5.13.0 Release

.github/workflows/build-dev-image.yml

@@ -32,4 +32,5 @@ jobs:
       image-tag: 'develop-${{ github.run_number }}'
       version: 'develop-${{ github.run_number }}'
       date: ${{ needs.variables-setup.outputs.date }}
+      runs-on: ubuntu-latest
     secrets: inherit

.github/workflows/build-feature-image.yaml

@@ -34,4 +34,5 @@ jobs:
       version: ${{ needs.variables-setup.outputs.tag }}
       branch: ${{ github.head_ref }}
       date: ${{ needs.variables-setup.outputs.date }}
+      runs-on: ubuntu-latest
     secrets: inherit

.github/workflows/build-rc-image.yaml

@@ -40,4 +40,5 @@ jobs:
       build-platforms: ${{ needs.variables-setup.outputs.platforms }}
       version: ${{ needs.variables-setup.outputs.version }}
       date: ${{ needs.variables-setup.outputs.date }}
+      runs-on: ubuntu-latest
     secrets: inherit

.github/workflows/java-checks.yml

@@ -20,3 +20,5 @@ jobs:
   call-java-cheks:
     name: Call Java checks
     uses: reportportal/.github/.github/workflows/java-checks.yaml@main
+    with:
+      runs-on: ubuntu-latest

.github/workflows/release.yml

@@ -11,7 +11,7 @@ on:
 
 env:
   GH_USER_NAME: github.actor
-  RELEASE_VERSION: 5.12.0
+  RELEASE_VERSION: 5.13.0
 
 jobs:
   release:

build.gradle

@@ -34,7 +34,7 @@ ext['log4j2.version'] = '2.21.1'
 
 dependencyManagement {
     imports {
-        mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + '5.12.1' : 'com.epam.reportportal:commons-bom:5.12.1')
+        mavenBom(releaseMode ? 'com.epam.reportportal:commons-bom:' + '5.13.0' : 'com.epam.reportportal:commons-bom:5.13.0')
     }
 }
 
@@ -43,8 +43,8 @@ dependencies {
         api 'com.epam.reportportal:commons-dao'
         api 'com.epam.reportportal:commons'
     } else {
-        api 'com.github.reportportal:commons-dao:acf1ec7'
-        api 'com.github.reportportal:commons:c8ef09c'
+        api 'com.github.reportportal:commons-dao:develop-SNAPSHOT'
+        api 'com.github.reportportal:commons:develop-SNAPSHOT'
     }
 
     //Fix CVE-2021-41079, CVE-2022-23181, CVE-2021-33037, CVE-2021-30640, CVE-2022-42252, CVE-2023-46589, CVE-2024-24549
@@ -72,9 +72,9 @@ dependencies {
 
     ///// Security
     //https://nvd.nist.gov/vuln/detail/CVE-2020-5407 AND https://nvd.nist.gov/vuln/detail/CVE-2020-5408
-    implementation 'org.springframework.security:spring-security-core:5.8.14'
-    implementation 'org.springframework.security:spring-security-config:5.8.14'
-    implementation 'org.springframework.security:spring-security-web:5.8.14'
+    implementation 'org.springframework.security:spring-security-core:5.8.16'
+    implementation 'org.springframework.security:spring-security-config:5.8.16'
+    implementation 'org.springframework.security:spring-security-web:5.8.16'
     implementation 'org.springframework:spring-jdbc:6.1.5'
     //
 
@@ -144,3 +144,7 @@ jar.archiveClassifier.set('')
 
 publish.dependsOn build
 publish.mustRunAfter build
+
+tasks.preTagCommit.enabled = false
+tasks.updateVersion.enabled = false
+tasks.commitNewVersion.enabled = false

gradle.properties

@@ -1,4 +1,4 @@
-version=5.12.1
+version=5.13.0
 description=Unified Authorization Trap for all ReportPortal's Services
 dockerPrepareEnvironment=
 dockerJavaOpts=-Xmx512m -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom

src/main/java/com/epam/reportportal/auth/basic/DatabaseUserDetailsService.java

@@ -50,6 +50,7 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
         .orElseThrow(() -> new UsernameNotFoundException("User not found"));
 
     UserDetails userDetails = org.springframework.security.core.userdetails.User.builder()
+        .disabled(!user.isEnabled())
         .username(user.getUsername())
         .password(user.getPassword() == null ? "" : user.getPassword())
         .authorities(AuthUtils.AS_AUTHORITIES.apply(user.getUserRole()))

src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java

@@ -17,20 +17,19 @@
 package com.epam.reportportal.auth.event;
 
 import com.epam.reportportal.auth.integration.saml.ReportPortalSamlAuthentication;
+import com.epam.reportportal.rules.exception.ErrorType;
+import com.epam.reportportal.rules.exception.ReportPortalException;
 import com.epam.ta.reportportal.commons.ReportPortalUser;
 import com.epam.ta.reportportal.dao.UserRepository;
 import com.epam.ta.reportportal.entity.project.Project;
 import com.epam.ta.reportportal.entity.user.User;
-import com.epam.reportportal.rules.exception.ReportPortalException;
 import com.epam.ta.reportportal.util.PersonalProjectService;
-import com.epam.reportportal.rules.exception.ErrorType;
-import java.time.Instant;
-import java.time.LocalDateTime;
-import java.time.ZoneOffset;
 import org.apache.commons.collections4.MapUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.event.EventListener;
+import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -46,20 +45,30 @@ public class UiAuthenticationSuccessEventHandler {
 
   private PersonalProjectService personalProjectService;
 
+  /**
+   * Event handler for successful UI authentication events. Updates the last login date for the user
+   * and generates a personal project if the user has no projects.
+   */
   @Autowired
   public UiAuthenticationSuccessEventHandler(UserRepository userRepository,
       PersonalProjectService personalProjectService) {
     this.userRepository = userRepository;
     this.personalProjectService = personalProjectService;
   }
 
+  /**
+   * Handles the UI user signed-in event. Updates the last login date for the user
+   * and generates a personal project if the user has no projects.
+   * Also, if the user is inactive, it will be activated for SAML authentication.
+   *
+   * @param event the UI user signed-in event
+   */
   @EventListener
   @Transactional
   public void onApplicationEvent(UiUserSignedInEvent event) {
     String username = event.getAuthentication().getName();
-    userRepository.updateLastLoginDate(
-        Instant.ofEpochMilli(event.getTimestamp()),
-        username);
+
+    userRepository.updateLastLoginDate(username);
 
     if (MapUtils.isEmpty(acquireUser(event.getAuthentication()).getProjectDetails())) {
       User user = userRepository.findByLogin(username)
@@ -71,11 +80,22 @@ public void onApplicationEvent(UiUserSignedInEvent event) {
 
   private ReportPortalUser acquireUser(Authentication authentication) {
     if (authentication instanceof ReportPortalSamlAuthentication rpAuth) {
+      userRepository.findByLogin(rpAuth.getPrincipal())
+          .filter(user -> !user.getActive())
+          .ifPresent(user -> {
+            user.setActive(true);
+            userRepository.save(user);
+          });
       return userRepository.findUserDetails(rpAuth.getPrincipal())
-          .orElseThrow(() ->
-              new ReportPortalException(ErrorType.USER_NOT_FOUND, rpAuth.getPrincipal()));
+          .orElseThrow(() -> new ReportPortalException(
+              ErrorType.USER_NOT_FOUND, rpAuth.getPrincipal()
+          ));
     } else {
+      if (!((ReportPortalUser) authentication.getPrincipal()).isEnabled()) {
+        SecurityContextHolder.clearContext();
+        throw new LockedException("User account is locked");
+      }
       return (ReportPortalUser) authentication.getPrincipal();
     }
   }
-}
+}

src/main/java/com/epam/reportportal/auth/integration/github/GitHubUserReplicator.java

@@ -45,6 +45,7 @@
 import java.util.Date;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.UUID;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.core.io.Resource;
 import org.springframework.http.ResponseEntity;
@@ -143,8 +144,10 @@ private void updateUser(User user, UserResource userResource, GitHubClient gitHu
 
   private User createUser(UserResource userResource, GitHubClient gitHubClient) {
     User user = new User();
-    String login = normalizeId(userResource.getLogin());
-    user.setLogin(login);
+    user.setLogin(normalizeId(userResource.getLogin()));
+    user.setUuid(UUID.randomUUID());
+    user.setActive(Boolean.TRUE);
+
     updateUser(user, userResource, gitHubClient);
     user.setUserType(UserType.GITHUB);
     user.setRole(UserRole.USER);

src/main/java/com/epam/reportportal/auth/integration/ldap/LdapUserReplicator.java

@@ -34,6 +34,7 @@
 import com.epam.ta.reportportal.util.PersonalProjectService;
 import java.util.Map;
 import java.util.Optional;
+import java.util.UUID;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.ldap.core.DirContextOperations;
@@ -101,23 +102,25 @@ private String validateEmail(String email) {
 
   private User createNewUser(DirContextOperations ctx, Map<String, String> syncAttributes,
       String email, String login) {
-    User newUser = new User();
-    newUser.setLogin(login);
+    User user = new User();
+    user.setLogin(login);
+    user.setUuid(UUID.randomUUID());
+    user.setActive(Boolean.TRUE);
 
     String fullName = getFullName(ctx, syncAttributes);
-    newUser.setFullName(fullName);
+    user.setFullName(fullName);
 
     checkEmail(email);
-    newUser.setEmail(email);
-    newUser.setMetadata(defaultMetaData());
-    newUser.setUserType(UserType.LDAP);
-    newUser.setRole(UserRole.USER);
-    newUser.setExpired(false);
+    user.setEmail(email);
+    user.setMetadata(defaultMetaData());
+    user.setUserType(UserType.LDAP);
+    user.setRole(UserRole.USER);
+    user.setExpired(false);
 
-    final Project project = generatePersonalProject(newUser);
-    newUser.getProjects().add(project.getUsers().iterator().next());
+    final Project project = generatePersonalProject(user);
+    user.getProjects().add(project.getUsers().iterator().next());
 
-    return userRepository.save(newUser);
+    return userRepository.save(user);
   }
 
   private String getFullName(DirContextOperations ctx, Map<String, String> syncAttributes) {

src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java

@@ -43,6 +43,7 @@
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.UUID;
 import java.util.stream.Collectors;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationEventPublisher;
@@ -102,6 +103,8 @@ public User replicateUser(ReportPortalSamlAuthentication samlAuthentication) {
 
     User user = new User();
     user.setLogin(userName);
+    user.setUuid(UUID.randomUUID());
+    user.setActive(Boolean.TRUE);
 
     List<Attribute> details = samlAuthentication.getDetails();