Merge branch 'main' into ORG-818-adminpage-tkat

# Conflicts:
#	apps/frontend/src/pages/area/ProductAreaPage.tsx
#	apps/frontend/src/pages/cluster/ClusterPage.tsx

.github/workflows/deploy-docs.yaml

@@ -10,10 +10,15 @@ on:
 
 jobs:
   build-publish:
-    name: build-jar-docker
     permissions:
-      contents: write
+      pages: write
+      id-token: write
+      contents: read
+    name: build-jar-docker
     runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -37,11 +42,11 @@ jobs:
           mv docs/target/intern/index.html public/index-intern.html
           mv docs/target/ekstern/images/* public/images/.
           mv docs/target/intern/images/* public/images/.
-      - name: Deploy
-        if: success()
-        uses: crazy-max/ghaction-github-pages@v4
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v2
         with:
-          target_branch: gh-pages
-          build_dir: public
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          path: ./public
+      - name: Deploy to Github Pages
+        id: deployment
+        uses: actions/deploy-pages@v2
+

apps/backend/pom.xml

@@ -18,22 +18,22 @@
         <java.version>17</java.version>
 
         <springdoc.version>2.2.0</springdoc.version>
-        <hypersistence-utils-hibernate-62.version>3.5.2</hypersistence-utils-hibernate-62.version>
+        <hypersistence-utils-hibernate-62.version>3.5.3</hypersistence-utils-hibernate-62.version>
         <logstash-logback-encoder.version>7.4</logstash-logback-encoder.version>
 
         <docx4j.version>11.4.9</docx4j.version>
         <lucene.version>8.11.2</lucene.version>
-        <shedlock.version>5.7.0</shedlock.version>
+        <shedlock.version>5.8.0</shedlock.version>
         <commons-collections4.version>4.4</commons-collections4.version>
 
-        <microsoft-graph.version>5.70.0</microsoft-graph.version>
+        <microsoft-graph.version>5.73.0</microsoft-graph.version>
         <msal4j.version>1.13.10</msal4j.version>
 
         <postgresql.version>42.6.0</postgresql.version>
 
         <!-- transitive versions -->
         <commons-compress.version>1.24.0</commons-compress.version>
-        <commons-io.version>2.13.0</commons-io.version>
+        <commons-io.version>2.14.0</commons-io.version>
         <guava.version>32.1.2-jre</guava.version>
         <jna.version>5.13.0</jna.version>
         <jetbrains.annotation.version>24.0.1</jetbrains.annotation.version>
@@ -44,8 +44,8 @@
         <woodstox-core.version>6.5.1</woodstox-core.version>
 
         <!-- kafka -->
-        <confluent.version>7.5.0</confluent.version>
-        <avro.version>1.11.2</avro.version>
+        <confluent.version>7.5.1</confluent.version>
+        <avro.version>1.11.3</avro.version>
 
         <!-- Test -->
         <testcontainers.version>1.19.0</testcontainers.version>

apps/backend/src/main/java/no/nav/data/common/mail/EmailServiceImpl.java

@@ -14,15 +14,13 @@ public class EmailServiceImpl implements EmailService {
     public static final Logger logger = LogManager.getLogger(EmailServiceImpl.class);
 
     private final StorageService storage;
-    private final EmailProvider emailProvider;
     private final SecurityProperties securityProperties;
 
     private final EmailClient emailClient;
 
-    public EmailServiceImpl(StorageService storage, EmailProvider emailProvider,
-            SecurityProperties securityProperties, EmailClient emailClient) {
+    public EmailServiceImpl(StorageService storage, SecurityProperties securityProperties,
+                            EmailClient emailClient) {
         this.storage = storage;
-        this.emailProvider = emailProvider;
         this.securityProperties = securityProperties;
         this.emailClient = emailClient;
     }

apps/backend/src/main/java/no/nav/data/common/security/azure/AzureAdService.java

@@ -2,18 +2,13 @@
 
 import com.microsoft.graph.core.ClientException;
 import com.microsoft.graph.http.GraphServiceException;
-import com.microsoft.graph.models.UserSendMailParameterSet;
 import com.microsoft.graph.options.QueryOption;
 import com.microsoft.graph.requests.GraphServiceClient;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import no.nav.data.common.exceptions.TechnicalException;
 import no.nav.data.common.exceptions.TimeoutException;
-import no.nav.data.common.mail.EmailProvider;
-import no.nav.data.common.mail.MailTask;
-import no.nav.data.common.security.SecurityProperties;
 import no.nav.data.common.security.azure.support.GraphLogger;
-import no.nav.data.common.storage.StorageService;
 import okhttp3.Request;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StreamUtils;
@@ -23,42 +18,19 @@
 import java.util.List;
 
 import static no.nav.data.common.security.azure.AzureConstants.MICROSOFT_GRAPH_SCOPE_APP;
-import static no.nav.data.common.security.azure.support.MailMessage.compose;
 
 @Slf4j
 @Service
 @RequiredArgsConstructor
-public class AzureAdService implements EmailProvider {
+public class AzureAdService {
 
     private final AzureTokenProvider azureTokenProvider;
-    private final SecurityProperties securityProperties;
-    private final StorageService storage;
 
     public byte[] lookupProfilePictureByNavIdent(String navIdent) {
         String userId = lookupUserIdForNavIdent(navIdent);
         return lookupUserProfilePicture(userId);
     }
 
-    @Override
-    public void sendMail(MailTask mailTask) {
-        log.info("Sending mail {} to {}", mailTask.getSubject(), mailTask.getTo());
-        if (securityProperties.isDev()) {
-//        if (securityProperties.isDev() && !securityProperties.isDevEmailAllowed(mailTask.getTo())) {
-            // disable mail in dev for now due to trygdeetaten.no
-            log.info("skipping mail, not allowed in dev");
-        } else {
-            getMailGraphClient().me()
-                    .sendMail(UserSendMailParameterSet.newBuilder()
-                            .withMessage(compose(mailTask.getTo(), mailTask.getSubject(), mailTask.getBody()))
-                            .withSaveToSentItems(false)
-                            .build())
-                    .buildRequest()
-                    .post();
-        }
-
-        storage.save(mailTask.toMailLog());
-    }
-
     private String lookupUserIdForNavIdent(String navIdent) {
         var res = getAppGraphClient()
                 .users().buildRequest(List.of(new QueryOption("$filter", "mailNickname eq '" + navIdent + "'")))
@@ -91,10 +63,6 @@ private byte[] lookupUserProfilePicture(String id) {
         }
     }
 
-    private GraphServiceClient<Request> getMailGraphClient() {
-        return azureTokenProvider.getGraphClient(azureTokenProvider.getMailAccessToken());
-    }
-
     private GraphServiceClient<Request> getAppGraphClient() {
         return azureTokenProvider.getGraphClient(azureTokenProvider.getApplicationTokenForResource(MICROSOFT_GRAPH_SCOPE_APP));
     }

apps/backend/src/main/java/no/nav/data/common/security/azure/AzureConfig.java

@@ -2,7 +2,6 @@
 
 import com.microsoft.aad.msal4j.ClientCredentialFactory;
 import com.microsoft.aad.msal4j.ConfidentialClientApplication;
-import com.microsoft.aad.msal4j.PublicClientApplication;
 import com.nimbusds.jose.jwk.source.RemoteJWKSet;
 import com.nimbusds.jose.util.DefaultResourceRetriever;
 import com.nimbusds.jose.util.ResourceRetriever;
@@ -55,15 +54,6 @@ public ConfidentialClientApplication msalClient(AADAuthenticationProperties aadA
                 .build();
     }
 
-    @Bean
-    @SneakyThrows
-    public PublicClientApplication msalPublicClient(AADAuthenticationProperties aadAuthProps, OIDCProviderMetadata oidcProviderMetadata) {
-        return PublicClientApplication
-                .builder(aadAuthProps.getClientId())
-                .authority(oidcProviderMetadata.getAuthorizationEndpointURI().toString())
-                .build();
-    }
-
     @Bean
     public ThreadPoolExecutor msalThreadPool() {
         return MdcExecutor.newThreadPool(5, "msal");

apps/backend/src/main/java/no/nav/data/common/security/azure/AzureTokenProvider.java

@@ -7,10 +7,8 @@
 import com.microsoft.aad.msal4j.ClientCredentialParameters;
 import com.microsoft.aad.msal4j.IAuthenticationResult;
 import com.microsoft.aad.msal4j.IConfidentialClientApplication;
-import com.microsoft.aad.msal4j.PublicClientApplication;
 import com.microsoft.aad.msal4j.RefreshTokenParameters;
 import com.microsoft.aad.msal4j.ResponseMode;
-import com.microsoft.aad.msal4j.UserNamePasswordParameters;
 import com.microsoft.graph.requests.GraphServiceClient;
 import com.nimbusds.oauth2.sdk.pkce.CodeChallengeMethod;
 import io.prometheus.client.Summary;
@@ -54,7 +52,6 @@ public class AzureTokenProvider implements TokenProvider {
     private final Cache<String, IAuthenticationResult> accessTokenCache;
 
     private final IConfidentialClientApplication msalClient;
-    private final PublicClientApplication msalPublicClient;
     private final AuthService authService;
 
     private final AADAuthenticationProperties aadAuthProps;
@@ -63,11 +60,10 @@ public class AzureTokenProvider implements TokenProvider {
     private final Summary tokenMetrics;
 
     public AzureTokenProvider(AADAuthenticationProperties aadAuthProps,
-            IConfidentialClientApplication msalClient, PublicClientApplication msalPublicClient,
+            IConfidentialClientApplication msalClient,
             AuthService authService, Encryptor encryptor) {
         this.aadAuthProps = aadAuthProps;
         this.msalClient = msalClient;
-        this.msalPublicClient = msalPublicClient;
         this.authService = authService;
         this.encryptor = encryptor;
         this.tokenMetrics = MetricUtils.summary()
@@ -177,12 +173,6 @@ private String getAccessTokenForResource(String refreshToken, String resource) {
         return requireNonNull(accessTokenCache.get("refresh" + refreshToken + resource, cacheKey -> acquireTokenByRefreshToken(refreshToken, resource))).accessToken();
     }
 
-    public String getMailAccessToken() {
-        log.trace("Getting access token for mail");
-        return requireNonNull(accessTokenCache.get("mail", cacheKey -> acquireTokenForUser(Set.of("Mail.Send"), aadAuthProps.getMailUser(), aadAuthProps.getMailPassword())))
-                .accessToken();
-    }
-
     private IAuthenticationResult acquireTokenByRefreshToken(String refreshToken, String resource) {
         try (var ignored = tokenMetrics.labels("accessToken").startTimer()) {
             log.debug("Looking up access token for resource {}", resource);
@@ -192,18 +182,6 @@ private IAuthenticationResult acquireTokenByRefreshToken(String refreshToken, St
         }
     }
 
-    /**
-     * used for email user
-     */
-    private IAuthenticationResult acquireTokenForUser(Set<String> scopes, String username, String password) {
-        try {
-            log.debug("Looking up access token for user {}", username);
-            return msalPublicClient.acquireToken(UserNamePasswordParameters.builder(scopes, username, password.toCharArray()).build()).get();
-        } catch (Exception e) {
-            throw new TechnicalException("Failed to get access token for username " + username, e);
-        }
-    }
-
     /**
      * access token for app user
      */