feat(server, ui): Fix PR

chutney/packaging/local-dev/src/main/resources/application-sso-auth.yml

@@ -9,7 +9,7 @@ spring:
             client-id: my-client
             client-secret: my-client-secret
             authorization-grant-type: authorization_code
-            redirect-uri: "https://localhost:4200/login/oauth2/code/{registrationId}"
+            redirect-uri: "https://${server.http.interface}:${server.port}/login/oauth2/code/{registrationId}"
             scope: openid, profile, email
             client-name: My Provider
         provider:

chutney/packaging/local-dev/src/main/resources/application.yml

@@ -55,7 +55,6 @@ spring:
       - ldap
       - mem-auth
       - db-sqlite
-      - sso-auth
 
 chutney:
   configuration-folder: .chutney/conf

chutney/server/pom.xml

@@ -86,10 +86,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-oauth2-client</artifactId>

chutney/server/src/main/java/com/chutneytesting/security/AbstractChutneyWebSecurityConfig.java

@@ -0,0 +1,102 @@
+/*
+ * SPDX-FileCopyrightText: 2017-2024 Enedis
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ */
+
+package com.chutneytesting.security;
+
+import com.chutneytesting.admin.api.InfoController;
+import com.chutneytesting.security.api.SsoOpenIdConnectController;
+import com.chutneytesting.security.api.UserController;
+import com.chutneytesting.security.api.UserDto;
+import com.chutneytesting.security.domain.SsoOpenIdConnectConfigService;
+import com.chutneytesting.security.infra.handlers.Http401FailureHandler;
+import com.chutneytesting.security.infra.handlers.HttpEmptyLogoutSuccessHandler;
+import com.chutneytesting.security.infra.handlers.HttpLoginSuccessHandler;
+import com.chutneytesting.security.infra.sso.SsoOpenIdConnectConfigProperties;
+import com.chutneytesting.server.core.domain.security.Authorization;
+import com.chutneytesting.server.core.domain.security.User;
+import java.util.ArrayList;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpStatus;
+import org.springframework.lang.Nullable;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
+
+public abstract class AbstractChutneyWebSecurityConfig {
+
+    protected static final String LOGIN_URL = UserController.BASE_URL + "/login";
+    protected static final String LOGOUT_URL = UserController.BASE_URL + "/logout";
+    protected static final String API_BASE_URL_PATTERN = "/api/**";
+
+    @Bean
+    public SsoOpenIdConnectConfigService ssoOpenIdConnectConfigService(@Nullable SsoOpenIdConnectConfigProperties ssoOpenIdConnectConfigProperties) {
+        return new SsoOpenIdConnectConfigService(ssoOpenIdConnectConfigProperties);
+    }
+
+    @Value("${management.endpoints.web.base-path:/actuator}")
+    protected String actuatorBaseUrl;
+
+    @Value("${server.ssl.enabled:true}")
+    private Boolean sslEnabled;
+
+    protected HttpSecurity configureHttp(final HttpSecurity http) throws Exception {
+        configureBaseHttpSecurity(http);
+        UserDto anonymous = anonymous();
+        http
+            .anonymous(anonymousConfigurer -> anonymousConfigurer
+                .principal(anonymous)
+                .authorities(new ArrayList<>(anonymous.getAuthorities())))
+            .authorizeHttpRequests(httpRequest -> {
+                HandlerMappingIntrospector introspector = new HandlerMappingIntrospector();
+                httpRequest
+                    .requestMatchers(new MvcRequestMatcher(introspector, LOGIN_URL)).permitAll()
+                    .requestMatchers(new MvcRequestMatcher(introspector, LOGOUT_URL)).permitAll()
+                    .requestMatchers(new MvcRequestMatcher(introspector, InfoController.BASE_URL + "/**")).permitAll()
+                    .requestMatchers(new MvcRequestMatcher(introspector, SsoOpenIdConnectController.BASE_URL + "/**")).permitAll()
+                    .requestMatchers(new MvcRequestMatcher(introspector, API_BASE_URL_PATTERN)).authenticated()
+                    .requestMatchers(new MvcRequestMatcher(introspector, actuatorBaseUrl + "/**")).hasAuthority(Authorization.ADMIN_ACCESS.name())
+                    .anyRequest().permitAll();
+            })
+            .httpBasic(Customizer.withDefaults());
+        return http;
+    }
+
+    protected void configureBaseHttpSecurity(final HttpSecurity http) throws Exception {
+        http
+            .csrf(AbstractHttpConfigurer::disable)
+            .exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
+            .requiresChannel(this.requireChannel(sslEnabled))
+            .formLogin(httpSecurityFormLoginConfigurer -> httpSecurityFormLoginConfigurer
+                .loginProcessingUrl(LOGIN_URL)
+                .successHandler(new HttpLoginSuccessHandler())
+                .failureHandler(new Http401FailureHandler()))
+            .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer
+                .logoutUrl(LOGOUT_URL)
+                .logoutSuccessHandler(new HttpEmptyLogoutSuccessHandler()));
+    }
+
+    protected UserDto anonymous() {
+        UserDto anonymous = new UserDto();
+        anonymous.setId(User.ANONYMOUS.id);
+        anonymous.setName(User.ANONYMOUS.id);
+        anonymous.grantAuthority("ANONYMOUS");
+        return anonymous;
+    }
+
+    private Customizer<ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry> requireChannel(Boolean sslEnabled) {
+        if (sslEnabled) {
+            return channelRequestMatcherRegistry -> channelRequestMatcherRegistry.anyRequest().requiresSecure();
+        } else {
+            return channelRequestMatcherRegistry -> channelRequestMatcherRegistry.anyRequest().requiresInsecure();
+        }
+    }
+}

chutney/server/src/main/java/com/chutneytesting/security/ChutneyWebSecurityConfig.java

@@ -7,119 +7,33 @@
 
 package com.chutneytesting.security;
 
-
-import com.chutneytesting.admin.api.InfoController;
-import com.chutneytesting.security.api.SsoOpenIdConnectController;
-import com.chutneytesting.security.api.UserController;
-import com.chutneytesting.security.api.UserDto;
 import com.chutneytesting.security.domain.AuthenticationService;
 import com.chutneytesting.security.domain.Authorizations;
-import com.chutneytesting.security.infra.handlers.Http401FailureHandler;
-import com.chutneytesting.security.infra.handlers.HttpEmptyLogoutSuccessHandler;
-import com.chutneytesting.security.infra.handlers.HttpLoginSuccessHandler;
-import com.chutneytesting.security.infra.sso.SsoOpenIdConnectConfig;
-import com.chutneytesting.server.core.domain.security.Authorization;
-import com.chutneytesting.server.core.domain.security.User;
-import java.util.ArrayList;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.core.annotation.Order;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
-import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.authentication.HttpStatusEntryPoint;
-import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
-import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
 @Configuration
 @EnableWebSecurity
 @EnableMethodSecurity
 @Profile("!sso-auth")
-public class ChutneyWebSecurityConfig {
-
-    public static final String LOGIN_URL = UserController.BASE_URL + "/login";
-    public static final String LOGOUT_URL = UserController.BASE_URL + "/logout";
-    public static final String API_BASE_URL_PATTERN = "/api/**";
-
-    @Value("${management.endpoints.web.base-path:/actuator}")
-    public static String ACTUATOR_BASE_URL;
-
-    @Value("${server.ssl.enabled:true}")
-    Boolean sslEnabled;
+public class ChutneyWebSecurityConfig extends AbstractChutneyWebSecurityConfig {
 
     @Bean
     public AuthenticationService authenticationService(Authorizations authorizations) {
         return new AuthenticationService(authorizations);
     }
 
-    @Bean
-    @ConditionalOnMissingBean
-    public SsoOpenIdConnectConfig emptySsoOpenIdConnectConfig() {
-        return new SsoOpenIdConnectConfig();
-    }
-
-
     @Bean
     @Order()
     @ConditionalOnMissingBean(value = SecurityFilterChain.class)
     public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
-        configureBaseHttpSecurity(http, sslEnabled);
-        UserDto anonymous = anonymous();
-        http
-            .anonymous(anonymousConfigurer -> anonymousConfigurer
-                .principal(anonymous)
-                .authorities(new ArrayList<>(anonymous.getAuthorities())))
-            .authorizeHttpRequests(httpRequest -> {
-                HandlerMappingIntrospector introspector = new HandlerMappingIntrospector();
-                httpRequest
-                    .requestMatchers(new MvcRequestMatcher(introspector, LOGIN_URL)).permitAll()
-                    .requestMatchers(new MvcRequestMatcher(introspector, LOGOUT_URL)).permitAll()
-                    .requestMatchers(new MvcRequestMatcher(introspector, InfoController.BASE_URL + "/**")).permitAll()
-                    .requestMatchers(new MvcRequestMatcher(introspector, SsoOpenIdConnectController.BASE_URL)).permitAll()
-                    .requestMatchers(new MvcRequestMatcher(introspector, SsoOpenIdConnectController.BASE_URL + "/**")).permitAll()
-                    .requestMatchers(new MvcRequestMatcher(introspector, API_BASE_URL_PATTERN)).authenticated()
-                    .requestMatchers(new MvcRequestMatcher(introspector, ACTUATOR_BASE_URL + "/**")).hasAuthority(Authorization.ADMIN_ACCESS.name())
-                    .anyRequest().permitAll();
-            })
-            .httpBasic(Customizer.withDefaults());
-        return http.build();
-    }
-
-    public void configureBaseHttpSecurity(final HttpSecurity http, Boolean sslEnabled) throws Exception {
-        http
-            .csrf(AbstractHttpConfigurer::disable)
-            .exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
-            .requiresChannel(this.requireChannel(sslEnabled))
-            .formLogin(httpSecurityFormLoginConfigurer -> httpSecurityFormLoginConfigurer
-                .loginProcessingUrl(LOGIN_URL)
-                .successHandler(new HttpLoginSuccessHandler())
-                .failureHandler(new Http401FailureHandler()))
-            .logout(httpSecurityLogoutConfigurer -> httpSecurityLogoutConfigurer
-                .logoutUrl(LOGOUT_URL)
-                .logoutSuccessHandler(new HttpEmptyLogoutSuccessHandler()));
-    }
-
-    public UserDto anonymous() {
-        UserDto anonymous = new UserDto();
-        anonymous.setId(User.ANONYMOUS.id);
-        anonymous.setName(User.ANONYMOUS.id);
-        anonymous.grantAuthority("ANONYMOUS");
-        return anonymous;
-    }
-
-    private Customizer<ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry> requireChannel(Boolean sslEnabled) {
-        if (sslEnabled) {
-            return channelRequestMatcherRegistry -> channelRequestMatcherRegistry.anyRequest().requiresSecure();
-        } else {
-            return channelRequestMatcherRegistry -> channelRequestMatcherRegistry.anyRequest().requiresInsecure();
-        }
+        return configureHttp(http).build();
     }
 }

chutney/server/src/main/java/com/chutneytesting/security/api/SsoOpenIdConnectConfigDto.java

@@ -0,0 +1,30 @@
+/*
+ * SPDX-FileCopyrightText: 2017-2024 Enedis
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ */
+
+package com.chutneytesting.security.api;
+
+public class SsoOpenIdConnectConfigDto {
+    public final String issuer;
+    public final String clientId;
+    public final String clientSecret;
+    public final String responseType;
+    public final String scope;
+    public final String redirectBaseUrl;
+    public final String ssoProviderName;
+    public final Boolean oidc;
+
+    public SsoOpenIdConnectConfigDto(String issuer, String clientId, String clientSecret, String responseType, String scope, String redirectBaseUrl, String ssoProviderName, Boolean oidc) {
+        this.issuer = issuer;
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
+        this.responseType = responseType;
+        this.scope = scope;
+        this.redirectBaseUrl = redirectBaseUrl;
+        this.ssoProviderName = ssoProviderName;
+        this.oidc = oidc;
+    }
+}

chutney/server/src/main/java/com/chutneytesting/security/api/SsoOpenIdConnectController.java

@@ -7,7 +7,9 @@
 
 package com.chutneytesting.security.api;
 
-import com.chutneytesting.security.infra.sso.SsoOpenIdConnectConfig;
+import static com.chutneytesting.security.api.SsoOpenIdConnectMapper.toDto;
+
+import com.chutneytesting.security.domain.SsoOpenIdConnectConfigService;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -21,14 +23,17 @@ public class SsoOpenIdConnectController {
 
     public static final String BASE_URL = "/api/v1/sso";
 
-    private final SsoOpenIdConnectConfig ssoOpenIdConnectConfig;
+    private final SsoOpenIdConnectConfigService ssoOpenIdConnectConfigService;
 
-    SsoOpenIdConnectController(SsoOpenIdConnectConfig ssoOpenIdConnectConfig) {
-        this.ssoOpenIdConnectConfig = ssoOpenIdConnectConfig;
+    SsoOpenIdConnectController(SsoOpenIdConnectConfigService ssoOpenIdConnectConfigService) {
+        this.ssoOpenIdConnectConfigService = ssoOpenIdConnectConfigService;
     }
 
     @GetMapping(path = "/config", produces = MediaType.APPLICATION_JSON_VALUE)
-    public SsoOpenIdConnectConfig getLastCampaignExecution() {
-        return ssoOpenIdConnectConfig;
+    public SsoOpenIdConnectConfigDto getSsoOpenIdConnectConfig() {
+        if (ssoOpenIdConnectConfigService == null) {
+            return null;
+        }
+        return toDto(ssoOpenIdConnectConfigService.getSsoOpenIdConnectConfig());
     }
 }

chutney/server/src/main/java/com/chutneytesting/security/api/SsoOpenIdConnectMapper.java

@@ -0,0 +1,26 @@
+/*
+ * SPDX-FileCopyrightText: 2017-2024 Enedis
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ */
+
+package com.chutneytesting.security.api;
+
+public class SsoOpenIdConnectMapper {
+    public static SsoOpenIdConnectConfigDto toDto(com.chutneytesting.security.domain.SsoOpenIdConnectConfig ssoOpenIdConnectConfig) {
+        if (ssoOpenIdConnectConfig == null) {
+            return null;
+        }
+        return new SsoOpenIdConnectConfigDto(
+            ssoOpenIdConnectConfig.issuer,
+            ssoOpenIdConnectConfig.clientId,
+            ssoOpenIdConnectConfig.clientSecret,
+            ssoOpenIdConnectConfig.responseType,
+            ssoOpenIdConnectConfig.scope,
+            ssoOpenIdConnectConfig.redirectBaseUrl,
+            ssoOpenIdConnectConfig.ssoProviderName,
+            ssoOpenIdConnectConfig.oidc
+        );
+    }
+}

chutney/server/src/main/java/com/chutneytesting/security/infra/sso/SsoOpenIdConnectConfig.java → chutney/server/src/main/java/com/chutneytesting/security/domain/SsoOpenIdConnectConfig.java

@@ -5,10 +5,9 @@
  *
  */
 
-package com.chutneytesting.security.infra.sso;
+package com.chutneytesting.security.domain;
 
 public class SsoOpenIdConnectConfig {
-
     public final String issuer;
     public final String clientId;
     public final String clientSecret;
@@ -18,17 +17,6 @@ public class SsoOpenIdConnectConfig {
     public final String ssoProviderName;
     public final Boolean oidc;
 
-    public SsoOpenIdConnectConfig() {
-        this.issuer = null;
-        this.clientId = null;
-        this.clientSecret = null;
-        this.responseType = null;
-        this.scope = null;
-        this.redirectBaseUrl = null;
-        this.ssoProviderName = null;
-        this.oidc = null;
-    }
-
     public SsoOpenIdConnectConfig(String issuer, String clientId, String clientSecret, String responseType, String scope, String redirectBaseUrl, String ssoProviderName, Boolean oidc) {
         this.issuer = issuer;
         this.clientId = clientId;