From 68e2eb6ce7a03939e3dfd2490877bec8999088e1 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 28 Feb 2024 14:17:47 -0600 Subject: [PATCH 1/6] chore(core) #27744 Sixes js sonarq (#27751) * #27744 fix for js endpoint * #27744 adding sonarq fixes * #27744 adding more sonarq feedback --- .../com/dotcms/rendering/js/JsContext.java | 2 +- .../com/dotcms/rendering/js/JsEngine.java | 13 +++++----- .../com/dotcms/rendering/js/JsException.java | 25 +++++++++++++++++++ .../com/dotcms/rendering/js/JsResource.java | 9 ++++--- .../js/JsResponseStrategyFactory.java | 2 +- .../rendering/js/JsScriptActionlet.java | 2 ++ .../rendering/js/proxy/JsFetchResponse.java | 2 +- .../com/dotcms/rendering/js/proxy/JsRole.java | 4 +-- 8 files changed, 44 insertions(+), 15 deletions(-) create mode 100644 dotCMS/src/main/java/com/dotcms/rendering/js/JsException.java diff --git a/dotCMS/src/main/java/com/dotcms/rendering/js/JsContext.java b/dotCMS/src/main/java/com/dotcms/rendering/js/JsContext.java index 778a52722020..3290926e062e 100644 --- a/dotCMS/src/main/java/com/dotcms/rendering/js/JsContext.java +++ b/dotCMS/src/main/java/com/dotcms/rendering/js/JsContext.java @@ -15,7 +15,7 @@ * Encapsulates the context of the Javascript execution. * @author jsanca */ -public class JsContext extends HashMap implements Serializable { +public class JsContext extends HashMap implements Serializable { private final JsRequest request; private final JsResponse response; diff --git a/dotCMS/src/main/java/com/dotcms/rendering/js/JsEngine.java b/dotCMS/src/main/java/com/dotcms/rendering/js/JsEngine.java index a2cfe820c162..af9bd7e48566 100644 --- a/dotCMS/src/main/java/com/dotcms/rendering/js/JsEngine.java +++ b/dotCMS/src/main/java/com/dotcms/rendering/js/JsEngine.java @@ -70,7 +70,7 @@ public class JsEngine implements ScriptEngine { public static final String WEB_INF = "WEB-INF"; private final JsFileSystem jsFileSystem = new JsFileSystem(); private final JsDotLogger jsDotLogger = new JsDotLogger(); - private final Map jsRequestViewToolMap = new ConcurrentHashMap<>(); + private final Map> jsRequestViewToolMap = new ConcurrentHashMap<>(); private final Map jsAplicationViewToolMap = new ConcurrentHashMap<>(); private final Lazy allowAllHostAccess = Lazy.of(()-> Config.getBooleanProperty("ALLOW_ALL_HOST_ACCESS", false)); @@ -124,7 +124,7 @@ private void initApplicationView(final JsViewTool jsViewToolInstance) { * Remove a JsViewTool from the engine * @param jsViewTool */ - public void removeJsViewTool(final Class jsViewTool) { + public void removeJsViewTool(final Class jsViewTool) { this.jsRequestViewToolMap.remove(jsViewTool.getName()); } @@ -140,7 +140,8 @@ private Context buildContext () { .err(new ConsumerOutputStream(msg->Logger.debug(JsEngine.class, msg))) .fileSystem(jsFileSystem); - if (allowAllHostAccess.get()) { + final boolean allowAllHostAccess = this.allowAllHostAccess.get(); + if (allowAllHostAccess) { builder.allowHostAccess(HostAccess.ALL); } //allows access to all Java classes @@ -162,7 +163,7 @@ public Object eval(final HttpServletRequest request, final List dotSources = getDotSources(); final Value bindings = context.getBindings(ENGINE_JS); contextParams.entrySet().forEach(entry -> bindings.putMember(entry.getKey(), entry.getValue())); - this.addTools(request, response, bindings, contextParams); + this.addTools(request, response, bindings); final JsRequest jsRequest = new JsRequest(request, contextParams); final JsResponse jsResponse = new JsResponse(response); @@ -207,6 +208,7 @@ private Object asValue (final Value eval, final DotJSON dotJSON) { } final Value finalValue = eval; + // note: we can not parametrized this Map, b/c literally we do not know what it is, could be anything coming from the JS final Map resultMap = Try.of(()-> finalValue.as(Map.class)).getOrNull(); if (Objects.nonNull(resultMap)) { return CollectionsUtils.toSerializableMap(resultMap); // we need to do that b.c the context will be close after the return and the resultMap won;t be usable. @@ -419,8 +421,7 @@ private Object[] buildArgs(final JsRequest request, private void addTools(final HttpServletRequest request, final HttpServletResponse response, - final Value bindings, - final Map contextParams) { + final Value bindings) { this.jsRequestViewToolMap.entrySet().forEach(entry -> { diff --git a/dotCMS/src/main/java/com/dotcms/rendering/js/JsException.java b/dotCMS/src/main/java/com/dotcms/rendering/js/JsException.java new file mode 100644 index 000000000000..e5cac5be5efd --- /dev/null +++ b/dotCMS/src/main/java/com/dotcms/rendering/js/JsException.java @@ -0,0 +1,25 @@ +package com.dotcms.rendering.js; + +/** + * Just a generic exception for the JS rendering + */ +public class JsException extends Exception { + public JsException() { + } + + public JsException(String message) { + super(message); + } + + public JsException(String message, Throwable cause) { + super(message, cause); + } + + public JsException(Throwable cause) { + super(cause); + } + + public JsException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } +} diff --git a/dotCMS/src/main/java/com/dotcms/rendering/js/JsResource.java b/dotCMS/src/main/java/com/dotcms/rendering/js/JsResource.java index 4dd594382859..f52a95d6082a 100644 --- a/dotCMS/src/main/java/com/dotcms/rendering/js/JsResource.java +++ b/dotCMS/src/main/java/com/dotcms/rendering/js/JsResource.java @@ -42,6 +42,7 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; import java.io.File; @@ -528,10 +529,10 @@ private Response processRequest(final RequestParams requestParams, .build(); final JavascriptReader javascriptReader = JavascriptReaderFactory.getJavascriptReader(UtilMethods.isSet(folderName)); - final Map queryParams = uriInfo.getQueryParameters(); + final MultivaluedMap queryParams = uriInfo.getQueryParameters(); final Map contextParams = CollectionsUtils.map( "pathParam", pathParam, - "queryParams", ProxyHashMap.from(queryParams), + "queryParams", ProxyHashMap.from((Map)queryParams), "bodyMap", ProxyHashMap.from(toObjectObjectMap(bodyMap)), "binaries", ProxyArray.fromList(Arrays.asList(binaries))); @@ -563,7 +564,7 @@ private Map toObjectObjectMap (final Map map) { private Response evalJavascript(final HttpServletRequest request, final HttpServletResponse response, final Reader javascriptReader, final Map contextParams, final User user, final DotJSONCache cache) - throws Exception { + throws JsException { final ScriptEngine scriptEngine = ScriptEngineFactory.getInstance().getEngine(ScriptEngineFactory.JAVASCRIPT_ENGINE); @@ -585,7 +586,7 @@ private Response evalJavascript(final HttpServletRequest request, final HttpServ if (e.getCause() instanceof DotToolException) { Logger.error(this,"Error evaluating javascript: " + (e.getCause()).getCause().getMessage()); - throw (Exception) (e.getCause()).getCause(); + throw new JsException(e.getCause().getCause()); } } diff --git a/dotCMS/src/main/java/com/dotcms/rendering/js/JsResponseStrategyFactory.java b/dotCMS/src/main/java/com/dotcms/rendering/js/JsResponseStrategyFactory.java index e5886ebb56a1..a7530886fec1 100644 --- a/dotCMS/src/main/java/com/dotcms/rendering/js/JsResponseStrategyFactory.java +++ b/dotCMS/src/main/java/com/dotcms/rendering/js/JsResponseStrategyFactory.java @@ -104,7 +104,7 @@ private String resultToString(final Object result) { if (result instanceof Map) { - final Map map = Map.class.cast(result); + final Map map = Map.class.cast(result); // note: we do not know what could it be, so we have to handle as a generic Map. if (map.containsKey("output")) { return map.get("output").toString(); } diff --git a/dotCMS/src/main/java/com/dotcms/rendering/js/JsScriptActionlet.java b/dotCMS/src/main/java/com/dotcms/rendering/js/JsScriptActionlet.java index 47c54741099a..c9849bfcbc97 100644 --- a/dotCMS/src/main/java/com/dotcms/rendering/js/JsScriptActionlet.java +++ b/dotCMS/src/main/java/com/dotcms/rendering/js/JsScriptActionlet.java @@ -31,6 +31,8 @@ public class JsScriptActionlet extends WorkFlowActionlet { private static final List PARAMETER_LIST = createParamList(); private boolean stop = false; + + private static List createParamList () { final ImmutableList.Builder paramList = new ImmutableList.Builder<>(); diff --git a/dotCMS/src/main/java/com/dotcms/rendering/js/proxy/JsFetchResponse.java b/dotCMS/src/main/java/com/dotcms/rendering/js/proxy/JsFetchResponse.java index 85fdb346df2c..8fc1367d9f1f 100644 --- a/dotCMS/src/main/java/com/dotcms/rendering/js/proxy/JsFetchResponse.java +++ b/dotCMS/src/main/java/com/dotcms/rendering/js/proxy/JsFetchResponse.java @@ -55,7 +55,7 @@ public JsHeaders getHeaders() { @HostAccess.Export public ProxyHashMap getJson() { - final Map json = new JSONObject(this.getBody()); + final JSONObject json = new JSONObject(this.getBody()); return ProxyHashMap.from(json); } diff --git a/dotCMS/src/main/java/com/dotcms/rendering/js/proxy/JsRole.java b/dotCMS/src/main/java/com/dotcms/rendering/js/proxy/JsRole.java index d52893d06e3a..bd7157f52d3c 100644 --- a/dotCMS/src/main/java/com/dotcms/rendering/js/proxy/JsRole.java +++ b/dotCMS/src/main/java/com/dotcms/rendering/js/proxy/JsRole.java @@ -138,7 +138,7 @@ public int hashCode() { @HostAccess.Export public ProxyHashMap toMap() { - final Map roleMap = new HashMap<>(); + final Map roleMap = new HashMap<>(); roleMap.put("DBFQN", this.getDBFQN()); roleMap.put("description", this.getDescription()); roleMap.put("editLayouts", this.isEditLayouts()); @@ -151,7 +151,7 @@ public ProxyHashMap toMap() { roleMap.put("parent", this.getParent()); roleMap.put("roleKey", this.getRoleKey()); roleMap.put("system", this.isSystem()); - return ProxyHashMap.from(roleMap); + return ProxyHashMap.from((Map)roleMap); } @HostAccess.Export From 98f32e6d9f1ec989ca016a28ec1721aa15432e16 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 28 Feb 2024 14:23:45 -0600 Subject: [PATCH 2/6] #27020 now the system table has an eager strategy to load all table to the system cache when dotcms starts (#27711) --- .../main/java/com/dotcms/business/SystemTableInitializer.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dotCMS/src/main/java/com/dotcms/business/SystemTableInitializer.java b/dotCMS/src/main/java/com/dotcms/business/SystemTableInitializer.java index 3b021dd7b1cd..fe332adae7f5 100644 --- a/dotCMS/src/main/java/com/dotcms/business/SystemTableInitializer.java +++ b/dotCMS/src/main/java/com/dotcms/business/SystemTableInitializer.java @@ -1,6 +1,7 @@ package com.dotcms.business; import com.dotcms.config.DotInitializer; +import com.dotmarketing.business.APILocator; import com.dotmarketing.util.Config; /** @@ -13,6 +14,8 @@ public class SystemTableInitializer implements DotInitializer { @Override public void init() { Config.initSystemTableConfigSource(); + // Load the all system table into the system cache + APILocator.getSystemAPI().getSystemTable().all(); } } From 56ac37c5248c1195652d196395e8cc46711fac1d Mon Sep 17 00:00:00 2001 From: Nollymar Longa Date: Wed, 28 Feb 2024 16:18:50 -0500 Subject: [PATCH 3/6] Turning off feature flags in the right file (#27762) --- dotCMS/src/main/resources/dotmarketing-config.properties | 6 ++++++ .../src/test/resources/dotmarketing-config.properties | 6 +----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/dotCMS/src/main/resources/dotmarketing-config.properties b/dotCMS/src/main/resources/dotmarketing-config.properties index d23d950ff6d2..c8eb48512751 100644 --- a/dotCMS/src/main/resources/dotmarketing-config.properties +++ b/dotCMS/src/main/resources/dotmarketing-config.properties @@ -854,4 +854,10 @@ FEATURE_FLAG_NEW_BINARY_FIELD=true ## Telemetry FEATURE_FLAG_TELEMETRY=false +## New Edit Page +FEATURE_FLAG_NEW_EDIT_PAGE=false + +## Content Editor V2 +CONTENT_EDITOR2_ENABLED=false + STARTER_BUILD_VERSION=${starter.deploy.version} diff --git a/dotcms-integration/src/test/resources/dotmarketing-config.properties b/dotcms-integration/src/test/resources/dotmarketing-config.properties index fe4035711f7a..6bb10efebc00 100644 --- a/dotcms-integration/src/test/resources/dotmarketing-config.properties +++ b/dotcms-integration/src/test/resources/dotmarketing-config.properties @@ -878,8 +878,4 @@ analytics.app.config.url=http://localhost:8088/c/customer1/cluster1/keys DELETE_CONTENT_TYPE_ASYNC=true DELETE_CONTENT_TYPE_ASYNC_WITH_JOB=false -secrets.scripting.enabled=true - -#Feature Flags for the new Edit Page and Content Editor -FEATURE_FLAG_NEW_EDIT_PAGE=false -CONTENT_EDITOR2_ENABLED=false +secrets.scripting.enabled=true \ No newline at end of file From 3b3299c5665fcc0088aeefaf07d21b698c84e974 Mon Sep 17 00:00:00 2001 From: Rashik Adhikari <128124382+rashik1144@users.noreply.github.com> Date: Thu, 29 Feb 2024 03:41:20 +0545 Subject: [PATCH 4/6] Update FolderResource.postman_collection.json (#27624) Added test to check for the ModUser and Permission --- .../FolderResource.postman_collection.json | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/dotCMS/src/curl-test/FolderResource.postman_collection.json b/dotCMS/src/curl-test/FolderResource.postman_collection.json index 494759a61a84..ec00d76bcd10 100644 --- a/dotCMS/src/curl-test/FolderResource.postman_collection.json +++ b/dotCMS/src/curl-test/FolderResource.postman_collection.json @@ -27,6 +27,22 @@ "});", "", "pm.collectionVariables.set(\"siteId\", jsonData.entity.identifier);", + "", + "pm.test(\"ModUser should contain a valid user identifier\", function () {", + " const responseData = pm.response.json();", + " ", + " pm.expect(responseData).to.be.an('object');", + " pm.expect(responseData.entity.modUser).to.be.a('string').and.not.eql(\"\");", + "});", + "", + "", + "", + "pm.test(\"Permissions array should be empty for public endpoints\", function () {", + " const responseData = pm.response.json();", + " ", + " pm.expect(responseData.permissions).to.be.an('array').that.is.empty;", + "});", + "", "" ], "type": "text/javascript" @@ -1259,4 +1275,4 @@ "value": "25e35d3f515876f8c76524065ca00a9f" } ] -} \ No newline at end of file +} From 2ac8e300342580d3ade6144dff5d2d075e69c549 Mon Sep 17 00:00:00 2001 From: Rashik Adhikari <128124382+rashik1144@users.noreply.github.com> Date: Thu, 29 Feb 2024 04:19:32 +0545 Subject: [PATCH 5/6] Update Integrity_Checker_JWT_Token_Test.postman_collection.json (#27644) * Update Integrity_Checker_JWT_Token_Test.postman_collection.json Added the following tests: * Update Integrity_Checker_JWT_Token_Test.postman_collection.json --------- Co-authored-by: Mehdi <10160868+mbiuki@users.noreply.github.com> --- ...ker_JWT_Token_Test.postman_collection.json | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/dotCMS/src/curl-test/Integrity_Checker_JWT_Token_Test.postman_collection.json b/dotCMS/src/curl-test/Integrity_Checker_JWT_Token_Test.postman_collection.json index 204ac4f926d1..67b2a7db2e01 100644 --- a/dotCMS/src/curl-test/Integrity_Checker_JWT_Token_Test.postman_collection.json +++ b/dotCMS/src/curl-test/Integrity_Checker_JWT_Token_Test.postman_collection.json @@ -26,7 +26,23 @@ " pm.expect(jsonData.entity).to.not.eq(undefined);", " pm.expect(jsonData.entity.jwt).to.not.eq(undefined);", " pm.collectionVariables.set(\"token\", jsonData.entity.jwt);", - "});" + "});", + "", + "pm.test('Response has a valid JWT', function () {", + " pm.expect(pm.response.json().entity.jwt).to.match(/^[A-Za-z0-9-_]+\\.[A-Za-z0-9-_]+\\.[A-Za-z0-9-_.+/=]*$/);", + "})", + "", + "pm.test(\"Token ID should be unique\", function () {", + " var jsonData = pm.response.json();", + " const tokenID = jsonData.entity.token.id;", + " pm.collectionVariables.get(\"tokenIDs\") || pm.collectionVariables.set(\"tokenIDs\", []);", + " const tokenIDs = pm.collectionVariables.get(\"tokenIDs\");", + " pm.expect(tokenIDs).to.not.include(tokenID);", + " tokenIDs.push(tokenID);", + " pm.collectionVariables.set(\"tokenIDs\", tokenIDs);", + "});", + "" + ], "type": "text/javascript" } @@ -1055,4 +1071,4 @@ "value": "48db03da-d303-47cc-af29-9be490e99648" } ] -} \ No newline at end of file +} From ad285d0ca1c7ea1d614ab6c150c8c68cea907e9b Mon Sep 17 00:00:00 2001 From: Fabrizzio Araya <37148755+fabrizzio-dotCMS@users.noreply.github.com> Date: Thu, 29 Feb 2024 07:58:20 -0600 Subject: [PATCH 6/6] bug(CLI) Disable Quarkus Http Server Refs: 27738 (#27765) * #27738 disable Quarkus http server * #27738 clean up props * #27738 clean up dupes --- .../src/main/resources/application.properties | 11 ++++------- .../cli/src/main/resources/application.properties | 2 -- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/tools/dotcms-cli/api-data-model/src/main/resources/application.properties b/tools/dotcms-cli/api-data-model/src/main/resources/application.properties index 248533ecba77..9d78102d96b4 100644 --- a/tools/dotcms-cli/api-data-model/src/main/resources/application.properties +++ b/tools/dotcms-cli/api-data-model/src/main/resources/application.properties @@ -23,16 +23,13 @@ quarkus.log.handler.console."DOTCMS_CONSOLE".enable=true quarkus.log.handler.console."DOTCMS_CONSOLE".level=FATAL %test.quarkus.log.handler.console."DOTCMS_CONSOLE".level=DEBUG quarkus.log.category."com.dotcms".handlers=DOTCMS_CONSOLE - +# disable the banner quarkus.banner.enabled=false -quarkus.http.port=9000 - +#deactivate the http server that is started by default in quarkus +quarkus.http.host-enabled=false +# quarkus.http.port=9000 # Your configuration properties -dotcms.client.servers.default=http://localhost:8080/api -dotcms.client.servers.demo=https://demo.dotcms.com/api - %test.com.dotcms.service.config=test-service.yml - com.dotcms.starter.site=default # change me accordingly to your starter site %test.com.dotcms.starter.site=default diff --git a/tools/dotcms-cli/cli/src/main/resources/application.properties b/tools/dotcms-cli/cli/src/main/resources/application.properties index fb360fa54c1c..beb69802a85d 100644 --- a/tools/dotcms-cli/cli/src/main/resources/application.properties +++ b/tools/dotcms-cli/cli/src/main/resources/application.properties @@ -1,5 +1,3 @@ -quarkus.banner.enabled=false -quarkus.http.port=9000 # Your configuration properties quarkus.picocli.top-command=com.dotcms.cli.command.EntryCommand