Merge branch 'release/v1.7.7-1'

Author: Marco Bergen

CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.7.7-1] - 2025-03-13
+### Changed
+- [#240] Change error pages to show the new design
+- [#240] Remove ticket query param if invalid instead of showing an error page
+- Update makefiles to 9.6.0
+- Update ces-build-lib to 4.1.0
+- Update dogu-build-lib to 3.1.0
+
 ## [v1.7.6-2] - 2025-02-12
 ### Changed
 - [#238] Add missing keys to dogu.json

Dockerfile

@@ -18,7 +18,7 @@ RUN set -x \
 
 FROM registry.cloudogu.com/official/java:21.0.5-1
 LABEL NAME="official/smeagol" \
-      VERSION="1.7.6-2" \
+      VERSION="1.7.7-1" \
       maintainer="hello@cloudogu.com"
 
 ENV SERVICE_TAGS=webapp \

Jenkinsfile

@@ -1,5 +1,5 @@
 #!groovy
-@Library(['github.com/cloudogu/ces-build-lib@2.2.1', 'github.com/cloudogu/dogu-build-lib@v2.3.1'])
+@Library(['github.com/cloudogu/ces-build-lib@4.1.0', 'github.com/cloudogu/dogu-build-lib@v3.1.0'])
 import com.cloudogu.ces.cesbuildlib.*
 import com.cloudogu.ces.dogubuildlib.*
 
@@ -15,7 +15,6 @@ GitHub github = new GitHub(this, git)
 Changelog changelog = new Changelog(this)
 
 EcoSystem ecoSystem = new EcoSystem(this, "gcloud-ces-operations-internal-packer", "jenkins-gcloud-ces-operations-internal")
-Trivy trivy = new Trivy(this, ecoSystem)
 
 parallel(
   "source code": {
@@ -112,6 +111,8 @@ parallel(
             booleanParam(defaultValue: true, description: 'Enables cypress to take screenshots of failing integration tests.', name: 'EnableScreenshotRecording'),
             booleanParam(defaultValue: false, description: 'Test dogu upgrade from latest release or optionally from defined version below', name: 'TestDoguUpgrade'),
             string(defaultValue: '', description: 'Old Dogu version for the upgrade test (optional; e.g. 2.222.1-1)', name: 'OldDoguVersionForUpgradeTest'),
+            choice(name: 'TrivySeverityLevels', choices: [TrivySeverityLevel.CRITICAL, TrivySeverityLevel.HIGH_AND_ABOVE, TrivySeverityLevel.MEDIUM_AND_ABOVE, TrivySeverityLevel.ALL], description: 'The levels to scan with trivy', defaultValue: TrivySeverityLevel.CRITICAL),
+            choice(name: 'TrivyStrategy', choices: [TrivyScanStrategy.UNSTABLE, TrivyScanStrategy.FAIL, TrivyScanStrategy.IGNORE], description: 'Define whether the build should be unstable, fail or whether the error should be ignored if any vulnerability was found.', defaultValue: TrivyScanStrategy.UNSTABLE)
           ])
         ])
 
@@ -143,9 +144,12 @@ parallel(
             }
 
             stage('Trivy scan') {
-              trivy.scanDogu("/dogu", TrivyScanFormat.HTML, TrivyScanLevel.CRITICAL, TrivyScanStrategy.UNSTABLE)
-              trivy.scanDogu("/dogu", TrivyScanFormat.JSON, TrivyScanLevel.CRITICAL, TrivyScanStrategy.UNSTABLE)
-              trivy.scanDogu("/dogu", TrivyScanFormat.PLAIN, TrivyScanLevel.CRITICAL, TrivyScanStrategy.UNSTABLE)
+              ecoSystem.copyDoguImageToJenkinsWorker("/dogu")
+              Trivy trivy = new Trivy(this)
+              trivy.scanDogu(".", params.TrivySeverityLevels, params.TrivyStrategy)
+              trivy.saveFormattedTrivyReport(TrivyScanFormat.TABLE)
+              trivy.saveFormattedTrivyReport(TrivyScanFormat.JSON)
+              trivy.saveFormattedTrivyReport(TrivyScanFormat.HTML)
             }
 
             stage('Verify') {

Makefile

@@ -1,4 +1,4 @@
-MAKEFILES_VERSION=9.5.0
+MAKEFILES_VERSION=9.6.0
 
 .DEFAULT_GOAL:=dogu-release
 

build/make/k8s.mk

@@ -36,11 +36,11 @@ K3S_LOCAL_REGISTRY_PORT?=30099
 
 # The URL of the container-registry to use. Defaults to the registry of the local-cluster.
 # If RUNTIME_ENV is "remote" it is "registry.cloudogu.com/testing"
-CES_REGISTRY_HOST?="${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}"
+CES_REGISTRY_HOST?=${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}
 CES_REGISTRY_NAMESPACE ?=
 ifeq (${RUNTIME_ENV}, remote)
-	CES_REGISTRY_HOST="registry.cloudogu.com"
-	CES_REGISTRY_NAMESPACE="/testing"
+	CES_REGISTRY_HOST=registry.cloudogu.com
+	CES_REGISTRY_NAMESPACE=/testing
 endif
 $(info CES_REGISTRY_HOST=$(CES_REGISTRY_HOST))
 

build/make/prerelease.mk

@@ -3,4 +3,4 @@
 
 .PHONY: prerelease_namespace
 prerelease_namespace:
-	build/make/stagex.sh prerelease_namespace
+	build/make/prerelease.sh prerelease_namespace

build/make/prerelease.sh

@@ -5,21 +5,29 @@ set -o pipefail
 
 prerelease_namespace() {
 
+  TIMESTAMP=$(date +"%Y%m%d%H%M%S")
+
   # Update version in dogu.json
   if [ -f "dogu.json" ]; then
     echo "Updating name in dogu.json..."
     ORIG_NAME="$(jq -r ".Name" ./dogu.json)"
+    ORIG_VERSION="$(jq -r ".Version" ./dogu.json)"
     PRERELEASE_NAME="prerelease_${ORIG_NAME}"
+    PRERELEASE_VERSION="${ORIG_VERSION}${TIMESTAMP}"
     jq ".Name = \"${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
+    jq ".Version = \"${PRERELEASE_VERSION}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
     jq ".Image = \"registry.cloudogu.com/${PRERELEASE_NAME}\"" dogu.json >dogu2.json && mv dogu2.json dogu.json
   fi
 
   # Update version in Dockerfile
   if [ -f "Dockerfile" ]; then
     echo "Updating version in Dockerfile..."
-    ORIG_NAME="$(grep -oP "^[ ]*NAME=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')"
+    ORIG_NAME="$(grep -oP ".*[ ]*NAME=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')"
+    ORIG_VERSION="$(grep -oP ".*[ ]*VERSION=\"([^\"]*)" Dockerfile | awk -F "\"" '{print $2}')"
     PRERELEASE_NAME="prerelease_$( echo -e "$ORIG_NAME" | sed 's/\//\\\//g' )"
-    sed -i "s/\(^[ ]*NAME=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_NAME}\3/" Dockerfile
+    PRERELEASE_VERSION="${ORIG_VERSION}${TIMESTAMP}"
+    sed -i "s/\(.*[ ]*NAME=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_NAME}\3/" Dockerfile
+    sed -i "s/\(.*[ ]*VERSION=\"\)\([^\"]*\)\(.*$\)/\1${PRERELEASE_VERSION}\3/" Dockerfile
   fi
 
 }

build/make/release.mk

@@ -4,7 +4,7 @@
 
 .PHONY: dogu-release
 dogu-release: ## Start a dogu release
-	build/make/release.sh dogu
+	build/make/release.sh dogu "${FIXED_CVE_LIST}" $(DRY_RUN)
 
 .PHONY: node-release
 node-release: ## Start a node package release

build/make/self-update.mk

@@ -24,4 +24,9 @@ copy-new-files:
 .PHONY: update-build-libs
 update-build-libs:
 	@echo "Check for newer Build-Lib versions"
-	build/make/self-update.sh buildlibs
+	build/make/self-update.sh buildlibs
+
+.PHONY: set-dogu-version
+set-dogu-version:
+	@echo "Set Version of Dogu without Release"
+	build/make/self-update.sh versions

build/make/self-update.sh

@@ -3,6 +3,10 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+
+# shellcheck disable=SC1090
+source "$(pwd)/build/make/release_functions.sh"
+
 TYPE="${1}"
 
 update_build_libs() {
@@ -34,12 +38,23 @@ get_highest_version() {
 # Patch Jenkinsfile
 update_jenkinsfile() {
   sed -i "s/ces-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/ces-build-lib@$(get_highest_version ces)/g" Jenkinsfile
-  sed -i "s/dugu-build-lib@[[:digit:]].[[:digit:]].[[:digit:]]/dogu-build-lib@$(get_highest_version dogu)/g" Jenkinsfile
+  sed -i "s/dogu-build-lib@v[[:digit:]].[[:digit:]].[[:digit:]]/dogu-build-lib@v$(get_highest_version dogu)/g" Jenkinsfile
+}
+
+# Patch Dogu Version without Release
+set_dogu_version() {
+  CURRENT_TOOL_VERSION=$(get_current_version_by_dogu_json)
+  echo "$(tput setaf 1)ATTENTION: Make sure that the new version corresponds to the current software version$(tput sgr0)"
+  NEW_RELEASE_VERSION="$(read_new_version)"
+  validate_new_version "${NEW_RELEASE_VERSION}"
+  update_versions "${NEW_RELEASE_VERSION}"
 }
 
 # switch for script entrypoint
 if [[ "${TYPE}" == "buildlibs" ]];then
   update_build_libs
+elif [[ "${TYPE}" == "versions" ]];then
+  set_dogu_version
 else
   echo "Unknown target ${TYPE}"
 fi

build/make/test-common.mk

@@ -1,6 +1,6 @@
 GO_JUNIT_REPORT=$(UTILITY_BIN_PATH)/go-junit-report
-GO_JUNIT_REPORT_VERSION=v1.0.0
+GO_JUNIT_REPORT_VERSION=v2.1.0
 
 $(GO_JUNIT_REPORT): $(UTILITY_BIN_PATH)
 	@echo "Download go-junit-report..."
-	@$(call go-get-tool,$@,github.com/jstemmer/go-junit-report@$(GO_JUNIT_REPORT_VERSION))
+	@$(call go-get-tool,$@,github.com/jstemmer/go-junit-report/v2@$(GO_JUNIT_REPORT_VERSION))

build/make/test-unit.mk

@@ -1,6 +1,7 @@
 ##@ Unit testing
 
 UNIT_TEST_DIR=$(TARGET_DIR)/unit-tests
+XUNIT_JSON=$(UNIT_TEST_DIR)/report.json
 XUNIT_XML=$(UNIT_TEST_DIR)/unit-tests.xml
 UNIT_TEST_LOG=$(UNIT_TEST_DIR)/unit-tests.log
 COVERAGE_REPORT=$(UNIT_TEST_DIR)/coverage.out
@@ -9,9 +10,9 @@ PRE_UNITTESTS?=
 POST_UNITTESTS?=
 
 .PHONY: unit-test
-unit-test: $(XUNIT_XML) ## Start unit tests
+unit-test: $(XUNIT_JSON) ## Start unit tests
 
-$(XUNIT_XML): $(SRC) $(GO_JUNIT_REPORT)
+$(XUNIT_JSON): $(SRC) $(GO_JUNIT_REPORT)
 ifneq ($(strip $(PRE_UNITTESTS)),)
 	@make $(PRE_UNITTESTS)
 endif
@@ -20,13 +21,15 @@ endif
 	@echo 'mode: set' > ${COVERAGE_REPORT}
 	@rm -f $(UNIT_TEST_LOG) || true
 	@for PKG in $(PACKAGES) ; do \
-    ${GO_CALL} test -v $$PKG -coverprofile=${COVERAGE_REPORT}.tmp 2>&1 | tee $(UNIT_TEST_LOG).tmp ; \
+    ${GO_CALL} test -v $$PKG -coverprofile=${COVERAGE_REPORT}.tmp -json 2>&1 | tee $(UNIT_TEST_LOG).tmp ; \
 		cat ${COVERAGE_REPORT}.tmp | tail +2 >> ${COVERAGE_REPORT} ; \
 		rm -f ${COVERAGE_REPORT}.tmp ; \
 		cat $(UNIT_TEST_LOG).tmp >> $(UNIT_TEST_LOG) ; \
 		rm -f $(UNIT_TEST_LOG).tmp ; \
 	done
-	@cat $(UNIT_TEST_LOG) | $(GO_JUNIT_REPORT) > $@
+	@cat $(UNIT_TEST_LOG) >> $@
+	@cat $(UNIT_TEST_LOG) | $(GO_JUNIT_REPORT) -parser gojson > $(XUNIT_XML)
+
 	@if grep '^FAIL' $(UNIT_TEST_LOG); then \
 		exit 1; \
 	fi

docs/gui/release_notes_de.md

@@ -6,6 +6,11 @@ Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https
 
 ## [Unreleased]
 
+## [v1.7.7-1] - 2025-03-13
+
+- Das Design der Fehlerseiten wurde überarbeitet
+- Es wurde ein Fehler behoben, der aufgetreten ist, wenn ein ungültiges CAS-Service-Ticket verwendet wurde
+
 ## [v1.7.6-2] - 2025-02-12
 
 Wir haben nur technische Änderungen vorgenommen. Näheres finden Sie in den Changelogs.

docs/gui/release_notes_en.md

@@ -6,11 +6,15 @@ Technical details on a release can be found in the corresponding [Changelog](htt
 
 ## [Unreleased]
 
+## [v1.7.7-1] - 2025-03-13
+
+- The design of the error pages has been revised
+- Fixed an error that occurred when an invalid CAS service ticket was used
+
 ## [v1.7.6-2] - 2025-02-12
 
 We have only made technical changes. You can find more details in the changelogs.
 
-
 ## [v1.7.6-1] - 2025-01-10
 **The release fixes a critical security vulnerability ([CVE-2024-56337](https://github.com/advisories/GHSA-27hp-xhwr-wr2m)). An update is therefore recommended.**
 

dogu.json

@@ -1,6 +1,6 @@
 {
   "Name": "official/smeagol",
-  "Version": "1.7.6-2",
+  "Version": "1.7.7-1",
   "DisplayName": "Smeagol",
   "Description": "Store your technical documentation with in your git repositories",
   "Category": "Development Apps",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "smeagol",
-  "version": "1.7.6-2",
+  "version": "1.7.7-1",
   "private": true,
   "license": "AGPL-3.0-only",
   "dependencies": {

pom.xml

@@ -12,7 +12,7 @@
 
     <groupId>com.cloudogu.wiki</groupId>
     <artifactId>smeagol</artifactId>
-    <version>1.7.6-2</version>
+    <version>1.7.7-1</version>
     <name>smeagol</name>
     <packaging>war</packaging>
 

resources/app/application.yml.tpl

@@ -8,3 +8,5 @@ scm:
 cas:
   url: https://{{ .Env.Get "FQDN" }}/cas
   serviceUrl: https://{{ .Env.Get "FQDN" }}
+errors:
+  url: https://{{ .Env.Get "FQDN" }}/errors/

src/main/java/com/cloudogu/smeagol/CustomErrorController.java

@@ -1,16 +1,55 @@
 package com.cloudogu.smeagol;
 
+import com.cloudogu.smeagol.authc.infrastructure.NginxErrorPageNotFoundException;
 import jakarta.servlet.RequestDispatcher;
 import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
 
 
 @Controller
 public class CustomErrorController implements ErrorController {
 
+    public static class HttpClientHelper {
+        public HttpURLConnection createConnection(String urlString) throws IOException, URISyntaxException {
+            final URL url = new URI(urlString).toURL();
+            return (HttpURLConnection) url.openConnection();
+        }
+    }
+
+    private final String errorsUrl;
+    private final HttpClientHelper helper;
+
+    CustomErrorController() {
+        this("");
+    }
+
+    @Autowired
+    public CustomErrorController(
+        @Value("${errors.url}") String errorsUrl
+    ) {
+        this(errorsUrl, new HttpClientHelper());
+    }
+
+    CustomErrorController(
+        String errorsUrl,
+        HttpClientHelper helper
+    ) {
+        this.errorsUrl = errorsUrl;
+        this.helper = helper;
+    }
+
     /**
      * Mapping for errors which are not properly handled with in the application
      */
@@ -30,48 +69,34 @@ public String handleError(HttpServletRequest request) {
             if (message != null) {
                 errorMessage = message.toString();
             }
-            return renderErrorTemplate(statusCode, reasonPhrase, errorMessage, request.getContextPath());
+            return renderErrorTemplate(statusCode, reasonPhrase, errorMessage);
         }
         return "";
     }
 
-    public String getErrorPath() {
-        return "/error";
-    }
-
     @SuppressWarnings("squid:S1192") // sonar issue not relevant for this template
-    private String renderErrorTemplate(int statusCode, String reasonPhrase, String message, String contextPath) {
-        return String.format("<html>\n" +
-                "<head>\n" +
-                "    <meta charset='utf-8'>\n" +
-                "    <title>Error</title>\n" +
-                "    <meta name='viewport' content='width=device-width, initial-scale=1'>\n" +
-                "    <meta http-equiv='X-UA-Compatible' content='IE=edge' />\n" +
-                "    <link rel='stylesheet' href='%4$s/static/error/errors.css'>\n" +
-                "    <!-- favicons -->\n" +
-                "    <link rel='icon' type='image/png' href='%4$s/favicon-64px.png' sizes='64x64' />\n" +
-                "    <link rel='icon' type='image/png' href='%4$s/favicon-32px.png' sizes='32x32' />\n" +
-                "    <link rel='icon' type='image/png' href='%4$s/favicon-16px.png' sizes='16x16' />\n" +
-                "</head>\n" +
-                "<body>\n" +
-                "    <div class='logo'>\n" +
-                "        <img src='%4$s/static/logo-white.png'>\n" +
-                "    </div>\n" +
-                "    <div class='message'>\n" +
-                "        <div class='code'>\n" +
-                "            %1$s\n" +
-                "        </div>\n" +
-                "        <div class='description'>\n" +
-                "            %2$s\n" +
-                "        </div>\n" +
-                "        <div class='error'>\n" +
-                "            %3$s\n " +
-                "        </div>\n" +
-                "    </div>\n" +
-                "    <div class='background'>\n" +
-                "        <img src='%4$s/static/clockwork.png'>\n" +
-                "    </div>\n" +
-                "</body>\n" +
-                "</html>", statusCode, reasonPhrase, message, contextPath);
+    private String renderErrorTemplate(int statusCode, String reasonPhrase, String message) {
+        final String urlString = errorsUrl + statusCode + ".html";
+
+        try {
+            final HttpURLConnection connection = this.helper.createConnection(urlString);
+            connection.setRequestMethod("GET");
+            connection.setConnectTimeout(5000);
+            connection.setReadTimeout(5000);
+
+            final int responseCode = connection.getResponseCode();
+            if (responseCode == 200) {
+                try (BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()))) {
+                    final StringBuilder response = new StringBuilder();
+                    String line;
+                    while ((line = reader.readLine()) != null) {
+                        response.append(line).append("\n");
+                    }
+                    return response.toString();
+                }
+            } else throw new NginxErrorPageNotFoundException();
+        } catch (IOException | URISyntaxException | NginxErrorPageNotFoundException e) {
+            return "<html><body><h1>Error " + statusCode + "</h1><p>" + reasonPhrase + "</p><p>" + message + "</p></body></html>";
+        }
     }
 }

src/main/java/com/cloudogu/smeagol/authc/infrastructure/CESCas30ProxyReceivingTicketValidationFilter.java

@@ -0,0 +1,41 @@
+package com.cloudogu.smeagol.authc.infrastructure;
+
+import com.cloudogu.smeagol.ScmHttpClient;
+import jakarta.servlet.*;
+import org.apereo.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+
+public class CESCas30ProxyReceivingTicketValidationFilter implements Filter {
+    private static final Logger LOG = LoggerFactory.getLogger(CESCas30ProxyReceivingTicketValidationFilter.class);
+    private final Cas30ProxyReceivingTicketValidationFilter original;
+
+    public CESCas30ProxyReceivingTicketValidationFilter() {
+        super();
+        this.original = new CasFilterWithRedirect();
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        this.original.init(filterConfig);
+        this.original.setExceptionOnValidationFailure(false);
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        try {
+            this.original.doFilter(servletRequest, servletResponse, filterChain);
+        }
+        catch (TicketEmptyException e){
+            // Ignore that exception. The exception is just thrown to prevent normal filter flow after the redirect is called
+            LOG.debug("A user has used an invalid cas service ticket which was removed from url.");
+        }
+    }
+
+    @Override
+    public void destroy() {
+        this.original.destroy();
+    }
+}

src/main/java/com/cloudogu/smeagol/authc/infrastructure/CasFilterWithRedirect.java

@@ -0,0 +1,36 @@
+package com.cloudogu.smeagol.authc.infrastructure;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apereo.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.stream.Collectors;
+
+public class CasFilterWithRedirect extends Cas30ProxyReceivingTicketValidationFilter {
+    public CasFilterWithRedirect() {
+        super();
+    }
+
+    @Override
+    protected void onFailedValidation(HttpServletRequest request, HttpServletResponse response) {
+        try {
+            final String requestUrl = request.getRequestURL().toString();
+            final String queryString = request.getQueryString();
+
+            String newQuery = "";
+            if (queryString != null) {
+                newQuery = Arrays.stream(queryString.split("&"))
+                    .filter(param -> !param.startsWith("ticket="))
+                    .collect(Collectors.joining("&"));
+            }
+
+            final String newUrl = requestUrl + (newQuery.isEmpty() ? "" : "?" + newQuery);
+            response.sendRedirect(newUrl);
+            throw new TicketEmptyException();
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}

src/main/java/com/cloudogu/smeagol/authc/infrastructure/CasInfrastructureRegistration.java

@@ -7,7 +7,6 @@
 import org.apereo.cas.client.session.SingleSignOutFilter;
 import org.apereo.cas.client.session.SingleSignOutHttpSessionListener;
 import org.apereo.cas.client.util.HttpServletRequestWrapperFilter;
-import org.apereo.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -28,7 +27,7 @@ public class CasInfrastructureRegistration {
 
     private static final Logger LOG = LoggerFactory.getLogger(CasInfrastructureRegistration.class);
 
-    private Map<String,String> casSettings;
+    private Map<String, String> casSettings;
 
     @Autowired
     public CasInfrastructureRegistration(CasConfiguration configuration, Stage stage) {
@@ -69,7 +68,7 @@ public FilterRegistrationBean singleSignOutFilter() {
      */
     @Bean
     public FilterRegistrationBean proxyReceivingTicketValidationFilter() {
-        return casFilterRegistration(new Cas30ProxyReceivingTicketValidationFilter(), 1);
+        return casFilterRegistration(new CESCas30ProxyReceivingTicketValidationFilter(), 1);
     }
 
     /**
@@ -93,7 +92,7 @@ public FilterRegistrationBean requestWrapperFilter() {
         return casFilterRegistration(new HttpServletRequestWrapperFilter(), 3);
     }
 
-    private FilterRegistrationBean casFilterRegistration(Filter filter, int order){
+    private FilterRegistrationBean casFilterRegistration(Filter filter, int order) {
         FilterRegistrationBean registration = new FilterRegistrationBean();
         registration.setInitParameters(casSettings);
         registration.setFilter(filter);

src/main/java/com/cloudogu/smeagol/authc/infrastructure/NginxErrorPageNotFoundException.java

@@ -0,0 +1,4 @@
+package com.cloudogu.smeagol.authc.infrastructure;
+
+public class NginxErrorPageNotFoundException extends Exception{
+}

src/main/java/com/cloudogu/smeagol/authc/infrastructure/TicketEmptyException.java

@@ -0,0 +1,4 @@
+package com.cloudogu.smeagol.authc.infrastructure;
+
+public class TicketEmptyException extends RuntimeException{
+}

src/main/resources/application.yml

@@ -17,6 +17,8 @@ ui:
 scm:
   url: https://192.168.56.2/scm
 
+errors:
+  url: https://192.168.56.2/errors/
 
 cas:
   url: https://192.168.56.2/cas

src/test/java/com/cloudogu/smeagol/CustomErrorControllerTest.java

@@ -11,12 +11,21 @@
 import org.mockito.Spy;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.http.HttpStatus;
-import static org.mockito.Mockito.doReturn;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URISyntaxException;
+
+import static org.mockito.Mockito.*;
 import static org.mockito.MockitoAnnotations.openMocks;
 
 @RunWith(MockitoJUnitRunner.class)
 public class CustomErrorControllerTest {
 
+    @Mock
+    private CustomErrorController.HttpClientHelper httpClientHelper;
+
     @Spy
     private CustomErrorController customErrorController;
 
@@ -28,64 +37,99 @@ public class CustomErrorControllerTest {
     @Before
     public void init() {
         openMocks(this);
+        customErrorController = new CustomErrorController("http://errors.example.com/", httpClientHelper);
     }
 
     @Test
-    public void testErrorPageHandling_BAD_REQUEST() {
-        HttpStatus expectedError = HttpStatus.BAD_REQUEST;
+    public void testErrorPageHandling_fetchSuccess_BAD_REQUEST() throws IOException, URISyntaxException {
+        HttpURLConnection mockConnection = mock(HttpURLConnection.class);
+        when(this.httpClientHelper.createConnection(anyString())).thenReturn(mockConnection);
+        when(mockConnection.getResponseCode()).thenReturn(200);
+        when(mockConnection.getInputStream()).thenReturn(new ByteArrayInputStream("Mocked Response".getBytes()));
 
         doReturn(HttpStatus.BAD_REQUEST.value()).when(requestMock)
-                .getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
+            .getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
 
         Object errorMessage = "SOMETHING THAT PRODUCED A 400 ERROR";
         doReturn(errorMessage).when(requestMock)
-                .getAttribute(RequestDispatcher.ERROR_MESSAGE);
+            .getAttribute(RequestDispatcher.ERROR_MESSAGE);
+
+        String responseTemplate = customErrorController.handleError(requestMock);
+
+        Assert.assertThat(responseTemplate, CoreMatchers.containsString("Mocked Response"));
+    }
+
+    @Test
+    public void testErrorPageHandling_fetchFail_BAD_REQUEST() throws IOException, URISyntaxException {
+        HttpURLConnection mockConnection = mock(HttpURLConnection.class);
+        when(this.httpClientHelper.createConnection(anyString())).thenReturn(mockConnection);
+        when(mockConnection.getResponseCode()).thenReturn(404);
+
+        HttpStatus expectedError = HttpStatus.BAD_REQUEST;
+
+        doReturn(HttpStatus.BAD_REQUEST.value()).when(requestMock)
+            .getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
 
-        doReturn(mockedContextPath).when(requestMock)
-                .getContextPath();
+        Object errorMessage = "SOMETHING THAT PRODUCED A 400 ERROR";
+        doReturn(errorMessage).when(requestMock)
+            .getAttribute(RequestDispatcher.ERROR_MESSAGE);
 
         String responseTemplate = customErrorController.handleError(requestMock);
 
-        //check for HTTP status code (400), reasonPhrase(Bad Gateway) and error message (errorMessage)
         Assert.assertThat(responseTemplate, CoreMatchers.containsString(Integer.toString(expectedError.value())));
         Assert.assertThat(responseTemplate, CoreMatchers.containsString(expectedError.getReasonPhrase()));
         Assert.assertThat(responseTemplate, CoreMatchers.containsString(errorMessage.toString()));
-        //check for correct resource path (should be /static see ProductionDispatcher)
-        Assert.assertThat(responseTemplate, CoreMatchers.containsString(mockedContextPath + "/static/clockwork.png"));
-        Assert.assertThat(responseTemplate, CoreMatchers.containsString(mockedContextPath + "/static/logo-white.png"));
     }
 
     @Test
-    public void testErrorPageHandling_INTERNAL_SERVER_ERROR() {
+    public void testErrorPageHandling_fetchSuccess_INTERNAL_SERVER_ERROR() throws IOException, URISyntaxException {
+        HttpURLConnection mockConnection = mock(HttpURLConnection.class);
+        when(this.httpClientHelper.createConnection(anyString())).thenReturn(mockConnection);
+        when(mockConnection.getResponseCode()).thenReturn(200);
+        when(mockConnection.getInputStream()).thenReturn(new ByteArrayInputStream("Mocked Response".getBytes()));
+
         HttpStatus expectedError = HttpStatus.INTERNAL_SERVER_ERROR;
 
         doReturn(HttpStatus.INTERNAL_SERVER_ERROR.value()).when(requestMock)
-                .getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
+            .getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
 
         Object errorMessage = "SOMETHING THAT PRODUCED A 500 ERROR";
         doReturn(errorMessage).when(requestMock)
-                .getAttribute(RequestDispatcher.ERROR_MESSAGE);
+            .getAttribute(RequestDispatcher.ERROR_MESSAGE);
+
+        String responseTemplate = customErrorController.handleError(requestMock);
+
+        Assert.assertThat(responseTemplate, CoreMatchers.containsString("Mocked Response"));
+    }
 
-        doReturn(mockedContextPath).when(requestMock)
-                .getContextPath();
+    @Test
+    public void testErrorPageHandling_fetchFail_INTERNAL_SERVER_ERROR() throws IOException, URISyntaxException {
+        HttpURLConnection mockConnection = mock(HttpURLConnection.class);
+        when(this.httpClientHelper.createConnection(anyString())).thenReturn(mockConnection);
+        when(mockConnection.getResponseCode()).thenReturn(404);
+
+        HttpStatus expectedError = HttpStatus.INTERNAL_SERVER_ERROR;
+
+        doReturn(HttpStatus.INTERNAL_SERVER_ERROR.value()).when(requestMock)
+            .getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
+
+        Object errorMessage = "SOMETHING THAT PRODUCED A 500 ERROR";
+        doReturn(errorMessage).when(requestMock)
+            .getAttribute(RequestDispatcher.ERROR_MESSAGE);
 
         String responseTemplate = customErrorController.handleError(requestMock);
 
-        //check for HTTP status code (500), reasonPhrase(Internal Server Error) and error message (errorMessage)
         Assert.assertThat(responseTemplate, CoreMatchers.containsString(Integer.toString(expectedError.value())));
         Assert.assertThat(responseTemplate, CoreMatchers.containsString(expectedError.getReasonPhrase()));
         Assert.assertThat(responseTemplate, CoreMatchers.containsString(errorMessage.toString()));
-        //check for correct resource path (should be /static see ProductionDispatcher)
-        Assert.assertThat(responseTemplate, CoreMatchers.containsString(mockedContextPath + "/static/clockwork.png"));
-        Assert.assertThat(responseTemplate, CoreMatchers.containsString(mockedContextPath + "/static/logo-white.png"));
     }
 
     @Test
 
     public void testErrorPageHandling_Status_Undefined() {
 
         doReturn(null).when(requestMock)
-                .getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
+            .getAttribute(RequestDispatcher.ERROR_STATUS_CODE);
 
         String responseTemplate = customErrorController.handleError(requestMock);
 

src/test/java/com/cloudogu/smeagol/authc/infrastructure/CESCas30ProxyReceivingTicketValidationFilterTest.java

@@ -0,0 +1,92 @@
+package com.cloudogu.smeagol.authc.infrastructure;
+
+import jakarta.servlet.*;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apereo.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+
+public class CESCas30ProxyReceivingTicketValidationFilterTest {
+
+    @Test
+    public void testInit() {
+        CESCas30ProxyReceivingTicketValidationFilter filter = new CESCas30ProxyReceivingTicketValidationFilter();
+
+        FilterConfig mockFilterConfig = Mockito.mock(FilterConfig.class);
+        Cas30ProxyReceivingTicketValidationFilter mockValidationFilter = Mockito.mock(Cas30ProxyReceivingTicketValidationFilter.class);
+
+        try {
+            Field field = CESCas30ProxyReceivingTicketValidationFilter.class.getDeclaredField("original");
+            field.setAccessible(true);
+            field.set(filter, mockValidationFilter);
+
+            ArgumentCaptor<Boolean> captor = ArgumentCaptor.forClass(Boolean.class);
+
+            filter.init(mockFilterConfig);
+
+            Mockito.verify(mockValidationFilter).setExceptionOnValidationFailure(captor.capture());
+
+            Assert.assertFalse(captor.getValue());
+        } catch (ServletException | NoSuchFieldException | IllegalAccessException e) {
+            Assert.fail("Unexcpected ServletException: " + e.getMessage());
+        }
+    }
+
+    @Test
+    public void testDoFilter() {
+        CESCas30ProxyReceivingTicketValidationFilter filter = new CESCas30ProxyReceivingTicketValidationFilter();
+
+        Cas30ProxyReceivingTicketValidationFilter mockValidationFilter = Mockito.mock(Cas30ProxyReceivingTicketValidationFilter.class);
+
+        HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
+        HttpServletResponse mockResp = Mockito.mock(HttpServletResponse.class);
+        FilterChain mockFilterChain = Mockito.mock(FilterChain.class);
+
+        try {
+            Field field = CESCas30ProxyReceivingTicketValidationFilter.class.getDeclaredField("original");
+            field.setAccessible(true);
+            field.set(filter, mockValidationFilter);
+            filter.doFilter(mockReq, mockResp, mockFilterChain);
+
+            // Test if parameters are passed to the super class
+            Mockito.verify(mockValidationFilter).doFilter(mockReq, mockResp, mockFilterChain);
+
+            Mockito.doThrow(new TicketEmptyException()).when(mockValidationFilter).doFilter(mockReq, mockResp, mockFilterChain);
+
+            try {
+                filter.doFilter(mockReq, mockResp, mockFilterChain);
+            } catch (TicketEmptyException e) {
+                Assert.fail("This exception should be swallowed by CESCas30ProxyReceivingTicketValidationFilter: " + e.getMessage());
+            }
+        } catch (ServletException | NoSuchFieldException | IllegalAccessException | IOException e) {
+            Assert.fail("Unexcpected ServletException: " + e.getMessage());
+        }
+    }
+
+    @Test
+    public void testDoDestroy() {
+        CESCas30ProxyReceivingTicketValidationFilter filter = new CESCas30ProxyReceivingTicketValidationFilter();
+
+        Cas30ProxyReceivingTicketValidationFilter mockValidationFilter = Mockito.mock(Cas30ProxyReceivingTicketValidationFilter.class);
+
+        try {
+            Field field = CESCas30ProxyReceivingTicketValidationFilter.class.getDeclaredField("original");
+            field.setAccessible(true);
+            field.set(filter, mockValidationFilter);
+
+            filter.destroy();
+
+            Mockito.verify(mockValidationFilter).destroy();
+
+        } catch (NoSuchFieldException | IllegalAccessException e) {
+            Assert.fail("Unexcpected ServletException: " + e.getMessage());
+        }
+    }
+
+}

src/test/java/com/cloudogu/smeagol/authc/infrastructure/CasFilterWithRedirectTest.java

@@ -0,0 +1,47 @@
+package com.cloudogu.smeagol.authc.infrastructure;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+
+import java.io.IOException;
+
+public class CasFilterWithRedirectTest {
+
+    @Test
+    public void testOnFailedValidation() throws IOException {
+        CasFilterWithRedirect filter = new CasFilterWithRedirect();
+
+        HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
+        HttpServletResponse mockResp = Mockito.mock(HttpServletResponse.class);
+
+        Mockito.when(mockReq.getRequestURL()).thenReturn(new StringBuffer("https://invalidurl/validation/"));
+        Mockito.when(mockReq.getQueryString()).thenReturn("hallo=welt&ticket=12345&lorem=ipsum");
+
+        ArgumentCaptor<String> captor = ArgumentCaptor.forClass(String.class);
+
+        try {
+            filter.onFailedValidation(mockReq, mockResp);
+            Assert.fail("Should have thrown exception");
+        } catch (TicketEmptyException e) {
+            Mockito.verify(mockResp).sendRedirect(captor.capture());
+            Assert.assertEquals(captor.getValue(), "https://invalidurl/validation/?hallo=welt&lorem=ipsum");
+        }
+
+        Mockito.doThrow((new IOException())).when(mockResp).sendRedirect(Mockito.any());
+        try {
+            filter.onFailedValidation(mockReq, mockResp);
+            Assert.fail("Should have thrown exception");
+        } catch (RuntimeException e) {
+            // this exception should be normal
+        }
+
+
+    }
+
+
+}