Pinacola RC1

patterns/3a982aa242ff4f8ebd823693_script/countries_security_filter.lua

@@ -1,42 +1,50 @@
 package.path = package.path .. ";/opt/nevisproxy/webapp/WEB-INF/lib/lua/Utils.lua"
 local Utils = require "Utils"
 
+validLanguages = {}
+validLanguages["DE"]=true
+validLanguages["FR"]=true
+validLanguages["IT"]=true
+validLanguages["EN"]=true
+validLanguages["RS"]=true
+
 function inputHeader(req, resp)
   local trace = req:getTracer()
 
   local queryParams = Utils.getQueryParameters(req)
-  local path = req:getRequestPath()
+  local pathInfo = req:getPathInfo()
 
-  -- only allow calls to the countries service
-  if path == nil then
-    trace:error("path is nil")
-  end 
-
-  if path ~= nil and path ~= '/resource/utility/api/v1/countries' then
-    trace:info("utility service called with invalid path " .. path)
+  -- only allow calls to the countries service ('api/v1/countries')
+  if pathInfo ~= 'api/v1/countries' then
+    trace:info("utility service called with invalid path " .. pathInfo)
     resp:send(404)
     return
   end
 
-  -- only alloq one query-parameter 'lang' with the values DE, FR, IT, EN, RS
+  -- only allow one query-parameter 'lang' with the values DE, FR, IT, EN, RS
   for param, values in pairs(queryParams) do
     if (param ~= 'lang') then
       trace:info("utility service called with invalid query param " .. param)
       resp:send(404)
       return
     end
-    if Helpers.tableLength(values) ~= 1 then
-      trace:info("utility service called with invalid value for query param " .. param)
+    local count = 0
+    if values ~= nil then
+      for i, value in pairs(values) do
+        count = count + 1
+        local lang = string.upper(value)
+        if not validLanguages[lang] then
+          trace:info("utility service called with invalid value for query param " .. param .. "=" .. value)
+          resp:send(404)
+          return
+        end
+      end
+    end 
+    if count ~= 1 then
+      trace:info("utility service called with invalid values for query param " .. param)
       resp:send(404)
       return
     end
-    for i, value in pairs(values) do
-      local lang = string.upper(value)
-      if not ('DE' == lang or 'FR' == lang or 'IT' == lang or 'EN' == lang or 'RS' == lang) then
-        trace:info("utility service called with invalid value for query param " .. param .. "=" .. value)
-        resp:send(404)
-        return
-      end
-    end
   end
+
 end

patterns/584964c837512845d7940809_authStatesFile/recovery-preprocessing.xml

@@ -207,7 +207,7 @@
 	<ResultCond name="disabled" next="${state.entry}_IdmUserIdPasswordLogin"/>
 	<Response value="AUTH_CONTINUE">
 		<Gui name="recovery_check_code">
-			<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="#{ notes.containsKey('lasterror') ? (notes.getProperty('lasterror') == '3' ? 'check' : 'locked' ): '' }"/>
+			<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="#{ notes.containsKey('lasterror') ? ((notes.getProperty('lasterror') == '1' or notes.getProperty('lasterror') == '3') ? 'check' : 'locked' ): '' }"/>
 			<GuiElem name="code" type="pw-text" label="not-used" value="hide-input-in-logs" optional="true"/>
 			<GuiElem name="no_code" type="checkbox" label="not-used" value="true" optional="true"/>
 			<GuiElem name="authRequestId" type="hidden" value="${sess:ch.nevis.auth.saml.request.id}" optional="true"/>

patterns/DefaulErrorPages_ecf4381f4653b0aa9a69b417.yml

@@ -17,6 +17,8 @@ pattern:
       \         <param-value>true</param-value>\n     </init-param>\n     <init-param>\n\
       \         <param-name>PlaceHolders</param-name>\n         <param-value>\n  \
       \           TransferIdHolder:TRANSFER_ID\n             TimestampHolder:TIMESTAMP\n\
-      \         </param-value>\n     </init-param>\n</filter>"
-    filterMappings: "automatic"
+      \         </param-value>\n     </init-param>\n</filter>\n\n<filter-mapping>\n\
+      \   <filter-name>DefaultErrorFilter</filter-name>\n   <url-pattern>/*</url-pattern>\n\
+      \   <exclude-url-regex>^/resource/utility/.*$</exclude-url-regex>\n</filter-mapping>\n"
+    filterMappings: "manual"
     phase: "START"

patterns/Utility_Resource_Service_eaa622e2a760704c1e0e22f2.yml

@@ -3,6 +3,7 @@ pattern:
   id: "eaa622e2a760704c1e0e22f2"
   className: "ch.nevis.admin.v4.plugin.nevisproxy.patterns.RESTServiceAccess"
   name: "Utility_Resource_Service"
+  notes: "NOTE/haburger/2024-12-18: The frontend path is excluded in the pattern DefaulErrorPages"
   properties:
     host:
     - "pattern://1f0702aaabef60a615abf41f"