Merge remote-tracking branch 'upstream/master' into re-architecture-e…

…xp-nx-pnpm-nx-react
brionmario · Jun 14, 2022 · 35dbffb · 35dbffb
2 parents cd80187 + e7abfc2
commit 35dbffb
Show file tree

Hide file tree

Showing 117 changed files with 1,808 additions and 1,175 deletions.
diff --git a/apps/authentication-portal/package.json b/apps/authentication-portal/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@wso2is/authentication-portal",
-    "version": "1.2.952",
+    "version": "1.2.985",
     "description": "WSO2 Identity Server Authentication Portal",
     "author": "WSO2",
     "license": "Apache-2.0",

diff --git a/apps/authentication-portal/pom.xml b/apps/authentication-portal/pom.xml
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.wso2.identity.apps</groupId>
         <artifactId>identity-apps</artifactId>
-        <version>1.2.952-SNAPSHOT</version>
+        <version>1.2.985-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

diff --git a/...es/org/wso2/carbon/identity/application/authentication/endpoint/i18n/Resources.properties b/...es/org/wso2/carbon/identity/application/authentication/endpoint/i18n/Resources.properties
@@ -207,12 +207,12 @@ enable.totp=Set up an Authenticator App
 error.totp.not.enabled.please.enable=Scan the QR code below using an authenticator app to verify your identity using codes generated by the app.
 show.qr.code=Show QR code to scan and enrol the user
 confirm.you.have.scanned.the.qr.code=Have you scanned the QR code? You need to enter the verification code in the next step.
+cannot.access.totp=Can't access TOTP authenticator?
 
 # Backup Code authentication
 error.backup.code.not.enabled=Enable the Backup codes in your Profile. Cannot proceed further without Backup code authentication.
 auth.backup.code=Enter the Backup Code
 use.backup.code=Use Backup Codes
-lose.auth.details=Lose authenticator details?
 
 # Email OTP authentication
 enter.email=Enter Your Email Address

diff --git a/.../wso2/carbon/identity/application/authentication/endpoint/i18n/Resources_fr_FR.properties b/.../wso2/carbon/identity/application/authentication/endpoint/i18n/Resources_fr_FR.properties
@@ -204,6 +204,12 @@ enable.totp=Configurer une application Authenticator
 error.totp.not.enabled.please.enable=Scannez le code QR ci-dessous à l'aide d'une application d'authentification pour vérifier votre identité à l'aide des codes générés par l'application.
 show.qr.code=Afficher le code QR pour le scanner et vous enroler
 confirm.you.have.scanned.the.qr.code=Avez-vous scanné le code QR? Vous devez entrer le code de vérification à l'étape suivante.
+cannot.access.totp=Impossible d'acc?der ? l'authentificateur TOTP ?
+
+# Backup Code authentication
+error.backup.code.not.enabled=Activez les codes de sauvegarde dans votre profil. Impossible de continuer sans authentification par code de secours.
+auth.backup.code=Entrez le code de secours
+use.backup.code=Utiliser des codes de secours
 
 # Email OTP authentication
 enter.email=Saisissez votre adresse électronique

diff --git a/apps/authentication-portal/src/main/webapp/backup-code.jsp b/apps/authentication-portal/src/main/webapp/backup-code.jsp
@@ -18,6 +18,7 @@
 
 <%@ page import="org.owasp.encoder.Encode" %>
 <%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.Constants" %>
+<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.AuthenticationEndpointUtil" %>
 <%@ page import="java.io.File" %>
 <%@ page import="java.util.Map" %>
 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
@@ -132,7 +133,7 @@
                     <div class="ui divider hidden"></div>
                     <%
                         String multiOptionURI=request.getParameter("multiOptionURI");
-                        if (multiOptionURI != null) { %>
+                        if (multiOptionURI != null && AuthenticationEndpointUtil.isValidURL(multiOptionURI)) { %>
                             <a class="ui button secondary" id="goBackLink" href='<%=Encode.forHtmlAttribute(multiOptionURI)%>'>
                                 <%=AuthenticationEndpointUtil.i18n(resourceBundle, "choose.other.option")%>
                             </a>

diff --git a/apps/authentication-portal/src/main/webapp/login.jsp b/apps/authentication-portal/src/main/webapp/login.jsp
@@ -54,7 +54,6 @@
 %>
 
 <%
-    boolean isBackupCodeAuthAvailable = false;
     request.getSession().invalidate();
     String queryString = request.getQueryString();
     Map<String, String> idpAuthenticatorMapping = null;
@@ -426,9 +425,6 @@
                                 </button>
                             </div>
                             <%
-                                if (localAuthenticatorNames.contains("backup-code-authenticator")) {
-                                    isBackupCodeAuthAvailable = true;
-                                }
                             }
                             }
                             }
@@ -437,19 +433,6 @@
                         </div>
                     <% } %>
                 </div>
-                <br>
-                <% if(isBackupCodeAuthAvailable) { %>
-                    <div class="social-login blurring social-dimmer">
-                        <div class="field">
-                            <label><%=AuthenticationEndpointUtil.i18n(resourceBundle, "lose.auth.details")%></label>
-                            <a onclick="window.location.href='<%=commonauthURL%>?idp=LOCAL&authenticator=backup-code-authenticator&sessionDataKey=<%=Encode.forUriComponent(request.getParameter("sessionDataKey"))+multiOptionURIParam%>';"
-                                target="_blank" class="clickable-link" rel="noopener noreferrer"
-                                data-testid="login-page-backup-code-link" style="cursor:pointer;display:block">
-                                <%=AuthenticationEndpointUtil.i18n(resourceBundle, "use.backup.code")%>
-                            </a>
-                        </div>
-                    </div>
-                <% } %>
             </div>
         </div>
     </main>

diff --git a/apps/authentication-portal/src/main/webapp/openid_profile.jsp b/apps/authentication-portal/src/main/webapp/openid_profile.jsp
@@ -18,6 +18,7 @@
 
 <%@ page import="org.owasp.encoder.Encode" %>
 <%@ page import="java.io.File" %>
+<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.AuthenticationEndpointUtil" %>
 
 <%@include file="includes/localize.jsp" %>
 <%@include file="includes/init-url.jsp" %>
@@ -100,9 +101,15 @@
                                     "approve.always")%>"/>
                         <input type="hidden" id="hasApprovedAlways" name="hasApprovedAlways"
                                 value="false"/>
-                        <input class="ui large button" type="reset"
-                                value="<%=AuthenticationEndpointUtil.i18n(resourceBundle,"cancel")%>"
-                                onclick="javascript:document.location.href='<%=Encode.forJavaScript(openidreturnto)%>'"/>
+                        <%
+                            if (AuthenticationEndpointUtil.isValidURL(openidreturnto)) {
+                        %>
+                            <input class="ui large button" type="reset"
+                                    value="<%=AuthenticationEndpointUtil.i18n(resourceBundle,"cancel")%>"
+                                    onclick="javascript:document.location.href='<%=Encode.forJavaScript(openidreturnto)%>'"/>
+                        <%
+                            }
+                        %>
                     </div>
                 </form>
             </div>

diff --git a/apps/authentication-portal/src/main/webapp/samlsso_notification.jsp b/apps/authentication-portal/src/main/webapp/samlsso_notification.jsp
@@ -86,6 +86,10 @@
                 <h2><%=AuthenticationEndpointUtil.i18n(resourceBundle, "saml.sso")%></h2>
                 <h4><%=AuthenticationEndpointUtil.i18n(resourceBundle, errorStat)%></h4>
                 <p><%=AuthenticationEndpointUtil.i18n(resourceBundle, errorMsg)%></p>
+                <div class="ui divider hidden"></div>
+                <jsp:include page="includes/error-tracking-reference.jsp">
+                    <jsp:param name="align" value="centered"/>
+                </jsp:include>
             </div>
         </div>
     </main>

diff --git a/apps/authentication-portal/src/main/webapp/totp.jsp b/apps/authentication-portal/src/main/webapp/totp.jsp
@@ -21,6 +21,7 @@
 <%@ page import="java.io.File" %>
 <%@ page import="java.util.Map" %>
 <%@ page import="org.wso2.carbon.identity.application.authenticator.totp.util.TOTPUtil" %>
+<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.AuthenticationEndpointUtil" %>
 <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
 <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
 <%@ include file="includes/localize.jsp" %>
@@ -164,7 +165,7 @@
                                         </a>
                                     <% } else {
                                         String multiOptionURI = request.getParameter("multiOptionURI");
-                                        if (multiOptionURI != null) {
+                                        if (multiOptionURI != null && AuthenticationEndpointUtil.isValidURL(multiOptionURI)) {
                                     %>
                                         <a class="ui button secondary" id="goBackLink"
                                             href='<%=Encode.forHtmlAttribute(multiOptionURI)%>'>
@@ -181,7 +182,7 @@
                         <div class="ui divider hidden"></div>
                             <%
                                 String multiOptionURI = request.getParameter("multiOptionURI");
-                                if (multiOptionURI != null && isSendVerificationCodeByEmailEnabled) {
+                                if (multiOptionURI != null && isSendVerificationCodeByEmailEnabled && AuthenticationEndpointUtil.isValidURL(multiOptionURI)) {
                             %>
                                 <a class="ui button secondary" id="goBackLink"
                                 href='<%=Encode.forHtmlAttribute(multiOptionURI)%>'>

diff --git a/apps/console/package.json b/apps/console/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@wso2is/console",
-    "version": "1.2.952",
+    "version": "1.2.985",
     "description": "WSO2 Identity Server Console",
     "author": "WSO2",
     "license": "Apache-2.0",

diff --git a/apps/console/pom.xml b/apps/console/pom.xml
@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.wso2.identity.apps</groupId>
         <artifactId>identity-apps</artifactId>
-        <version>1.2.952-SNAPSHOT</version>
+        <version>1.2.985-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

diff --git a/apps/console/src/extensions/configs/application.tsx b/apps/console/src/extensions/configs/application.tsx
@@ -30,6 +30,11 @@ export const applicationConfig: ApplicationConfig = {
         showReturnAuthenticatedIdPs: true,
         showSaaS: true
     },
+    generalSettings: {
+        getFieldReadOnlyStatus: (applicationName: string, fieldName: string): boolean => {
+            return false;
+        }
+    },
     attributeSettings: {
         advancedAttributeSettings: {
             showIncludeTenantDomain: true,
@@ -57,7 +62,8 @@ export const applicationConfig: ApplicationConfig = {
         roleMapping: true
     },
     customApplication: {
-        allowedProtocolTypes: []
+        allowedProtocolTypes: [],
+        defaultTabIndex: 0
     },
     editApplication: {
         extendTabs: false,

diff --git a/apps/console/src/extensions/configs/models/application.ts b/apps/console/src/extensions/configs/models/application.ts
@@ -30,6 +30,9 @@ export interface ApplicationConfig {
         showSaaS: boolean;
         showReturnAuthenticatedIdPs: boolean;
     };
+    generalSettings: {
+        getFieldReadOnlyStatus: (applicationName: string, fieldName: string) => boolean ;
+    };
     attributeSettings: {
         advancedAttributeSettings: {
             showIncludeTenantDomain: boolean;
@@ -100,6 +103,7 @@ export interface ApplicationConfig {
     };
     customApplication: {
         allowedProtocolTypes: string[];
+        defaultTabIndex: number;
     };
     excludeIdentityClaims: boolean;
     excludeSubjectClaim: boolean;

diff --git a/apps/console/src/extensions/configs/models/userstores.ts b/apps/console/src/extensions/configs/models/userstores.ts
@@ -15,6 +15,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
+import { ReactElement } from "react";
 
 export interface UserstoresConfig {
     userstoreEdit: {
@@ -33,6 +34,7 @@ export interface UserstoresConfig {
     };
     userstoreList: {
         allowAddingUserstores: boolean;
+        renderEmptyPlaceholder: (emptyListPlaceholderActionClick) => ReactElement;
     };
     userstoreDomain: {
         appendToUsername: boolean;

diff --git a/apps/console/src/extensions/configs/userstores.tsx b/apps/console/src/extensions/configs/userstores.tsx
@@ -41,6 +41,9 @@ export const userstoresConfig: UserstoresConfig = {
         }
     },
     userstoreList: {
-        allowAddingUserstores: true
+        allowAddingUserstores: true,
+        renderEmptyPlaceholder: () => {
+            return null;
+        }
     }
 };
diff --git a/apps/console/src/features/applications/api/application.ts b/apps/console/src/features/applications/api/application.ts
@@ -844,7 +844,7 @@ export const getOIDCApplicationConfigurations = (): Promise<OIDCApplicationConfi
                 tokenEndpoint: response.data.token_endpoint,
                 tokenRevocationEndpoint: response.data.revocation_endpoint,
                 userEndpoint: response.data.userinfo_endpoint,
-                wellKnownEndpoint: store.getState().config.endpoints.wellKnown
+                wellKnownEndpoint: `${response.data.token_endpoint}/.well-known/openid-configuration`
             };
 
             return Promise.resolve(oidcConfigs);

diff --git a/apps/console/src/features/applications/components/forms/general-details-form.tsx b/apps/console/src/features/applications/components/forms/general-details-form.tsx
@@ -25,6 +25,7 @@ import { useSelector } from "react-redux";
 import { Divider, Icon } from "semantic-ui-react";
 import { AppState, UIConfigInterface } from "../../../core";
 import { ApplicationManagementConstants } from "../../constants";
+import { applicationConfig } from "../../../../extensions";
 
 /**
  * Proptypes for the applications general details form component.
@@ -74,6 +75,10 @@ interface GeneralDetailsFormPopsInterface extends TestableComponentInterface {
      * Specifies a Management Application
      */
     isManagementApp?: boolean;
+    /**
+     * Specifies whether having edit-permissions
+     */
+    hasRequiredScope?: boolean;
 }
 
 /**
@@ -107,6 +112,7 @@ export const GeneralDetailsForm: FunctionComponent<GeneralDetailsFormPopsInterfa
         accessUrl,
         onSubmit,
         readOnly,
+        hasRequiredScope,
         isSubmitting,
         isManagementApp,
         [ "data-testid" ]: testId
@@ -354,7 +360,8 @@ export const GeneralDetailsForm: FunctionComponent<GeneralDetailsFormPopsInterfa
                         ".placeholder")
                 }
                 value={ accessUrl }
-                readOnly={ readOnly }
+                readOnly={ !hasRequiredScope || ( readOnly && applicationConfig.generalSettings.getFieldReadOnlyStatus(
+                     name, "ACCESS_URL"))}
                 maxLength={ 200 }
                 minLength={ 3 }
                 data-testid={ `${ testId }-application-access-url-input` }
@@ -370,7 +377,8 @@ export const GeneralDetailsForm: FunctionComponent<GeneralDetailsFormPopsInterfa
                 disabled={ isSubmitting }
                 loading={ isSubmitting }
                 label={ t("common:update") }
-                hidden={ readOnly }
+                hidden={ !hasRequiredScope || ( readOnly && applicationConfig.generalSettings.getFieldReadOnlyStatus(
+                    name, "ACCESS_URL"))}
             />
         </Form>
     );

diff --git a/apps/console/src/features/applications/components/meta/inbound-protocols.meta.ts b/apps/console/src/features/applications/components/meta/inbound-protocols.meta.ts
@@ -16,8 +16,16 @@
  * under the License.
  */
 
+import { ApplicationManagementConstants } from "../../constants";
 import { AuthProtocolMetaListItemInterface, SAMLConfigModes, SupportedAuthProtocolTypes } from "../../models";
 
+export const InboundProtocolDefaultFallbackTemplates = new Map<string, string>([
+    [ "passivests", ApplicationManagementConstants.CUSTOM_APPLICATION_PASSIVE_STS ],
+    [ "openid", ApplicationManagementConstants.CUSTOM_APPLICATION_OIDC ],
+    [ "oauth2", ApplicationManagementConstants.CUSTOM_APPLICATION_OIDC ],
+    [ "samlsso", ApplicationManagementConstants.CUSTOM_APPLICATION_SAML ]
+]);
+
 export const InboundProtocolsMeta: AuthProtocolMetaListItemInterface[] = [
     {
         displayName: "OpenID Connect",
@@ -66,8 +74,8 @@ export const InboundProtocolsMeta: AuthProtocolMetaListItemInterface[] = [
  */
 export const SupportedAuthProtocolTypeDisplayNames = {
     [ SupportedAuthProtocolTypes.SAML ]: "SAML",
-    [ SupportedAuthProtocolTypes.OIDC ] : "OpenID Connect",
-    [ SupportedAuthProtocolTypes.OAUTH2_OIDC ] : "OAuth2.0/OpenID Connect",
+    [ SupportedAuthProtocolTypes.OIDC ]: "OpenID Connect",
+    [ SupportedAuthProtocolTypes.OAUTH2_OIDC ]: "OAuth2.0/OpenID Connect",
     [ SupportedAuthProtocolTypes.WS_FEDERATION ]: "Passive STS",
     [ SupportedAuthProtocolTypes.WS_TRUST ]: "WS-Trust",
     [ SupportedAuthProtocolTypes.CUSTOM ]: "Custom"
@@ -78,18 +86,18 @@ export const SupportedAuthProtocolTypeDisplayNames = {
  */
 export const SupportedAuthProtocolTypeDescriptions = {
     [ SupportedAuthProtocolTypes.SAML ]: "Open-standard for authentication and authorization.",
-    [ SupportedAuthProtocolTypes.OIDC ] : "Authentication layer on top of OAuth 2.0",
+    [ SupportedAuthProtocolTypes.OIDC ]: "Authentication layer on top of OAuth 2.0",
     [ SupportedAuthProtocolTypes.WS_FEDERATION ]: "Enable STS in a web browser.",
     [ SupportedAuthProtocolTypes.WS_TRUST ]: "Standard that provides extensions to WS-Security.",
-    [ SupportedAuthProtocolTypes. CUSTOM ]: "Custom protocol."
+    [ SupportedAuthProtocolTypes.CUSTOM ]: "Custom protocol."
 };
 
 
 /**
  * SAML configuration mode display name mapping.
  */
 export const SAMLConfigurationDisplayNames = {
-    [SAMLConfigModes.MANUAL]: "Manual",
-    [SAMLConfigModes.META_FILE]: "File Based",
-    [SAMLConfigModes.META_URL]: "URL Based"
+    [ SAMLConfigModes.MANUAL ]: "Manual",
+    [ SAMLConfigModes.META_FILE ]: "File Based",
+    [ SAMLConfigModes.META_URL ]: "URL Based"
 };
diff --git a/...rc/features/applications/components/settings/attribute-management/attribute-list-item.tsx b/...rc/features/applications/components/settings/attribute-management/attribute-list-item.tsx
@@ -161,24 +161,26 @@ export const AttributeListItem: FunctionComponent<AttributeListItemPropInterface
                 <div>
                     { !localDialect ? localClaimDisplayName : displayName }
                 </div>
-                { isOIDCMapping ?
-                    (<Hint warning= { true } popup>
-                        {
-                            t("console:develop.features.applications.edit.sections.attributes" +
-                                ".selection.mappingTable.listItem.faultyAttributeMappingHint")
-                        }
-                    </Hint>)
-                : "" }
+                { 
+                    isOIDCMapping ?
+                        (<Hint warning={ true } popup>
+                            {
+                                t("console:develop.features.applications.edit.sections.attributes" +
+                                    ".selection.mappingTable.listItem.faultyAttributeMappingHint")
+                            }
+                        </Hint>)
+                        : ""
+                }
                 {
                     <Popup
-                    content={ claimURI.startsWith(localDialectURI)
-                        ? t("console:develop.features.applications.edit.sections.attributes" +
+                        content={ isOIDCMapping && claimURI.startsWith(localDialectURI)
+                            ? t("console:develop.features.applications.edit.sections.attributes" +
                             ".selection.mappingTable.listItem.faultyAttributeMapping")
-                        : claimURI }
+                            : claimURI }
                         inverted
                         trigger={ (
                             <Code compact withBackground={ false }>
-                                { claimURI.startsWith(localDialectURI)
+                                { isOIDCMapping && claimURI.startsWith(localDialectURI)
                                     ? t("console:develop.features.applications.edit.sections.attributes" +
                                         ".selection.mappingTable.listItem.faultyAttributeMapping")
                                     : claimURI }