Merge branch '528-extension-create-workflow-endpoint' of https://gith…

…ub.com/Xyna-Factory/xyna-factory into 528-extension-create-workflow-endpoint

.github/workflows/build-on-pull-request.yml

@@ -0,0 +1,40 @@
+name: Build Changed Modules
+on:
+  pull_request:
+    branches: [ "main" ]       
+
+jobs:
+  build-changed-modules:
+    runs-on: ubuntu-latest
+    steps:
+
+     - name: Set up Zulu JDK 11
+       uses: actions/setup-java@v3
+       with:
+         java-version: 11
+         distribution: 'zulu'
+
+     - name: Check out xyna-factory
+       uses: actions/checkout@v3
+
+     - uses: actions/cache@v3
+       id: maven-cache
+       with:
+         path: /home/runner/.m2
+         key: ${{ runner.os }}-maven-cache-for-pr-build-${{ hashFiles('installation/build/pom.xml') }}
+
+     - name: determine changed modules
+       env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+       run: |
+          gh pr diff ${{ github.event.pull_request.number }} --name-only | grep '^modules/' | cut -f 2-3 -d/ | sort | uniq | tee changed-modules.txt
+
+     - name: build basic factory
+       run: |
+          cd installation
+          ./build.sh build
+
+     - name: build changed modules
+       run: |
+          cd modules
+          for d in $(cat ../changed-modules.txt); do test -d "$d" && ant -Doracle.home=/tmp -f "$d/build.xml"; done

.github/workflows/nightbuild.yml

@@ -12,7 +12,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [16.x]
+        node-version: [18.x]
         java-version: [11]
 
     steps:
@@ -39,8 +39,4 @@ jobs:
      - name: build
        run: |
           cd installation
-          ./updateVersion.sh $(grep "release.number=v" ./delivery/delivery.properties | sed 's/release.number=v//g')
-          sed -i 's/# main/set -e/' ./build.sh
-          sed -i 's/nvm --version//' ./build.sh
-          sed -i 's/nvm use .*//' ./build.sh
           ./build.sh all

installation/build.sh

@@ -16,6 +16,7 @@
 # limitations under the License.
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
+set -e
 
 print_help() {
   echo "$0: build some or all parts of xyna."
@@ -29,8 +30,10 @@ check_dependencies() {
   ant -version
   git --version
   zip --version
-  nvm --version
-
+}
+
+check_dependencies_frontend() {
+  node --version
 }
 
 checkout_factory() {
@@ -283,7 +286,6 @@ build_prerequisites() {
 build_modeller() {
   echo "building Modeller GUI"
   cd $SCRIPT_DIR/build
-  nvm use 16
   ant -f build-gui.xml
 }
 
@@ -605,13 +607,7 @@ fill_lib() {
 }
 
 build_all() {
-  build_xynautils
-  build_misc
-  build_xynafactory_jar
-  build_conpooltypes
-  build_persistencelayers
-  fill_lib
-  prepare_modules
+  build
   build_oracle_aq_tools
   build_modules
   build_plugins
@@ -629,8 +625,9 @@ build() {
   build_xynafactory_jar
   build_conpooltypes
   build_persistencelayers
-  build_oracle_aq_tools
   fill_lib
+  prepare_modules
+  build_oracle_aq_tools
 }
 
 
@@ -653,6 +650,7 @@ case $1 in
     build
     ;;
   "all")
+    check_dependencies_frontend
     build_all
     ;;
   "compose")

modules/xmcp/guihttp/commonlib/HttpUtils/src/com/gip/xyna/xact/filter/actions/OptionsAction.java

@@ -61,7 +61,7 @@ public FilterActionInstance act(URLPath url, HTTPTriggerConnection tc) throws Xy
     }
 
     setAccessControlParameter(tc, dfai);
-    
+
     dfai.sendProperties(tc);
     return dfai;
   }

modules/xmcp/guihttp/filterimpl/H5XdevFilter/automatedTests/autoTester.py

@@ -333,7 +333,7 @@ def createUploadArguments(self, filepath, factoryIndex):
     factoryIndexTranslated = self.factoryIndexMap[factoryIndex]
     self.urlExtension = "/upload"
     rdyUrl = self.formatUrl(factoryIndexTranslated)
-    result = ['curl', "-F", "file=@" + filepath, rdyUrl]
+    result = ['curl', "-k", "-F", "file=@" + filepath, rdyUrl]
 
     self.addCookiesToArguments(result, factoryIndexTranslated, False)
 
@@ -348,7 +348,7 @@ def executeUpload(self, filePath, factoryIndex):
     if self.debug:
       print("upload:\n" + str(error))
 
-    return result
+    return result.decode('utf-8')
 
 
   #replaces all occurences of !<parameter>! in value

modules/xmcp/guihttp/filterimpl/H5XdevFilter/src/com/gip/xyna/xact/filter/H5XdevFilter.java

@@ -66,6 +66,7 @@
 import com.gip.xyna.xfmg.xods.configuration.XynaPropertyUtils.UserType;
 import com.gip.xyna.xfmg.xods.configuration.XynaPropertyUtils.XynaPropertyBoolean;
 import com.gip.xyna.xfmg.xods.configuration.XynaPropertyUtils.XynaPropertyBuilds;
+import com.gip.xyna.xfmg.xods.configuration.XynaPropertyUtils.XynaPropertyDuration;
 import com.gip.xyna.xfmg.xods.configuration.XynaPropertyUtils.XynaPropertyInt;
 import com.gip.xyna.xfmg.xods.configuration.XynaPropertyUtils.XynaPropertyString;
 import com.gip.xyna.xnwh.exceptions.XNWH_OBJECT_NOT_FOUND_FOR_PRIMARY_KEY;
@@ -103,20 +104,29 @@ public class H5XdevFilter extends ConnectionFilter<HTTPTriggerConnection> {
 
   public static final XynaPropertyBoolean USE_CACHE = new XynaPropertyBoolean("xmcp.guihttp.use_cache", true)
       .setDefaultDocumentation(DocumentationLanguage.EN, "Use a cache to store recently used objects. Cache size is determined by " + cache_size_property_name)
-      .setDefaultDocumentation(DocumentationLanguage.DE, "Verwende einen Cache um auf zuletzt verwendete Objekte schneller zugreifen zu können. Größe des Caches is bestimmt durch " + cache_size_property_name);
+      .setDefaultDocumentation(DocumentationLanguage.DE, "Verwende einen Cache um auf zuletzt verwendete Objekte schneller zugreifen zu können. Größe des Caches is bestimmt durch " + cache_size_property_name);
 
   public static final XynaPropertyBoolean AVARCONSTANTS = new XynaPropertyBoolean("xmcp.guihttp.new_constants", true).
       setDefaultDocumentation(DocumentationLanguage.EN, "Prevent instantiation problems by using a different approach to convert json to constants.");
 
   public static final XynaPropertyBoolean CompressResponse = new XynaPropertyBoolean("xmcp.guihttp.compress_response", true)
       .setDefaultDocumentation(DocumentationLanguage.EN, "compress response of requests using gzip, if supported by caller")
-      .setDefaultDocumentation(DocumentationLanguage.DE, "Komprimiere Antworten mit gzip, wenn es vom Aufrufer unterstützt wird");
+      .setDefaultDocumentation(DocumentationLanguage.DE, "Komprimiere Antworten mit gzip, wenn es vom Aufrufer unterstützt wird");
 
+  public static final XynaPropertyBoolean STRICT_TRANSPORT_SECURITY = new XynaPropertyBoolean("xmcp.guihttp.sts", false)
+      .setDefaultDocumentation(DocumentationLanguage.EN, "Send Session Cookie as __Secure- and add Strict-Transport-Security header")
+      .setDefaultDocumentation(DocumentationLanguage.DE, "Sende Session Cookie als __Secure- und füge Strict-Transport-Security header ein");
+
+  public static final XynaPropertyDuration STRICT_TRANSPORT_SECURITY_MAX_AGE = new XynaPropertyDuration("xmcp.guihttp.sts.maxage", "730 d" )
+      .setDefaultDocumentation(DocumentationLanguage.EN, "Max-age of Strict-Transport-Security header.")
+      .setDefaultDocumentation(DocumentationLanguage.DE, "Max-age des Strict-Transport-Security header.");
+
   public static final XynaPropertyString VALIDATION_WORKFLOW = new XynaPropertyString("xmcp.guihttp.startorder.preprocess_workflow", "")
       .setDefaultDocumentation(DocumentationLanguage.EN,
                                "If set, all startorder Requests outside of guihttp are first processed by the given workflow. Inputs are Document and OrderType, output is Document. Format: <fqn>@<rtc>. <rtc> is either workspaceName or applicationName/versionName.")
       .setDefaultDocumentation(DocumentationLanguage.DE,
-                               "Wenn gesetzt, werden alle startorder Requests außerhalb von guihttp zuerst vom angegebenen Workflow verarbeitet. Inputs sind Document und Ordertype, Output ist Document. Format: <fqn>@<rtc>. <rtc> ist entweder workspaceName oder applicationName/versionName");
+                               "Wenn gesetzt, werden alle startorder Requests außerhalb von guihttp zuerst vom angegebenen Workflow verarbeitet. Inputs sind Document und Ordertype, Output ist Document. Format: <fqn>@<rtc>. <rtc> ist entweder workspaceName oder applicationName/versionName");
+
 
 
   private static class WorkspaceRevisionBuilder implements XynaPropertyBuilds.Builder<Long> {
@@ -376,6 +386,8 @@ public void onDeployment(EventListener triggerInstance) {
     GENERATION_BASE_CACHE_SIZE.registerDependency(UserType.Filter, NAME);
     USE_CACHE.registerDependency(UserType.Filter, NAME);
     AVARCONSTANTS.registerDependency(UserType.Filter, NAME);
+    STRICT_TRANSPORT_SECURITY.registerDependency(UserType.Filter, NAME);
+    STRICT_TRANSPORT_SECURITY_MAX_AGE.registerDependency(UserType.Filter, NAME);
 
     super.onDeployment(triggerInstance);
   }
@@ -404,6 +416,8 @@ public void onUndeployment(EventListener triggerInstance) {
     GENERATION_BASE_CACHE_SIZE.unregister();
     USE_CACHE.unregister();
     AVARCONSTANTS.unregister();
+    STRICT_TRANSPORT_SECURITY.unregister();
+    STRICT_TRANSPORT_SECURITY_MAX_AGE.unregister();
   }
 
 

modules/xmcp/guihttp/filterimpl/H5XdevFilter/src/com/gip/xyna/xact/filter/JsonFilterActionInstance.java

@@ -74,6 +74,12 @@ protected void sendResponseInternal(HTTPTriggerConnection tc, String status, Str
       throws SocketNotAvailableException {
     this.status = status;
     new OptionsAction(H5XdevFilter.ACCESS_CONTROL_ALLOW_ORIGIN).setAccessControlParameter(tc, this);
+
+    if(H5XdevFilter.STRICT_TRANSPORT_SECURITY.get()) {
+      long maxAge = H5XdevFilter.STRICT_TRANSPORT_SECURITY_MAX_AGE.getMillis() / 1000l;
+      setProperty("Strict-Transport-Security", new StringBuilder().append("max-age=").append(maxAge).append("; includeSubDomains").toString());
+    }
+
     if(shouldZip(tc)) {
       try {
         inputStream = zip(tc, status, mime, inputStream);

modules/xmcp/guihttp/filterimpl/H5XdevFilter/src/com/gip/xyna/xact/filter/actions/auth/LoginAction.java

@@ -23,6 +23,7 @@
 
 import com.gip.xyna.utils.exceptions.XynaException;
 import com.gip.xyna.xact.filter.FilterAction;
+import com.gip.xyna.xact.filter.H5XdevFilter;
 import com.gip.xyna.xact.filter.HTMLBuilder.HTMLPart;
 import com.gip.xyna.xact.filter.JsonFilterActionInstance;
 import com.gip.xyna.xact.filter.actions.PathElements;
@@ -82,10 +83,12 @@ public FilterActionInstance act(URLPath url, HTTPTriggerConnection tc) throws Xy
 
   public static FilterActionInstance createLoginResponse(JsonFilterActionInstance jfai, HTTPTriggerConnection tc, SessionCredentials creds, String path)
       throws XynaException {
-    String sdj = AuthUtils.getSessionDetailsJson(creds.getSessionId(), creds.getToken());
 
+    String sdj = AuthUtils.getSessionDetailsJson(creds.getSessionId(), creds.getToken());
+    String sessionId = H5XdevFilter.STRICT_TRANSPORT_SECURITY.get() ? AuthUtils.COOKIE_FIELD_SESSION_ID_STS : AuthUtils.COOKIE_FIELD_SESSION_ID;
+
     List<String> list = new ArrayList<>();
-    list.add(AuthUtils.generateCookie(AuthUtils.COOKIE_FIELD_SESSION_ID, creds.getSessionId(), path, tc, true));
+    list.add(AuthUtils.generateCookie(sessionId, creds.getSessionId(), path, tc, true));
     if(!AuthUtils.USE_CSRF_TOKEN.get()) {
       list.add(AuthUtils.generateCookie(AuthUtils.COOKIE_FIELD_TOKEN, creds.getToken(), path, tc, true));
     }

modules/xmcp/guihttp/filterimpl/H5XdevFilter/src/com/gip/xyna/xact/filter/actions/auth/LogoutAction.java

@@ -24,6 +24,7 @@
 import com.gip.xyna.XynaFactory;
 import com.gip.xyna.utils.exceptions.XynaException;
 import com.gip.xyna.xact.filter.FilterAction;
+import com.gip.xyna.xact.filter.H5XdevFilter;
 import com.gip.xyna.xact.filter.HTMLBuilder.HTMLPart;
 import com.gip.xyna.xact.filter.JsonFilterActionInstance;
 import com.gip.xyna.xact.filter.actions.PathElements;
@@ -61,8 +62,9 @@ public FilterActionInstance act(URLPath url, HTTPTriggerConnection tc) throws Xy
     XynaFactory.getInstance().getFactoryManagementPortal().quitSession(xpsc.getSessionId());
     LogoutRequest request = (LogoutRequest) Utils.convertJsonToGeneralXynaObjectUsingGuiHttp(payload);
 
+    String sessionId = H5XdevFilter.STRICT_TRANSPORT_SECURITY.get() ? AuthUtils.COOKIE_FIELD_SESSION_ID_STS : AuthUtils.COOKIE_FIELD_SESSION_ID;
     List<String> list = new ArrayList<>();
-    list.add(AuthUtils.generateCookie(AuthUtils.COOKIE_FIELD_SESSION_ID, "-", request.getPath(), tc, false) + "; " + AuthUtils.COOKIE_MARKER_EXPIRED);
+    list.add(AuthUtils.generateCookie(sessionId, "-", request.getPath(), tc, false) + "; " + AuthUtils.COOKIE_MARKER_EXPIRED);
     jfai.setProperty("Set-Cookie", list); //Liste wird dann spaeter (in httptriggerconnection) umgewandelt in mehrere Set-Cookie Headerzeilen
     if(!AuthUtils.USE_CSRF_TOKEN.get()) {
       list.add(AuthUtils.generateCookie(AuthUtils.COOKIE_FIELD_TOKEN, "-", request.getPath(), tc, false) + "; " + AuthUtils.COOKIE_MARKER_EXPIRED);

modules/xmcp/guihttp/filterimpl/H5XdevFilter/src/com/gip/xyna/xact/filter/actions/auth/utils/AuthUtils.java

@@ -33,6 +33,7 @@
 import com.gip.xyna.update.Updater;
 import com.gip.xyna.utils.misc.JsonBuilder;
 import com.gip.xyna.utils.timing.Duration;
+import com.gip.xyna.xact.filter.H5XdevFilter;
 import com.gip.xyna.xact.filter.JsonFilterActionInstance;
 import com.gip.xyna.xact.filter.session.XMOMGuiReply.Status;
 import com.gip.xyna.xact.trigger.HTTPStartParameter;
@@ -58,6 +59,7 @@
 public class AuthUtils {
 
   public final static String COOKIE_FIELD_SESSION_ID = "sessionId";
+  public final static String COOKIE_FIELD_SESSION_ID_STS = "__Secure-sessionId";
 
   /**
    * @deprecated
@@ -80,7 +82,7 @@ public class AuthUtils {
 
   public static final XynaPropertyBoolean USE_CSRF_TOKEN = new XynaPropertyBoolean("xmcp.guihttp.csrf", false)
       .setDefaultDocumentation(DocumentationLanguage.EN, "Add csrf token to login response and validate " + HEADER_FILED_CSRF_TOKEN + " header.")
-      .setDefaultDocumentation(DocumentationLanguage.DE, "Füge csrf token zur login response hinzu und validiere " + HEADER_FILED_CSRF_TOKEN + " heder.");
+      .setDefaultDocumentation(DocumentationLanguage.DE, "Füge csrf token zur login response hinzu und validiere " + HEADER_FILED_CSRF_TOKEN + " heder.");
 
 
   public static void replyModellerLoginRequiredError(HTTPTriggerConnection tc, JsonFilterActionInstance jfai) throws SocketNotAvailableException {
@@ -188,11 +190,12 @@ public static Map<String, String> readCookies(HTTPTriggerConnection tc) {
 
   public static XynaPlainSessionCredentials readCredentialsFromRequest(HTTPTriggerConnection tc) {
     Map<String, String> map = readCookies(tc);
+    String sessionId = H5XdevFilter.STRICT_TRANSPORT_SECURITY.get() ? COOKIE_FIELD_SESSION_ID_STS : COOKIE_FIELD_SESSION_ID;
     if (USE_CSRF_TOKEN.get()) {
       String token = (String) tc.getHeader().get(HEADER_FILED_CSRF_TOKEN);
-      return new XynaPlainSessionCredentials(map.get(COOKIE_FIELD_SESSION_ID), token);
+      return new XynaPlainSessionCredentials(map.get(sessionId), token);
     } else {
-      return new XynaPlainSessionCredentials(map.get(COOKIE_FIELD_SESSION_ID), map.get(COOKIE_FIELD_TOKEN));
+      return new XynaPlainSessionCredentials(map.get(sessionId), map.get(COOKIE_FIELD_TOKEN));
     }
   }
 
@@ -226,7 +229,7 @@ public void append(StringBuilder sb) {
 
   }
 
-  private static final XynaPropertyEnum<SameSite> samesiteproperty = //nicht erlauben, dass cookie für requests von anderen origins benutzt werden darf
+  private static final XynaPropertyEnum<SameSite> samesiteproperty = //nicht erlauben, dass cookie für requests von anderen origins benutzt werden darf
                   new XynaPropertyEnum<SameSite>("xmcp.guihttp.filter.h5xdev.cookie.samesite", SameSite.class, SameSite.STRICT);