From f51a739411000cb2b4556b055d972ea6ed02d1cb Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Mon, 16 Sep 2024 10:09:41 +0300 Subject: [PATCH 01/17] EPMRPP-94552 || Add scim related user disable check --- build.gradle | 2 +- .../reportportal/auth/basic/DatabaseUserDetailsService.java | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 2f1b966b..44325b7d 100644 --- a/build.gradle +++ b/build.gradle @@ -43,7 +43,7 @@ dependencies { api 'com.epam.reportportal:commons-dao' api 'com.epam.reportportal:commons' } else { - api 'com.github.reportportal:commons-dao:4f0bff6' + api 'com.github.reportportal:commons-dao:f277576' api 'com.github.reportportal:commons:50a1192' } diff --git a/src/main/java/com/epam/reportportal/auth/basic/DatabaseUserDetailsService.java b/src/main/java/com/epam/reportportal/auth/basic/DatabaseUserDetailsService.java index 3a0d858c..40706591 100644 --- a/src/main/java/com/epam/reportportal/auth/basic/DatabaseUserDetailsService.java +++ b/src/main/java/com/epam/reportportal/auth/basic/DatabaseUserDetailsService.java @@ -50,6 +50,7 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx .orElseThrow(() -> new UsernameNotFoundException("User not found")); UserDetails userDetails = org.springframework.security.core.userdetails.User.builder() + .disabled(!user.isEnabled()) .username(user.getUsername()) .password(user.getPassword() == null ? "" : user.getPassword()) .authorities(AuthUtils.AS_AUTHORITIES.apply(user.getUserRole())) From 33320b756d0d5b311de91d388ea1f433ac35dfed Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Mon, 16 Sep 2024 15:59:59 +0300 Subject: [PATCH 02/17] EPMRPP-94552 || Update dao version --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 44325b7d..9c46f0d5 100644 --- a/build.gradle +++ b/build.gradle @@ -43,7 +43,7 @@ dependencies { api 'com.epam.reportportal:commons-dao' api 'com.epam.reportportal:commons' } else { - api 'com.github.reportportal:commons-dao:f277576' + api 'com.github.reportportal:commons-dao:cce9625' api 'com.github.reportportal:commons:50a1192' } From 02a6fcf1ceaac9184a0c0d1787678bf3a1024914 Mon Sep 17 00:00:00 2001 From: Vadzim Hushchanskou Date: Thu, 19 Sep 2024 11:40:18 +0300 Subject: [PATCH 03/17] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7a9d4b15..a9cc552b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$BUILDPLATFORM gradle:8.10.0-jdk21-alpine AS build +FROM gradle:8.10.0-jdk21-alpine AS build ARG RELEASE_MODE ARG APP_VERSION WORKDIR /usr/app @@ -10,7 +10,7 @@ RUN if [ "${RELEASE_MODE}" = true ]; then \ else gradle build --no-build-cache --exclude-task test -Dorg.gradle.project.version=${APP_VERSION}; fi # For ARM build use flag: `--platform linux/arm64` -FROM --platform=$BUILDPLATFORM amazoncorretto:21.0.4 +FROM amazoncorretto:21.0.4 LABEL version=${APP_VERSION} description="EPAM ReportPortal. Auth Service" maintainer="Andrei Varabyeu , Hleb Kanonik " ARG APP_VERSION=${APP_VERSION} ENV APP_DIR=/usr/app From b327ee23898bf2a1619e5750e26923f2625ef648 Mon Sep 17 00:00:00 2001 From: Reingold Shekhtel <13565058+raikbitters@users.noreply.github.com> Date: Thu, 19 Sep 2024 13:16:18 +0200 Subject: [PATCH 04/17] Update Dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a9cc552b..690a3319 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gradle:8.10.0-jdk21-alpine AS build +FROM --platform=$BUILDPLATFORM gradle:8.10.0-jdk21-alpine AS build ARG RELEASE_MODE ARG APP_VERSION WORKDIR /usr/app @@ -9,7 +9,6 @@ RUN if [ "${RELEASE_MODE}" = true ]; then \ -Dorg.gradle.project.version=${APP_VERSION}; \ else gradle build --no-build-cache --exclude-task test -Dorg.gradle.project.version=${APP_VERSION}; fi -# For ARM build use flag: `--platform linux/arm64` FROM amazoncorretto:21.0.4 LABEL version=${APP_VERSION} description="EPAM ReportPortal. Auth Service" maintainer="Andrei Varabyeu , Hleb Kanonik " ARG APP_VERSION=${APP_VERSION} From 7e845085fa37588720cb6485f6cde43dbb100a98 Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Fri, 11 Oct 2024 15:17:53 +0300 Subject: [PATCH 05/17] EPMRPP-96070 || Add saml user uuid generation --- .../reportportal/auth/integration/saml/SamlUserReplicator.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java index ff9015aa..bc5a2a0a 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java @@ -43,6 +43,7 @@ import java.util.List; import java.util.Objects; import java.util.Optional; +import java.util.UUID; import java.util.stream.Collectors; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationEventPublisher; @@ -102,6 +103,7 @@ public User replicateUser(ReportPortalSamlAuthentication samlAuthentication) { User user = new User(); user.setLogin(userName); + user.setUuid(UUID.randomUUID()); List details = samlAuthentication.getDetails(); From 109880834ec07a8a7634283a0df33aec7f826764 Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Mon, 14 Oct 2024 12:11:09 +0300 Subject: [PATCH 06/17] EPMRPP-96070 || Add ldap user uuid generation --- .../reportportal/auth/integration/ldap/LdapUserReplicator.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java index b285e2f2..ad0ed4f9 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java @@ -34,6 +34,7 @@ import com.epam.ta.reportportal.util.PersonalProjectService; import java.util.Map; import java.util.Optional; +import java.util.UUID; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.ldap.core.DirContextOperations; @@ -103,6 +104,7 @@ private User createNewUser(DirContextOperations ctx, Map syncAtt String email, String login) { User newUser = new User(); newUser.setLogin(login); + newUser.setUuid(UUID.randomUUID()); String fullName = getFullName(ctx, syncAttributes); newUser.setFullName(fullName); From c81255d8ed77cfc3c661d1cc5e8227fe737f880c Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Mon, 14 Oct 2024 12:12:56 +0300 Subject: [PATCH 07/17] EPMRPP-96070 || Add github user uuid generation --- .../auth/integration/github/GitHubUserReplicator.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java index 68edee81..32144ce4 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java @@ -45,6 +45,7 @@ import java.util.Date; import java.util.Objects; import java.util.Optional; +import java.util.UUID; import org.apache.commons.lang3.StringUtils; import org.springframework.core.io.Resource; import org.springframework.http.ResponseEntity; @@ -144,6 +145,7 @@ private void updateUser(User user, UserResource userResource, GitHubClient gitHu private User createUser(UserResource userResource, GitHubClient gitHubClient) { User user = new User(); String login = normalizeId(userResource.getLogin()); + user.setUuid(UUID.randomUUID()); user.setLogin(login); updateUser(user, userResource, gitHubClient); user.setUserType(UserType.GITHUB); From d5041f4ba088cccedfdd52312bb895e176710ba0 Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Mon, 14 Oct 2024 18:27:24 +0300 Subject: [PATCH 08/17] EPMRPP-96070 || Provide uuid on user replication by default in db --- build.gradle | 2 +- .../auth/integration/github/GitHubUserReplicator.java | 1 - .../reportportal/auth/integration/ldap/LdapUserReplicator.java | 1 - .../reportportal/auth/integration/saml/SamlUserReplicator.java | 1 - 4 files changed, 1 insertion(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 9c46f0d5..3c4f11a2 100644 --- a/build.gradle +++ b/build.gradle @@ -43,7 +43,7 @@ dependencies { api 'com.epam.reportportal:commons-dao' api 'com.epam.reportportal:commons' } else { - api 'com.github.reportportal:commons-dao:cce9625' + api 'com.github.reportportal:commons-dao:174d57a' api 'com.github.reportportal:commons:50a1192' } diff --git a/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java index 32144ce4..7440d747 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java @@ -145,7 +145,6 @@ private void updateUser(User user, UserResource userResource, GitHubClient gitHu private User createUser(UserResource userResource, GitHubClient gitHubClient) { User user = new User(); String login = normalizeId(userResource.getLogin()); - user.setUuid(UUID.randomUUID()); user.setLogin(login); updateUser(user, userResource, gitHubClient); user.setUserType(UserType.GITHUB); diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java index ad0ed4f9..5ff1a8a6 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java @@ -104,7 +104,6 @@ private User createNewUser(DirContextOperations ctx, Map syncAtt String email, String login) { User newUser = new User(); newUser.setLogin(login); - newUser.setUuid(UUID.randomUUID()); String fullName = getFullName(ctx, syncAttributes); newUser.setFullName(fullName); diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java index bc5a2a0a..778ec8c0 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java @@ -103,7 +103,6 @@ public User replicateUser(ReportPortalSamlAuthentication samlAuthentication) { User user = new User(); user.setLogin(userName); - user.setUuid(UUID.randomUUID()); List details = samlAuthentication.getDetails(); From 476d9f02d4abdcb233c56055f039b8ecad845140 Mon Sep 17 00:00:00 2001 From: PeeAyBee Date: Tue, 15 Oct 2024 12:06:27 +0300 Subject: [PATCH 09/17] EPMRPP-96070 || Update build.gradle --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3c4f11a2..ca7f407f 100644 --- a/build.gradle +++ b/build.gradle @@ -43,7 +43,7 @@ dependencies { api 'com.epam.reportportal:commons-dao' api 'com.epam.reportportal:commons' } else { - api 'com.github.reportportal:commons-dao:174d57a' + api 'com.github.reportportal:commons-dao:develop-SNAPSHOT' api 'com.github.reportportal:commons:50a1192' } From ea0fbac02d32d43a4563789ab897ce7f06e063e2 Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Tue, 15 Oct 2024 12:46:03 +0300 Subject: [PATCH 10/17] EPMRPP-96070 || Update build.gradle --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index ca7f407f..bd5c7f4a 100644 --- a/build.gradle +++ b/build.gradle @@ -44,7 +44,7 @@ dependencies { api 'com.epam.reportportal:commons' } else { api 'com.github.reportportal:commons-dao:develop-SNAPSHOT' - api 'com.github.reportportal:commons:50a1192' + api 'com.github.reportportal:commons:develop-SNAPSHOT' } //Fix CVE-2021-41079, CVE-2022-23181, CVE-2021-33037, CVE-2021-30640, CVE-2022-42252, CVE-2023-46589, CVE-2024-24549 From 8aef132f199eafa103630b6f3e8076b41e4a430e Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Wed, 16 Oct 2024 15:59:46 +0300 Subject: [PATCH 11/17] EPMRPP-96070 || Add default fields to user builder --- .../github/GitHubUserReplicator.java | 6 +++-- .../integration/ldap/LdapUserReplicator.java | 24 ++++++++++--------- .../integration/saml/SamlUserReplicator.java | 2 ++ 3 files changed, 19 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java index 7440d747..c98aac67 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java @@ -144,8 +144,10 @@ private void updateUser(User user, UserResource userResource, GitHubClient gitHu private User createUser(UserResource userResource, GitHubClient gitHubClient) { User user = new User(); - String login = normalizeId(userResource.getLogin()); - user.setLogin(login); + user.setLogin(normalizeId(userResource.getLogin())); + user.setUuid(UUID.randomUUID()); + user.setActive(Boolean.TRUE); + updateUser(user, userResource, gitHubClient); user.setUserType(UserType.GITHUB); user.setRole(UserRole.USER); diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java index 5ff1a8a6..d41190f5 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java @@ -102,23 +102,25 @@ private String validateEmail(String email) { private User createNewUser(DirContextOperations ctx, Map syncAttributes, String email, String login) { - User newUser = new User(); - newUser.setLogin(login); + User user = new User(); + user.setLogin(login); + user.setUuid(UUID.randomUUID()); + user.setActive(Boolean.TRUE); String fullName = getFullName(ctx, syncAttributes); - newUser.setFullName(fullName); + user.setFullName(fullName); checkEmail(email); - newUser.setEmail(email); - newUser.setMetadata(defaultMetaData()); - newUser.setUserType(UserType.LDAP); - newUser.setRole(UserRole.USER); - newUser.setExpired(false); + user.setEmail(email); + user.setMetadata(defaultMetaData()); + user.setUserType(UserType.LDAP); + user.setRole(UserRole.USER); + user.setExpired(false); - final Project project = generatePersonalProject(newUser); - newUser.getProjects().add(project.getUsers().iterator().next()); + final Project project = generatePersonalProject(user); + user.getProjects().add(project.getUsers().iterator().next()); - return userRepository.save(newUser); + return userRepository.save(user); } private String getFullName(DirContextOperations ctx, Map syncAttributes) { diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java index 778ec8c0..47791f1f 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java @@ -103,6 +103,8 @@ public User replicateUser(ReportPortalSamlAuthentication samlAuthentication) { User user = new User(); user.setLogin(userName); + user.setUuid(UUID.randomUUID()); + user.setActive(Boolean.TRUE); List details = samlAuthentication.getDetails(); From 19d5f5c2b60ce2dcf54b30a4a191c9b01a9f89da Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Fri, 18 Oct 2024 12:21:31 +0300 Subject: [PATCH 12/17] EPMRPP-96070 || Fix handling of the locked account --- .../event/UiAuthenticationSuccessEventHandler.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java index f477364c..b62d10ea 100644 --- a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java +++ b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java @@ -17,20 +17,20 @@ package com.epam.reportportal.auth.event; import com.epam.reportportal.auth.integration.saml.ReportPortalSamlAuthentication; +import com.epam.reportportal.rules.exception.ErrorType; +import com.epam.reportportal.rules.exception.ReportPortalException; import com.epam.ta.reportportal.commons.ReportPortalUser; import com.epam.ta.reportportal.dao.UserRepository; import com.epam.ta.reportportal.entity.project.Project; import com.epam.ta.reportportal.entity.user.User; -import com.epam.reportportal.rules.exception.ReportPortalException; import com.epam.ta.reportportal.util.PersonalProjectService; -import com.epam.reportportal.rules.exception.ErrorType; import java.time.Instant; -import java.time.LocalDateTime; -import java.time.ZoneOffset; import org.apache.commons.collections4.MapUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.event.EventListener; +import org.springframework.security.authentication.LockedException; import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; @@ -57,6 +57,10 @@ public UiAuthenticationSuccessEventHandler(UserRepository userRepository, @Transactional public void onApplicationEvent(UiUserSignedInEvent event) { String username = event.getAuthentication().getName(); + if (!((ReportPortalUser) event.getAuthentication().getPrincipal()).isEnabled()) { + SecurityContextHolder.clearContext(); + throw new LockedException("User account is locked"); + } userRepository.updateLastLoginDate( Instant.ofEpochMilli(event.getTimestamp()), username); From f392f7a4ebd201697bb30341a663fdf2975e3de8 Mon Sep 17 00:00:00 2001 From: Reingold Shekhtel <13565058+raikbitters@users.noreply.github.com> Date: Thu, 21 Nov 2024 16:38:36 +0100 Subject: [PATCH 13/17] Update Spring Security dependencies to version 5.8.16 (#349) --- build.gradle | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/build.gradle b/build.gradle index bd5c7f4a..dde0c1bd 100644 --- a/build.gradle +++ b/build.gradle @@ -72,9 +72,9 @@ dependencies { ///// Security //https://nvd.nist.gov/vuln/detail/CVE-2020-5407 AND https://nvd.nist.gov/vuln/detail/CVE-2020-5408 - implementation 'org.springframework.security:spring-security-core:5.8.14' - implementation 'org.springframework.security:spring-security-config:5.8.14' - implementation 'org.springframework.security:spring-security-web:5.8.14' + implementation 'org.springframework.security:spring-security-core:5.8.16' + implementation 'org.springframework.security:spring-security-config:5.8.16' + implementation 'org.springframework.security:spring-security-web:5.8.16' implementation 'org.springframework:spring-jdbc:6.1.5' // From 2dfcc441d85040562aeefee210b0763c008c4678 Mon Sep 17 00:00:00 2001 From: Siarhei Hrabko <45555481+grabsefx@users.noreply.github.com> Date: Fri, 22 Nov 2024 11:30:33 +0300 Subject: [PATCH 14/17] EPMRPP-95299 update last login time (#348) * EPMRPP-95299 update last login time --- .../auth/event/UiAuthenticationSuccessEventHandler.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java index b62d10ea..7594440a 100644 --- a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java +++ b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java @@ -24,7 +24,6 @@ import com.epam.ta.reportportal.entity.project.Project; import com.epam.ta.reportportal.entity.user.User; import com.epam.ta.reportportal.util.PersonalProjectService; -import java.time.Instant; import org.apache.commons.collections4.MapUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.event.EventListener; @@ -61,9 +60,7 @@ public void onApplicationEvent(UiUserSignedInEvent event) { SecurityContextHolder.clearContext(); throw new LockedException("User account is locked"); } - userRepository.updateLastLoginDate( - Instant.ofEpochMilli(event.getTimestamp()), - username); + userRepository.updateLastLoginDate(username); if (MapUtils.isEmpty(acquireUser(event.getAuthentication()).getProjectDetails())) { User user = userRepository.findByLogin(username) From 94089aaeb092984fc7d89595ba85348efe963f66 Mon Sep 17 00:00:00 2001 From: "hleb_kanonik@epam.com" Date: Mon, 2 Dec 2024 15:07:05 +0100 Subject: [PATCH 15/17] Update GitHub Actions workflows to use 'ubuntu-latest' as the runner --- .github/workflows/build-dev-image.yml | 1 + .github/workflows/build-feature-image.yaml | 1 + .github/workflows/build-rc-image.yaml | 1 + .github/workflows/java-checks.yml | 2 ++ 4 files changed, 5 insertions(+) diff --git a/.github/workflows/build-dev-image.yml b/.github/workflows/build-dev-image.yml index 9dbee6bb..e884bc8d 100644 --- a/.github/workflows/build-dev-image.yml +++ b/.github/workflows/build-dev-image.yml @@ -32,4 +32,5 @@ jobs: image-tag: 'develop-${{ github.run_number }}' version: 'develop-${{ github.run_number }}' date: ${{ needs.variables-setup.outputs.date }} + runs-on: ubuntu-latest secrets: inherit diff --git a/.github/workflows/build-feature-image.yaml b/.github/workflows/build-feature-image.yaml index 757cf2eb..f386094d 100644 --- a/.github/workflows/build-feature-image.yaml +++ b/.github/workflows/build-feature-image.yaml @@ -34,4 +34,5 @@ jobs: version: ${{ needs.variables-setup.outputs.tag }} branch: ${{ github.head_ref }} date: ${{ needs.variables-setup.outputs.date }} + runs-on: ubuntu-latest secrets: inherit diff --git a/.github/workflows/build-rc-image.yaml b/.github/workflows/build-rc-image.yaml index 31dc2ff3..c8528f31 100644 --- a/.github/workflows/build-rc-image.yaml +++ b/.github/workflows/build-rc-image.yaml @@ -40,4 +40,5 @@ jobs: build-platforms: ${{ needs.variables-setup.outputs.platforms }} version: ${{ needs.variables-setup.outputs.version }} date: ${{ needs.variables-setup.outputs.date }} + runs-on: ubuntu-latest secrets: inherit diff --git a/.github/workflows/java-checks.yml b/.github/workflows/java-checks.yml index 958772dd..59237625 100644 --- a/.github/workflows/java-checks.yml +++ b/.github/workflows/java-checks.yml @@ -20,3 +20,5 @@ jobs: call-java-cheks: name: Call Java checks uses: reportportal/.github/.github/workflows/java-checks.yaml@main + with: + runs-on: ubuntu-latest From 92b8c34d03e8932fd9dea95c2faf46080274de13 Mon Sep 17 00:00:00 2001 From: Reingold Shekhtel <13565058+raikbitters@users.noreply.github.com> Date: Wed, 4 Dec 2024 19:26:30 +0100 Subject: [PATCH 16/17] Add user active status checking * Add user status update for SAML * Add user status checking for GitHub flow --- .../UiAuthenticationSuccessEventHandler.java | 33 +++++++++++++++---- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java index 7594440a..c72e3e2e 100644 --- a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java +++ b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java @@ -45,6 +45,10 @@ public class UiAuthenticationSuccessEventHandler { private PersonalProjectService personalProjectService; + /** + * Event handler for successful UI authentication events. Updates the last login date for the user + * and generates a personal project if the user has no projects. + */ @Autowired public UiAuthenticationSuccessEventHandler(UserRepository userRepository, PersonalProjectService personalProjectService) { @@ -52,14 +56,18 @@ public UiAuthenticationSuccessEventHandler(UserRepository userRepository, this.personalProjectService = personalProjectService; } + /** + * Handles the UI user signed-in event. Updates the last login date for the user + * and generates a personal project if the user has no projects. + * Also, if the user is inactive, it will be activated for SAML authentication. + * + * @param event the UI user signed-in event + */ @EventListener @Transactional public void onApplicationEvent(UiUserSignedInEvent event) { String username = event.getAuthentication().getName(); - if (!((ReportPortalUser) event.getAuthentication().getPrincipal()).isEnabled()) { - SecurityContextHolder.clearContext(); - throw new LockedException("User account is locked"); - } + userRepository.updateLastLoginDate(username); if (MapUtils.isEmpty(acquireUser(event.getAuthentication()).getProjectDetails())) { @@ -72,11 +80,22 @@ public void onApplicationEvent(UiUserSignedInEvent event) { private ReportPortalUser acquireUser(Authentication authentication) { if (authentication instanceof ReportPortalSamlAuthentication rpAuth) { + userRepository.findByLogin(rpAuth.getPrincipal()) + .filter(user -> !user.getActive()) + .ifPresent(user -> { + user.setActive(true); + userRepository.save(user); + }); return userRepository.findUserDetails(rpAuth.getPrincipal()) - .orElseThrow(() -> - new ReportPortalException(ErrorType.USER_NOT_FOUND, rpAuth.getPrincipal())); + .orElseThrow(() -> new ReportPortalException( + ErrorType.USER_NOT_FOUND, rpAuth.getPrincipal() + )); } else { + if (!((ReportPortalUser) authentication.getPrincipal()).isEnabled()) { + SecurityContextHolder.clearContext(); + throw new LockedException("User account is locked"); + } return (ReportPortalUser) authentication.getPrincipal(); } } -} +} \ No newline at end of file From a44349a8648bf9c7280f6257e32bab783da81566 Mon Sep 17 00:00:00 2001 From: Pavel_Bortnik Date: Thu, 5 Dec 2024 17:28:56 +0300 Subject: [PATCH 17/17] 5.13.0 || Update release version --- .github/workflows/release.yml | 2 +- build.gradle | 6 +++++- gradle.properties | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d4ba69ac..c8b90994 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,7 +11,7 @@ on: env: GH_USER_NAME: github.actor - RELEASE_VERSION: 5.12.0 + RELEASE_VERSION: 5.13.0 jobs: release: diff --git a/build.gradle b/build.gradle index dde0c1bd..0413845a 100644 --- a/build.gradle +++ b/build.gradle @@ -34,7 +34,7 @@ ext['log4j2.version'] = '2.21.1' dependencyManagement { imports { - mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + '5.11.7' : 'com.epam.reportportal:commons-bom:5.11.7') + mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + '5.13.0' : 'com.epam.reportportal:commons-bom:5.13.0') } } @@ -144,3 +144,7 @@ jar.archiveClassifier.set('') publish.dependsOn build publish.mustRunAfter build + +tasks.preTagCommit.enabled = false +tasks.updateVersion.enabled = false +tasks.commitNewVersion.enabled = false \ No newline at end of file diff --git a/gradle.properties b/gradle.properties index 9ad71799..a861a038 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,4 +1,4 @@ -version=5.12.1 +version=5.13.0 description=Unified Authorization Trap for all ReportPortal's Services dockerPrepareEnvironment= dockerJavaOpts=-Xmx512m -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom