diff --git a/build.gradle b/build.gradle index 8295239fd8..1c9c0ccd89 100644 --- a/build.gradle +++ b/build.gradle @@ -31,7 +31,7 @@ plugins { id 'com.github.ben-manes.versions' version '0.20.0' id 'com.github.hierynomus.license' version '0.14.0' id 'net.researchgate.release' version '2.7.0' - id 'org.springframework.boot' version '2.0.6.RELEASE' + id 'org.springframework.boot' version '2.1.0.RELEASE' } apply plugin: 'java' @@ -138,24 +138,24 @@ dependencies { } compile 'com.moodysalem:LatLongToTimezoneMaven:1.2' /**/ - compile "com.openhtmltopdf:openhtmltopdf-core:0.0.1-RC16" - compile "com.openhtmltopdf:openhtmltopdf-pdfbox:0.0.1-RC16" - compile "com.openhtmltopdf:openhtmltopdf-jsoup-dom-converter:0.0.1-RC16" + compile "com.openhtmltopdf:openhtmltopdf-core:0.0.1-RC17" + compile "com.openhtmltopdf:openhtmltopdf-pdfbox:0.0.1-RC17" + compile "com.openhtmltopdf:openhtmltopdf-jsoup-dom-converter:0.0.1-RC17" /**/ compile "com.google.zxing:core:3.3.3" compile "com.google.zxing:javase:3.3.3" compile "org.flywaydb:flyway-core:5.1.3" - compile "org.postgresql:postgresql:42.2.2" + compile "org.postgresql:postgresql:42.2.5" compile "com.zaxxer:HikariCP:2.7.7" compile "org.apache.logging.log4j:log4j-api:$log4jVersion" compile "com.stripe:stripe-java:5.42.0" compile 'com.paypal.sdk:rest-api-sdk:1.14.0' - compile 'com.squareup.okhttp3:okhttp:3.10.0' + compile 'com.squareup.okhttp3:okhttp:3.11.0' compile "org.apache.commons:commons-lang3:3.7" compile "org.apache.commons:commons-text:1.2" compile "com.opencsv:opencsv:4.2" compile 'commons-codec:commons-codec:1.11' - compile 'net.sf.biweekly:biweekly:0.6.1' + compile 'net.sf.biweekly:biweekly:0.6.2' compile 'com.atlassian.commonmark:commonmark:0.11.0' compile 'com.ryantenney.passkit4j:passkit4j:2.0.1' compile 'com.github.ben-manes.caffeine:caffeine:2.6.2' diff --git a/gradle.properties b/gradle.properties index 824ac51756..86fc46b7fd 100644 --- a/gradle.properties +++ b/gradle.properties @@ -5,8 +5,8 @@ version=2.0-M1-SNAPSHOT sourceCompatibility=1.8 targetCompatibility=1.8 -springVersion=5.0.10.RELEASE -springSecurityConfigVersion=5.0.9.RELEASE +springVersion=5.1.2.RELEASE +springSecurityConfigVersion=5.1.1.RELEASE log4jVersion=2.11.1 -jacksonVersion=2.9.6 +jacksonVersion=2.9.7 junitVersion=5.1.0 diff --git a/src/main/java/alfio/config/Initializer.java b/src/main/java/alfio/config/Initializer.java index 3765e6fdac..0b993d02bb 100644 --- a/src/main/java/alfio/config/Initializer.java +++ b/src/main/java/alfio/config/Initializer.java @@ -22,6 +22,7 @@ import org.apache.commons.lang3.Validate; import org.springframework.core.env.ConfigurableEnvironment; import org.springframework.core.env.Environment; +import org.springframework.core.env.Profiles; import org.springframework.web.context.ConfigurableWebApplicationContext; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.filter.CharacterEncodingFilter; @@ -86,7 +87,7 @@ private void configureSessionCookie(ServletContext servletContext) { Validate.notNull(environment, "environment cannot be null!"); // set secure cookie only if current environment doesn't strictly need HTTP - config.setSecure(environment.acceptsProfiles(Initializer.PROFILE_LIVE)); + config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE))); // FIXME and CHECKME what a mess, ouch: https://issues.jboss.org/browse/WFLY-3448 ? config.setPath(servletContext.getContextPath() + "/"); diff --git a/src/main/java/alfio/config/MvcConfiguration.java b/src/main/java/alfio/config/MvcConfiguration.java index b01e41158d..45bc3f1525 100644 --- a/src/main/java/alfio/config/MvcConfiguration.java +++ b/src/main/java/alfio/config/MvcConfiguration.java @@ -37,6 +37,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.support.DefaultMessageSourceResolvable; import org.springframework.core.env.Environment; +import org.springframework.core.env.Profiles; import org.springframework.http.MediaType; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.StringHttpMessageConverter; @@ -96,7 +97,7 @@ public MvcConfiguration(MessageSource messageSource, @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { ResourceHandlerRegistration reg = registry.addResourceHandler("/resources/**").addResourceLocations("/resources/"); - int cacheMinutes = environment.acceptsProfiles(Initializer.PROFILE_LIVE) ? 15 : 0; + int cacheMinutes = environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)) ? 15 : 0; reg.setCachePeriod(cacheMinutes * 60); } @@ -179,11 +180,11 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response, mv.addObject("request", request); final ModelMap modelMap = mv.getModelMap(); - boolean demoModeEnabled = environment.acceptsProfiles(Initializer.PROFILE_DEMO); + boolean demoModeEnabled = environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO)); modelMap.put("demoModeEnabled", demoModeEnabled); - modelMap.put("devModeEnabled", environment.acceptsProfiles(Initializer.PROFILE_DEV)); - modelMap.put("prodModeEnabled", environment.acceptsProfiles(Initializer.PROFILE_LIVE)); + modelMap.put("devModeEnabled", environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEV))); + modelMap.put("prodModeEnabled", environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE))); Optional.ofNullable(request.getAttribute("ALFIO_EVENT_NAME")).map(Object::toString).ifPresent(eventName -> { @@ -236,7 +237,7 @@ public void postHandle(HttpServletRequest request, HttpServletResponse response, + " font-src 'self';"// + " media-src blob: 'self';"//for loading camera api + " connect-src 'self' https://checkout.stripe.com https://maps.googleapis.com/ https://geocoder.cit.api.here.com;" //<- currently stripe.js use jsonp but if they switch to xmlhttprequest+cors we will be ready - + (environment.acceptsProfiles(Initializer.PROFILE_DEBUG_CSP) ? " report-uri /report-csp-violation" : "")); + + (environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEBUG_CSP)) ? " report-uri /report-csp-violation" : "")); } }; } @@ -272,7 +273,7 @@ public ViewResolver getViewResolver(Environment env) throws Exception { viewResolver.setTemplateFactory(getTemplateFactory()); viewResolver.setOrder(1); //disable caching if we are in dev mode - viewResolver.setCache(env.acceptsProfiles(Initializer.PROFILE_LIVE)); + viewResolver.setCache(env.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE))); viewResolver.setContentType("text/html;charset=UTF-8"); return viewResolver; } diff --git a/src/main/java/alfio/config/SpringBootInitializer.java b/src/main/java/alfio/config/SpringBootInitializer.java index d69ea12c5a..37afc9e017 100644 --- a/src/main/java/alfio/config/SpringBootInitializer.java +++ b/src/main/java/alfio/config/SpringBootInitializer.java @@ -21,6 +21,7 @@ import org.apache.commons.lang3.StringUtils; import org.eclipse.jetty.server.session.DefaultSessionIdManager; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.web.servlet.HttpEncodingAutoConfiguration; import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory; import org.springframework.boot.web.server.ErrorPage; import org.springframework.boot.web.server.ErrorPageRegistrar; @@ -30,6 +31,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.Profiles; import org.springframework.http.HttpStatus; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.filter.CharacterEncodingFilter; @@ -45,6 +47,7 @@ org.springframework.boot.autoconfigure.flyway.FlywayAutoConfiguration.class, org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration.class, org.springframework.boot.autoconfigure.web.servlet.error.ErrorMvcAutoConfiguration.class, + org.springframework.boot.autoconfigure.web.servlet.HttpEncodingAutoConfiguration.class, org.springframework.boot.autoconfigure.session.SessionAutoConfiguration.class, org.springframework.boot.autoconfigure.quartz.QuartzAutoConfiguration.class}) @Configuration @@ -60,7 +63,7 @@ public ServletContextInitializer servletContextInitializer() { ConfigurableEnvironment environment = ctx.getBean(ConfigurableEnvironment.class); SessionCookieConfig config = servletContext.getSessionCookieConfig(); config.setHttpOnly(true); - config.setSecure(environment.acceptsProfiles(Initializer.PROFILE_LIVE)); + config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE))); // force log initialization, then disable it XRLog.setLevel(XRLog.EXCEPTION, Level.WARNING); XRLog.setLoggingEnabled(false); diff --git a/src/main/java/alfio/config/WebSecurityConfig.java b/src/main/java/alfio/config/WebSecurityConfig.java index f2eb9a6bcd..793a521df5 100644 --- a/src/main/java/alfio/config/WebSecurityConfig.java +++ b/src/main/java/alfio/config/WebSecurityConfig.java @@ -29,6 +29,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.core.env.Environment; +import org.springframework.core.env.Profiles; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AccountStatusException; @@ -279,7 +280,7 @@ public CsrfTokenRepository getCsrfTokenRepository() { @Override protected void configure(HttpSecurity http) throws Exception { - if(environment.acceptsProfiles("!"+Initializer.PROFILE_DEV)) { + if(environment.acceptsProfiles(Profiles.of("!"+Initializer.PROFILE_DEV))) { http.requiresChannel().antMatchers("/healthz").requiresInsecure() .and() .requiresChannel().mvcMatchers("/**").requiresSecure(); @@ -306,7 +307,7 @@ protected void configure(HttpSecurity http) throws Exception { Pattern pattern = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$"); Predicate csrfWhitelistPredicate = r -> r.getRequestURI().startsWith("/api/webhook/") || pattern.matcher(r.getMethod()).matches(); - if(environment.acceptsProfiles(Initializer.PROFILE_DEBUG_CSP)) { + if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEBUG_CSP))) { csrfWhitelistPredicate = csrfWhitelistPredicate.or(r -> r.getRequestURI().equals("/report-csp-violation")); } configurer.requireCsrfProtectionMatcher(new NegatedRequestMatcher(csrfWhitelistPredicate::test)); @@ -356,7 +357,7 @@ protected void configure(HttpSecurity http) throws Exception { http.addFilterBefore(new RecaptchaLoginFilter(recaptchaService, "/authenticate", "/authentication?recaptchaFailed", configurationManager), UsernamePasswordAuthenticationFilter.class); - if(environment.acceptsProfiles(Initializer.PROFILE_DEMO)) { + if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))) { http.addFilterAfter(new UserCreatorBeforeLoginFilter(userManager, "/authenticate"), RecaptchaLoginFilter.class); } } diff --git a/src/main/java/alfio/controller/api/admin/UtilsApiController.java b/src/main/java/alfio/controller/api/admin/UtilsApiController.java index 75525ab985..0e7b47518e 100644 --- a/src/main/java/alfio/controller/api/admin/UtilsApiController.java +++ b/src/main/java/alfio/controller/api/admin/UtilsApiController.java @@ -27,6 +27,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.env.Environment; +import org.springframework.core.env.Profiles; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.MissingServletRequestParameterException; @@ -90,7 +91,7 @@ public Map getApplicationInfo(Principal principal) { Map applicationInfo = new HashMap<>(); applicationInfo.put("version", version); applicationInfo.put("username", principal.getName()); - applicationInfo.put("isDemoMode", environment.acceptsProfiles(Initializer.PROFILE_DEMO)); + applicationInfo.put("isDemoMode", environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))); return applicationInfo; } diff --git a/src/main/java/alfio/manager/EventManager.java b/src/main/java/alfio/manager/EventManager.java index 56eaf93cc4..ce45846591 100644 --- a/src/main/java/alfio/manager/EventManager.java +++ b/src/main/java/alfio/manager/EventManager.java @@ -51,6 +51,7 @@ import org.apache.commons.lang3.tuple.Triple; import org.flywaydb.core.Flyway; import org.springframework.core.env.Environment; +import org.springframework.core.env.Profiles; import org.springframework.jdbc.core.namedparam.MapSqlParameterSource; import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate; import org.springframework.stereotype.Component; @@ -177,7 +178,7 @@ public void toggleActiveFlag(int id, String username, boolean activate) { Event event = eventRepository.findById(id); checkOwnership(event, username, event.getOrganizationId()); - if(environment.acceptsProfiles(Initializer.PROFILE_DEMO)) { + if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))) { throw new IllegalStateException("demo mode"); } Event.Status status = activate ? Event.Status.PUBLIC : Event.Status.DRAFT; diff --git a/src/main/java/alfio/manager/Jobs.java b/src/main/java/alfio/manager/Jobs.java index cf2e474498..ccb5f82c7b 100644 --- a/src/main/java/alfio/manager/Jobs.java +++ b/src/main/java/alfio/manager/Jobs.java @@ -32,6 +32,7 @@ import org.quartz.JobExecutionException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; +import org.springframework.core.env.Profiles; import org.springframework.stereotype.Component; import java.util.Date; @@ -95,7 +96,7 @@ void cleanupUnreferencedBlobFiles() { } void cleanupForDemoMode() { - if(environment.acceptsProfiles(Initializer.PROFILE_DEMO)) { + if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))) { int expirationDate = configurationManager.getIntConfigValue(Configuration.getSystemConfiguration(ConfigurationKeys.DEMO_MODE_ACCOUNT_EXPIRATION_DAYS), 20); List userIds = userManager.disableAccountsOlderThan(DateUtils.addDays(new Date(), -expirationDate), User.Type.DEMO); if(!userIds.isEmpty()) { diff --git a/src/main/java/alfio/manager/StripeCreditCardManager.java b/src/main/java/alfio/manager/StripeCreditCardManager.java index 7e85ffae40..1b69c26ad0 100644 --- a/src/main/java/alfio/manager/StripeCreditCardManager.java +++ b/src/main/java/alfio/manager/StripeCreditCardManager.java @@ -53,6 +53,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.tuple.Pair; import org.springframework.core.env.Environment; +import org.springframework.core.env.Profiles; import org.springframework.stereotype.Component; import java.time.ZonedDateTime; @@ -147,7 +148,7 @@ public Optional processWebhookEvent(String body, String signature) { com.stripe.model.Event event = Webhook.constructEvent(body, signature, getWebhookSignatureKey()); if("account.application.deauthorized".equals(event.getType()) && event.getLivemode() != null - && event.getLivemode() == environment.acceptsProfiles("dev", "test", "demo")) { + && event.getLivemode() == environment.acceptsProfiles(Profiles.of("dev", "test", "demo"))) { return Optional.of(revokeToken(event.getAccount())); } return Optional.of(true); diff --git a/src/main/java/alfio/manager/system/Mailer.java b/src/main/java/alfio/manager/system/Mailer.java index 8be1ae706f..f4903e3135 100644 --- a/src/main/java/alfio/manager/system/Mailer.java +++ b/src/main/java/alfio/manager/system/Mailer.java @@ -20,6 +20,7 @@ import alfio.model.Event; import lombok.Data; import org.springframework.core.env.Environment; +import org.springframework.core.env.Profiles; import java.util.*; @@ -40,7 +41,7 @@ class Attachment { } default String decorateSubjectIfDemo(String subject, Environment environment) { - if(environment.acceptsProfiles(Initializer.PROFILE_DEMO)) { + if(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_DEMO))) { return "THIS IS A TEST: " + subject; } else { return subject;