Merge remote-tracking branch 'origin/upgrade-to-cas-6.6' into upgrade…

…-to-cas-6.6

# Conflicts:
#	gradle.properties

.github/workflows/main.yml

@@ -15,7 +15,7 @@ jobs:
       - uses: actions/setup-java@v2
         with:
           distribution: 'adopt'
-          java-version: '11'
+          java-version: '17'
           check-latest: true
 
       - name: build the exploded CAS webapp
@@ -53,6 +53,16 @@ jobs:
         run: |
           docker push georchestra/cas:latest
 
+      - name: "Update Docker Hub Description"
+        if: github.ref == 'refs/heads/master' && github.repository == 'georchestra/georchestra-cas-server' && github.actor != 'dependabot[bot]' && github.event_name != 'pull_request'
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+          repository: georchestra/cas
+          readme-filepath: ./DOCKER_HUB.md
+          short-description: 'Cas module for the geOrchestra SDI'
+
       - name: Publish the docker image (release / tag)
         if: contains(github.ref, 'refs/tags/') && github.repository == 'georchestra/georchestra-cas-server'
         run: |

DOCKER_HUB.md

@@ -0,0 +1,51 @@
+# Quick reference
+
+-    **Maintained by**:  
+      [georchestra.org](https://www.georchestra.org/)
+
+-    **Where to get help**:  
+     the [geOrchestra Github repo](https://github.com/georchestra/georchestra), [IRC chat](https://kiwiirc.com/nextclient/irc.libera.chat/georchestra), Stack Overflow
+
+# Featured tags
+
+- `latest`, `23.0.x`
+
+# Quick reference
+
+-	**Where to file issues**:  
+     [https://github.com/georchestra/georchestra/issues](https://github.com/georchestra/georchestra/issues)
+     [https://github.com/georchestra/georchestra-cas-server/issues](https://github.com/georchestra/georchestra-cas-server/issues)
+
+-	**Supported architectures**:   
+     [`amd64`](https://hub.docker.com/r/amd64/docker/)
+
+-	**Source of this description**:  
+     [docs repo's directory](https://github.com/georchestra/georchestra-cas-server/blob/master/DOCKER_HUB.md)
+
+# What is `georchestra/cas`
+
+**CAS** is a module for geOrchestra which offers
+- Single Sign On (SSO) for all geOrchestra webapps with a custom interface
+- Authentication against a LDAP directory
+
+# How to use this image
+
+As for every other geOrchestra webapp, its configuration resides in the data directory ([datadir](https://github.com/georchestra/datadir)), typically something like /etc/georchestra, where it expects to find a cas sub-directory.
+
+It is recommended to use the official docker composition: https://github.com/georchestra/docker.
+
+For this specific component, see the section `cas` in the [`georchestra/docker/docker-compose.yml`](https://github.com/georchestra/docker/blob/master/docker-compose.yml) file.
+
+## Where is it built
+
+This image is built using Dockerfile in `cas` repo. 
+
+# License
+
+View [license information](https://www.georchestra.org/software.html) for the software contained in this image.
+
+As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
+
+[//]: # (Some additional license information which was able to be auto-detected might be found in [the `repo-info` repository's georchestra/ directory]().)
+
+As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

Dockerfile

@@ -3,16 +3,24 @@ FROM jetty:9.4-jre11
 LABEL "Organization"="geOrchestra"
 LABEL "Description"="CAS server webapp"
 
+USER root
+RUN mkdir -p /docker-entrypoint.d
+RUN chown jetty:jetty /docker-entrypoint.d
+USER jetty
+
 RUN java -jar "$JETTY_HOME/start.jar" --create-startd --add-to-start=jmx,jmx-remote,stats,gzip,http-forwarded
 
 VOLUME [ "/tmp", "/run/jetty" ]
 
 EXPOSE 8080
 
-COPY build/cas /var/lib/jetty/webapps/cas
+COPY --chown=jetty:jetty build/cas /var/lib/jetty/webapps/cas
+COPY --chown=jetty:jetty docker/docker-entrypoint.sh /
 
 ENV XMS=256M XMX=1G
 
+ENTRYPOINT [ "/docker-entrypoint.sh" ]
+
 CMD ["sh", "-c", "exec java \
         -Djava.io.tmpdir=/tmp/jetty \
         -Dgeorchestra.datadir=/etc/georchestra \

build.gradle

@@ -26,6 +26,7 @@ buildscript {
         classpath "io.freefair.gradle:lombok-plugin:${project.gradleLombokPluginVersion}"
 
         classpath "com.netflix.nebula:gradle-ospackage-plugin:9.0.0"
+
     }
 }
 
@@ -86,6 +87,9 @@ dependencies {
     implementation "org.apereo.cas:cas-server-support-ldap:${casServerVersion}"
     implementation "org.apereo.cas:cas-server-support-pac4j-webflow:${casServerVersion}"
     implementation "org.apereo.cas:cas-server-support-oauth-webflow:${casServerVersion}"
+    implementation "org.apereo.cas:cas-server-support-oidc:${casServerVersion}"
+    implementation "org.apereo.cas:cas-server-support-saml-idp:${casServerVersion}"
+    implementation group: 'io.sentry', name: 'sentry-log4j2', version: '6.10.0'
 
     providedCompile "org.springframework.boot:spring-boot:${springBootVersion}"
 }

docker/docker-entrypoint.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+DIR=/docker-entrypoint.d
+
+# Executing custom scripts located in CUSTOM_SCRIPTS_DIRECTORY if environment variable is set
+if [[ -z "${CUSTOM_SCRIPTS_DIRECTORY}" ]]; then
+  echo "[INFO] No CUSTOM_SCRIPTS_DIRECTORY env variable set"
+else
+  echo "[INFO] CUSTOM_SCRIPTS_DIRECTORY env variable set to ${CUSTOM_SCRIPTS_DIRECTORY}"
+  cp -v "${CUSTOM_SCRIPTS_DIRECTORY}"/* "$DIR"
+  echo "[INFO] End copying custom scripts"
+fi
+
+if [[ -d "$DIR" ]]
+then
+  # Regex is needed to execute all kind of files, including sh files. Warning : --regex not available in alpine images.
+  /bin/run-parts --verbose "$DIR" --regex='.*'
+fi
+
+exec "$@"

gradle.properties

@@ -1,27 +1,27 @@
 # Versions
-cas.version=6.6.1
+cas.version=6.6.15
 springBootVersion=2.7.3
 
 # Use -jetty, -undertow to other containers
 # Or blank if you want to deploy to an external container
 appServer=
 executable=false
 
-tomcatVersion=9.0.45
+tomcatVersion=9.0.84
 
 org.gradle.dependency.verification.console=verbose
 
 group=org.apereo.cas
 sourceCompatibility=11
-targetCompatibility=11
+targetCompatibility=17
 
 
 # Location of the downloaded CAS shell JAR
 shellDir=build/libs
 ivyVersion=2.5.0
 gradleDownloadTaskVersion=4.1.1
-gradleMavenPluginVersion=5.2.1
-gradleLombokPluginVersion=5.2.1
+gradleMavenPluginVersion=6.3.0
+gradleLombokPluginVersion=6.3.0
 
 baseDockerImage=jetty:9.4-jre11
 allowInsecureRegistries=false

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.0-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.3.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

src/main/java/org/georchestra/cas/GeorchestraConfiguration.java

@@ -1,6 +1,7 @@
 package org.georchestra.cas;
 
 import lombok.Data;
+import lombok.Getter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -16,9 +17,22 @@
 @Data
 public class GeorchestraConfiguration {
 
-    @Value( "${headerUrl}" )
+    @Value( "${useLegacyHeader:false}" )
+    boolean useLegacyHeader = false;
+
+    @Value( "${headerUrl:/header/}" )
     String headerUrl;
 
-    @Value("${headerHeight}")
+    @Value("${headerHeight:90}")
     String headerHeight;
+
+    @Value("${headerScript:https://cdn.jsdelivr.net/gh/georchestra/header@dist/header.js}")
+    String headerScript;
+
+    @Value("${logoUrl:https://www.georchestra.org/public/georchestra-logo.svg}")
+    String logoUrl;
+
+    @Value("${georchestraStylesheet:}")
+    String georchestraStylesheet;
+
 }

src/main/java/org/georchestra/cas/MessagesConfiguration.java

@@ -0,0 +1,62 @@
+package org.georchestra.cas;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.CommandLineRunner;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.Properties;
+
+
+@Component
+@Order(1)
+class MessagesConfiguration implements CommandLineRunner {
+
+    @Autowired GeorchestraConfiguration georchestraConfiguration;
+    public static final String FILE_PATH = "webapps/cas/WEB-INF/classes/messages.properties";
+    public static final String EXPIRE_PASS_KEY = "screen.expiredpass.message";
+    public static final String EXPIRE_PASS_VALUE = "Please <a href=\"%s\">change your password</a>.";
+    public static final String WARNING_PASS_KEY = "password.expiration.warning";
+    public static final String WARNING_PASS_VALUE = "Your password expires in {0} day(s). Please <a href=\"%s\">change your password</a> now.";
+    public static final String CHANGE_PASSWORD_URL_NOT_CONNECTED = "../console/account/passwordRecovery";
+    public static final String CHANGE_PASSWORD_URL_CONNECTED = "../console/account/changePassword";
+
+    @Override
+    public void run(String... args)  {
+            boolean success = false;
+            Properties props = new Properties();
+            FileOutputStream output = null;
+            FileInputStream configStream = null;
+            try {
+                File propsFile  = new File(FILE_PATH);
+                configStream = new FileInputStream(propsFile);
+                props.load(configStream);
+                props.setProperty(EXPIRE_PASS_KEY, String.format(EXPIRE_PASS_VALUE, CHANGE_PASSWORD_URL_NOT_CONNECTED));
+                props.setProperty(WARNING_PASS_KEY, String.format(WARNING_PASS_VALUE, CHANGE_PASSWORD_URL_CONNECTED));
+                output = new FileOutputStream(propsFile);
+                props.store(output, "message.properties file updated to set url for password change");
+            } catch (IOException ex) {
+                System.out.println(ex.getMessage());
+            } finally {
+                if (configStream != null) {
+                    try {
+                        configStream.close();
+                    } catch (IOException e) {
+                        System.out.println(e.getMessage());
+                    }
+                }
+                if (output != null) {
+                    try {
+                        output.close();
+                    } catch (IOException e) {
+                        System.out.println(e.getMessage());
+                    }
+                }
+            }
+
+        }
+}

src/main/resources/META-INF/spring.factories

@@ -1 +1 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=org.georchestra.cas.GeorchestraConfiguration
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=org.georchestra.cas.GeorchestraConfiguration, org.georchestra.cas.MessagesConfiguration

src/main/resources/templates/georchestra/fragments/header.html

@@ -12,10 +12,13 @@
 
 <body>
 <div th:fragment="header">
-    <iframe
-            th:src="${@georchestraConfiguration.getHeaderUrl()}"
-            th:style="'width:100%;height:'+ ${@georchestraConfiguration.getHeaderHeight()}+'px;border:none;overflow:hidden;'" scrolling="no" frameborder="0">
-    </iframe>
+    <geor-header th:style="'width:100%;height:'+ ${@georchestraConfiguration.getHeaderHeight()}+'px;border:none;overflow:hidden;'"
+                 th:legacy-url="${@georchestraConfiguration.getHeaderUrl()}"
+                 th:legacy-header="${@georchestraConfiguration.isUseLegacyHeader()}"
+                 th:logo-url="${@georchestraConfiguration.getLogoUrl()}"
+                 th:stylesheet="${@georchestraConfiguration.getGeorchestraStylesheet()}"
+    ></geor-header>
+    <script th:src="${@georchestraConfiguration.getHeaderScript()}"></script>
 </div>
 </body>
 

src/main/resources/templates/georchestra/layout.html

@@ -20,8 +20,7 @@
     <span th:remove="tag" th:each="file : ${#strings.arraySplit(#themes.code('cas.standard.css.file'), ',')}">
         <link rel="stylesheet" type="text/css" href="../static/css/cas.css" th:href="@{${file}}" />
     </span>
-    <link rel="shortcut icon"
-        th:href="@{${#strings.defaultString(#themes.code('cas.favicon.file'), '/favicon.ico')}}" />
+    <link rel="shortcut icon" href="/favicon.ico"/>
 </head>
 
 <body>