Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apply fixes from patches to identity components #13390

Merged
merged 8 commits into from
Mar 4, 2024
11 changes: 11 additions & 0 deletions modules/distribution/product/src/main/assembly/bin.xml
Original file line number Diff line number Diff line change
Expand Up @@ -712,6 +712,17 @@
<include>client-registration#v0.17.war</include>
</includes>
</fileSet>
<fileSet>
<directory>
../../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps
</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
</outputDirectory>
<includes>
<include>api#identity#auth#v1.1.war</include>
</includes>
</fileSet>



<!-- Copy sample calculator api webapp-->
Expand Down
43 changes: 42 additions & 1 deletion modules/distribution/product/src/main/extensions/basicauth.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@
~ under the License.
--%>

<%@ page import="org.apache.cxf.jaxrs.client.Client" %>
<%@ page import="org.apache.cxf.configuration.jsse.TLSClientParameters" %>
<%@ page import="org.apache.cxf.transport.http.HTTPConduit" %>
<%@ page import="org.apache.cxf.jaxrs.client.JAXRSClientFactory" %>
<%@ page import="org.apache.cxf.jaxrs.provider.json.JSONProvider" %>
<%@ page import="org.apache.cxf.jaxrs.client.WebClient" %>
Expand Down Expand Up @@ -47,6 +50,12 @@
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApplicationDataRetrievalClientException" %>
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClient" %>
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClientException" %>
<%@ page import="org.wso2.carbon.utils.CustomHostNameVerifier" %>
<%@ page import="javax.net.ssl.HostnameVerifier" %>
<%@ page import="static org.wso2.carbon.CarbonConstants.ALLOW_ALL" %>
<%@ page import="static org.wso2.carbon.CarbonConstants.DEFAULT_AND_LOCALHOST" %>
<%@ page import="static org.wso2.carbon.CarbonConstants.HOST_NAME_VERIFIER" %>
<%@ page import="org.apache.http.conn.ssl.AllowAllHostnameVerifier" %>

<jsp:directive.include file="includes/init-loginform-action-url.jsp"/>
<jsp:directive.include file="plugins/basicauth-extensions.jsp"/>
Expand Down Expand Up @@ -206,6 +215,32 @@

SelfUserRegistrationResource selfUserRegistrationResource = JAXRSClientFactory
.create(url, SelfUserRegistrationResource.class, providers);

Client client = WebClient.client(selfUserRegistrationResource);
HTTPConduit conduit = WebClient.getConfig(client).getHttpConduit();
TLSClientParameters tlsParams = conduit.getTlsClientParameters();
if (tlsParams == null) {
tlsParams = new TLSClientParameters();
}
HostnameVerifier allowAllHostnameVerifier = new AllowAllHostnameVerifier();
if (EndpointConfigManager.isHostnameVerificationEnabled()) {
if (DEFAULT_AND_LOCALHOST.equals(System.getProperty(HOST_NAME_VERIFIER))) {
/*
* If hostname verifier is set to DefaultAndLocalhost, allow following domains in addition to the
* hostname:
* ["::1", "127.0.0.1", "localhost", "localhost.localdomain"]
*/
tlsParams.setHostnameVerifier(new CustomHostNameVerifier());
} else if (ALLOW_ALL.equals(System.getProperty(HOST_NAME_VERIFIER))) {
// If hostname verifier is set to AllowAll, disable hostname verification.
tlsParams.setHostnameVerifier(allowAllHostnameVerifier);
}
} else {
// Disable hostname verification
tlsParams.setHostnameVerifier(allowAllHostnameVerifier);
}
conduit.setTlsClientParameters(tlsParams);

WebClient.client(selfUserRegistrationResource).header("Authorization", header);
Response selfRegistrationResponse = selfUserRegistrationResource.regenerateCode(selfRegistrationRequest);
if (selfRegistrationResponse != null && selfRegistrationResponse.getStatus() == HttpStatus.SC_CREATED) {
Expand Down Expand Up @@ -233,7 +268,13 @@
}
%>

<% if (Boolean.parseBoolean(loginFailed)) { %>
<% if (StringUtils.equals(request.getParameter("errorCode"), IdentityCoreConstants.USER_ACCOUNT_LOCKED_ERROR_CODE) &&
StringUtils.equals(request.getParameter("remainingAttempts"), "0") ) { %>
<div class="ui visible negative message" id="error-msg" data-testid="login-page-error-message">
<%=AuthenticationEndpointUtil.i18n(resourceBundle, "error.user.account.locked.incorrect.login.attempts")%>
</div>
<% } else if (Boolean.parseBoolean(loginFailed) &&
!errorCode.equals(IdentityCoreConstants.USER_ACCOUNT_NOT_CONFIRMED_ERROR_CODE)) { %>
<div class="ui visible negative message" id="error-msg" data-testid="login-page-error-message">
<%= AuthenticationEndpointUtil.i18n(resourceBundle, errorMessage) %>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@

<%
String tenant = request.getParameter("tenantDomain");
if (tenant == null) {
tenant = request.getParameter("TenantDomain");
}
if (tenant == null) {
String cb = request.getParameter("callback");
cb = StringUtils.replace(cb, " ", "");
Expand All @@ -39,7 +42,7 @@
String decodedValue = uri.getQuery();
String[] params = decodedValue.split("&");
for (String param : params) {
if (param.startsWith("tenantDomain=")) {
if (param.startsWith("tenantDomain=") || param.startsWith("TenantDomain=")) {
String[] keyVal = param.split("=");
tenant = keyVal[1];
}
Expand Down
22 changes: 0 additions & 22 deletions modules/distribution/product/src/main/extensions/login.jsp
Original file line number Diff line number Diff line change
Expand Up @@ -142,28 +142,6 @@
String username = null;
String usernameIdentifier = null;

if (isIdentifierFirstLogin(inputType)) {
String authAPIURL = application.getInitParameter(Constants.AUTHENTICATION_REST_ENDPOINT_URL);
if (StringUtils.isBlank(authAPIURL)) {
authAPIURL = IdentityUtil.getServerURL("/api/identity/auth/v1.1/", true, true);
}
if (!authAPIURL.endsWith("/")) {
authAPIURL += "/";
}
authAPIURL += "context/" + request.getParameter("sessionDataKey");
String contextProperties = AuthContextAPIClient.getContextProperties(authAPIURL);
Gson gson = new Gson();
Map<String, Object> parameters = gson.fromJson(contextProperties, Map.class);
if (parameters != null) {
username = (String) parameters.get("username");
usernameIdentifier = (String) parameters.get("username");
} else {
String redirectURL = "error.do";
response.sendRedirect(redirectURL);
return;
}
}

// Login context request url.
String sessionDataKey = request.getParameter("sessionDataKey");
String appName = request.getParameter("sp");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
~ under the License.
--%>

<%-- page content -->
<%-- page content --%>
<div class="ui grid">
<div class="two column row"></div>
<div class="four wide computer four wide tablet column">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointConstants" %>
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementServiceUtil" %>
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointUtil" %>
<%@ page import="org.wso2.carbon.identity.recovery.IdentityRecoveryConstants" %>
<%@ page import="org.wso2.carbon.identity.base.IdentityRuntimeException" %>
<%@ page import="org.wso2.carbon.identity.recovery.util.Utils" %>
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApiException" %>
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.api.ReCaptchaApi" %>
<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.ReCaptchaProperties" %>
Expand Down Expand Up @@ -107,6 +110,22 @@
return;
}

try {
if (StringUtils.isNotBlank(callback) && !Utils.validateCallbackURL(callback, tenantDomain,
IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) {
request.setAttribute("error", true);
request.setAttribute("errorMsg", IdentityManagementEndpointUtil.i18n(recoveryResourceBundle,
"Callback.url.format.invalid"));
request.getRequestDispatcher("error.jsp").forward(request, response);
return;
}
} catch (IdentityRuntimeException e) {
request.setAttribute("error", true);
request.setAttribute("errorMsg", e.getMessage());
request.getRequestDispatcher("error.jsp").forward(request, response);
return;
}

if (StringUtils.isBlank(callback)) {
callback = IdentityManagementEndpointUtil.getUserPortalUrl(
application.getInitParameter(IdentityManagementEndpointConstants.ConfigConstants.USER_PORTAL_URL), tenantDomain);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -136,5 +136,13 @@
"broker.transport.amqp.enabled": false,
"apim.throttling.enable_policy_deployment": false
}
},
"authenticationendpoint.enable_shortened_urls": {
"false": {
"authentication.endpoint.redirect_params.filter_policy": "exclude",
"authentication.endpoint.redirect_params.parameters": [
"loggedInUser"
]
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com) All Rights Reserved.
~
~ WSO2 LLC. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>am-features</artifactId>
<groupId>org.wso2.am</groupId>
<version>4.3.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>

<artifactId>org.wso2.carbon.identity.local.auth.api.endpoint.feature</artifactId>
<packaging>pom</packaging>
<name>WSO2 Identity - Authentication REST API Endpoint Feature</name>
<description>WSO2 Identity - Authentication REST API endpoint Feature</description>

<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-project-info-reports-plugin</artifactId>
<reportSets>
<reportSet>
<configuration>
<skip>true</skip>
</configuration>
</reportSet>
</reportSets>
</plugin>
</plugins>
</reporting>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>copy</id>
<phase>package</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.wso2.carbon.identity.local.auth.api</groupId>
<artifactId>org.wso2.carbon.identity.local.auth.api.endpoint</artifactId>
<version>${org.wso2.carbon.identity.local.auth.api.version}</version>
<overWrite>true</overWrite>
<type>war</type>
<outputDirectory>${basedir}/src/main/resources/</outputDirectory>
<destFileName>api#identity#auth#v1.1.war</destFileName>
</artifactItem>
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<executions>
<execution>
<id>copy-resources</id>
<phase>generate-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>src/main/resources</outputDirectory>
<resources>
<resource>
<directory>resources</directory>
<includes>
<include>api#identity#auth#v1.1.war</include>
<include>p2.inf</include>
<include>build.properties</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>

<plugin>
<groupId>org.wso2.maven</groupId>
<artifactId>carbon-p2-plugin</artifactId>
<version>1.5.3</version>
<executions>
<execution>
<id>p2-feature-generation</id>
<phase>package</phase>
<goals>
<goal>p2-feature-gen</goal>
</goals>
<configuration>
<id>org.wso2.carbon.identity.local.auth.api.endpoint</id>
<propertiesFile>../etc/feature.properties</propertiesFile>
<adviceFile>
<properties>
<propertyDef>org.wso2.carbon.p2.category.type:server
</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:false
</propertyDef>
</properties>
</adviceFile>
<bundles>
<bundleDef>
org.wso2.carbon.identity.local.auth.api:org.wso2.carbon.identity.local.auth.api.core:${org.wso2.carbon.identity.local.auth.api.version}
</bundleDef>
</bundles>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>

<dependencies>
<dependency>
<groupId>org.wso2.carbon.identity.local.auth.api</groupId>
<artifactId>org.wso2.carbon.api.server.local.auth.api</artifactId>
<version>${org.wso2.carbon.identity.local.auth.api.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.local.auth.api</groupId>
<artifactId>org.wso2.carbon.identity.local.auth.api.core</artifactId>
<version>${org.wso2.carbon.identity.local.auth.api.version}</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.local.auth.api</groupId>
<artifactId>org.wso2.carbon.identity.local.auth.api.endpoint</artifactId>
<type>war</type>
<version>${org.wso2.carbon.identity.local.auth.api.version}</version>
</dependency>

</dependencies>

</project>
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
instructions.configure = \
org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/);\
org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/);\
org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/webapps/);\
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.identity.local.auth.api.endpoint_${feature.version}/api#identity#auth#v1.1.war,target:${installFolder}/../../deployment/server/webapps/api#identity#auth#v1.1.war,overwrite:true);\
7 changes: 7 additions & 0 deletions modules/p2-profile/product/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,9 @@
<featureArtifactDef>
org.wso2.am:org.wso2.am.security.feature:${apimserver.version}
</featureArtifactDef>
<featureArtifactDef>
org.wso2.am:org.wso2.carbon.identity.local.auth.api.endpoint.feature:${apimserver.version}
</featureArtifactDef>

<featureArtifactDef>
org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.cache.invalidation.feature:${carbon.apimgt.version}
Expand Down Expand Up @@ -1030,6 +1033,10 @@
<id>org.wso2.carbon.identity.data.publisher.application.authentication.server.feature.group</id>
<version>${carbon.identity-data-publisher-application-authentication.version}</version>
</feature>
<feature>
<id>org.wso2.carbon.identity.local.auth.api.endpoint.feature.group</id>
<version>${apimserver.version}</version>
</feature>


<feature>
Expand Down
1 change: 1 addition & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -1328,6 +1328,7 @@
<carbon.identity-data-publisher-oauth.version>1.6.10</carbon.identity-data-publisher-oauth.version>
<carbon.identity-user-ws.version>5.7.5</carbon.identity-user-ws.version>
<carbon.identity-inbound-auth-openid.version>5.9.8</carbon.identity-inbound-auth-openid.version>
<org.wso2.carbon.identity.local.auth.api.version>2.5.6</org.wso2.carbon.identity.local.auth.api.version>
<carbon.identity-local-auth-basicauth.version>6.7.32</carbon.identity-local-auth-basicauth.version>
<carbon.identity-outbound-auth-samlsso.version>5.8.11</carbon.identity-outbound-auth-samlsso.version>
<carbon.identity-metadata-saml2.version>1.7.70</carbon.identity-metadata-saml2.version>
Expand Down
Loading