chore(merge): master into dev

bonita-integration-tests/bonita-integration-tests-local/src/test/java/org/bonitasoft/engine/cache/ehcache/CacheConfigurationIT.java

@@ -42,6 +42,7 @@ public void all_required_cache_configurations_should_exist() {
                 "SYNCHRO_SERVICE_CACHE",
                 "parameters",
                 "DEFAULT_PLATFORM",
-                "CONNECTOR");
+                "CONNECTOR",
+                "application-token");
     }
 }

bpm/bonita-web-server/src/main/java/org/bonitasoft/console/common/server/page/ApplicationAuthorizationsHelper.java

@@ -0,0 +1,40 @@
+/**
+ * Copyright (C) 2022 Bonitasoft S.A.
+ * Bonitasoft, 32 rue Gustave Eiffel - 38000 Grenoble
+ * This library is free software; you can redistribute it and/or modify it under the terms
+ * of the GNU Lesser General Public License as published by the Free Software Foundation
+ * version 2.1 of the License.
+ * This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public License along with this
+ * program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
+ * Floor, Boston, MA 02110-1301, USA.
+ **/
+package org.bonitasoft.console.common.server.page;
+
+import org.bonitasoft.engine.session.APISession;
+import org.bonitasoft.livingapps.ApplicationModel;
+import org.bonitasoft.livingapps.ApplicationModelFactory;
+
+public class ApplicationAuthorizationsHelper {
+
+    private final APISession apiSession;
+    private final ApplicationModelFactory applicationFactory;
+
+    public ApplicationAuthorizationsHelper(final APISession apiSession,
+            final ApplicationModelFactory applicationModelFactory) {
+        this.apiSession = apiSession;
+        this.applicationFactory = applicationModelFactory;
+    }
+
+    public boolean isAuthorized(final String applicationToken) {
+        try {
+            final ApplicationModel application = applicationFactory.createApplicationModel(applicationToken);
+            return application.authorize(apiSession);
+        } catch (final Exception e) {
+            return false;
+        }
+    }
+
+}

bpm/bonita-web-server/src/main/java/org/bonitasoft/console/common/server/page/CustomPageServlet.java

@@ -27,7 +27,11 @@
 import org.bonitasoft.console.common.server.utils.BonitaHomeFolderAccessor;
 import org.bonitasoft.console.common.server.utils.SessionUtil;
 import org.bonitasoft.engine.api.TenantAPIAccessor;
-import org.bonitasoft.engine.exception.*;
+import org.bonitasoft.engine.exception.BonitaException;
+import org.bonitasoft.engine.exception.BonitaHomeNotSetException;
+import org.bonitasoft.engine.exception.ServerAPIException;
+import org.bonitasoft.engine.exception.UnauthorizedAccessException;
+import org.bonitasoft.engine.exception.UnknownAPITypeException;
 import org.bonitasoft.engine.session.APISession;
 import org.bonitasoft.livingapps.ApplicationModelFactory;
 import org.slf4j.Logger;
@@ -78,7 +82,7 @@ protected void doGet(final HttpServletRequest request, final HttpServletResponse
 
         try {
 
-            if (isAuthorized(apiSession, appToken, pageName)) {
+            if (isAuthorized(apiSession, appToken)) {
                 if (isPageRequest(pathSegments)) {
                     pageRenderer.displayCustomPage(request, response, apiSession, pageName);
                 } else {
@@ -133,25 +137,24 @@ private String getResourcePathWithoutPageName(final String resourcePath, final S
         return resourcePath.substring(pageName.length() + 2);
     }
 
-    private boolean isAuthorized(final APISession apiSession, final String appToken, final String pageName)
+    private boolean isAuthorized(final APISession apiSession, final String appToken)
             throws BonitaException {
         //Technical user should be authorized in order for the custom pages to be displayed in his profile
         return apiSession.isTechnicalUser()
-                || getCustomPageAuthorizationsHelper(apiSession).isPageAuthorized(appToken, pageName);
+                || getCustomPageAuthorizationsHelper(apiSession).isAuthorized(appToken);
     }
 
     private void handleException(final String pageName, final Exception e) throws ServletException {
         if (LOGGER.isWarnEnabled()) {
-            LOGGER.warn("Error while trying to render the custom page " + pageName, e);
+            LOGGER.warn("Error while trying to render the custom page {}", pageName, e);
         }
         throw new ServletException(e.getMessage());
     }
 
-    protected CustomPageAuthorizationsHelper getCustomPageAuthorizationsHelper(final APISession apiSession)
+    protected ApplicationAuthorizationsHelper getCustomPageAuthorizationsHelper(final APISession apiSession)
             throws BonitaHomeNotSetException,
             ServerAPIException, UnknownAPITypeException {
-        return new CustomPageAuthorizationsHelper(apiSession,
-                TenantAPIAccessor.getLivingApplicationAPI(apiSession), TenantAPIAccessor.getCustomPageAPI(apiSession),
+        return new ApplicationAuthorizationsHelper(apiSession,
                 new ApplicationModelFactory(
                         TenantAPIAccessor.getLivingApplicationAPI(apiSession),
                         TenantAPIAccessor.getCustomPageAPI(apiSession),

bpm/bonita-web-server/src/main/java/org/bonitasoft/livingapps/ApplicationModelFactory.java

@@ -17,11 +17,7 @@
 import org.bonitasoft.engine.api.PageAPI;
 import org.bonitasoft.engine.api.ProfileAPI;
 import org.bonitasoft.engine.business.application.Application;
-import org.bonitasoft.engine.business.application.ApplicationSearchDescriptor;
-import org.bonitasoft.engine.business.application.IApplication;
-import org.bonitasoft.engine.exception.SearchException;
-import org.bonitasoft.engine.search.SearchOptionsBuilder;
-import org.bonitasoft.engine.search.SearchResult;
+import org.bonitasoft.engine.business.application.ApplicationNotFoundException;
 import org.bonitasoft.livingapps.exception.CreationException;
 import org.bonitasoft.livingapps.menu.MenuFactory;
 
@@ -38,32 +34,20 @@ public ApplicationModelFactory(final ApplicationAPI applicationApi, final PageAP
         this.profileApi = profileApi;
     }
 
-    public ApplicationModel createApplicationModel(final String name) throws CreationException {
-
+    public ApplicationModel createApplicationModel(final String applicationToken) throws CreationException {
         try {
-            final SearchResult<IApplication> result = applicationApi.searchIApplications(
-                    new SearchOptionsBuilder(0, 1)
-                            .filter(ApplicationSearchDescriptor.TOKEN, name)
-                            .done());
-
-            if (result.getCount() == 0) {
-                throw new CreationException("No application found with name " + name);
+            var application = applicationApi.getIApplicationByToken(applicationToken);
+            if (!(application instanceof Application)) {
+                throw new CreationException("Only application links were found with name " + applicationToken);
             }
-            // find a legacy application
-            var legacyApplication = result.getResult().stream().filter(Application.class::isInstance)
-                    .map(Application.class::cast).findFirst();
-            if (legacyApplication.isEmpty()) {
-                throw new CreationException("Only application links were found with name " + name);
-            }
-
             return new ApplicationModel(
                     applicationApi,
                     customPageApi,
                     profileApi,
-                    legacyApplication.get(),
+                    (Application) application,
                     new MenuFactory(applicationApi));
-        } catch (final SearchException e) {
-            throw new CreationException("Error while searching for the application " + name, e);
+        } catch (final ApplicationNotFoundException e) {
+            throw new CreationException("Error while searching for the application " + applicationToken, e);
         }
     }
 }

bpm/bonita-web-server/src/main/java/org/bonitasoft/livingapps/LivingApplicationPageServlet.java

@@ -24,7 +24,7 @@
 import javax.servlet.http.HttpSession;
 
 import org.apache.commons.lang3.StringUtils;
-import org.bonitasoft.console.common.server.page.CustomPageAuthorizationsHelper;
+import org.bonitasoft.console.common.server.page.ApplicationAuthorizationsHelper;
 import org.bonitasoft.console.common.server.page.CustomPageRequestModifier;
 import org.bonitasoft.console.common.server.page.CustomPageService;
 import org.bonitasoft.console.common.server.page.PageRenderer;
@@ -224,7 +224,7 @@ private File getResourceFile(final String resourcePath, final String pageName) t
 
     private boolean isAuthorized(final APISession apiSession, final String appToken, final String pageName)
             throws BonitaException {
-        return getCustomPageAuthorizationsHelper(apiSession).isPageAuthorized(appToken, pageName);
+        return getCustomPageAuthorizationsHelper(apiSession).isAuthorized(appToken);
     }
 
     private void handleException(final String pageName, final Exception e, final HttpServletRequest request,
@@ -258,11 +258,10 @@ protected PageAPI getPageApi(final APISession apiSession)
         return TenantAPIAccessor.getCustomPageAPI(apiSession);
     }
 
-    protected CustomPageAuthorizationsHelper getCustomPageAuthorizationsHelper(final APISession apiSession)
+    protected ApplicationAuthorizationsHelper getCustomPageAuthorizationsHelper(final APISession apiSession)
             throws BonitaHomeNotSetException,
             ServerAPIException, UnknownAPITypeException {
-        return new CustomPageAuthorizationsHelper(apiSession,
-                TenantAPIAccessor.getLivingApplicationAPI(apiSession), TenantAPIAccessor.getCustomPageAPI(apiSession),
+        return new ApplicationAuthorizationsHelper(apiSession,
                 new ApplicationModelFactory(
                         TenantAPIAccessor.getLivingApplicationAPI(apiSession),
                         TenantAPIAccessor.getCustomPageAPI(apiSession),

bpm/bonita-web-server/src/test/java/org/bonitasoft/console/common/server/page/CustomPageAuthorizationsHelperTest.java → bpm/bonita-web-server/src/test/java/org/bonitasoft/console/common/server/page/ApplicationAuthorizationsHelperTest.java

@@ -20,25 +20,12 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-import java.util.Arrays;
-import java.util.Collections;
-
 import org.bonitasoft.engine.api.ApplicationAPI;
-import org.bonitasoft.engine.api.PageAPI;
 import org.bonitasoft.engine.business.application.Application;
-import org.bonitasoft.engine.business.application.ApplicationPage;
-import org.bonitasoft.engine.business.application.ApplicationPageSearchDescriptor;
-import org.bonitasoft.engine.page.ContentType;
-import org.bonitasoft.engine.page.impl.PageImpl;
-import org.bonitasoft.engine.search.SearchOptions;
-import org.bonitasoft.engine.search.SearchResult;
-import org.bonitasoft.engine.search.impl.SearchFilter;
-import org.bonitasoft.engine.search.impl.SearchResultImpl;
 import org.bonitasoft.livingapps.ApplicationModel;
 import org.bonitasoft.livingapps.ApplicationModelFactory;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.mockito.ArgumentCaptor;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
@@ -49,67 +36,34 @@ public class CustomPageAuthorizationsHelperTest {
     @Mock
     ApplicationAPI applicationAPI;
 
-    @Mock
-    PageAPI pageAPI;
-
     @Mock
     ApplicationModelFactory applicationFactory;
 
     @InjectMocks
-    CustomPageAuthorizationsHelper customPageAuthorizationsHelper;
+    ApplicationAuthorizationsHelper applicationAuthorizationsHelper;
 
     @Mock
     ApplicationModel applicationModel;
 
     @Mock
     Application application;
 
-    @Mock
-    SearchResult applicationResult;
-
     @Test
     public void should_authorize_page_when_appToken_not_null_and_page_authorized_in_application() throws Exception {
-        given(pageAPI.getPageByName("pageToken"))
-                .willReturn(new PageImpl(2L, "", "", false, "", 0, 0,
-                        0, 0, "", ContentType.PAGE, null));
-        given(applicationAPI.searchApplicationPages(any()))
-                .willReturn(new SearchResultImpl<>(1, Collections.<ApplicationPage> emptyList()));
-        given(applicationAPI.searchIApplications(any()))
-                .willReturn(applicationResult);
-
-        given(applicationResult.getResult()).willReturn(Arrays.asList(application));
-        given(application.getId()).willReturn(1L);
-
         given(applicationFactory.createApplicationModel(any())).willReturn(applicationModel);
         when(applicationModel.authorize(any())).thenReturn(true);
-        final boolean isPageAuthorized = customPageAuthorizationsHelper.isPageAuthorized("appToken", "pageToken");
-
-        final ArgumentCaptor<SearchOptions> captor = ArgumentCaptor.forClass(SearchOptions.class);
-        verify(applicationAPI).searchApplicationPages(captor.capture());
-
-        SearchFilter filter = captor.getValue().getFilters().get(0);
-        assertThat(filter.getField()).isEqualTo(ApplicationPageSearchDescriptor.APPLICATION_ID);
-        assertThat(filter.getValue()).isEqualTo(1L);
-
-        filter = captor.getValue().getFilters().get(1);
-        assertThat(filter.getField()).isEqualTo(ApplicationPageSearchDescriptor.PAGE_ID);
-        assertThat(filter.getValue()).isEqualTo(2L);
+        final boolean isPageAuthorized = applicationAuthorizationsHelper.isAuthorized("appToken");
 
         assertThat(isPageAuthorized).isTrue();
-
         verify(applicationModel).authorize(any());
     }
 
     @Test
     public void should_unAuthorize_page_when_appToken_not_null_and_page_not_authorized_in_application()
             throws Exception {
-
-        given(applicationAPI.searchIApplications(any()))
-                .willReturn(applicationResult);
-        given(applicationResult.getResult()).willReturn(Arrays.asList(application));
         given(applicationFactory.createApplicationModel(any(String.class))).willReturn(applicationModel);
         when(applicationModel.authorize(any())).thenReturn(false);
-        final boolean isPageAuthorized = customPageAuthorizationsHelper.isPageAuthorized("appToken", "pageToken");
+        final boolean isPageAuthorized = applicationAuthorizationsHelper.isAuthorized("appToken");
 
         assertThat(isPageAuthorized).isFalse();
         verify(applicationModel).authorize(any());
@@ -118,16 +72,14 @@ public void should_unAuthorize_page_when_appToken_not_null_and_page_not_authoriz
 
     @Test
     public void should_not_authorize_page_when_appToken_not_null_and_page_unauthorized_in_application() {
-
-        final boolean isPageAuthorized = customPageAuthorizationsHelper.isPageAuthorized("appToken", "pageToken");
+        final boolean isPageAuthorized = applicationAuthorizationsHelper.isAuthorized("appToken");
 
         assertThat(isPageAuthorized).isFalse();
     }
 
     @Test
     public void should_not_authorize_page_when_appToken_is_null() {
-
-        final boolean isPageAuthorized = customPageAuthorizationsHelper.isPageAuthorized("", "pageToken");
+        final boolean isPageAuthorized = applicationAuthorizationsHelper.isAuthorized("");
 
         assertThat(isPageAuthorized).isFalse();
     }