489983642da8c01294cab133468c44" tag: "r-7c3dca6bb9792f14907f6128a654a963518cbcca"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

View File

@ -704,7 +704,7 @@
<init-param> <init-param>
<param-name>DelegateToFrontend</param-name> <param-name>DelegateToFrontend</param-name>
<param-value> <param-value>
Content-Security-Policy-Report-Only:default-src 'none'; script-src 'self' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'unsafe-inline'; script-src-elem https://www.google.com https://www.gstatic.com 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-VVRbrI9TGfTX6IQoysg2+krJFUO9Ckt6G7Gcs1q2dgM=' 'sha256-6FA//NVJWFgnJwirzDKHC42MZIXYrIxtNaKCahX3DLg=' 'sha256-3whVsWq2brmbgJQdoqbeJgW+43c+XyGdWbKl7sqG3YQ=' 'sha256-3whVsWq2brmbgJQdoqbeJgW+43c+XyGdWbKl7sqG3YQ=' 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'sha256-Q5DmyIIE+GwAh03yBzctDxvuwMTX0uUUUP5UU3yFoF0=' 'sha256-Q5DmyIIE+GwAh03yBzctDxvuwMTX0uUUUP5UU3yFoF0=' 'sha256-JnkgaYe2Kqj0SvIYv1vTPV72Rnsp5aU6c015YNij5Ks=' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-MdFWcEIx4V82/ap9SUt01BxZMN4eFGEl8hNDFEGIzJU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ifPclQYYwRDXSPQgB9/6UgAgEICBpwegJBWNhOI8dOA=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-2diQqrANllVP9IWjXj1A6fjjvlPtpN6NXlmTiRJneCU=' 'sha256-Q5DmyIIE+GwAh03yBzctDxvuwMTX0uUUUP5UU3yFoF0=' 'sha256-Q5DmyIIE+GwAh03yBzctDxvuwMTX0uUUUP5UU3yFoF0=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'unsafe-hashes' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-src https://www.google.com Content-Security-Policy-Report-Only:default-src 'none'; script-src 'wasm-unsafe-eval' 'self' 'sha256-4r4l/2aahtvPIxQP0YmmqfftYXNwNqxxqOUaXVE0FjM=' 'sha256-3sconOU5uxdS6tVa5DhEli3N+/aY9IvYh873WqDptD0=' 'sha256-N3+RfLbnlpBc0lUnNy4soyLbX0tNDqQt5LPzkEsYOHo=' 'sha256-uOoE0nq21NJDv37YLUOxV9aCnNstJ0GK7BiXNMXQAcI='; worker-src blob:; child-src blob:; connect-src 'self' https://api.friendlycaptcha.com/api/v1/puzzle; img-src 'self'; style-src 'self' 'sha256-/yxYnm5QjS5hz1/KbfNQ/Deyfb9rK1xZefYJGNT9UmU=' 'sha256-2diQqrANllVP9IWjXj1A6fjjvlPtpN6NXlmTiRJneCU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-DHdp+1g/LIFDKreGcezYZywjzyvqUEbmjv4fv+nEQeE=' 'sha256-DtJ0G5eArSV7tvvFUUeV7iyiWfBGflIkRW64/tmMWUk=' 'sha256-JhfXJ5URuB/EAqhZ9vqgEO6trOuCE0w2/ChmfrVzxFo=' 'sha256-MdFWcEIx4V82/ap9SUt01BxZMN4eFGEl8hNDFEGIzJU=' 'sha256-dnsMWK7eeuHUJm/wLL2CXCibJJV0lnUxjpqlu5fcUsg=' 'sha256-iKyiqXXi2KXxNcOUCr+VCUo09ipHFWuIkztLNvUXhd0=' 'sha256-ifPclQYYwRDXSPQgB9/6UgAgEICBpwegJBWNhOI8dOA='; form-action 'self' https://trustbroker.agov-d.azure.adnovum.net/adfs/ls https://me.agov-d.azure.adnovum.net/registration/api/login/saml2/sso/agovidpdirect https://me.agov-d.azure.adnovum.net/account/api/login/saml2/sso/agovidpdirect; font-src 'self';
Cross-Origin-Embedder-Policy:require-corp Cross-Origin-Embedder-Policy:require-corp
Cross-Origin-Opener-Policy:same-origin Cross-Origin-Opener-Policy:same-origin
Cross-Origin-Resource-Policy:same-site Cross-Origin-Resource-Policy:same-site