PR Review suggestions #3480

- improved documentation
- added missing totp unit test to test default values
- added tests for all web scan exampel json files to make sure they are valid

sechub-commons-model/src/main/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfiguration.java

@@ -14,9 +14,9 @@ public class WebLoginTOTPConfiguration {
     public static final String PROPERTY_TOKEN_LENGTH = "tokenLength";
     public static final String PROPERTY_HASH_ALGORITHM = "hashAlgorithm";
 
-    private static final int DEFAULT_VALIDITY_IN_SECONDS = 30;
-    private static final int DEFAULT_TOKEN_LENGTH = 6;
-    private static final TOTPHashAlgorithm DEFAULT_HASH_ALGORITHM = TOTPHashAlgorithm.HMAC_SHA1;
+    public static final int DEFAULT_VALIDITY_IN_SECONDS = 30;
+    public static final int DEFAULT_TOKEN_LENGTH = 6;
+    public static final TOTPHashAlgorithm DEFAULT_HASH_ALGORITHM = TOTPHashAlgorithm.HMAC_SHA1;
 
     private SealedObject seed;
     private int validityInSeconds;

sechub-commons-model/src/test/java/com/mercedesbenz/sechub/commons/model/login/WebLoginTOTPConfigurationTest.java

@@ -9,6 +9,18 @@
 
 class WebLoginTOTPConfigurationTest {
 
+    @Test
+    void default_values_are_as_expected() {
+        /* execute */
+        WebLoginTOTPConfiguration defaultConfig = new WebLoginTOTPConfiguration();
+
+        /* test */
+        assertEquals(null, defaultConfig.getSeed());
+        assertEquals(WebLoginTOTPConfiguration.DEFAULT_VALIDITY_IN_SECONDS, defaultConfig.getValidityInSeconds());
+        assertEquals(WebLoginTOTPConfiguration.DEFAULT_TOKEN_LENGTH, defaultConfig.getTokenLength());
+        assertEquals(WebLoginTOTPConfiguration.DEFAULT_HASH_ALGORITHM, defaultConfig.getHashAlgorithm());
+    }
+
     @Test
     void default_values_are_used_correctly_during_json_serialization_and_deserialization() {
         /* prepare */

sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config.adoc

@@ -304,7 +304,7 @@ WARNING: `username` and `password` are like input but {sechub} tries
 The TOTP configuration is generally never used without any other login mechanism. It is meant to be used as an additional authentication factor.
 In this example TOTP is used in combination with form based login, which is left out in the example for better readability.
 
-TIP: Most of the time it is enough to specify a `seed` for the TOTP configuration in SecHub.
+TIP: Most of the time it is enough to specify a `seed` for the TOTP configuration in {sechub}.
 The optional values `validityInSecods`, `tokenLength` and `hashAlgorithm` have defaults which will be used if nothing is specified.
 The defaults are well-known and any authentication provider or application should provide the optional data if it uses anything other than the defaults.
 
@@ -317,13 +317,13 @@ include::sechub_config_example21_webscan_login_form_with_totp.json[]
 It represents the secret key used to generate TOTP values.
 <3> The `validityInSecods` is an __optional__ field, which represents the maximum amount of seconds a TOTP is valid.
 This depends on the authentication provider or the application, providing the `seed` to the user.
-If no specific `validityInSecods` is provided do not configure this value and SecHub will use the default.
+If no specific `validityInSecods` is provided do not configure this value and {sechub} will use the default.
 <4> The `tokenLength` is an __optional__ field, which represents the length of the TOTP the authentication provider or the application expects.
 As before, this depends on the authentication provider or the application, providing the `seed` to the user.
-If no specific `tokenLength` is provided do not configure this value and SecHub will use the default.
-<5> The `hashAlgorithm` is an __optional__ field, which represents hash algorithm the authentication provider or the application uses during the computation of the TOTP.
+If no specific `tokenLength` is provided do not configure this value and {sechub} will use the default.
+<5> The `hashAlgorithm` is an __optional__ field, representing the hash algorithm, which is used by the authentication provider or the application during the computation of the TOTP.
 As before, this depends on the authentication provider or the application, providing the `seed` to the user.
-If no specific `hashAlgorithm` is provided do not configure this value and SecHub will use the default. +
+If no specific `hashAlgorithm` is provided do not configure this value and {sechub} will use the default. +
 The currently available hash algorithms are:
 - `HMAC_SHA1`
 - `HMAC_SHA256`

sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example16_webscan_client_certificate_with_openAPI.json

@@ -17,6 +17,7 @@
     "url" : "https://productfailure.demo.example.org",
     "api" : {
       "type" : "openApi",
+      "apiDefinitionUrl" : "https://productfailure.demo.example.org/api/v1/swagger/?format=openapi",
       "use" : [ "open-api-file-reference" ] //<3>
     },
     "clientCertificate" : {

sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example21_webscan_login_form_with_totp.json

@@ -4,11 +4,29 @@
     "url" : "https://productfailure.demo.example.org",
     "login" : {
       "url" : "https://productfailure.demo.example.org/login",
-      "form" : { ... },
-      "totp" : { //<1>
+      "form" : {
+        "script" : {
+          "pages" : [ {
+            "actions" : [ {
+              "type" : "username",
+              "selector" : "#example_login_userid",
+              "value" : "{{ .LOGIN_USER }}"
+            }, {
+              "type" : "password",
+              "selector" : "#example_login_pwd",
+              "value" : "{{ .LOGIN_PWD }}"
+            }, {
+              "type" : "click",
+              "selector" : "#next",
+              "description" : "Click to go to next page"
+            } ]
+          } ]
+        }
+      },
+      "totp" : { // <1>
         "seed" : "example-seed", //<2>
-        "validityInSecods" : "60", //<3>
-        "tokenLength" : "8", //<4>
+        "validityInSeconds" : 60, //<3>
+        "tokenLength" : 8, //<4>
         "hashAlgorithm" : "HMAC_SHA256" //<5>
       }
     }

sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example2_webscan_anonymous.json

@@ -19,10 +19,10 @@
       "en/contacts/<*>",
       "en/contacts",
       "en/contacts/"
-    ]
-  },
-  "maxScanDuration": { //<5>
-    "duration": 1,
-    "unit": "hour" //<6>
+    ],
+    "maxScanDuration": { //<5>
+      "duration": 1,
+      "unit": "hour" //<6>
+  }
   }
 }

sechub-doc/src/docs/asciidoc/documents/shared/configuration/sechub_config_example4_webscan_login_clientcertificate.json

@@ -10,7 +10,7 @@
     } ]
   },
   "webScan" : {
-    "url" : "https://my-app.com",
+    "url" : "https://productfailure.demo.example.org",
     "clientCertificate" : {
       "password" : "{{ .CERT_PASSWORD }}", //<2>
       "use" : [ "client-certificate-file-reference" ] //<3>

sechub-doc/src/test/java/com/mercedesbenz/sechub/ExampleFile.java

@@ -32,6 +32,15 @@ public enum ExampleFile {
 
     WEBSCAN_HEADER_SCAN("src/docs/asciidoc/documents/shared/configuration/sechub_config_example15_web_scan_header.json"),
 
+    WEBSCAN_HEADER_FROM_DATA_REFERENCE("src/docs/asciidoc/documents/shared/configuration/sechub_config_example17_web_scan_header_value_from_data_section.json"),
+
+    WEBSCAN_CLIENT_CERTIFICATE("src/docs/asciidoc/documents/shared/configuration/sechub_config_example4_webscan_login_clientcertificate.json"),
+
+    WEBSCAN_CLIENT_CERTIFICATE_WITH_OPENAPI(
+            "src/docs/asciidoc/documents/shared/configuration/sechub_config_example16_webscan_client_certificate_with_openAPI.json"),
+
+    WEBSCAN_FORM_BASED_SCRIPT_AUTH_WITH_TOTP("src/docs/asciidoc/documents/shared/configuration/sechub_config_example21_webscan_login_form_with_totp.json"),
+
     ;
 
     private String path;