Merge branch 'master' into dependabot/npm_and_yarn/account-gui/browse…

…rify-sign-4.2.2

.github/workflows/daily-security-check.yml

@@ -91,6 +91,6 @@ jobs:
           SLACK_COLOR: ${{ job.status }}
           SLACK_ICON: https://static.surfconext.nl/logos/idp/surfnet.png
           SLACK_MESSAGE: 'Dependency check failed :crying_cat_face:'
-          SLACK_TITLE: $GITHUB_REPOSITORY wants attention
+          SLACK_TITLE: ${{ github.repository }} wants attention
           SLACK_USERNAME: NightlySecurityCheck
           SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}

README.md

@@ -8,7 +8,7 @@ An IdP for OpenConext. A user can create and manage his own identity. Authentica
 
 ### [System Requirements](#system-requirements)
 
-- Java 8
+- Java 11
 - Maven 3
 - MongoDB 3.4.x
 - Yarn 1.x
@@ -66,7 +66,7 @@ deploy the application in an environment where the certificate needs to be regis
 then you can generate a key pair with the following commands:
 ```
 cd myconext/myconext-server/src/main/resources
-openssl genrsa  -out myconext.pem 2048
+openssl genrsa -traditional -out myconext.pem 2048
 openssl req -subj '/O=Organization, CN=OIDC/' -key myconext.pem -new -x509 -days 365 -out myconext.crt
 ```
 Add the key pair to the [application.yml](myconext-server/src/main/resources/application.yml) file:

account-gui/build.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
 rm -Rf public/bundle*
 rm -Rf target/*
+source $NVM_DIR/nvm.sh
+nvm use
 yarn install --force && yarn test && yarn build

myconext-gui/build.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
 rm -Rf public/bundle*
 rm -Rf target/*
+source $NVM_DIR/nvm.sh
+nvm use
 yarn install --force && yarn test && yarn build

myconext-gui/src/api/index.js

@@ -135,7 +135,9 @@ export function logout() {
         credentials: "same-origin",
         redirect: "manual"
     };
-    return fetchJson("/myconext/api/sp/logout").then(() => fetch("/Shibboleth.sso/Logout", fetchOptions));
+    return forgetMe().then(() =>
+        fetchJson("/myconext/api/sp/logout").then(() => fetch("/Shibboleth.sso/Logout", fetchOptions))
+    );
 }
 
 export function forgetMe() {

myconext-server/pom.xml

@@ -37,6 +37,11 @@
     </dependencyManagement>
 
     <dependencies>
+        <dependency>
+            <groupId>org.openconext</groupId>
+            <artifactId>saml-idp</artifactId>
+            <version>0.0.7-SNAPSHOT</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
@@ -45,11 +50,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.security.extensions</groupId>
-            <artifactId>spring-security-saml2-core</artifactId>
-            <version>2.0.0.M31</version>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
@@ -121,14 +121,14 @@
             <version>0.9.10</version>
         </dependency>
         <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>20030203.000550</version>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.13.0</version>
         </dependency>
         <dependency>
             <groupId>org.openconext</groupId>
             <artifactId>tiqr-java-connector</artifactId>
-            <version>1.1.0</version>
+            <version>1.1.2</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
@@ -226,24 +226,24 @@
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
             </plugin>
-<!--            <plugin>-->
-<!--                <groupId>org.springdoc</groupId>-->
-<!--                <artifactId>springdoc-openapi-maven-plugin</artifactId>-->
-<!--                <version>1.4</version>-->
-<!--                <executions>-->
-<!--                    <execution>-->
-<!--                        <phase>test</phase>-->
-<!--                        <goals>-->
-<!--                            <goal>generate</goal>-->
-<!--                        </goals>-->
-<!--                    </execution>-->
-<!--                </executions>-->
-<!--                <configuration>-->
-<!--                    <apiDocsUrl>http://localhost:8081/myconext/api/mobile/api-docs</apiDocsUrl>-->
-<!--                    <outputFileName>openapi.json</outputFileName>-->
-<!--                    <skip>false</skip>-->
-<!--                </configuration>-->
-<!--            </plugin>-->
+            <!--            <plugin>-->
+            <!--                <groupId>org.springdoc</groupId>-->
+            <!--                <artifactId>springdoc-openapi-maven-plugin</artifactId>-->
+            <!--                <version>1.4</version>-->
+            <!--                <executions>-->
+            <!--                    <execution>-->
+            <!--                        <phase>test</phase>-->
+            <!--                        <goals>-->
+            <!--                            <goal>generate</goal>-->
+            <!--                        </goals>-->
+            <!--                    </execution>-->
+            <!--                </executions>-->
+            <!--                <configuration>-->
+            <!--                    <apiDocsUrl>http://localhost:8081/myconext/api/mobile/api-docs</apiDocsUrl>-->
+            <!--                    <outputFileName>openapi.json</outputFileName>-->
+            <!--                    <skip>false</skip>-->
+            <!--                </configuration>-->
+            <!--            </plugin>-->
             <plugin>
                 <groupId>pl.project13.maven</groupId>
                 <artifactId>git-commit-id-plugin</artifactId>

myconext-server/src/main/java/myconext/SwaggerOpenIdConfig.java

@@ -10,6 +10,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.web.filter.ForwardedHeaderFilter;
 
 @Configuration

myconext-server/src/main/java/myconext/aa/UserAttribute.java

@@ -2,12 +2,14 @@
 
 import lombok.Getter;
 import lombok.NoArgsConstructor;
+import lombok.ToString;
 
 import java.util.Collections;
 import java.util.List;
 
 @Getter
 @NoArgsConstructor
+@ToString
 public class UserAttribute {
 
     private String name;

myconext-server/src/main/java/myconext/geo/MaxMindGeoLocation.java

@@ -9,7 +9,7 @@
 import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
 import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
 import org.apache.commons.io.FileUtils;
-import org.apache.commons.io.IOUtil;
+import org.apache.commons.io.IOUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Value;
@@ -19,6 +19,7 @@
 import java.io.*;
 import java.net.InetAddress;
 import java.net.URL;
+import java.nio.charset.Charset;
 import java.nio.file.Files;
 import java.text.SimpleDateFormat;
 import java.util.*;
@@ -116,7 +117,7 @@ public void refresh() {
             FileOutputStream fileOutputStream = new FileOutputStream(file);
 
             InputStream inputStream = new URL(String.format(urlTemplate, licenseKey)).openStream();
-            IOUtil.copy(inputStream, fileOutputStream);
+            IOUtils.copy(inputStream, fileOutputStream);
 
             TarArchiveInputStream fin = new TarArchiveInputStream(new GzipCompressorInputStream(new FileInputStream(file)));
             ArchiveEntry entry;
@@ -125,7 +126,7 @@ public void refresh() {
                 if (entry.getName().endsWith("mmdb")) {
                     binaryData = new File(String.format("%s/%s/%s", this.downloadDirectory, name, GEO_LITE_2_CITY_MMDB));
                     try (OutputStream o = Files.newOutputStream(binaryData.toPath())) {
-                        IOUtil.copy(fin, o);
+                        IOUtils.copy(fin, o);
                     }
                     break;
                 }

myconext-server/src/main/java/myconext/mail/MailConfiguration.java

@@ -9,7 +9,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
-import org.springframework.context.annotation.Profile;
+import org.springframework.core.env.Profiles;
 import org.springframework.core.env.Environment;
 import org.springframework.core.io.Resource;
 import org.springframework.mail.javamail.JavaMailSender;
@@ -47,19 +47,15 @@ public class MailConfiguration {
     @Autowired
     private EmailsSendRepository emailsSendRepository;
 
+    @Autowired
+    private Environment environment;
+
     @Bean
-    @Profile({"!dev"})
     public MailBox mailSenderProd() throws IOException {
+        if (environment.acceptsProfiles(Profiles.of("dev", "test", "shib"))) {
+            return new MockMailBox(mailSender, emailFrom, magicLinkUrl, mySURFconextURL, loginSURFconextURL, objectMapper, mailTemplatesDirectory, emailsSendRepository, environment);
+        }
         return new MailBox(mailSender, emailFrom, magicLinkUrl, mySURFconextURL, loginSURFconextURL, objectMapper, mailTemplatesDirectory,
                 emailsSendRepository, emailSpamThresholdSeconds);
     }
-
-    @Bean
-    @Profile({"dev", "test", "shib"})
-    @Primary
-    public MailBox mailSenderDev(Environment environment) throws IOException {
-        return new MockMailBox(mailSender, emailFrom, magicLinkUrl, mySURFconextURL, loginSURFconextURL, objectMapper, mailTemplatesDirectory, emailsSendRepository, environment);
-    }
-
-
 }

myconext-server/src/main/java/myconext/mail/MockMailBox.java

@@ -31,7 +31,7 @@ protected void doSendMail(MimeMessage message) {
     @Override
     protected void setText(String html, String text, MimeMessageHelper helper) {
         String osName = System.getProperty("os.name").toLowerCase();
-        if (osName.contains("mac os x") && false && !env.acceptsProfiles(Profiles.of("test"))) {
+        if (osName.contains("mac os x") && !env.acceptsProfiles(Profiles.of("test"))) {
             openInBrowser(html);
         }
     }

myconext-server/src/main/java/myconext/manage/ResourceServiceProviderResolver.java

@@ -4,9 +4,10 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.SneakyThrows;
 import myconext.model.ServiceProvider;
-import org.apache.commons.io.IOUtil;
+import org.apache.commons.io.IOUtils;
 import org.springframework.core.io.Resource;
 
+import java.nio.charset.Charset;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -17,8 +18,9 @@ public class ResourceServiceProviderResolver implements ServiceProviderResolver
 
     @SneakyThrows
     public ResourceServiceProviderResolver(Resource resource, ObjectMapper objectMapper) {
-        spNames = objectMapper.readValue(IOUtil.toString(resource.getInputStream()), new TypeReference<>() {
-        });
+        spNames = objectMapper.readValue(IOUtils.toString(resource.getInputStream(), Charset.defaultCharset()),
+                new TypeReference<>() {
+                });
     }
 
     @Override