nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2025-01-20 16:37:18 +00:00
parent 85b97f628c
commit 9b5354828a
4 changed files with 64 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-24292622fad61c5e578f00b8d705ad832cb0c75e"
tag: "r-20a60efb7465c08b914996cdae59dd87fd1052d1"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials"
keystores:

17
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy
View File

@ -60,16 +60,19 @@ if (!inargs['submit'] && (!inargs['mobile'] || !inargs['mobile'].isEmpty()) && i
return
}
if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip'] && inargs['skip'] == 'true') {
if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip']) {
// no mobile, and user wants to skip it
LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', Persistent='${ inargs['skip'] == 'persistent' ? true : false }'")
// persistent cookie for 30d;
def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
// setHeader doesn't support multiple headers with the same name, so we use
// a different one, and rewrite it in the proxy with Lua
response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
if (inargs['skip'] == 'persistent') {
// persistent cookie for 30d;
def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
// setHeader doesn't support multiple headers with the same name, so we use
// a different one, and rewrite it in the proxy with Lua
response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
}
response.setResult('done')
return
}

57
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -1807,13 +1807,13 @@
</Gui>
</Response>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_reasonSelection" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_reasonSelection" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="invalidReasons" next="Auth_Realm_Recovery_Recovery_Auth_noRecovery"/>
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="validReasons" next="Auth_Realm_Recovery_Recovery_Auth_saveReason"/>
<ResultCond name="validReasons" next="Auth_Realm_Recovery_Recovery_Auth_instructions"/>
<!-- source: pattern://584964c837512845d7940809 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://584964c837512845d7940809 -->
@ -1833,11 +1833,7 @@
</Gui>
</Response>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:validReasons" value="${inargs:continue}==yes"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:invalidReasons" value="${inargs:continue}==no"/>
<property name="script" value="file:///var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_verifyEmail" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
<!-- source: pattern://0327ca909dfcaf2d332da104 -->
@ -1906,7 +1902,7 @@
</AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_noRecovery" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_handleCode"/>
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_logReason"/>
<!-- source: pattern://584964c837512845d7940809 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://584964c837512845d7940809 -->
@ -1922,13 +1918,29 @@
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_saveReason" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_instructions" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="default" next="Auth_Realm_Recovery_Recovery_Auth_instructions"/>
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
<!-- source: pattern://584964c837512845d7940809 -->
<Response value="AUTH_CONTINUE"/>
<ResultCond name="continue" next="Auth_Realm_Recovery_Recovery_Auth_enterEmail"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="sess:agov.recovery.reason" value="${inargs:reason}"/>
<Response value="AUTH_CONTINUE">
<!-- source: pattern://584964c837512845d7940809 -->
<Gui name="recovery_questionnaire_instructions">
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
</Response>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:continue" value="${inargs:continue}==continue"/>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_sendEmail031" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://9f443ce76f9522dfae4c3aa0 -->
@ -2018,29 +2030,18 @@
<!-- source: pattern://584964c837512845d7940809 -->
<property name="detaillevel.credential" value="HIGH"/>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_instructions" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
<AuthState name="Auth_Realm_Recovery_Recovery_Auth_logReason" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
<!-- source: pattern://584964c837512845d7940809 -->
<ResultCond name="continue" next="Auth_Realm_Recovery_Recovery_Auth_enterEmail"/>
<ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_handleCode"/>
<!-- source: pattern://584964c837512845d7940809 -->
<Response value="AUTH_CONTINUE">
<!-- source: pattern://584964c837512845d7940809 -->
<Gui name="recovery_questionnaire_instructions">
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="intro" type="info" label="recovery.intro.message"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
<!-- source: pattern://584964c837512845d7940809 -->
<GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
</Gui>
<Gui name="not_used"/>
</Response>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:cancel" value="${inargs:cancel}==cancel"/>
<property name="scriptTraceGroup" value="AGOV-ACCT"/>
<!-- source: pattern://584964c837512845d7940809 -->
<property name="condition:continue" value="${inargs:continue}==continue"/>
<property name="script" value="file:///var/opt/nevisauth/default/conf/logRecoveryReason.groovy"/>
</AuthState>
<AuthState name="Auth_Realm_Recovery_Auth_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
<!-- source: pattern://473f9d6b4ab9d61c1eb8c689 -->

24
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy Normal file
View File

@ -0,0 +1,24 @@
import ch.nevis.esauth.auth.engine.AuthResponse
if (inargs['reason']) {
response.setSessionAttribute('agov.recovery.reason', '' + inargs['reason'])
}
if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
response.setResult('cancel')
return
}
if (inargs['continue'] && inargs['continue'] == 'yes') {
response.setResult('validReasons')
return
}
if (inargs['continue'] && inargs['continue'] == 'no') {
response.setResult('invalidReasons')
return
}
// if we reach this, display the GUI again
response.setStatus(AuthResponse.AUTH_CONTINUE)
return