nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-10-21 07:42:46 +00:00
parent 42684d5271
commit 692dfd46d1
52 changed files with 581 additions and 638 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-be4d7b3836489983642da8c01294cab133468c44"
tag: "r-7c3dca6bb9792f14907f6128a654a963518cbcca"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials"
keystores:

BIN
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.jks
View File

Binary file not shown.

BIN
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/env-ca/truststore.p12
View File

Binary file not shown.

5
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy
View File

@ -94,12 +94,13 @@ if (!session['ch.adnovum.nevisidm.userDto'].contains("<properties><name>idVerifi
json['items'].eachWithIndex { az, i ->
if (az.roleExtId == level100RoleExtid) {
agovAq100AuthEndpoint = "${endpoint}/${az.extId}"
aq100AuthRestURL = "${endpoint}/${az.extId}"
}
}
}
endpoint = "${aq100AuthRestURL}/properties"
endpoint = "${aq100AuthRestURL}/properties"
def patchRequest = new HTTPRequestWrapper()
patchRequest.addToHeaders('Content-Type', ['application/json'])

395
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -186,7 +186,7 @@
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
<ResultCond name="fido2" next="Auth_Realm_Main_IDP_FIDO2_ResetSessionInfos"/>
<ResultCond name="fido2" next="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos"/>
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth_Processing"/>
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
@ -220,18 +220,24 @@
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
<property name="parameter.recoveryurl" value="https://auth.agov-w.azure.adnovum.net/AUTH/RECOVERY/"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_FIDO2_ResetSessionInfos" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://887ada57500885703a4a9408 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos"/>
<!-- source: pattern://887ada57500885703a4a9408 -->
<AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<Response value="AUTH_ERROR">
<!-- source: pattern://887ada57500885703a4a9408 -->
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://887ada57500885703a4a9408 -->
<property name="sess:agov.fido2.X-ReCAPTCHA-Integration" value=""/>
<!-- source: pattern://887ada57500885703a4a9408 -->
<property name="removeOnEmptyValue" value="true"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="parameter.realIpHttpHeaderName" value="X-Forwarded-For"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v1/configinfo"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="scriptTraceGroup" value="AgovCaptcha"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Mobile_NLess_Auth_Processing" class="ch.nevis.auth.fido.uaf.authstate.OutOfBandFidoUafAuthState" final="false" resumeState="false">
<!-- source: pattern://f63c475c35b616b7c6c1901c -->
@ -267,22 +273,37 @@
<!-- source: pattern://d76231eaa88cb1645ce44cf3 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/createuuid.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaInfos" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<Response value="AUTH_ERROR">
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
<AuthState name="Auth_Realm_Main_IDP_Email_Input" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="stay" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="timeout" next="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="verifyEmail" next="Auth_Realm_Main_IDP_fido2_fetchCaptchaResult"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<Gui name="user_input">
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="email" type="text" label="prompt.email" value="#{(inargs.getProperty('userInputValue_prompt.email') != null) ? inargs.getProperty('userInputValue_prompt.email') : session.get('ch.nevis.idm.User.email')}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="captchaSettings.enabled" type="hidden" value="${sess:agov.fido2.captchaSettings.enabled}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="friendlyCaptchaSettings.siteKey" type="hidden" value="${sess:agov.fido2.captchaSettings.siteKey}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="friendlyCaptchaSettings.puzzleUrl" type="hidden" value="${sess:agov.fido2.captchaSettings.puzzleUrl}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="cancelFido2" type="submit" label="cancel.button.label" value="cancelFido2"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v1/configinfo"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="scriptTraceGroup" value="AgovCaptcha"/>
<!-- source: pattern://f39352769cb2a1c88e1a176d -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_FidoUAF_VariableStep" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://56c67433c7a47b6cb06f011a -->
@ -361,37 +382,35 @@
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="out.audienceRestriction" value="https://me.agov-d.azure.adnovum.net/registration/api/saml2/service-provider-metadata/agovidpdirect"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Email_Input" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="stay" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="timeout" next="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<ResultCond name="verifyEmail" next="Auth_Realm_Main_IDP_fido2_fetchCaptchaResult"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://826166d230a6a4849f2837ae -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<Gui name="user_input">
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="email" type="text" label="prompt.email" value="#{(inargs.getProperty('userInputValue_prompt.email') != null) ? inargs.getProperty('userInputValue_prompt.email') : session.get('ch.nevis.idm.User.email')}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="captchaSettings.enabled" type="hidden" value="${sess:agov.fido2.captchaSettings.enabled}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="friendlyCaptchaSettings.siteKey" type="hidden" value="${sess:agov.fido2.captchaSettings.siteKey}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="friendlyCaptchaSettings.puzzleUrl" type="hidden" value="${sess:agov.fido2.captchaSettings.puzzleUrl}" optional="true"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="cancelFido2" type="submit" label="cancel.button.label" value="cancelFido2"/>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
<!-- source: pattern://826166d230a6a4849f2837ae -->
<Gui name="NotUsed"/>
</Response>
<!-- source: pattern://e3cac41e75980361d7d26bde -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/sanitizeAndDispatchEmailInput.groovy"/>
<!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="parameter.cookie.domain" value="agov-w.azure.adnovum.net"/>
<!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaResult" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="exit.1" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fido_Email_Verify"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v2/captcha/"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="scriptTraceGroup" value="AgovCaptcha"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Mobile_UserID_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
<!-- source: pattern://c686c1bdd5355351f7f98cc8 -->
@ -449,35 +468,48 @@
<!-- source: pattern://bfd395eb0dab50aff2f2c01b -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_ReturnTimeoutButKeepSession" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://826166d230a6a4849f2837ae -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://826166d230a6a4849f2837ae -->
<Gui name="NotUsed"/>
</Response>
<!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="parameter.cookie.domain" value="agov-w.azure.adnovum.net"/>
<!-- source: pattern://826166d230a6a4849f2837ae -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/returnTimeoutButKeepSession.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_fido2_fetchCaptchaResult" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="exit.1" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fido_Email_Verify"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="failed" next="Auth_Realm_Main_IDP_Fido_Email_Verify_FailedEmailState"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="prospect" next="Auth_Realm_Main_IDP_Fido_Email_Verify_IdmGetPropertiesState"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Gui name="internal_error">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<GuiElem name="transferId" type="hidden" value="${system:random.bytes.16}" optional="true"/>
</Gui>
</Response>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v2/captcha/"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="scriptTraceGroup" value="AgovCaptcha"/>
<!-- source: pattern://699f22cf1cd4ad08bd973f31 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy"/>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="user.loginId" value="${inargs:userInputValue_prompt.email}"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="user.loginType" value="EMAIL"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="client.name" value="agov"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="presetNoteValues" value="false"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.user" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.profile" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.role" value="MEDIUM"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.authorization" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.dataroom" value="LOW"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.credential" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.property" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.unit" value="LOW"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.default" value="EXCLUDE"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://0b3ce3ceec7bfca3ea524983 -->
@ -549,71 +581,6 @@
<!-- source: pattern://e0fda9336be9c69dafc9b69e -->
<property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="clientNotFound" next="Auth_Realm_Main_IDP_AuthnFailed_Client_NotFound"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="failed" next="Auth_Realm_Main_IDP_Fido_Email_Verify_FailedEmailState"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="prospect" next="Auth_Realm_Main_IDP_Fido_Email_Verify_IdmGetPropertiesState"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<Gui name="internal_error">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<GuiElem name="transferId" type="hidden" value="${system:random.bytes.16}" optional="true"/>
</Gui>
</Response>
<propertyRef name="nevisIDM_Connector"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="user.loginId" value="${inargs:userInputValue_prompt.email}"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="user.loginType" value="EMAIL"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="client.name" value="agov"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="presetNoteValues" value="false"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.user" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.profile" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.role" value="MEDIUM"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.authorization" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.dataroom" value="LOW"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.credential" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.property" value="HIGH"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.unit" value="LOW"/>
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.default" value="EXCLUDE"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Account_State" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="done" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="failed" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="reload" next="Auth_Realm_Main_IDP_Ensure_Account_State_Reload"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/ensureAccountState.groovy"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.idm.baseUrl" value="https://idm:8989/nevisidm/api"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.unitExtid" value="1000"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.level100.roleExtid" value="aee52e9f-7084-4e55-9aea-9383ac7757f7"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ensure_Account_State"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Fido_Email_Verify_FailedEmailState" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_FIDO2_Authentication"/>
@ -675,6 +642,53 @@
<!-- source: pattern://7fb39bfd6c34685866a22180 -->
<property name="detaillevel.default" value="EXCLUDE"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Account_State" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="done" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="failed" next="Auth_Realm_Main_IDP_SendSamlResponseWithError"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<ResultCond name="reload" next="Auth_Realm_Main_IDP_Ensure_Account_State_Reload"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/ensureAccountState.groovy"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.idm.baseUrl" value="https://idm:8989/nevisidm/api"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.unitExtid" value="1000"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.level100.roleExtid" value="${param.agov.level100.roleExtid}"/>
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="parameter.idm.httpclient.tls.trustStoreRef" value="Ensure_Account_State"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_FIDO2_Authentication" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_OnCancel_Dispatch"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fido2_VariableStep"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Gui name="fido2_auth" label="title.login.fido2"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Arg name="fido2UserVerification" value="required"/>
</Response>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.cancel" value="OnCancel_Dispatch"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.fido" value="fido2:9443"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.rpId" value="agov-w.azure.adnovum.net"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_auth.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false" resumeState="false">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_decryptCode"/>
@ -744,43 +758,6 @@
<!-- source: pattern://f393012a278e525956a362d3 -->
<property name="detaillevel.default" value="EXCLUDE"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_FIDO2_Authentication" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="cancel" next="Auth_Realm_Main_IDP_OnCancel_Dispatch"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Fido2_VariableStep"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Gui name="fido2_auth" label="title.login.fido2"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<Arg name="fido2UserVerification" value="required"/>
</Response>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.cancel" value="OnCancel_Dispatch"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.fido" value="fido2:9443"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="parameter.rpId" value="agov-w.azure.adnovum.net"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://302b0fa3c5c3d1d17e9b1004 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/fido2_auth.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_decryptCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoKey" value="secret://8jzQ1+F4HHvx7/tKFYRZb2/hFmyXjzt1HXgMJz+Tb16qSMh5Yv2QNnDH0JqsXHAoqtvZu1Nlo5A="/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoAlgorithm" value="AES/CTR/PKCS5Padding"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="${sess:agov.new.recovery.code.cipher}?notes:agov.new.recovery.code:decrypt-b64" value="${sess:agov.new.recovery.code.cipher}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_OnCancel_Dispatch" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false">
<!-- source: pattern://af4ec934e8efbef422f03926 -->
<ResultCond name="AccessApp" next="Auth_Realm_Main_IDP_Mobile_NLess_Auth"/>
@ -809,6 +786,37 @@
<!-- source: pattern://1a7583c6caa3b5c36599b25e -->
<property name="sess:authenticatedWith" value="urn:qa.agov.ch:names:tc:authfactor:fido"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_decryptCode" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="default" next="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<Response value="AUTH_CONTINUE"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoKey" value="secret://8jzQ1+F4HHvx7/tKFYRZb2/hFmyXjzt1HXgMJz+Tb16qSMh5Yv2QNnDH0JqsXHAoqtvZu1Nlo5A="/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="cryptoAlgorithm" value="AES/CTR/PKCS5Padding"/>
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="${sess:agov.new.recovery.code.cipher}?notes:agov.new.recovery.code:decrypt-b64" value="${sess:agov.new.recovery.code.cipher}"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_clear_request_session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<Response value="AUTH_ERROR">
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="request:loginId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileExtId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileName" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="removeOnEmptyValue" value="true"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_Ensure_Recovery_Code_Process" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<ResultCond name="done" next="Auth_Realm_Main_IDP_CheckLoa"/>
@ -843,25 +851,6 @@
<!-- source: pattern://9ff0369f3cf662f95d94ff09 -->
<property name="parameter.cookie.domain" value="auth.agov-w.azure.adnovum.net"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_clear_request_session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false">
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<ResultCond name="ok" next="Auth_Realm_Main_IDP_Email_Input"/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<Response value="AUTH_ERROR">
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="request:loginId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileExtId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileId" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="sess:ch.adnovum.nevisidm.profileName" value=""/>
<!-- source: pattern://8c28e8f3352491ef7c5315fc -->
<property name="removeOnEmptyValue" value="true"/>
</AuthState>
<AuthState name="Auth_Realm_Main_IDP_CheckLoa" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://2cdd910036aa06b102863a4f -->
<ResultCond name="error" next="Auth_Realm_Main_IDP_AuthnFailed_Zero_RoleLvl"/>
@ -1629,6 +1618,8 @@
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://bea3ca0c85381d07d632be52 -->
<property name="parameter.realIpHttpHeaderName" value="X-Forwarded-For"/>
<!-- source: pattern://bea3ca0c85381d07d632be52 -->
<property name="parameter.url" value="https://utility.agov-d.azure.adnovum.net/utility/api/v1/configinfo"/>
<!-- source: pattern://bea3ca0c85381d07d632be52 -->
<property name="scriptTraceGroup" value="AgovCaptcha"/>

24
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy
View File

@ -2,38 +2,24 @@ import groovy.json.JsonSlurper
import io.opentelemetry.api.trace.Span
def url = parameters.get('url')
def realIpHttpHeaderName = parameters.get('realIpHttpHeaderName') ?: 'X-Real-IP'
def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
try {
//TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
session.remove('agov.fido2.X-ReCAPTCHA-Integration')
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
LOG.error('traceparent: ' + traceparent)
def jsonSlurper = new JsonSlurper()
def httpClient = HttpClients.create(parameters)
def httpResponse = Http.get().url(url).build().send(httpClient)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
def httpResponse = Http.get().url(url).header('traceparent', traceparent)
.header(realIpHttpHeaderName, ip).build().send(httpClient)
LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString())
if (httpResponse.code() == 200) {
def json = jsonSlurper.parseText(httpResponse.bodyAsString())
// TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
// response.setSessionAttribute('agov.fido2.json.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled))
// response.setSessionAttribute('agov.fido2.json.captchaSettings.reCaptchaInvisibleSiteKey', json.captchaSettings.reCaptchaInvisibleSiteKey)
// response.setSessionAttribute('agov.fido2.json.captchaSettings.reCaptchaVisibleSiteKey', json.captchaSettings.reCaptchaVisibleSiteKey)
//
// if (session.get('agov.fido2.X-ReCAPTCHA-Integration') == null) {
// response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'INVISIBLE')
// } else {
// response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'VISIBLE')
// }
response.setSessionAttribute('agov.fido2.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled))
response.setSessionAttribute('agov.fido2.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey)
response.setSessionAttribute('agov.fido2.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl)

64
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy
View File

@ -1,7 +1,10 @@
import io.opentelemetry.api.trace.Span
def url = parameters.get('url')
def email = inargs['userInputValue_prompt.email']
def token = inargs['captcha_response']?: 'MISSING'
def enabled = (session['agov.fido2.captchaSettings.enabled']?:'true').toBoolean()
def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
@ -13,11 +16,21 @@ LOG.debug('Payload: ' + payload)
try {
if (!enabled) {
LOG.info("FriendlyCAPTCHA is disabled, allowing operation for ${payload}")
response.setResult('ok')
return
}
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def httpClient = HttpClients.create(parameters)
def httpResponse = Http.post()
.url(url)
.header("Accept", "application/json")
.header("X-FriendlyCAPTCHA-Token", token)
.header("traceparent", traceparent)
.entity(Http.entity()
.content(payload)
.contentType("application/json")
@ -25,7 +38,6 @@ try {
.build()
.send(httpClient)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString())
@ -49,53 +61,3 @@ try {
response.setResult('error')
response.setError(1, 'Exception during HTTP call')
}
// TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
//
// def payload = '{ "email": "' + inargs['userInputValue_prompt.email'] + '", "action": "LOGIN", "userIp": "' + ip + '", "userAgent": "' + userAgent + '"}'
//
// LOG.info('Token: ' + inargs['recaptcha_response'])
// LOG.info('Integration: ' + session['agov.fido2.X-ReCAPTCHA-Integration'])
// LOG.info('Payload: ' + payload)
//
// try {
//
// def httpClient = HttpClients.create(parameters)
// def httpResponse = Http.post()
// .url(url)
// .header("Accept", "application/json")
// .header("X-ReCAPTCHA-Token", inargs['recaptcha_response'])
// .header("X-ReCAPTCHA-Integration", session['agov.fido2.X-ReCAPTCHA-Integration'])
// .entity(Http.entity()
// .content(payload)
// .contentType("application/json")
// .build())
// .build()
// .send(httpClient)
//
// LOG.info('Response Message: ' + httpResponse.reasonPhrase())
// LOG.info('Response Status Code: ' + httpResponse.code())
// LOG.info('Response: ' + httpResponse.bodyAsString())
//
// if (httpResponse.code() == 200) {
// if (httpResponse.bodyAsString().contains('SUCCESSFUL')) {
// response.setResult('ok')
// return
// } else {
//
// response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'VISIBLE')
// response.setResult('exit.1')
// return
// }
// } else {
// LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())
// response.setResult('error')
// response.setError(1, 'Unexpected HTTP reponse')
// }
// } catch (all) {
// // Handle exception and set the transition
// LOG.error('error: ' + all, all)
// response.setResult('error')
// response.setError(1, 'Exception during HTTP call')
// }

25
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptchainfos.groovy
View File

@ -1,31 +1,26 @@
import groovy.json.JsonSlurper
import io.opentelemetry.api.trace.Span
def url = parameters.get('url')
def realIpHttpHeaderName = parameters.get('realIpHttpHeaderName') ?: 'X-Real-IP'
def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
try {
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def jsonSlurper = new JsonSlurper()
def httpClient = HttpClients.create(parameters)
def httpResponse = Http.get().url(url).build().send(httpClient)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
def httpResponse = Http.get().url(url).header('traceparent', traceparent)
.header(realIpHttpHeaderName, ip).build().send(httpClient)
LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString())
if (httpResponse.code() == 200) {
def json = jsonSlurper.parseText(httpResponse.bodyAsString())
// TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
// response.setSessionAttribute('agov.recovery.json.accountUrl', json.accountUrl)
// response.setSessionAttribute('agov.recovery.json.registrationUrl', json.registrationUrl)
// response.setSessionAttribute('agov.recovery.json.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled))
// response.setSessionAttribute('agov.recovery.json.captchaSettings.reCaptchaInvisibleSiteKey', json.captchaSettings.reCaptchaInvisibleSiteKey)
// response.setSessionAttribute('agov.recovery.json.captchaSettings.reCaptchaVisibleSiteKey', json.captchaSettings.reCaptchaVisibleSiteKey)
// if (session.get('agov.recovery.X-ReCAPTCHA-Integration') == null) {
// response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'INVISIBLE')
// } else {
// response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'VISIBLE')
// }
response.setSessionAttribute('agov.recovery.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled))
response.setSessionAttribute('agov.recovery.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled))
response.setSessionAttribute('agov.recovery.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey)
response.setSessionAttribute('agov.recovery.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl)

65
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptcharesult.groovy
View File

@ -1,7 +1,10 @@
import io.opentelemetry.api.trace.Span
def url = parameters.get('url')
def email = inargs['email']
def token = inargs['captcha_response']?: 'MISSING'
def enabled = (session['agov.recovery.captchaSettings.enabled']?:'true').toBoolean()
def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
@ -13,11 +16,21 @@ LOG.debug('Payload: ' + payload)
try {
if (!enabled) {
LOG.info("FriendlyCAPTCHA is disabled, allowing operation for ${payload}")
response.setResult('ok')
return
}
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def httpClient = HttpClients.create(parameters)
def httpResponse = Http.post()
.url(url)
.header("Accept", "application/json")
.header("X-FriendlyCAPTCHA-Token", token)
.header("traceparent", traceparent)
.entity(Http.entity()
.content(payload)
.contentType("application/json")
@ -25,7 +38,6 @@ try {
.build()
.send(httpClient)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString())
@ -49,54 +61,3 @@ try {
response.setResult('error')
response.setError(1, 'Exception during HTTP call')
}
// TODO/haburger/2024-AUG-20: remove if reCaptcha is not needed anymore
// def payload = '{ "email": "' + inargs['email'] + '", "action": "LOGIN", "userIp": "' + session.get('agov.recovery.ip') + '", "userAgent": "' + session.get('agov.recovery.userAgent') + '"}'
//
// LOG.info('Token: ' + inargs['recaptcha_response'])
// LOG.info('Integration: ' + session['agov.recovery.X-ReCAPTCHA-Integration'])
// LOG.info('Payload: ' + payload)
//
// try {
//
// def httpClient = HttpClients.create(parameters)
// def httpResponse = Http.post()
// .url(url)
// .header("Accept", "application/json")
// .header("X-ReCAPTCHA-Token", inargs['recaptcha_response'])
// .header("X-ReCAPTCHA-Integration", session['agov.recovery.X-ReCAPTCHA-Integration'])
// .entity(Http.entity()
// .content(payload)
// .contentType("application/json")
// // .charSet("utf-8")
// .build())
// .build()
// .send(httpClient)
//
// LOG.info('Response Message: ' + httpResponse.reasonPhrase())
// LOG.info('Response Status Code: ' + httpResponse.code())
// LOG.info('Response: ' + httpResponse.bodyAsString())
//
// if (httpResponse.code() == 200) {
// if (httpResponse.bodyAsString().contains('SUCCESSFUL')) {
// response.setResult('ok')
// return
// } else {
//
// response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'VISIBLE')
// response.setResult('exit.1')
// return
// }
// } else {
// LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())
// response.setResult('error')
// response.setError(1, 'Unexpected HTTP reponse')
// }
// } catch (all) {
// // Handle exception and set the transition
// LOG.error('error: ' + all, all)
// response.setResult('error')
// response.setError(1, 'Exception during HTTP call')
// }

1
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_handlecode.groovy
View File

@ -1,4 +1,5 @@
import ch.nevis.esauth.auth.engine.AuthResponse
if (inargs['cancel'] == 'cancel') {
//cleanSession()
response.setStatus(AuthResponse.AUTH_ERROR)

10
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_sendemail031.groovy
View File

@ -1,19 +1,19 @@
//import ch.nevis.esauth.util.httpclient.api.HttpClient;
//import ch.nevis.esauth.util.httpclient.api.HttpClients;
//import ch.nevis.esauth.util.httpclient.api.Http;
import io.opentelemetry.api.trace.Span
def url = parameters.get('url')
//def payload = parameters.get('json')
//def url = "https://me.agov-d.azure.adnovum.net:48081/utility/api/v1/email/031"
def email = inargs['email']
def language = session['ch.nevis.session.user.language'] ?: 'en'
def payload = '{ "email": "' + email + '", "language": "' + language + '"}'
try {
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def httpClient = HttpClients.create(parameters)
def httpResponse = Http.post()
.url(url)
.header("Accept", "application/json")
.header("traceparent", traceparent)
.entity(Http.entity()
.content(payload)
.contentType("application/json")

8
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy
View File

@ -1,8 +1,6 @@
import groovy.xml.XmlSlurper
import groovy.json.JsonSlurper
//import ch.nevis.esauth.util.httpclient.api.HttpClients
//import ch.nevis.esauth.util.httpclient.api.Http
import io.opentelemetry.api.trace.Span
int getRequestedLevel(String authnContextClassRef, def roleList){
if (!authnContextClassRef) {
@ -58,11 +56,13 @@ if (requestedRoleLevelNumber == 0 || session.get('ch.nevis.auth.saml.request.sco
}
try {
def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
def jsonSlurper = new JsonSlurper()
def url = parameters.get('url') + '?entity-id=' + session.get('ch.nevis.auth.saml.request.scoping.requesterId')
LOG.debug('Request url: ' + url)
def httpClient = HttpClients.create(parameters)
def httpResponse = Http.get().url(url).build().send(httpClient)
def httpResponse = Http.get().url(url).header('traceparent', traceparent).build().send(httpClient)
LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
LOG.debug('Response Status Code: ' + httpResponse.code())
LOG.debug('Response: ' + httpResponse.bodyAsString())

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-internal-idp-auth-signer-trust-b8a36646f81c3247cdb5d90b.yaml → DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-idp-idm-sectoken-signer-trust-b8a36646f81c3247cdb5d90b.yaml
View File

@ -1,7 +1,7 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisTrustStore"
metadata:
name: "idm-internal-idp-auth-signer-trust"
name: "idm-idp-idm-sectoken-signer-trust"
namespace: "adn-agov-nevisidm-01-uat"
labels:
deploymentTarget: "idm"

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml
View File

@ -46,14 +46,14 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-be4d7b3836489983642da8c01294cab133468c44"
tag: "r-7c3dca6bb9792f14907f6128a654a963518cbcca"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
credentials: "git-credentials"
keystores:
- "idm-default-identity"
truststores:
- "idm-idp-idm-sectoken-signer-trust"
- "idm-technical-trust-store"
- "idm-internal-idp-auth-signer-trust"
podSecurity:
policy: "baseline"
automountServiceAccountToken: false

BIN
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
View File

Binary file not shown.

BIN
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/keys/trust/idm-db-tls-truststore/truststore.p12
View File

Binary file not shown.

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties
View File

@ -99,7 +99,7 @@ server.tls.truststore=/var/opt/keys/trust/idm-technical-trust-store/truststore.p
# source: pattern://b8a36646f81c3247cdb5d90b
server.tls.truststore-passphrase=${exec:/var/opt/keys/trust/idm-technical-trust-store/keypass}
# source: pattern://b8a36646f81c3247cdb5d90b
server.auth.ninja.truststore=/var/opt/keys/trust/idm-internal-idp-auth-signer-trust/truststore.jks
server.auth.ninja.truststore=/var/opt/keys/trust/idm-idp-idm-sectoken-signer-trust/truststore.jks
# source: pattern://b8a36646f81c3247cdb5d90b
management.healthchecks.enabled=true
# source: pattern://b8a36646f81c3247cdb5d90b

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
View File

@ -44,7 +44,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282"
tag: "r-7c3dca6bb9792f14907f6128a654a963518cbcca"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
credentials: "git-credentials"
podSecurity:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/bundle.js
View File

File diff suppressed because one or more lines are too long

5
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/mauth_usernameless.js Normal file
View File

@ -0,0 +1,5 @@
document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initQRCode'));
document.dispatchEvent(new Event('initDrawer'));
document.dispatchEvent(new Event('initCantonalBranding'));
});

6
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_questionnaire_loginfactor.js
View File

@ -1,9 +1,3 @@
document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initAnswer'));
});
// eslint-disable-next-line no-unused-vars
function setErrorBanner(value) {
document.getElementById('errorBanner').style.display = value ? 'none' : 'flex';
document.getElementById('buttons').style.marginTop = value ? '16px' : '8px';
}

6
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/js-code/recovery_questionnaire_reason_selection.js
View File

@ -1,9 +1,3 @@
document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initAnswer'));
});
// eslint-disable-next-line no-unused-vars
function setErrorBanner(value) {
document.getElementById('errorBanner').style.display = value ? 'none' : 'flex';
console.log(document.getElementById('errorBanner').style.display);
}

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/tailwind.css
View File

File diff suppressed because one or more lines are too long

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/fido2_auth.vm
View File

@ -83,7 +83,7 @@
</div>
<div class="mt-auto mb-6 sm:mb-0">
<agov-button
onclick="fido.authenticate()"
id="fido_authenticate"
data-type="button"
data-label="$text.get("general.continue")"
data-fullwidth="true"

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm
View File

@ -3,7 +3,7 @@
$text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div>
<p>1.6.0.local-20240821T091044Z-haburger: Wed Aug 21 12:02:18 CEST 2024</p>
<p>1.6.8.13-20240919T195132Z</p>
</footer>
<script src="${login.appDataPath}/static/bundle.js"></script>
</body>

13
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/mauth_usernameless.vm
View File

@ -49,6 +49,8 @@
<div id="agovLoginImage"
class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block">
<div class="hidden flex items-center p-2 bg-white dark:bg-black rounded-xl w-16 h-16 absolute left-[calc(39%-32px)] top-8"
id="logoDoor"></div>
<img alt="" src="${login.appDataPath}/static/images/login.svg"
class="hidden md:block dark:hidden w-full">
<img alt="" src="${login.appDataPath}/static/images/login-dark.svg"
@ -362,13 +364,10 @@
</form>
</div>
<script>
document.addEventListener('DOMContentLoaded', function () {
document.dispatchEvent(new Event('initQRCode'));
document.dispatchEvent(new Event('initDrawer'));
document.dispatchEvent(new Event('initCantonalBranding'));
cantonalBranding.getLogo("$gui.getGuiElem('agov.appSamlRpEntityId').value", "$login.language");
});
<script src="${login.appDataPath}/static/js-code/mauth_usernameless.js" defer>
</script>
<div id="appSamlRpEntityId" class="hidden" data-value="$gui.getGuiElem('agov.appSamlRpEntityId').value"
data-language="$login.language">
</div>
#parse("${templatePath}/footer.vm")

21
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_check_code.vm
View File

@ -2,8 +2,8 @@
<agov-backdrop></agov-backdrop>
<div id="modal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
<div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" onclick="modal.setInvisible()"></div>
<div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" onclick="modal.setInvisible()"></div>
<div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" id="modal_light"></div>
<div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" id="modal_dark"></div>
<div id="drawer"
class="fixed bg-white dark:bg-surface-black rounded-[20px] p-10 w-11/12 sm:max-w-[660px] top-1/2 left-1/2 -translate-x-1/2 -translate-y-1/2">
@ -26,12 +26,12 @@
<div class="w-full sm:static mt-auto">
<div class="flex justify-end flex-col-reverse sm:flex-row gap-4">
<agov-button
id="recovery_check_code"
class="block"
data-style="secondary"
data-label="$text.get("general.cancel")"
data-type="button"
data-fullwidth="true"
onclick="modal.setInvisible()">
data-fullwidth="true">
</agov-button>
<a href="$text.get("general.help.link")" target="_blank" rel="noopener noreferrer">
<agov-button
@ -80,6 +80,7 @@
accept-charset="UTF-8"
class="flex flex-col flex-auto block ">
<agov-input
id="recovery_code_input"
class="mb-4 py-16"
data-label="$text.get("recovery_check_code.enterRecoveryCode")"
data-isLabelHidden="true"
@ -89,10 +90,6 @@
data-value=""
data-type="text"
data-autofocus="true"
oninput="validateCode.onInputCodeAndroid(event)"
onkeyup="validateCode.onKeyUp(event)"
onkeydown="validateCode.onInputCode(event)"
onpaste="validateCode.paste(event)"
data-email_invalid="$text.get("recovery_check_code.invalid.code")"
data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")"
data-email_required="$text.get("recovery_check_code.invalid.code.required")">
@ -101,17 +98,18 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col flex-row-reverse gap-4">
<agov-button
id="recovery_code_btn"
class="block basis-full"
data-name="confirm"
data-value="confirm"
data-id="confirm"
data-label="$text.get("general.confirm")"
data-type="submit"
data-fullwidth="true"
onclick="validateCode.validateForm(event)">
data-fullwidth="true">
</agov-button>
<agov-button
id="recovery_code_btn_cancel"
class="block basis-full"
data-style="frameless"
data-name="cancelFido2"
@ -120,8 +118,7 @@
data-label="$text.get("recovery_check_code.noAccess")"
data-type="button"
data-fullwidth="true"
data-validate="false"
onclick="modal.setVisible()">
data-validate="false">
</agov-button>
</div>
</div>

17
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_code.vm
View File

@ -1,7 +1,7 @@
#parse("${templatePath}/header.vm")
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
#set ($PDFRecoveryTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','').replaceAll(
'^(https:\/\/[^\/]+\/).*$', '$1')))
'^(https:\/\/[^\/]+\/).*$', '$1')))
#set ($concat = "recovery/pdf?authToken=")
#set ($PDFLink = "$PDFRecoveryTarget$concat$gui.getGuiElem('pdfAuthToken').value")
@ -15,19 +15,19 @@
<div class="flex mb-6 items-baseline">
<h3 class="font-header text-h3 text-space-blue dark:text-white mr-3">$text.get("general.login")</h3>
<h4 class="font-header text-h4 text-disabled-grey dark:text-silver">$text.get(
"recovery_code.newRecoveryCode")</h4>
"recovery_code.newRecoveryCode")</h4>
</div>
<div id="codeNotSeen"
class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4 hidden">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("recovery_code.banner.error")
$text.get("recovery_code.banner.error")
</p>
</div>
<p class="font-body text-body-l text-space-blue dark:text-white mb-2">
$text.get("recovery_code.instruction")
$text.get("recovery_code.instruction")
</p>
<div class="flex justify-between items-center relative mb-4 py-4 pr-4 pl-8 rounded-xl bg-indigo-light dark:bg-purple-black">
@ -35,7 +35,7 @@
<div>
<p class="font-header text-h5 text-space-blue dark:text-white">$gui.getGuiElem('isiwebpasswd').value</p>
<p class="font-body text-body-m text-space-blue dark:text-white">
$text.get("recovery_code.validUntil")
$text.get("recovery_code.validUntil")
$gui.getGuiElem('validTil').value
</p>
@ -56,8 +56,7 @@
data-style="secondary"
data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>Reveal code"
data-type="button"
data-fullwidth="true"
onclick="blurCode.unBlurCode()">
data-fullwidth="true">
</agov-button>
<a class="mb-20" target="_blank" href="$PDFLink">
<agov-button
@ -77,14 +76,14 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col flex-row-reverse gap-4">
<agov-button
id="recovery_code_continue"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true"
onclick="blurCode.continue(event)">
data-fullwidth="true">
</agov-button>
</div>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_fidokey_auth.vm
View File

@ -61,7 +61,7 @@
<div class="mt-auto mb-6 sm:mb-0">
<agov-button
onclick="fido.authenticate()"
id="recovery_fido"
data-type="button"
data-label="$text.get("recovery_fidokey_auth.button")"
data-fullwidth="true"

80
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_intro_email.vm
View File

@ -32,6 +32,14 @@
</div>
#end
<div id="captchaNotFilled"
class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("error_9909")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8"
@ -60,42 +68,52 @@
$text.get("recovery_intro_email.process")
</p>
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body text-body-l mb-4">
<div class="flex mt-8">
<script>
function onSolution() {
document.getElementById("submit").disabled = false;
}
</script>
<div class="frc-captcha"
id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value"
data-start="auto"
data-lang="$login.language"
data-callback="onSolution"
data-solution-field-name="captcha_response">
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body w-full text-body-l mb-4">
<div class="flex mt-8">
<div class="frc-captcha"
id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value"
data-start="auto"
data-lang="$login.language"
data-solution-field-name="captcha_response">
</div>
</div>
</div>
</div>
#end ## if
#end ## if
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col sm:flex-row-reverse gap-4">
<agov-button
disabled="true"
class="block basis-full"
data-name="continue"
data-value="continue"
data-id="continue"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<agov-button
id="submit_btn_captcha_enabled"
disabled="true"
class="block basis-full"
data-name="continue"
data-value="continue"
data-id="submit"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#else
<agov-button
id="submit_btn_captcha_disabled"
class="block basis-full"
data-name="continue"
data-value="continue"
data-id="submit"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#end ## if
<agov-button
class="block basis-full"
data-style="secondary"

10
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_loginfactor.vm
View File

@ -11,18 +11,18 @@
</div>
<p class="font-body text-body-l text-space-blue dark:text-white mb-8">
$text.get("recovery_questionnaire_loginfactor.question")
$text.get("recovery_questionnaire_loginfactor.question")
</p>
<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4 hidden"
id="errorBanner">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("recovery_questionnaire_loginfactor.banner.error")
$text.get("recovery_questionnaire_loginfactor.banner.error")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8"
class="flex flex-col flex-auto block ">
@ -42,11 +42,11 @@
<div id="buttons" class="w-full sm:static mt-auto mb-6 sm:mb-0 mt-24 sm:mt-24">
<div class="flex sm:flex-row-reverse flex-col gap-2">
<agov-button
id="questionnaire_continue_btn"
class="block basis-full"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true"
onclick="setErrorBanner(validateAnswer.validateFormYesOrNo(event))">
data-fullwidth="true">
</agov-button>
<agov-button
class="block basis-full"

52
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/recovery_questionnaire_reason_selection.vm
View File

@ -11,60 +11,60 @@
</div>
<p class="font-body text-body-l text-space-blue dark:text-white mb-8">
$text.get("recovery_questionnaire_reason_selection.instruction")
$text.get("recovery_questionnaire_reason_selection.instruction")
</p>
<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4 hidden"
id="errorBanner">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("recovery_questionnaire_reason_selection.banner.error")
$text.get("recovery_questionnaire_reason_selection.banner.error")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="answersForm" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8"
class="flex flex-col flex-auto block ">
#set ($previousAnswer = $gui.getGuiElem("question"))
#if ($previousAnswer.value == "yes")
#set ($answers = ["answer7", "answer8", "answer9", "answer10"])
#elseif ($previousAnswer.value == "no")
#set ($answers = ["answer1", "answer2", "answer3", "answer4", "answer5", "answer6"])
#else
#set ($answers = [])
#end
#set ($previousAnswer = $gui.getGuiElem("question"))
#if ($previousAnswer.value == "yes")
#set ($answers = ["answer7", "answer8", "answer9", "answer10"])
#elseif ($previousAnswer.value == "no")
#set ($answers = ["answer1", "answer2", "answer3", "answer4", "answer5", "answer6"])
#else
#set ($answers = [])
#end
#if ($answers.size() > 0)
#foreach ($answer in $answers)
#set ($isYes = "yes")
#set ($isNo = "no")
#set ($dataValue = "")
#if ($answers.size() > 0)
#foreach ($answer in $answers)
#set ($isYes = "yes")
#set ($isNo = "no")
#set ($dataValue = "")
#if ($answer == "answer2" || $answer == "answer3" || $answer ==
"answer4" || $answer == "answer5" || $answer == "answer6" || $answer == "answer8")
#set ($dataValue = $isYes)
#elseif ($answer == "answer1" || $answer == "answer7" || $answer == "answer9" || $answer == "answer10")
#set ($dataValue = $isNo)
#end
#if ($answer == "answer2" || $answer == "answer3" || $answer ==
"answer4" || $answer == "answer5" || $answer == "answer6" || $answer == "answer8")
#set ($dataValue = $isYes)
#elseif ($answer == "answer1" || $answer == "answer7" || $answer == "answer9" || $answer == "answer10")
#set ($dataValue = $isNo)
#end
<agov-radio-button data-text="$text.get("recovery_questionnaire_reason_selection.$answer")"
data-value="$dataValue"
data-id="$answer"
data-name="continue"
data-groupName="button-answers">
</agov-radio-button>
#end
#end
#end
#end
<div class="w-full sm:static mt-8 mb-6 sm:mb-0 ">
<div class="flex sm:flex-row-reverse flex-col gap-2">
<agov-button
id="questionnaire_continue_btn_reason"
class="block basis-full"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true"
onclick="setErrorBanner(validateAnswer.validateForm(event))">
data-fullwidth="true">
</agov-button>
<agov-button

79
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/user_input.vm
View File

@ -15,6 +15,14 @@
<h4 class="font-header text-h4 text-disabled-grey dark:text-silver">$text.get("general.securityKey")</h4>
</div>
<div id="captchaNotFilled"
class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("error_9909")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8"
@ -39,42 +47,51 @@
data-email_required="$text.get("user_input.invalid.email.required")">
</agov-input>
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body text-body-l mb-4">
<div class="flex mt-8">
<script>
function onSolution() {
document.getElementById("submit").disabled = false;
}
</script>
<div class="frc-captcha"
id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value"
data-start="auto"
data-lang="$login.language"
data-callback="onSolution"
data-solution-field-name="captcha_response">
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="w-full font-body text-body-l mb-4">
<div class="flex mt-8">
<div class="frc-captcha"
id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value"
data-start="auto"
data-lang="$login.language"
data-solution-field-name="captcha_response">
</div>
</div>
</div>
</div>
#end ## if
#end ## if
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col sm:flex-row-reverse gap-4">
<agov-button
disabled="true"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.login")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<agov-button
id="submit_btn_captcha_enabled"
disabled="true"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.login")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#else
<agov-button
id="submit_btn_captcha_disabled"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.login")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#end ## if
<agov-button
class="block basis-full"
data-style="secondary"

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/bundle.js
View File

File diff suppressed because one or more lines are too long

5
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/mauth_usernameless.js Normal file
View File

@ -0,0 +1,5 @@
document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initQRCode'));
document.dispatchEvent(new Event('initDrawer'));
document.dispatchEvent(new Event('initCantonalBranding'));
});

6
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_questionnaire_loginfactor.js
View File

@ -1,9 +1,3 @@
document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initAnswer'));
});
// eslint-disable-next-line no-unused-vars
function setErrorBanner(value) {
document.getElementById('errorBanner').style.display = value ? 'none' : 'flex';
document.getElementById('buttons').style.marginTop = value ? '16px' : '8px';
}

6
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/js-code/recovery_questionnaire_reason_selection.js
View File

@ -1,9 +1,3 @@
document.addEventListener('DOMContentLoaded', function() {
document.dispatchEvent(new Event('initAnswer'));
});
// eslint-disable-next-line no-unused-vars
function setErrorBanner(value) {
document.getElementById('errorBanner').style.display = value ? 'none' : 'flex';
console.log(document.getElementById('errorBanner').style.display);
}

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/tailwind.css
View File

File diff suppressed because one or more lines are too long

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/fido2_auth.vm
View File

@ -83,7 +83,7 @@
</div>
<div class="mt-auto mb-6 sm:mb-0">
<agov-button
onclick="fido.authenticate()"
id="fido_authenticate"
data-type="button"
data-label="$text.get("general.continue")"
data-fullwidth="true"

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm
View File

@ -3,7 +3,7 @@
$text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div>
<p>1.6.0.local-20240821T091044Z-haburger: Wed Aug 21 12:02:18 CEST 2024</p>
<p>1.6.8.13-20240919T195132Z</p>
</footer>
<script src="${login.appDataPath}/static/bundle.js"></script>
</body>

13
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/mauth_usernameless.vm
View File

@ -49,6 +49,8 @@
<div id="agovLoginImage"
class="relative md:max-w-[520px] max-w-[350px] sm:max-w-[300px] mb-10 w-full mx-auto hidden md:block">
<div class="hidden flex items-center p-2 bg-white dark:bg-black rounded-xl w-16 h-16 absolute left-[calc(39%-32px)] top-8"
id="logoDoor"></div>
<img alt="" src="${login.appDataPath}/static/images/login.svg"
class="hidden md:block dark:hidden w-full">
<img alt="" src="${login.appDataPath}/static/images/login-dark.svg"
@ -362,13 +364,10 @@
</form>
</div>
<script>
document.addEventListener('DOMContentLoaded', function () {
document.dispatchEvent(new Event('initQRCode'));
document.dispatchEvent(new Event('initDrawer'));
document.dispatchEvent(new Event('initCantonalBranding'));
cantonalBranding.getLogo("$gui.getGuiElem('agov.appSamlRpEntityId').value", "$login.language");
});
<script src="${login.appDataPath}/static/js-code/mauth_usernameless.js" defer>
</script>
<div id="appSamlRpEntityId" class="hidden" data-value="$gui.getGuiElem('agov.appSamlRpEntityId').value"
data-language="$login.language">
</div>
#parse("${templatePath}/footer.vm")

21
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_check_code.vm
View File

@ -2,8 +2,8 @@
<agov-backdrop></agov-backdrop>
<div id="modal" class="fixed top-0 bottom-0 left-0 right-0 pb-20 z-50 hidden">
<div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" onclick="modal.setInvisible()"></div>
<div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" onclick="modal.setInvisible()"></div>
<div class="fixed top-0 bottom-0 left-0 right-0 backdrop-blur-[10px]" id="modal_light"></div>
<div class="fixed top-0 bottom-0 left-0 right-0 bg-[#E2E2E2E5]/80 dark:bg-[#111111]/90" id="modal_dark"></div>
<div id="drawer"
class="fixed bg-white dark:bg-surface-black rounded-[20px] p-10 w-11/12 sm:max-w-[660px] top-1/2 left-1/2 -translate-x-1/2 -translate-y-1/2">
@ -26,12 +26,12 @@
<div class="w-full sm:static mt-auto">
<div class="flex justify-end flex-col-reverse sm:flex-row gap-4">
<agov-button
id="recovery_check_code"
class="block"
data-style="secondary"
data-label="$text.get("general.cancel")"
data-type="button"
data-fullwidth="true"
onclick="modal.setInvisible()">
data-fullwidth="true">
</agov-button>
<a href="$text.get("general.help.link")" target="_blank" rel="noopener noreferrer">
<agov-button
@ -80,6 +80,7 @@
accept-charset="UTF-8"
class="flex flex-col flex-auto block ">
<agov-input
id="recovery_code_input"
class="mb-4 py-16"
data-label="$text.get("recovery_check_code.enterRecoveryCode")"
data-isLabelHidden="true"
@ -89,10 +90,6 @@
data-value=""
data-type="text"
data-autofocus="true"
oninput="validateCode.onInputCodeAndroid(event)"
onkeyup="validateCode.onKeyUp(event)"
onkeydown="validateCode.onInputCode(event)"
onpaste="validateCode.paste(event)"
data-email_invalid="$text.get("recovery_check_code.invalid.code")"
data-email_too_long="$text.get("recovery_check_code.invalid.code.tooLong")"
data-email_required="$text.get("recovery_check_code.invalid.code.required")">
@ -101,17 +98,18 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col flex-row-reverse gap-4">
<agov-button
id="recovery_code_btn"
class="block basis-full"
data-name="confirm"
data-value="confirm"
data-id="confirm"
data-label="$text.get("general.confirm")"
data-type="submit"
data-fullwidth="true"
onclick="validateCode.validateForm(event)">
data-fullwidth="true">
</agov-button>
<agov-button
id="recovery_code_btn_cancel"
class="block basis-full"
data-style="frameless"
data-name="cancelFido2"
@ -120,8 +118,7 @@
data-label="$text.get("recovery_check_code.noAccess")"
data-type="button"
data-fullwidth="true"
data-validate="false"
onclick="modal.setVisible()">
data-validate="false">
</agov-button>
</div>
</div>

17
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_code.vm
View File

@ -1,7 +1,7 @@
#parse("${templatePath}/header.vm")
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
#set ($PDFRecoveryTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','').replaceAll(
'^(https:\/\/[^\/]+\/).*$', '$1')))
'^(https:\/\/[^\/]+\/).*$', '$1')))
#set ($concat = "recovery/pdf?authToken=")
#set ($PDFLink = "$PDFRecoveryTarget$concat$gui.getGuiElem('pdfAuthToken').value")
@ -15,19 +15,19 @@
<div class="flex mb-6 items-baseline">
<h3 class="font-header text-h3 text-space-blue dark:text-white mr-3">$text.get("general.login")</h3>
<h4 class="font-header text-h4 text-disabled-grey dark:text-silver">$text.get(
"recovery_code.newRecoveryCode")</h4>
"recovery_code.newRecoveryCode")</h4>
</div>
<div id="codeNotSeen"
class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4 hidden">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("recovery_code.banner.error")
$text.get("recovery_code.banner.error")
</p>
</div>
<p class="font-body text-body-l text-space-blue dark:text-white mb-2">
$text.get("recovery_code.instruction")
$text.get("recovery_code.instruction")
</p>
<div class="flex justify-between items-center relative mb-4 py-4 pr-4 pl-8 rounded-xl bg-indigo-light dark:bg-purple-black">
@ -35,7 +35,7 @@
<div>
<p class="font-header text-h5 text-space-blue dark:text-white">$gui.getGuiElem('isiwebpasswd').value</p>
<p class="font-body text-body-m text-space-blue dark:text-white">
$text.get("recovery_code.validUntil")
$text.get("recovery_code.validUntil")
$gui.getGuiElem('validTil').value
</p>
@ -56,8 +56,7 @@
data-style="secondary"
data-label="<i class='fa-regular fa-eye align-middle text-xl text-indigo dark:text-lilac mr-2'></i>Reveal code"
data-type="button"
data-fullwidth="true"
onclick="blurCode.unBlurCode()">
data-fullwidth="true">
</agov-button>
<a class="mb-20" target="_blank" href="$PDFLink">
<agov-button
@ -77,14 +76,14 @@
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col flex-row-reverse gap-4">
<agov-button
id="recovery_code_continue"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true"
onclick="blurCode.continue(event)">
data-fullwidth="true">
</agov-button>
</div>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_fidokey_auth.vm
View File

@ -61,7 +61,7 @@
<div class="mt-auto mb-6 sm:mb-0">
<agov-button
onclick="fido.authenticate()"
id="recovery_fido"
data-type="button"
data-label="$text.get("recovery_fidokey_auth.button")"
data-fullwidth="true"

80
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_intro_email.vm
View File

@ -32,6 +32,14 @@
</div>
#end
<div id="captchaNotFilled"
class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("error_9909")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8"
@ -60,42 +68,52 @@
$text.get("recovery_intro_email.process")
</p>
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body text-body-l mb-4">
<div class="flex mt-8">
<script>
function onSolution() {
document.getElementById("submit").disabled = false;
}
</script>
<div class="frc-captcha"
id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value"
data-start="auto"
data-lang="$login.language"
data-callback="onSolution"
data-solution-field-name="captcha_response">
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body w-full text-body-l mb-4">
<div class="flex mt-8">
<div class="frc-captcha"
id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value"
data-start="auto"
data-lang="$login.language"
data-solution-field-name="captcha_response">
</div>
</div>
</div>
</div>
#end ## if
#end ## if
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col sm:flex-row-reverse gap-4">
<agov-button
disabled="true"
class="block basis-full"
data-name="continue"
data-value="continue"
data-id="continue"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<agov-button
id="submit_btn_captcha_enabled"
disabled="true"
class="block basis-full"
data-name="continue"
data-value="continue"
data-id="submit"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#else
<agov-button
id="submit_btn_captcha_disabled"
class="block basis-full"
data-name="continue"
data-value="continue"
data-id="submit"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#end ## if
<agov-button
class="block basis-full"
data-style="secondary"

10
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_loginfactor.vm
View File

@ -11,18 +11,18 @@
</div>
<p class="font-body text-body-l text-space-blue dark:text-white mb-8">
$text.get("recovery_questionnaire_loginfactor.question")
$text.get("recovery_questionnaire_loginfactor.question")
</p>
<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4 hidden"
id="errorBanner">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("recovery_questionnaire_loginfactor.banner.error")
$text.get("recovery_questionnaire_loginfactor.banner.error")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8"
class="flex flex-col flex-auto block ">
@ -42,11 +42,11 @@
<div id="buttons" class="w-full sm:static mt-auto mb-6 sm:mb-0 mt-24 sm:mt-24">
<div class="flex sm:flex-row-reverse flex-col gap-2">
<agov-button
id="questionnaire_continue_btn"
class="block basis-full"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true"
onclick="setErrorBanner(validateAnswer.validateFormYesOrNo(event))">
data-fullwidth="true">
</agov-button>
<agov-button
class="block basis-full"

52
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/recovery_questionnaire_reason_selection.vm
View File

@ -11,60 +11,60 @@
</div>
<p class="font-body text-body-l text-space-blue dark:text-white mb-8">
$text.get("recovery_questionnaire_reason_selection.instruction")
$text.get("recovery_questionnaire_reason_selection.instruction")
</p>
<div class="error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4 hidden"
id="errorBanner">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("recovery_questionnaire_reason_selection.banner.error")
$text.get("recovery_questionnaire_reason_selection.banner.error")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="answersForm" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8"
class="flex flex-col flex-auto block ">
#set ($previousAnswer = $gui.getGuiElem("question"))
#if ($previousAnswer.value == "yes")
#set ($answers = ["answer7", "answer8", "answer9", "answer10"])
#elseif ($previousAnswer.value == "no")
#set ($answers = ["answer1", "answer2", "answer3", "answer4", "answer5", "answer6"])
#else
#set ($answers = [])
#end
#set ($previousAnswer = $gui.getGuiElem("question"))
#if ($previousAnswer.value == "yes")
#set ($answers = ["answer7", "answer8", "answer9", "answer10"])
#elseif ($previousAnswer.value == "no")
#set ($answers = ["answer1", "answer2", "answer3", "answer4", "answer5", "answer6"])
#else
#set ($answers = [])
#end
#if ($answers.size() > 0)
#foreach ($answer in $answers)
#set ($isYes = "yes")
#set ($isNo = "no")
#set ($dataValue = "")
#if ($answers.size() > 0)
#foreach ($answer in $answers)
#set ($isYes = "yes")
#set ($isNo = "no")
#set ($dataValue = "")
#if ($answer == "answer2" || $answer == "answer3" || $answer ==
"answer4" || $answer == "answer5" || $answer == "answer6" || $answer == "answer8")
#set ($dataValue = $isYes)
#elseif ($answer == "answer1" || $answer == "answer7" || $answer == "answer9" || $answer == "answer10")
#set ($dataValue = $isNo)
#end
#if ($answer == "answer2" || $answer == "answer3" || $answer ==
"answer4" || $answer == "answer5" || $answer == "answer6" || $answer == "answer8")
#set ($dataValue = $isYes)
#elseif ($answer == "answer1" || $answer == "answer7" || $answer == "answer9" || $answer == "answer10")
#set ($dataValue = $isNo)
#end
<agov-radio-button data-text="$text.get("recovery_questionnaire_reason_selection.$answer")"
data-value="$dataValue"
data-id="$answer"
data-name="continue"
data-groupName="button-answers">
</agov-radio-button>
#end
#end
#end
#end
<div class="w-full sm:static mt-8 mb-6 sm:mb-0 ">
<div class="flex sm:flex-row-reverse flex-col gap-2">
<agov-button
id="questionnaire_continue_btn_reason"
class="block basis-full"
data-label="$text.get("general.continue")"
data-type="submit"
data-fullwidth="true"
onclick="setErrorBanner(validateAnswer.validateForm(event))">
data-fullwidth="true">
</agov-button>
<agov-button

79
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/user_input.vm
View File

@ -15,6 +15,14 @@
<h4 class="font-header text-h4 text-disabled-grey dark:text-silver">$text.get("general.securityKey")</h4>
</div>
<div id="captchaNotFilled"
class="hidden error flex rounded-xl bg-error-background dark:bg-dark-error-background items-center p-4 mb-4">
<i class="fa-regular fa-exclamation-circle rounded-full p-3 text-error dark:text-dark-error bg-error/10 dark:bg-dark-error-icon mr-4 text-xl leading-none"></i>
<p class="font-body text-body-l text-space-blue dark:text-white">
$text.get("error_9909")
</p>
</div>
#set ($formTarget = $utils.escapeHtmlAttribute($gui.target.replaceAll('&?language=[^&]*','')))
<form id="$gui.name" name="$gui.name" method="POST" target="_self" action="$formTarget" autocomplete="off"
accept-charset="UTF-8"
@ -39,42 +47,51 @@
data-email_required="$text.get("user_input.invalid.email.required")">
</agov-input>
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="font-body text-body-l mb-4">
<div class="flex mt-8">
<script>
function onSolution() {
document.getElementById("submit").disabled = false;
}
</script>
<div class="frc-captcha"
id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value"
data-start="auto"
data-lang="$login.language"
data-callback="onSolution"
data-solution-field-name="captcha_response">
#set ($siteKey = $gui.getGuiElem("friendlyCaptchaSettings.siteKey"))
#set ($puzzleUrl = $gui.getGuiElem("friendlyCaptchaSettings.puzzleUrl"))
#set ($captchaEnabled = $gui.getGuiElem("captchaSettings.enabled"))
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<div class="w-full font-body text-body-l mb-4">
<div class="flex mt-8">
<div class="frc-captcha"
id="frc-captcha"
data-puzzle-endpoint="$puzzleUrl.value"
data-sitekey="$siteKey.value"
data-start="auto"
data-lang="$login.language"
data-solution-field-name="captcha_response">
</div>
</div>
</div>
</div>
#end ## if
#end ## if
<div class="w-full sm:static mt-auto mb-6 sm:mb-0">
<div class="flex flex-col sm:flex-row-reverse gap-4">
<agov-button
disabled="true"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.login")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#if ($captchaEnabled.value && $captchaEnabled.value == "true")
<agov-button
id="submit_btn_captcha_enabled"
disabled="true"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.login")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#else
<agov-button
id="submit_btn_captcha_disabled"
class="block basis-full"
data-name="submit"
data-value="submit"
data-id="submit"
data-label="$text.get("general.login")"
data-type="submit"
data-fullwidth="true">
</agov-button>
#end ## if
<agov-button
class="block basis-full"
data-style="secondary"

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-be4d7b3836489983642da8c01294cab133468c44"
tag: "r-7c3dca6bb9792f14907f6128a654a963518cbcca"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials"
keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -704,7 +704,7 @@
<init-param>
<param-name>DelegateToFrontend</param-name>
<param-value>
Content-Security-Policy-Report-Only:default-src 'none'; script-src 'self' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'unsafe-inline'; script-src-elem https://www.google.com https://www.gstatic.com 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-VVRbrI9TGfTX6IQoysg2+krJFUO9Ckt6G7Gcs1q2dgM=' 'sha256-6FA//NVJWFgnJwirzDKHC42MZIXYrIxtNaKCahX3DLg=' 'sha256-3whVsWq2brmbgJQdoqbeJgW+43c+XyGdWbKl7sqG3YQ=' 'sha256-3whVsWq2brmbgJQdoqbeJgW+43c+XyGdWbKl7sqG3YQ=' 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'sha256-Q5DmyIIE+GwAh03yBzctDxvuwMTX0uUUUP5UU3yFoF0=' 'sha256-Q5DmyIIE+GwAh03yBzctDxvuwMTX0uUUUP5UU3yFoF0=' 'sha256-JnkgaYe2Kqj0SvIYv1vTPV72Rnsp5aU6c015YNij5Ks=' 'sha256-jRcpQ00xp7HFefM8uuubCrmPgr9Q/zMqq+Be8IyLXyM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-MdFWcEIx4V82/ap9SUt01BxZMN4eFGEl8hNDFEGIzJU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ifPclQYYwRDXSPQgB9/6UgAgEICBpwegJBWNhOI8dOA=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-2diQqrANllVP9IWjXj1A6fjjvlPtpN6NXlmTiRJneCU=' 'sha256-Q5DmyIIE+GwAh03yBzctDxvuwMTX0uUUUP5UU3yFoF0=' 'sha256-Q5DmyIIE+GwAh03yBzctDxvuwMTX0uUUUP5UU3yFoF0=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE=' 'unsafe-hashes' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-src https://www.google.com
Content-Security-Policy-Report-Only:default-src 'none'; script-src 'wasm-unsafe-eval' 'self' 'sha256-4r4l/2aahtvPIxQP0YmmqfftYXNwNqxxqOUaXVE0FjM=' 'sha256-3sconOU5uxdS6tVa5DhEli3N+/aY9IvYh873WqDptD0=' 'sha256-N3+RfLbnlpBc0lUnNy4soyLbX0tNDqQt5LPzkEsYOHo=' 'sha256-uOoE0nq21NJDv37YLUOxV9aCnNstJ0GK7BiXNMXQAcI='; worker-src blob:; child-src blob:; connect-src 'self' https://api.friendlycaptcha.com/api/v1/puzzle; img-src 'self'; style-src 'self' 'sha256-/yxYnm5QjS5hz1/KbfNQ/Deyfb9rK1xZefYJGNT9UmU=' 'sha256-2diQqrANllVP9IWjXj1A6fjjvlPtpN6NXlmTiRJneCU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-DHdp+1g/LIFDKreGcezYZywjzyvqUEbmjv4fv+nEQeE=' 'sha256-DtJ0G5eArSV7tvvFUUeV7iyiWfBGflIkRW64/tmMWUk=' 'sha256-JhfXJ5URuB/EAqhZ9vqgEO6trOuCE0w2/ChmfrVzxFo=' 'sha256-MdFWcEIx4V82/ap9SUt01BxZMN4eFGEl8hNDFEGIzJU=' 'sha256-dnsMWK7eeuHUJm/wLL2CXCibJJV0lnUxjpqlu5fcUsg=' 'sha256-iKyiqXXi2KXxNcOUCr+VCUo09ipHFWuIkztLNvUXhd0=' 'sha256-ifPclQYYwRDXSPQgB9/6UgAgEICBpwegJBWNhOI8dOA='; form-action 'self' https://trustbroker.agov-d.azure.adnovum.net/adfs/ls https://me.agov-d.azure.adnovum.net/registration/api/login/saml2/sso/agovidpdirect https://me.agov-d.azure.adnovum.net/account/api/login/saml2/sso/agovidpdirect; font-src 'self';
Cross-Origin-Embedder-Policy:require-corp
Cross-Origin-Opener-Policy:same-origin
Cross-Origin-Resource-Policy:same-site

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/static/bundle.js
View File

File diff suppressed because one or more lines are too long

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/static/tailwind.css
View File

File diff suppressed because one or more lines are too long