#8 integrate selfhosted gitlab support

README.md

@@ -200,7 +200,7 @@ CREATE DATABASE lavagna CHARACTER SET utf8 COLLATE utf8_bin;
 Jacoco plugin is used.
 
 ```
-mvn test jacoco:report
+mvn clean test jacoco:report
 ```
 
 -> open target/site/jacoco/index.html with your browser

pom.xml

@@ -214,13 +214,13 @@
 		<dependency>
 			<groupId>org.postgresql</groupId>
 			<artifactId>postgresql</artifactId>
-			<version>9.4-1201-jdbc41</version>
+			<version>9.4-1202-jdbc42</version>
 		</dependency>
 
 		<dependency>
         	<groupId>com.zaxxer</groupId>
         	<artifactId>HikariCP</artifactId>
-        	<version>2.4.0</version>
+        	<version>2.4.1</version>
     	</dependency>
 
 		<dependency>
@@ -238,14 +238,14 @@
 		<dependency>
 			<groupId>org.projectlombok</groupId>
 			<artifactId>lombok</artifactId>
-			<version>1.16.4</version>
+			<version>1.16.6</version>
 			<scope>provided</scope>
 		</dependency>
 
 		<dependency>
 			<groupId>org.mnode.ical4j</groupId>
 			<artifactId>ical4j</artifactId>
-			<version>2.0-alpha1</version>
+			<version>2.0-beta1</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.codehaus.groovy</groupId>
@@ -262,8 +262,8 @@
 	<!-- -->
 	<properties>
 		<org.apache.logging.log4j.version>2.3</org.apache.logging.log4j.version>
-		<org.springframework.version>4.2.0.RELEASE</org.springframework.version>
-		<org.eclipse.jetty.version>9.3.2.v20150730</org.eclipse.jetty.version>
+		<org.springframework.version>4.2.1.RELEASE</org.springframework.version>
+		<org.eclipse.jetty.version>9.3.3.v20150827</org.eclipse.jetty.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<sonar.sources>src/main</sonar.sources>
 	</properties>

src/main/java/io/lavagna/config/WebSecurityConfig.java

@@ -43,7 +43,6 @@
 import io.lavagna.web.security.login.LdapLogin;
 import io.lavagna.web.security.login.LdapLogin.LdapAuthenticator;
 import io.lavagna.web.security.login.OAuthLogin;
-import io.lavagna.web.security.login.OAuthLogin.Handler;
 import io.lavagna.web.security.login.OAuthLogin.OAuthConfiguration;
 import io.lavagna.web.security.login.OAuthLogin.OauthConfigurationFetcher;
 import io.lavagna.web.security.login.PersonaLogin.AudienceFetcher;
@@ -234,10 +233,10 @@ public OAuthLogin oauthLogin(Users users, SessionHandler sessionHandler, final C
         OauthConfigurationFetcher configurationFetcher = new OauthConfigurationFetcher() {
             @Override
             public OAuthConfiguration fetch() {
-                return Json.GSON.fromJson(configurationRepository.getValue(Key.OAUTH_CONFIGURATION), OAuthConfiguration.class);
+                return Json.GSON.fromJson(configurationRepository.getValueOrNull(Key.OAUTH_CONFIGURATION), OAuthConfiguration.class);
             }
         };
-        return new OAuthLogin(users, sessionHandler, configurationFetcher, new Handler(new ServiceBuilder()), "/login?error-oauth");
+        return new OAuthLogin(users, sessionHandler, configurationFetcher, new ServiceBuilder(), "/login?error-oauth");
     }
 
     @Lazy

src/main/java/io/lavagna/model/Event.java

@@ -20,10 +20,12 @@
 
 import java.util.Date;
 
+import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import ch.digitalfondue.npjt.ConstructorAnnotationRowMapper.Column;
 
 @Getter
+@EqualsAndHashCode
 public class Event {
 
 	public enum EventType {

src/main/java/io/lavagna/model/util/CalendarTokenNotFoundException.java

@@ -17,5 +17,5 @@
 package io.lavagna.model.util;
 
 public class CalendarTokenNotFoundException extends Exception {
-
+    private static final long serialVersionUID = 409239162302125547L;
 }

src/main/java/io/lavagna/query/CardQuery.java

@@ -65,11 +65,11 @@ int createCard(@Bind("name") String name, @Bind("columnId") int columnId, @Bind(
 	List<CardFull> findCardBy(@Bind("term") String term, @Bind("boardShortName") String maybeBoardShortName, @Bind("sequenceNr") Integer maybeSequenceNumber, 
 			@Bind("projectIdFilter") Set<Integer> projectIdFilter);
 
-	@Query("SELECT * FROM LA_CARD_FULL WHERE (LOWER(CARD_NAME) LIKE CONCAT('%', CONCAT(LOWER(:term), '%')) OR CARD_SEQ_NUMBER LIKE CONCAT(:term, '%')" 
-			+ " OR (" + FIND_CARD_BY_BOARD_SHORT_NAME + FIND_CARD_BY_SEQ_NR + ")) ORDER BY BOARD_SHORT_NAME ASC, CARD_SEQ_NUMBER ASC LIMIT 10")
+	@Query("SELECT * FROM LA_CARD_FULL WHERE :term IS NOT NULL AND ((LOWER(CARD_NAME) LIKE CONCAT('%', CONCAT(LOWER(:term), '%')) OR CARD_SEQ_NUMBER LIKE CONCAT(:term, '%')" 
+			+ " OR (" + FIND_CARD_BY_BOARD_SHORT_NAME + FIND_CARD_BY_SEQ_NR + "))) ORDER BY BOARD_SHORT_NAME ASC, CARD_SEQ_NUMBER ASC LIMIT 10")
 	@QueriesOverride({
-		@QueryOverride(db = DB.PGSQL, value = "SELECT * FROM LA_CARD_FULL WHERE (LOWER(CARD_NAME) LIKE CONCAT('%', CONCAT(LOWER(:term), '%')) OR CAST(CARD_SEQ_NUMBER AS TEXT) LIKE CONCAT(:term, '%') "
-				+ " OR (" + FIND_CARD_BY_BOARD_SHORT_NAME + ")) ORDER BY BOARD_SHORT_NAME ASC, CARD_SEQ_NUMBER ASC LIMIT 10")
+		@QueryOverride(db = DB.PGSQL, value = "SELECT * FROM LA_CARD_FULL WHERE :term IS NOT NULL AND ((LOWER(CARD_NAME) LIKE CONCAT('%', CONCAT(LOWER(:term), '%')) OR CAST(CARD_SEQ_NUMBER AS TEXT) LIKE CONCAT(:term, '%') "
+				+ " OR (" + FIND_CARD_BY_BOARD_SHORT_NAME + "))) ORDER BY BOARD_SHORT_NAME ASC, CARD_SEQ_NUMBER ASC LIMIT 10")
 	})
 	List<CardFull> findCardBy(@Bind("term") String term, @Bind("boardShortName") String maybeBoardShortName, @Bind("sequenceNr") Integer maybeSequenceNumber);
 

src/main/java/io/lavagna/service/CardRepository.java

@@ -108,6 +108,14 @@ public List<Event> fetchAllActivityByCardId(int cardId) {
 		return queries.fetchAllActivityByCardId(cardId);
 	}
 
+	/**
+	 * 10 element per page. Return 11 elements for signaling if there are more pages
+	 * 
+	 * @param boardId
+	 * @param location
+	 * @param page
+	 * @return
+	 */
 	public List<Card> fetchPaginatedByBoardIdAndLocation(int boardId, BoardColumnLocation location, int page) {
 		return queries.fetchPaginatedByBoardIdAndLocation(boardId, location.toString(), 11, page * 10);
 	}
@@ -294,6 +302,7 @@ public void processRow(ResultSet rs) throws SQLException {
 		return res;
 	}
 
+	//TODO: not happy about the interface of this one...
 	public List<CardFull> findCardBy(String term, Set<Integer> projectIds) {
 
 		String maybeBoardShortName = null;
@@ -310,9 +319,13 @@ public List<CardFull> findCardBy(String term, Set<Integer> projectIds) {
 				}
 			}
 		}
-
-
-		return projectIds == null ? queries.findCardBy(term, maybeBoardShortName, maybeSequenceNumber) : queries.findCardBy(term, maybeBoardShortName, maybeSequenceNumber, projectIds);
+		if(projectIds == null) {
+		    return queries.findCardBy(term, maybeBoardShortName, maybeSequenceNumber);
+		} else if (projectIds.isEmpty()){
+		    return Collections.emptyList();
+		} else {
+		    return queries.findCardBy(term, maybeBoardShortName, maybeSequenceNumber, projectIds);
+		}
 	}
 
 	public int getOpenCardsCountByUserId(int id) {

src/main/java/io/lavagna/service/UserRepository.java

@@ -87,6 +87,14 @@ public List<User> findUsers(String criteria) {
         return queries.findUsers(criteria);
     }
 
+    /**
+     * Find users that have access to specific project
+     * 
+     * @param criteria
+     * @param projectId
+     * @param permission
+     * @return
+     */
     public List<User> findUsers(String criteria, int projectId, Permission permission) {
         return queries.findUsers(criteria, projectId, permission.toString());//
     }

src/main/java/io/lavagna/web/api/CalendarController.java

@@ -16,7 +16,6 @@
  */
 package io.lavagna.web.api;
 
-import static org.apache.commons.lang3.ArrayUtils.contains;
 import io.lavagna.model.CalendarInfo;
 import io.lavagna.model.Permission;
 import io.lavagna.model.UserWithPermission;
@@ -34,7 +33,6 @@
 import net.fortuna.ical4j.model.Calendar;
 import net.fortuna.ical4j.model.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.env.Environment;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -46,13 +44,11 @@ public class CalendarController {
 
     private final UserRepository userRepository;
     private final CalendarService calendarService;
-    private final Environment env;
 
     @Autowired
-    public CalendarController(UserRepository userRepository, CalendarService calendarService, Environment env) {
+    public CalendarController(UserRepository userRepository, CalendarService calendarService) {
         this.userRepository = userRepository;
         this.calendarService = calendarService;
-        this.env = env;
     }
 
     @ExpectPermission(Permission.UPDATE_PROFILE)

src/main/java/io/lavagna/web/api/LoginInfoController.java

@@ -0,0 +1,115 @@
+/**
+ * This file is part of lavagna.
+ *
+ * lavagna is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * lavagna is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with lavagna.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.lavagna.web.api;
+
+import io.lavagna.common.Json;
+import io.lavagna.model.Key;
+import io.lavagna.model.Permission;
+import io.lavagna.service.ConfigurationRepository;
+import io.lavagna.web.helper.ExpectPermission;
+import io.lavagna.web.security.LoginHandler;
+import io.lavagna.web.security.login.OAuthLogin;
+import io.lavagna.web.security.login.oauth.OAuthResultHandlerFactory;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.http.HttpServletRequest;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
+
+import com.google.gson.reflect.TypeToken;
+
+@RestController
+@ExpectPermission(Permission.ADMINISTRATION)
+public class LoginInfoController {
+
+    private final ConfigurationRepository configurationRepository;
+    private final OAuthLogin oauthLogin;
+
+    @Autowired
+    public LoginInfoController(ConfigurationRepository configurationRepository, OAuthLogin oauthLogin) {
+        this.configurationRepository = configurationRepository;
+        this.oauthLogin = oauthLogin;
+    }
+
+    @RequestMapping(value = "/api/login/all", method = RequestMethod.GET)
+    public Collection<String> getAllLoginProviders(HttpServletRequest request) {
+        WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext());
+        List<String> res = new ArrayList<>();
+        for(LoginHandler handler : ctx.getBeansOfType(LoginHandler.class).values()) {
+            res.addAll(handler.getAllHandlerNames());
+        }
+        Collections.sort(res);
+        return res;
+    }
+
+    @Getter
+    @AllArgsConstructor
+    public static class OAuthProviderInfo implements Comparable<OAuthProviderInfo> {
+        private final String name;
+        private final boolean hasConfigurableBaseUrl;
+        private final boolean isConfigurableInstance;
+
+        @Override
+        public int compareTo(OAuthProviderInfo o) {
+            return name.compareTo(o.name);
+        }
+    }
+
+    @RequestMapping(value = "/api/login/oauth/all", method = RequestMethod.GET)
+    public Collection<OAuthProviderInfo> getAllUnprefixedOauthProviders() {
+        List<OAuthProviderInfo> res = new ArrayList<>();
+        for(Entry<String, OAuthResultHandlerFactory> e : oauthLogin.getAllHandlers().entrySet()) {
+            res.add(new OAuthProviderInfo(e.getKey(), e.getValue().hasConfigurableBaseUrl(), e.getValue().isConfigurableInstance()));
+        }
+        Collections.sort(res);
+        return res;
+    }
+
+    @RequestMapping(value = "/api/login/all-base-with-activation-status", method = RequestMethod.GET)
+    public Map<String, Boolean> getLoginWithActivationStatus(HttpServletRequest request) {
+
+        WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(request.getServletContext());
+        Map<String, Boolean> res = new HashMap<>();
+        for(LoginHandler handler : ctx.getBeansOfType(LoginHandler.class).values()) {
+            res.put(handler.getBaseProviderName().toUpperCase(Locale.ENGLISH), false);
+        }
+
+        List<String> enabled = Json.GSON.fromJson(configurationRepository.getValue(Key.AUTHENTICATION_METHOD), (new TypeToken<List<String>>() {}).getType());
+        for(String e : enabled) {
+            res.put(e.toUpperCase(Locale.ENGLISH), true);
+        }
+
+        return res;
+    }
+
+}

src/main/java/io/lavagna/web/security/HSTSFilter.java

@@ -108,8 +108,7 @@ private static String reqUriWithoutContextPath(HttpServletRequest request) {
     }
 
     private static boolean isOverHttps(HttpServletRequest req) {
-        return req.isSecure() || req.getRequestURL().toString().startsWith("https://")
-                || StringUtils.equals("https", req.getHeader("X-Forwarded-Proto"));
+        return req.isSecure() || req.getRequestURL().toString().startsWith("https://") || StringUtils.equals("https", req.getHeader("X-Forwarded-Proto"));
     }
 
 }

src/main/java/io/lavagna/web/security/LoginHandler.java

@@ -21,6 +21,7 @@
 
 import java.io.IOException;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import javax.servlet.ServletException;
@@ -34,6 +35,9 @@ public interface LoginHandler {
 	boolean doAction(HttpServletRequest req, HttpServletResponse resp) throws IOException;
 
 	boolean handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException;
+
+	List<String> getAllHandlerNames();
+	String getBaseProviderName();
 
 	Map<String, Object> modelForLoginPage(HttpServletRequest request);
 

src/main/java/io/lavagna/web/security/login/DemoLogin.java

@@ -70,4 +70,14 @@ public Map<String, Object> modelForLoginPage(HttpServletRequest request) {
 		r.put("loginDemo", "block");
 		return r;
 	}
+
+    @Override
+    public List<String> getAllHandlerNames() {
+        return Collections.singletonList(USER_PROVIDER);
+    }
+
+    @Override
+    public String getBaseProviderName() {
+        return USER_PROVIDER;
+    }
 }

src/main/java/io/lavagna/web/security/login/LdapLogin.java

@@ -88,4 +88,14 @@ public interface LdapAuthenticator {
 	    boolean authenticate(String username, String password);
 	}
 
+    @Override
+    public List<String> getAllHandlerNames() {
+        return Collections.singletonList(USER_PROVIDER);
+    }
+
+    @Override
+    public String getBaseProviderName() {
+        return USER_PROVIDER;
+    }
+
 }