diff --git a/build.gradle.kts b/build.gradle.kts index f2a184b..5751699 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -4,9 +4,9 @@ plugins { id("org.springframework.boot") version "2.6.1" id("io.spring.dependency-management") version "1.0.11.RELEASE" war - kotlin("jvm") version "1.4.31" - kotlin("plugin.spring") version "1.4.31" - kotlin("plugin.jpa") version "1.4.31" + kotlin("jvm") version "1.6.10" + kotlin("plugin.spring") version "1.6.10" + kotlin("plugin.jpa") version "1.6.10" } group = "eu.fosil" diff --git a/docker/README.md b/docker/README.md index 09da668..4984de8 100644 --- a/docker/README.md +++ b/docker/README.md @@ -14,7 +14,7 @@ docker network create okupamicoche 3. Run dockerized Keycloak ``` cd docker/keycloak -docker run --name okupamicoche-keycloak -p 8080:8080 -p 8443:8443 -v $(pwd)/https:/etc/x509/https \ +docker run --name okupamicoche-keycloak -p 8443:8443 -v $(pwd)/https:/etc/x509/https \ -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin --network=okupamicoche \ -e KEYCLOAK_IMPORT=/tmp/realm.json -v $(pwd)/okupamicoche-realm-export.json:/tmp/realm.json quay.io/keycloak/keycloak:12.0.4 ``` diff --git a/docker/keycloak/okupamicoche-realm-export.json b/docker/keycloak/okupamicoche-realm-export.json index 98da520..afea9cb 100644 --- a/docker/keycloak/okupamicoche-realm-export.json +++ b/docker/keycloak/okupamicoche-realm-export.json @@ -372,6 +372,9 @@ } }, "groups": [], + "defaultRoles": [ + "offline_access" + ], "requiredCredentials": [ "password" ], @@ -1330,14 +1333,14 @@ "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper", - "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper" + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper" ] } }, @@ -1378,13 +1381,13 @@ "config": { "allowed-protocol-mapper-types": [ "saml-role-list-mapper", - "oidc-address-mapper", - "oidc-full-name-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", - "saml-user-property-mapper" + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper" ] } }, @@ -1471,7 +1474,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "bcb85566-3957-4e56-8e14-eb221a9a93ce", + "id": "2c7b19fc-a948-46c1-891f-922c9dfd64e0", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1495,7 +1498,7 @@ ] }, { - "id": "7a38fd51-d8c2-4d2f-85fc-d50652a80579", + "id": "2ca7ea17-5f85-4dc1-99ea-6e84db2d39fe", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -1526,7 +1529,7 @@ ] }, { - "id": "45a3f0e7-aaf6-402f-971f-5ca29994e006", + "id": "c247ec35-e6e6-48e7-9f44-6bc2a795d3a8", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1550,7 +1553,7 @@ ] }, { - "id": "b759fcd6-a460-4024-83fb-53b179f77544", + "id": "69775aac-fb56-4c37-b1e6-37460e1a5e07", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1574,7 +1577,7 @@ ] }, { - "id": "3aac1ee1-edbe-4238-bc99-f30bf711c0e8", + "id": "f8dec0f7-9b88-40a3-89aa-484f3e497a31", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1598,7 +1601,7 @@ ] }, { - "id": "e59a8f9c-f56b-423a-91d3-9833cd107cf3", + "id": "9051d7c8-0eaa-4823-8f3a-3bb2f8622c6d", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1622,7 +1625,7 @@ ] }, { - "id": "79937470-7f2e-49e1-86ef-1195f8b10130", + "id": "11189a08-8540-4bc6-9d50-9c2754425ebd", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1646,7 +1649,7 @@ ] }, { - "id": "f5c4875a-c375-4a59-b7a5-7ac2c2efde7a", + "id": "3be2e84c-d981-416b-aab6-ea3124b680e5", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1671,7 +1674,7 @@ ] }, { - "id": "1df89ef0-c3eb-4e37-94cb-61ff6d39c615", + "id": "1c5c4840-e883-433f-9f1f-3e9cc28a6460", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1695,7 +1698,7 @@ ] }, { - "id": "5f29ce6a-abcb-4087-9d57-d7a2afce6ef0", + "id": "522d282b-647e-41b6-8a04-21ec6c4a9c09", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1733,7 +1736,7 @@ ] }, { - "id": "77e7f21f-71ae-4209-9291-e6724aba9dee", + "id": "06edd8d5-2e4b-4f0d-a4e6-118661b357ed", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1771,7 +1774,7 @@ ] }, { - "id": "d5cb48c7-26cc-48c5-ba75-e718c22bf0c9", + "id": "11bfafda-d435-451e-8c80-ff2769415284", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1802,7 +1805,7 @@ ] }, { - "id": "c5547006-3abe-4c7f-91ce-d8ed3676272c", + "id": "0317377f-2841-4fa4-8893-2430d1bcde21", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1819,7 +1822,7 @@ ] }, { - "id": "fbf9354a-a8e9-4658-87c0-ef9ab01f2b88", + "id": "d393fac0-2c0e-4b0f-98e8-64d2014939fa", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1844,7 +1847,7 @@ ] }, { - "id": "7dc8b36e-cf25-46e5-b28e-9df0fb394af6", + "id": "59a0d530-5706-46fb-8051-541545f18485", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1868,7 +1871,7 @@ ] }, { - "id": "2469f58e-3c54-45a3-b6f1-abdb1ed3fbb5", + "id": "5490ab9e-90a2-4957-a528-65729951e4ed", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -1892,7 +1895,7 @@ ] }, { - "id": "735ece4d-c23e-4a52-8d30-7a2cc774a0aa", + "id": "5c291b1f-5aec-4517-9ab9-6684a1b0cd43", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1910,7 +1913,7 @@ ] }, { - "id": "129f743f-920b-4204-a546-26ee8709de5f", + "id": "cffff895-e0e1-4336-b1d5-a28ebed6a746", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1948,7 +1951,7 @@ ] }, { - "id": "4ce15dcf-0c06-47bf-930d-ef4d85b018b2", + "id": "4bb6f0cf-185b-464e-a601-a2dcb8ad0c2f", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -1986,7 +1989,7 @@ ] }, { - "id": "2fc84240-3e96-4780-a576-e016ee9e1350", + "id": "11a546d9-ecfe-451b-991b-cf48388ce9c2", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -2005,14 +2008,14 @@ ], "authenticatorConfig": [ { - "id": "2951f36b-7903-4ad3-9b5d-5b4f72a61b04", + "id": "d524c689-b060-4dae-8c9c-a8c46e3b657a", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "141914b4-63e4-4d72-b507-e032e65615bf", + "id": "51bd306d-4ec7-4c28-9d62-1bc47b16030c", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" diff --git a/docker/synapse/homeserver.yaml b/docker/synapse/homeserver.yaml index cf3d962..b2d83c1 100644 --- a/docker/synapse/homeserver.yaml +++ b/docker/synapse/homeserver.yaml @@ -29,7 +29,7 @@ oidc_providers: # client_id: "okupamicoche-frontend-angular" # client_secret: "PUBLIC-CLIENT-WITH-NO-PASSWORD" client_id: "synapse" - client_secret: "0967315b-626c-461c-b190-4db9891b5ff3" + client_secret: "c2900355-e9b0-421d-a328-7de04cdd0f1a" scopes: [ "openid", "profile" ] user_mapping_provider: config: diff --git a/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt b/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt index ca986f9..709296e 100644 --- a/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt +++ b/src/main/kotlin/eu/fosil/okupamicoche/spring/controller/PrivateTravelRestController.kt @@ -8,7 +8,10 @@ import eu.fosil.okupamicoche.repositories.TravelRepository import eu.fosil.okupamicoche.repositories.UserRepository import eu.fosil.okupamicoche.spring.services.AuthService import eu.fosil.okupamicoche.spring.services.UseCaseService -import eu.fosil.okupamicoche.usecases.travel.* +import eu.fosil.okupamicoche.usecases.travel.CancelTravel +import eu.fosil.okupamicoche.usecases.travel.DeleteTravel +import eu.fosil.okupamicoche.usecases.travel.EditTravel +import eu.fosil.okupamicoche.usecases.travel.ListUserTravels import org.springframework.data.repository.findByIdOrNull import org.springframework.validation.annotation.Validated import org.springframework.web.bind.annotation.RequestBody diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 6b3a22b..74d5d60 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -26,7 +26,7 @@ logging: matrix: bot: - # The domain-part of matrix-ids. E. g. example.org when your userIds look like @unicorn:example.org + # The domain-part of matrix-ids.E.g. example.org when your userIds look like @unicorn:example.org serverName: okupamicoche-synapse # The localpart (username) of the user associated with the application service # or just the username of your bot.