Merge branch 'develop' into feature/orgs

# Conflicts:
#	build.gradle

.github/workflows/dockerhub-release.yaml

@@ -17,7 +17,7 @@ jobs:
     name: Retag and push image 
     runs-on: ubuntu-latest
     environment: rc
-    if: github.event.pull_request.base.ref == 'master' || github.event.pull_request.base.ref == 'main'
+    if: github.event.review.state == 'approved' && (github.event.pull_request.base.ref == 'master' || github.event.pull_request.base.ref == 'main')
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/manually-release.yml

@@ -28,17 +28,17 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v2
 
-      - name: Set up JDK 11
+      - name: Set up JDK 21
         uses: actions/setup-java@v2
         with:
           distribution: 'adopt'
-          java-version: '11'
+          java-version: '21'
 
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
       - name: Setup git credentials
-        uses: oleksiyrudenko/gha-git-credentials@v2
+        uses: oleksiyrudenko/gha-git-credentials@v2-latest
         with:
           name: 'reportportal.io'
           email: '[email protected]'

.github/workflows/release.yml

@@ -11,7 +11,7 @@ on:
 
 env:
   GH_USER_NAME: github.actor
-  RELEASE_VERSION: 5.11.1
+  RELEASE_VERSION: 5.12.0
 
 jobs:
   release:
@@ -20,17 +20,17 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v2
 
-      - name: Set up JDK 11
+      - name: Set up JDK 21
         uses: actions/setup-java@v2
         with:
           distribution: 'adopt'
-          java-version: '11'
+          java-version: '21'
 
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
       - name: Setup git credentials
-        uses: oleksiyrudenko/gha-git-credentials@v2
+        uses: oleksiyrudenko/gha-git-credentials@v2-latest
         with:
           name: 'reportportal.io'
           email: '[email protected]'

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM gradle:8.5.0-jdk21 AS build
+FROM --platform=$BUILDPLATFORM gradle:8.10.0-jdk21-alpine AS build
 ARG RELEASE_MODE
 ARG APP_VERSION
 WORKDIR /usr/app
@@ -9,8 +9,7 @@ RUN if [ "${RELEASE_MODE}" = true ]; then \
         -Dorg.gradle.project.version=${APP_VERSION}; \
     else gradle build --no-build-cache --exclude-task test -Dorg.gradle.project.version=${APP_VERSION}; fi
 
-# For ARM build use flag: `--platform linux/arm64`
-FROM --platform=$BUILDPLATFORM amazoncorretto:21.0.1
+FROM amazoncorretto:21.0.4
 LABEL version=${APP_VERSION} description="EPAM ReportPortal. Auth Service" maintainer="Andrei Varabyeu <[email protected]>, Hleb Kanonik <[email protected]>"
 ARG APP_VERSION=${APP_VERSION}
 ENV APP_DIR=/usr/app
@@ -19,4 +18,4 @@ WORKDIR $APP_DIR
 COPY --from=build $APP_DIR/build/libs/service-authorization-*exec.jar .
 VOLUME ["/tmp"]
 EXPOSE 8080
-ENTRYPOINT exec java ${JAVA_OPTS} -jar ${APP_DIR}/service-authorization-*exec.jar
+ENTRYPOINT ["sh", "-c", "java ${JAVA_OPTS} -jar ${APP_DIR}/service-authorization-*exec.jar"]

build.gradle

@@ -7,6 +7,7 @@ plugins {
 }
 
 apply from: 'project-properties.gradle'
+//apply from: "$scriptsUrl/build-docker.gradle"
 apply from: "$scriptsUrl/build-info.gradle"
 apply from: "$scriptsUrl/build-commons.gradle"
 //apply from: "$scriptsUrl/build-quality.gradle"
@@ -15,12 +16,12 @@ apply from: "$scriptsUrl/signing.gradle"
 
 repositories {
     mavenCentral { url "https://repo1.maven.org/maven2" }
-
     if (!releaseMode) {
         maven { url 'https://jitpack.io' }
     }
 }
 
+ext['spring-boot.version'] = '2.5.15'
 //https://nvd.nist.gov/vuln/detail/CVE-2020-10683 (dom4j 2.1.3 version dependency) AND https://nvd.nist.gov/vuln/detail/CVE-2019-14900
 ext['hibernate.version'] = '5.4.18.Final'
 //https://nvd.nist.gov/vuln/detail/CVE-2020-10693
@@ -42,20 +43,18 @@ dependencies {
         api 'com.epam.reportportal:commons-dao'
         api 'com.epam.reportportal:commons'
     } else {
-        api 'com.github.reportportal:commons-dao:84392dd'
-        api 'com.github.reportportal:commons:f849258'
+        api 'com.github.reportportal:commons-dao:ebfad95'
+        api 'com.github.reportportal:commons:1fa3eb2'
     }
 
     //Fix CVE-2021-41079, CVE-2022-23181, CVE-2021-33037, CVE-2021-30640, CVE-2022-42252, CVE-2023-46589, CVE-2024-24549
     implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.86'
     implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.86'
     implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.86'
-    //Fix CVE-2020-15522
-    implementation 'org.bouncycastle:bcprov-jdk15on:1.69'
     //Fix CVE-2015-7501, CVE-2015-4852
     implementation 'org.apache.commons:commons-collections4:4.4'
     //Fix CVE-2018-10237
-    implementation 'com.google.guava:guava:31.1-jre'
+    implementation 'com.google.guava:guava:33.3.0-jre'
     //Fix CVE-2020-13956
     api 'org.apache.httpcomponents:httpclient:4.5.14'
     //Fix CVE-2022-40152
@@ -68,14 +67,14 @@ dependencies {
     //Fix CVE-2023-34050
     implementation 'org.springframework.amqp:spring-amqp:2.4.17'
     //Fix CVE-2023-40827, CVE-2023-40828, CVE-2023-40826
-    implementation 'org.springframework:spring-webmvc:5.3.33'
-    implementation 'org.springframework:spring-web:5.3.33'
+    implementation 'org.springframework:spring-webmvc:5.3.39'
+    implementation 'org.springframework:spring-web:5.3.39'
 
     ///// Security
     //https://nvd.nist.gov/vuln/detail/CVE-2020-5407 AND https://nvd.nist.gov/vuln/detail/CVE-2020-5408
-    implementation 'org.springframework.security:spring-security-core:5.8.5'
-    implementation 'org.springframework.security:spring-security-config:5.8.5'
-    implementation 'org.springframework.security:spring-security-web:5.8.5'
+    implementation 'org.springframework.security:spring-security-core:5.8.14'
+    implementation 'org.springframework.security:spring-security-config:5.8.14'
+    implementation 'org.springframework.security:spring-security-web:5.8.14'
     implementation 'org.springframework:spring-jdbc:6.1.5'
     //
 
@@ -84,11 +83,15 @@ dependencies {
     implementation 'net.minidev:json-smart:2.4.10'
     //Fix CVE-2022-22969
     api 'org.springframework.security.oauth:spring-security-oauth2:2.5.2.RELEASE'
-    implementation 'org.springframework.security:spring-security-jwt:1.0.11.RELEASE'
+    implementation 'org.springframework.security.oauth:spring-security-oauth2:2.5.2.RELEASE'
+    implementation 'org.springframework.security:spring-security-jwt:1.1.1.RELEASE'
+    //Fix CVE-2020-15522 in org.springframework.security:spring-security-jwt:1.1.1.RELEASE
+    implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
     implementation 'org.springframework.security:spring-security-ldap'
     // TODO: consider migration to spring-security-saml2-service-provider
     implementation 'org.springframework.security.extensions:spring-security-saml2-core:2.0.0.M31'
-//  Temporary fix of https://nvd.nist.gov/vuln/detail/CVE-2019-12400
+    implementation 'commons-collections:commons-collections:3.2.2'
+    //Temporary fix of https://nvd.nist.gov/vuln/detail/CVE-2019-12400
     implementation 'org.apache.santuario:xmlsec:3.0.3'
     //Fix CVE-2015-7501, CVE-2015-4852
     implementation 'org.apache.commons:commons-collections4:4.4'
@@ -102,10 +105,11 @@ dependencies {
     implementation 'org.springdoc:springdoc-openapi-ui:1.7.0'
     api 'org.apache.commons:commons-compress:1.26.0'
     implementation 'org.cryptacular:cryptacular:1.1.4'
-    // TODO: snakeyaml 2.0 supported by Spring Boot 3 only
-    implementation 'org.yaml:snakeyaml:1.33'
+    // TODO: snakeyaml 2.0 supported by Spring Boot 2.7 and 3.X only
+    // We don't user application.yml, so it's safe to use 2.2
+    implementation 'org.yaml:snakeyaml:2.2'
     implementation 'org.hibernate:hibernate-core:5.4.24.Final'
-    implementation 'org.springframework:spring-core:5.3.30'
+    implementation 'org.springframework:spring-core:5.3.39'
     implementation "com.rabbitmq:http-client:5.2.0"
 
     // add lombok support

docker-compose.yml

@@ -111,7 +111,7 @@ services:
   ## ReportPortal services
 
   index:
-    image: reportportal/service-index:5.11.0
+    image: reportportal/service-index:5.12.0
     container_name: reportportal-index
     logging:
       <<: *logging
@@ -138,7 +138,7 @@ services:
     restart: always
 
   ui:
-    image: reportportal/service-ui:5.11.1
+    image: reportportal/service-ui:5.12.0
     container_name: reportportal-ui
     environment:
       RP_SERVER_PORT: "8080"
@@ -161,7 +161,7 @@ services:
     restart: always
 
   api:
-    image: reportportal/service-api:5.11.1
+    image: reportportal/service-api:5.12.0
     container_name: reportportal-api
     logging:
       <<: *logging
@@ -276,7 +276,7 @@ services:
     restart: always
 
   jobs:
-    image: reportportal/service-jobs:5.11.1
+    image: reportportal/service-jobs:5.12.0
     container_name: reportportal-jobs
     logging:
       <<: *logging
@@ -349,7 +349,7 @@ services:
     restart: always
 
   analyzer:
-    image: &analyzer_img reportportal/service-auto-analyzer:5.11.0-r1
+    image: &analyzer_img reportportal/service-auto-analyzer:5.12.0-r1
     container_name: reportportal-analyzer
     logging:
       <<: *logging
@@ -401,7 +401,7 @@ services:
     restart: always
 
   metrics-gatherer:
-    image: reportportal/service-metrics-gatherer:5.11.0-r1
+    image: reportportal/service-metrics-gatherer:5.12.0-r1
     container_name: reportportal-metrics-gatherer
     logging:
       <<: *logging
@@ -428,7 +428,7 @@ services:
     restart: always
 
   migrations:
-    image: reportportal/migrations:5.11.0
+    image: reportportal/migrations:5.12.0
     container_name: reportportal-migrations
     logging:
       <<: *logging

gradle.properties

@@ -1,4 +1,4 @@
-version=5.11.2
+version=5.12.1
 description=Unified Authorization Trap for all ReportPortal's Services
 dockerPrepareEnvironment=
 dockerJavaOpts=-Xmx512m -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum

gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 

project-properties.gradle

@@ -4,10 +4,10 @@ project.ext {
     publishRepo = "https://maven.pkg.github.com/reportportal/service-authorization"
     dependencyRepos = ["commons-dao", "commons-rules", "commons-model", "commons-bom"]
     releaseMode = project.hasProperty("releaseMode")
-    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.10.0' : 'develop')
+    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.12.0' : 'develop')
     isDebugMode = System.getProperty("DEBUG", "false") == "true"
 }
 
 wrapper {
-    gradleVersion = '8.5'
+    gradleVersion = '8.10'
 }

src/main/java/com/epam/reportportal/auth/basic/DatabaseUserDetailsService.java

@@ -50,6 +50,7 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
         .orElseThrow(() -> new UsernameNotFoundException("User not found"));
 
     UserDetails userDetails = org.springframework.security.core.userdetails.User.builder()
+        .disabled(!user.isEnabled())
         .username(user.getUsername())
         .password(user.getPassword() == null ? "" : user.getPassword())
         .authorities(AuthUtils.AS_AUTHORITIES.apply(user.getUserRole()))

src/main/java/com/epam/reportportal/auth/integration/ldap/ActiveDirectoryAuthProvider.java

@@ -16,11 +16,14 @@
 
 package com.epam.reportportal.auth.integration.ldap;
 
+import static com.epam.reportportal.auth.integration.ldap.LdapAuthProvider.LDAP_TIMEOUT;
+
 import com.epam.reportportal.auth.EnableableAuthProvider;
 import com.epam.reportportal.auth.integration.AuthIntegrationType;
 import com.epam.reportportal.auth.integration.parameter.LdapParameter;
 import com.epam.ta.reportportal.dao.IntegrationRepository;
 import com.epam.ta.reportportal.entity.integration.Integration;
+import java.util.Collections;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -61,10 +64,11 @@ protected AuthenticationProvider getDelegate() {
     ActiveDirectoryLdapAuthenticationProvider adAuth =
         new ActiveDirectoryLdapAuthenticationProvider(LdapParameter.DOMAIN.getParameter(integration)
             .orElse(null),
-        LdapParameter.URL.getRequiredParameter(integration),
-        LdapParameter.BASE_DN.getRequiredParameter(integration)
-    );
-
+            LdapParameter.URL.getRequiredParameter(integration),
+            LdapParameter.BASE_DN.getRequiredParameter(integration)
+        );
+    adAuth.setContextEnvironmentProperties(
+        Collections.singletonMap("com.sun.jndi.ldap.connect.timeout", LDAP_TIMEOUT));
     adAuth.setAuthoritiesMapper(new NullAuthoritiesMapper());
     adAuth.setUserDetailsContextMapper(detailsContextMapper);
     LdapParameter.SEARCH_FILTER_REMOVE_NOT_PRESENT.getParameter(integration)