From 04ae727e55c70ea3d2205a4f1ec20a0c88f6b5d2 Mon Sep 17 00:00:00 2001 From: olbozhyk Date: Thu, 18 Jul 2024 10:24:20 +0200 Subject: [PATCH 1/7] P4PU-170 added login endpoint --- build.gradle.kts | 4 ++ gradle.lockfile | 15 ++++++ helm/values-dev.yaml | 7 +++ helm/values-prod.yaml | 8 ++- helm/values-uat.yaml | 8 ++- openapi/pagopa-arc-be.openapi.yaml | 31 +++++++++++ .../pagopa/arc/config/OAuth2LoginConfig.java | 26 ++++++++++ .../pagopa/arc/controller/ArcAuthApiImpl.java | 15 ++++++ src/main/resources/application.yml | 18 +++++++ .../controller/AuthenticationController.java | 51 +++++++++++++++++++ .../TransactionsControllerTest.java | 3 ++ 11 files changed, 184 insertions(+), 2 deletions(-) create mode 100644 src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java create mode 100644 src/main/java/it/gov/pagopa/arc/controller/ArcAuthApiImpl.java create mode 100644 src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java diff --git a/build.gradle.kts b/build.gradle.kts index 23c8aca1..d2b64fe4 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -42,6 +42,10 @@ dependencies { compileOnly("org.projectlombok:lombok") annotationProcessor("org.projectlombok:lombok") + // Spring Security + // https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-oauth2-client + implementation("org.springframework.boot:spring-boot-starter-oauth2-client") + // Testing testImplementation("org.springframework.boot:spring-boot-starter-test") testImplementation("org.junit.jupiter:junit-jupiter-api") diff --git a/gradle.lockfile b/gradle.lockfile index b1d5ad96..48dd0ac3 100644 --- a/gradle.lockfile +++ b/gradle.lockfile @@ -11,6 +11,11 @@ com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.15.4=compileClasspath com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.15.4=compileClasspath com.fasterxml.jackson.module:jackson-module-parameter-names:2.15.4=compileClasspath com.fasterxml.jackson:jackson-bom:2.15.4=compileClasspath +com.github.stephenc.jcip:jcip-annotations:1.0-1=compileClasspath +com.nimbusds:content-type:2.2=compileClasspath +com.nimbusds:lang-tag:1.7=compileClasspath +com.nimbusds:nimbus-jose-jwt:9.24.4=compileClasspath +com.nimbusds:oauth2-oidc-sdk:9.43.3=compileClasspath commons-fileupload:commons-fileupload:1.5=compileClasspath commons-io:commons-io:2.11.0=compileClasspath io.github.openfeign.form:feign-form-spring:3.8.0=compileClasspath @@ -28,6 +33,8 @@ jakarta.activation:jakarta.activation-api:2.1.3=compileClasspath jakarta.annotation:jakarta.annotation-api:2.1.1=compileClasspath jakarta.validation:jakarta.validation-api:3.0.2=compileClasspath jakarta.xml.bind:jakarta.xml.bind-api:4.0.2=compileClasspath +net.minidev:accessors-smart:2.5.1=compileClasspath +net.minidev:json-smart:2.5.1=compileClasspath org.apache.commons:commons-lang3:3.13.0=compileClasspath org.apache.logging.log4j:log4j-api:2.21.1=compileClasspath org.apache.logging.log4j:log4j-to-slf4j:2.21.1=compileClasspath @@ -39,6 +46,7 @@ org.bouncycastle:bcprov-jdk18on:1.77=compileClasspath org.codehaus.janino:commons-compiler:3.1.12=compileClasspath org.codehaus.janino:janino:3.1.12=compileClasspath org.openapitools:jackson-databind-nullable:0.2.6=compileClasspath +org.ow2.asm:asm:9.6=compileClasspath org.projectlombok:lombok:1.18.32=compileClasspath org.slf4j:jul-to-slf4j:2.0.13=compileClasspath org.slf4j:slf4j-api:2.0.13=compileClasspath @@ -52,6 +60,7 @@ org.springframework.boot:spring-boot-starter-actuator:3.2.5=compileClasspath org.springframework.boot:spring-boot-starter-aop:3.2.5=compileClasspath org.springframework.boot:spring-boot-starter-json:3.2.5=compileClasspath org.springframework.boot:spring-boot-starter-logging:3.2.5=compileClasspath +org.springframework.boot:spring-boot-starter-oauth2-client:3.2.5=compileClasspath org.springframework.boot:spring-boot-starter-tomcat:3.2.5=compileClasspath org.springframework.boot:spring-boot-starter-web:3.2.5=compileClasspath org.springframework.boot:spring-boot-starter:3.2.5=compileClasspath @@ -61,8 +70,14 @@ org.springframework.cloud:spring-cloud-context:4.1.2=compileClasspath org.springframework.cloud:spring-cloud-openfeign-core:4.1.1=compileClasspath org.springframework.cloud:spring-cloud-starter-openfeign:4.1.1=compileClasspath org.springframework.cloud:spring-cloud-starter:4.1.2=compileClasspath +org.springframework.security:spring-security-config:6.2.4=compileClasspath +org.springframework.security:spring-security-core:6.2.4=compileClasspath org.springframework.security:spring-security-crypto:6.2.4=compileClasspath +org.springframework.security:spring-security-oauth2-client:6.2.4=compileClasspath +org.springframework.security:spring-security-oauth2-core:6.2.4=compileClasspath +org.springframework.security:spring-security-oauth2-jose:6.2.4=compileClasspath org.springframework.security:spring-security-rsa:1.1.2=compileClasspath +org.springframework.security:spring-security-web:6.2.4=compileClasspath org.springframework:spring-aop:6.1.6=compileClasspath org.springframework:spring-beans:6.1.6=compileClasspath org.springframework:spring-context:6.1.6=compileClasspath diff --git a/helm/values-dev.yaml b/helm/values-dev.yaml index c87ce900..11109670 100644 --- a/helm/values-dev.yaml +++ b/helm/values-dev.yaml @@ -30,6 +30,13 @@ microservice-chart: envConfig: ENV: "DEV" JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -Dio.netty.eventLoopThreads=100 -javaagent:/app/applicationinsights-agent.jar -Dapplicationinsights.configuration.file=/mnt/file-config-external/appinsights-config/applicationinsights.json -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" + AUTH_CLIENT_ID: dev-arc-id + AUTH_CLIENT_SECRET: XhkM4YOflRuDkFHRSVg9 + AUTH_CLIENT_REDIRECT_URI: https://dev.cittadini-p4pa.pagopa.it/auth-callback + AUTH_ISSUER_URI: https://dev.oneid.pagopa.it + AUTH_CLIENT_AUTHORIZATION_URI: https://dev.oneid.pagopa.it/login + AUTH_CLIENT_TOKEN_URI: https://dev.oneid.pagopa.it/oidc/token + AUTH_CLIENT_JWK_URI: https://dev.oneid.pagopa.it/oidc/keys keyvault: name: "arc-d-itn-cittadini-kv" diff --git a/helm/values-prod.yaml b/helm/values-prod.yaml index c21e1a2b..b9d9c540 100644 --- a/helm/values-prod.yaml +++ b/helm/values-prod.yaml @@ -30,7 +30,13 @@ microservice-chart: envConfig: ENV: "PROD" JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" - + AUTH_CLIENT_ID: TBD + AUTH_CLIENT_SECRET: TBD + AUTH_CLIENT_REDIRECT_URI: TBD + AUTH_ISSUER_URI: TBD + AUTH_CLIENT_AUTHORIZATION_URI: TBD + AUTH_CLIENT_TOKEN_URI: TBD + AUTH_CLIENT_JWK_URI: TBD keyvault: name: "arc-p-itn-cittadini-kv" diff --git a/helm/values-uat.yaml b/helm/values-uat.yaml index bf208b82..7b617bfe 100644 --- a/helm/values-uat.yaml +++ b/helm/values-uat.yaml @@ -30,7 +30,13 @@ microservice-chart: envConfig: ENV: "UAT" JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" - + AUTH_CLIENT_ID: TBD + AUTH_CLIENT_SECRET: TBD + AUTH_CLIENT_REDIRECT_URI: TBD + AUTH_ISSUER_URI: TBD + AUTH_CLIENT_AUTHORIZATION_URI: TBD + AUTH_CLIENT_TOKEN_URI: TBD + AUTH_CLIENT_JWK_URI: TBD keyvault: name: "arc-u-itn-cittadini-kv" diff --git a/openapi/pagopa-arc-be.openapi.yaml b/openapi/pagopa-arc-be.openapi.yaml index 294b8b92..36684386 100644 --- a/openapi/pagopa-arc-be.openapi.yaml +++ b/openapi/pagopa-arc-be.openapi.yaml @@ -7,6 +7,37 @@ servers: - url: "http://localhost:8080/arc" description: Generated server url paths: + /login/oneidentity: + get: + tags: + - arc auth + summary: "Provide the authentication endpoint" + operationId: getAuthenticationEndpoint + responses: + '302': + description: "Redirect to the authentication endpoint" + headers: + Location: + description: > + The URL to redirect to, including the following query parameters: + - response_type: The type of response, e.g., "code". + - scope: The scope of the access request, e.g., "openid profile email". + - client_id: The client ID, e.g., "abc4hdRkqt3". + - state: An opaque value used to maintain state between the request and callback, e.g., "abc4hdRkqt3". + - redirect_uri: The URI to redirect to after authorization, e.g., "https://client.example.org/cb". + schema: + type: string + '401': + description: "Wrong or missing function key" + '429': + description: "Too many Requests" + '500': + description: "Service unavailable" + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorDTO' + /transactions: get: tags: diff --git a/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java b/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java new file mode 100644 index 00000000..31e30557 --- /dev/null +++ b/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java @@ -0,0 +1,26 @@ +package it.gov.pagopa.arc.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.web.SecurityFilterChain; + +@Configuration +public class OAuth2LoginConfig { + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + http + .oauth2Login(oauth2Login -> oauth2Login + .authorizationEndpoint(authConfig -> authConfig.baseUri("/login")) + .redirectionEndpoint(redirection -> redirection.baseUri("/token/*")) + ) + .authorizeHttpRequests((authorize) -> authorize + .anyRequest() + .permitAll()) + .csrf( AbstractHttpConfigurer::disable ); + return http.build(); + } + +} diff --git a/src/main/java/it/gov/pagopa/arc/controller/ArcAuthApiImpl.java b/src/main/java/it/gov/pagopa/arc/controller/ArcAuthApiImpl.java new file mode 100644 index 00000000..071ba360 --- /dev/null +++ b/src/main/java/it/gov/pagopa/arc/controller/ArcAuthApiImpl.java @@ -0,0 +1,15 @@ +package it.gov.pagopa.arc.controller; + +import it.gov.pagopa.arc.controller.generated.ArcAuthApi; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Controller; + +@Controller +public class ArcAuthApiImpl implements ArcAuthApi { + + @Override + public ResponseEntity getAuthenticationEndpoint() { + return ArcAuthApi.super.getAuthenticationEndpoint(); + } + +} \ No newline at end of file diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 17ab6689..029d6a37 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -3,6 +3,24 @@ spring: name: ${artifactId} version: ${version} jmx.enabled: true + security: + oauth2: + client: + registration: + oneidentity: + provider: oneidentity + client-id: \${AUTH_CLIENT_ID:dev-arc-id} + client-secret: \${AUTH_CLIENT_SECRET:XhkM4YOflRuDkFHRSVg9} + authorization-grant-type: authorization_code + redirect-uri: \${AUTH_CLIENT_REDIRECT_URI:https://dev.cittadini-p4pa.pagopa.it/auth-callback} + scope: openid + provider: + oneidentity: + issuer-uri: \${AUTH_ISSUER_URI:https://dev.oneid.pagopa.it} + authorization-uri: \${AUTH_CLIENT_AUTHORIZATION_URI:https://dev.oneid.pagopa.it/login} + token-uri: \${AUTH_CLIENT_TOKEN_URI:https://dev.oneid.pagopa.it/oidc/token} + user-name-attribute: sub + jwk-set-uri: \${AUTH_CLIENT_JWK_URI:https://dev.oneid.pagopa.it/oidc/keys} rest-client: biz-events: diff --git a/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java b/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java new file mode 100644 index 00000000..4b56ba71 --- /dev/null +++ b/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java @@ -0,0 +1,51 @@ +package it.gov.pagopa.arc.controller; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import it.gov.pagopa.arc.config.OAuth2LoginConfig; +import it.gov.pagopa.arc.controller.generated.ArcTransactionsApi; +import it.gov.pagopa.arc.service.TransactionsService; +import java.util.Map; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.context.annotation.Import; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.MvcResult; +import org.springframework.web.util.UriComponents; +import org.springframework.web.util.UriComponentsBuilder; + +@WebMvcTest(value = { + ArcTransactionsApi.class +}) +@Import(OAuth2LoginConfig.class) +class AuthenticationController { + @Autowired + private MockMvc mockMvc; + + @MockBean + private TransactionsService transactionsServiceMock; + + @Test + void givenAuthenticationEndpointGetARedirectToIDPLoginPage() throws Exception { + MvcResult result = mockMvc.perform( + get("/login/oneidentity") + ).andExpect(status().is3xxRedirection()) + .andReturn(); + + Assertions.assertNotNull( result.getResponse().getRedirectedUrl() ); + + UriComponents uriComponents = UriComponentsBuilder.fromUriString( result.getResponse().getRedirectedUrl()).build() ; + Map queryParams = uriComponents.getQueryParams() + .toSingleValueMap(); + Assertions.assertNotNull(queryParams.get("client_id")); + Assertions.assertNotNull(queryParams.get("scope")); + Assertions.assertNotNull(queryParams.get("state")); + Assertions.assertNotNull(queryParams.get("redirect_uri")); + Assertions.assertNotNull(queryParams.get("nonce")); + } + +} diff --git a/src/test/java/it/gov/pagopa/arc/controller/TransactionsControllerTest.java b/src/test/java/it/gov/pagopa/arc/controller/TransactionsControllerTest.java index f6c7362f..0301d855 100644 --- a/src/test/java/it/gov/pagopa/arc/controller/TransactionsControllerTest.java +++ b/src/test/java/it/gov/pagopa/arc/controller/TransactionsControllerTest.java @@ -1,6 +1,7 @@ package it.gov.pagopa.arc.controller; import com.fasterxml.jackson.databind.ObjectMapper; +import it.gov.pagopa.arc.config.OAuth2LoginConfig; import it.gov.pagopa.arc.controller.generated.ArcTransactionsApi; import it.gov.pagopa.arc.fakers.TransactionDetailsDTOFaker; import it.gov.pagopa.arc.model.generated.TransactionDetailsDTO; @@ -13,6 +14,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.context.annotation.Import; import org.springframework.core.io.FileSystemResource; import org.springframework.core.io.Resource; import org.springframework.test.web.servlet.MockMvc; @@ -29,6 +31,7 @@ @WebMvcTest(value = { ArcTransactionsApi.class }) +@Import(OAuth2LoginConfig.class) class TransactionsControllerTest { private static final int PAGE = 1; private static final int SIZE = 2; From 4c708750ef3f7c89550e65857aa68d9d55e9c66b Mon Sep 17 00:00:00 2001 From: oleksiybozhykntt Date: Thu, 18 Jul 2024 11:48:44 +0200 Subject: [PATCH 2/7] P4PU-170 fixed security for test --- .../exception/ArcExceptionHandlerTest.java | 25 ++++++++----------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java b/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java index aba2e690..8abd842e 100644 --- a/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java +++ b/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java @@ -1,36 +1,33 @@ package it.gov.pagopa.arc.exception; +import static org.mockito.Mockito.doThrow; + import ch.qos.logback.classic.LoggerContext; import it.gov.pagopa.arc.exception.custom.BizEventsInvocationException; import it.gov.pagopa.arc.exception.custom.BizEventsReceiptNotFoundException; import it.gov.pagopa.arc.exception.custom.BizEventsTransactionNotFoundException; +import it.gov.pagopa.arc.utils.MemoryAppender; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.junit.jupiter.MockitoExtension; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; -import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.result.MockMvcResultMatchers; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; -import it.gov.pagopa.arc.utils.MemoryAppender; - -import static org.mockito.Mockito.doThrow; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; -@ExtendWith({SpringExtension.class, MockitoExtension.class}) -@WebMvcTest(value = {ArcExceptionHandlerTest.TestController.class}, excludeAutoConfiguration = SecurityAutoConfiguration.class) -@ContextConfiguration(classes = { - ArcExceptionHandlerTest.TestController.class, - ArcExceptionHandler.class}) +@SpringBootTest(classes = { + ArcExceptionHandlerTest.TestController.class, + ArcExceptionHandler.class}) +@EnableWebMvc +@AutoConfigureMockMvc(addFilters = false) class ArcExceptionHandlerTest { public static final String DATA = "data"; From 747cca1a57d89b0cf5b66d56a13972cdc26bd7d2 Mon Sep 17 00:00:00 2001 From: oleksiybozhykntt Date: Thu, 18 Jul 2024 12:02:33 +0200 Subject: [PATCH 3/7] P4PU-170 removed auth controller not used updated csrf conf --- .../gov/pagopa/arc/config/OAuth2LoginConfig.java | 3 +-- .../gov/pagopa/arc/controller/ArcAuthApiImpl.java | 15 --------------- src/main/resources/application.yml | 1 + .../arc/controller/AuthenticationController.java | 2 ++ 4 files changed, 4 insertions(+), 17 deletions(-) delete mode 100644 src/main/java/it/gov/pagopa/arc/controller/ArcAuthApiImpl.java diff --git a/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java b/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java index 31e30557..136ae08d 100644 --- a/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java +++ b/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java @@ -18,8 +18,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti ) .authorizeHttpRequests((authorize) -> authorize .anyRequest() - .permitAll()) - .csrf( AbstractHttpConfigurer::disable ); + .permitAll()); return http.build(); } diff --git a/src/main/java/it/gov/pagopa/arc/controller/ArcAuthApiImpl.java b/src/main/java/it/gov/pagopa/arc/controller/ArcAuthApiImpl.java deleted file mode 100644 index 071ba360..00000000 --- a/src/main/java/it/gov/pagopa/arc/controller/ArcAuthApiImpl.java +++ /dev/null @@ -1,15 +0,0 @@ -package it.gov.pagopa.arc.controller; - -import it.gov.pagopa.arc.controller.generated.ArcAuthApi; -import org.springframework.http.ResponseEntity; -import org.springframework.stereotype.Controller; - -@Controller -public class ArcAuthApiImpl implements ArcAuthApi { - - @Override - public ResponseEntity getAuthenticationEndpoint() { - return ArcAuthApi.super.getAuthenticationEndpoint(); - } - -} \ No newline at end of file diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 029d6a37..bf546bed 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -4,6 +4,7 @@ spring: version: ${version} jmx.enabled: true security: + enable-csrf: false oauth2: client: registration: diff --git a/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java b/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java index 4b56ba71..9e026cd3 100644 --- a/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java +++ b/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java @@ -29,6 +29,8 @@ class AuthenticationController { @MockBean private TransactionsService transactionsServiceMock; + + @Test void givenAuthenticationEndpointGetARedirectToIDPLoginPage() throws Exception { MvcResult result = mockMvc.perform( From 362cc8a36152307d05647641e7cec2b2d686372a Mon Sep 17 00:00:00 2001 From: oleksiybozhykntt Date: Thu, 18 Jul 2024 12:07:19 +0200 Subject: [PATCH 4/7] P4PU-170 removed parenthesis --- src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java b/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java index 136ae08d..2239fafa 100644 --- a/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java +++ b/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java @@ -16,7 +16,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti .authorizationEndpoint(authConfig -> authConfig.baseUri("/login")) .redirectionEndpoint(redirection -> redirection.baseUri("/token/*")) ) - .authorizeHttpRequests((authorize) -> authorize + .authorizeHttpRequests(authorize -> authorize .anyRequest() .permitAll()); return http.build(); From d6d998c0554d8b8cf409f326691ffd24b2820950 Mon Sep 17 00:00:00 2001 From: oleksiybozhykntt Date: Thu, 18 Jul 2024 12:28:47 +0200 Subject: [PATCH 5/7] P4PU-170 moved secret to keyvault --- helm/values-dev.yaml | 1 - helm/values-prod.yaml | 1 - helm/values-uat.yaml | 1 - helm/values.yaml | 2 +- src/main/resources/application.yml | 14 +++++++------- 5 files changed, 8 insertions(+), 11 deletions(-) diff --git a/helm/values-dev.yaml b/helm/values-dev.yaml index 11109670..1baed30a 100644 --- a/helm/values-dev.yaml +++ b/helm/values-dev.yaml @@ -31,7 +31,6 @@ microservice-chart: ENV: "DEV" JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -Dio.netty.eventLoopThreads=100 -javaagent:/app/applicationinsights-agent.jar -Dapplicationinsights.configuration.file=/mnt/file-config-external/appinsights-config/applicationinsights.json -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" AUTH_CLIENT_ID: dev-arc-id - AUTH_CLIENT_SECRET: XhkM4YOflRuDkFHRSVg9 AUTH_CLIENT_REDIRECT_URI: https://dev.cittadini-p4pa.pagopa.it/auth-callback AUTH_ISSUER_URI: https://dev.oneid.pagopa.it AUTH_CLIENT_AUTHORIZATION_URI: https://dev.oneid.pagopa.it/login diff --git a/helm/values-prod.yaml b/helm/values-prod.yaml index b9d9c540..f55da744 100644 --- a/helm/values-prod.yaml +++ b/helm/values-prod.yaml @@ -31,7 +31,6 @@ microservice-chart: ENV: "PROD" JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" AUTH_CLIENT_ID: TBD - AUTH_CLIENT_SECRET: TBD AUTH_CLIENT_REDIRECT_URI: TBD AUTH_ISSUER_URI: TBD AUTH_CLIENT_AUTHORIZATION_URI: TBD diff --git a/helm/values-uat.yaml b/helm/values-uat.yaml index 7b617bfe..1ec234f8 100644 --- a/helm/values-uat.yaml +++ b/helm/values-uat.yaml @@ -31,7 +31,6 @@ microservice-chart: ENV: "UAT" JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" AUTH_CLIENT_ID: TBD - AUTH_CLIENT_SECRET: TBD AUTH_CLIENT_REDIRECT_URI: TBD AUTH_ISSUER_URI: TBD AUTH_CLIENT_AUTHORIZATION_URI: TBD diff --git a/helm/values.yaml b/helm/values.yaml index d972cc6c..a91dfe72 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -68,7 +68,7 @@ microservice-chart: envSecret: APPLICATIONINSIGHTS_CONNECTION_STRING: appinsights-connection-string BIZ_EVENTS_SERVICE_API_KEY: pagopa-d-bizevents-trx-apimv1-subscription-key - + AUTH_CLIENT_SECRET: oneidentity-client-secret # nodeSelector: {} # tolerations: [] diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index bf546bed..42f6f64b 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -10,18 +10,18 @@ spring: registration: oneidentity: provider: oneidentity - client-id: \${AUTH_CLIENT_ID:dev-arc-id} - client-secret: \${AUTH_CLIENT_SECRET:XhkM4YOflRuDkFHRSVg9} + client-id: \${AUTH_CLIENT_ID:} + client-secret: \${AUTH_CLIENT_SECRET:} authorization-grant-type: authorization_code - redirect-uri: \${AUTH_CLIENT_REDIRECT_URI:https://dev.cittadini-p4pa.pagopa.it/auth-callback} + redirect-uri: \${AUTH_CLIENT_REDIRECT_URI:} scope: openid provider: oneidentity: - issuer-uri: \${AUTH_ISSUER_URI:https://dev.oneid.pagopa.it} - authorization-uri: \${AUTH_CLIENT_AUTHORIZATION_URI:https://dev.oneid.pagopa.it/login} - token-uri: \${AUTH_CLIENT_TOKEN_URI:https://dev.oneid.pagopa.it/oidc/token} + issuer-uri: \${AUTH_ISSUER_URI:} + authorization-uri: \${AUTH_CLIENT_AUTHORIZATION_URI:} + token-uri: \${AUTH_CLIENT_TOKEN_URI:} user-name-attribute: sub - jwk-set-uri: \${AUTH_CLIENT_JWK_URI:https://dev.oneid.pagopa.it/oidc/keys} + jwk-set-uri: \${AUTH_CLIENT_JWK_URI:} rest-client: biz-events: From a5c0211656d855531e6fe4e18f346c1cac668f59 Mon Sep 17 00:00:00 2001 From: oleksiybozhykntt Date: Thu, 18 Jul 2024 12:54:43 +0200 Subject: [PATCH 6/7] P4PU-170 moved secret to keyvault --- .../pagopa/arc/config/OAuth2LoginConfig.java | 1 - src/main/resources/application.yml | 14 +++++++------- .../arc/exception/ArcExceptionHandlerTest.java | 18 +++++++++++------- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java b/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java index 2239fafa..6e40d4a2 100644 --- a/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java +++ b/src/main/java/it/gov/pagopa/arc/config/OAuth2LoginConfig.java @@ -3,7 +3,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.web.SecurityFilterChain; @Configuration diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 42f6f64b..ecd356aa 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -10,18 +10,18 @@ spring: registration: oneidentity: provider: oneidentity - client-id: \${AUTH_CLIENT_ID:} - client-secret: \${AUTH_CLIENT_SECRET:} + client-id: \${AUTH_CLIENT_ID:clientid} + client-secret: \${AUTH_CLIENT_SECRET:clientsecret} authorization-grant-type: authorization_code - redirect-uri: \${AUTH_CLIENT_REDIRECT_URI:} + redirect-uri: \${AUTH_CLIENT_REDIRECT_URI:https://dev.cittadini-p4pa.pagopa.it/auth-callback} scope: openid provider: oneidentity: - issuer-uri: \${AUTH_ISSUER_URI:} - authorization-uri: \${AUTH_CLIENT_AUTHORIZATION_URI:} - token-uri: \${AUTH_CLIENT_TOKEN_URI:} + issuer-uri: \${AUTH_ISSUER_URI:https://dev.oneid.pagopa.it} + authorization-uri: \${AUTH_CLIENT_AUTHORIZATION_URI:https://dev.oneid.pagopa.it/login} + token-uri: \${AUTH_CLIENT_TOKEN_URI:https://dev.oneid.pagopa.it/oidc/token} user-name-attribute: sub - jwk-set-uri: \${AUTH_CLIENT_JWK_URI:} + jwk-set-uri: \${AUTH_CLIENT_JWK_URI:https://dev.oneid.pagopa.it/oidc/keys} rest-client: biz-events: diff --git a/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java b/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java index 8abd842e..a826f0b9 100644 --- a/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java +++ b/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java @@ -3,6 +3,7 @@ import static org.mockito.Mockito.doThrow; import ch.qos.logback.classic.LoggerContext; +import it.gov.pagopa.arc.config.OAuth2LoginConfig; import it.gov.pagopa.arc.exception.custom.BizEventsInvocationException; import it.gov.pagopa.arc.exception.custom.BizEventsReceiptNotFoundException; import it.gov.pagopa.arc.exception.custom.BizEventsTransactionNotFoundException; @@ -10,24 +11,27 @@ import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.junit.jupiter.MockitoExtension; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; -import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.result.MockMvcResultMatchers; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.servlet.config.annotation.EnableWebMvc; -@SpringBootTest(classes = { +@ExtendWith({SpringExtension.class, MockitoExtension.class}) +@WebMvcTest(value = {ArcExceptionHandlerTest.TestController.class}) +@ContextConfiguration(classes = { ArcExceptionHandlerTest.TestController.class, - ArcExceptionHandler.class}) -@EnableWebMvc -@AutoConfigureMockMvc(addFilters = false) + ArcExceptionHandler.class, + OAuth2LoginConfig.class}) class ArcExceptionHandlerTest { public static final String DATA = "data"; From c3256b7716cdab376ef4910a930532ecaec08f08 Mon Sep 17 00:00:00 2001 From: oleksiybozhykntt Date: Thu, 18 Jul 2024 15:18:50 +0200 Subject: [PATCH 7/7] P4PU-170 fixed tests --- src/main/resources/application.yml | 14 ++--- .../controller/AuthenticationController.java | 53 ------------------- .../TransactionsControllerTest.java | 20 ++++--- .../exception/ArcExceptionHandlerTest.java | 6 +-- src/test/resources/application.yml | 5 ++ 5 files changed, 24 insertions(+), 74 deletions(-) delete mode 100644 src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java create mode 100644 src/test/resources/application.yml diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index ecd356aa..42f6f64b 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -10,18 +10,18 @@ spring: registration: oneidentity: provider: oneidentity - client-id: \${AUTH_CLIENT_ID:clientid} - client-secret: \${AUTH_CLIENT_SECRET:clientsecret} + client-id: \${AUTH_CLIENT_ID:} + client-secret: \${AUTH_CLIENT_SECRET:} authorization-grant-type: authorization_code - redirect-uri: \${AUTH_CLIENT_REDIRECT_URI:https://dev.cittadini-p4pa.pagopa.it/auth-callback} + redirect-uri: \${AUTH_CLIENT_REDIRECT_URI:} scope: openid provider: oneidentity: - issuer-uri: \${AUTH_ISSUER_URI:https://dev.oneid.pagopa.it} - authorization-uri: \${AUTH_CLIENT_AUTHORIZATION_URI:https://dev.oneid.pagopa.it/login} - token-uri: \${AUTH_CLIENT_TOKEN_URI:https://dev.oneid.pagopa.it/oidc/token} + issuer-uri: \${AUTH_ISSUER_URI:} + authorization-uri: \${AUTH_CLIENT_AUTHORIZATION_URI:} + token-uri: \${AUTH_CLIENT_TOKEN_URI:} user-name-attribute: sub - jwk-set-uri: \${AUTH_CLIENT_JWK_URI:https://dev.oneid.pagopa.it/oidc/keys} + jwk-set-uri: \${AUTH_CLIENT_JWK_URI:} rest-client: biz-events: diff --git a/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java b/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java deleted file mode 100644 index 9e026cd3..00000000 --- a/src/test/java/it/gov/pagopa/arc/controller/AuthenticationController.java +++ /dev/null @@ -1,53 +0,0 @@ -package it.gov.pagopa.arc.controller; - -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; - -import it.gov.pagopa.arc.config.OAuth2LoginConfig; -import it.gov.pagopa.arc.controller.generated.ArcTransactionsApi; -import it.gov.pagopa.arc.service.TransactionsService; -import java.util.Map; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; -import org.springframework.boot.test.mock.mockito.MockBean; -import org.springframework.context.annotation.Import; -import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.MvcResult; -import org.springframework.web.util.UriComponents; -import org.springframework.web.util.UriComponentsBuilder; - -@WebMvcTest(value = { - ArcTransactionsApi.class -}) -@Import(OAuth2LoginConfig.class) -class AuthenticationController { - @Autowired - private MockMvc mockMvc; - - @MockBean - private TransactionsService transactionsServiceMock; - - - - @Test - void givenAuthenticationEndpointGetARedirectToIDPLoginPage() throws Exception { - MvcResult result = mockMvc.perform( - get("/login/oneidentity") - ).andExpect(status().is3xxRedirection()) - .andReturn(); - - Assertions.assertNotNull( result.getResponse().getRedirectedUrl() ); - - UriComponents uriComponents = UriComponentsBuilder.fromUriString( result.getResponse().getRedirectedUrl()).build() ; - Map queryParams = uriComponents.getQueryParams() - .toSingleValueMap(); - Assertions.assertNotNull(queryParams.get("client_id")); - Assertions.assertNotNull(queryParams.get("scope")); - Assertions.assertNotNull(queryParams.get("state")); - Assertions.assertNotNull(queryParams.get("redirect_uri")); - Assertions.assertNotNull(queryParams.get("nonce")); - } - -} diff --git a/src/test/java/it/gov/pagopa/arc/controller/TransactionsControllerTest.java b/src/test/java/it/gov/pagopa/arc/controller/TransactionsControllerTest.java index 0301d855..7f5a0bdc 100644 --- a/src/test/java/it/gov/pagopa/arc/controller/TransactionsControllerTest.java +++ b/src/test/java/it/gov/pagopa/arc/controller/TransactionsControllerTest.java @@ -1,37 +1,35 @@ package it.gov.pagopa.arc.controller; +import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyString; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + import com.fasterxml.jackson.databind.ObjectMapper; -import it.gov.pagopa.arc.config.OAuth2LoginConfig; import it.gov.pagopa.arc.controller.generated.ArcTransactionsApi; import it.gov.pagopa.arc.fakers.TransactionDetailsDTOFaker; import it.gov.pagopa.arc.model.generated.TransactionDetailsDTO; import it.gov.pagopa.arc.model.generated.TransactionsListDTO; import it.gov.pagopa.arc.service.TransactionsService; import it.gov.pagopa.arc.utils.TestUtils; +import java.nio.file.Files; +import java.nio.file.Paths; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.mockito.Mockito; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.mock.mockito.MockBean; -import org.springframework.context.annotation.Import; import org.springframework.core.io.FileSystemResource; import org.springframework.core.io.Resource; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; -import java.nio.file.Files; -import java.nio.file.Paths; - -import static org.mockito.ArgumentMatchers.anyInt; -import static org.mockito.ArgumentMatchers.anyString; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; - @WebMvcTest(value = { ArcTransactionsApi.class }) -@Import(OAuth2LoginConfig.class) +@AutoConfigureMockMvc(addFilters = false) class TransactionsControllerTest { private static final int PAGE = 1; private static final int SIZE = 2; diff --git a/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java b/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java index a826f0b9..2b8c0bf2 100644 --- a/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java +++ b/src/test/java/it/gov/pagopa/arc/exception/ArcExceptionHandlerTest.java @@ -3,7 +3,6 @@ import static org.mockito.Mockito.doThrow; import ch.qos.logback.classic.LoggerContext; -import it.gov.pagopa.arc.config.OAuth2LoginConfig; import it.gov.pagopa.arc.exception.custom.BizEventsInvocationException; import it.gov.pagopa.arc.exception.custom.BizEventsReceiptNotFoundException; import it.gov.pagopa.arc.exception.custom.BizEventsTransactionNotFoundException; @@ -15,6 +14,7 @@ import org.mockito.junit.jupiter.MockitoExtension; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.http.MediaType; @@ -30,8 +30,8 @@ @WebMvcTest(value = {ArcExceptionHandlerTest.TestController.class}) @ContextConfiguration(classes = { ArcExceptionHandlerTest.TestController.class, - ArcExceptionHandler.class, - OAuth2LoginConfig.class}) + ArcExceptionHandler.class}) +@AutoConfigureMockMvc(addFilters = false) class ArcExceptionHandlerTest { public static final String DATA = "data"; diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml new file mode 100644 index 00000000..567c44b0 --- /dev/null +++ b/src/test/resources/application.yml @@ -0,0 +1,5 @@ +rest-client: + biz-events: + baseUrl: \${BIZ_EVENTS_BASE_URL:} + api-key: \${BIZ_EVENTS_SERVICE_API_KEY:} + fake-fiscal-code: "HSLZYB90L59D030S" \ No newline at end of file