From 5d45e4e85deb7469aac7b286815ea0789e3bd3ae Mon Sep 17 00:00:00 2001
From: Ricardo van der Heijden
<20791917+ricardovdheijden@users.noreply.github.com>
Date: Tue, 30 Jun 2026 13:43:31 +0200
Subject: [PATCH 1/6] Renames variables in application.yml. Renames references
in Java
---
.../myconext/api/AccountLinkerController.java | 76 +++++++++----------
.../java/myconext/api/LoginController.java | 39 +++++-----
.../myconext/api/ServiceDeskController.java | 11 +--
.../java/myconext/api/UserController.java | 34 ++++-----
.../security/SecurityConfiguration.java | 10 +--
.../java/myconext/tiqr/TiqrController.java | 8 +-
.../src/main/resources/application.yml | 22 +++---
.../myconext/AbstractIntegrationTest.java | 2 +-
.../api/UserControllerAllowedDomainsTest.java | 2 +-
.../api/UserControllerCaptchaTest.java | 2 +-
.../api/UserControllerRememberMeTest.java | 2 +-
.../api/UserControllerSSOMfaTest.java | 2 +-
.../cron/InactivityMailDryRunTest.java | 4 +-
.../myconext/cron/InactivityMailTest.java | 4 +-
.../cron/InstitutionMailUsageBatchTest.java | 4 +-
.../cron/InstitutionMailUsageDryRunTest.java | 4 +-
.../cron/InstitutionMailUsageTest.java | 4 +-
.../cron/NudgeAppMailDisabledAppTest.java | 2 +-
.../myconext/cron/NudgeAppMailDryRunTest.java | 4 +-
.../java/myconext/cron/NudgeAppMailTest.java | 4 +-
.../myconext/oidcng/OpenIDConnectTest.java | 2 +-
.../security/SecurityConfigurationTest.java | 2 +-
22 files changed, 118 insertions(+), 126 deletions(-)
diff --git a/myconext-server/src/main/java/myconext/api/AccountLinkerController.java b/myconext-server/src/main/java/myconext/api/AccountLinkerController.java
index 77c1b6f38..ac79357e3 100644
--- a/myconext-server/src/main/java/myconext/api/AccountLinkerController.java
+++ b/myconext-server/src/main/java/myconext/api/AccountLinkerController.java
@@ -95,13 +95,13 @@ public class AccountLinkerController implements UserAuthentication {
private final MailBox mailBox;
private final AttributeMapper attributeMapper;
private final String magicLinkUrl;
- private final String idpBaseRedirectUrl;
- private final String spRedirectUrl;
- private final String basePath;
+ private final String accountRedirectUrl;
+ private final String myconextRedirectUrl;
+ private final String myconextBasePath;
private final long removalValidatedDurationDays;
private final String myConextSpEntityId;
private final Manage manage;
- private final String mijnEduIDEntityId;
+ private final String myconextEntityid;
private final String schacHomeOrganization;
private final boolean createEduIDInstitutionEnabled;
private final List createFromInstitutionAllowedReturnDomains;
@@ -130,11 +130,11 @@ public AccountLinkerController(
AttributeMapper attributeMapper,
Manage manage,
DisposableEmailProviders disposableEmailProviders,
- @Value("${mijn_eduid_entity_id}") String mijnEduIDEntityId,
+ @Value("${myconext_entityid}") String myconextEntityid,
@Value("${schac_home_organizations}") String schacHomeOrganizations,
@Value("${email.magic-link-url}") String magicLinkUrl,
- @Value("${idp_redirect_url}") String idpBaseRedirectUrl,
- @Value("${sp_redirect_url}") String spRedirectUrl,
+ @Value("${account_redirect_url}") String accountRedirectUrl,
+ @Value("${myconext_redirect_url}") String myconextRedirectUrl,
@Value("${oidc.client-id}") String clientId,
@Value("${oidc.secret}") String clientSecret,
@Value("${oidc.idp-flow-redirect-url}") String idpFlowRedirectUri,
@@ -142,7 +142,7 @@ public AccountLinkerController(
@Value("${oidc.mobile-flow-redirect-url}") String mobileFlowRedirectUri,
@Value("${oidc.sp-create-from-institution-redirect-url}") String spCreateFromInstitutionRedirectUri,
@Value("${oidc.base-url}") String oidcBaseUrl,
- @Value("${base_path}") String basePath,
+ @Value("${myconext_base_path}") String myconextBasePath,
@Value("${linked_accounts.removal-duration-days-validated}") long removalValidatedDurationDays,
@Value("${account_linking.myconext_sp_entity_id}") String myConextSpEntityId,
@Value("${feature.create_eduid_institution_enabled}") boolean createEduIDInstitutionEnabled,
@@ -165,17 +165,17 @@ public AccountLinkerController(
this.manage = manage;
this.disposableEmailProviders = disposableEmailProviders;
this.schacHomeOrganization = Stream.of(schacHomeOrganizations.split(",")).map(String::trim).toList().getFirst();
- this.mijnEduIDEntityId = mijnEduIDEntityId;
+ this.myconextEntityid = myconextEntityid;
this.magicLinkUrl = magicLinkUrl;
- this.idpBaseRedirectUrl = idpBaseRedirectUrl;
- this.spRedirectUrl = spRedirectUrl;
+ this.accountRedirectUrl = accountRedirectUrl;
+ this.myconextRedirectUrl = myconextRedirectUrl;
this.clientId = clientId;
this.clientSecret = clientSecret;
this.idpFlowRedirectUri = idpFlowRedirectUri;
this.spFlowRedirectUri = spFlowRedirectUri;
this.mobileFlowRedirectUri = mobileFlowRedirectUri;
this.spCreateFromInstitutionRedirectUri = spCreateFromInstitutionRedirectUri;
- this.basePath = basePath;
+ this.myconextBasePath = myconextBasePath;
this.oidcBaseUrl = oidcBaseUrl;
this.removalValidatedDurationDays = removalValidatedDurationDays;
this.myConextSpEntityId = myConextSpEntityId;
@@ -203,7 +203,7 @@ public ResponseEntity startIdPLinkAccountFlow(@PathVariable("id") String id,
Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id);
if (!optionalSamlAuthenticationRequest.isPresent()) {
- return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/expired")).build();
+ return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/expired")).build();
}
SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get();
@@ -253,11 +253,11 @@ public ResponseEntity spCreateFromInstitutionRedirect(HttpServletRequest request
String eppn = (String) userInfo.get("eduperson_principal_name");
String subjectId = (String) userInfo.get("subject_id");
if (!StringUtils.hasText(eppn) && !StringUtils.hasText(subjectId)) {
- String uri = this.spRedirectUrl + "/create-from-institution/attribute-missing?fromInstitution=true";
+ String uri = this.myconextRedirectUrl + "/create-from-institution/attribute-missing?fromInstitution=true";
return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(uri)).build();
}
//Check if the eppn is taken before proceeding
- String eppnAlreadyLinkedRequiredUri = this.spRedirectUrl + "/create-from-institution/eppn-already-linked?fromInstitution=true";
+ String eppnAlreadyLinkedRequiredUri = this.myconextRedirectUrl + "/create-from-institution/eppn-already-linked?fromInstitution=true";
Optional> eppnAlreadyLinkedOptional = checkEppnAlreadyLinked(eppnAlreadyLinkedRequiredUri, eppn, subjectId);
if (eppnAlreadyLinkedOptional.isPresent()) {
LOG.debug("EPPN already linked in create-institution-flow for " + eppn);
@@ -269,7 +269,7 @@ public ResponseEntity spCreateFromInstitutionRedirect(HttpServletRequest request
storedState, requestInstitutionEduID.getHash(), requestInstitutionEduID.getReturnUrl()));
requestInstitutionEduIDRepository.save(requestInstitutionEduID);
//Now the user needs to enter email and validate this email to finish up the registration
- String returnUri = this.spRedirectUrl + "/create-from-institution/link/" + requestInstitutionEduID.getHash();
+ String returnUri = this.myconextRedirectUrl + "/create-from-institution/link/" + requestInstitutionEduID.getHash();
return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(returnUri)).build();
}
@@ -379,7 +379,7 @@ public ResponseEntity createFromInstitutionFinish(HttpServletRequest request,
(String) userInfo.get("family_name"),
schacHomeOrganization,
preferredLanguage,
- mijnEduIDEntityId,
+ myconextEntityid,
manage);
}
user.setCreateFromInstitutionKey(hash());
@@ -388,7 +388,7 @@ public ResponseEntity createFromInstitutionFinish(HttpServletRequest request,
email, user.isNewUser(), user.getId(), user.getCreateFromInstitutionKey(), user.getCreateFromInstitutionReturnUrl()));
ResponseEntity responseEntity = saveOrUpdateLinkedAccountToUser(
user,
- this.idpBaseRedirectUrl + "/create-from-institution-login?key=" + user.getCreateFromInstitutionKey(),
+ this.accountRedirectUrl + "/create-from-institution-login?key=" + user.getCreateFromInstitutionKey(),
false,
false,
false,
@@ -527,7 +527,7 @@ public ResponseEntity mobileVerifyIDRedirect(@RequestParam(value = "code", requi
VerifyState verifyState = attributeMapper.serializeFromBase64(state);
Optional optionalMobileLinkAccountRequest = this.mobileLinkAccountRequestRepository.findByHash(verifyState.getStateIdentifier());
if (!optionalMobileLinkAccountRequest.isPresent()) {
- return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/client/mobile/expired")).build();
+ return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/client/mobile/expired")).build();
}
MobileLinkAccountRequest mobileLinkAccountRequest = optionalMobileLinkAccountRequest.get();
String userId = mobileLinkAccountRequest.getUserId();
@@ -544,7 +544,7 @@ private ResponseEntity doVerifyIDRedirect(String code,
User user) {
if (!StringUtils.hasText(code) || !StringUtils.hasText(state)) {
- String clientRedirectUrl = isMobileFlow ? idpBaseRedirectUrl + "/client/mobile/external-account-linked-error" : spRedirectUrl;
+ String clientRedirectUrl = isMobileFlow ? accountRedirectUrl + "/client/mobile/external-account-linked-error" : myconextRedirectUrl;
URI location = URI.create(String.format("%s/external-account-linked-error?error=%s&error_description=%s",
clientRedirectUrl,
StringUtils.hasText(error) ? URLEncoder.encode(error, Charset.defaultCharset()) : "",
@@ -598,8 +598,8 @@ private ResponseEntity doVerifyIDRedirect(String code,
verifyState.getIdpScoping()));
String encodedOtherMail = URLEncoder.encode(optionalUsers.stream().findFirst().get().getEmail(), Charset.defaultCharset());
String clientRedirectUrl = isMobileFlow ?
- idpBaseRedirectUrl + String.format("/client/mobile/verify-already-used?email=%s", encodedOtherMail) :
- spRedirectUrl + String.format("/subject-already-linked?idp_scoping=%s&email=%s",
+ accountRedirectUrl + String.format("/client/mobile/verify-already-used?email=%s", encodedOtherMail) :
+ myconextRedirectUrl + String.format("/subject-already-linked?idp_scoping=%s&email=%s",
verifyState.getIdpScoping().name(), encodedOtherMail);
return ResponseEntity.status(HttpStatus.FOUND)
.location(URI.create(clientRedirectUrl))
@@ -616,8 +616,8 @@ private ResponseEntity doVerifyIDRedirect(String code,
String queryParam = "?verify=" + externalLinkedAccount.getIdpScoping();
String clientRedirectUrl = isMobileFlow ?
- idpBaseRedirectUrl + "/client/mobile/external-account-linked" + queryParam :
- spRedirectUrl + "/personal" + queryParam;
+ accountRedirectUrl + "/client/mobile/external-account-linked" + queryParam :
+ myconextRedirectUrl + "/personal" + queryParam;
URI location = URI.create(clientRedirectUrl);
return ResponseEntity.status(HttpStatus.FOUND).location(location).build();
}
@@ -629,7 +629,7 @@ public ResponseEntity startIdPVerifyIDLinkAccountFlow(@PathVar
@RequestParam(value = "bankId", required = false) String bankId) {
Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id);
if (!optionalSamlAuthenticationRequest.isPresent()) {
- return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/expired")).build();
+ return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/expired")).build();
}
SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get();
@@ -670,7 +670,7 @@ public ResponseEntity idpVerifyIDRedirect(@RequestParam(value = "code", required
if (!StringUtils.hasText(code) || !StringUtils.hasText(state)) {
URI location = URI.create(String.format("%s/external-account-linked-error?error=%s&error_description=%s",
- this.idpBaseRedirectUrl,
+ this.accountRedirectUrl,
StringUtils.hasText(error) ? URLEncoder.encode(error, Charset.defaultCharset()) : "",
StringUtils.hasText(errorDescription) ? URLEncoder.encode(errorDescription, Charset.defaultCharset()) : "Unexpected+error+occurred"
)
@@ -688,7 +688,7 @@ public ResponseEntity idpVerifyIDRedirect(@RequestParam(value = "code", required
Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id);
if (!optionalSamlAuthenticationRequest.isPresent()) {
- return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/expired")).build();
+ return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/expired")).build();
}
SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get();
@@ -729,7 +729,7 @@ public ResponseEntity idpVerifyIDRedirect(@RequestParam(value = "code", required
//Not allowed to link an external linked account whose identity is already linked to another user
LOG.warn(String.format("Subject %s already linked to user %s", externalLinkedAccount.getSubjectId(), user.getEmail()));
String encodedEmail = URLEncoder.encode(optionalUsers.get(0).getEmail(), Charset.defaultCharset());
- String subjectAlreadyLinkedRequiredUri = this.idpBaseRedirectUrl + "/subject-already-linked/" +
+ String subjectAlreadyLinkedRequiredUri = this.accountRedirectUrl + "/subject-already-linked/" +
samlAuthenticationRequest.getId() +
"?h=" + samlAuthenticationRequest.getHash() +
"&redirect=" + URLEncoder.encode(this.magicLinkUrl, Charset.defaultCharset()) +
@@ -788,9 +788,9 @@ public ResponseEntity spFlowRedirect(Authentication authentication, @RequestPara
throw new ForbiddenException("Non matching user");
}
- return doRedirect(code, user, this.spFlowRedirectUri, this.spRedirectUrl + "/personal",
+ return doRedirect(code, user, this.spFlowRedirectUri, this.myconextRedirectUrl + "/personal",
false, false, true, null, null,
- this.spRedirectUrl + "/eppn-already-linked", this.spRedirectUrl + "/attribute-missing");
+ this.myconextRedirectUrl + "/eppn-already-linked", this.myconextRedirectUrl + "/attribute-missing");
}
@GetMapping("/mobile/oidc/redirect")
@@ -800,7 +800,7 @@ public ResponseEntity mobileFlowRedirect(@RequestParam("code") String code, @Req
String decodedState = URLDecoder.decode(state, StandardCharsets.UTF_8);
Optional optionalMobileLinkAccountRequest = this.mobileLinkAccountRequestRepository.findByHash(decodedState);
if (!optionalMobileLinkAccountRequest.isPresent()) {
- return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/client/mobile/expired")).build();
+ return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/client/mobile/expired")).build();
}
MobileLinkAccountRequest mobileLinkAccountRequest = optionalMobileLinkAccountRequest.get();
@@ -811,9 +811,9 @@ public ResponseEntity mobileFlowRedirect(@RequestParam("code") String code, @Req
this.mobileLinkAccountRequestRepository.delete(mobileLinkAccountRequest);
- return doRedirect(code, user, this.mobileFlowRedirectUri, this.idpBaseRedirectUrl + "/client/mobile/account-linked",
+ return doRedirect(code, user, this.mobileFlowRedirectUri, this.accountRedirectUrl + "/client/mobile/account-linked",
false, false, true, null, null,
- this.idpBaseRedirectUrl + "/client/mobile/eppn-already-linked", this.idpBaseRedirectUrl + "/client/mobile/attribute-missing");
+ this.accountRedirectUrl + "/client/mobile/eppn-already-linked", this.accountRedirectUrl + "/client/mobile/attribute-missing");
}
@GetMapping("/idp/oidc/redirect")
@@ -826,7 +826,7 @@ public ResponseEntity idpFlowRedirect(@RequestParam("code") String code, @Reques
Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id);
if (!optionalSamlAuthenticationRequest.isPresent()) {
- return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/expired")).build();
+ return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/expired")).build();
}
SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get();
String userId = samlAuthenticationRequest.getUserId();
@@ -845,22 +845,22 @@ public ResponseEntity idpFlowRedirect(@RequestParam("code") String code, @Reques
String charSet = Charset.defaultCharset().name();
- String idpStudentAffiliationRequiredUri = this.idpBaseRedirectUrl + "/affiliation-missing/" +
+ String idpStudentAffiliationRequiredUri = this.accountRedirectUrl + "/affiliation-missing/" +
samlAuthenticationRequest.getId() +
"?h=" + samlAuthenticationRequest.getHash() +
"&redirect=" + URLEncoder.encode(this.magicLinkUrl, charSet);
- String idpValidNamesRequiredUri = this.idpBaseRedirectUrl + "/valid-name-missing/" +
+ String idpValidNamesRequiredUri = this.accountRedirectUrl + "/valid-name-missing/" +
samlAuthenticationRequest.getId() +
"?h=" + samlAuthenticationRequest.getHash() +
"&redirect=" + URLEncoder.encode(this.magicLinkUrl, charSet);
- String eppnAlreadyLinkedRequiredUri = this.idpBaseRedirectUrl + "/eppn-already-linked/" +
+ String eppnAlreadyLinkedRequiredUri = this.accountRedirectUrl + "/eppn-already-linked/" +
samlAuthenticationRequest.getId() +
"?h=" + samlAuthenticationRequest.getHash() +
"&redirect=" + URLEncoder.encode(this.magicLinkUrl, charSet);
- String attributeMissingUri = this.idpBaseRedirectUrl + "/attribute-missing/" +
+ String attributeMissingUri = this.accountRedirectUrl + "/attribute-missing/" +
samlAuthenticationRequest.getId() +
"?h=" + samlAuthenticationRequest.getHash() +
"&redirect=" + URLEncoder.encode(this.magicLinkUrl, charSet);
diff --git a/myconext-server/src/main/java/myconext/api/LoginController.java b/myconext-server/src/main/java/myconext/api/LoginController.java
index bbeacdf3e..d0e28f143 100644
--- a/myconext-server/src/main/java/myconext/api/LoginController.java
+++ b/myconext-server/src/main/java/myconext/api/LoginController.java
@@ -55,24 +55,24 @@ public class LoginController {
private final AuthenticationRequestRepository authenticationRequestRepository;
private final SecurityContextRepository securityContextRepository;
private final List createFromInstitutionAllowedReturnDomains;
- private final String spBaseUrl;
- private final String spServiceDeskBaseUrl;
+ private final String myconextRedirectUrl;
+ private final String servicedeskRedirectUrl;
private final String myconextLoginUrl;
public LoginController(UserRepository userRepository,
AuthenticationRequestRepository authenticationRequestRepository,
SecurityContextRepository securityContextRepository,
- @Value("${base_path}") String basePath,
- @Value("${base_path_service_desk}") String basePathServiceDesk,
+ @Value("${myconext_base_path}") String myconextBasePath,
+ @Value("${servicedesk_base_path}") String servicedeskBasePath,
@Value("${base_domain}") String baseDomain,
@Value("${my_conext_url}") String myConextUrl,
@Value("${continue_after_login_url}") String continueAfterLoginUrl,
@Value("${email.magic-link-url}") String magicLinkUrl,
@Value("${domain}") String domain,
@Value("${secure_cookie}") boolean secureCookie,
- @Value("${idp_redirect_url}") String idpBaseUrl,
- @Value("${sp_redirect_url}") String spBaseUrl,
- @Value("${sp_servicedesk_redirect_url}") String spServiceDeskBaseUrl,
+ @Value("${account_redirect_url}") String accountRedirectUrl,
+ @Value("${myconext_redirect_url}") String myconextRedirectUrl,
+ @Value("${servicedesk_redirect_url}") String servicedeskRedirectUrl,
@Value("${feature.webauthn}") boolean featureWebAuthn,
@Value("${feature.connections}") boolean featureConnections,
@Value("${feature.warning_educational_email_domain}") boolean featureWarningEducationalEmailDomain,
@@ -93,17 +93,18 @@ public LoginController(UserRepository userRepository,
@Value("${feature.use_app}") boolean useApp,
CreateFromInstitutionProperties createFromInstitutionProperties
) {
- this.config.put("basePath", basePath);
- this.config.put("loginUrl", basePath + "/auth/login");
- this.config.put("loginUrlServiceDesk", basePathServiceDesk + "/auth/login");
+ // Todo rename in frontend is needed
+ this.config.put("basePath", myconextBasePath);
+ this.config.put("loginUrl", myconextBasePath + "/auth/login");
+ this.config.put("loginUrlServiceDesk", servicedeskBasePath + "/auth/login");
this.config.put("continueAfterLoginUrl", continueAfterLoginUrl);
this.config.put("baseDomain", baseDomain);
this.config.put("magicLinkUrl", magicLinkUrl);
- this.config.put("idpBaseUrl", idpBaseUrl);
- this.config.put("spBaseUrl", spBaseUrl);
- this.config.put("spServiceDeskBaseUrl", spServiceDeskBaseUrl);
- this.config.put("myconextWebAuthUrl", String.format("%s/webauthn", idpBaseUrl));
- this.config.put("myconextWebAuthnRedirectSpUrl", String.format("%s/security", spBaseUrl));
+ this.config.put("idpBaseUrl", accountRedirectUrl);
+ this.config.put("spBaseUrl", myconextRedirectUrl);
+ this.config.put("spServiceDeskBaseUrl", servicedeskRedirectUrl);
+ this.config.put("myconextWebAuthUrl", String.format("%s/webauthn", accountRedirectUrl));
+ this.config.put("myconextWebAuthnRedirectSpUrl", String.format("%s/security", myconextRedirectUrl));
this.config.put("domain", domain);
this.config.put("featureWebAuthn", featureWebAuthn);
this.config.put("featureWarningEducationalEmailDomain", featureWarningEducationalEmailDomain);
@@ -129,8 +130,8 @@ public LoginController(UserRepository userRepository,
this.authenticationRequestRepository = authenticationRequestRepository;
this.securityContextRepository = securityContextRepository;
this.createFromInstitutionAllowedReturnDomains = createFromInstitutionProperties.getReturnUrlAllowedDomains();
- this.spBaseUrl = spBaseUrl;
- this.spServiceDeskBaseUrl = spServiceDeskBaseUrl;
+ this.myconextRedirectUrl = myconextRedirectUrl;
+ this.servicedeskRedirectUrl = servicedeskRedirectUrl;
this.myconextLoginUrl = myConextUrl + "/oauth2/authorization/my_conext";
}
@@ -147,8 +148,8 @@ public View login(
@RequestParam(value = "registration_id") String registrationId
) {
String baseUrl = InternalSecurityConfigurationAdapter.REGISTRATION_ID_SERVICE_DESK.equals(registrationId)
- ? spServiceDeskBaseUrl
- : spBaseUrl;
+ ? servicedeskRedirectUrl
+ : myconextRedirectUrl;
String target = baseUrl;
if (StringUtils.hasText(redirectPath)) {
String path = URLDecoder.decode(redirectPath, StandardCharsets.UTF_8);
diff --git a/myconext-server/src/main/java/myconext/api/ServiceDeskController.java b/myconext-server/src/main/java/myconext/api/ServiceDeskController.java
index 71c1718da..55c2a0bc9 100644
--- a/myconext-server/src/main/java/myconext/api/ServiceDeskController.java
+++ b/myconext-server/src/main/java/myconext/api/ServiceDeskController.java
@@ -20,13 +20,8 @@
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
-import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
-import org.springframework.web.servlet.View;
-import org.springframework.web.servlet.view.RedirectView;
-import java.net.URLDecoder;
-import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.List;
import java.util.Optional;
@@ -42,16 +37,16 @@ public class ServiceDeskController {
private final UserRepository userRepository;
private final ExternalUserRepository externalUserRepository;
private final AttributeMapper attributeMapper;
- private final String spBaseUrl;
+ private final String myconextRedirectUrl;
public ServiceDeskController(UserRepository userRepository,
ExternalUserRepository externalUserRepository,
AttributeMapper attributeMapper,
- @Value("${sp_redirect_url}") String spBaseUrl) {
+ @Value("${myconext_redirect_url}") String myconextRedirectUrl) {
this.userRepository = userRepository;
this.externalUserRepository = externalUserRepository;
this.attributeMapper = attributeMapper;
- this.spBaseUrl = spBaseUrl;
+ this.myconextRedirectUrl = myconextRedirectUrl;
}
@GetMapping("/me")
diff --git a/myconext-server/src/main/java/myconext/api/UserController.java b/myconext-server/src/main/java/myconext/api/UserController.java
index b128032a2..87130dcf1 100644
--- a/myconext-server/src/main/java/myconext/api/UserController.java
+++ b/myconext-server/src/main/java/myconext/api/UserController.java
@@ -53,17 +53,13 @@
import org.springframework.util.StringUtils;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
-import org.springframework.web.servlet.View;
-import org.springframework.web.servlet.view.RedirectView;
import tiqr.org.model.Registration;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Field;
-import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.Charset;
-import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
@@ -95,7 +91,7 @@ public class UserController implements UserAuthentication {
private final String magicLinkUrl;
private final String schacHomeOrganization;
private final String webAuthnSpRedirectUrl;
- private final String idpBaseUrl;
+ private final String accountRedirectUrl;
private final RelyingParty relyingParty;
private final UserCredentialRepository userCredentialRepository;
private final ChallengeRepository challengeRepository;
@@ -106,7 +102,7 @@ public class UserController implements UserAuthentication {
private final EmailGuessingPrevention emailGuessingPreventor;
private final EmailDomainGuard emailDomainGuard;
private final DisposableEmailProviders disposableEmailProviders;
- private final String spBaseUrl;
+ private final String myconextRedirectUrl;
private final ObjectMapper objectMapper;
private final RegistrationRepository registrationRepository;
private final boolean featureDefaultRememberMe;
@@ -136,10 +132,10 @@ public UserController(UserRepository userRepository,
@Value("${email.magic-link-url}") String magicLinkUrl,
@Value("${schac_home_organizations}") String schacHomeOrganizations,
@Value("${email_guessing_sleep_millis}") int emailGuessingSleepMillis,
- @Value("${sp_redirect_url}") String spBaseUrl,
- @Value("${idp_redirect_url}") String idpBaseUrl,
- @Value("${rp_origin}") String rpOrigin,
- @Value("${rp_id}") String rpId,
+ @Value("${myconext_redirect_url}") String myconextRedirectUrl,
+ @Value("${account_redirect_url}") String accountRedirectUrl,
+ @Value("${account_origin}") String accountOrigin,
+ @Value("${account_id}") String accountId,
@Value("${feature.default_remember_me}") boolean featureDefaultRememberMe,
@Value("${feature.send_js_exceptions}") boolean sendJsExceptions,
@Value("${feature.service_desk_active}") boolean serviceDeskActive,
@@ -162,11 +158,11 @@ public UserController(UserRepository userRepository,
this.captchaVerifier = captchaVerifier;
this.magicLinkUrl = magicLinkUrl;
this.schacHomeOrganization = Stream.of(schacHomeOrganizations.split(",")).map(String::trim).toList().getFirst();
- this.idpBaseUrl = idpBaseUrl;
- this.spBaseUrl = spBaseUrl;
- this.webAuthnSpRedirectUrl = String.format("%s/security", spBaseUrl);
+ this.accountRedirectUrl = accountRedirectUrl;
+ this.myconextRedirectUrl = myconextRedirectUrl;
+ this.webAuthnSpRedirectUrl = String.format("%s/security", myconextRedirectUrl);
this.servicesConfiguration = servicesConfiguration;
- this.relyingParty = relyingParty(rpId, rpOrigin);
+ this.relyingParty = relyingParty(accountId, accountOrigin);
this.emailGuessingPreventor = new EmailGuessingPrevention(emailGuessingSleepMillis);
this.featureDefaultRememberMe = featureDefaultRememberMe;
this.sendJsExceptions = sendJsExceptions;
@@ -391,7 +387,7 @@ private ResponseEntity> doVerifyCodeExistingUser(VerifyOneTi
url = this.magicLinkUrl + "?h=" + hash;
} else {
//Mobile app
- url = this.idpBaseUrl + "/mobile/api/create-from-mobile-api/in-app?h=" + hash;
+ url = this.accountRedirectUrl + "/mobile/api/create-from-mobile-api/in-app?h=" + hash;
}
return ResponseEntity.status(201).body(Map.of("url", url, "email", user.getEmail()));
}
@@ -467,7 +463,7 @@ public ResponseEntity createEduIDAccount(@Valid @RequestBody Cre
User user = doCreateEduIDAccount(createAccount);
String inAppPath = inAppIndicator ? "/in-app" : "";
- String linkUrl = String.format("%s/mobile/api/create-from-mobile-api%s", this.idpBaseUrl, inAppPath);
+ String linkUrl = String.format("%s/mobile/api/create-from-mobile-api%s", this.accountRedirectUrl, inAppPath);
mailBox.sendAccountVerificationMobileAPI(user, user.getCreateFromInstitutionKey(), linkUrl);
logWithContext(user, "create", "user", LOG, "Create user in mobile API");
@@ -1059,7 +1055,7 @@ public ResponseEntity> testWebAuthnUrl(Authentication authen
String email = URLEncoder.encode(user.getEmail(), Charset.defaultCharset().name());
String loginUrl = String.format("%s/webauthnTest/%s?name=Test-webAuthn&email=%s&testWebAuthn=true",
- idpBaseUrl, samlAuthenticationRequest.getId(), email);
+ accountRedirectUrl, samlAuthenticationRequest.getId(), email);
return ResponseEntity.status(200).body(Collections.singletonMap("url", loginUrl));
}
@@ -1266,7 +1262,7 @@ public ResponseEntity idpWebAuthnTryAuthentication(HttpServletRequest request, @
if (samlAuthenticationRequest.isTestInstance()) {
//back to SP
String credentialId = credentialId(body);
- String url = String.format("%s/credential?id=%s&success=false", spBaseUrl, credentialId);
+ String url = String.format("%s/credential?id=%s&success=false", myconextRedirectUrl, credentialId);
return ResponseEntity.status(201).body(Collections.singletonMap("url", url));
}
throw new ForbiddenException("Unsuccessfully SAML authentication ");
@@ -1282,7 +1278,7 @@ public ResponseEntity idpWebAuthnTryAuthentication(HttpServletRequest request, @
if (samlAuthenticationRequest.isTestInstance()) {
//back to SP
String credentialId = credentialId(body);
- String url = String.format("%s/credential?id=%s&success=true", spBaseUrl, credentialId);
+ String url = String.format("%s/credential?id=%s&success=true", myconextRedirectUrl, credentialId);
return ResponseEntity.status(201).body(Collections.singletonMap("url", url));
}
diff --git a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
index 086fae23d..6bbada79f 100644
--- a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
+++ b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
@@ -98,8 +98,8 @@ public SamlSecurity(@Value("${private_key_path}") Resource privateKeyPath,
@Value("${certificate_path}") Resource certificatePath,
@Value("${idp_entity_id}") String idpEntityId,
@Value("${sp_entity_id}") String spEntityId,
- @Value("${sp_entity_metadata_url}") String spMetaDataUrl,
- @Value("${idp_redirect_url}") String redirectUrl,
+ @Value("${account_metadata_url}") String accountMetadataUrl,
+ @Value("${account_redirect_url}") String accountRedirectUrl,
@Value("${remember_me_max_age_seconds}") int rememberMeMaxAge,
@Value("${tiqr_trust_for_pn_max_age_seconds}") int tiqrCookieMaxAge,
@Value("${nudge_eduid_app_login_days}") int nudgeAppDays,
@@ -148,7 +148,7 @@ public SamlSecurity(@Value("${private_key_path}") Resource privateKeyPath,
final List serviceProviders = new ArrayList<>();
List spEntityIdentifiers = commaSeparatedToList(spEntityId);
- List spMetaDataUrls = commaSeparatedToList(spMetaDataUrl);
+ List spMetaDataUrls = commaSeparatedToList(accountMetadataUrl);
for (int i = 0; i < spEntityIdentifiers.size(); i++) {
serviceProviders.add(new SAMLServiceProvider(spEntityIdentifiers.get(i), spMetaDataUrls.get(i)));
}
@@ -159,7 +159,7 @@ public SamlSecurity(@Value("${private_key_path}") Resource privateKeyPath,
requiresSignedAuthnRequest
);
this.guestIdpAuthenticationRequestFilter = new GuestIdpAuthenticationRequestFilter(
- redirectUrl,
+ accountRedirectUrl,
serviceProviderResolver,
authenticationRequestRepository,
userRepository,
@@ -255,7 +255,7 @@ public SecurityFilterChain internalSecuritySecurityFilterChain(
Manage manage,
UserRepository userRepository,
ExternalUserRepository externalUserRepository,
- @Value("${mijn_eduid_entity_id}") String mijnEduIDEntityId,
+ @Value("${myconext_entityid}") String mijnEduIDEntityId,
@Value("${service_desk_roles}") String[] serviceDeskRoles,
@Value("${service_desk_role_auto_provisioning}") boolean serviceDeskRoleAutoProvisioning,
@Value("${host_headers.active}") String activeHost,
diff --git a/myconext-server/src/main/java/myconext/tiqr/TiqrController.java b/myconext-server/src/main/java/myconext/tiqr/TiqrController.java
index d7aa6de33..51e8f70d3 100644
--- a/myconext-server/src/main/java/myconext/tiqr/TiqrController.java
+++ b/myconext-server/src/main/java/myconext/tiqr/TiqrController.java
@@ -70,7 +70,7 @@ public class TiqrController implements UserAuthentication {
private final RegistrationRepository registrationRepository;
private final RateLimitEnforcer rateLimitEnforcer;
private final CookieValueEncoder cookieValueEncoder;
- private final String mijnEduIdServiceName;
+ private final String myconextServiceName;
@Autowired
public TiqrController(@Value("${tiqr_configuration}") Resource resource,
@@ -83,7 +83,7 @@ public TiqrController(@Value("${tiqr_configuration}") Resource resource,
SMSService smsService,
Environment environment,
@Value("${email.magic-link-url}") String magicLinkUrl,
- @Value("${mijn_eduid_service_name}") String mijnEduIdServiceName,
+ @Value("${myconext_service_name}") String myconextServiceName,
CookieValueEncoder cookieValueEncoder) throws IOException {
this.tiqrConfiguration = new Yaml().loadAs(resource.getInputStream(), TiqrConfiguration.class);
this.cookieValueEncoder = cookieValueEncoder;
@@ -114,7 +114,7 @@ public TiqrController(@Value("${tiqr_configuration}") Resource resource,
this.serviceProviderResolver = serviceProviderResolver;
this.smsService = smsService;
this.magicLinkUrl = magicLinkUrl;
- this.mijnEduIdServiceName = mijnEduIdServiceName;
+ this.myconextServiceName = myconextServiceName;
this.rateLimitEnforcer = new RateLimitEnforcer(userRepository, tiqrConfiguration);
}
@@ -408,7 +408,7 @@ private ResponseEntity doVerifyPhoneCode(PhoneVerification phon
public ResponseEntity startAuthenticationForSP(HttpServletRequest request,
org.springframework.security.core.Authentication authentication) throws IOException, WriterException, TiqrException {
User user = userFromAuthentication(authentication);
- ResponseEntity startAuthenticationResponseEntity = doStartAuthentication(request, user, this.mijnEduIdServiceName);
+ ResponseEntity startAuthenticationResponseEntity = doStartAuthentication(request, user, this.myconextServiceName);
String sessionKey = startAuthenticationResponseEntity.getBody().getSessionKey();
request.getSession().setAttribute(SESSION_KEY, sessionKey);
return startAuthenticationResponseEntity;
diff --git a/myconext-server/src/main/resources/application.yml b/myconext-server/src/main/resources/application.yml
index 3ebba0ce6..9884fa3a1 100644
--- a/myconext-server/src/main/resources/application.yml
+++ b/myconext-server/src/main/resources/application.yml
@@ -83,21 +83,21 @@ manage:
mongodb_db: surf_id_test
base_domain: test2.surfconext.nl
saml_metadata_base_path: http://localhost:8081
-base_path: http://localhost:8081
-base_path_service_desk: http://localhost:8081
+myconext_base_path: http://localhost:8081
+servicedesk_base_path: http://localhost:8081
continue_after_login_url: http://localhost:8081/saml/guest-idp/continue
-idp_redirect_url: http://localhost:3000
-rp_id: localhost
-rp_origin: http://localhost:3000
-sp_redirect_url: http://localhost:3001
-sp_servicedesk_redirect_url: http://localhost:3003
+account_redirect_url: http://localhost:3000
+account_id: localhost
+account_origin: http://localhost:3000
+myconext_redirect_url: http://localhost:3001
+servicedesk_redirect_url: http://localhost:3003
sp_entity_id: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata
-sp_entity_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata
-guest_idp_entity_id: https://localhost.surf.id
+account_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata
+proxy_idp_entity_id: https://localhost.surf.id
my_conext_url: https://my.test2.surfconext.nl
domain: eduid.nl
-mijn_eduid_entity_id: http://mijn.localhost/shibboleth
-mijn_eduid_service_name: "Mijn eduID"
+myconext_entityid: http://mijn.localhost/shibboleth
+myconext_service_name: "Mijn eduID"
mobile_app_redirect: eduid:///client/mobile
mobile_app_rp_entity_id: mobile_app_rp_entity_id
diff --git a/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java b/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java
index b2e86923a..2d407ecec 100644
--- a/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java
+++ b/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java
@@ -85,7 +85,7 @@
"cron.node-cron-job-responsible=false",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
diff --git a/myconext-server/src/test/java/myconext/api/UserControllerAllowedDomainsTest.java b/myconext-server/src/test/java/myconext/api/UserControllerAllowedDomainsTest.java
index 94779053c..95d699cb5 100644
--- a/myconext-server/src/test/java/myconext/api/UserControllerAllowedDomainsTest.java
+++ b/myconext-server/src/test/java/myconext/api/UserControllerAllowedDomainsTest.java
@@ -18,7 +18,7 @@
"cron.node-cron-job-responsible=false",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
"feature.use_deny_allow_list.allow_enabled=True",
diff --git a/myconext-server/src/test/java/myconext/api/UserControllerCaptchaTest.java b/myconext-server/src/test/java/myconext/api/UserControllerCaptchaTest.java
index dfb3b2df7..ae059b444 100644
--- a/myconext-server/src/test/java/myconext/api/UserControllerCaptchaTest.java
+++ b/myconext-server/src/test/java/myconext/api/UserControllerCaptchaTest.java
@@ -30,7 +30,7 @@
"cron.node-cron-job-responsible=false",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
"feature.use_deny_allow_list.allow_enabled=false",
diff --git a/myconext-server/src/test/java/myconext/api/UserControllerRememberMeTest.java b/myconext-server/src/test/java/myconext/api/UserControllerRememberMeTest.java
index 252c9bed3..aee16b244 100644
--- a/myconext-server/src/test/java/myconext/api/UserControllerRememberMeTest.java
+++ b/myconext-server/src/test/java/myconext/api/UserControllerRememberMeTest.java
@@ -25,7 +25,7 @@
"cron.node-cron-job-responsible=false",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
diff --git a/myconext-server/src/test/java/myconext/api/UserControllerSSOMfaTest.java b/myconext-server/src/test/java/myconext/api/UserControllerSSOMfaTest.java
index ced4b0e3e..6f71e8830 100644
--- a/myconext-server/src/test/java/myconext/api/UserControllerSSOMfaTest.java
+++ b/myconext-server/src/test/java/myconext/api/UserControllerSSOMfaTest.java
@@ -24,7 +24,7 @@
"cron.node-cron-job-responsible=false",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
diff --git a/myconext-server/src/test/java/myconext/cron/InactivityMailDryRunTest.java b/myconext-server/src/test/java/myconext/cron/InactivityMailDryRunTest.java
index 2a8a42be9..394b5b86e 100644
--- a/myconext-server/src/test/java/myconext/cron/InactivityMailDryRunTest.java
+++ b/myconext-server/src/test/java/myconext/cron/InactivityMailDryRunTest.java
@@ -18,7 +18,7 @@
"cron.node-cron-job-responsible=true",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
@@ -61,4 +61,4 @@ public void mailInactivityFirstRun() {
assertThrows(ConditionTimeoutException.class, this::mailMessages);
}
-}
\ No newline at end of file
+}
diff --git a/myconext-server/src/test/java/myconext/cron/InactivityMailTest.java b/myconext-server/src/test/java/myconext/cron/InactivityMailTest.java
index 92f83a09e..be0c8f7d1 100644
--- a/myconext-server/src/test/java/myconext/cron/InactivityMailTest.java
+++ b/myconext-server/src/test/java/myconext/cron/InactivityMailTest.java
@@ -26,7 +26,7 @@
"cron.node-cron-job-responsible=true",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
@@ -149,4 +149,4 @@ private String messageContent(MimeMessage mimeMessage) {
return IOUtils.toString(mimeMessage.getInputStream(), Charset.defaultCharset());
}
-}
\ No newline at end of file
+}
diff --git a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageBatchTest.java b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageBatchTest.java
index 60e233c0a..89dfaa118 100644
--- a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageBatchTest.java
+++ b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageBatchTest.java
@@ -22,7 +22,7 @@
"cron.node-cron-job-responsible=true",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
@@ -120,4 +120,4 @@ public void mailUsersWithInstitutionMailWithDateOlderThan5MonthsAndNew() {
assertTrue(mimeMessagesBatch.stream().anyMatch(m -> hasRecipient(m, email))));
}
-}
\ No newline at end of file
+}
diff --git a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageDryRunTest.java b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageDryRunTest.java
index 34802c34c..cfe72fd7e 100644
--- a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageDryRunTest.java
+++ b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageDryRunTest.java
@@ -14,7 +14,7 @@
"cron.node-cron-job-responsible=true",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
@@ -36,4 +36,4 @@ public void mailUsersWithInstitutionMail() {
assertThrows(ConditionTimeoutException.class, this::mailMessages);
}
-}
\ No newline at end of file
+}
diff --git a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageTest.java b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageTest.java
index 25906478a..d15a90056 100644
--- a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageTest.java
+++ b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageTest.java
@@ -18,7 +18,7 @@
"cron.node-cron-job-responsible=true",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
@@ -55,4 +55,4 @@ public void mailUsersWithInstitutionMail() {
assertEquals(1, mimeMessagesSecondBatch.size());
assertEquals("mdoe@example.com", mimeMessagesSecondBatch.get(0).getRecipients(Message.RecipientType.TO)[0].toString());
}
-}
\ No newline at end of file
+}
diff --git a/myconext-server/src/test/java/myconext/cron/NudgeAppMailDisabledAppTest.java b/myconext-server/src/test/java/myconext/cron/NudgeAppMailDisabledAppTest.java
index f06c8c784..ba4c10ce5 100644
--- a/myconext-server/src/test/java/myconext/cron/NudgeAppMailDisabledAppTest.java
+++ b/myconext-server/src/test/java/myconext/cron/NudgeAppMailDisabledAppTest.java
@@ -14,7 +14,7 @@
"cron.node-cron-job-responsible=true",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
diff --git a/myconext-server/src/test/java/myconext/cron/NudgeAppMailDryRunTest.java b/myconext-server/src/test/java/myconext/cron/NudgeAppMailDryRunTest.java
index 618436e62..23bb28aa1 100644
--- a/myconext-server/src/test/java/myconext/cron/NudgeAppMailDryRunTest.java
+++ b/myconext-server/src/test/java/myconext/cron/NudgeAppMailDryRunTest.java
@@ -14,7 +14,7 @@
"cron.node-cron-job-responsible=true",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
@@ -37,4 +37,4 @@ public void mailUsersWithoutApp() {
assertThrows(ConditionTimeoutException.class, this::mailMessages);
}
-}
\ No newline at end of file
+}
diff --git a/myconext-server/src/test/java/myconext/cron/NudgeAppMailTest.java b/myconext-server/src/test/java/myconext/cron/NudgeAppMailTest.java
index 02508fb0f..9bc6ced3a 100644
--- a/myconext-server/src/test/java/myconext/cron/NudgeAppMailTest.java
+++ b/myconext-server/src/test/java/myconext/cron/NudgeAppMailTest.java
@@ -19,7 +19,7 @@
"cron.node-cron-job-responsible=true",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
"cron.service-name-resolver-initial-delay-milliseconds=60000",
@@ -52,4 +52,4 @@ public void mailUsersWithoutApp() {
assertThrows(ConditionTimeoutException.class, this::mailMessages);
}
-}
\ No newline at end of file
+}
diff --git a/myconext-server/src/test/java/myconext/oidcng/OpenIDConnectTest.java b/myconext-server/src/test/java/myconext/oidcng/OpenIDConnectTest.java
index 519c5ac96..4f6cdeb52 100644
--- a/myconext-server/src/test/java/myconext/oidcng/OpenIDConnectTest.java
+++ b/myconext-server/src/test/java/myconext/oidcng/OpenIDConnectTest.java
@@ -31,7 +31,7 @@
"cron.node-cron-job-responsible=false",
"email_guessing_sleep_millis=1",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"spring.main.lazy-initialization=true",
"oidc-token-api.token-url=http://localhost:8098/tokens",
"host_headers.active: mijn.test2.eduid.nl",
diff --git a/myconext-server/src/test/java/myconext/security/SecurityConfigurationTest.java b/myconext-server/src/test/java/myconext/security/SecurityConfigurationTest.java
index 4ba93aca4..9acfd09ed 100644
--- a/myconext-server/src/test/java/myconext/security/SecurityConfigurationTest.java
+++ b/myconext-server/src/test/java/myconext/security/SecurityConfigurationTest.java
@@ -18,7 +18,7 @@
"certificate_path=classpath:/nope.pub",
"cron.node-cron-job-responsible=false",
"sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata",
- "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
+ "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata",
"management.health.mail.enabled=false"
})
@ActiveProfiles("test")
From 6d9e3f9609967ed6ea73b38683b7fd9d8e359b51 Mon Sep 17 00:00:00 2001
From: Ricardo van der Heijden
<20791917+ricardovdheijden@users.noreply.github.com>
Date: Wed, 1 Jul 2026 09:37:41 +0200
Subject: [PATCH 2/6] Renames variables in config object. Updates frontend
---
account-gui/src/routes/WebAuthn.svelte | 2 +-
account-gui/src/stores/conf.js | 6 ++--
account-gui/src/verify/ServiceDesk.svelte | 2 +-
myconext-gui/src/components/Header.svelte | 2 +-
.../src/routes/CreateFromInstitution.svelte | 2 +-
myconext-gui/src/routes/DeleteAccount.svelte | 2 +-
myconext-gui/src/routes/EditEmail.svelte | 4 +--
myconext-gui/src/routes/Password.svelte | 2 +-
myconext-gui/src/routes/PasswordLink.svelte | 4 +--
myconext-gui/src/routes/PersonalInfo.svelte | 4 +--
myconext-gui/src/routes/WebAuthn.svelte | 2 +-
myconext-gui/src/routes/tiqr/Congrats.svelte | 2 +-
myconext-gui/src/stores/user.js | 6 ++--
myconext-gui/src/utils/utils.js | 4 +--
.../java/myconext/api/LoginController.java | 29 +++++++++----------
public-gui/src/App.jsx | 4 +--
public-gui/src/components/Navigation.jsx | 4 +--
public-gui/src/routes/About_EN.jsx | 2 +-
public-gui/src/routes/About_NL.jsx | 2 +-
public-gui/src/routes/Home.jsx | 2 +-
public-gui/src/stores/AppStore.js | 4 +--
public-gui/src/terms/PrivacyEN.jsx | 6 ++--
public-gui/src/terms/PrivacyNL.jsx | 6 ++--
servicedesk-gui/src/pages/Forbidden.jsx | 2 +-
24 files changed, 52 insertions(+), 53 deletions(-)
diff --git a/account-gui/src/routes/WebAuthn.svelte b/account-gui/src/routes/WebAuthn.svelte
index f831b7f82..ed1425934 100644
--- a/account-gui/src/routes/WebAuthn.svelte
+++ b/account-gui/src/routes/WebAuthn.svelte
@@ -35,7 +35,7 @@
})
.catch(() => {
//happens when the key is already registered
- window.location.href = $conf.myconextWebAuthnRedirectSpUrl;
+ window.location.href = $conf.myconextWebAuthnRedirectUrl;
})
})
.catch(() => navigate("/404"));
diff --git a/account-gui/src/stores/conf.js b/account-gui/src/stores/conf.js
index baa68f0bd..3452fbd8a 100644
--- a/account-gui/src/stores/conf.js
+++ b/account-gui/src/stores/conf.js
@@ -1,14 +1,14 @@
import {writable} from 'svelte/store';
export const conf = writable({
- basePath: "",
+ myconextBasePath: "",
magicLinkUrl: "",
continueAfterLoginUrl: "",
domain: "",
- myconextWebAuthnRedirectSpUrl: "",
+ myconextWebAuthnRedirectUrl: "",
featureWebAuthn: false,
featureAllowList: false,
- idpBaseUrl: "",
+ accountBaseUrl: "",
featureWarningEducationalEmailDomain: false,
featureIdVerify: false,
featureServiceDeskActive: false,
diff --git a/account-gui/src/verify/ServiceDesk.svelte b/account-gui/src/verify/ServiceDesk.svelte
index b3ef5caad..a3daf5742 100644
--- a/account-gui/src/verify/ServiceDesk.svelte
+++ b/account-gui/src/verify/ServiceDesk.svelte
@@ -10,7 +10,7 @@
export let id;
const proceed = () => {
- window.location.href = `${$conf.idpBaseUrl}/servicedesk/${id}`;
+ window.location.href = `${$conf.accountBaseUrl}/servicedesk/${id}`;
}
diff --git a/myconext-gui/src/components/Header.svelte b/myconext-gui/src/components/Header.svelte
index 930ccc466..9644e78c0 100644
--- a/myconext-gui/src/components/Header.svelte
+++ b/myconext-gui/src/components/Header.svelte
@@ -15,7 +15,7 @@
familyName: "",
usePassword: false
};
- window.location.href = `${$config.idpBaseUrl}/doLogout?param=${encodeURIComponent("logout=true")}`;
+ window.location.href = `${$config.accountBaseUrl}/doLogout?param=${encodeURIComponent("logout=true")}`;
});
}
diff --git a/myconext-gui/src/routes/CreateFromInstitution.svelte b/myconext-gui/src/routes/CreateFromInstitution.svelte
index 90d464ba0..f1fb6d2d3 100644
--- a/myconext-gui/src/routes/CreateFromInstitution.svelte
+++ b/myconext-gui/src/routes/CreateFromInstitution.svelte
@@ -89,7 +89,7 @@
onClick={startFlow}/>
{/if}
diff --git a/myconext-gui/src/routes/DeleteAccount.svelte b/myconext-gui/src/routes/DeleteAccount.svelte
index 84521acaf..6832520ec 100644
--- a/myconext-gui/src/routes/DeleteAccount.svelte
+++ b/myconext-gui/src/routes/DeleteAccount.svelte
@@ -30,7 +30,7 @@
familyName: "",
usePassword: false
};
- window.location.href = `${$config.idpBaseUrl}/doLogout?param=${encodeURIComponent("delete=true")}`;
+ window.location.href = `${$config.accountBaseUrl}/doLogout?param=${encodeURIComponent("delete=true")}`;
});
}
}
diff --git a/myconext-gui/src/routes/EditEmail.svelte b/myconext-gui/src/routes/EditEmail.svelte
index 52ccea057..484effb93 100644
--- a/myconext-gui/src/routes/EditEmail.svelte
+++ b/myconext-gui/src/routes/EditEmail.svelte
@@ -55,7 +55,7 @@
})
.catch(e => {
if (e.status === 403 || e.status === 400) {
- doLogOutAfterRateLimit($config.idpBaseUrl);
+ doLogOutAfterRateLimit($config.accountBaseUrl);
} else {
wrongCode = true;
}
@@ -68,7 +68,7 @@
allowedToResend = false;
setTimeout(() => allowedToResend = true, resendMailAllowedTimeOut);
}).catch(() => {
- doLogOutAfterRateLimit($config.idpBaseUrl);
+ doLogOutAfterRateLimit($config.accountBaseUrl);
})
}
diff --git a/myconext-gui/src/routes/Password.svelte b/myconext-gui/src/routes/Password.svelte
index 5c36253b8..d06cf660a 100644
--- a/myconext-gui/src/routes/Password.svelte
+++ b/myconext-gui/src/routes/Password.svelte
@@ -41,7 +41,7 @@
return setLoginPreference("usePassword");
})
.then(res => {
- window.location.href = `${$config.idpBaseUrl}/register/login-preference/${res.token}`;
+ window.location.href = `${$config.accountBaseUrl}/register/login-preference/${res.token}`;
})
.catch(() => {
passwordResetHashExpired = true;
diff --git a/myconext-gui/src/routes/PasswordLink.svelte b/myconext-gui/src/routes/PasswordLink.svelte
index f4a679216..64ffac564 100644
--- a/myconext-gui/src/routes/PasswordLink.svelte
+++ b/myconext-gui/src/routes/PasswordLink.svelte
@@ -59,7 +59,7 @@
})
.catch(e => {
if (e.status === 403 || e.status === 400) {
- doLogOutAfterRateLimit($config.idpBaseUrl);
+ doLogOutAfterRateLimit($config.accountBaseUrl);
} else {
wrongCode = true;
}
@@ -72,7 +72,7 @@
allowedToResend = false;
setTimeout(() => allowedToResend = true, resendMailAllowedTimeOut);
}).catch(() => {
- doLogOutAfterRateLimit($config.idpBaseUrl);
+ doLogOutAfterRateLimit($config.accountBaseUrl);
})
}
diff --git a/myconext-gui/src/routes/PersonalInfo.svelte b/myconext-gui/src/routes/PersonalInfo.svelte
index f7a76d8bb..7f23e019a 100644
--- a/myconext-gui/src/routes/PersonalInfo.svelte
+++ b/myconext-gui/src/routes/PersonalInfo.svelte
@@ -98,7 +98,7 @@
})
.catch(e => {
if (e.status === 403 || e.status === 400) {
- doLogOutAfterRateLimit($config.idpBaseUrl);
+ doLogOutAfterRateLimit($config.accountBaseUrl);
} else {
wrongCode = true;
}
@@ -221,7 +221,7 @@
tempEmailValue = value;
outstandingPasswordForgotten = true;
} else {
- doLogOutAfterRateLimit($config.idpBaseUrl);
+ doLogOutAfterRateLimit($config.accountBaseUrl);
}
});
}
diff --git a/myconext-gui/src/routes/WebAuthn.svelte b/myconext-gui/src/routes/WebAuthn.svelte
index e6b13be39..068ad7a01 100644
--- a/myconext-gui/src/routes/WebAuthn.svelte
+++ b/myconext-gui/src/routes/WebAuthn.svelte
@@ -15,7 +15,7 @@
const startWebAuthn = () => {
loading = true;
startWebAuthFlow().then(res => {
- window.location.href = `${$config.myconextWebAuthUrl}?token=${res.token}&name=${encodeURIComponent(credentialName)}`
+ window.location.href = `${$config.accountWebAuthUrl}?token=${res.token}&name=${encodeURIComponent(credentialName)}`
});
}
diff --git a/myconext-gui/src/routes/tiqr/Congrats.svelte b/myconext-gui/src/routes/tiqr/Congrats.svelte
index ebb4dccc5..56910efc1 100644
--- a/myconext-gui/src/routes/tiqr/Congrats.svelte
+++ b/myconext-gui/src/routes/tiqr/Congrats.svelte
@@ -12,7 +12,7 @@
loading = true;
finishEnrollment().then(res => {
//need to set secure cookie in login domain
- window.location.href = `${$config.idpBaseUrl}/register/${res.enrollmentVerificationKey}`;
+ window.location.href = `${$config.accountBaseUrl}/register/${res.enrollmentVerificationKey}`;
})
}
diff --git a/myconext-gui/src/stores/user.js b/myconext-gui/src/stores/user.js
index e49fc0ac5..baeae4496 100644
--- a/myconext-gui/src/stores/user.js
+++ b/myconext-gui/src/stores/user.js
@@ -26,12 +26,12 @@ export const config = writable({
loginUrl: "",
baseDomain: "",
myConextUrlGuestIdp: "",
- spBaseUrl: "",
+ myconextBaseUrl: "",
createEduIDInstitutionLanding: false,
- myconextWebAuthUrl: "",
+ accountWebAuthUrl: "",
magicLinkUrl: "",
domain: "",
- idpBaseUrl: "",
+ accountBaseUrl: "",
featureWebAuthn: false,
featureOidcTokenAPI: false,
featureConnections: false,
diff --git a/myconext-gui/src/utils/utils.js b/myconext-gui/src/utils/utils.js
index 7936039ec..7e86931e6 100644
--- a/myconext-gui/src/utils/utils.js
+++ b/myconext-gui/src/utils/utils.js
@@ -29,9 +29,9 @@ export const stopEvent = e => {
return true;
}
-export const doLogOutAfterRateLimit = idpBaseUrl => {
+export const doLogOutAfterRateLimit = accountBaseUrl => {
logout().then(() => {
- window.location.href = `${idpBaseUrl}/doLogout?param=${encodeURIComponent("ratelimit=true")}`;
+ window.location.href = `${accountBaseUrl}/doLogout?param=${encodeURIComponent("ratelimit=true")}`;
});
}
diff --git a/myconext-server/src/main/java/myconext/api/LoginController.java b/myconext-server/src/main/java/myconext/api/LoginController.java
index d0e28f143..ffbd23b1f 100644
--- a/myconext-server/src/main/java/myconext/api/LoginController.java
+++ b/myconext-server/src/main/java/myconext/api/LoginController.java
@@ -93,18 +93,17 @@ public LoginController(UserRepository userRepository,
@Value("${feature.use_app}") boolean useApp,
CreateFromInstitutionProperties createFromInstitutionProperties
) {
- // Todo rename in frontend is needed
- this.config.put("basePath", myconextBasePath);
+ this.config.put("myconextBasePath", myconextBasePath);
this.config.put("loginUrl", myconextBasePath + "/auth/login");
this.config.put("loginUrlServiceDesk", servicedeskBasePath + "/auth/login");
this.config.put("continueAfterLoginUrl", continueAfterLoginUrl);
this.config.put("baseDomain", baseDomain);
this.config.put("magicLinkUrl", magicLinkUrl);
- this.config.put("idpBaseUrl", accountRedirectUrl);
- this.config.put("spBaseUrl", myconextRedirectUrl);
- this.config.put("spServiceDeskBaseUrl", servicedeskRedirectUrl);
- this.config.put("myconextWebAuthUrl", String.format("%s/webauthn", accountRedirectUrl));
- this.config.put("myconextWebAuthnRedirectSpUrl", String.format("%s/security", myconextRedirectUrl));
+ this.config.put("accountBaseUrl", accountRedirectUrl);
+ this.config.put("myconextBaseUrl", myconextRedirectUrl);
+ this.config.put("servicedeskBaseUrl", servicedeskRedirectUrl);
+ this.config.put("accountWebAuthUrl", String.format("%s/webauthn", accountRedirectUrl));
+ this.config.put("myconextWebAuthnRedirectUrl", String.format("%s/security", myconextRedirectUrl));
this.config.put("domain", domain);
this.config.put("featureWebAuthn", featureWebAuthn);
this.config.put("featureWarningEducationalEmailDomain", featureWarningEducationalEmailDomain);
@@ -191,7 +190,7 @@ public void register(@PathVariable("enrollmentVerificationKey") String enrollmen
response.addCookie(loginPreferenceCookie);
response.addCookie(usernameCookie);
- String redirectLocation = this.config.get("spBaseUrl") + "/security";
+ String redirectLocation = this.config.get("myconextBaseUrl") + "/security";
response.sendRedirect(redirectLocation);
}
@@ -212,7 +211,7 @@ public void registerLoginPreference(@PathVariable("token") String token,
loginPreferenceCookie.setPath("/");
response.addCookie(loginPreferenceCookie);
- response.sendRedirect(this.config.get("spBaseUrl") + "/security");
+ response.sendRedirect(this.config.get("myconextBaseUrl") + "/security");
}
@GetMapping("/servicedesk/{id}")
@@ -222,8 +221,8 @@ public ResponseEntity redirectToSPServiceDeskHook(@PathVariable("id") String id,
HttpServletResponse response) {
Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id);
if (!optionalSamlAuthenticationRequest.isPresent()) {
- String idpBaseUrl = (String) this.config.get("idpBaseUrl");
- return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(idpBaseUrl + "/expired")).build();
+ String accountBaseUrl = (String) this.config.get("accountBaseUrl");
+ return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(accountBaseUrl + "/expired")).build();
}
SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get();
String userId = samlAuthenticationRequest.getUserId();
@@ -235,7 +234,7 @@ public ResponseEntity redirectToSPServiceDeskHook(@PathVariable("id") String id,
context.setAuthentication(authentication);
this.securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response);
- String redirectUrl = String.format("%s/personal?servicedesk=start", this.config.get("spBaseUrl"));
+ String redirectUrl = String.format("%s/personal?servicedesk=start", this.config.get("myconextBaseUrl"));
LOG.info(String.format("User %s logged in to process servicedesk request. Redirecting to %s", user.getEmail(), redirectUrl));
@@ -271,7 +270,7 @@ public void doLogout(HttpServletRequest request,
}
request.getSession().invalidate();
SecurityContextHolder.clearContext();
- String redirectLocation = String.format("%s/landing?%s", this.config.get("spBaseUrl"), param);
+ String redirectLocation = String.format("%s/landing?%s", this.config.get("myconextBaseUrl"), param);
LOG.info(String.format("Logout and redirect to %s", redirectLocation));
@@ -282,7 +281,7 @@ public void doLogout(HttpServletRequest request,
public void createFromInstitutionLogin(HttpServletRequest request,
HttpServletResponse response,
@RequestParam(value = "key") String key) throws IOException {
- String redirectUrl = String.format("%s/security", this.config.get("spBaseUrl"));
+ String redirectUrl = String.format("%s/security", this.config.get("myconextBaseUrl"));
doCreateUserFromInstitutionKey(request, response, key, redirectUrl);
}
@@ -290,7 +289,7 @@ public void createFromInstitutionLogin(HttpServletRequest request,
public void createFromMobileApi(HttpServletRequest request,
HttpServletResponse response,
@RequestParam(value = "h") String hash) throws IOException {
- String redirectUrl = String.format("%s/client/mobile/created", this.config.get("idpBaseUrl"));
+ String redirectUrl = String.format("%s/client/mobile/created", this.config.get("accountBaseUrl"));
doCreateUserFromInstitutionKey(request, response, hash, redirectUrl);
}
diff --git a/public-gui/src/App.jsx b/public-gui/src/App.jsx
index f3812c22d..f9c78eb39 100644
--- a/public-gui/src/App.jsx
+++ b/public-gui/src/App.jsx
@@ -24,8 +24,8 @@ function App() {
const host = window.location.host;//test.eduid.nl
useAppStore.setState(() => ({
config: {
- idpBaseUrl: `https://login.${host}`,
- spBaseUrl: `https://mijn.${host}`
+ accountBaseUrl: `https://login.${host}`,
+ myconextBaseUrl: `https://mijn.${host}`
}
}))
}, []);
diff --git a/public-gui/src/components/Navigation.jsx b/public-gui/src/components/Navigation.jsx
index b432ccf84..41c48dd75 100644
--- a/public-gui/src/components/Navigation.jsx
+++ b/public-gui/src/components/Navigation.jsx
@@ -42,9 +42,9 @@ export const Navigation = ({mobile, path}) => {
window.location.href = `${config.spBaseUrl}`}
+ onClick={() => window.location.href = `${config.myconextBaseUrl}`}
txt={I18n.t("header.mineEduID")}/>
- window.location.href = `${config.idpBaseUrl}/register`}
+ window.location.href = `${config.accountBaseUrl}/register`}
txt={I18n.t("header.register")}/>
diff --git a/public-gui/src/routes/About_EN.jsx b/public-gui/src/routes/About_EN.jsx
index 891123096..8dd0f415b 100644
--- a/public-gui/src/routes/About_EN.jsx
+++ b/public-gui/src/routes/About_EN.jsx
@@ -44,7 +44,7 @@ export const About_EN = () => {
Click 'Create eduID' and follow the steps.
Use a personal email address that you will continue to use, even if
you change schools or jobs.
- window.location.href = `${config.idpBaseUrl}/register`}
+ window.location.href = `${config.accountBaseUrl}/register`}
txt={I18n.t("header.register")}/>
diff --git a/public-gui/src/routes/About_NL.jsx b/public-gui/src/routes/About_NL.jsx
index 01acec795..e1c8d85d6 100644
--- a/public-gui/src/routes/About_NL.jsx
+++ b/public-gui/src/routes/About_NL.jsx
@@ -44,7 +44,7 @@ export const About_NL = () => {
Gebruik een persoonlijk e-mailadres dat je blijft gebruiken, ook als je van
school of baan
verandert.
- window.location.href = `${config.idpBaseUrl}/register`}
+ window.location.href = `${config.accountBaseUrl}/register`}
txt={I18n.t("header.register")}/>
{
{I18n.t("home.eduID")}
{I18n.t("home.title")}
- window.location.href = `${config.idpBaseUrl}/register`}
+ window.location.href = `${config.accountBaseUrl}/register`}
txt={I18n.t("header.register")}/>
diff --git a/public-gui/src/stores/AppStore.js b/public-gui/src/stores/AppStore.js
index 77b6f2e5a..735e0668f 100644
--- a/public-gui/src/stores/AppStore.js
+++ b/public-gui/src/stores/AppStore.js
@@ -2,7 +2,7 @@ import {create} from 'zustand'
export const useAppStore = create(() => ({
config: {
- idpBaseUrl: "http://localhost:3000",
- spBaseUrl: "http://localhost:3000"
+ accountBaseUrl: "http://localhost:3000",
+ myconextBaseUrl: "http://localhost:3000"
},
}));
diff --git a/public-gui/src/terms/PrivacyEN.jsx b/public-gui/src/terms/PrivacyEN.jsx
index cf4965073..bf0255b1b 100644
--- a/public-gui/src/terms/PrivacyEN.jsx
+++ b/public-gui/src/terms/PrivacyEN.jsx
@@ -281,7 +281,7 @@ export const PrivacyEN = () => {
the application from receiving your data. You cannot log in to the application with eduID.
- Via My eduID you can see which services you have logged into with
+ Via My eduID you can see which services you have logged into with
eduID.
@@ -338,7 +338,7 @@ export const PrivacyEN = () => {
or deleted.
You can also request access to the personal data that is processed about you. You can view the
information that
- eduID has about you on My eduID . You can also change or supplement
+ eduID has about you on My eduID . You can also change or supplement
your details
there.
@@ -346,7 +346,7 @@ export const PrivacyEN = () => {
If it concerns automatic processing of data provided by you based on consent or the execution of an
agreement,
you can request an overview in a structured and common form of the personal data that we process
- about you via Mijn eduID . You also have the right to have this data transferred to
+ about you via Mijn eduID . You also have the right to have this data transferred to
another
party, provided this is technically possible.
diff --git a/public-gui/src/terms/PrivacyNL.jsx b/public-gui/src/terms/PrivacyNL.jsx
index a6c4dc311..fd8a623a4 100644
--- a/public-gui/src/terms/PrivacyNL.jsx
+++ b/public-gui/src/terms/PrivacyNL.jsx
@@ -294,7 +294,7 @@ export const PrivacyNL = () => {
applicatie.
- Via Mijn eduID kun je zien welke diensten je via eduID hebt gebruikt.
+ Via Mijn eduID kun je zien welke diensten je via eduID hebt gebruikt.
Aan andere partijen dan bovenstaande verstrekken we je gegevens alléén na jouw toestemming, tenzij
het wettelijk verplicht of toegestaan is je gegevens te verstrekken. Zo kan bijvoorbeeld de politie
in het kader van een fraudeonderzoek gegevens bij ons opvragen. SURF is dan wettelijk verplicht deze
@@ -340,14 +340,14 @@ export const PrivacyNL = () => {
Je hebt het recht om de persoonsgegevens die eduID van jou verwerkt te laten wijzigen, aanvullen of
verwijderen. Ook kun je inzage verzoeken in de persoonsgegevens die van je worden verwerkt. De
- gegevens die eduID van jou heeft kun je inzien op Mijn eduID .
+ gegevens die eduID van jou heeft kun je inzien op Mijn eduID .
Daar kun je je gegevens ook wijzigen
of aanvullen.
Als het gaat om een automatische verwerking van door jou zelf verstrekte gegevens op basis van
toestemming of de uitvoering van een overeenkomst, kun je een overzicht in een gestructureerde en
- gangbare vorm opvragen van de persoonsgegevens die wij van jou verwerken via Mijn eduID . Ook heb je
+ gangbare vorm opvragen van de persoonsgegevens die wij van jou verwerken via Mijn eduID . Ook heb je
het recht op overdraagbaarheid van deze gegevens naar een andere partij, mits dit technisch mogelijk
is.
diff --git a/servicedesk-gui/src/pages/Forbidden.jsx b/servicedesk-gui/src/pages/Forbidden.jsx
index 8f62101f5..91003db71 100644
--- a/servicedesk-gui/src/pages/Forbidden.jsx
+++ b/servicedesk-gui/src/pages/Forbidden.jsx
@@ -12,7 +12,7 @@ const Forbidden = () => {
const {config} = useAppStore.getState();
logout().then(() => {
useAppStore.setState(() => ({breadcrumbPath: [], user: {}, controlCode: {}}));
- window.location.href = `${config.idpBaseUrl}/doLogout?param=${encodeURIComponent("logout=true")}`;
+ window.location.href = `${config.accountBaseUrl}/doLogout?param=${encodeURIComponent("logout=true")}`;
});
}
From b0d115e3d56e7d5416e87ba0af150e578a2d843d Mon Sep 17 00:00:00 2001
From: Ricardo van der Heijden
<20791917+ricardovdheijden@users.noreply.github.com>
Date: Wed, 1 Jul 2026 11:10:11 +0200
Subject: [PATCH 3/6] Merges variable "domain" into "base_domain"
---
account-gui/src/components/Footer.svelte | 2 +-
account-gui/src/routes/ExternalAccountLinkedError.svelte | 4 ++--
account-gui/src/routes/LinkExpired.svelte | 4 ++--
account-gui/src/routes/MaxAttempts.svelte | 4 ++--
account-gui/src/stores/conf.js | 2 +-
myconext-gui/src/components/Footer.svelte | 2 +-
myconext-gui/src/stores/user.js | 1 -
.../src/main/java/myconext/api/LoginController.java | 2 --
myconext-server/src/main/resources/application.yml | 1 -
9 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/account-gui/src/components/Footer.svelte b/account-gui/src/components/Footer.svelte
index 00411f4ca..14b063dc2 100644
--- a/account-gui/src/components/Footer.svelte
+++ b/account-gui/src/components/Footer.svelte
@@ -8,7 +8,7 @@
const changeLanguage = lang => () => {
const urlSearchParams = new URLSearchParams(window.location.search);
urlSearchParams.set("lang", lang);
- const domain = $conf.domain;
+ const domain = $conf.baseDomain;
Cookies.set("lang", lang, {
expires: 365,
secure: window.location.protocol.startsWith("https"),
diff --git a/account-gui/src/routes/ExternalAccountLinkedError.svelte b/account-gui/src/routes/ExternalAccountLinkedError.svelte
index 4e640dc61..d904fa976 100644
--- a/account-gui/src/routes/ExternalAccountLinkedError.svelte
+++ b/account-gui/src/routes/ExternalAccountLinkedError.svelte
@@ -42,5 +42,5 @@
{@html DOMPurify.sanitize(errorDescription)}
{/if}
- window.location.href = `https://${$conf.domain}`}/>
+ window.location.href = `https://${$conf.baseDomain}`}/>
diff --git a/account-gui/src/routes/LinkExpired.svelte b/account-gui/src/routes/LinkExpired.svelte
index e96b2587a..286074550 100644
--- a/account-gui/src/routes/LinkExpired.svelte
+++ b/account-gui/src/routes/LinkExpired.svelte
@@ -24,5 +24,5 @@
{I18n.t("Expired.CodeTitle.COPY")}
{@html I18n.t("Expired.CodeInfo.COPY")}
- window.location.href = `https://${$conf.domain}`}/>
+ window.location.href = `https://${$conf.baseDomain}`}/>
diff --git a/account-gui/src/routes/MaxAttempts.svelte b/account-gui/src/routes/MaxAttempts.svelte
index 6715afee2..540d08e30 100644
--- a/account-gui/src/routes/MaxAttempts.svelte
+++ b/account-gui/src/routes/MaxAttempts.svelte
@@ -26,7 +26,7 @@
{I18n.t("MaxAttempt.Title.COPY")}
{@html I18n.t("MaxAttempt.Info.COPY")}
-
window.location.href = `https://${$conf.domain}`}/>
+ window.location.href = `https://${$conf.baseDomain}`}/>
\ No newline at end of file
diff --git a/account-gui/src/stores/conf.js b/account-gui/src/stores/conf.js
index 3452fbd8a..32c4fe9d9 100644
--- a/account-gui/src/stores/conf.js
+++ b/account-gui/src/stores/conf.js
@@ -4,7 +4,7 @@ export const conf = writable({
myconextBasePath: "",
magicLinkUrl: "",
continueAfterLoginUrl: "",
- domain: "",
+ baseDomain: "",
myconextWebAuthnRedirectUrl: "",
featureWebAuthn: false,
featureAllowList: false,
diff --git a/myconext-gui/src/components/Footer.svelte b/myconext-gui/src/components/Footer.svelte
index c656e4a75..53b628579 100644
--- a/myconext-gui/src/components/Footer.svelte
+++ b/myconext-gui/src/components/Footer.svelte
@@ -9,7 +9,7 @@
const changeLanguage = lang => () => {
const urlSearchParams = new URLSearchParams(window.location.search);
urlSearchParams.set("lang", lang);
- Cookies.set("lang", lang, {expires: 365, secure: true, sameSite: "Lax", domain: $config.domain});
+ Cookies.set("lang", lang, {expires: 365, secure: true, sameSite: "Lax", domain: $config.baseDomain});
window.location.search = urlSearchParams.toString();
updateLanguage(lang).then(() => {
flash.setValue("Footer.LanguageChanged.COPY");
diff --git a/myconext-gui/src/stores/user.js b/myconext-gui/src/stores/user.js
index baeae4496..ddedac099 100644
--- a/myconext-gui/src/stores/user.js
+++ b/myconext-gui/src/stores/user.js
@@ -30,7 +30,6 @@ export const config = writable({
createEduIDInstitutionLanding: false,
accountWebAuthUrl: "",
magicLinkUrl: "",
- domain: "",
accountBaseUrl: "",
featureWebAuthn: false,
featureOidcTokenAPI: false,
diff --git a/myconext-server/src/main/java/myconext/api/LoginController.java b/myconext-server/src/main/java/myconext/api/LoginController.java
index ffbd23b1f..e1edc0399 100644
--- a/myconext-server/src/main/java/myconext/api/LoginController.java
+++ b/myconext-server/src/main/java/myconext/api/LoginController.java
@@ -68,7 +68,6 @@ public LoginController(UserRepository userRepository,
@Value("${my_conext_url}") String myConextUrl,
@Value("${continue_after_login_url}") String continueAfterLoginUrl,
@Value("${email.magic-link-url}") String magicLinkUrl,
- @Value("${domain}") String domain,
@Value("${secure_cookie}") boolean secureCookie,
@Value("${account_redirect_url}") String accountRedirectUrl,
@Value("${myconext_redirect_url}") String myconextRedirectUrl,
@@ -104,7 +103,6 @@ public LoginController(UserRepository userRepository,
this.config.put("servicedeskBaseUrl", servicedeskRedirectUrl);
this.config.put("accountWebAuthUrl", String.format("%s/webauthn", accountRedirectUrl));
this.config.put("myconextWebAuthnRedirectUrl", String.format("%s/security", myconextRedirectUrl));
- this.config.put("domain", domain);
this.config.put("featureWebAuthn", featureWebAuthn);
this.config.put("featureWarningEducationalEmailDomain", featureWarningEducationalEmailDomain);
this.config.put("featureAllowList", featureAllowList);
diff --git a/myconext-server/src/main/resources/application.yml b/myconext-server/src/main/resources/application.yml
index 9884fa3a1..2b38487fe 100644
--- a/myconext-server/src/main/resources/application.yml
+++ b/myconext-server/src/main/resources/application.yml
@@ -95,7 +95,6 @@ sp_entity_id: https://engine.test.surfconext.nl/authentication/sp/metadata, http
account_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata
proxy_idp_entity_id: https://localhost.surf.id
my_conext_url: https://my.test2.surfconext.nl
-domain: eduid.nl
myconext_entityid: http://mijn.localhost/shibboleth
myconext_service_name: "Mijn eduID"
mobile_app_redirect: eduid:///client/mobile
From 007e5a207b4d7be253c5d143ff5cbcf9a4905ff9 Mon Sep 17 00:00:00 2001
From: Ricardo van der Heijden
<20791917+ricardovdheijden@users.noreply.github.com>
Date: Wed, 1 Jul 2026 11:27:22 +0200
Subject: [PATCH 4/6] Merges variable "my_conext_url" into "myconext_base_path"
---
.../src/main/java/myconext/api/LoginController.java | 3 +--
myconext-server/src/main/resources/application.yml | 1 -
2 files changed, 1 insertion(+), 3 deletions(-)
diff --git a/myconext-server/src/main/java/myconext/api/LoginController.java b/myconext-server/src/main/java/myconext/api/LoginController.java
index e1edc0399..c5213a673 100644
--- a/myconext-server/src/main/java/myconext/api/LoginController.java
+++ b/myconext-server/src/main/java/myconext/api/LoginController.java
@@ -65,7 +65,6 @@ public LoginController(UserRepository userRepository,
@Value("${myconext_base_path}") String myconextBasePath,
@Value("${servicedesk_base_path}") String servicedeskBasePath,
@Value("${base_domain}") String baseDomain,
- @Value("${my_conext_url}") String myConextUrl,
@Value("${continue_after_login_url}") String continueAfterLoginUrl,
@Value("${email.magic-link-url}") String magicLinkUrl,
@Value("${secure_cookie}") boolean secureCookie,
@@ -129,7 +128,7 @@ public LoginController(UserRepository userRepository,
this.createFromInstitutionAllowedReturnDomains = createFromInstitutionProperties.getReturnUrlAllowedDomains();
this.myconextRedirectUrl = myconextRedirectUrl;
this.servicedeskRedirectUrl = servicedeskRedirectUrl;
- this.myconextLoginUrl = myConextUrl + "/oauth2/authorization/my_conext";
+ this.myconextLoginUrl = myconextBasePath + "/oauth2/authorization/my_conext";
}
@GetMapping("/config")
diff --git a/myconext-server/src/main/resources/application.yml b/myconext-server/src/main/resources/application.yml
index 2b38487fe..197633bb4 100644
--- a/myconext-server/src/main/resources/application.yml
+++ b/myconext-server/src/main/resources/application.yml
@@ -94,7 +94,6 @@ servicedesk_redirect_url: http://localhost:3003
sp_entity_id: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata
account_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata
proxy_idp_entity_id: https://localhost.surf.id
-my_conext_url: https://my.test2.surfconext.nl
myconext_entityid: http://mijn.localhost/shibboleth
myconext_service_name: "Mijn eduID"
mobile_app_redirect: eduid:///client/mobile
From 52265ff09654ffa8ca2857da35283e423fe91437 Mon Sep 17 00:00:00 2001
From: Ricardo van der Heijden
<20791917+ricardovdheijden@users.noreply.github.com>
Date: Wed, 1 Jul 2026 15:22:34 +0200
Subject: [PATCH 5/6] Updates value of myconext_entityid
---
myconext-server/src/main/resources/application.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/myconext-server/src/main/resources/application.yml b/myconext-server/src/main/resources/application.yml
index 197633bb4..818cd439e 100644
--- a/myconext-server/src/main/resources/application.yml
+++ b/myconext-server/src/main/resources/application.yml
@@ -94,7 +94,7 @@ servicedesk_redirect_url: http://localhost:3003
sp_entity_id: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata
account_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata
proxy_idp_entity_id: https://localhost.surf.id
-myconext_entityid: http://mijn.localhost/shibboleth
+myconext_entityid: http://mijn.localhost
myconext_service_name: "Mijn eduID"
mobile_app_redirect: eduid:///client/mobile
mobile_app_rp_entity_id: mobile_app_rp_entity_id
From 583ad32f461c8fccc21fb258ed4140bcc7887065 Mon Sep 17 00:00:00 2001
From: Ricardo van der Heijden
<20791917+ricardovdheijden@users.noreply.github.com>
Date: Wed, 1 Jul 2026 15:32:32 +0200
Subject: [PATCH 6/6] Updates unit tests after variable merges
---
.../src/test/java/myconext/api/LoginControllerTest.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/myconext-server/src/test/java/myconext/api/LoginControllerTest.java b/myconext-server/src/test/java/myconext/api/LoginControllerTest.java
index b553d7a12..38d17938a 100644
--- a/myconext-server/src/test/java/myconext/api/LoginControllerTest.java
+++ b/myconext-server/src/test/java/myconext/api/LoginControllerTest.java
@@ -144,7 +144,7 @@ public void register() {
.get("/register")
.then()
.statusCode(302)
- .header("Location", "https://my.test2.surfconext.nl/oauth2/authorization/my_conext?lang=en");
+ .header("Location", "http://localhost:8081/oauth2/authorization/my_conext?lang=en");
}
@Test