fix build; support audit log for account profile page

.gitattributes

@@ -1,5 +1,5 @@
 # Set line endings to LF for scripts, even on Windows. Otherwise, execution within Docker images or CI on Windows bash fails.
-# See https://help.github.com/articles/dealing-with-line-endings
+# See https://docs.github.com/en/get-started/getting-started-with-git
 *.sh text eol=lf
 gradlew text eol=lf
 # match checkstyle lf enforcement, otherwise windows users get checkstyle errors on files that Git would convert

.github/workflows/test-ubuntu.yml

@@ -10,7 +10,7 @@ env:
   SONARCLOUD_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   JDK_CURRENT: 11
-  RETRY_MINUTES: 60
+  RETRY_MINUTES: 120
   CATEGORY_REGEX: ".*" # Use this to limit which tests run
 
 ##########################################################################

api/cas-server-core-api-audit/src/main/java/org/apereo/cas/audit/AuditTrailExecutionPlan.java

@@ -14,6 +14,10 @@
  * @since 5.3.0
  */
 public interface AuditTrailExecutionPlan {
+    /**
+     * Bean name.
+     */
+    String BEAN_NAME = "auditTrailExecutionPlan";
 
     /**
      * Register audit trail manager.

api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/support/pac4j/Pac4jDelegatedAuthenticationGitHubProperties.java

@@ -23,7 +23,7 @@ public class Pac4jDelegatedAuthenticationGitHubProperties extends Pac4jIdentifia
     /**
      * The requested scope from the provider.
      *  The default scope is {@code user}, i.e. {@code read/write} access to the GitHub user account.
-     *  For a full list of possible scopes, <a href="https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/">see this</a>).
+     *  For a full list of possible scopes, <a href="https://docs.github.com/en/developers/apps/building-oauth-apps">see this</a>).
      */
     private String scope;
 

ci/tests/puppeteer/scenarios/pm-account-profile/accounts.json

@@ -0,0 +1,10 @@
+{
+  "casuser" : {
+    "email" : "[email protected]",
+    "password" : "Mellon",
+    "phone": "1234567890",
+    "securityQuestions" : {
+      "Favorite Food" : "Salad"
+    }
+  }
+}

ci/tests/puppeteer/scenarios/pm-account-profile/script.js

@@ -0,0 +1,37 @@
+const puppeteer = require('puppeteer');
+const cas = require('../../cas.js');
+
+(async () => {
+    const browser = await puppeteer.launch(cas.browserOptions());
+
+    const page = await cas.newPage(browser);
+    await cas.goto(page, "https://localhost:8443/cas/login");
+    await cas.loginWith(page, "casuser", "Mellon");
+    await page.waitForTimeout(1000)
+    await cas.assertCookie(page);
+
+    await cas.goto(page, "https://localhost:8443/cas/account");
+    await page.waitForTimeout(1000)
+
+    await cas.click(page, "#linkOverview")
+    await page.waitForTimeout(1000)
+
+    await cas.click(page, "#linkAttributes")
+    await page.waitForTimeout(1000)
+
+    await cas.click(page, "#linkServices")
+    await page.waitForTimeout(1000)
+
+    await cas.click(page, "#linkSecurityQuestions")
+    await page.waitForTimeout(1000)
+    await cas.assertVisibility(page, "#securityQuestionsTable")
+
+    await cas.click(page, "#linkAuditLog")
+    await page.waitForTimeout(1000)
+
+    await cas.click(page, "#linkPasswordManagement")
+    await page.waitForTimeout(1000)
+    await cas.assertCookie(page, false);
+
+    await browser.close();
+})();

ci/tests/puppeteer/scenarios/pm-account-profile/script.json

@@ -0,0 +1,16 @@
+{
+  "dependencies": "audit-jdbc,pm-webflow",
+  "properties": [
+    "--CasFeatureModule.AccountManagement.enabled=true",
+
+    "--cas.audit.engine.enabled=true",
+
+    "--cas.server.name=https://localhost:8443",
+    "--cas.server.prefix=${cas.server.name}/cas",
+
+    "--cas.view.authorized-services-on-successful-login=true",
+    "--cas.service-registry.core.init-from-json=true",
+    "--cas.authn.pm.json.location=file:${PWD}/ci/tests/puppeteer/scenarios/${SCENARIO}/accounts.json",
+    "--cas.authn.pm.core.enabled=true"
+  ]
+}

ci/tests/puppeteer/scenarios/pm-invalid-password-reset/script.json

@@ -0,0 +1,11 @@
+{
+  "dependencies": "pm-webflow",
+  "properties": [
+    "--cas.audit.engine.enabled=false",
+    "--cas.server.name=https://localhost:8443",
+    "--cas.server.prefix=${cas.server.name}/cas",
+
+    "--cas.authn.pm.core.enabled=true",
+    "--cas.audit.engine.enabled=false"
+  ]
+}

ci/tests/puppeteer/scenarios/recaptcha-login-v2/script.js

@@ -7,9 +7,7 @@ const cas = require('../../cas.js');
     const page = await cas.newPage(browser);
     await cas.goto(page, "https://localhost:8443/cas/login");
     // await page.waitForTimeout(10000)
-
     await cas.assertVisibility(page, '#recaptchaV2Section')
-
     await cas.assertVisibility(page, '#g-recaptcha')
 
     await browser.close();

core/cas-server-core-audit-api/src/main/java/org/apereo/cas/audit/spi/plan/DefaultAuditTrailRecordResolutionPlan.java

@@ -1,6 +1,7 @@
 package org.apereo.cas.audit.spi.plan;
 
 import org.apereo.cas.audit.AuditTrailRecordResolutionPlan;
+import org.apereo.cas.util.spring.beans.BeanSupplier;
 
 import lombok.Getter;
 import org.apereo.inspektr.audit.spi.AuditActionResolver;
@@ -24,17 +25,23 @@ public class DefaultAuditTrailRecordResolutionPlan implements AuditTrailRecordRe
 
     @Override
     public void registerAuditResourceResolver(final String key, final AuditResourceResolver resolver) {
-        this.auditResourceResolvers.put(key, resolver);
+        if (BeanSupplier.isNotProxy(resolver)) {
+            this.auditResourceResolvers.put(key, resolver);
+        }
     }
 
     @Override
     public void registerAuditPrincipalResolver(final String key, final PrincipalResolver resolver) {
-        this.auditPrincipalResolvers.put(key, resolver);
+        if (BeanSupplier.isNotProxy(resolver)) {
+            this.auditPrincipalResolvers.put(key, resolver);
+        }
     }
 
     @Override
     public void registerAuditActionResolver(final String key, final AuditActionResolver resolver) {
-        this.auditActionResolvers.put(key, resolver);
+        if (BeanSupplier.isNotProxy(resolver)) {
+            this.auditActionResolvers.put(key, resolver);
+        }
     }
 
     @Override

core/cas-server-core-audit-api/src/main/java/org/apereo/cas/audit/spi/principal/ChainingAuditPrincipalIdProvider.java

@@ -2,13 +2,15 @@
 
 import org.apereo.cas.audit.AuditPrincipalIdProvider;
 import org.apereo.cas.authentication.Authentication;
+import org.apereo.cas.util.spring.beans.BeanSupplier;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 import lombok.val;
 import org.aspectj.lang.JoinPoint;
 
 import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * This is {@link ChainingAuditPrincipalIdProvider}.
@@ -27,7 +29,9 @@ public class ChainingAuditPrincipalIdProvider implements AuditPrincipalIdProvide
      * @param provider the provider
      */
     public void addProvider(final AuditPrincipalIdProvider provider) {
-        providers.add(provider);
+        if (BeanSupplier.isNotProxy(provider)) {
+            providers.add(provider);
+        }
     }
 
     /**
@@ -36,13 +40,15 @@ public void addProvider(final AuditPrincipalIdProvider provider) {
      * @param provider the provider
      */
     public void addProviders(final List<AuditPrincipalIdProvider> provider) {
-        providers.addAll(provider);
+        providers.addAll(provider.stream().filter(BeanSupplier::isNotProxy).collect(Collectors.toList()));
     }
 
     @Override
     public String getPrincipalIdFrom(final JoinPoint auditTarget, final Authentication authentication,
                                      final Object resultValue, final Exception exception) {
-        val result = providers.stream()
+        val result = providers
+            .stream()
+            .filter(BeanSupplier::isNotProxy)
             .filter(p -> p.supports(auditTarget, authentication, resultValue, exception))
             .findFirst()
             .orElseGet(DefaultAuditPrincipalIdProvider::new);
@@ -52,7 +58,9 @@ public String getPrincipalIdFrom(final JoinPoint auditTarget, final Authenticati
     @Override
     public boolean supports(final JoinPoint auditTarget, final Authentication authentication,
                             final Object resultValue, final Exception exception) {
-        return providers.stream().anyMatch(p -> p.supports(auditTarget, authentication, resultValue, exception));
+        return providers.stream()
+            .filter(BeanSupplier::isNotProxy)
+            .anyMatch(p -> p.supports(auditTarget, authentication, resultValue, exception));
     }
 
     @Override

core/cas-server-core-audit/src/main/java/org/apereo/cas/audit/spi/config/CasCoreAuditConfiguration.java

@@ -295,7 +295,7 @@ public AuditTrailManagementAspect auditTrailManagementAspect(
         @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
         protected AuditTrailManager filterAndDelegateAuditTrailManager(
             final ConfigurableApplicationContext applicationContext,
-            @Qualifier("auditTrailExecutionPlan")
+            @Qualifier(AuditTrailExecutionPlan.BEAN_NAME)
             final AuditTrailExecutionPlan auditTrailExecutionPlan,
             final CasConfigurationProperties casProperties) throws Exception {
             return BeanSupplier.of(AuditTrailManager.class)
@@ -463,7 +463,7 @@ public AuditTrailRecordResolutionPlanConfigurer casAuditActionResolversResolutio
     @EnableConfigurationProperties(CasConfigurationProperties.class)
     @AutoConfigureOrder(Ordered.LOWEST_PRECEDENCE)
     public static class CasCoreAuditExecutionPlanConfiguration {
-        @ConditionalOnMissingBean(name = "auditTrailExecutionPlan")
+        @ConditionalOnMissingBean(name = AuditTrailExecutionPlan.BEAN_NAME)
         @Bean
         @RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
         public AuditTrailExecutionPlan auditTrailExecutionPlan(final List<AuditTrailExecutionPlanConfigurer> configurers) {

core/cas-server-core-web/src/main/resources/cas_common_messages.properties

@@ -8,9 +8,11 @@ webjars.jquery.js=/webjars/jquery/${jqueryVersion}/jquery.min.js
 webjars.dataTables.js=/webjars/datatables/${datatablesVersion}/js/jquery.dataTables.min.js
 
 webjars.zxcvbn.js=/webjars/zxcvbn/dist/zxcvbn.js
+webjars.highlight.js=/webjars/highlightjs/${highlightJsVersion}/highlight.min.js
 webjars.material-components.js=/webjars/material-components-web/${materialVersion}/dist/material-components-web.min.js
 webjars.bootstrap.js=/webjars/bootstrap/${bootstrapVersion}/js/bootstrap.min.js
 
+webjars.highlight.css=/webjars/highlightjs/${highlightJsVersion}/styles/agate.min.css
 webjars.material-components.css=/webjars/material-components-web/${materialVersion}/dist/material-components-web.min.css
 webjars.mdi-font.css=/webjars/mdi__font/${mdiFontVersion}/css/materialdesignicons.min.css
 webjars.normalize.css=/webjars/normalize.css/${normalizeVersion}/normalize.css

docs/cas-server-documentation/developer/Build-Process.md

@@ -31,7 +31,7 @@ git clone --recursive --depth=1 --single-branch --branch=master [email protected]:a
 # git fetch --unshallow
 ```
 
-For a successful clone, you will need to have [set up SSH keys](https://help.github.com/articles/working-with-ssh-key-passphrases/) for your account on Github.
+For a successful clone, you will need to have [set up SSH keys](https://docs.github.com/en/authentication) for your account on Github.
 If that is not an option, you may clone the CAS repository under `https` via `https://github.com/apereo/cas.git`.
 
 You may also need to update submodules linked to the CAS repository. Newer versions of Git will do this automatically, 

gradle.properties

@@ -279,7 +279,7 @@ springSessionMongoVersion=2.6.2
 ###############################
 # Amazon SDK versions
 ###############################
-amazonSdkVersion=2.17.164
+amazonSdkVersion=2.17.169
 ###############################
 # Azure CosmosDb versions
 ###############################
@@ -328,14 +328,14 @@ duoUniversalSdkVersion=1.1.3
 ###############################
 # Google Firebase versions
 ###############################
-googleApiClientVersion=1.33.4
+googleApiClientVersion=1.34.0
 firebaseAdminVersion=8.1.0
 ###############################
 # LDAP versions
 ###############################
 ldaptiveVersion=2.1.0
 unboundidVersion=6.0.4
-nettyVersion=4.1.75.Final
+nettyVersion=4.1.76.Final
 ###############################
 # SPNEGO versions
 ###############################
@@ -384,7 +384,7 @@ textMagicVersion=2.0.2456
 # JWT versions
 ###############################
 nimbusJoseVersion=9.21
-nimbusOidcVersion=9.32
+nimbusOidcVersion=9.33
 jose4jVersion=0.7.11
 ###############################
 # OKTA versions
@@ -430,6 +430,7 @@ ektorpVersion=1.5.0
 webjarLocatorVersion=0.50
 halVersion=1.1.0
 jqueryVersion=3.6.0
+highlightJsVersion=11.5.0
 zxcvbnVersion=4.4.2
 bootstrapVersion=5.1.3
 fontAwesomeVersion=6.1.0

gradle/dependencies.gradle

@@ -3747,8 +3747,8 @@ ext.libraries = [
                 },
                 dependencies.create("org.webjars:hal-explorer:$halVersion") {
                 },
-                dependencies.create("org.webjars:jquery:$jqueryVersion") {
-                },
+                dependencies.create("org.webjars:jquery:$jqueryVersion") { },
+                dependencies.create("org.webjars:highlightjs:$highlightJsVersion") { },
                 dependencies.create("org.webjars.bowergithub.dropbox:zxcvbn:$zxcvbnVersion") {
                 },
                 dependencies.create("org.webjars:bootstrap:$bootstrapVersion") {