From f30679ccae33e5b08c31a9705eae4bf67612d3de Mon Sep 17 00:00:00 2001 From: dtuchs Date: Fri, 17 Nov 2023 19:53:41 +0600 Subject: [PATCH 1/2] Fix bug on staging & prod - redirect to http /login form --- docker-compose.mock.yml | 2 +- docker-compose.test.yml | 2 +- docker-compose.yml | 2 +- niffler-auth/build.gradle | 2 +- .../config/NifflerAuthServiceConfig.java | 36 ++++++++++++++++--- 5 files changed, 35 insertions(+), 9 deletions(-) diff --git a/docker-compose.mock.yml b/docker-compose.mock.yml index 7e2c380d0..d9fc08652 100644 --- a/docker-compose.mock.yml +++ b/docker-compose.mock.yml @@ -11,7 +11,7 @@ services: volumes: - ./postgres:/docker-entrypoint-initdb.d healthcheck: - test: [ "CMD", "pg_isready" ] + test: [ "CMD", "pg_isready", "-U", "postgres", "-d", "postgres" ] interval: 3s timeout: 3s retries: 5 diff --git a/docker-compose.test.yml b/docker-compose.test.yml index e3dd8bb3d..6efdee629 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -11,7 +11,7 @@ services: volumes: - ./postgres:/docker-entrypoint-initdb.d healthcheck: - test: [ "CMD", "pg_isready" ] + test: [ "CMD", "pg_isready", "-U", "postgres", "-d", "postgres" ] interval: 3s timeout: 3s retries: 5 diff --git a/docker-compose.yml b/docker-compose.yml index dffa392c3..865629dd7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,7 @@ services: volumes: - ./postgres:/docker-entrypoint-initdb.d healthcheck: - test: [ "CMD", "pg_isready" ] + test: [ "CMD", "pg_isready", "-U", "postgres", "-d", "postgres" ] interval: 3s timeout: 3s retries: 5 diff --git a/niffler-auth/build.gradle b/niffler-auth/build.gradle index 0589813e2..e6a74fe32 100644 --- a/niffler-auth/build.gradle +++ b/niffler-auth/build.gradle @@ -6,7 +6,7 @@ plugins { } group = 'guru.qa' -version = '1.1.0' +version = '1.1.1' dependencies { implementation 'org.springframework.boot:spring-boot-starter-security' diff --git a/niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java b/niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java index ce714289a..472f1031b 100644 --- a/niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java +++ b/niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java @@ -9,8 +9,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.core.Ordered; -import org.springframework.core.annotation.Order; +import org.springframework.context.annotation.Profile; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.crypto.factory.PasswordEncoderFactories; @@ -27,11 +26,14 @@ import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; +import org.springframework.security.web.PortMapperImpl; +import org.springframework.security.web.PortResolverImpl; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; import java.security.NoSuchAlgorithmException; import java.time.Duration; +import java.util.Map; import java.util.UUID; @Configuration @@ -43,6 +45,8 @@ public class NifflerAuthServiceConfig { private final String clientId; private final String clientSecret; private final CorsCustomizer corsCustomizer; + private final String serverPort; + private final String defaultHttpsPort = "443"; @Autowired public NifflerAuthServiceConfig(KeyManager keyManager, @@ -50,29 +54,51 @@ public NifflerAuthServiceConfig(KeyManager keyManager, @Value("${niffler-auth.base-uri}") String nifflerAuthUri, @Value("${oauth2.client-id}") String clientId, @Value("${oauth2.client-secret}") String clientSecret, + @Value("${server.port}") String serverPort, CorsCustomizer corsCustomizer) { this.keyManager = keyManager; this.nifflerFrontUri = nifflerFrontUri; this.nifflerAuthUri = nifflerAuthUri; this.clientId = clientId; this.clientSecret = clientSecret; + this.serverPort = serverPort; this.corsCustomizer = corsCustomizer; } @Bean - @Order(Ordered.HIGHEST_PRECEDENCE) - public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception { + public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http, + LoginUrlAuthenticationEntryPoint entryPoint) throws Exception { OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http); http.getConfigurer(OAuth2AuthorizationServerConfigurer.class) .oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0 - http.exceptionHandling(exceptions -> exceptions.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))) + http.exceptionHandling(customizer -> customizer.authenticationEntryPoint(entryPoint)) .oauth2ResourceServer(rs -> rs.jwt(Customizer.withDefaults())); corsCustomizer.corsCustomizer(http); return http.build(); } + @Bean + @Profile({"staging", "prod"}) + public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPointHttps() { + LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login"); + PortMapperImpl portMapper = new PortMapperImpl(); + portMapper.setPortMappings(Map.of(serverPort, defaultHttpsPort)); + PortResolverImpl portResolver = new PortResolverImpl(); + portResolver.setPortMapper(portMapper); + entryPoint.setForceHttps(true); + entryPoint.setPortMapper(portMapper); + entryPoint.setPortResolver(portResolver); + return entryPoint; + } + + @Bean + @Profile({"local", "docker"}) + public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPointHttp() { + return new LoginUrlAuthenticationEntryPoint("/login"); + } + @Bean public RegisteredClientRepository registeredClientRepository() { RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString()) From eccf492effdd29b421b39fa173505e8b29bd931e Mon Sep 17 00:00:00 2001 From: dtuchs Date: Fri, 17 Nov 2023 21:06:30 +0600 Subject: [PATCH 2/2] Fix bug on staging & prod - redirect to http /login form --- niffler-auth/build.gradle | 2 +- .../guru/qa/niffler/config/NifflerAuthServiceConfig.java | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/niffler-auth/build.gradle b/niffler-auth/build.gradle index e6a74fe32..5c5b6e613 100644 --- a/niffler-auth/build.gradle +++ b/niffler-auth/build.gradle @@ -6,7 +6,7 @@ plugins { } group = 'guru.qa' -version = '1.1.1' +version = '1.1.2' dependencies { implementation 'org.springframework.boot:spring-boot-starter-security' diff --git a/niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java b/niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java index 472f1031b..49cd32123 100644 --- a/niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java +++ b/niffler-auth/src/main/java/guru/qa/niffler/config/NifflerAuthServiceConfig.java @@ -84,7 +84,11 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPointHttps() { LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login"); PortMapperImpl portMapper = new PortMapperImpl(); - portMapper.setPortMappings(Map.of(serverPort, defaultHttpsPort)); + portMapper.setPortMappings(Map.of( + serverPort, defaultHttpsPort, + "80", defaultHttpsPort, + "8080", "8443" + )); PortResolverImpl portResolver = new PortResolverImpl(); portResolver.setPortMapper(portMapper); entryPoint.setForceHttps(true);