Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DTS-34986 Central AuthNAuth Spring Boot upgrade #1012

Open
wants to merge 82 commits into
base: develop
Choose a base branch
from
Open

DTS-34986 Central AuthNAuth Spring Boot upgrade #1012

wants to merge 82 commits into from

Conversation

tibi-iordache
Copy link

@tibi-iordache tibi-iordache commented May 27, 2024
edited

Upgrading the Central AuthNAuth Spring Boot version to 3.2 and Java version to 17.
For full documentation of the upgrade, you can check the confluence page:
https://publicissapient.atlassian.net/wiki/spaces/SPDS/pages/307789878/Java+17+Upgrade

@tibi-iordache tibi-iordache self-assigned this May 27, 2024
@tibi-iordache tibi-iordache mentioned this pull request May 27, 2024
Closed
tibiorda added 10 commits June 3, 2024 11:30
DTS-34986-AuthNAuth-upgrade-final Add the path when deleting cookies
83318ad
DTS-34986-AuthNAuth-upgrade-final Increase the cookie duration to 1da…
e19a3ec 
…y and save saml details only the first time user logs in
DTS-34986-AuthNAuth-upgrade-final Update domain
03ec1af
DTS-34986-AuthNAuth-upgrade-final Solving merge conflicts
f302bb6
DTS-34986-AuthNAuth-upgrade-final Fix base response dto
f58fe58
DTS-34986-AuthNAuth-upgrade-final Small refactor on endpoints after c…
6439190 
…hecking the documentation
DTS-34986-AuthNAuth-upgrade-final Add the path when deleting cookies
677a956
DTS-34986-AuthNAuth-upgrade-final Increase the cookie duration to 1da…
ffe3a5f 
…y and save saml details only the first time user logs in
DTS-34986-AuthNAuth-upgrade-final Update domain
8799a47
DTS-34986-AuthNAuth-upgrade-final Solve merge conflicts
6ce9638
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 11, 2024
View reviewed changes
central-auth-service/central-login-ui-react/src/pages/status/index.jsx Outdated
}else{
if(redirectUri.indexOf('?') === -1){
window.location.href = `${redirectUri}?authToken=${authToken}`;
window.location.href = `${redirectUri}`;

Check failure

Code scanning / CodeQL

Client-side cross-site scripting High

Cross-site scripting vulnerability due to
user-provided value
.
central-auth-service/central-login-ui-react/src/pages/status/index.jsx Outdated
}else{
window.location.href = `${redirectUri}&authToken=${authToken}`;
window.location.href = `${redirectUri}`;

Check failure

Code scanning / CodeQL

Client-side cross-site scripting High

Cross-site scripting vulnerability due to
user-provided value
.
central-auth-service/central-login-ui-react/src/pages/status/index.jsx Outdated
}else{
if(redirectUri.indexOf('?') === -1){
window.location.href = `${redirectUri}?authToken=${authToken}`;
window.location.href = `${redirectUri}`;

Check warning

Code scanning / CodeQL

Client-side URL redirect Medium

Untrusted URL redirection depends on a
user-provided value
.
Untrusted URL redirection depends on a
user-provided value
.
Untrusted URL redirection depends on a
user-provided value
.
central-auth-service/central-login-ui-react/src/pages/status/index.jsx Outdated
}else{
window.location.href = `${redirectUri}&authToken=${authToken}`;
window.location.href = `${redirectUri}`;

Check warning

Code scanning / CodeQL

Client-side URL redirect Medium

Untrusted URL redirection depends on a
user-provided value
.
Untrusted URL redirection depends on a
user-provided value
.
Untrusted URL redirection depends on a
user-provided value
.
central-auth-service/authapi/src/main/resources/application-local.yml Fixed Show fixed Hide fixed
central-auth-service/authapi/src/main/resources/application.yml Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 11, 2024
View reviewed changes
...n/java/com/publicissapient/kpidashboard/apis/bamboo/service/BambooToolConfigServiceImpl.java Outdated
* @throws ParseException
*/
private void apiCallToGetBranches(List<BambooBranchesResponseDTO> responseDTOList, String url, HttpEntity<?> httpEntity) throws ParseException {
ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.GET, httpEntity, String.class);

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

Potential server-side request forgery due to a
user-provided value
.
...n/java/com/publicissapient/kpidashboard/apis/bamboo/service/BambooToolConfigServiceImpl.java Outdated
String statusCode = response.getStatusCode().toString();
log.error("Error while fetching BambooBranchesNameAndKeys from {}. with status {}", url,
statusCode);
log.error("Invalid jobNameKey: {}", jobNameKey);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.
...n/java/com/publicissapient/kpidashboard/apis/bamboo/service/BambooToolConfigServiceImpl.java Outdated
parseBranchesResponse(responseDTOList, response);
} else {
String statusCode = response.getStatusCode().toString();
log.error("Error while fetching BambooBranchesNameAndKeys from {}. with status {}", url,

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.
...api/src/main/java/com/publicissapient/kpidashboard/apis/jenkins/service/JenkinsServiceR.java Outdated
try {
calculateAllKPIAggregatedMetrics(kpiRequest, responseList, kpiElement, treeAggregatorDetail);
} catch (Exception e) {
log.error("Error while KPI calculation for data {}", kpiRequest.getKpiList(), e);

Check failure

Code scanning / CodeQL

Log Injection High

This log entry depends on a
user-provided value
.
This log entry depends on a
user-provided value
.
This log entry depends on a
user-provided value
.
...ce/authapi/src/main/java/com/publicissapient/kpidashboard/apis/config/WebSecurityConfig.java
.disable();
@Bean
protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.csrf(csrf -> csrf.disable());

Check failure

Code scanning / CodeQL

Disabled Spring CSRF protection High

CSRF vulnerability due to protection being disabled.
...va/com/publicissapient/kpidashboard/apis/service/impl/StandardAuthenticationServiceImpl.java Fixed Show fixed Hide fixed
...va/com/publicissapient/kpidashboard/apis/service/impl/StandardAuthenticationServiceImpl.java Fixed Show fixed Hide fixed
...va/com/publicissapient/kpidashboard/apis/service/impl/StandardAuthenticationServiceImpl.java Fixed Show fixed Hide fixed
...uthapi/src/main/java/com/publicissapient/kpidashboard/apis/service/impl/UserServiceImpl.java Fixed Show fixed Hide fixed
...uthapi/src/main/java/com/publicissapient/kpidashboard/apis/service/impl/UserServiceImpl.java Fixed Show fixed Hide fixed
tibiorda added 10 commits June 11, 2024 16:06
DTS-34986-AuthNAuth-upgrade-final Solving merge conflicts
ebcfdb5
DTS-34986-AuthNAuth-upgrade-final Fix base response dto
45f18d4
DTS-34986-AuthNAuth-upgrade-final Small refactor on endpoints after c…
01e1001 
…hecking the documentation
DTS-34986-AuthNAuth-upgrade-final Add the path when deleting cookies
d059e22
DTS-34986-AuthNAuth-upgrade-final Increase the cookie duration to 1da…
b08240e 
…y and save saml details only the first time user logs in
DTS-34986-AuthNAuth-upgrade-final Update domain
5422c70
DTS-34986-AuthNAuth-upgrade-final Solve merge conflicts
86e4d9d
DTS-34986-AuthNAuth-upgrade-final Increase the cookie duration to 1da…
329aab4 
…y and save saml details only the first time user logs in
DTS-34986-AuthNAuth-upgrade-final Update domain
07571f9
DTS-34986-AuthNAuth-upgrade-final Solve merge conflicts
d5507de
shunaray and others added 30 commits July 12, 2024 17:24
@shunaray
Merge pull request #1218 from PublicisSapient/develop
dffa470 
Develop to QA
@risshukl0
Merge pull request #1223 from PublicisSapient/develop
99b4d4a 
Develop
@HinPublicis
Merge pull request #1228 from PublicisSapient/develop
e6c38de 
Develop
@risshukl0
Merge pull request #1235 from PublicisSapient/develop
49b9f1d 
Develop -> QA-Master
@risshukl0
Merge pull request #1241 from PublicisSapient/develop
77fdd11 
Develop
@risshukl0
Merge pull request #1244 from PublicisSapient/develop
0b0dd1e 
Develop
@Chittauri
Merge pull request #1247 from PublicisSapient/develop
9c5845c 
Develop
@risshukl0
Merge pull request #1251 from PublicisSapient/develop
604db6f 
New UI bug fixes
@risshukl0
Merge pull request #1270 from PublicisSapient/develop
0680374 
Develop
@risshukl0
Merge pull request #1276 from PublicisSapient/develop
a662bc1 
Develop
@hirbabar
Merge pull request #1277 from PublicisSapient/develop
abb54de 
Develop to QA (Master sync)
@hirbabar
Merge pull request #1281 from PublicisSapient/develop
af9dc3c 
Develop to QA
@sandhami
Merge pull request #1284 from PublicisSapient/develop
6ba6f54 
Develop
@risshukl0
Merge pull request #1290 from PublicisSapient/develop
6e02a44 
Develop
@kunkambl
Merge pull request #1292 from PublicisSapient/develop
cbd5739 
Develop
@sandhami
Merge pull request #1274 from PublicisSapient/qa-master
612d06a 
Qa master to Master - 10.0.0 Release
[maven-release-plugin] prepare release 10.0.0
778389d
[maven-release-plugin] prepare for next development iteration
e0e8323
@razvan-georgescu-tm
DTS-00000 Add AUTH_BASE_URL env var
6bf652f
@hirbabar
changes for AUTH_BASE_URL
e823ee5
@razvan-georgescu-tm
DTS-00000 Update application.properties
f51033d
@razvan-georgescu-tm
DTS-00000 Update content security policy on both server and nginx
a725cbf
@razvan-georgescu-tm
DTS-00000 Bump version
b1ecbe2
@razvan-georgescu-tm
Merge branch 'master' into DTS-34986-AuthNAuth-upgrade-final
347256a 
# Conflicts:
#	central-auth-service/central-login-ui-react/src/pages/login/index.jsx
@razvan-georgescu-tm
DTS-00000 Change styling for credentials login
acbb753
@hirbabar
added AUTH_BASE_URL
f4329de
@rapkalya
Update nginx_dev.conf
adba6fc 
Signed-off-by: rapkalya <74697698+rapkalya@users.noreply.github.com>
@rapkalya
Update nginx_prod.conf
8b35e75 
Signed-off-by: rapkalya <74697698+rapkalya@users.noreply.github.com>
@rapkalya
Update nginx_prod.conf
0866974 
Signed-off-by: rapkalya <74697698+rapkalya@users.noreply.github.com>
@rapkalya
Update nginx_prod.conf
0464468 
Signed-off-by: rapkalya <74697698+rapkalya@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hirbabar hirbabar hirbabar requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@tibi-iordache tibi-iordache

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
10 participants
@tibi-iordache @hirbabar @sandhami @risshukl0 @shunaray @HinPublicis @Chittauri @kunkambl @razvan-georgescu-tm @rapkalya