From d89c7d3559e5f4f2b4fb5eba303287132545619d Mon Sep 17 00:00:00 2001 From: haburger Date: Wed, 27 Nov 2024 16:24:57 +0000 Subject: [PATCH] new configuration version --- ...8s-nevisauth-7022472ae407577ae604bbb8.yaml | 2 +- .../default/conf/askMobileNumber.groovy | 48 ++++++++++++++++++- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml index 17900a4..fd6d132 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml @@ -45,7 +45,7 @@ spec: podDisruptionBudget: maxUnavailable: "50%" git: - tag: "r-fabddcc580ca40da55be2c2defaa0717bf85a07b" + tag: "r-293582b8db6b8e69dbbec5cb425601effe4cebc0" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" credentials: "git-credentials" keystores: diff --git a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy index 8bc319d..e1f0b5d 100644 --- a/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy +++ b/DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy @@ -6,6 +6,15 @@ import ch.nevis.idm.client.HTTPRequestWrapper import groovy.json.JsonSlurper import groovy.xml.XmlSlurper +def getHeader(String name) { + def inctx = request.getLoginContext() + // case-insensitive lookup of HTTP headers + def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER) + map.putAll(inctx) + return map['connection.HttpHeader.' + name] +} + + // Accounting def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown' def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown' @@ -28,7 +37,44 @@ if (mobile) { response.setResult('done') return } -if (inargs['submit'] && inargs['mobile']) { + +if (!inargs['submit'] && (!inargs['mobile'] || !inargs['mobile'].isEmpty()) && inargs['language'] && inargs['language'] != session['ch.nevis.session.user.language']) { + // language switch, nothing else to do, just display again the GUI + response.setStatus(AuthResponse.AUTH_CONTINUE) + return +} + +// TODO/haburger/2024-11-24: check/adapt value of skip checkbox +if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip'] && inargs['skip'] == 'true') { + // no mobile, and user wants to skip it + + LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'") + + + def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=86400; SameSite=Strict; Secure; HttpOnly" + response.setHeader('Set-Cookie', agovSkipAskingMobileCookie) + response.setResult('done') + return +} + +def agovSkipAskingMobileCookie = 'missing' + +if (getHeader('cookie') != null) { + def cookies = getHeader('cookie') + if (cookies.matches('^.*agovSkipAskingMobile=([^;]+).*$')) { + agovSkipAskingMobileCookie = cookies.replaceAll('^.*agovSkipAskingMobile=([^;]+).*$', '$1') + } + } +} +if (agovSkipAskingMobileCookie == 'true') { + // Don't aske the user again... + LOG.info("Event='SKIPPEDMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'") + response.setResult('done') + return +} + + +if (inargs['submit'] && inargs['mobile'] && !inargs['mobile'].isEmpty()) { String result def patchBdy = "{\"contacts\":{\"mobile\":\"${inargs['mobile']?.trim()}\"},\"modificationComment\":\"added mobile number from user during request ${requestId}\"}"