Merge pull request #32 from NUM-Forschungsdatenplattform/develop

Update Keycloak

.github/dependabot.yml

@@ -0,0 +1,19 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: maven
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "04:00"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: weekly
+      day: monday
+      time: "03:00"

.github/workflows/build-for-development.yml

@@ -0,0 +1,36 @@
+name: Build for development
+
+on:
+  push:
+    branches: [ 'feature/**', 'dependabot/**' ]
+  pull_request_target:
+    branches: [ develop, main ]
+    types: [ ready_for_review, closed ]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Run verify
+        run: mvn verify
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

.github/workflows/create-release-branch.yml

@@ -0,0 +1,85 @@
+name: Create release branch
+
+on:
+  workflow_dispatch:
+    branches: [ develop ]
+    inputs:
+      release:
+        description: 'Type of the release.'
+        type: choice
+        options:
+          - major
+          - minor
+          - patch
+        default: minor
+
+jobs:
+  create_branch:
+    if: github.event_name == 'workflow_dispatch' && github.ref == 'refs/heads/develop'
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Create version
+        id: createVersion
+        run: |
+          CURRENT_VERSION=$(mvn -q -Dexec.executable='echo' -Dexec.args='${project.version}' --non-recursive exec:exec)
+          echo "Current version: $CURRENT_VERSION"
+          MAJOR=`echo $CURRENT_VERSION | cut -d. -f1`
+          MINOR=`echo $CURRENT_VERSION | cut -d. -f2`
+          PATCH=`echo $CURRENT_VERSION | cut -d. -f3 | cut -d- -f1`
+          
+          if [ ${{ inputs.release }} == 'major' ]; then
+            MAJOR=$((MAJOR+1))
+            MINOR=0
+            PATCH=0
+          elif [ ${{ inputs.release }} == 'minor' ]; then
+            MINOR=$((MINOR+1))
+            PATCH=0
+          else
+            PATCH=$((PATCH+1))
+          fi
+          
+          VERSION=${MAJOR}.${MINOR}.${PATCH}
+          
+          echo
+          echo "Release version: $VERSION"
+          
+          echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Create release branch
+        env:
+          VERSION: ${{ steps.createVersion.outputs.VERSION }}
+        run: |
+          git config --global user.email "github-actions@example.com"
+          git config --global user.name "Github Actions"
+          
+          git branch release/$VERSION
+          git checkout release/$VERSION
+          
+          mvn versions:set -DnewVersion=${VERSION}-SNAPSHOT versions:commit
+          git add pom.xml
+          git commit -m "updated project version to ${VERSION}"
+          
+          git push --set-upstream origin release/$VERSION
+
+  wrong_branch:
+    if: github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/develop'
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ERROR
+        run: echo 'This workflow only runs on develop branch!'

.github/workflows/release.yml

@@ -0,0 +1,115 @@
+name: release
+
+on:
+  workflow_dispatch:
+    branches: [ 'release/**' ]
+
+env:
+  RELEASE_VERSION: ''
+  DEV_VERSION: ''
+
+jobs:
+
+  read_version:
+    runs-on: ubuntu-latest
+
+    outputs:
+      DEV_VERSION: ${{ steps.createVersion.outputs.DEV_VERSION}}
+      RELEASE_VERSION: ${{ steps.createVersion.outputs.RELEASE_VERSION}}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Create new development version
+        id: createVersion
+        run: |
+          CURRENT_VERSION=$(mvn -q -Dexec.executable='echo' -Dexec.args='${project.version}' --non-recursive exec:exec)
+          RELEASE_VERSION=`echo $CURRENT_VERSION | cut -d- -f1`
+          echo "Current version: $CURRENT_VERSION"
+          MAJOR=`echo $CURRENT_VERSION | cut -d. -f1`
+          MINOR=`echo $CURRENT_VERSION | cut -d. -f2`
+          
+          DEV_VERSION=${MAJOR}.$((MINOR+1)).0-SNAPSHOT
+          
+          echo
+          echo "Release version: $RELEASE_VERSION"
+          echo "Develop version: $DEV_VERSION"
+          
+          echo "RELEASE_VERSION=${RELEASE_VERSION}" >> "$GITHUB_OUTPUT"
+          echo "DEV_VERSION=${DEV_VERSION}" >> "$GITHUB_OUTPUT"
+          
+          echo "### :rocket: ${RELEASE_VERSION}" >> $GITHUB_STEP_SUMMARY
+
+  update_dev:
+    needs: read_version
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Create branch to update develop version
+        env:
+          DEV_VERSION: ${{ needs.read_version.outputs.DEV_VERSION }}
+        run: |
+          git config --global user.email "noreply@github.com"
+          git config --global user.name "Github Actions"
+          
+          git branch feature/update_develop_${DEV_VERSION}
+          git checkout feature/update_develop_${DEV_VERSION}
+          
+          mvn versions:set -DnewVersion=${DEV_VERSION} versions:commit
+          git commit -am "updated development version to ${DEV_VERSION}"
+          
+          git push --set-upstream origin feature/update_develop_${DEV_VERSION}
+
+      - name: Create PR to merge changes to Develop and update Version
+        env:
+          RELEASE_VERSION: ${{ needs.read_version.outputs.RELEASE_VERSION }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR_URL=`gh pr create --draft -B develop --title "Merge release branch '${RELEASE_VERSION}' back to develop" --body "Merge release branch '${RELEASE_VERSION}' back to develop"`
+          echo $PR_URL
+
+  release:
+    needs: read_version
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Set the release version
+        env:
+          RELEASE_VERSION: ${{ needs.read_version.outputs.RELEASE_VERSION }}
+        run: |
+          git config --global user.email "noreply@github.com"
+          git config --global user.name "Github Actions"
+          
+          mvn versions:set -DremoveSnapshot versions:commit
+          git commit -am "updated release version to ${RELEASE_VERSION}"
+          git push
+
+      - name: Create PR to merge release branch to main
+        env:
+          RELEASE_VERSION: ${{ needs.read_version.outputs.RELEASE_VERSION }}
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR_URL=`gh pr create --draft -B main --title "Merge release branch '${RELEASE_VERSION}'" --body "Merge release branch '${RELEASE_VERSION}'"`
+          echo $PR_URL

.github/workflows/weekly.yml

@@ -0,0 +1,33 @@
+name: Weekly
+
+on:
+  schedule:
+    - cron: '0 23 * * 1'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Run verify
+        run: mvn verify
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright [2024] [HiGHmed e.V.]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,10 +1,14 @@
 
 
-# mail-whitelisting
+# mail-whitelisting and field length validation for registration page
 
 ### Deployment
 
-Copy jar to ```/opt/jboss/keycloak/standalone/deployments```
+1. Copy jar to ```/keycloak-<version>/providers```
+2. Run the following command to complete the installation:
+```
+${kc.home.dir}/bin/kc.sh build
+```
 
 ### Configuration
 
@@ -13,32 +17,41 @@ Configuration is done per realm in the keycloak administration console
 Steps:
 
 1. Select realm to be configured
-1. Go to *Authentication* tab on the left and under *Flows* select *Registration* 
-1. On the right hand of the screen click copy button and create a copy of the *Registration* flow
-1. Name the new flow
-1. In the *Flows* tab, select the newly created registration flow in order to configure it
-1. Under *Actions*, under the root execution, add a new execution
-1. In the providers list, select the plugin name *Registration email domain validation*
-1. Save
-1. Move the newly added execution flow to be just below *Profile validation*; this is important such that all the form validation is done sequentially
-1. Enable the new execution
-1. On the right there is a config button where the plugin is to be configured
-1. Under *Bindings* tab next to the *Flows* tab, the newly created registration flow needs to be selected instead of the default *Registration* 
+2. Go to *Authentication* tab on the left and under *Flows* select *registration* 
+3. On the right hand of the screen select "Duplicate" from the "Action" menu and create a copy of the *registration* flow
+4. Name the new flow "registration-with-whitelisting"
+5. In the *Flows* tab, select the newly created registration flow in order to configure it
+6. Under *Add* (+ icon), add a new step 
+7. In the providers list, select the plugin name *Registration email domain validation*
+8. Save
+9. Move the newly added step to be just below *Registration User Profile Creation*; this is important such that all the form validation is done sequentially
+10. Set the new step to "Required"
+11. On the right there is a config button (gear settings) where the plugin is to be configured
+12. Under *Flows* tab, the newly created registration flow needs to be selected instead of the default *Registration* 
+13. Click on settings (right corner with 3 verical dots) and choose bind flow
+14. Select registration flow
+15. Default *Registration* flow should appear as 'Not in use' now
 
 Sample config values
 
 * Num portal uri: http://host.docker.internal:8090/organization/domains
 * Token uri: https://keycloak.dev.num-codex.de/auth/realms/crr/protocol/openid-connect/token
-* Client id: 89dddc8f-0f25-4faf-a58d-6cda681f6ed3
-* Secret: num-portal
+* Client id: num-portal
+* Client secret: <num-portal-client-secret>
 * Error message: 
 
-```<div>Invalid email address. Please contact us at: <a href="mailto:john.doe@example.com">John Doe</a></div>``` 
-
+```<span class="message-text" style = "display:block">Your email-address is not allowed. Please contact our support at:<a href="mailto:num-support@gwdg.de" style="color: white;font-weight: bold;padding-left: 10px;">num-support@gwdg.de</a> and inform about this message.</span>``` 
 
+Steps to configure field length validator plugin
+1. Repeat step 1-6 but for previously created flow (so you have to duplicate "registration-with-whitelisting" flow)
+2. In the providers list, select the plugin name *NUM Custom registration page field length validator*
+3. Move the newly added execution flow to be just below *Registration User Profile Creation*  and above "Registration email domain validation"; this is important such that all the form validation is done sequentially
+4. save
+5. On the right there is a config button (gear settings) where the plugin is to be configured (first and last name maximum length should be set to 50, department to 100 and notes to 255)
+6. repeat 12-13 from above
 ### License
 
-Copyright 2021 vitagroup AG
+Copyright 2024 HiGHmed e.V.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.