Skip to content

Commit

Permalink
Oppgrader spring-boot etc
Browse files Browse the repository at this point in the history 
Kritiske sårbarheter ble oppdaget i flere pakker.
  • Loading branch information
@Oddsor
Oddsor committed Feb 23, 2024
1 parent 46bed99 commit bd7b179
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 20 deletions.
16 changes: 5 additions & 11 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.0</version>
<version>3.2.2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>no.nav.arbeidsgiver</groupId>
Expand All @@ -16,7 +16,7 @@
<java.version>17</java.version>
<kotlin.version>1.8.10</kotlin.version>
<cucumber.version>6.4.0</cucumber.version>
<token-support.version>3.1.0</token-support.version>
<token-support.version>4.1.3</token-support.version>
</properties>

<dependencies>
Expand Down Expand Up @@ -94,7 +94,7 @@
<dependency>
<groupId>de.monochromata.cucumber</groupId>
<artifactId>reporting-plugin</artifactId>
<version>4.0.70</version>
<version>5.0.0</version>
<scope>test</scope>
</dependency>
<!-- Database -->
Expand All @@ -114,6 +114,7 @@
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>42.7.2</version>
</dependency>
<!--Tokensupport -->
<dependency>
Expand Down Expand Up @@ -167,7 +168,7 @@
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-contract-stub-runner</artifactId>
<version>2.2.5.RELEASE</version>
<version>4.1.1</version>
</dependency>

<dependency>
Expand All @@ -176,13 +177,6 @@
<version>8.2.0</version>
</dependency>

<dependency>
<groupId>org.awaitility</groupId>
<artifactId>awaitility-kotlin</artifactId>
<version>4.0.3</version>
<scope>test</scope>
</dependency>

<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion src/main/kotlin/no/nav/arbeidsgiver/tiltakrefusjon/AuditLoggingFilter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ class AuditLoggingFilter(
try {
val fnr: List<String> = JsonPath.read<List<String>?>(wrapper.contentInputStream, "$..deltakerFnr").distinct()
val utførtTid = Now.instant()
val brukerId = context.tokenValidationContext.getClaims("tokenx")?.getStringClaim("pid") ?: context.tokenValidationContext.getClaims("aad")?.getStringClaim("NAVident")
val brukerId = context.getTokenValidationContext().getClaims("tokenx").getStringClaim("pid") ?: context.getTokenValidationContext().getClaims("aad").getStringClaim("NAVident")

val uri = URI.create(request.requestURI)
// Logger kun oppslag dersom en innlogget bruker utførte oppslaget
Expand Down
4 changes: 2 additions & 2 deletions src/main/kotlin/no/nav/arbeidsgiver/tiltakrefusjon/SecurityClientConfiguration.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,10 @@ class SecurityClientConfiguration(
private fun bearerTokenInterceptor(
clientProperties: ClientProperties,
oAuth2AccessTokenService: OAuth2AccessTokenService
): ClientHttpRequestInterceptor? {
): ClientHttpRequestInterceptor {
return ClientHttpRequestInterceptor { request: HttpRequest, body: ByteArray?, execution: ClientHttpRequestExecution ->
val response = oAuth2AccessTokenService.getAccessToken(clientProperties)
request.headers.setBearerAuth(response.accessToken)
request.headers.setBearerAuth(response.accessToken!!)
execution.execute(request, body!!)
}
}
Expand Down
14 changes: 8 additions & 6 deletions src/main/kotlin/no/nav/arbeidsgiver/tiltakrefusjon/autorisering/InnloggetBrukerService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,15 @@ class InnloggetBrukerService(
var logger: Logger = LoggerFactory.getLogger(javaClass)

fun erArbeidsgiver(): Boolean {
return context.tokenValidationContext.hasTokenFor("tokenx")
return context.getTokenValidationContext().hasTokenFor("tokenx")
}

fun erSaksbehandler(): Boolean {
return context.tokenValidationContext.hasTokenFor("aad")
return context.getTokenValidationContext().hasTokenFor("aad")
}

fun erBeslutter(): Boolean {
val groupClaim = context.tokenValidationContext.getClaims("aad").get("groups") as List<String>
val groupClaim = context.getTokenValidationContext().getClaims("aad").get("groups") as List<String>
return erSaksbehandler() && groupClaim.contains(beslutterRolleConfig.id)
}

Expand All @@ -47,11 +47,11 @@ class InnloggetBrukerService(
}

fun navIdent(): String {
return context.tokenValidationContext.getClaims("aad").getStringClaim("NAVident")
return context.getTokenValidationContext().getClaims("aad").getStringClaim("NAVident")
}

fun displayName(): String {
val displayNameClaim = context.tokenValidationContext.getClaims("aad").get("name")
val displayNameClaim = context.getTokenValidationContext().getClaims("aad").get("name")
if (displayNameClaim != null) {
return displayNameClaim as String
}
Expand All @@ -61,9 +61,10 @@ class InnloggetBrukerService(
fun hentInnloggetArbeidsgiver(): InnloggetArbeidsgiver {
return when {
erArbeidsgiver() -> {
val fnr = Fnr(context.tokenValidationContext.getClaims("tokenx").getStringClaim("pid"))
val fnr = Fnr(context.getTokenValidationContext().getClaims("tokenx").getStringClaim("pid"))
InnloggetArbeidsgiver(fnr.verdi, altinnTilgangsstyringService, refusjonRepository, korreksjonRepository, refusjonService, eregClient)
}

else -> {
throw RuntimeException("Feil ved token, kunne ikke identifisere arbeidsgiver")
}
Expand All @@ -86,6 +87,7 @@ class InnloggetBrukerService(
norgeService = norgService
)
}

else -> {
throw RuntimeException("Feil ved token, kunne ikke identifisere saksbehandler")
}
Expand Down

0 comments on commit bd7b179

Please sign in to comment.