F!!Oppgraderer til siste version av nav token support som inneholder fix for spring sårbarhet ref CWE-178

dskarpas · dskarpas · commit c0b00c279ebc · 2024-11-18T09:47:24.000+01:00
diff --git a/build.gradle b/build.gradle
@@ -5,7 +5,7 @@ buildscript {
 		springKafkaVersion = '3.2.4'
 		cxfVersion = '3.4.2'
 		jacksonModuleKotlinVersion = '2.18.1'
-		tokenSupportVersion = '4.1.4'
+		tokenSupportVersion = '5.0.11'
 	}
 }
 
diff --git a/src/main/kotlin/no/nav/eessi/pensjon/config/PDLConfiguration.kt b/src/main/kotlin/no/nav/eessi/pensjon/config/PDLConfiguration.kt
@@ -22,7 +22,7 @@ class PDLConfiguration(
     override fun callBack(): PdlToken {
         val clientProperties =  Optional.ofNullable(clientConfigurationProperties.registration["pdl-credentials"]).orElseThrow { RuntimeException("could not find oauth2 client config for pdl-credentials") }
         val response = oAuth2AccessTokenService.getAccessToken(clientProperties)
-        val token = response.accessToken!!
+        val token = response.access_token!!
         return PdlTokenImp(token)
     }
 
diff --git a/src/main/kotlin/no/nav/eessi/pensjon/config/RestTemplateConfig.kt b/src/main/kotlin/no/nav/eessi/pensjon/config/RestTemplateConfig.kt
@@ -135,7 +135,7 @@ class RestTemplateConfig(
     ): ClientHttpRequestInterceptor {
         return ClientHttpRequestInterceptor { request: HttpRequest, body: ByteArray?, execution: ClientHttpRequestExecution ->
             val response = oAuth2AccessTokenService.getAccessToken(clientProperties)
-            request.headers.setBearerAuth(response.accessToken!!)
+            request.headers.setBearerAuth(response.access_token!!)
             /*
             val tokenChunks = response.accessToken.split(".")
             val tokenBody =  tokenChunks[1]

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ buildscript {`
`5`	`5`	`springKafkaVersion = '3.2.4'`
`6`	`6`	`cxfVersion = '3.4.2'`
`7`	`7`	`jacksonModuleKotlinVersion = '2.18.1'`
`8`		`- tokenSupportVersion = '4.1.4'`
	`8`	`+ tokenSupportVersion = '5.0.11'`
`9`	`9`	`}`
`10`	`10`	`}`
`11`	`11`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ class PDLConfiguration(`
`22`	`22`	`override fun callBack(): PdlToken {`
`23`	`23`	`val clientProperties = Optional.ofNullable(clientConfigurationProperties.registration["pdl-credentials"]).orElseThrow { RuntimeException("could not find oauth2 client config for pdl-credentials") }`
`24`	`24`	`val response = oAuth2AccessTokenService.getAccessToken(clientProperties)`
`25`		`- val token = response.accessToken!!`
	`25`	`+ val token = response.access_token!!`
`26`	`26`	`return PdlTokenImp(token)`
`27`	`27`	`}`
`28`	`28`