Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ory based authorization #858

Draft
wants to merge 54 commits into
base: dev
Choose a base branch
from
Draft

Ory based authorization #858

wants to merge 54 commits into from

Conversation

Bdegraaf1234
Copy link
Member

Description: Gather all PRs related to moving from spring-security based oauth2 to ory.

Checklist:

  • The Main workflow has succeeded
  • The Gatling tests have passed
  • I have logged into the portal running locally with default admin credentials
  • I have updated the README files if this change requires documentation update
  • I have commented my code, particularly in hard-to-understand areas

@Bdegraaf1234 Bdegraaf1234 changed the title Run tests on feature branches Ory base dauthorization Jun 12, 2024
@Bdegraaf1234 Bdegraaf1234 changed the title Ory base dauthorization Ory based authorization Jun 12, 2024
@Bdegraaf1234 Bdegraaf1234 marked this pull request as draft June 20, 2024 13:42
mpgxvii and others added 21 commits August 5, 2024 23:18
@mpgxvii
Update front end to use auth code login
ad6c73e
@mpgxvii
Add login endpoint to allow auth code grant login
8c9fec3
@mpgxvii
Add token validator updates to support hydra tokens
c09291c
@mpgxvii
Add auth server config to application properties
4820edc
@mpgxvii
Fix access token converter
6beedc4
@mpgxvii
Add Ory components docker configurations
4bbb4e8
@mpgxvii
Merge branch 'hydra-kratos-stack' of https://github.com/RADAR-base/Ma…
0590f33 
…nagementPortal into feat/hydra-token
@mpgxvii
Fix application properties
d0d61aa
@yatharthranjan
use single postgres instance for kratos and hydra
715ffaa
@mpgxvii
Add MP authserve configs
7fa118c
@mpgxvii
Merge branch 'hydra-kratos-stack' of https://github.com/RADAR-base/Ma…
75ee42e 
…nagementPortal into hydra-kratos-stack
@mpgxvii
Merge branch 'dev' of https://github.com/RADAR-base/ManagementPortal
cda3c9d 
…into feature/ory-based-authorization
@mpgxvii
Remove unused KratosTokenVerifier and Oauth2LoginUiWebConfig
5234fd2
@mpgxvii
Update setting of hydra token verifier loader
ea47775
@yatharthranjan
use published dev docker image for UI
3d3eec0
@yatharthranjan
fix port mappings
1951b90
@yatharthranjan
Merge pull request #930 from RADAR-base/hydra-kratos-stack
e1cdee9 
Add Ory stack configs
@yatharthranjan
Merge remote-tracking branch 'origin/feature/ory-based-authorization'…
39b06b5 
… into feat/hydra-token
@mpgxvii
Update self-enrolment image and login redirect url
85348d6
@mpgxvii
update login redirect url
02e08a4
@mpgxvii
Fix MP endpoint in kratos config
d72ff43
@mpgxvii
Fix ory stack configs
03c87ed
@mpgxvii
Merge branch 'feat/hydra-token' of https://github.com/RADAR-base/Mana…
83087eb 
…gementPortal into feat/hydra-token
@mpgxvii
Remove OAuth2ServerConfiguration and use single SecurityConfig for auth
1882851
@mpgxvii
Refactor JwtAuthenticationFilter to accept jwt and session data
7600ae8
@mpgxvii
Remove unused services
54aa7ff
@mpgxvii
Restore ory stack changes
5e6f20d
@mpgxvii
Update JwtAuthenticationFilter issues: make sure existing auth is che…
eaa7d33 
…cked and security context is cleared after
@mpgxvii
Merge branch 'feature/ory-based-authorization' of https://github.com/…
aa6b6f0 
…RADAR-base/ManagementPortal into feat/hydra-token
@mpgxvii
Restore deleted annotations
960a3b5
@mpgxvii
Move access token fetching to AuthService
c11734e
@mpgxvii
Invalidate session on logout
2988114
@mpgxvii
Update kratos postgres
98110f7
@mpgxvii
Merge branch 'feature/ory-based-authorization' of https://github.com/…
51b5fdd 
…RADAR-base/ManagementPortal into feat/hydra-token
@mpgxvii
Fix error component login url and remove unnecessary logs
2c4683c
@mpgxvii
Update dependencies
12b7253
@mpgxvii
Merge branch 'feature/ory-based-authorization' of https://github.com/…
393bcf9 
…RADAR-base/ManagementPortal into feat/hydra-token
@mpgxvii
Fix jackson version
afbe7b9
@mpgxvii
Fix jackson version
6a07d69
@mpgxvii
Merge branch 'feature/ory-based-authorization' of https://github.com/…
b4ec9b2 
…RADAR-base/ManagementPortal into feat/hydra-token
@mpgxvii
Remove unused TokenKeyEndpoint
5741993
@mpgxvii
Update verification webhook config
8a4e061
@mpgxvii
Update self-enrolment-ui tag
d52b9df
@mpgxvii
Merge pull request #924 from RADAR-base/feat/hydra-token
cb20142 
Change login flow to use Ory
@mpgxvii
Merge branch 'dev' of https://github.com/RADAR-base/ManagementPortal
1bac662 
…into feature/ory-based-authorization
@mpgxvii
Fix merge conflicts
93e18fb
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 16, 2024
View reviewed changes
src/main/java/org/radarbase/management/config/SecurityConfiguration.kt
@Throws(Exception::class)
public override fun configure(http: HttpSecurity) {
http
.csrf().disable()

Check failure

Code scanning / CodeQL

Disabled Spring CSRF protection High

CSRF vulnerability due to protection being disabled.

Copilot Autofix AI about 1 month ago

To fix the issue, we need to enable CSRF protection in the SecurityConfiguration class. This involves removing the csrf().disable() line from the configure method. By doing this, we ensure that CSRF protection is enabled, which helps prevent CSRF attacks.

  • General Fix: Enable CSRF protection by removing the line that disables it.
  • Detailed Fix: Remove the csrf().disable() line from the configure method in the SecurityConfiguration class.
  • Specific Changes: Edit the configure method in the SecurityConfiguration class located in src/main/java/org/radarbase/management/config/SecurityConfiguration.kt.
Suggested changeset 1
src/main/java/org/radarbase/management/config/SecurityConfiguration.kt

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/org/radarbase/management/config/SecurityConfiguration.kt b/src/main/java/org/radarbase/management/config/SecurityConfiguration.kt
--- a/src/main/java/org/radarbase/management/config/SecurityConfiguration.kt
+++ b/src/main/java/org/radarbase/management/config/SecurityConfiguration.kt
@@ -123,3 +123,2 @@
             http
-                .csrf().disable()
                 .sessionManagement()
EOF
@@ -123,3 +123,2 @@
http
.csrf().disable()
.sessionManagement()
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nivemaham nivemaham Awaiting requested review from nivemaham nivemaham is a code owner

@peyman-mohtashami peyman-mohtashami Awaiting requested review from peyman-mohtashami peyman-mohtashami is a code owner

@pvannierop pvannierop Awaiting requested review from pvannierop pvannierop is a code owner

@yatharthranjan yatharthranjan Awaiting requested review from yatharthranjan yatharthranjan is a code owner

@mpgxvii mpgxvii Awaiting requested review from mpgxvii mpgxvii is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Bdegraaf1234 @mpgxvii @yatharthranjan