From 5d45e4e85deb7469aac7b286815ea0789e3bd3ae Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden <20791917+ricardovdheijden@users.noreply.github.com> Date: Tue, 30 Jun 2026 13:43:31 +0200 Subject: [PATCH 1/6] Renames variables in application.yml. Renames references in Java --- .../myconext/api/AccountLinkerController.java | 76 +++++++++---------- .../java/myconext/api/LoginController.java | 39 +++++----- .../myconext/api/ServiceDeskController.java | 11 +-- .../java/myconext/api/UserController.java | 34 ++++----- .../security/SecurityConfiguration.java | 10 +-- .../java/myconext/tiqr/TiqrController.java | 8 +- .../src/main/resources/application.yml | 22 +++--- .../myconext/AbstractIntegrationTest.java | 2 +- .../api/UserControllerAllowedDomainsTest.java | 2 +- .../api/UserControllerCaptchaTest.java | 2 +- .../api/UserControllerRememberMeTest.java | 2 +- .../api/UserControllerSSOMfaTest.java | 2 +- .../cron/InactivityMailDryRunTest.java | 4 +- .../myconext/cron/InactivityMailTest.java | 4 +- .../cron/InstitutionMailUsageBatchTest.java | 4 +- .../cron/InstitutionMailUsageDryRunTest.java | 4 +- .../cron/InstitutionMailUsageTest.java | 4 +- .../cron/NudgeAppMailDisabledAppTest.java | 2 +- .../myconext/cron/NudgeAppMailDryRunTest.java | 4 +- .../java/myconext/cron/NudgeAppMailTest.java | 4 +- .../myconext/oidcng/OpenIDConnectTest.java | 2 +- .../security/SecurityConfigurationTest.java | 2 +- 22 files changed, 118 insertions(+), 126 deletions(-) diff --git a/myconext-server/src/main/java/myconext/api/AccountLinkerController.java b/myconext-server/src/main/java/myconext/api/AccountLinkerController.java index 77c1b6f38..ac79357e3 100644 --- a/myconext-server/src/main/java/myconext/api/AccountLinkerController.java +++ b/myconext-server/src/main/java/myconext/api/AccountLinkerController.java @@ -95,13 +95,13 @@ public class AccountLinkerController implements UserAuthentication { private final MailBox mailBox; private final AttributeMapper attributeMapper; private final String magicLinkUrl; - private final String idpBaseRedirectUrl; - private final String spRedirectUrl; - private final String basePath; + private final String accountRedirectUrl; + private final String myconextRedirectUrl; + private final String myconextBasePath; private final long removalValidatedDurationDays; private final String myConextSpEntityId; private final Manage manage; - private final String mijnEduIDEntityId; + private final String myconextEntityid; private final String schacHomeOrganization; private final boolean createEduIDInstitutionEnabled; private final List createFromInstitutionAllowedReturnDomains; @@ -130,11 +130,11 @@ public AccountLinkerController( AttributeMapper attributeMapper, Manage manage, DisposableEmailProviders disposableEmailProviders, - @Value("${mijn_eduid_entity_id}") String mijnEduIDEntityId, + @Value("${myconext_entityid}") String myconextEntityid, @Value("${schac_home_organizations}") String schacHomeOrganizations, @Value("${email.magic-link-url}") String magicLinkUrl, - @Value("${idp_redirect_url}") String idpBaseRedirectUrl, - @Value("${sp_redirect_url}") String spRedirectUrl, + @Value("${account_redirect_url}") String accountRedirectUrl, + @Value("${myconext_redirect_url}") String myconextRedirectUrl, @Value("${oidc.client-id}") String clientId, @Value("${oidc.secret}") String clientSecret, @Value("${oidc.idp-flow-redirect-url}") String idpFlowRedirectUri, @@ -142,7 +142,7 @@ public AccountLinkerController( @Value("${oidc.mobile-flow-redirect-url}") String mobileFlowRedirectUri, @Value("${oidc.sp-create-from-institution-redirect-url}") String spCreateFromInstitutionRedirectUri, @Value("${oidc.base-url}") String oidcBaseUrl, - @Value("${base_path}") String basePath, + @Value("${myconext_base_path}") String myconextBasePath, @Value("${linked_accounts.removal-duration-days-validated}") long removalValidatedDurationDays, @Value("${account_linking.myconext_sp_entity_id}") String myConextSpEntityId, @Value("${feature.create_eduid_institution_enabled}") boolean createEduIDInstitutionEnabled, @@ -165,17 +165,17 @@ public AccountLinkerController( this.manage = manage; this.disposableEmailProviders = disposableEmailProviders; this.schacHomeOrganization = Stream.of(schacHomeOrganizations.split(",")).map(String::trim).toList().getFirst(); - this.mijnEduIDEntityId = mijnEduIDEntityId; + this.myconextEntityid = myconextEntityid; this.magicLinkUrl = magicLinkUrl; - this.idpBaseRedirectUrl = idpBaseRedirectUrl; - this.spRedirectUrl = spRedirectUrl; + this.accountRedirectUrl = accountRedirectUrl; + this.myconextRedirectUrl = myconextRedirectUrl; this.clientId = clientId; this.clientSecret = clientSecret; this.idpFlowRedirectUri = idpFlowRedirectUri; this.spFlowRedirectUri = spFlowRedirectUri; this.mobileFlowRedirectUri = mobileFlowRedirectUri; this.spCreateFromInstitutionRedirectUri = spCreateFromInstitutionRedirectUri; - this.basePath = basePath; + this.myconextBasePath = myconextBasePath; this.oidcBaseUrl = oidcBaseUrl; this.removalValidatedDurationDays = removalValidatedDurationDays; this.myConextSpEntityId = myConextSpEntityId; @@ -203,7 +203,7 @@ public ResponseEntity startIdPLinkAccountFlow(@PathVariable("id") String id, Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id); if (!optionalSamlAuthenticationRequest.isPresent()) { - return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/expired")).build(); + return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/expired")).build(); } SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get(); @@ -253,11 +253,11 @@ public ResponseEntity spCreateFromInstitutionRedirect(HttpServletRequest request String eppn = (String) userInfo.get("eduperson_principal_name"); String subjectId = (String) userInfo.get("subject_id"); if (!StringUtils.hasText(eppn) && !StringUtils.hasText(subjectId)) { - String uri = this.spRedirectUrl + "/create-from-institution/attribute-missing?fromInstitution=true"; + String uri = this.myconextRedirectUrl + "/create-from-institution/attribute-missing?fromInstitution=true"; return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(uri)).build(); } //Check if the eppn is taken before proceeding - String eppnAlreadyLinkedRequiredUri = this.spRedirectUrl + "/create-from-institution/eppn-already-linked?fromInstitution=true"; + String eppnAlreadyLinkedRequiredUri = this.myconextRedirectUrl + "/create-from-institution/eppn-already-linked?fromInstitution=true"; Optional> eppnAlreadyLinkedOptional = checkEppnAlreadyLinked(eppnAlreadyLinkedRequiredUri, eppn, subjectId); if (eppnAlreadyLinkedOptional.isPresent()) { LOG.debug("EPPN already linked in create-institution-flow for " + eppn); @@ -269,7 +269,7 @@ public ResponseEntity spCreateFromInstitutionRedirect(HttpServletRequest request storedState, requestInstitutionEduID.getHash(), requestInstitutionEduID.getReturnUrl())); requestInstitutionEduIDRepository.save(requestInstitutionEduID); //Now the user needs to enter email and validate this email to finish up the registration - String returnUri = this.spRedirectUrl + "/create-from-institution/link/" + requestInstitutionEduID.getHash(); + String returnUri = this.myconextRedirectUrl + "/create-from-institution/link/" + requestInstitutionEduID.getHash(); return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(returnUri)).build(); } @@ -379,7 +379,7 @@ public ResponseEntity createFromInstitutionFinish(HttpServletRequest request, (String) userInfo.get("family_name"), schacHomeOrganization, preferredLanguage, - mijnEduIDEntityId, + myconextEntityid, manage); } user.setCreateFromInstitutionKey(hash()); @@ -388,7 +388,7 @@ public ResponseEntity createFromInstitutionFinish(HttpServletRequest request, email, user.isNewUser(), user.getId(), user.getCreateFromInstitutionKey(), user.getCreateFromInstitutionReturnUrl())); ResponseEntity responseEntity = saveOrUpdateLinkedAccountToUser( user, - this.idpBaseRedirectUrl + "/create-from-institution-login?key=" + user.getCreateFromInstitutionKey(), + this.accountRedirectUrl + "/create-from-institution-login?key=" + user.getCreateFromInstitutionKey(), false, false, false, @@ -527,7 +527,7 @@ public ResponseEntity mobileVerifyIDRedirect(@RequestParam(value = "code", requi VerifyState verifyState = attributeMapper.serializeFromBase64(state); Optional optionalMobileLinkAccountRequest = this.mobileLinkAccountRequestRepository.findByHash(verifyState.getStateIdentifier()); if (!optionalMobileLinkAccountRequest.isPresent()) { - return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/client/mobile/expired")).build(); + return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/client/mobile/expired")).build(); } MobileLinkAccountRequest mobileLinkAccountRequest = optionalMobileLinkAccountRequest.get(); String userId = mobileLinkAccountRequest.getUserId(); @@ -544,7 +544,7 @@ private ResponseEntity doVerifyIDRedirect(String code, User user) { if (!StringUtils.hasText(code) || !StringUtils.hasText(state)) { - String clientRedirectUrl = isMobileFlow ? idpBaseRedirectUrl + "/client/mobile/external-account-linked-error" : spRedirectUrl; + String clientRedirectUrl = isMobileFlow ? accountRedirectUrl + "/client/mobile/external-account-linked-error" : myconextRedirectUrl; URI location = URI.create(String.format("%s/external-account-linked-error?error=%s&error_description=%s", clientRedirectUrl, StringUtils.hasText(error) ? URLEncoder.encode(error, Charset.defaultCharset()) : "", @@ -598,8 +598,8 @@ private ResponseEntity doVerifyIDRedirect(String code, verifyState.getIdpScoping())); String encodedOtherMail = URLEncoder.encode(optionalUsers.stream().findFirst().get().getEmail(), Charset.defaultCharset()); String clientRedirectUrl = isMobileFlow ? - idpBaseRedirectUrl + String.format("/client/mobile/verify-already-used?email=%s", encodedOtherMail) : - spRedirectUrl + String.format("/subject-already-linked?idp_scoping=%s&email=%s", + accountRedirectUrl + String.format("/client/mobile/verify-already-used?email=%s", encodedOtherMail) : + myconextRedirectUrl + String.format("/subject-already-linked?idp_scoping=%s&email=%s", verifyState.getIdpScoping().name(), encodedOtherMail); return ResponseEntity.status(HttpStatus.FOUND) .location(URI.create(clientRedirectUrl)) @@ -616,8 +616,8 @@ private ResponseEntity doVerifyIDRedirect(String code, String queryParam = "?verify=" + externalLinkedAccount.getIdpScoping(); String clientRedirectUrl = isMobileFlow ? - idpBaseRedirectUrl + "/client/mobile/external-account-linked" + queryParam : - spRedirectUrl + "/personal" + queryParam; + accountRedirectUrl + "/client/mobile/external-account-linked" + queryParam : + myconextRedirectUrl + "/personal" + queryParam; URI location = URI.create(clientRedirectUrl); return ResponseEntity.status(HttpStatus.FOUND).location(location).build(); } @@ -629,7 +629,7 @@ public ResponseEntity startIdPVerifyIDLinkAccountFlow(@PathVar @RequestParam(value = "bankId", required = false) String bankId) { Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id); if (!optionalSamlAuthenticationRequest.isPresent()) { - return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/expired")).build(); + return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/expired")).build(); } SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get(); @@ -670,7 +670,7 @@ public ResponseEntity idpVerifyIDRedirect(@RequestParam(value = "code", required if (!StringUtils.hasText(code) || !StringUtils.hasText(state)) { URI location = URI.create(String.format("%s/external-account-linked-error?error=%s&error_description=%s", - this.idpBaseRedirectUrl, + this.accountRedirectUrl, StringUtils.hasText(error) ? URLEncoder.encode(error, Charset.defaultCharset()) : "", StringUtils.hasText(errorDescription) ? URLEncoder.encode(errorDescription, Charset.defaultCharset()) : "Unexpected+error+occurred" ) @@ -688,7 +688,7 @@ public ResponseEntity idpVerifyIDRedirect(@RequestParam(value = "code", required Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id); if (!optionalSamlAuthenticationRequest.isPresent()) { - return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/expired")).build(); + return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/expired")).build(); } SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get(); @@ -729,7 +729,7 @@ public ResponseEntity idpVerifyIDRedirect(@RequestParam(value = "code", required //Not allowed to link an external linked account whose identity is already linked to another user LOG.warn(String.format("Subject %s already linked to user %s", externalLinkedAccount.getSubjectId(), user.getEmail())); String encodedEmail = URLEncoder.encode(optionalUsers.get(0).getEmail(), Charset.defaultCharset()); - String subjectAlreadyLinkedRequiredUri = this.idpBaseRedirectUrl + "/subject-already-linked/" + + String subjectAlreadyLinkedRequiredUri = this.accountRedirectUrl + "/subject-already-linked/" + samlAuthenticationRequest.getId() + "?h=" + samlAuthenticationRequest.getHash() + "&redirect=" + URLEncoder.encode(this.magicLinkUrl, Charset.defaultCharset()) + @@ -788,9 +788,9 @@ public ResponseEntity spFlowRedirect(Authentication authentication, @RequestPara throw new ForbiddenException("Non matching user"); } - return doRedirect(code, user, this.spFlowRedirectUri, this.spRedirectUrl + "/personal", + return doRedirect(code, user, this.spFlowRedirectUri, this.myconextRedirectUrl + "/personal", false, false, true, null, null, - this.spRedirectUrl + "/eppn-already-linked", this.spRedirectUrl + "/attribute-missing"); + this.myconextRedirectUrl + "/eppn-already-linked", this.myconextRedirectUrl + "/attribute-missing"); } @GetMapping("/mobile/oidc/redirect") @@ -800,7 +800,7 @@ public ResponseEntity mobileFlowRedirect(@RequestParam("code") String code, @Req String decodedState = URLDecoder.decode(state, StandardCharsets.UTF_8); Optional optionalMobileLinkAccountRequest = this.mobileLinkAccountRequestRepository.findByHash(decodedState); if (!optionalMobileLinkAccountRequest.isPresent()) { - return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/client/mobile/expired")).build(); + return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/client/mobile/expired")).build(); } MobileLinkAccountRequest mobileLinkAccountRequest = optionalMobileLinkAccountRequest.get(); @@ -811,9 +811,9 @@ public ResponseEntity mobileFlowRedirect(@RequestParam("code") String code, @Req this.mobileLinkAccountRequestRepository.delete(mobileLinkAccountRequest); - return doRedirect(code, user, this.mobileFlowRedirectUri, this.idpBaseRedirectUrl + "/client/mobile/account-linked", + return doRedirect(code, user, this.mobileFlowRedirectUri, this.accountRedirectUrl + "/client/mobile/account-linked", false, false, true, null, null, - this.idpBaseRedirectUrl + "/client/mobile/eppn-already-linked", this.idpBaseRedirectUrl + "/client/mobile/attribute-missing"); + this.accountRedirectUrl + "/client/mobile/eppn-already-linked", this.accountRedirectUrl + "/client/mobile/attribute-missing"); } @GetMapping("/idp/oidc/redirect") @@ -826,7 +826,7 @@ public ResponseEntity idpFlowRedirect(@RequestParam("code") String code, @Reques Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id); if (!optionalSamlAuthenticationRequest.isPresent()) { - return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.idpBaseRedirectUrl + "/expired")).build(); + return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(this.accountRedirectUrl + "/expired")).build(); } SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get(); String userId = samlAuthenticationRequest.getUserId(); @@ -845,22 +845,22 @@ public ResponseEntity idpFlowRedirect(@RequestParam("code") String code, @Reques String charSet = Charset.defaultCharset().name(); - String idpStudentAffiliationRequiredUri = this.idpBaseRedirectUrl + "/affiliation-missing/" + + String idpStudentAffiliationRequiredUri = this.accountRedirectUrl + "/affiliation-missing/" + samlAuthenticationRequest.getId() + "?h=" + samlAuthenticationRequest.getHash() + "&redirect=" + URLEncoder.encode(this.magicLinkUrl, charSet); - String idpValidNamesRequiredUri = this.idpBaseRedirectUrl + "/valid-name-missing/" + + String idpValidNamesRequiredUri = this.accountRedirectUrl + "/valid-name-missing/" + samlAuthenticationRequest.getId() + "?h=" + samlAuthenticationRequest.getHash() + "&redirect=" + URLEncoder.encode(this.magicLinkUrl, charSet); - String eppnAlreadyLinkedRequiredUri = this.idpBaseRedirectUrl + "/eppn-already-linked/" + + String eppnAlreadyLinkedRequiredUri = this.accountRedirectUrl + "/eppn-already-linked/" + samlAuthenticationRequest.getId() + "?h=" + samlAuthenticationRequest.getHash() + "&redirect=" + URLEncoder.encode(this.magicLinkUrl, charSet); - String attributeMissingUri = this.idpBaseRedirectUrl + "/attribute-missing/" + + String attributeMissingUri = this.accountRedirectUrl + "/attribute-missing/" + samlAuthenticationRequest.getId() + "?h=" + samlAuthenticationRequest.getHash() + "&redirect=" + URLEncoder.encode(this.magicLinkUrl, charSet); diff --git a/myconext-server/src/main/java/myconext/api/LoginController.java b/myconext-server/src/main/java/myconext/api/LoginController.java index bbeacdf3e..d0e28f143 100644 --- a/myconext-server/src/main/java/myconext/api/LoginController.java +++ b/myconext-server/src/main/java/myconext/api/LoginController.java @@ -55,24 +55,24 @@ public class LoginController { private final AuthenticationRequestRepository authenticationRequestRepository; private final SecurityContextRepository securityContextRepository; private final List createFromInstitutionAllowedReturnDomains; - private final String spBaseUrl; - private final String spServiceDeskBaseUrl; + private final String myconextRedirectUrl; + private final String servicedeskRedirectUrl; private final String myconextLoginUrl; public LoginController(UserRepository userRepository, AuthenticationRequestRepository authenticationRequestRepository, SecurityContextRepository securityContextRepository, - @Value("${base_path}") String basePath, - @Value("${base_path_service_desk}") String basePathServiceDesk, + @Value("${myconext_base_path}") String myconextBasePath, + @Value("${servicedesk_base_path}") String servicedeskBasePath, @Value("${base_domain}") String baseDomain, @Value("${my_conext_url}") String myConextUrl, @Value("${continue_after_login_url}") String continueAfterLoginUrl, @Value("${email.magic-link-url}") String magicLinkUrl, @Value("${domain}") String domain, @Value("${secure_cookie}") boolean secureCookie, - @Value("${idp_redirect_url}") String idpBaseUrl, - @Value("${sp_redirect_url}") String spBaseUrl, - @Value("${sp_servicedesk_redirect_url}") String spServiceDeskBaseUrl, + @Value("${account_redirect_url}") String accountRedirectUrl, + @Value("${myconext_redirect_url}") String myconextRedirectUrl, + @Value("${servicedesk_redirect_url}") String servicedeskRedirectUrl, @Value("${feature.webauthn}") boolean featureWebAuthn, @Value("${feature.connections}") boolean featureConnections, @Value("${feature.warning_educational_email_domain}") boolean featureWarningEducationalEmailDomain, @@ -93,17 +93,18 @@ public LoginController(UserRepository userRepository, @Value("${feature.use_app}") boolean useApp, CreateFromInstitutionProperties createFromInstitutionProperties ) { - this.config.put("basePath", basePath); - this.config.put("loginUrl", basePath + "/auth/login"); - this.config.put("loginUrlServiceDesk", basePathServiceDesk + "/auth/login"); + // Todo rename in frontend is needed + this.config.put("basePath", myconextBasePath); + this.config.put("loginUrl", myconextBasePath + "/auth/login"); + this.config.put("loginUrlServiceDesk", servicedeskBasePath + "/auth/login"); this.config.put("continueAfterLoginUrl", continueAfterLoginUrl); this.config.put("baseDomain", baseDomain); this.config.put("magicLinkUrl", magicLinkUrl); - this.config.put("idpBaseUrl", idpBaseUrl); - this.config.put("spBaseUrl", spBaseUrl); - this.config.put("spServiceDeskBaseUrl", spServiceDeskBaseUrl); - this.config.put("myconextWebAuthUrl", String.format("%s/webauthn", idpBaseUrl)); - this.config.put("myconextWebAuthnRedirectSpUrl", String.format("%s/security", spBaseUrl)); + this.config.put("idpBaseUrl", accountRedirectUrl); + this.config.put("spBaseUrl", myconextRedirectUrl); + this.config.put("spServiceDeskBaseUrl", servicedeskRedirectUrl); + this.config.put("myconextWebAuthUrl", String.format("%s/webauthn", accountRedirectUrl)); + this.config.put("myconextWebAuthnRedirectSpUrl", String.format("%s/security", myconextRedirectUrl)); this.config.put("domain", domain); this.config.put("featureWebAuthn", featureWebAuthn); this.config.put("featureWarningEducationalEmailDomain", featureWarningEducationalEmailDomain); @@ -129,8 +130,8 @@ public LoginController(UserRepository userRepository, this.authenticationRequestRepository = authenticationRequestRepository; this.securityContextRepository = securityContextRepository; this.createFromInstitutionAllowedReturnDomains = createFromInstitutionProperties.getReturnUrlAllowedDomains(); - this.spBaseUrl = spBaseUrl; - this.spServiceDeskBaseUrl = spServiceDeskBaseUrl; + this.myconextRedirectUrl = myconextRedirectUrl; + this.servicedeskRedirectUrl = servicedeskRedirectUrl; this.myconextLoginUrl = myConextUrl + "/oauth2/authorization/my_conext"; } @@ -147,8 +148,8 @@ public View login( @RequestParam(value = "registration_id") String registrationId ) { String baseUrl = InternalSecurityConfigurationAdapter.REGISTRATION_ID_SERVICE_DESK.equals(registrationId) - ? spServiceDeskBaseUrl - : spBaseUrl; + ? servicedeskRedirectUrl + : myconextRedirectUrl; String target = baseUrl; if (StringUtils.hasText(redirectPath)) { String path = URLDecoder.decode(redirectPath, StandardCharsets.UTF_8); diff --git a/myconext-server/src/main/java/myconext/api/ServiceDeskController.java b/myconext-server/src/main/java/myconext/api/ServiceDeskController.java index 71c1718da..55c2a0bc9 100644 --- a/myconext-server/src/main/java/myconext/api/ServiceDeskController.java +++ b/myconext-server/src/main/java/myconext/api/ServiceDeskController.java @@ -20,13 +20,8 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.core.oidc.user.OidcUser; -import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; -import org.springframework.web.servlet.View; -import org.springframework.web.servlet.view.RedirectView; -import java.net.URLDecoder; -import java.nio.charset.StandardCharsets; import java.util.Date; import java.util.List; import java.util.Optional; @@ -42,16 +37,16 @@ public class ServiceDeskController { private final UserRepository userRepository; private final ExternalUserRepository externalUserRepository; private final AttributeMapper attributeMapper; - private final String spBaseUrl; + private final String myconextRedirectUrl; public ServiceDeskController(UserRepository userRepository, ExternalUserRepository externalUserRepository, AttributeMapper attributeMapper, - @Value("${sp_redirect_url}") String spBaseUrl) { + @Value("${myconext_redirect_url}") String myconextRedirectUrl) { this.userRepository = userRepository; this.externalUserRepository = externalUserRepository; this.attributeMapper = attributeMapper; - this.spBaseUrl = spBaseUrl; + this.myconextRedirectUrl = myconextRedirectUrl; } @GetMapping("/me") diff --git a/myconext-server/src/main/java/myconext/api/UserController.java b/myconext-server/src/main/java/myconext/api/UserController.java index b128032a2..87130dcf1 100644 --- a/myconext-server/src/main/java/myconext/api/UserController.java +++ b/myconext-server/src/main/java/myconext/api/UserController.java @@ -53,17 +53,13 @@ import org.springframework.util.StringUtils; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; -import org.springframework.web.servlet.View; -import org.springframework.web.servlet.view.RedirectView; import tiqr.org.model.Registration; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.lang.reflect.Field; -import java.net.URLDecoder; import java.net.URLEncoder; import java.nio.charset.Charset; -import java.nio.charset.StandardCharsets; import java.security.SecureRandom; import java.time.Instant; import java.time.temporal.ChronoUnit; @@ -95,7 +91,7 @@ public class UserController implements UserAuthentication { private final String magicLinkUrl; private final String schacHomeOrganization; private final String webAuthnSpRedirectUrl; - private final String idpBaseUrl; + private final String accountRedirectUrl; private final RelyingParty relyingParty; private final UserCredentialRepository userCredentialRepository; private final ChallengeRepository challengeRepository; @@ -106,7 +102,7 @@ public class UserController implements UserAuthentication { private final EmailGuessingPrevention emailGuessingPreventor; private final EmailDomainGuard emailDomainGuard; private final DisposableEmailProviders disposableEmailProviders; - private final String spBaseUrl; + private final String myconextRedirectUrl; private final ObjectMapper objectMapper; private final RegistrationRepository registrationRepository; private final boolean featureDefaultRememberMe; @@ -136,10 +132,10 @@ public UserController(UserRepository userRepository, @Value("${email.magic-link-url}") String magicLinkUrl, @Value("${schac_home_organizations}") String schacHomeOrganizations, @Value("${email_guessing_sleep_millis}") int emailGuessingSleepMillis, - @Value("${sp_redirect_url}") String spBaseUrl, - @Value("${idp_redirect_url}") String idpBaseUrl, - @Value("${rp_origin}") String rpOrigin, - @Value("${rp_id}") String rpId, + @Value("${myconext_redirect_url}") String myconextRedirectUrl, + @Value("${account_redirect_url}") String accountRedirectUrl, + @Value("${account_origin}") String accountOrigin, + @Value("${account_id}") String accountId, @Value("${feature.default_remember_me}") boolean featureDefaultRememberMe, @Value("${feature.send_js_exceptions}") boolean sendJsExceptions, @Value("${feature.service_desk_active}") boolean serviceDeskActive, @@ -162,11 +158,11 @@ public UserController(UserRepository userRepository, this.captchaVerifier = captchaVerifier; this.magicLinkUrl = magicLinkUrl; this.schacHomeOrganization = Stream.of(schacHomeOrganizations.split(",")).map(String::trim).toList().getFirst(); - this.idpBaseUrl = idpBaseUrl; - this.spBaseUrl = spBaseUrl; - this.webAuthnSpRedirectUrl = String.format("%s/security", spBaseUrl); + this.accountRedirectUrl = accountRedirectUrl; + this.myconextRedirectUrl = myconextRedirectUrl; + this.webAuthnSpRedirectUrl = String.format("%s/security", myconextRedirectUrl); this.servicesConfiguration = servicesConfiguration; - this.relyingParty = relyingParty(rpId, rpOrigin); + this.relyingParty = relyingParty(accountId, accountOrigin); this.emailGuessingPreventor = new EmailGuessingPrevention(emailGuessingSleepMillis); this.featureDefaultRememberMe = featureDefaultRememberMe; this.sendJsExceptions = sendJsExceptions; @@ -391,7 +387,7 @@ private ResponseEntity> doVerifyCodeExistingUser(VerifyOneTi url = this.magicLinkUrl + "?h=" + hash; } else { //Mobile app - url = this.idpBaseUrl + "/mobile/api/create-from-mobile-api/in-app?h=" + hash; + url = this.accountRedirectUrl + "/mobile/api/create-from-mobile-api/in-app?h=" + hash; } return ResponseEntity.status(201).body(Map.of("url", url, "email", user.getEmail())); } @@ -467,7 +463,7 @@ public ResponseEntity createEduIDAccount(@Valid @RequestBody Cre User user = doCreateEduIDAccount(createAccount); String inAppPath = inAppIndicator ? "/in-app" : ""; - String linkUrl = String.format("%s/mobile/api/create-from-mobile-api%s", this.idpBaseUrl, inAppPath); + String linkUrl = String.format("%s/mobile/api/create-from-mobile-api%s", this.accountRedirectUrl, inAppPath); mailBox.sendAccountVerificationMobileAPI(user, user.getCreateFromInstitutionKey(), linkUrl); logWithContext(user, "create", "user", LOG, "Create user in mobile API"); @@ -1059,7 +1055,7 @@ public ResponseEntity> testWebAuthnUrl(Authentication authen String email = URLEncoder.encode(user.getEmail(), Charset.defaultCharset().name()); String loginUrl = String.format("%s/webauthnTest/%s?name=Test-webAuthn&email=%s&testWebAuthn=true", - idpBaseUrl, samlAuthenticationRequest.getId(), email); + accountRedirectUrl, samlAuthenticationRequest.getId(), email); return ResponseEntity.status(200).body(Collections.singletonMap("url", loginUrl)); } @@ -1266,7 +1262,7 @@ public ResponseEntity idpWebAuthnTryAuthentication(HttpServletRequest request, @ if (samlAuthenticationRequest.isTestInstance()) { //back to SP String credentialId = credentialId(body); - String url = String.format("%s/credential?id=%s&success=false", spBaseUrl, credentialId); + String url = String.format("%s/credential?id=%s&success=false", myconextRedirectUrl, credentialId); return ResponseEntity.status(201).body(Collections.singletonMap("url", url)); } throw new ForbiddenException("Unsuccessfully SAML authentication "); @@ -1282,7 +1278,7 @@ public ResponseEntity idpWebAuthnTryAuthentication(HttpServletRequest request, @ if (samlAuthenticationRequest.isTestInstance()) { //back to SP String credentialId = credentialId(body); - String url = String.format("%s/credential?id=%s&success=true", spBaseUrl, credentialId); + String url = String.format("%s/credential?id=%s&success=true", myconextRedirectUrl, credentialId); return ResponseEntity.status(201).body(Collections.singletonMap("url", url)); } diff --git a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java index 086fae23d..6bbada79f 100644 --- a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java +++ b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java @@ -98,8 +98,8 @@ public SamlSecurity(@Value("${private_key_path}") Resource privateKeyPath, @Value("${certificate_path}") Resource certificatePath, @Value("${idp_entity_id}") String idpEntityId, @Value("${sp_entity_id}") String spEntityId, - @Value("${sp_entity_metadata_url}") String spMetaDataUrl, - @Value("${idp_redirect_url}") String redirectUrl, + @Value("${account_metadata_url}") String accountMetadataUrl, + @Value("${account_redirect_url}") String accountRedirectUrl, @Value("${remember_me_max_age_seconds}") int rememberMeMaxAge, @Value("${tiqr_trust_for_pn_max_age_seconds}") int tiqrCookieMaxAge, @Value("${nudge_eduid_app_login_days}") int nudgeAppDays, @@ -148,7 +148,7 @@ public SamlSecurity(@Value("${private_key_path}") Resource privateKeyPath, final List serviceProviders = new ArrayList<>(); List spEntityIdentifiers = commaSeparatedToList(spEntityId); - List spMetaDataUrls = commaSeparatedToList(spMetaDataUrl); + List spMetaDataUrls = commaSeparatedToList(accountMetadataUrl); for (int i = 0; i < spEntityIdentifiers.size(); i++) { serviceProviders.add(new SAMLServiceProvider(spEntityIdentifiers.get(i), spMetaDataUrls.get(i))); } @@ -159,7 +159,7 @@ public SamlSecurity(@Value("${private_key_path}") Resource privateKeyPath, requiresSignedAuthnRequest ); this.guestIdpAuthenticationRequestFilter = new GuestIdpAuthenticationRequestFilter( - redirectUrl, + accountRedirectUrl, serviceProviderResolver, authenticationRequestRepository, userRepository, @@ -255,7 +255,7 @@ public SecurityFilterChain internalSecuritySecurityFilterChain( Manage manage, UserRepository userRepository, ExternalUserRepository externalUserRepository, - @Value("${mijn_eduid_entity_id}") String mijnEduIDEntityId, + @Value("${myconext_entityid}") String mijnEduIDEntityId, @Value("${service_desk_roles}") String[] serviceDeskRoles, @Value("${service_desk_role_auto_provisioning}") boolean serviceDeskRoleAutoProvisioning, @Value("${host_headers.active}") String activeHost, diff --git a/myconext-server/src/main/java/myconext/tiqr/TiqrController.java b/myconext-server/src/main/java/myconext/tiqr/TiqrController.java index d7aa6de33..51e8f70d3 100644 --- a/myconext-server/src/main/java/myconext/tiqr/TiqrController.java +++ b/myconext-server/src/main/java/myconext/tiqr/TiqrController.java @@ -70,7 +70,7 @@ public class TiqrController implements UserAuthentication { private final RegistrationRepository registrationRepository; private final RateLimitEnforcer rateLimitEnforcer; private final CookieValueEncoder cookieValueEncoder; - private final String mijnEduIdServiceName; + private final String myconextServiceName; @Autowired public TiqrController(@Value("${tiqr_configuration}") Resource resource, @@ -83,7 +83,7 @@ public TiqrController(@Value("${tiqr_configuration}") Resource resource, SMSService smsService, Environment environment, @Value("${email.magic-link-url}") String magicLinkUrl, - @Value("${mijn_eduid_service_name}") String mijnEduIdServiceName, + @Value("${myconext_service_name}") String myconextServiceName, CookieValueEncoder cookieValueEncoder) throws IOException { this.tiqrConfiguration = new Yaml().loadAs(resource.getInputStream(), TiqrConfiguration.class); this.cookieValueEncoder = cookieValueEncoder; @@ -114,7 +114,7 @@ public TiqrController(@Value("${tiqr_configuration}") Resource resource, this.serviceProviderResolver = serviceProviderResolver; this.smsService = smsService; this.magicLinkUrl = magicLinkUrl; - this.mijnEduIdServiceName = mijnEduIdServiceName; + this.myconextServiceName = myconextServiceName; this.rateLimitEnforcer = new RateLimitEnforcer(userRepository, tiqrConfiguration); } @@ -408,7 +408,7 @@ private ResponseEntity doVerifyPhoneCode(PhoneVerification phon public ResponseEntity startAuthenticationForSP(HttpServletRequest request, org.springframework.security.core.Authentication authentication) throws IOException, WriterException, TiqrException { User user = userFromAuthentication(authentication); - ResponseEntity startAuthenticationResponseEntity = doStartAuthentication(request, user, this.mijnEduIdServiceName); + ResponseEntity startAuthenticationResponseEntity = doStartAuthentication(request, user, this.myconextServiceName); String sessionKey = startAuthenticationResponseEntity.getBody().getSessionKey(); request.getSession().setAttribute(SESSION_KEY, sessionKey); return startAuthenticationResponseEntity; diff --git a/myconext-server/src/main/resources/application.yml b/myconext-server/src/main/resources/application.yml index 3ebba0ce6..9884fa3a1 100644 --- a/myconext-server/src/main/resources/application.yml +++ b/myconext-server/src/main/resources/application.yml @@ -83,21 +83,21 @@ manage: mongodb_db: surf_id_test base_domain: test2.surfconext.nl saml_metadata_base_path: http://localhost:8081 -base_path: http://localhost:8081 -base_path_service_desk: http://localhost:8081 +myconext_base_path: http://localhost:8081 +servicedesk_base_path: http://localhost:8081 continue_after_login_url: http://localhost:8081/saml/guest-idp/continue -idp_redirect_url: http://localhost:3000 -rp_id: localhost -rp_origin: http://localhost:3000 -sp_redirect_url: http://localhost:3001 -sp_servicedesk_redirect_url: http://localhost:3003 +account_redirect_url: http://localhost:3000 +account_id: localhost +account_origin: http://localhost:3000 +myconext_redirect_url: http://localhost:3001 +servicedesk_redirect_url: http://localhost:3003 sp_entity_id: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata -sp_entity_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata -guest_idp_entity_id: https://localhost.surf.id +account_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata, https://engine.test2.surfconext.nl/authentication/sp/metadata +proxy_idp_entity_id: https://localhost.surf.id my_conext_url: https://my.test2.surfconext.nl domain: eduid.nl -mijn_eduid_entity_id: http://mijn.localhost/shibboleth -mijn_eduid_service_name: "Mijn eduID" +myconext_entityid: http://mijn.localhost/shibboleth +myconext_service_name: "Mijn eduID" mobile_app_redirect: eduid:///client/mobile mobile_app_rp_entity_id: mobile_app_rp_entity_id diff --git a/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java b/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java index b2e86923a..2d407ecec 100644 --- a/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java +++ b/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java @@ -85,7 +85,7 @@ "cron.node-cron-job-responsible=false", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", diff --git a/myconext-server/src/test/java/myconext/api/UserControllerAllowedDomainsTest.java b/myconext-server/src/test/java/myconext/api/UserControllerAllowedDomainsTest.java index 94779053c..95d699cb5 100644 --- a/myconext-server/src/test/java/myconext/api/UserControllerAllowedDomainsTest.java +++ b/myconext-server/src/test/java/myconext/api/UserControllerAllowedDomainsTest.java @@ -18,7 +18,7 @@ "cron.node-cron-job-responsible=false", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "cron.service-name-resolver-initial-delay-milliseconds=60000", "feature.use_deny_allow_list.allow_enabled=True", diff --git a/myconext-server/src/test/java/myconext/api/UserControllerCaptchaTest.java b/myconext-server/src/test/java/myconext/api/UserControllerCaptchaTest.java index dfb3b2df7..ae059b444 100644 --- a/myconext-server/src/test/java/myconext/api/UserControllerCaptchaTest.java +++ b/myconext-server/src/test/java/myconext/api/UserControllerCaptchaTest.java @@ -30,7 +30,7 @@ "cron.node-cron-job-responsible=false", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "cron.service-name-resolver-initial-delay-milliseconds=60000", "feature.use_deny_allow_list.allow_enabled=false", diff --git a/myconext-server/src/test/java/myconext/api/UserControllerRememberMeTest.java b/myconext-server/src/test/java/myconext/api/UserControllerRememberMeTest.java index 252c9bed3..aee16b244 100644 --- a/myconext-server/src/test/java/myconext/api/UserControllerRememberMeTest.java +++ b/myconext-server/src/test/java/myconext/api/UserControllerRememberMeTest.java @@ -25,7 +25,7 @@ "cron.node-cron-job-responsible=false", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", diff --git a/myconext-server/src/test/java/myconext/api/UserControllerSSOMfaTest.java b/myconext-server/src/test/java/myconext/api/UserControllerSSOMfaTest.java index ced4b0e3e..6f71e8830 100644 --- a/myconext-server/src/test/java/myconext/api/UserControllerSSOMfaTest.java +++ b/myconext-server/src/test/java/myconext/api/UserControllerSSOMfaTest.java @@ -24,7 +24,7 @@ "cron.node-cron-job-responsible=false", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", diff --git a/myconext-server/src/test/java/myconext/cron/InactivityMailDryRunTest.java b/myconext-server/src/test/java/myconext/cron/InactivityMailDryRunTest.java index 2a8a42be9..394b5b86e 100644 --- a/myconext-server/src/test/java/myconext/cron/InactivityMailDryRunTest.java +++ b/myconext-server/src/test/java/myconext/cron/InactivityMailDryRunTest.java @@ -18,7 +18,7 @@ "cron.node-cron-job-responsible=true", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", @@ -61,4 +61,4 @@ public void mailInactivityFirstRun() { assertThrows(ConditionTimeoutException.class, this::mailMessages); } -} \ No newline at end of file +} diff --git a/myconext-server/src/test/java/myconext/cron/InactivityMailTest.java b/myconext-server/src/test/java/myconext/cron/InactivityMailTest.java index 92f83a09e..be0c8f7d1 100644 --- a/myconext-server/src/test/java/myconext/cron/InactivityMailTest.java +++ b/myconext-server/src/test/java/myconext/cron/InactivityMailTest.java @@ -26,7 +26,7 @@ "cron.node-cron-job-responsible=true", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", @@ -149,4 +149,4 @@ private String messageContent(MimeMessage mimeMessage) { return IOUtils.toString(mimeMessage.getInputStream(), Charset.defaultCharset()); } -} \ No newline at end of file +} diff --git a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageBatchTest.java b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageBatchTest.java index 60e233c0a..89dfaa118 100644 --- a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageBatchTest.java +++ b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageBatchTest.java @@ -22,7 +22,7 @@ "cron.node-cron-job-responsible=true", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", @@ -120,4 +120,4 @@ public void mailUsersWithInstitutionMailWithDateOlderThan5MonthsAndNew() { assertTrue(mimeMessagesBatch.stream().anyMatch(m -> hasRecipient(m, email)))); } -} \ No newline at end of file +} diff --git a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageDryRunTest.java b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageDryRunTest.java index 34802c34c..cfe72fd7e 100644 --- a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageDryRunTest.java +++ b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageDryRunTest.java @@ -14,7 +14,7 @@ "cron.node-cron-job-responsible=true", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", @@ -36,4 +36,4 @@ public void mailUsersWithInstitutionMail() { assertThrows(ConditionTimeoutException.class, this::mailMessages); } -} \ No newline at end of file +} diff --git a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageTest.java b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageTest.java index 25906478a..d15a90056 100644 --- a/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageTest.java +++ b/myconext-server/src/test/java/myconext/cron/InstitutionMailUsageTest.java @@ -18,7 +18,7 @@ "cron.node-cron-job-responsible=true", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", @@ -55,4 +55,4 @@ public void mailUsersWithInstitutionMail() { assertEquals(1, mimeMessagesSecondBatch.size()); assertEquals("mdoe@example.com", mimeMessagesSecondBatch.get(0).getRecipients(Message.RecipientType.TO)[0].toString()); } -} \ No newline at end of file +} diff --git a/myconext-server/src/test/java/myconext/cron/NudgeAppMailDisabledAppTest.java b/myconext-server/src/test/java/myconext/cron/NudgeAppMailDisabledAppTest.java index f06c8c784..ba4c10ce5 100644 --- a/myconext-server/src/test/java/myconext/cron/NudgeAppMailDisabledAppTest.java +++ b/myconext-server/src/test/java/myconext/cron/NudgeAppMailDisabledAppTest.java @@ -14,7 +14,7 @@ "cron.node-cron-job-responsible=true", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", diff --git a/myconext-server/src/test/java/myconext/cron/NudgeAppMailDryRunTest.java b/myconext-server/src/test/java/myconext/cron/NudgeAppMailDryRunTest.java index 618436e62..23bb28aa1 100644 --- a/myconext-server/src/test/java/myconext/cron/NudgeAppMailDryRunTest.java +++ b/myconext-server/src/test/java/myconext/cron/NudgeAppMailDryRunTest.java @@ -14,7 +14,7 @@ "cron.node-cron-job-responsible=true", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", @@ -37,4 +37,4 @@ public void mailUsersWithoutApp() { assertThrows(ConditionTimeoutException.class, this::mailMessages); } -} \ No newline at end of file +} diff --git a/myconext-server/src/test/java/myconext/cron/NudgeAppMailTest.java b/myconext-server/src/test/java/myconext/cron/NudgeAppMailTest.java index 02508fb0f..9bc6ced3a 100644 --- a/myconext-server/src/test/java/myconext/cron/NudgeAppMailTest.java +++ b/myconext-server/src/test/java/myconext/cron/NudgeAppMailTest.java @@ -19,7 +19,7 @@ "cron.node-cron-job-responsible=true", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect", "cron.service-name-resolver-initial-delay-milliseconds=60000", @@ -52,4 +52,4 @@ public void mailUsersWithoutApp() { assertThrows(ConditionTimeoutException.class, this::mailMessages); } -} \ No newline at end of file +} diff --git a/myconext-server/src/test/java/myconext/oidcng/OpenIDConnectTest.java b/myconext-server/src/test/java/myconext/oidcng/OpenIDConnectTest.java index 519c5ac96..4f6cdeb52 100644 --- a/myconext-server/src/test/java/myconext/oidcng/OpenIDConnectTest.java +++ b/myconext-server/src/test/java/myconext/oidcng/OpenIDConnectTest.java @@ -31,7 +31,7 @@ "cron.node-cron-job-responsible=false", "email_guessing_sleep_millis=1", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "spring.main.lazy-initialization=true", "oidc-token-api.token-url=http://localhost:8098/tokens", "host_headers.active: mijn.test2.eduid.nl", diff --git a/myconext-server/src/test/java/myconext/security/SecurityConfigurationTest.java b/myconext-server/src/test/java/myconext/security/SecurityConfigurationTest.java index 4ba93aca4..9acfd09ed 100644 --- a/myconext-server/src/test/java/myconext/security/SecurityConfigurationTest.java +++ b/myconext-server/src/test/java/myconext/security/SecurityConfigurationTest.java @@ -18,7 +18,7 @@ "certificate_path=classpath:/nope.pub", "cron.node-cron-job-responsible=false", "sp_entity_id=https://engine.test.surfconext.nl/authentication/sp/metadata", - "sp_entity_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", + "account_metadata_url=https://engine.test.surfconext.nl/authentication/sp/metadata", "management.health.mail.enabled=false" }) @ActiveProfiles("test") From 6d9e3f9609967ed6ea73b38683b7fd9d8e359b51 Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden <20791917+ricardovdheijden@users.noreply.github.com> Date: Wed, 1 Jul 2026 09:37:41 +0200 Subject: [PATCH 2/6] Renames variables in config object. Updates frontend --- account-gui/src/routes/WebAuthn.svelte | 2 +- account-gui/src/stores/conf.js | 6 ++-- account-gui/src/verify/ServiceDesk.svelte | 2 +- myconext-gui/src/components/Header.svelte | 2 +- .../src/routes/CreateFromInstitution.svelte | 2 +- myconext-gui/src/routes/DeleteAccount.svelte | 2 +- myconext-gui/src/routes/EditEmail.svelte | 4 +-- myconext-gui/src/routes/Password.svelte | 2 +- myconext-gui/src/routes/PasswordLink.svelte | 4 +-- myconext-gui/src/routes/PersonalInfo.svelte | 4 +-- myconext-gui/src/routes/WebAuthn.svelte | 2 +- myconext-gui/src/routes/tiqr/Congrats.svelte | 2 +- myconext-gui/src/stores/user.js | 6 ++-- myconext-gui/src/utils/utils.js | 4 +-- .../java/myconext/api/LoginController.java | 29 +++++++++---------- public-gui/src/App.jsx | 4 +-- public-gui/src/components/Navigation.jsx | 4 +-- public-gui/src/routes/About_EN.jsx | 2 +- public-gui/src/routes/About_NL.jsx | 2 +- public-gui/src/routes/Home.jsx | 2 +- public-gui/src/stores/AppStore.js | 4 +-- public-gui/src/terms/PrivacyEN.jsx | 6 ++-- public-gui/src/terms/PrivacyNL.jsx | 6 ++-- servicedesk-gui/src/pages/Forbidden.jsx | 2 +- 24 files changed, 52 insertions(+), 53 deletions(-) diff --git a/account-gui/src/routes/WebAuthn.svelte b/account-gui/src/routes/WebAuthn.svelte index f831b7f82..ed1425934 100644 --- a/account-gui/src/routes/WebAuthn.svelte +++ b/account-gui/src/routes/WebAuthn.svelte @@ -35,7 +35,7 @@ }) .catch(() => { //happens when the key is already registered - window.location.href = $conf.myconextWebAuthnRedirectSpUrl; + window.location.href = $conf.myconextWebAuthnRedirectUrl; }) }) .catch(() => navigate("/404")); diff --git a/account-gui/src/stores/conf.js b/account-gui/src/stores/conf.js index baa68f0bd..3452fbd8a 100644 --- a/account-gui/src/stores/conf.js +++ b/account-gui/src/stores/conf.js @@ -1,14 +1,14 @@ import {writable} from 'svelte/store'; export const conf = writable({ - basePath: "", + myconextBasePath: "", magicLinkUrl: "", continueAfterLoginUrl: "", domain: "", - myconextWebAuthnRedirectSpUrl: "", + myconextWebAuthnRedirectUrl: "", featureWebAuthn: false, featureAllowList: false, - idpBaseUrl: "", + accountBaseUrl: "", featureWarningEducationalEmailDomain: false, featureIdVerify: false, featureServiceDeskActive: false, diff --git a/account-gui/src/verify/ServiceDesk.svelte b/account-gui/src/verify/ServiceDesk.svelte index b3ef5caad..a3daf5742 100644 --- a/account-gui/src/verify/ServiceDesk.svelte +++ b/account-gui/src/verify/ServiceDesk.svelte @@ -10,7 +10,7 @@ export let id; const proceed = () => { - window.location.href = `${$conf.idpBaseUrl}/servicedesk/${id}`; + window.location.href = `${$conf.accountBaseUrl}/servicedesk/${id}`; } diff --git a/myconext-gui/src/components/Header.svelte b/myconext-gui/src/components/Header.svelte index 930ccc466..9644e78c0 100644 --- a/myconext-gui/src/components/Header.svelte +++ b/myconext-gui/src/components/Header.svelte @@ -15,7 +15,7 @@ familyName: "", usePassword: false }; - window.location.href = `${$config.idpBaseUrl}/doLogout?param=${encodeURIComponent("logout=true")}`; + window.location.href = `${$config.accountBaseUrl}/doLogout?param=${encodeURIComponent("logout=true")}`; }); } diff --git a/myconext-gui/src/routes/CreateFromInstitution.svelte b/myconext-gui/src/routes/CreateFromInstitution.svelte index 90d464ba0..f1fb6d2d3 100644 --- a/myconext-gui/src/routes/CreateFromInstitution.svelte +++ b/myconext-gui/src/routes/CreateFromInstitution.svelte @@ -89,7 +89,7 @@ onClick={startFlow}/> {/if} diff --git a/myconext-gui/src/routes/DeleteAccount.svelte b/myconext-gui/src/routes/DeleteAccount.svelte index 84521acaf..6832520ec 100644 --- a/myconext-gui/src/routes/DeleteAccount.svelte +++ b/myconext-gui/src/routes/DeleteAccount.svelte @@ -30,7 +30,7 @@ familyName: "", usePassword: false }; - window.location.href = `${$config.idpBaseUrl}/doLogout?param=${encodeURIComponent("delete=true")}`; + window.location.href = `${$config.accountBaseUrl}/doLogout?param=${encodeURIComponent("delete=true")}`; }); } } diff --git a/myconext-gui/src/routes/EditEmail.svelte b/myconext-gui/src/routes/EditEmail.svelte index 52ccea057..484effb93 100644 --- a/myconext-gui/src/routes/EditEmail.svelte +++ b/myconext-gui/src/routes/EditEmail.svelte @@ -55,7 +55,7 @@ }) .catch(e => { if (e.status === 403 || e.status === 400) { - doLogOutAfterRateLimit($config.idpBaseUrl); + doLogOutAfterRateLimit($config.accountBaseUrl); } else { wrongCode = true; } @@ -68,7 +68,7 @@ allowedToResend = false; setTimeout(() => allowedToResend = true, resendMailAllowedTimeOut); }).catch(() => { - doLogOutAfterRateLimit($config.idpBaseUrl); + doLogOutAfterRateLimit($config.accountBaseUrl); }) } diff --git a/myconext-gui/src/routes/Password.svelte b/myconext-gui/src/routes/Password.svelte index 5c36253b8..d06cf660a 100644 --- a/myconext-gui/src/routes/Password.svelte +++ b/myconext-gui/src/routes/Password.svelte @@ -41,7 +41,7 @@ return setLoginPreference("usePassword"); }) .then(res => { - window.location.href = `${$config.idpBaseUrl}/register/login-preference/${res.token}`; + window.location.href = `${$config.accountBaseUrl}/register/login-preference/${res.token}`; }) .catch(() => { passwordResetHashExpired = true; diff --git a/myconext-gui/src/routes/PasswordLink.svelte b/myconext-gui/src/routes/PasswordLink.svelte index f4a679216..64ffac564 100644 --- a/myconext-gui/src/routes/PasswordLink.svelte +++ b/myconext-gui/src/routes/PasswordLink.svelte @@ -59,7 +59,7 @@ }) .catch(e => { if (e.status === 403 || e.status === 400) { - doLogOutAfterRateLimit($config.idpBaseUrl); + doLogOutAfterRateLimit($config.accountBaseUrl); } else { wrongCode = true; } @@ -72,7 +72,7 @@ allowedToResend = false; setTimeout(() => allowedToResend = true, resendMailAllowedTimeOut); }).catch(() => { - doLogOutAfterRateLimit($config.idpBaseUrl); + doLogOutAfterRateLimit($config.accountBaseUrl); }) } diff --git a/myconext-gui/src/routes/PersonalInfo.svelte b/myconext-gui/src/routes/PersonalInfo.svelte index f7a76d8bb..7f23e019a 100644 --- a/myconext-gui/src/routes/PersonalInfo.svelte +++ b/myconext-gui/src/routes/PersonalInfo.svelte @@ -98,7 +98,7 @@ }) .catch(e => { if (e.status === 403 || e.status === 400) { - doLogOutAfterRateLimit($config.idpBaseUrl); + doLogOutAfterRateLimit($config.accountBaseUrl); } else { wrongCode = true; } @@ -221,7 +221,7 @@ tempEmailValue = value; outstandingPasswordForgotten = true; } else { - doLogOutAfterRateLimit($config.idpBaseUrl); + doLogOutAfterRateLimit($config.accountBaseUrl); } }); } diff --git a/myconext-gui/src/routes/WebAuthn.svelte b/myconext-gui/src/routes/WebAuthn.svelte index e6b13be39..068ad7a01 100644 --- a/myconext-gui/src/routes/WebAuthn.svelte +++ b/myconext-gui/src/routes/WebAuthn.svelte @@ -15,7 +15,7 @@ const startWebAuthn = () => { loading = true; startWebAuthFlow().then(res => { - window.location.href = `${$config.myconextWebAuthUrl}?token=${res.token}&name=${encodeURIComponent(credentialName)}` + window.location.href = `${$config.accountWebAuthUrl}?token=${res.token}&name=${encodeURIComponent(credentialName)}` }); } diff --git a/myconext-gui/src/routes/tiqr/Congrats.svelte b/myconext-gui/src/routes/tiqr/Congrats.svelte index ebb4dccc5..56910efc1 100644 --- a/myconext-gui/src/routes/tiqr/Congrats.svelte +++ b/myconext-gui/src/routes/tiqr/Congrats.svelte @@ -12,7 +12,7 @@ loading = true; finishEnrollment().then(res => { //need to set secure cookie in login domain - window.location.href = `${$config.idpBaseUrl}/register/${res.enrollmentVerificationKey}`; + window.location.href = `${$config.accountBaseUrl}/register/${res.enrollmentVerificationKey}`; }) } diff --git a/myconext-gui/src/stores/user.js b/myconext-gui/src/stores/user.js index e49fc0ac5..baeae4496 100644 --- a/myconext-gui/src/stores/user.js +++ b/myconext-gui/src/stores/user.js @@ -26,12 +26,12 @@ export const config = writable({ loginUrl: "", baseDomain: "", myConextUrlGuestIdp: "", - spBaseUrl: "", + myconextBaseUrl: "", createEduIDInstitutionLanding: false, - myconextWebAuthUrl: "", + accountWebAuthUrl: "", magicLinkUrl: "", domain: "", - idpBaseUrl: "", + accountBaseUrl: "", featureWebAuthn: false, featureOidcTokenAPI: false, featureConnections: false, diff --git a/myconext-gui/src/utils/utils.js b/myconext-gui/src/utils/utils.js index 7936039ec..7e86931e6 100644 --- a/myconext-gui/src/utils/utils.js +++ b/myconext-gui/src/utils/utils.js @@ -29,9 +29,9 @@ export const stopEvent = e => { return true; } -export const doLogOutAfterRateLimit = idpBaseUrl => { +export const doLogOutAfterRateLimit = accountBaseUrl => { logout().then(() => { - window.location.href = `${idpBaseUrl}/doLogout?param=${encodeURIComponent("ratelimit=true")}`; + window.location.href = `${accountBaseUrl}/doLogout?param=${encodeURIComponent("ratelimit=true")}`; }); } diff --git a/myconext-server/src/main/java/myconext/api/LoginController.java b/myconext-server/src/main/java/myconext/api/LoginController.java index d0e28f143..ffbd23b1f 100644 --- a/myconext-server/src/main/java/myconext/api/LoginController.java +++ b/myconext-server/src/main/java/myconext/api/LoginController.java @@ -93,18 +93,17 @@ public LoginController(UserRepository userRepository, @Value("${feature.use_app}") boolean useApp, CreateFromInstitutionProperties createFromInstitutionProperties ) { - // Todo rename in frontend is needed - this.config.put("basePath", myconextBasePath); + this.config.put("myconextBasePath", myconextBasePath); this.config.put("loginUrl", myconextBasePath + "/auth/login"); this.config.put("loginUrlServiceDesk", servicedeskBasePath + "/auth/login"); this.config.put("continueAfterLoginUrl", continueAfterLoginUrl); this.config.put("baseDomain", baseDomain); this.config.put("magicLinkUrl", magicLinkUrl); - this.config.put("idpBaseUrl", accountRedirectUrl); - this.config.put("spBaseUrl", myconextRedirectUrl); - this.config.put("spServiceDeskBaseUrl", servicedeskRedirectUrl); - this.config.put("myconextWebAuthUrl", String.format("%s/webauthn", accountRedirectUrl)); - this.config.put("myconextWebAuthnRedirectSpUrl", String.format("%s/security", myconextRedirectUrl)); + this.config.put("accountBaseUrl", accountRedirectUrl); + this.config.put("myconextBaseUrl", myconextRedirectUrl); + this.config.put("servicedeskBaseUrl", servicedeskRedirectUrl); + this.config.put("accountWebAuthUrl", String.format("%s/webauthn", accountRedirectUrl)); + this.config.put("myconextWebAuthnRedirectUrl", String.format("%s/security", myconextRedirectUrl)); this.config.put("domain", domain); this.config.put("featureWebAuthn", featureWebAuthn); this.config.put("featureWarningEducationalEmailDomain", featureWarningEducationalEmailDomain); @@ -191,7 +190,7 @@ public void register(@PathVariable("enrollmentVerificationKey") String enrollmen response.addCookie(loginPreferenceCookie); response.addCookie(usernameCookie); - String redirectLocation = this.config.get("spBaseUrl") + "/security"; + String redirectLocation = this.config.get("myconextBaseUrl") + "/security"; response.sendRedirect(redirectLocation); } @@ -212,7 +211,7 @@ public void registerLoginPreference(@PathVariable("token") String token, loginPreferenceCookie.setPath("/"); response.addCookie(loginPreferenceCookie); - response.sendRedirect(this.config.get("spBaseUrl") + "/security"); + response.sendRedirect(this.config.get("myconextBaseUrl") + "/security"); } @GetMapping("/servicedesk/{id}") @@ -222,8 +221,8 @@ public ResponseEntity redirectToSPServiceDeskHook(@PathVariable("id") String id, HttpServletResponse response) { Optional optionalSamlAuthenticationRequest = authenticationRequestRepository.findByIdAndNotExpired(id); if (!optionalSamlAuthenticationRequest.isPresent()) { - String idpBaseUrl = (String) this.config.get("idpBaseUrl"); - return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(idpBaseUrl + "/expired")).build(); + String accountBaseUrl = (String) this.config.get("accountBaseUrl"); + return ResponseEntity.status(HttpStatus.FOUND).location(URI.create(accountBaseUrl + "/expired")).build(); } SamlAuthenticationRequest samlAuthenticationRequest = optionalSamlAuthenticationRequest.get(); String userId = samlAuthenticationRequest.getUserId(); @@ -235,7 +234,7 @@ public ResponseEntity redirectToSPServiceDeskHook(@PathVariable("id") String id, context.setAuthentication(authentication); this.securityContextRepository.saveContext(SecurityContextHolder.getContext(), request, response); - String redirectUrl = String.format("%s/personal?servicedesk=start", this.config.get("spBaseUrl")); + String redirectUrl = String.format("%s/personal?servicedesk=start", this.config.get("myconextBaseUrl")); LOG.info(String.format("User %s logged in to process servicedesk request. Redirecting to %s", user.getEmail(), redirectUrl)); @@ -271,7 +270,7 @@ public void doLogout(HttpServletRequest request, } request.getSession().invalidate(); SecurityContextHolder.clearContext(); - String redirectLocation = String.format("%s/landing?%s", this.config.get("spBaseUrl"), param); + String redirectLocation = String.format("%s/landing?%s", this.config.get("myconextBaseUrl"), param); LOG.info(String.format("Logout and redirect to %s", redirectLocation)); @@ -282,7 +281,7 @@ public void doLogout(HttpServletRequest request, public void createFromInstitutionLogin(HttpServletRequest request, HttpServletResponse response, @RequestParam(value = "key") String key) throws IOException { - String redirectUrl = String.format("%s/security", this.config.get("spBaseUrl")); + String redirectUrl = String.format("%s/security", this.config.get("myconextBaseUrl")); doCreateUserFromInstitutionKey(request, response, key, redirectUrl); } @@ -290,7 +289,7 @@ public void createFromInstitutionLogin(HttpServletRequest request, public void createFromMobileApi(HttpServletRequest request, HttpServletResponse response, @RequestParam(value = "h") String hash) throws IOException { - String redirectUrl = String.format("%s/client/mobile/created", this.config.get("idpBaseUrl")); + String redirectUrl = String.format("%s/client/mobile/created", this.config.get("accountBaseUrl")); doCreateUserFromInstitutionKey(request, response, hash, redirectUrl); } diff --git a/public-gui/src/App.jsx b/public-gui/src/App.jsx index f3812c22d..f9c78eb39 100644 --- a/public-gui/src/App.jsx +++ b/public-gui/src/App.jsx @@ -24,8 +24,8 @@ function App() { const host = window.location.host;//test.eduid.nl useAppStore.setState(() => ({ config: { - idpBaseUrl: `https://login.${host}`, - spBaseUrl: `https://mijn.${host}` + accountBaseUrl: `https://login.${host}`, + myconextBaseUrl: `https://mijn.${host}` } })) }, []); diff --git a/public-gui/src/components/Navigation.jsx b/public-gui/src/components/Navigation.jsx index b432ccf84..41c48dd75 100644 --- a/public-gui/src/components/Navigation.jsx +++ b/public-gui/src/components/Navigation.jsx @@ -42,9 +42,9 @@ export const Navigation = ({mobile, path}) => {
diff --git a/public-gui/src/stores/AppStore.js b/public-gui/src/stores/AppStore.js index 77b6f2e5a..735e0668f 100644 --- a/public-gui/src/stores/AppStore.js +++ b/public-gui/src/stores/AppStore.js @@ -2,7 +2,7 @@ import {create} from 'zustand' export const useAppStore = create(() => ({ config: { - idpBaseUrl: "http://localhost:3000", - spBaseUrl: "http://localhost:3000" + accountBaseUrl: "http://localhost:3000", + myconextBaseUrl: "http://localhost:3000" }, })); diff --git a/public-gui/src/terms/PrivacyEN.jsx b/public-gui/src/terms/PrivacyEN.jsx index cf4965073..bf0255b1b 100644 --- a/public-gui/src/terms/PrivacyEN.jsx +++ b/public-gui/src/terms/PrivacyEN.jsx @@ -281,7 +281,7 @@ export const PrivacyEN = () => { the application from receiving your data. You cannot log in to the application with eduID.

- Via My eduID you can see which services you have logged into with + Via My eduID you can see which services you have logged into with eduID.

@@ -338,7 +338,7 @@ export const PrivacyEN = () => { or deleted. You can also request access to the personal data that is processed about you. You can view the information that - eduID has about you on My eduID. You can also change or supplement + eduID has about you on My eduID. You can also change or supplement your details there.

@@ -346,7 +346,7 @@ export const PrivacyEN = () => { If it concerns automatic processing of data provided by you based on consent or the execution of an agreement, you can request an overview in a structured and common form of the personal data that we process - about you via Mijn eduID. You also have the right to have this data transferred to + about you via Mijn eduID. You also have the right to have this data transferred to another party, provided this is technically possible.

diff --git a/public-gui/src/terms/PrivacyNL.jsx b/public-gui/src/terms/PrivacyNL.jsx index a6c4dc311..fd8a623a4 100644 --- a/public-gui/src/terms/PrivacyNL.jsx +++ b/public-gui/src/terms/PrivacyNL.jsx @@ -294,7 +294,7 @@ export const PrivacyNL = () => { applicatie.

- Via Mijn eduID kun je zien welke diensten je via eduID hebt gebruikt. + Via Mijn eduID kun je zien welke diensten je via eduID hebt gebruikt. Aan andere partijen dan bovenstaande verstrekken we je gegevens alléén na jouw toestemming, tenzij het wettelijk verplicht of toegestaan is je gegevens te verstrekken. Zo kan bijvoorbeeld de politie in het kader van een fraudeonderzoek gegevens bij ons opvragen. SURF is dan wettelijk verplicht deze @@ -340,14 +340,14 @@ export const PrivacyNL = () => {

Je hebt het recht om de persoonsgegevens die eduID van jou verwerkt te laten wijzigen, aanvullen of verwijderen. Ook kun je inzage verzoeken in de persoonsgegevens die van je worden verwerkt. De - gegevens die eduID van jou heeft kun je inzien op Mijn eduID. + gegevens die eduID van jou heeft kun je inzien op Mijn eduID. Daar kun je je gegevens ook wijzigen of aanvullen.

Als het gaat om een automatische verwerking van door jou zelf verstrekte gegevens op basis van toestemming of de uitvoering van een overeenkomst, kun je een overzicht in een gestructureerde en - gangbare vorm opvragen van de persoonsgegevens die wij van jou verwerken via Mijn eduID. Ook heb je + gangbare vorm opvragen van de persoonsgegevens die wij van jou verwerken via Mijn eduID. Ook heb je het recht op overdraagbaarheid van deze gegevens naar een andere partij, mits dit technisch mogelijk is.

diff --git a/servicedesk-gui/src/pages/Forbidden.jsx b/servicedesk-gui/src/pages/Forbidden.jsx index 8f62101f5..91003db71 100644 --- a/servicedesk-gui/src/pages/Forbidden.jsx +++ b/servicedesk-gui/src/pages/Forbidden.jsx @@ -12,7 +12,7 @@ const Forbidden = () => { const {config} = useAppStore.getState(); logout().then(() => { useAppStore.setState(() => ({breadcrumbPath: [], user: {}, controlCode: {}})); - window.location.href = `${config.idpBaseUrl}/doLogout?param=${encodeURIComponent("logout=true")}`; + window.location.href = `${config.accountBaseUrl}/doLogout?param=${encodeURIComponent("logout=true")}`; }); } From b0d115e3d56e7d5416e87ba0af150e578a2d843d Mon Sep 17 00:00:00 2001 From: Ricardo van der Heijden <20791917+ricardovdheijden@users.noreply.github.com> Date: Wed, 1 Jul 2026 11:10:11 +0200 Subject: [PATCH 3/6] Merges variable "domain" into "base_domain" --- account-gui/src/components/Footer.svelte | 2 +- account-gui/src/routes/ExternalAccountLinkedError.svelte | 4 ++-- account-gui/src/routes/LinkExpired.svelte | 4 ++-- account-gui/src/routes/MaxAttempts.svelte | 4 ++-- account-gui/src/stores/conf.js | 2 +- myconext-gui/src/components/Footer.svelte | 2 +- myconext-gui/src/stores/user.js | 1 - .../src/main/java/myconext/api/LoginController.java | 2 -- myconext-server/src/main/resources/application.yml | 1 - 9 files changed, 9 insertions(+), 13 deletions(-) diff --git a/account-gui/src/components/Footer.svelte b/account-gui/src/components/Footer.svelte index 00411f4ca..14b063dc2 100644 --- a/account-gui/src/components/Footer.svelte +++ b/account-gui/src/components/Footer.svelte @@ -8,7 +8,7 @@ const changeLanguage = lang => () => { const urlSearchParams = new URLSearchParams(window.location.search); urlSearchParams.set("lang", lang); - const domain = $conf.domain; + const domain = $conf.baseDomain; Cookies.set("lang", lang, { expires: 365, secure: window.location.protocol.startsWith("https"), diff --git a/account-gui/src/routes/ExternalAccountLinkedError.svelte b/account-gui/src/routes/ExternalAccountLinkedError.svelte index 4e640dc61..d904fa976 100644 --- a/account-gui/src/routes/ExternalAccountLinkedError.svelte +++ b/account-gui/src/routes/ExternalAccountLinkedError.svelte @@ -42,5 +42,5 @@

{@html DOMPurify.sanitize(errorDescription)}

{/if} -