Merge pull request #33 from navikt/ktor-3

Tilpasser ktor 3. Fjerner logikk for gamle innloggingsnivå.

Author: chris-santa

azure-validation/src/main/kotlin/no/nav/tms/token/support/azure/validation/AzurePrincipal.kt

@@ -3,4 +3,4 @@ package no.nav.tms.token.support.azure.validation
 import com.auth0.jwt.interfaces.DecodedJWT
 import io.ktor.server.auth.*
 
-data class AzurePrincipal(val decodedJWT: DecodedJWT) : Principal
+data class AzurePrincipal(val decodedJWT: DecodedJWT)

buildSrc/src/main/kotlin/dependencies.kt

@@ -18,7 +18,7 @@ object Caffeine : DependencyGroup {
 }
 
 object JacksonDatatype: DependencyGroup {
-    override val version get() = "2.17.0"
+    override val version get() = "2.18.0"
 
     val datatypeJsr310 get() = dependency("jackson-datatype-jsr310", groupId = "com.fasterxml.jackson.datatype")
     val moduleKotlin get() = dependency("jackson-module-kotlin", groupId = "com.fasterxml.jackson.module")
@@ -30,15 +30,15 @@ object Kotlin {
 
 object Kotest : DependencyGroup {
     override val groupId = "io.kotest"
-    override val version = "5.8.1"
+    override val version = "5.9.1"
 
     val runnerJunit = dependency("kotest-runner-junit5")
     val assertionsCore = dependency("kotest-assertions-core")
     val extensions = dependency("kotest-extensions")
 }
 
 object Ktor : DependencyGroup {
-    override val version = "2.3.10"
+    override val version = "3.0.1"
     override val groupId = "io.ktor"
 
     val serverAuth = dependency("ktor-server-auth")
@@ -59,28 +59,28 @@ object Ktor : DependencyGroup {
 
 object KotlinLogging : DependencyGroup {
     override val groupId = "io.github.oshai"
-    override val version = "6.0.4"
+    override val version = "7.0.0"
 
     val logging = dependency("kotlin-logging")
 }
 
 
 object Logback : DependencyGroup {
-    override val version = "1.4.14"
+    override val version = "1.5.12"
     override val groupId = "ch.qos.logback"
 
     val classic = dependency("logback-classic")
 }
 
 object Mockk : DependencyGroup {
-    override val version = "1.13.10"
+    override val version = "1.13.13"
     override val groupId = "io.mockk"
 
     val mockk = dependency("mockk")
 }
 
 object Nimbusds : DependencyGroup {
-    override val version = "9.37.3"
+    override val version = "9.42"
     override val groupId = "com.nimbusds"
 
     val joseJwt = dependency("nimbus-jose-jwt")

idporten-sidecar-mock/README.md

@@ -29,7 +29,7 @@ fun Application.setup() {
     installIdPortenAuthMock {
         setAsDefault = false
         alwaysAuthenticated = true
-        staticLevelOfAssurance = LEVEL_4
+        staticLevelOfAssurance = HIGH
         staticUserPid = '123'
     }
 }

idporten-sidecar-mock/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/mock/config.kt

@@ -12,8 +12,6 @@ fun AuthenticationConfig.idPortenMock(configure: IdPortenMockedAuthenticatorConf
 }
 
 enum class LevelOfAssurance(val claim: String) {
-    LEVEL_3("Level3"),
-    LEVEL_4("Level4"),
     SUBSTANTIAL("idporten-loa-substantial"),
     HIGH("idporten-loa-high")
 }

idporten-sidecar/README.md

@@ -23,7 +23,6 @@ Her er det en rekke variabler:
 
 - `authenticatorName`: Bestemmer navnet på autentikatoren. Default `IdPortenAuthenticator.name`
 - `setAsDefault`: (Optional) Setter denne autentikatoren som default. Default 'false'
-- `loginLevel`: Deprecated - Bruk `levelOfAssurance` i stedet.
 - `levelOfAssurance` (Optional) Setter minimum level-of-assurance for endepunkt. Default 'HIGH'
 - `enableDefaultProxy`: (Optional) Bestemmer hvorvidt system-default proxy skal brukes ved kall mot andre tjenester. Nødvendig for on-prem apper med webproxy. Default 'false'.
 

idporten-sidecar/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/IdPortenLogin.kt

@@ -22,7 +22,7 @@ class IdPortenLogin {
 
             val config = IdPortenLoginConfig().also(configure)
 
-            val hello = pipeline.environment.rootPath
+            val hello = pipeline.rootPath
 
             pipeline.routing {
                 idPortenLoginApi(

idporten-sidecar/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/IdPortenTokenPrincipal.kt

@@ -3,8 +3,6 @@ package no.nav.tms.token.support.idporten.sidecar
 import com.auth0.jwt.interfaces.DecodedJWT
 import io.ktor.server.auth.*
 
-data class IdPortenTokenPrincipal(
-        val accessToken: DecodedJWT
-) : Principal {
-        fun ident(identClaim: String = "pid"): String = accessToken.getClaim(identClaim).asString()
+data class IdPortenTokenPrincipal(val accessToken: DecodedJWT) {
+    fun ident(identClaim: String = "pid"): String = accessToken.getClaim(identClaim).asString()
 }

idporten-sidecar/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/config.kt

@@ -18,8 +18,6 @@ class IdportenAuthenticationConfig {
 
     var setAsDefault: Boolean = false
 
-    @Deprecated("Numbered login levels are deprecated as of Q4 2023. Set levelOfAssurance instead")
-    var loginLevel: LoginLevel? = null
     var levelOfAssurance: LevelOfAssurance = HIGH
 
     var enableDefaultProxy: Boolean = false
@@ -30,10 +28,6 @@ enum class LevelOfAssurance {
     HIGH // Equivalent to old Level4
 }
 
-enum class LoginLevel {
-    LEVEL_3, LEVEL_4
-}
-
 // Name of token authenticator. See README for example of use
 object IdPortenAuthenticator {
     const val name = "idporten_access_token"

idporten-sidecar/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/install/IdPortenInstaller.kt

@@ -4,10 +4,8 @@ import io.github.oshai.kotlinlogging.KotlinLogging
 import io.ktor.server.auth.*
 import no.nav.tms.token.support.idporten.sidecar.IdportenAuthenticationConfig
 import no.nav.tms.token.support.idporten.sidecar.LevelOfAssurance
-import no.nav.tms.token.support.idporten.sidecar.LoginLevel
 
 internal object IdPortenInstaller {
-    private val log = KotlinLogging.logger { }
 
     // Register authenticator for id-porten tokens
     // This can apply to any number of endpoints.
@@ -16,7 +14,7 @@ internal object IdPortenInstaller {
     ) {
         val tokenVerifier = initializeTokenVerifier(
             enableDefaultProxy = config.enableDefaultProxy,
-            minLevelOfAssurance = getMinLoa(config.levelOfAssurance, config.loginLevel)
+            minLevelOfAssurance = getMinLoa(config.levelOfAssurance)
         )
 
         registerIdPortenValidationProvider(
@@ -25,21 +23,12 @@ internal object IdPortenInstaller {
         )
     }
 
-    private fun getMinLoa(loa: LevelOfAssurance, loginLevel: LoginLevel?): IdPortenLevelOfAssurance {
-        return if (loginLevel != null) {
-            log.warn { "loginLevel will be deprecated as of Q4 2023. Use levelOfAssurance setting instead." }
-            when (loginLevel) {
-                LoginLevel.LEVEL_3 -> IdPortenLevelOfAssurance.Substantial
-                LoginLevel.LEVEL_4 -> IdPortenLevelOfAssurance.High
-            }
-        } else {
-            when (loa) {
-                LevelOfAssurance.SUBSTANTIAL -> IdPortenLevelOfAssurance.Substantial
-                LevelOfAssurance.HIGH -> IdPortenLevelOfAssurance.High
-            }
-        }
+    private fun getMinLoa(loa: LevelOfAssurance) = when (loa) {
+        LevelOfAssurance.SUBSTANTIAL -> IdPortenLevelOfAssurance.Substantial
+        LevelOfAssurance.HIGH -> IdPortenLevelOfAssurance.High
     }
 
+
     private fun getAuthenticatorName(config: IdportenAuthenticationConfig): String? {
         return if (config.setAsDefault) {
             null

idporten-sidecar/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/install/IdPortenLevelOfAssurance.kt

@@ -1,8 +1,6 @@
 package no.nav.tms.token.support.idporten.sidecar.install
 
 internal enum class IdPortenLevelOfAssurance(val acr: String, val relativeValue: Int) {
-    Level3("Level3", 2),
-    Level4("Level4", 3),
     Low("idporten-loa-low", 1),
     Substantial("idporten-loa-substantial", 2),
     High("idporten-loa-high", 3);

idporten-sidecar/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/install/loginApi.kt

@@ -112,8 +112,8 @@ internal data class LoginStatus(
     companion object {
         fun unauthenticated() = LoginStatus(false, null, null)
         fun authenticated(levelOfAssuranceInternal: IdPortenLevelOfAssurance) = when (levelOfAssuranceInternal) {
-            IdPortenLevelOfAssurance.Level3, IdPortenLevelOfAssurance.Substantial -> LoginStatus(true, 3, IdPortenLevelOfAssurance.Substantial.name)
-            IdPortenLevelOfAssurance.Level4, IdPortenLevelOfAssurance.High -> LoginStatus(true, 4, IdPortenLevelOfAssurance.High.name)
+            IdPortenLevelOfAssurance.Substantial -> LoginStatus(true, 3, IdPortenLevelOfAssurance.Substantial.name)
+            IdPortenLevelOfAssurance.High -> LoginStatus(true, 4, IdPortenLevelOfAssurance.High.name)
             else -> throw IllegalStateException()
         }
     }

idporten-sidecar/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/user/IdportenUser.kt

@@ -7,7 +7,6 @@ import java.time.temporal.ChronoUnit
 
 data class IdportenUser (
     val ident: String,
-    @Deprecated("Use levelOfAssurance instead.") val loginLevel: Int,
     val levelOfAssurance: LevelOfAssurance,
     val tokenExpirationTime: Instant,
     val jwt: DecodedJWT

idporten-sidecar/src/main/kotlin/no/nav/tms/token/support/idporten/sidecar/user/IdportenUserFactory.kt

@@ -34,30 +34,20 @@ object IdportenUserFactory {
 
 
         val acrLoA = extractLevelOfAssurance(accessToken)
-        val loginLevel = mapLoginLevel(acrLoA)
         val levelOfAssurance = mapLevelOfAssurance(acrLoA)
 
         val expirationTime =
             getTokenExpirationLocalDateTime(
                 accessToken
             )
 
-        return IdportenUser(ident, loginLevel, levelOfAssurance, expirationTime, accessToken)
-    }
-
-    private fun mapLoginLevel(levelOfAssurance: IdPortenLevelOfAssurance): Int {
-
-        return when (levelOfAssurance) {
-            Level3, Substantial -> 3
-            Level4, High -> 4
-            Low -> throw RuntimeException("Level of assurance 'low' er ikke støttet.")
-        }
+        return IdportenUser(ident, levelOfAssurance, expirationTime, accessToken)
     }
 
     private fun mapLevelOfAssurance(levelOfAssurance: IdPortenLevelOfAssurance): LevelOfAssurance {
         return when (levelOfAssurance) {
-            Level3, Substantial -> SUBSTANTIAL
-            Level4, High -> HIGH
+            Substantial -> SUBSTANTIAL
+            High -> HIGH
             Low -> throw RuntimeException("Level of assurance 'low' er ikke støttet.")
         }
     }

idporten-sidecar/src/test/kotlin/no/nav/tms/token/support/idporten/sidecar/IdPortenPluginTest.kt

@@ -2,17 +2,15 @@ package no.nav.tms.token.support.idporten.sidecar
 
 import com.auth0.jwt.interfaces.Claim
 import com.auth0.jwt.interfaces.DecodedJWT
-import com.fasterxml.jackson.databind.node.NullNode
 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
-import io.kotest.matchers.nulls.shouldBeNull
 import io.kotest.matchers.shouldBe
 import io.ktor.client.*
 import io.ktor.client.request.*
 import io.ktor.client.statement.*
 import io.ktor.http.*
 import io.ktor.server.application.*
 import io.ktor.server.testing.*
-import io.ktor.util.*
+import io.ktor.utils.io.*
 import io.mockk.*
 import no.nav.tms.token.support.idporten.sidecar.install.HttpClientBuilder
 import no.nav.tms.token.support.idporten.sidecar.install.IdPortenLevelOfAssurance
@@ -101,7 +99,6 @@ class IdPortenPluginTest {
                 .let(objectMapper::readTree)
                 .let {
                     it["authenticated"]?.asBoolean() shouldBe true
-                    it["level"]?.asInt() shouldBe 4
                     it["levelOfAssurance"]?.asText() shouldBe IdPortenLevelOfAssurance.High.name
                 }
         }

tokenx-validation-mock/README.md

@@ -30,7 +30,7 @@ fun Application.setup() {
         tokenXMock { 
             setAsDefault = false
             alwaysAuthenticated = true
-            staticLevelOfAssurance = LEVEL_4
+            staticLevelOfAssurance = HIGH
             staticUserPid = '123'
         }
     }

tokenx-validation-mock/src/main/kotlin/no/nav/tms/token/support/tokenx/validation/mock/config.kt

@@ -12,8 +12,6 @@ fun AuthenticationConfig.tokenXMock(configure: TokenXMockedAuthenticatorConfig.(
 }
 
 enum class LevelOfAssurance(val claim: String) {
-    LEVEL_3("Level3"),
-    LEVEL_4("Level4"),
     SUBSTANTIAL("idporten-loa-substantial"),
     HIGH("idporten-loa-high")
 }

tokenx-validation-mock/src/test/kotlin/no/nav/tms/token/support/tokenx/validation/mock/TokenXAuthTest.kt

@@ -45,7 +45,7 @@ internal class TokenXAuthTest {
                     tokenXMock {
                         alwaysAuthenticated = true
                         staticUserPid = userPid
-                        staticLevelOfAssurance = LevelOfAssurance.LEVEL_4
+                        staticLevelOfAssurance = LevelOfAssurance.HIGH
                     }
                 }
             }

tokenx-validation/src/main/kotlin/no/nav/tms/token/support/tokenx/validation/TokenXPrincipal.kt

@@ -3,6 +3,6 @@ package no.nav.tms.token.support.tokenx.validation
 import com.auth0.jwt.interfaces.DecodedJWT
 import io.ktor.server.auth.*
 
-data class TokenXPrincipal(val decodedJWT: DecodedJWT) : Principal {
+data class TokenXPrincipal(val decodedJWT: DecodedJWT) {
     fun ident(identClaim: String = "pid"): String = decodedJWT.getClaim(identClaim).asString()
 }

tokenx-validation/src/main/kotlin/no/nav/tms/token/support/tokenx/validation/install/IdPortenLevelOfAssurance.kt

@@ -1,8 +1,6 @@
 package no.nav.tms.token.support.tokenx.validation.install
 
 internal enum class IdPortenLevelOfAssurance(val acr: String, val relativeValue: Int) {
-    Level3("Level3", 2),
-    Level4("Level4", 3),
     Low("idporten-loa-low", 1),
     Substantial("idporten-loa-substantial", 2),
     High("idporten-loa-high", 3);

tokenx-validation/src/main/kotlin/no/nav/tms/token/support/tokenx/validation/user/TokenXUser.kt

@@ -7,7 +7,6 @@ import java.time.temporal.ChronoUnit
 
 data class TokenXUser (
     val ident: String,
-    @Deprecated("Use levelOfAssurance instead.") val loginLevel: Int,
     val levelOfAssurance: LevelOfAssurance,
     val tokenExpirationTime: Instant,
     val jwt: DecodedJWT

tokenx-validation/src/main/kotlin/no/nav/tms/token/support/tokenx/validation/user/TokenXUserFactory.kt

@@ -29,30 +29,17 @@ object TokenXUserFactory {
 
         val acrLoA = IdPortenLevelOfAssurance.fromAcr(token.getClaim("acr").asString())
 
-        val loginLevel = mapLoginLevel(acrLoA)
         val levelOfAssurance = mapLevelOfAssurance(acrLoA)
 
-        val expirationTime =
-            getTokenExpirationLocalDateTime(
-                token
-            )
+        val expirationTime = getTokenExpirationLocalDateTime(token)
 
-        return TokenXUser(ident, loginLevel, levelOfAssurance, expirationTime, token)
-    }
-
-    private fun mapLoginLevel(levelOfAssurance: IdPortenLevelOfAssurance): Int {
-
-        return when (levelOfAssurance) {
-            Level3, Substantial -> 3
-            Level4, High -> 4
-            Low -> throw RuntimeException("Level of assurance 'low' er ikke støttet.")
-        }
+        return TokenXUser(ident, levelOfAssurance, expirationTime, token)
     }
 
     private fun mapLevelOfAssurance(levelOfAssurance: IdPortenLevelOfAssurance): LevelOfAssurance {
         return when (levelOfAssurance) {
-            Level3, Substantial -> SUBSTANTIAL
-            Level4, High -> HIGH
+            Substantial -> SUBSTANTIAL
+            High -> HIGH
             Low -> throw RuntimeException("Level of assurance 'low' er ikke støttet.")
         }
     }