From 9b5354828a96bb79e9d02b13178d1e9fd48efdfb Mon Sep 17 00:00:00 2001
From: haburger <haburger>
Date: Mon, 20 Jan 2025 16:37:18 +0000
Subject: [PATCH] new configuration version

---
 ...8s-nevisauth-7022472ae407577ae604bbb8.yaml |  2 +-
 .../default/conf/askMobileNumber.groovy       | 17 +++---
 .../opt/nevisauth/default/conf/esauth4.xml    | 57 ++++++++++---------
 .../conf/questionnaireReasonProcessing.groovy | 24 ++++++++
 4 files changed, 64 insertions(+), 36 deletions(-)
 create mode 100644 DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy

diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
index be9c862..6671a53 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
@@ -45,7 +45,7 @@ spec:
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-24292622fad61c5e578f00b8d705ad832cb0c75e"
+    tag: "r-20a60efb7465c08b914996cdae59dd87fd1052d1"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy
index 53213f5..92cb940 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy
@@ -60,16 +60,19 @@ if (!inargs['submit'] && (!inargs['mobile'] || !inargs['mobile'].isEmpty()) && i
     return
 }
 
-if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip'] && inargs['skip'] == 'true') {
+if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip']) {
     // no mobile, and user wants to skip it
 
-    LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+    LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', Persistent='${ inargs['skip'] == 'persistent' ? true : false }'")
     
-    // persistent cookie for 30d;
-    def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
-    // setHeader doesn't support multiple headers with the same name, so we use
-    // a different one, and rewrite it in the proxy with Lua
-    response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
+    if (inargs['skip'] == 'persistent') {
+        // persistent cookie for 30d;
+        def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
+        // setHeader doesn't support multiple headers with the same name, so we use
+        // a different one, and rewrite it in the proxy with Lua
+        response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
+    }
+
     response.setResult('done')
     return
 }
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
index cb9f146..434e6ce 100644
--- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/esauth4.xml
@@ -1807,13 +1807,13 @@
                 </Gui>
             </Response>
         </AuthState>
-        <AuthState name="Auth_Realm_Recovery_Recovery_Auth_reasonSelection" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
+        <AuthState name="Auth_Realm_Recovery_Recovery_Auth_reasonSelection" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="true" resumeState="true">
             <!-- source: pattern://584964c837512845d7940809 -->
             <ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
             <!-- source: pattern://584964c837512845d7940809 -->
             <ResultCond name="invalidReasons" next="Auth_Realm_Recovery_Recovery_Auth_noRecovery"/>
             <!-- source: pattern://584964c837512845d7940809 -->
-            <ResultCond name="validReasons" next="Auth_Realm_Recovery_Recovery_Auth_saveReason"/>
+            <ResultCond name="validReasons" next="Auth_Realm_Recovery_Recovery_Auth_instructions"/>
             <!-- source: pattern://584964c837512845d7940809 -->
             <Response value="AUTH_CONTINUE">
                 <!-- source: pattern://584964c837512845d7940809 -->
@@ -1833,11 +1833,7 @@
                 </Gui>
             </Response>
             <!-- source: pattern://584964c837512845d7940809 -->
-            <property name="condition:cancel" value="${inargs:cancel}==cancel"/>
-            <!-- source: pattern://584964c837512845d7940809 -->
-            <property name="condition:validReasons" value="${inargs:continue}==yes"/>
-            <!-- source: pattern://584964c837512845d7940809 -->
-            <property name="condition:invalidReasons" value="${inargs:continue}==no"/>
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy"/>
         </AuthState>
         <AuthState name="Auth_Realm_Recovery_Recovery_verifyEmail" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="false">
             <!-- source: pattern://0327ca909dfcaf2d332da104 -->
@@ -1906,7 +1902,7 @@
         </AuthState>
         <AuthState name="Auth_Realm_Recovery_Recovery_Auth_noRecovery" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
             <!-- source: pattern://584964c837512845d7940809 -->
-            <ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_handleCode"/>
+            <ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_logReason"/>
             <!-- source: pattern://584964c837512845d7940809 -->
             <Response value="AUTH_CONTINUE">
                 <!-- source: pattern://584964c837512845d7940809 -->
@@ -1922,13 +1918,29 @@
             <!-- source: pattern://584964c837512845d7940809 -->
             <property name="condition:cancel" value="${inargs:cancel}==cancel"/>
         </AuthState>
-        <AuthState name="Auth_Realm_Recovery_Recovery_Auth_saveReason" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="false">
+        <AuthState name="Auth_Realm_Recovery_Recovery_Auth_instructions" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
             <!-- source: pattern://584964c837512845d7940809 -->
-            <ResultCond name="default" next="Auth_Realm_Recovery_Recovery_Auth_instructions"/>
+            <ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
             <!-- source: pattern://584964c837512845d7940809 -->
-            <Response value="AUTH_CONTINUE"/>
+            <ResultCond name="continue" next="Auth_Realm_Recovery_Recovery_Auth_enterEmail"/>
             <!-- source: pattern://584964c837512845d7940809 -->
-            <property name="sess:agov.recovery.reason" value="${inargs:reason}"/>
+            <Response value="AUTH_CONTINUE">
+                <!-- source: pattern://584964c837512845d7940809 -->
+                <Gui name="recovery_questionnaire_instructions">
+                    <!-- source: pattern://584964c837512845d7940809 -->
+                    <GuiElem name="intro" type="info" label="recovery.intro.message"/>
+                    <!-- source: pattern://584964c837512845d7940809 -->
+                    <GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
+                    <!-- source: pattern://584964c837512845d7940809 -->
+                    <GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
+                    <!-- source: pattern://584964c837512845d7940809 -->
+                    <GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
+                </Gui>
+            </Response>
+            <!-- source: pattern://584964c837512845d7940809 -->
+            <property name="condition:cancel" value="${inargs:cancel}==cancel"/>
+            <!-- source: pattern://584964c837512845d7940809 -->
+            <property name="condition:continue" value="${inargs:continue}==continue"/>
         </AuthState>
         <AuthState name="Auth_Realm_Recovery_Recovery_sendEmail031" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
             <!-- source: pattern://9f443ce76f9522dfae4c3aa0 -->
@@ -2018,29 +2030,18 @@
             <!-- source: pattern://584964c837512845d7940809 -->
             <property name="detaillevel.credential" value="HIGH"/>
         </AuthState>
-        <AuthState name="Auth_Realm_Recovery_Recovery_Auth_instructions" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="true" resumeState="true">
+        <AuthState name="Auth_Realm_Recovery_Recovery_Auth_logReason" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="false">
             <!-- source: pattern://584964c837512845d7940809 -->
-            <ResultCond name="cancel" next="Auth_Realm_Recovery_Recovery_Auth_loginFactorQuestion"/>
-            <!-- source: pattern://584964c837512845d7940809 -->
-            <ResultCond name="continue" next="Auth_Realm_Recovery_Recovery_Auth_enterEmail"/>
+            <ResultCond name="ok" next="Auth_Realm_Recovery_Recovery_handleCode"/>
             <!-- source: pattern://584964c837512845d7940809 -->
             <Response value="AUTH_CONTINUE">
                 <!-- source: pattern://584964c837512845d7940809 -->
-                <Gui name="recovery_questionnaire_instructions">
-                    <!-- source: pattern://584964c837512845d7940809 -->
-                    <GuiElem name="intro" type="info" label="recovery.intro.message"/>
-                    <!-- source: pattern://584964c837512845d7940809 -->
-                    <GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>
-                    <!-- source: pattern://584964c837512845d7940809 -->
-                    <GuiElem name="cancel" type="submit" label="cancel.button.label" value="cancel"/>
-                    <!-- source: pattern://584964c837512845d7940809 -->
-                    <GuiElem name="submit" type="submit" label="submit.button.label" value="submit"/>
-                </Gui>
+                <Gui name="not_used"/>
             </Response>
             <!-- source: pattern://584964c837512845d7940809 -->
-            <property name="condition:cancel" value="${inargs:cancel}==cancel"/>
+            <property name="scriptTraceGroup" value="AGOV-ACCT"/>
             <!-- source: pattern://584964c837512845d7940809 -->
-            <property name="condition:continue" value="${inargs:continue}==continue"/>
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/logRecoveryReason.groovy"/>
         </AuthState>
         <AuthState name="Auth_Realm_Recovery_Auth_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false">
             <!-- source: pattern://473f9d6b4ab9d61c1eb8c689 -->
diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy
new file mode 100644
index 0000000..bd2b86e
--- /dev/null
+++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy
@@ -0,0 +1,24 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if (inargs['reason']) {
+  response.setSessionAttribute('agov.recovery.reason', '' + inargs['reason'])
+}
+
+if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
+  response.setResult('cancel')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'yes') {
+  response.setResult('validReasons')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'no') {
+  response.setResult('invalidReasons')
+  return
+}
+
+// if we reach this, display the GUI again
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return
\ No newline at end of file