From 3ae6d1224d2f205a6e5cf7e1c7033ff72efecbdf Mon Sep 17 00:00:00 2001 From: Anusha Sunkada Date: Mon, 9 Oct 2023 18:16:46 +0530 Subject: [PATCH] Code merge from develop to release-1.2.x (#436) * [ES-255] * translation files updated * [ADDED] deeplink URI configuration corrected * [DSD-3416] updated values.yaml file (#389) * [MOSIP-29168] Updated workflows as per reusable workflow format (#391) * [MOSIP-29168] Updated workflows as per reusable workflow format [MOSIP-25631] * [MOSIP-29168] minor fix [MOSIP-25631] --------- Co-authored-by: syed-salman-technoforte * [MOSIP-29519] added webhook secret in release-changes.yml file (#401) * default configuration for esignet UI updated * [MOSIP-29519] added personal access token in release-changes.yml (#405) Signed-off-by: PRAFUL RAKHADE <99539100+Prafulrakhade@users.noreply.github.com> * [MOSIP-29519] added webhook secrets in tag.yml file (#409) * [ES-291] added validation in accepted claims and permittedAuthScope request list (#408) * Modified the version * validation for empty acceptedCliams and permittedAuthorizeScopes --------- Co-authored-by: Venkata Saidurga Polamraju * [ES-291] added test case for controllers (#412) * Modified the version * validation for empty acceptedCliams and permittedAuthorizeScopes * add test case for authcode controler and linkconsent --------- Co-authored-by: Venkata Saidurga Polamraju * [FIXES] es-303 issue * [ADDED] muliple wellknown endpoint through config * [ES-295] (#413) * [ES-295] * review comments fixed * [MODIFIED] docker & nginx conf according wellknown api * [ES-299] Added validation for codeChallenge (#422) * Modified the version * validation for empty acceptedCliams and permittedAuthorizeScopes * add test case for authcode controler and linkconsent * added codeChallenge validtion * added codeChallenge validation * review changes --------- Co-authored-by: Venkata Saidurga Polamraju * ES-298 ES-295 ES-310 (#427) * exp as epoch in JWK * ES-295 * ES-310 * ES-298 --------- Co-authored-by: ase-101 <> * [REMOVE] unused environment variable * [MOSIP-29035] Updated esignet onboarder script to fetch value from docker env vars (#414) * [MOSIP-29035] Updated esignet onboarder script to fecth value from docker env vars * [MOSIP-29035] Removed the dummy value for esignet misp key * [MOSIP-29035] Updated dummy value with single quotes --------- Co-authored-by: akilalakshmanan * [ADDED] openid credential issuer * synced labels with artifactory * [FIXES] spelling mistake * ES-328 (#434) * ES-4 (#432) Co-authored-by: ase-101 <> * ES-328 --------- Co-authored-by: ase-101 <> * ES-328 (#435) Co-authored-by: ase-101 <> --------- Signed-off-by: PRAFUL RAKHADE <99539100+Prafulrakhade@users.noreply.github.com> Co-authored-by: Venkata Saidurga Polamraju Co-authored-by: KONIJETI YASWANTHA NAGARJUNA <50859121+YaswanthNagarjuna@users.noreply.github.com> Co-authored-by: anshulv1401 <31562315+anshulv1401@users.noreply.github.com> Co-authored-by: Zeeshan Mehboob Co-authored-by: PRAFUL RAKHADE <99539100+Prafulrakhade@users.noreply.github.com> Co-authored-by: syed salman <72004356+syedsalman3753@users.noreply.github.com> Co-authored-by: syed-salman-technoforte Co-authored-by: anshulv1401 Co-authored-by: kaifk468 <74772315+kaifk468@users.noreply.github.com> Co-authored-by: Zeeshan Mehboob Co-authored-by: pvsaidurga <132046494+pvsaidurga@users.noreply.github.com> Co-authored-by: Akila Lakshmanan <77330852+akilalakshmanan@users.noreply.github.com> Co-authored-by: akilalakshmanan Co-authored-by: Sasikumar Ganesan Co-authored-by: ase-101 <> --- .../services/ClientManagementServiceImpl.java | 8 ++-- .../esignet/ClientManagementServiceTest.java | 8 ++-- .../core/spi/ClientManagementService.java | 4 +- .../io/mosip/esignet/api/util/Action.java | 2 + .../ClientManagementController.java | 16 ++++---- ...ClientMgmtControllerParameterizedTest.java | 4 +- helm/esignet/install.sh | 6 +-- oidc-ui/Dockerfile | 39 +++++++++++++------ oidc-ui/nginx/nginx.conf | 16 ++++++++ oidc-ui/public/env-config.js | 18 +++++++++ oidc-ui/public/env_configs.js | 3 -- oidc-ui/public/index.html | 2 +- oidc-ui/public/locales/ar.json | 11 ++++-- oidc-ui/public/locales/en.json | 23 ++++++----- oidc-ui/src/App.js | 2 +- oidc-ui/src/components/EsignetDetails.js | 26 ++++++++----- oidc-ui/src/components/NavHeader.js | 2 +- oidc-ui/src/i18n.js | 2 +- partner-onboarder/install.sh | 16 +++----- 19 files changed, 132 insertions(+), 76 deletions(-) create mode 100644 oidc-ui/public/env-config.js delete mode 100644 oidc-ui/public/env_configs.js diff --git a/client-management-service-impl/src/main/java/io/mosip/esignet/services/ClientManagementServiceImpl.java b/client-management-service-impl/src/main/java/io/mosip/esignet/services/ClientManagementServiceImpl.java index 8de117cca..844d026b7 100644 --- a/client-management-service-impl/src/main/java/io/mosip/esignet/services/ClientManagementServiceImpl.java +++ b/client-management-service-impl/src/main/java/io/mosip/esignet/services/ClientManagementServiceImpl.java @@ -201,7 +201,7 @@ public io.mosip.esignet.core.dto.ClientDetail getClientDetails(String clientId) @CacheEvict(value = Constants.CLIENT_DETAIL_CACHE, key = "#clientDetailCreateRequestV2.getClientId()") @Override - public ClientDetailResponse createOIDCClientV2(ClientDetailCreateRequestV2 clientDetailCreateRequestV2) throws EsignetException { + public ClientDetailResponse createOAuthClient(ClientDetailCreateRequestV2 clientDetailCreateRequestV2) throws EsignetException { Optional result = clientDetailRepository.findById(clientDetailCreateRequestV2.getClientId()); if (result.isPresent()) { log.error("Duplicate Client Id : {}", ErrorConstants.DUPLICATE_CLIENT_ID); @@ -224,14 +224,14 @@ public ClientDetailResponse createOIDCClientV2(ClientDetailCreateRequestV2 clien } auditWrapper.logAudit(AuditHelper.getClaimValue(SecurityContextHolder.getContext(), claimName), - Action.OIDC_CLIENT_CREATE, ActionStatus.SUCCESS, AuditHelper.buildAuditDto(clientDetailCreateRequestV2.getClientId()), null); + Action.OAUTH_CLIENT_CREATE, ActionStatus.SUCCESS, AuditHelper.buildAuditDto(clientDetailCreateRequestV2.getClientId()), null); return getClientDetailResponse(clientDetail); } @CacheEvict(value = Constants.CLIENT_DETAIL_CACHE, key = "#clientId") @Override - public ClientDetailResponse updateOIDCClientV2(String clientId, ClientDetailUpdateRequestV2 clientDetailUpdateRequestV2) throws EsignetException { + public ClientDetailResponse updateOAuthClient(String clientId, ClientDetailUpdateRequestV2 clientDetailUpdateRequestV2) throws EsignetException { Optional result = clientDetailRepository.findById(clientId); if (!result.isPresent()) { log.error("Invalid Client Id : {}", ErrorConstants.INVALID_CLIENT_ID); @@ -249,7 +249,7 @@ public ClientDetailResponse updateOIDCClientV2(String clientId, ClientDetailUpda clientDetail = clientDetailRepository.save(clientDetail); auditWrapper.logAudit(AuditHelper.getClaimValue(SecurityContextHolder.getContext(), claimName), - Action.OIDC_CLIENT_UPDATE, ActionStatus.SUCCESS, AuditHelper.buildAuditDto(clientId), null); + Action.OAUTH_CLIENT_UPDATE, ActionStatus.SUCCESS, AuditHelper.buildAuditDto(clientId), null); return getClientDetailResponse(clientDetail); } diff --git a/client-management-service-impl/src/test/java/io/mosip/esignet/ClientManagementServiceTest.java b/client-management-service-impl/src/test/java/io/mosip/esignet/ClientManagementServiceTest.java index 7133cb9a9..1458eeb61 100644 --- a/client-management-service-impl/src/test/java/io/mosip/esignet/ClientManagementServiceTest.java +++ b/client-management-service-impl/src/test/java/io/mosip/esignet/ClientManagementServiceTest.java @@ -116,7 +116,7 @@ public void createClientV2_withValidDetail_thenPass() throws Exception { entity.setId("mock_id_v1"); entity.setStatus("active"); Mockito.when(clientDetailRepository.save(Mockito.any(ClientDetail.class))).thenReturn(entity); - ClientDetailResponse clientDetailResponse = clientManagementService.createOIDCClientV2(clientCreateV2ReqDto); + ClientDetailResponse clientDetailResponse = clientManagementService.createOAuthClient(clientCreateV2ReqDto); Assert.assertNotNull(clientDetailResponse); Assert.assertTrue(clientDetailResponse.getClientId().equals("mock_id_v1")); Assert.assertTrue(clientDetailResponse.getStatus().equals("active")); @@ -128,7 +128,7 @@ public void createClientV2_withExistingClientId_thenFail() { ClientDetailCreateRequestV2 clientCreateV2ReqDto = new ClientDetailCreateRequestV2(); clientCreateV2ReqDto.setClientId("client_id_v1"); try { - clientManagementService.createOIDCClientV2(clientCreateV2ReqDto); + clientManagementService.createOAuthClient(clientCreateV2ReqDto); } catch (EsignetException ex) { Assert.assertEquals(ex.getErrorCode(), ErrorConstants.DUPLICATE_CLIENT_ID); } @@ -180,7 +180,7 @@ public void updateClient_withValidClientId_thenPass() throws EsignetException { public void updateClientV2_withNonExistingClientId_thenFail() { Mockito.when(clientDetailRepository.findById("client_id_v1")).thenReturn(Optional.empty()); try { - clientManagementService.updateOIDCClientV2("client_id_v1", null); + clientManagementService.updateOAuthClient("client_id_v1", null); } catch (EsignetException ex) { Assert.assertEquals(ex.getErrorCode(), ErrorConstants.INVALID_CLIENT_ID); } @@ -213,7 +213,7 @@ public void updateClientV2_withValidClientId_thenPass() throws EsignetException entity.setId("client_id_v1"); entity.setStatus("inactive"); Mockito.when(clientDetailRepository.save(Mockito.any(ClientDetail.class))).thenReturn(entity); - ClientDetailResponse clientDetailResponse = clientManagementService.updateOIDCClientV2("client_id_v1", updateV2Request); + ClientDetailResponse clientDetailResponse = clientManagementService.updateOAuthClient("client_id_v1", updateV2Request); Assert.assertNotNull(clientDetailResponse); Assert.assertTrue(clientDetailResponse.getClientId().equals("client_id_v1")); Assert.assertTrue(clientDetailResponse.getStatus().equals("inactive")); diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/spi/ClientManagementService.java b/esignet-core/src/main/java/io/mosip/esignet/core/spi/ClientManagementService.java index a73d21e89..caf27ad07 100644 --- a/esignet-core/src/main/java/io/mosip/esignet/core/spi/ClientManagementService.java +++ b/esignet-core/src/main/java/io/mosip/esignet/core/spi/ClientManagementService.java @@ -45,7 +45,7 @@ public interface ClientManagementService { * @return * @throws EsignetException */ - ClientDetailResponse createOIDCClientV2(ClientDetailCreateRequestV2 clientDetailCreateRequestV2) throws EsignetException; + ClientDetailResponse createOAuthClient(ClientDetailCreateRequestV2 clientDetailCreateRequestV2) throws EsignetException; /** * API to update registered relying party client version 2 @@ -59,6 +59,6 @@ public interface ClientManagementService { * @return * @throws EsignetException */ - ClientDetailResponse updateOIDCClientV2(String clientId, ClientDetailUpdateRequestV2 clientDetailUpdateRequestV2) throws EsignetException; + ClientDetailResponse updateOAuthClient(String clientId, ClientDetailUpdateRequestV2 clientDetailUpdateRequestV2) throws EsignetException; } diff --git a/esignet-integration-api/src/main/java/io/mosip/esignet/api/util/Action.java b/esignet-integration-api/src/main/java/io/mosip/esignet/api/util/Action.java index 3349d15e4..d7a5af645 100644 --- a/esignet-integration-api/src/main/java/io/mosip/esignet/api/util/Action.java +++ b/esignet-integration-api/src/main/java/io/mosip/esignet/api/util/Action.java @@ -3,6 +3,8 @@ public enum Action { OIDC_CLIENT_CREATE, OIDC_CLIENT_UPDATE, + OAUTH_CLIENT_CREATE, + OAUTH_CLIENT_UPDATE, GET_OAUTH_DETAILS, TRANSACTION_STARTED, SEND_OTP, diff --git a/esignet-service/src/main/java/io/mosip/esignet/controllers/ClientManagementController.java b/esignet-service/src/main/java/io/mosip/esignet/controllers/ClientManagementController.java index c3282fb46..4b236022e 100644 --- a/esignet-service/src/main/java/io/mosip/esignet/controllers/ClientManagementController.java +++ b/esignet-service/src/main/java/io/mosip/esignet/controllers/ClientManagementController.java @@ -86,14 +86,14 @@ public ResponseWrapper updateClient(@Valid @PathVariable(" return response; } - @PostMapping(value = "/client-mgmt/v2/oidc-client", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public ResponseWrapper createClientV2(@Valid @RequestBody RequestWrapper requestWrapper) throws Exception { + @PostMapping(value = "/client-mgmt/oauth-client", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) + public ResponseWrapper createOAuthClient(@Valid @RequestBody RequestWrapper requestWrapper) throws Exception { ResponseWrapper response = new ResponseWrapper(); try { - response.setResponse(clientManagementService.createOIDCClientV2(requestWrapper.getRequest())); + response.setResponse(clientManagementService.createOAuthClient(requestWrapper.getRequest())); } catch (EsignetException ex) { auditWrapper.logAudit(AuditHelper.getClaimValue(SecurityContextHolder.getContext(), claimName), - Action.OIDC_CLIENT_CREATE, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getClientId()), ex); + Action.OAUTH_CLIENT_CREATE, ActionStatus.ERROR, AuditHelper.buildAuditDto(requestWrapper.getRequest().getClientId()), ex); throw ex; } response.setResponseTime(IdentityProviderUtil.getUTCDateTime()); @@ -101,15 +101,15 @@ public ResponseWrapper createClientV2(@Valid @RequestBody } - @PutMapping(value = "/client-mgmt/v2/oidc-client/{client_id}", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) - public ResponseWrapper updateClientV2(@Valid @PathVariable("client_id") String clientId, + @PutMapping(value = "/client-mgmt/oauth-client/{client_id}", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) + public ResponseWrapper updateOAuthClient(@Valid @PathVariable("client_id") String clientId, @Valid @RequestBody RequestWrapper requestWrapper) throws Exception { ResponseWrapper response = new ResponseWrapper(); try { - response.setResponse(clientManagementService.updateOIDCClientV2(clientId, requestWrapper.getRequest())); + response.setResponse(clientManagementService.updateOAuthClient(clientId, requestWrapper.getRequest())); } catch (EsignetException ex) { auditWrapper.logAudit(AuditHelper.getClaimValue(SecurityContextHolder.getContext(), claimName), - Action.OIDC_CLIENT_UPDATE, ActionStatus.ERROR, AuditHelper.buildAuditDto(clientId), ex); + Action.OAUTH_CLIENT_UPDATE, ActionStatus.ERROR, AuditHelper.buildAuditDto(clientId), ex); throw ex; } response.setResponseTime(IdentityProviderUtil.getUTCDateTime()); diff --git a/esignet-service/src/test/java/io/mosip/esignet/controllers/ClientMgmtControllerParameterizedTest.java b/esignet-service/src/test/java/io/mosip/esignet/controllers/ClientMgmtControllerParameterizedTest.java index 0a8c64ed3..006b890ac 100644 --- a/esignet-service/src/test/java/io/mosip/esignet/controllers/ClientMgmtControllerParameterizedTest.java +++ b/esignet-service/src/test/java/io/mosip/esignet/controllers/ClientMgmtControllerParameterizedTest.java @@ -233,7 +233,7 @@ public void setup() throws Exception { @Test public void testClientManagementEndpoints() throws Exception { if(this.clientDetailCreateRequestV2 != null) { - ResultActions createResultActions = mockMvc.perform(post("/client-mgmt/v2/oidc-client") + ResultActions createResultActions = mockMvc.perform(post("/client-mgmt/oauth-client") .contentType(MediaType.APPLICATION_JSON_UTF8) .content(getRequestWrapper(this.clientDetailCreateRequestV2))); evaluateResultActions(createResultActions, this.clientDetailCreateRequestV2.getClientId(), @@ -241,7 +241,7 @@ public void testClientManagementEndpoints() throws Exception { } if(this.clientDetailUpdateRequestV2 != null) { - ResultActions updateResultActions = mockMvc.perform(put("/client-mgmt/v2/oidc-client/"+this.clientIdQueryParam) + ResultActions updateResultActions = mockMvc.perform(put("/client-mgmt/oauth-client/"+this.clientIdQueryParam) .contentType(MediaType.APPLICATION_JSON_UTF8) .content(getRequestWrapper(this.clientDetailUpdateRequestV2))); evaluateResultActions(updateResultActions, this.clientIdQueryParam, diff --git a/helm/esignet/install.sh b/helm/esignet/install.sh index 592086be5..a724355da 100755 --- a/helm/esignet/install.sh +++ b/helm/esignet/install.sh @@ -28,9 +28,9 @@ function installing_esignet() { kubectl -n $NS create secret generic esignet-captcha --from-literal=esignet-captcha-site-key=$ESITE_KEY --from-literal=esignet-captcha-secret-key=$ESECRET_KEY --dry-run=client -o yaml | kubectl apply -f - echo Setting up dummy values for esignet misp license key - kubectl create secret generic onboarder-keys -n $NS --from-literal=mosip-esignet-misp-key=111111 --dry-run=client -o yaml | kubectl apply -f - + kubectl create secret generic esignet-misp-onboarder-key -n $NS --from-literal=mosip-esignet-misp-key='' --dry-run=client -o yaml | kubectl apply -f - - ./copy_cm_func.sh secret onboarder-keys esignet config-server + ./copy_cm_func.sh secret esignet-misp-onboarder-key esignet config-server echo Copy configmaps ./copy_cm.sh @@ -40,7 +40,7 @@ function installing_esignet() { kubectl -n config-server set env --keys=esignet-captcha-site-key --from secret/esignet-captcha deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ kubectl -n config-server set env --keys=esignet-captcha-secret-key --from secret/esignet-captcha deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - kubectl -n config-server set env --keys=mosip-esignet-misp-key --from secret/onboarder-keys deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ + kubectl -n config-server set env --keys=mosip-esignet-misp-key --from secret/esignet-misp-onboarder-key deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status diff --git a/oidc-ui/Dockerfile b/oidc-ui/Dockerfile index ba8dd11b9..96bab89dc 100644 --- a/oidc-ui/Dockerfile +++ b/oidc-ui/Dockerfile @@ -3,15 +3,19 @@ FROM node:12.18.4-alpine as build_esignet_ui ARG sign_in_with_esignet_plugin_url ENV SIGN_IN_WITH_ESIGNET_PLUGIN_URL=$sign_in_with_esignet_plugin_url -COPY package*.json ./ - # Set a build-time environment variable (replace YOUR_ENV_VARIABLE_NAME with the desired variable name) ARG oidcUIPublicUrl +ARG defaultLang +ARG defaultWellknown + ENV OIDC_UI_PUBLIC_URL=$oidcUIPublicUrl +ENV DEFAULT_LANG=$defaultLang +ENV DEFAULT_WELLKNOWN=$defaultWellknown # Set the environment variable as a placeholder for PUBLIC_URL ENV PUBLIC_URL=_PUBLIC_URL_ +COPY package*.json ./ RUN npm install #Copy the working directory COPY . ./ @@ -19,6 +23,9 @@ RUN npm run build FROM nginx +RUN apt-get -y update \ + && apt-get install -y curl npm wget unzip zip + ARG SOURCE ARG COMMIT_HASH ARG COMMIT_ID @@ -40,24 +47,27 @@ ARG container_user_uid=1001 # can be passed during Docker build as build time environment for github branch to pickup configuration from. ARG container_user_gid=1001 -ENV nginx_dir=/usr/share/nginx -ENV i18n_path=${nginx_dir}/html/locales -ENV plugins_path=${nginx_dir}/html/plugins -ENV plugins_format=iife - # can be passed during Docker build as build time environment for artifactory URL ARG artifactory_url # environment variable to pass artifactory url, at docker runtime ENV artifactory_url_env=${artifactory_url} +ENV nginx_dir=/usr/share/nginx + +ENV work_dir=${nginx_dir}/html + +ENV i18n_path=${work_dir}/locales + +ENV plugins_path=${nginx_dir}/html/plugins + +ENV plugins_format=iife + # set working directory for the user WORKDIR /home/${container_user} # install packages and create user -RUN apt-get -y update \ - && apt-get install -y curl npm wget unzip zip \ - && groupadd -g ${container_user_gid} ${container_user_group} \ +RUN groupadd -g ${container_user_gid} ${container_user_group} \ && useradd -u ${container_user_uid} -g ${container_user_group} -s /bin/sh -m ${container_user} \ && mkdir -p /var/run/nginx /var/tmp/nginx ${i18n_path} ${plugins_path} ${plugins_path}/temp \ && chown -R ${container_user}:${container_user} /usr/share/nginx /var/run/nginx /var/tmp/nginx ${i18n_path} ${plugins_path} ${plugins_path}/temp @@ -69,10 +79,15 @@ RUN chmod +x configure_start.sh COPY ./nginx/nginx.conf /etc/nginx/nginx.conf # copy build files to nginx html directory -COPY --from=build_esignet_ui /build $nginx_dir/html +COPY --from=build_esignet_ui /build ${work_dir} + +RUN echo "DEFAULT_LANG=$DEFAULT_LANG" >> ${work_dir}/env.env && echo "DEFAULT_WELLKNOWN=$DEFAULT_WELLKNOWN" >> ${work_dir}/env.env RUN chown -R ${container_user}:${container_user} /home/${container_user} +# change permissions of file inside working dir +RUN chown -R ${container_user}:${container_user} ${work_dir} + # select container user for all tasks USER ${container_user_uid}:${container_user_gid} @@ -82,4 +97,4 @@ ENTRYPOINT [ "./configure_start.sh" ] CMD echo "starting nginx" ; \ nginx ; \ - sleep infinity + sleep infinity \ No newline at end of file diff --git a/oidc-ui/nginx/nginx.conf b/oidc-ui/nginx/nginx.conf index 9f8a23e88..a8bca462b 100644 --- a/oidc-ui/nginx/nginx.conf +++ b/oidc-ui/nginx/nginx.conf @@ -44,6 +44,22 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } + location /.well-known/oauth-authorization-server { + proxy_pass http://esignet.esignet/v1/esignet/oauth/.well-known/oauth-authorization-server; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + } + location /.well-known/openid-credential-issuer { + proxy_pass http://esignet.esignet/v1/esignet/vci/.well-known/openid-credential-issuer; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + } # location /oidc-ui { # alias /usr/share/nginx/oidc-ui; # try_files $uri $uri/ /oidc-ui/index.html; diff --git a/oidc-ui/public/env-config.js b/oidc-ui/public/env-config.js new file mode 100644 index 000000000..7d86bd745 --- /dev/null +++ b/oidc-ui/public/env-config.js @@ -0,0 +1,18 @@ +window._env_ = { + DEFAULT_LANG: "en", + DEFAULT_WELLKNOWN: [ + { + name: "OpenID Configuration", + value: "/.well-known/openid-configuration", + }, + { name: "Jwks Json", value: "/.well-known/jwks.json" }, + { + name: "Authorization Server", + value: "/.well-known/oauth-authorization-server", + }, + { + name: "OpenID Credential Issuer", + value: "/.well-known/openid-credential-issuer", + }, + ], +}; diff --git a/oidc-ui/public/env_configs.js b/oidc-ui/public/env_configs.js deleted file mode 100644 index d093b7a0e..000000000 --- a/oidc-ui/public/env_configs.js +++ /dev/null @@ -1,3 +0,0 @@ -window["envConfigs"] = { - defaultLang: "en", -}; diff --git a/oidc-ui/public/index.html b/oidc-ui/public/index.html index 888282efd..c781977be 100644 --- a/oidc-ui/public/index.html +++ b/oidc-ui/public/index.html @@ -23,7 +23,7 @@ Learn how to configure a non-root public URL by running `npm run build`. --> - + e-Signet diff --git a/oidc-ui/public/locales/ar.json b/oidc-ui/public/locales/ar.json index c93d6c8c6..479992862 100644 --- a/oidc-ui/public/locales/ar.json +++ b/oidc-ui/public/locales/ar.json @@ -72,7 +72,7 @@ "password_placeholder": "كلمة المرور" }, "LoginQRCode": { - "scan_with_wallet": "امسح باستخدام تطبيق {{walletName}} لتسجيل الدخول", + "scan_with_wallet": "قم بالمسح باستخدام {{walletName}} لتسجيل الدخول", "dont_have_wallet": "؟{{walletName}} ليس لديك", "download_now": "التحميل الان", "link_code_status": "حالة رمز الارتباط", @@ -108,7 +108,10 @@ "OTP": "OTP", "PWD": "كلمة المرور", "preferred_mode_of_login": "حدد الوضع المفضل لتسجيل الدخول", - "more_ways_to_sign_in": "المزيد من الطرق لتسجيل الدخول" + "more_ways_to_sign_in": "المزيد من الطرق لتسجيل الدخول", + "or": "أو", + "sign_in_with" : "التحقق باستخدام {{idProviderName}}", + "verify_using_national_id":"التحقق باستخدام الهويات الوطنية الأخرى" }, "esignetDetails": { "esignet_details_heading": "واجهات برمجة التطبيقات Esignet معروفة جيدا", @@ -173,8 +176,6 @@ "invalid_assertion": "تأكيد العميل غير صالح", "invalid_acr": "مراجع فئة سياق المصادقة غير صالحة / غير مدعومة", "invalid_token": "رمز الوصول غير صالح / منتهي الصلاحية", - "invalid_language_code": "رمز اللغة غير صالح", - "invalid_client_name_value": "قيمة اسم العميل غير صالحة", "auth_failed": "المصادقة فشلت", "auth_passed": "نجاح المصادقة", "acr_amr_mapping_not_found": "لم يتم العثور على ملف تعيين ACR-AMR", @@ -269,6 +270,8 @@ "proof_invalid_aud": "قيمة غير صالحة في مطالبة Aud Payload.", "proof_invalid_iat": "قيمة غير صالحة في مطالبة حمولة IAT.", "proof_invalid_nonce": "قيمة غير صالحة في مطالبة PHAILLOLL NONCE.", + "invalid_state_response": "حالة غير صالحة", + "authCode_missing": "رمز المصادقة مفقود", "0": "النجاح", "100": "الجهاز غير مسجل", "101": "غير قادر على الكشف عن كائن القياسات الحيوية", diff --git a/oidc-ui/public/locales/en.json b/oidc-ui/public/locales/en.json index fcd54109b..6acc4076c 100644 --- a/oidc-ui/public/locales/en.json +++ b/oidc-ui/public/locales/en.json @@ -72,7 +72,7 @@ "password_placeholder": "Password" }, "LoginQRCode": { - "scan_with_wallet": "Scan with {{walletName}} App to Log In", + "scan_with_wallet": "Scan with {{walletName}} to login", "dont_have_wallet": "Don't Have {{walletName}}?", "download_now": "Download Now", "link_code_status": "Link Code Status", @@ -108,7 +108,10 @@ "OTP": "OTP", "PWD": "Password", "preferred_mode_of_login": "Select a preferred mode of login", - "more_ways_to_sign_in": "More ways to sign in" + "more_ways_to_sign_in": "More ways to sign in", + "or": "OR", + "sign_in_with": "Verify using {{idProviderName}}", + "verify_using_national_id":"Verify using other National IDs" }, "esignetDetails": { "esignet_details_heading": "Esignet wellknown APIs", @@ -130,13 +133,13 @@ "biometric_tab_name": "Login with Biometrics" }, "loadingMsgs": { - "redirecting_msg": "Redirecting. Please Wait...", - "link_auth_waiting": "Please Authenticate via {{walletName}}. Don't Refresh This Page.", - "authenticating_msg": "Authenticating. Please Wait...", - "scanning_devices_msg": "Scanning Devices. Please Wait...", + "redirecting_msg": "Redirecting. Please wait...", + "link_auth_waiting": "Please authenticate via {{walletName}}. Don't refresh this page.", + "authenticating_msg": "Authenticating. Please wait...", + "scanning_devices_msg": "Scanning Devices. Please wait...", "capture_initiated_msg": "{{modality}} capture initiated on {{deviceModel}}", - "sending_otp_msg": "Sending OTP. Please Wait...", - "loading_msg": "Loading. Please Wait..." + "sending_otp_msg": "Sending OTP. Please wait...", + "loading_msg": "Loading. Please wait..." }, "tooltips": { "vid_tooltip": "Please fill in this field" @@ -173,8 +176,6 @@ "invalid_assertion": "Invalid Client Assertion", "invalid_acr": "Invalid/Unsupported Authentication Context Class Refs", "invalid_token": "Invalid/Expired Access token", - "invalid_language_code": "Invalid language code", - "invalid_client_name_value": "Invalid client name value", "auth_failed": "Authentication Failed", "auth_passed": "Authentication Success", "acr_amr_mapping_not_found": "ACR-AMR Mapping File Not Found", @@ -269,6 +270,8 @@ "proof_invalid_aud": "Invalid value in proof payload aud claim.", "proof_invalid_iat": "Invalid value in proof payload iat claim.", "proof_invalid_nonce": "Invalid value in proof payload nonce claim.", + "invalid_state_response": "Invalid state", + "authCode_missing": "AuthCode Missing", "0": "Success", "100": "Device Not Registered", "101": "Unable to Detect a Biometrics", diff --git a/oidc-ui/src/App.js b/oidc-ui/src/App.js index cdb8df510..ac56bc038 100644 --- a/oidc-ui/src/App.js +++ b/oidc-ui/src/App.js @@ -84,7 +84,7 @@ function App() { //3. Check for system locale //Language detector will check navigator and subdomain to select proper language - //4. default lang set in env_configs file as fallback language. + //4. default lang set in env-config file as fallback language. }; let el; diff --git a/oidc-ui/src/components/EsignetDetails.js b/oidc-ui/src/components/EsignetDetails.js index 533f95dea..cbffc3a33 100644 --- a/oidc-ui/src/components/EsignetDetails.js +++ b/oidc-ui/src/components/EsignetDetails.js @@ -11,17 +11,22 @@ export default function EsignetDetails({ i18nKeyPrefix = "esignetDetails" }) { useEffect(() => { setStatus({ state: states.LOADING, msg: t("loading_msg") }); - let detailList = [ - { - name: "wellknown_api", - value: process.env.PUBLIC_URL + "/.well-known/openid-configuration", - }, - ]; + // if the environment is not passed then this will assigned as empty list + let detailList = window._env_.DEFAULT_WELLKNOWN ?? []; setDetails(detailList); setStatus({ state: states.LOADED, msg: "" }); }, []); + // to open a well known endpoint in a separate blank tab + const openWellKnownEndpoint = (endpoint) => { + window.open( + process.env.PUBLIC_URL + endpoint, + "_blank", + "noopener,noreferrer" + ); + }; + return ( <>
@@ -49,11 +54,14 @@ export default function EsignetDetails({ i18nKeyPrefix = "esignetDetails" }) {
{details.map((detail, idx) => (
-
+
{detail.icon && } - {!detail.icon && t(detail.name)} + {!detail.icon && detail.name}
-
+
openWellKnownEndpoint(detail.value)} + > {detail.value}
diff --git a/oidc-ui/src/components/NavHeader.js b/oidc-ui/src/components/NavHeader.js index 4eddcf3ed..31724d385 100644 --- a/oidc-ui/src/components/NavHeader.js +++ b/oidc-ui/src/components/NavHeader.js @@ -27,7 +27,7 @@ export default function NavHeader({ langOptions, i18nKeyPrefix = "header" }) { }); if (lang == null) { - const defaultLanguageCode = window["envConfigs"].defaultLang; + const defaultLanguageCode = window._env_.DEFAULT_LANG; // Find the language option that matches the extracted language code const defaultLang = langOptions.find((option) => option.value === defaultLanguageCode); diff --git a/oidc-ui/src/i18n.js b/oidc-ui/src/i18n.js index a2d6c58a6..a8d373241 100644 --- a/oidc-ui/src/i18n.js +++ b/oidc-ui/src/i18n.js @@ -13,7 +13,7 @@ i18n // init i18next .init({ debug: false, - fallbackLng: window["envConfigs"].defaultLang, //default language + fallbackLng: window._env_.DEFAULT_LANG, //default language interpolation: { escapeValue: false, // not needed for react as it escapes by default }, diff --git a/partner-onboarder/install.sh b/partner-onboarder/install.sh index 783f7ffaf..4da871329 100755 --- a/partner-onboarder/install.sh +++ b/partner-onboarder/install.sh @@ -78,22 +78,16 @@ function installing_onboarder() { --version $CHART_VERSION \ --wait --wait-for-jobs - - misp_license_key=$(kubectl logs -n $NS job/esignet-resident-oidc-partner-onboarder-esignet | grep "MISP License Key:" | awk '{print $4}') - echo Misp License Key for Esignet Module is: $misp_license_key - resident_oidc_clientid=$(kubectl logs -n $NS job/esignet-resident-oidc-partner-onboarder-resident-oidc | grep "mpartner default resident OIDC clientId:" | awk '{print $6}') - echo Resident OIDC Client ID is: $resident_oidc_clientid - kubectl create secret generic onboarder-keys -n $NS --from-literal=mosip-esignet-misp-key=$misp_license_key --from-literal=resident-oidc-clientid=$resident_oidc_clientid --dry-run=client -o yaml | kubectl apply -f - - ./copy_cm_func.sh secret onboarder-keys esignet config-server - ./copy_cm_func.sh secret onboarder-keys esignet resident - kubectl -n config-server set env --keys=mosip-esignet-misp-key --from secret/onboarder-keys deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - kubectl -n config-server set env --keys=resident-oidc-clientid --from secret/onboarder-keys deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ + ./copy_cm_func.sh secret esignet-misp-onboarder-key esignet config-server + ./copy_cm_func.sh secret resident-oidc-onboarder-key esignet config-server + ./copy_cm_func.sh secret resident-oidc-onboarder-key esignet resident + kubectl -n config-server set env --keys=mosip-esignet-misp-key --from secret/esignet-misp-onboarder-key deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ + kubectl -n config-server set env --keys=resident-oidc-clientid --from secret/resident-oidc-onboarder-key deployment/config-server --prefix=SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ kubectl -n config-server get deploy -o name | xargs -n1 -t kubectl -n config-server rollout status kubectl rollout restart deployment -n esignet esignet kubectl rollout restart deployment -n resident resident echo E-signet MISP License Key and Resident OIDC Client ID updated successfully. - echo Reports are moved to S3 under onboarder bucket return 0