Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump version spring oauth 2.5.0.RELEASE #1462

Merged
merged 6 commits into from
Jan 19, 2021
Merged

Bump version spring oauth 2.5.0.RELEASE #1462

merged 6 commits into from
Jan 19, 2021

Conversation

strehle
Copy link
Member

@strehle strehle commented Dec 5, 2020

No description provided.

@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/176022758

The labels on this github issue will be updated when the story is started.

@strehle
Merge branch 'develop' of github.com:cloudfoundry/uaa into bump/sprin…
c5a03e9 
…g-oauth

* 'develop' of github.com:cloudfoundry/uaa:
  ensure always use uaa as zone (#1465)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:4ee059a954e7ab6cf193077dedb2ad88306bdee6d1c11cd5d9aa5eb1cd0626d0
@strehle strehle requested a review from shamus December 9, 2020 14:44
@strehle
Copy link
Member Author

strehle commented Dec 9, 2020

@torsten-sap / @tack-sap MFA feature was from your side, that is was git says, so
GeneralMfaProviderValidatorTest -> failed with this updates, also in IDE , if I retrigger the tests several times.

So question is, fixing test , @shamus removing Mfa (because I heard about this)

@strehle strehle added the dependencies Pull requests that update a dependency file label Dec 9, 2020
@strehle strehle removed the request for review from shamus December 21, 2020 13:58
strehle and others added 4 commits January 12, 2021 17:59
@strehle
Refactoring of test code:
b576c42 
copy RandomValueStringGenerator from oauth 2.4.0 and replace usage in tests where ASCII random is needed, e.g. zone creation.bump/spring-oauth
@strehle
Merge branch 'develop' of github.com:cloudfoundry/uaa into bump/sprin…
e003505 
…g-oauth

* 'develop' of github.com:cloudfoundry/uaa: (32 commits)
  Bump nokogiri from 1.10.8 to 1.11.0 in /uaa/slate (#1489)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:1f6cbc6a45891ad31c2ff562b1fdc279f13263c88787ea69e275e082c525ead0
  Bump redcarpet from 3.4.0 to 3.5.1 in /uaa/slate (#1488)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:66f90c70c583f2b105c9616e523777918eed699db86151983dcf4aa7dbc26f32
  Update docs to correct error. [#175985394]
  K8s templates now allow configuring `issuer.uri` (#1487)
  Update externalId on login (#1330)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:7da4296c9a32a7ae4471d2e2cbb5cbf1405a3100d4722cfaff74779d66d9a410
  Bump k8s.io/client-go from 0.20.0 to 0.20.1 in /k8s
  Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 in /k8s
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:bd0a6e0de975b961dc278209fc8fc75572a0fe933ee1964621373f225ccda014
  Add punctuation to make issue template so good.
  Empty commit to work around Concourse ci complication.
  Bump github.com/onsi/gomega from 1.10.3 to 1.10.4 in /k8s
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:a2fb30a2f2b547853d385739a41b5ea3a41b66181b955b5770438b6616857c49
  Refactor fetch of tokenKeyUrl (#1474)
  write exception message only  (#1469)
  dependency update (#1478)
  Bump guava version 30.0 (#1479)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:af0b3cdabdaae29ed08e220a94a5c8c34a9b40c7856fea031c68cd0a45972008
  ...
@strehle
Merge branch 'develop' of github.com:cloudfoundry/uaa into bump/sprin…
8a0d57d 
…g-oauth

* 'develop' of github.com:cloudfoundry/uaa:
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:63157b274647127a4a50ecd940bbe52439a63297130fbe80d5a2a14bb7220117
  Bump jasmine from 3.6.3 to 3.6.4 in /uaa (#1502)
  Bump - spring boot 2.4.2 - framework 5.3.3 (#1501)
  Alphabetize dependencies.gradle (#1500)
  fix leftover from spring boot update (#1499)
  Bump - spring boot 2.4.1 - framework 5.3.2 (#1484)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:40b74a03b4fc897cc1404a38b69b03fb82a46e16e0f199f619c76541a5efd0fb
  fix issue #1447: bump velocity 2.2 (#1486)
  Bump jasmine from 3.6.1 to 3.6.3 in /uaa (#1493)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:66f04df3439eae35373850d29b88b5cd3981f51e3811133d0279a86f1409a008
  Bump k8s.io/client-go from 0.20.1 to 0.20.2 in /k8s (#1495)
  Support multiple oauth client secrets in uaa.yml (#1313)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:fbb538ec49088e7d1077e083348ef1eda4c0de84ec7bbf0a636733812778fa95
  Bump k8s.io/api from 0.20.1 to 0.20.2 in /k8s (#1494)
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:b690567322e472a2c3edb33e25129bcba0d97caa00c16bce6375244ce11f7000
  Revert "Merge pull request #1435 from cloudfoundry/dependabot/npm_and_yarn/uaa/jasmine-3.6.3"
  Update UAA image reference in k8s deployment template to cfidentity/uaa@sha256:e7e7bc996a7594fe8b767056088d4216339392edd098877f794bd739bd649caf
  Bump jasmine from 3.6.1 to 3.6.3 in /uaa
@strehle
Update RandomValueStringGenerator.java
8b4b181
@strehle strehle merged commit 6d9bdc9 into develop Jan 19, 2021
@strehle strehle deleted the bump/spring-oauth branch January 19, 2021 17:29
@cf-gitbot cf-gitbot added delivered accepted Accepted the issue and removed delivered labels May 25, 2023
strehle added a commit that referenced this pull request Apr 21, 2024
@strehle
Remove forked class
ed99842 
Forked because of #1462
We have now AlphanumericRandomValueStringGenerator and will
get the other one.

For tests go with AlphanumericRandomValueStringGenerator
@strehle strehle mentioned this pull request Apr 21, 2024
Merged
strehle added a commit that referenced this pull request May 1, 2024
@strehle
Remove forked class (#2845)
4a89b78 
Forked because of #1462
We have now AlphanumericRandomValueStringGenerator and will
get the other one.

For tests go with AlphanumericRandomValueStringGenerator
strehle added a commit that referenced this pull request May 8, 2024
@strehle
Move OAuth2 Core Server Classes to UAA namespace (#2813)
5a7a4ef 
* Move to UaaBaseClientDetails

* Cleanup

* Cleanup

* Test cleanup flaky
because of parallel tests

* Use string compare instead of regex

* Rename main class

* Cleanup

* Tests moved into model

* Tests added, not used methods removed

* Tests fix

* Test coverage equals

* Sonar smells

* Sonar smells

* Sonar smells

* Sonar smells

* Move OAuth2 Core Server classes

- Endpoints for OAuth2 - main OIDC endpoints are in UAA implemented
- Core-Beans for Server start
- Client Token
- Server Annotation forking (workaround for now)

- OPEN. Client Annotation

* Set name for component

* Server Annotation for client token validation

* Unit Test fixes

* Finalize Client OAuth2 usage

Includes Test-Framework for OAuth2

* Finalize Client OAuth2 usage

Includes Test-Framework for OAuth2

* temporary deactivate

* temporary deactivate

* Refactoring

- remove csrf disable because we dont use this init and codeql dont like it

* Refactoring

Remove AuthorizationEndpoint.java because UAA has its own implementation

* Added documentation about move of classes

* Reduce Sonar Issues

* Sonar fix

Found with #2813

Prefix it

* Add javadoc comment about move
from spring-security-oauth2 to uaa

* resolve from rebase

* Import move

* Import move of Client interfaces

* Import move of Client interfaces

* Import move of Client interfaces

* Remove spring-security-oauth2

* Add XML Namespace Handler

* Move OAuth2 Exceptions to UAA

* Move Misc Missing Classes to UAA

* Sonar

* Sonar

* Sonar fixes

* Refactor duplicate code

* Refactor duplicate code

* Remove library dependency

remove from dependencies.gradle

* Rebase

* Remove duplicate Exception

* Remove duplicate Code

CompositeAccessTokenDeserializer and CompositeAccessTokenSerializer
were forked in past already. Re-use them now

* Remove duplicate Code

UAA exceptions and related classes
were forked in past already. Re-use them now

UaaException now is parent of OAuth2 generic exceptions
Therefore adopt some tests to retrieve the oauth2 specific
exception instead of generic one.

* Remove duplicate Code

could have been done in oauth2 library...
however do it now

* Remove duplicate Code

PkceEnhancedAuthorizationCodeTokenGranter uses duplicated
code from AuthorizationCodeTokenGranter

* Sonar smells

* Sonar mentioned that there is an unused parameter

removed

* fix validation order

IT error fix

* More sonar smells

* Remove not needed

* Sonar smell and coverage improvements

Remove not needed methods

* Sonar smell and coverage improvements

* Remove not needed code

* Refactorings because of sonar smells

* Remove forked class

Forked because of #1462
We have now AlphanumericRandomValueStringGenerator and will
get the other one.

For tests go with AlphanumericRandomValueStringGenerator

* Removed because of Sonar finding

logic not needed

* Fixed Sonar Smells

Only refactorings

* Sonar smell fixes

* Sonar smell fixes

* Sonar smell fixes

* Sonar smells in token endpoint

* Sonar smells in Exception handling

* Sonar smells

* Sonar smell fixes

* Sonar smell fixes

* Sonar smell fixes

* Sonar smell fixes

* More changes because of Sonar

Changed interfaces without wildcards
The interfaces now belong to UAA

* Refactor equals and hashCode

With Sonar help

* Refactor XSD

* Remove duplicate from spring-security-oauth2

Uaa has forked this class in the past, re-use it now

* Refactor: use UaaAuthorizationRequestManager as central OAuth2RequestFactory

Use IdentityZoneManager
Remove internal OAuth2RequestFactory proxy

* Move tests from spring-security-oauth2 into UAA (#2843)

* Move tests from spring-security-oauth2 into UAA

Test coverage should help to identity if we need the coding or not.
Coding, which is not covered should be checked in Unit and Integration Tests
and should be removed if not really used.

* More Tests

* Extended exception tests

* more tests for client grant flows

* More tests

* Added tests for XML configuration

* Added tests for InMemoryTokenStore

* More Tests

* Move tests for oauth2 authentication

* Tests for OAuth2 expression parser

* Token Endpoint Tests

* Exception handling tests

* More tests for new coding

* More tests

* More tests

* Test coverage

* Test coverage

* Add test for InMemory code service.

Used in tests

* Refactor tests

* Add client scopes for test fix

* Add test

* Fix test Coverage

* Fix test

* Test added

* Test coverage

* Test coverage

* re-generated the serialVersionUID values

Used intellij which offers this in extras

* new line

* remove because of review

* Refactor dependency to commons-codec

commons-codec is used / needed in uaa.war, so it comes because of different dependencies
Thought before we dont need it, therefore removed the CHUCK SIZE constant.

Revert JsonWebKey changes

* revert serial change

this ID was used before and changed accidentially
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
accepted Accepted the issue dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@strehle @cf-gitbot