From 0fda081c81ee26a06cd69c11fad0e173a2fad2b5 Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 14 Oct 2024 11:23:13 +0200 Subject: [PATCH 1/6] * Cors endringer idporten #deploy-idporten-frontend --- .../web/config/IdportenSecurityConfig.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java index 10910c26a2c..7c7ed3ef09b 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java @@ -20,6 +20,12 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver; import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.reactive.CorsConfigurationSource; +import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; + +import java.util.Arrays; +import java.util.List; @Slf4j @@ -59,7 +65,7 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http, ServerOAuth2Aut var logoutSuccessHandler = new LogoutSuccessHandler(); logoutSuccessHandler.applyOn("idporten", new IdportenOcidLogoutUrlResolver(wellKnownUrl, postLogoutRedirectUri)); - return http.cors(ServerHttpSecurity.CorsSpec::disable) + return http .csrf(ServerHttpSecurity.CsrfSpec::disable) .authorizeExchange(authorizeExchangeSpec -> authorizeExchangeSpec.pathMatchers( "/internal/isReady", @@ -88,4 +94,14 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http, ServerOAuth2Aut .logoutSuccessHandler(logoutSuccessHandler)) .build(); } + + @Bean + CorsConfigurationSource corsConfigurationSource() { + CorsConfiguration configuration = new CorsConfiguration(); + configuration.setAllowedOrigins(List.of("https://nav.no", "https://www.idporten.no")); + configuration.setAllowedMethods(Arrays.asList("GET", "POST")); + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + source.registerCorsConfiguration("/**", configuration); + return source; + } } From 10f6f9fc349f750c814401b8b24b6e494cd825bc Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 14 Oct 2024 11:44:14 +0200 Subject: [PATCH 2/6] * Logger error #deploy-idporten-frontend --- .../src/main/js/src/components/ui/appError/AppError.tsx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/dolly-frontend/src/main/js/src/components/ui/appError/AppError.tsx b/apps/dolly-frontend/src/main/js/src/components/ui/appError/AppError.tsx index de98befe24f..c52d8cef0d1 100644 --- a/apps/dolly-frontend/src/main/js/src/components/ui/appError/AppError.tsx +++ b/apps/dolly-frontend/src/main/js/src/components/ui/appError/AppError.tsx @@ -19,10 +19,11 @@ export const AppError = ({ error, stackTrace, style }: Props) => { ] useEffect(() => { + console.error(error) if (errorsRequiringReload.some((e) => error?.toString()?.includes(e))) { navigate(0) } - }, []) + }, [error]) return (
From 6f80d0d007bba7363870eba26497b9d295e0d5b5 Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 14 Oct 2024 12:00:40 +0200 Subject: [PATCH 3/6] * Test #deploy-idporten-frontend --- apps/dolly-frontend/src/main/js/vite.config.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/apps/dolly-frontend/src/main/js/vite.config.js b/apps/dolly-frontend/src/main/js/vite.config.js index 7eb7aaa3a09..8ac6bceb9be 100644 --- a/apps/dolly-frontend/src/main/js/vite.config.js +++ b/apps/dolly-frontend/src/main/js/vite.config.js @@ -47,6 +47,9 @@ export default defineConfig(({ mode }) => ({ outDir: 'build', sourcemap: true, cssCodeSplit: false, + rollupOptions: { + external: ['./nais.js'], + }, }, optimizeDeps: { exclude: ['node_modules/.cache'] }, resolve: { From d7b0ca688845ac3c0c768388f6b76bb86a4c754a Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 14 Oct 2024 13:27:27 +0200 Subject: [PATCH 4/6] * Test #deploy-idporten-frontend --- .../no/nav/dolly/web/provider/web/LogController.java | 9 ++++----- .../dolly/web/provider/web/SessionController.java | 2 ++ .../dolly-frontend/src/main/js/src/RootComponent.tsx | 12 ++++++------ 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/LogController.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/LogController.java index 6dbeb75ee68..7022bc5e8f4 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/LogController.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/LogController.java @@ -2,6 +2,9 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import no.nav.dolly.web.domain.LogEvent; +import no.nav.dolly.web.provider.web.dto.LogEventDTO; +import no.nav.dolly.web.service.LogService; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.PostMapping; @@ -12,10 +15,6 @@ import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; -import no.nav.dolly.web.domain.LogEvent; -import no.nav.dolly.web.provider.web.dto.LogEventDTO; -import no.nav.dolly.web.service.LogService; - @Slf4j @RestController @@ -34,6 +33,6 @@ public Mono> logg( ) { return logService .log(new LogEvent(dto, userAgent, host), exchange) - .map(response -> ResponseEntity.noContent().build()); + .then(Mono.fromCallable(() -> ResponseEntity.noContent().build())); } } diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java index f847d96cb08..0652790796c 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java @@ -46,6 +46,7 @@ public Mono> delete(ServerWebExchange exchange) { public Mono> addUserToSession(@RequestParam String organisasjonsnummer, ServerWebExchange exchange) { return personOrganisasjonTilgangConsumer .hasAccess(organisasjonsnummer, exchange) + .doOnError(e -> log.error("Feil ved sjekk av tilgang til org {}", organisasjonsnummer, e)) .flatMap(hasAccess -> { if (Boolean.FALSE.equals(hasAccess)) { log.error("Bruker mangler tilgang til org {}", organisasjonsnummer); @@ -55,6 +56,7 @@ public Mono> addUserToSession(@RequestParam String organisasjo } return brukerService.getId(organisasjonsnummer, exchange).flatMap(id -> exchange .getSession() + .doOnError(e -> log.error("Feil ved lagring av bruker i session", e)) .doOnSuccess(session -> session.getAttributes().put(UserSessionConstant.SESSION_USER_ID_KEY, id)) .map(value -> ResponseEntity.ok().build()) ).switchIfEmpty(Mono.just(ResponseEntity.notFound().build())); diff --git a/apps/dolly-frontend/src/main/js/src/RootComponent.tsx b/apps/dolly-frontend/src/main/js/src/RootComponent.tsx index 5e0d28ca773..416536453e3 100644 --- a/apps/dolly-frontend/src/main/js/src/RootComponent.tsx +++ b/apps/dolly-frontend/src/main/js/src/RootComponent.tsx @@ -67,9 +67,9 @@ const ErrorView = () => { } export const RootComponent = () => ( - - - + + + ( } path="*" element={} /> - - - + + + ) From e1a0def5c34be996b3b06d914b6836f7f2e11a6c Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 14 Oct 2024 13:57:12 +0200 Subject: [PATCH 5/6] * Enda mer logging #deploy-idporten-frontend --- .../web/config/IdportenSecurityConfig.java | 27 +++++++------------ .../src/components/ui/appError/AppError.tsx | 2 +- .../components/utlogging/navigateToLogin.tsx | 2 +- 3 files changed, 12 insertions(+), 19 deletions(-) diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java index 7c7ed3ef09b..7a597553d66 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java @@ -20,12 +20,7 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver; import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers; -import org.springframework.web.cors.CorsConfiguration; -import org.springframework.web.cors.reactive.CorsConfigurationSource; -import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; - -import java.util.Arrays; -import java.util.List; +import reactor.core.publisher.Mono; @Slf4j @@ -66,6 +61,7 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http, ServerOAuth2Aut logoutSuccessHandler.applyOn("idporten", new IdportenOcidLogoutUrlResolver(wellKnownUrl, postLogoutRedirectUri)); return http + .cors(ServerHttpSecurity.CorsSpec::disable) .csrf(ServerHttpSecurity.CsrfSpec::disable) .authorizeExchange(authorizeExchangeSpec -> authorizeExchangeSpec.pathMatchers( "/internal/isReady", @@ -84,24 +80,21 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http, ServerOAuth2Aut ).permitAll() .anyExchange().authenticated()) .oauth2Login(oAuth2LoginSpec -> oAuth2LoginSpec + .authenticationFailureHandler((webFilterExchange, exception) -> { + log.error("Failed to authenticate user", exception); + return Mono.error(exception); + }) .authenticationManager(authenticationManager) .authorizationRequestResolver(requestResolver) .authenticationSuccessHandler(authenticationSuccessHandler)) - .formLogin(formLoginSpec -> formLoginSpec.loginPage(LOGIN)) + .formLogin(formLoginSpec -> formLoginSpec.loginPage(LOGIN).authenticationFailureHandler((webFilterExchange, exception) -> { + log.error("Failed to authenticate user", exception); + return Mono.error(exception); + })) .logout(logoutSpec -> logoutSpec .logoutUrl(LOGOUT) .requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, LOGOUT)) .logoutSuccessHandler(logoutSuccessHandler)) .build(); } - - @Bean - CorsConfigurationSource corsConfigurationSource() { - CorsConfiguration configuration = new CorsConfiguration(); - configuration.setAllowedOrigins(List.of("https://nav.no", "https://www.idporten.no")); - configuration.setAllowedMethods(Arrays.asList("GET", "POST")); - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); - source.registerCorsConfiguration("/**", configuration); - return source; - } } diff --git a/apps/dolly-frontend/src/main/js/src/components/ui/appError/AppError.tsx b/apps/dolly-frontend/src/main/js/src/components/ui/appError/AppError.tsx index c52d8cef0d1..27c599c42d4 100644 --- a/apps/dolly-frontend/src/main/js/src/components/ui/appError/AppError.tsx +++ b/apps/dolly-frontend/src/main/js/src/components/ui/appError/AppError.tsx @@ -19,7 +19,7 @@ export const AppError = ({ error, stackTrace, style }: Props) => { ] useEffect(() => { - console.error(error) + console.error('Ukjent error i Dolly: ' + error) if (errorsRequiringReload.some((e) => error?.toString()?.includes(e))) { navigate(0) } diff --git a/apps/dolly-frontend/src/main/js/src/components/utlogging/navigateToLogin.tsx b/apps/dolly-frontend/src/main/js/src/components/utlogging/navigateToLogin.tsx index e827e3777de..36cf89d8f22 100644 --- a/apps/dolly-frontend/src/main/js/src/components/utlogging/navigateToLogin.tsx +++ b/apps/dolly-frontend/src/main/js/src/components/utlogging/navigateToLogin.tsx @@ -1,4 +1,4 @@ export const navigateToLogin = (feilmelding?: string) => { - console.error(feilmelding) + console.error('Ukjent feil i Dolly, feilmelding: ' + feilmelding) window.location.href = '/login' } From 68d148d3a28cfcde3b858af7a865e816c6239e54 Mon Sep 17 00:00:00 2001 From: stigus Date: Mon, 14 Oct 2024 14:19:57 +0200 Subject: [PATCH 6/6] * Deploy #deploy-idporten-frontend --- .../java/no/nav/dolly/web/DollyFrontendApplicationStarter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java index af56b0e4c11..0a48ab5f5eb 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java @@ -133,4 +133,4 @@ private Function> createRoute(String segment, St .filters(filter, addUserJwtHeaderFilter()) ).uri(host); } -} \ No newline at end of file +}