Skip to content

Commit

Permalink
fix(image): update images (#775)
Browse files Browse the repository at this point in the history
* fix(image): update fido2-server to address bad archive issue

* fix(image): update jansConfDyn attribute
  • Loading branch information
iromli authored Feb 8, 2022
1 parent e1cdc19 commit b31059c
Show file tree
Hide file tree
Showing 4 changed files with 136 additions and 9 deletions.
2 changes: 1 addition & 1 deletion docker-jans-fido2/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ EXPOSE 8080
# =====

ENV CN_VERSION=1.0.0-SNAPSHOT
ENV CN_BUILD_DATE='2022-01-25 05:48'
ENV CN_BUILD_DATE='2022-02-07 16:34'
ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-fido2-server/${CN_VERSION}/jans-fido2-server-${CN_VERSION}.war

# Install FIDO2
Expand Down
92 changes: 92 additions & 0 deletions docker-jans-persistence-loader/scripts/upgrade.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import contextlib
import itertools
import json
import logging.config
import os
Expand Down Expand Up @@ -49,6 +50,48 @@ def __init__(self):
#: ID of manager group
JANS_MANAGER_GROUP = "inum=60B7,ou=groups,o=jans"

#: ID of jans-auth config
JANS_AUTH_CONFIG_ID = "ou=jans-auth,ou=configuration,o=jans"


def _transform_auth_dynamic_config(conf):
should_update = False

if all([
os.environ.get("CN_DISTRIBUTION", "default") == "openbanking",
"dcrAuthorizationWithMTLS" not in conf,
]):
conf["dcrAuthorizationWithMTLS"] = False
should_update = True

if "grantTypesAndResponseTypesAutofixEnabled" not in conf:
conf["grantTypesAndResponseTypesAutofixEnabled"] = False
should_update = True

if "sessionIdEnabled" in conf:
conf.pop("sessionIdEnabled")
should_update = True

# assert the authorizationRequestCustomAllowedParameters contains dict values instead of string
params_with_dict = list(itertools.takewhile(
lambda x: isinstance(x, dict), conf["authorizationRequestCustomAllowedParameters"]
))
if not params_with_dict:
conf["authorizationRequestCustomAllowedParameters"] = list(map(
lambda p: {"paramName": p[0], "returnInResponse": p[1]},
[
("customParam1", False),
("customParam2", False),
("customParam3", False),
("customParam4", True),
("customParam5", True),
]
))
should_update = True

# return the conf and flag to determine whether it needs update or not
return conf, should_update


class LDAPBackend(BaseBackend):
def __init__(self, manager):
Expand Down Expand Up @@ -166,6 +209,17 @@ def update_base_entries(self):
entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP
self.modify_entry(JANS_BASE_ID, entry.attrs)

def update_auth_dynamic_config(self):
entry = self.get_entry(JANS_AUTH_CONFIG_ID)
if not entry:
return

conf, should_update = _transform_auth_dynamic_config(json.loads(entry.attrs["jansConfDyn"]))
if should_update:
entry.attrs["jansConfDyn"] = json.dumps(conf)
entry.attrs["jansRevision"] += 1
self.modify_entry(entry.id, entry.attrs)


class SQLBackend(BaseBackend):
def __init__(self, manager):
Expand Down Expand Up @@ -272,6 +326,18 @@ def update_base_entries(self):
entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP
self.modify_entry(id_, entry.attrs, **kwargs)

def update_auth_dynamic_config(self):
kwargs = {"table_name": "jansAppConf"}
entry = self.get_entry(doc_id_from_dn(JANS_AUTH_CONFIG_ID), **kwargs)
if not entry:
return

conf, should_update = _transform_auth_dynamic_config(json.loads(entry.attrs["jansConfDyn"]))
if should_update:
entry.attrs["jansConfDyn"] = json.dumps(conf)
entry.attrs["jansRevision"] += 1
self.modify_entry(entry.id, entry.attrs, **kwargs)


class CouchbaseBackend(BaseBackend):
def __init__(self, manager):
Expand Down Expand Up @@ -439,6 +505,18 @@ def update_base_entries(self):
entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP
self.modify_entry(id_, entry.attrs, **kwargs)

def update_auth_dynamic_config(self):
kwargs = {"bucket": os.environ.get("CN_COUCHBASE_BUCKET_PREFIX", "jans")}
entry = self.get_entry(id_from_dn(JANS_AUTH_CONFIG_ID), **kwargs)
if not entry:
return

conf, should_update = _transform_auth_dynamic_config(entry.attrs["jansConfDyn"])
if should_update:
entry.attrs["jansConfDyn"] = conf
entry.attrs["jansRevision"] += 1
self.modify_entry(entry.id, entry.attrs, **kwargs)


class SpannerBackend(BaseBackend):
def __init__(self, manager):
Expand Down Expand Up @@ -545,6 +623,18 @@ def update_base_entries(self):
entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP
self.modify_entry(id_, entry.attrs, **kwargs)

def update_auth_dynamic_config(self):
kwargs = {"table_name": "jansAppConf"}
entry = self.get_entry(doc_id_from_dn(JANS_AUTH_CONFIG_ID), **kwargs)
if not entry:
return

conf, should_update = _transform_auth_dynamic_config(json.loads(entry.attrs["jansConfDyn"]))
if should_update:
entry.attrs["jansConfDyn"] = json.dumps(conf)
entry.attrs["jansRevision"] += 1
self.modify_entry(entry.id, entry.attrs, **kwargs)


class Upgrade:
def __init__(self, manager):
Expand All @@ -571,3 +661,5 @@ def invoke(self):

if hasattr(self.backend, "update_misc"):
self.backend.update_misc()

self.backend.update_auth_dynamic_config()
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,7 @@
"invalidateSessionCookiesAfterAuthorizationFlow":false,
"clientAuthenticationFiltersEnabled":false,
"clientRegDefaultToCodeFlowWithRefresh": true,
"grantTypesAndResponseTypesAutofixEnabled": false,
"authenticationFilters":[
{
"filter":"(&(mail=*{0}*)(inum={1}))",
Expand All @@ -320,7 +321,6 @@
],
"sessionIdUnusedLifetime":86400,
"sessionIdUnauthenticatedUnusedLifetime":120,
"sessionIdEnabled":true,
"changeSessionIdOnAuthentication":true,
"returnClientSecretOnRead": true,
"sessionIdPersistOnPromptNone":true,
Expand Down Expand Up @@ -369,9 +369,26 @@
"httpLoggingExludePaths": [],
"externalLoggerConfiguration": "",
"authorizationRequestCustomAllowedParameters" : [
"customParam1",
"customParam2",
"customParam3"
{
"paramName": "customParam1",
"returnInResponse": false
},
{
"paramName": "customParam2",
"returnInResponse": false
},
{
"paramName": "customParam3",
"returnInResponse": false
},
{
"paramName": "customParam4",
"returnInResponse": true
},
{
"paramName": "customParam5",
"returnInResponse": true
}
],
"legacyDynamicRegistrationScopeParam": false,
"openidScopeBackwardCompatibility": false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,7 @@
"dcrSignatureValidationJwksUri": null,
"dcrAuthorizationWithClientCredentials": false,
"dcrSkipSignatureValidation": true,
"dcrAuthorizationWithMTLS": false,
"softwareStatementValidationType": "script",
"softwareStatementValidationClaimName": "jwks_uri",
"dynamicRegistrationEnabled":true,
Expand All @@ -227,13 +228,13 @@
"invalidateSessionCookiesAfterAuthorizationFlow":false,
"clientAuthenticationFiltersEnabled":false,
"clientRegDefaultToCodeFlowWithRefresh": true,
"grantTypesAndResponseTypesAutofixEnabled": false,
"authenticationFilters":[
],
"clientAuthenticationFilters":[
],
"sessionIdUnusedLifetime":86400,
"sessionIdUnauthenticatedUnusedLifetime":120,
"sessionIdEnabled":true,
"changeSessionIdOnAuthentication":true,
"returnClientSecretOnRead": true,
"sessionIdPersistOnPromptNone":true,
Expand Down Expand Up @@ -282,9 +283,26 @@
"httpLoggingExludePaths": [],
"externalLoggerConfiguration": "",
"authorizationRequestCustomAllowedParameters" : [
"customParam1",
"customParam2",
"customParam3"
{
"paramName": "customParam1",
"returnInResponse": false
},
{
"paramName": "customParam2",
"returnInResponse": false
},
{
"paramName": "customParam3",
"returnInResponse": false
},
{
"paramName": "customParam4",
"returnInResponse": true
},
{
"paramName": "customParam5",
"returnInResponse": true
}
],
"legacyDynamicRegistrationScopeParam": false,
"openidScopeBackwardCompatibility": false,
Expand Down

0 comments on commit b31059c

Please sign in to comment.