Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(jans-auth):unable to login with super_gluu as acr #8944

Merged
merged 2 commits into from
Jul 11, 2024
Merged

fix(jans-auth):unable to login with super_gluu as acr #8944

merged 2 commits into from
Jul 11, 2024

Conversation

mjatin-dev
Copy link
Contributor

@mjatin-dev mjatin-dev commented Jul 10, 2024
edited by mo-auto
Loading

Prepare

Description
#8883

Target issue
closes #8883

Implementation Details

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #8945,

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jul 10, 2024
edited
Loading

DryRun Security Summary

The pull request adds the "jquery-ui.min.js" file to the "login-extended-template.xhtml" file, which is a commonly used JavaScript library for enhancing the user interface of web applications, and it is important to ensure that the version being used is up-to-date and that the library is being used securely within the application.

Expand for full summary

Summary:

The code change in this pull request involves the addition of the "jquery-ui.min.js" file to the list of script files included in the "login-extended-template.xhtml" file. From an application security perspective, the inclusion of the jQuery UI library is not inherently concerning, as it is a popular JavaScript library used to enhance the user experience of web applications.

However, it is important to ensure that the version of jQuery UI being used is up-to-date and does not contain any known security vulnerabilities. Outdated versions of jQuery UI may have vulnerabilities that could be exploited by attackers, leading to potential security issues in the application. Additionally, it is recommended to review the use of the jQuery UI library within the application to ensure that it is being used securely and that any user input is properly sanitized and validated to prevent common web application vulnerabilities, such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).

Files Changed:

  • jans-auth-server/server/src/main/webapp/WEB-INF/incl/layout/login-extended-template.xhtml: This file has been updated to include the "jquery-ui.min.js" file, which is a commonly used JavaScript library for enhancing the user interface of web applications. While the inclusion of this library is not inherently concerning, it is important to ensure that the version being used is up-to-date and that the library is being used securely within the application.

Code Analysis

We ran 7 analyzers against 2 files and 0 analyzers had findings. 7 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

We are currently analyzing this pull request to produce a meaningful summary.

Code Analysis

We ran 7 analyzers against 2 files and 0 analyzers had findings. 7 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto
Copy link
Member

mo-auto commented Jul 10, 2024

Error: Hi @mjatin-dev, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@mo-auto mo-auto mentioned this pull request Jul 10, 2024
Closed
@mo-auto mo-auto added comp-jans-auth-server Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality labels Jul 10, 2024
yurem
yurem previously approved these changes Jul 10, 2024
View reviewed changes
yuremm
yuremm previously approved these changes Jul 10, 2024
View reviewed changes
@yuremm yuremm enabled auto-merge (squash) July 10, 2024 18:58
@mjatin-dev mjatin-dev dismissed stale reviews from yuremm and yurem via 37bca93 July 10, 2024 19:03
@moabu moabu disabled auto-merge July 11, 2024 06:48
@moabu moabu mentioned this pull request Jul 11, 2024
Closed
@moabu moabu merged commit aa29413 into main Jul 11, 2024
9 checks passed
@moabu moabu deleted the jans-auth-server-8883 branch July 11, 2024 06:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyz yuriyz yuriyz approved these changes

@moabu moabu moabu approved these changes

@yuriyzz yuriyzz yuriyzz approved these changes

@yurem yurem yurem left review comments

@yuremm yuremm yuremm left review comments

Assignees
No one assigned
Labels
comp-jans-auth-server Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
7 participants
@mjatin-dev @mo-auto @yuriyz @yurem @moabu @yuriyzz @yuremm