Merge branch '7.2'

CHANGELOG.md

@@ -13,6 +13,16 @@ DO NOT ADD CHANGES HERE - ADD THEM USING log_change.sh
 ~~~
 
 
+* Add the un-authenticated API method `/api/authproxy/v1/noauth/fetchClientCredsToken` to effectively proxy for the IDP's token endpoint to obtain an access token using the client credentials flow. The request contains the client credentials and looks like `{ "clientId": "a-client", "clientSecret": "BR9m.....KNQO" }`. The response media type is `text/plain` and contains the access token.
+
+* Change processing user token expiry time from 1year to 10min when using internal identity provider.
+
+* Remove the CLI command `fetch_proc_user_token` as it is now replaced by the `/authproxy/v1/noauth` API method.
+
+* Fix issues with the refreshing of expired authentication tokens. Change the age of the service user token from 1yr to 10mins for the internal IDP.
+
+* Issue **#3947** : Fix owner validation of document permissions when cascading permissions. Now the validation requiring a single owner is only applied to the top level document being edited. Descendant documents may have no owners or multiple owners due to legacy behaviour in stroom. If there is no change to the owner of the top level document then the descendant owners will be ignored. If _Cascade_ is set to _All_ or there is a change to the owner of the top level document and _Cascade_ is set to _Changes Only_ then the top level owner will be made the only owner of all descendants replacing any existing owners. This change also adds a confirmation dialog that shows what changes will be made to descendant documents. See the GitHub issue for examples.
+
 * Issue **#3956** : Fix SearchRequestBuilder reuse.
 
 * Add minor performance optimisation to the byte buffer pool used by the reference data store.

stroom-app/src/main/java/stroom/app/App.java

@@ -19,7 +19,6 @@
 import stroom.app.commands.CreateAccountCommand;
 import stroom.app.commands.CreateApiKeyCommand;
 import stroom.app.commands.DbMigrationCommand;
-import stroom.app.commands.FetchAccessTokenCommand;
 import stroom.app.commands.ManageUsersCommand;
 import stroom.app.commands.ResetPasswordCommand;
 import stroom.app.guice.AppModule;
@@ -189,7 +188,6 @@ private void addCliCommands(final Bootstrap<Config> bootstrap) {
         bootstrap.addCommand(new CreateApiKeyCommand(configFile));
         bootstrap.addCommand(new ResetPasswordCommand(configFile));
         bootstrap.addCommand(new ManageUsersCommand(configFile));
-        bootstrap.addCommand(new FetchAccessTokenCommand(configFile));
     }
 
     @Override

stroom-app/src/main/resources/ui/css/alert.css

@@ -50,6 +50,7 @@
     padding: 5px;
     overflow: auto;
     flex-grow: 1;
+    flex-basis: 20rem;
 
 	border: solid 1px var(--control__border-color);
 	background-color: var(--control__background-color);

stroom-app/src/main/resources/ui/noauth/swagger/stroom.json

@@ -1403,6 +1403,36 @@
         "tags" : [ "Authentication" ]
       }
     },
+    "/authproxy/v1/noauth/fetchClientCredsToken" : {
+      "post" : {
+        "operationId" : "fetchClientCredsToken",
+        "requestBody" : {
+          "content" : {
+            "application/json" : {
+              "schema" : {
+                "$ref" : "#/components/schemas/ClientCredentials"
+              }
+            }
+          },
+          "description" : "clientCredentials",
+          "required" : true
+        },
+        "responses" : {
+          "default" : {
+            "content" : {
+              "text/plain" : {
+                "schema" : {
+                  "type" : "string"
+                }
+              }
+            },
+            "description" : "default response"
+          }
+        },
+        "summary" : "Fetch an access token from the configured IDP using the supplied client credentials",
+        "tags" : [ "AuthProxy" ]
+      }
+    },
     "/cache/v1" : {
       "delete" : {
         "operationId" : "clearCache",
@@ -10969,6 +10999,17 @@
           }
         } ]
       },
+      "ClientCredentials" : {
+        "type" : "object",
+        "properties" : {
+          "clientId" : {
+            "type" : "string"
+          },
+          "clientSecret" : {
+            "type" : "string"
+          }
+        }
+      },
       "ClusterLockKey" : {
         "type" : "object",
         "properties" : {

stroom-app/src/main/resources/ui/noauth/swagger/stroom.yaml

@@ -967,6 +967,27 @@ paths:
       summary: Reset an authenticated user's password.
       tags:
       - Authentication
+  /authproxy/v1/noauth/fetchClientCredsToken:
+    post:
+      operationId: fetchClientCredsToken
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ClientCredentials'
+        description: clientCredentials
+        required: true
+      responses:
+        default:
+          content:
+            text/plain:
+              schema:
+                type: string
+          description: default response
+      summary: Fetch an access token from the configured IDP using the supplied client
+        credentials
+      tags:
+      - AuthProxy
   /cache/v1:
     delete:
       operationId: clearCache
@@ -7538,6 +7559,13 @@ components:
         properties:
           documentUuid:
             type: string
+    ClientCredentials:
+      type: object
+      properties:
+        clientId:
+          type: string
+        clientSecret:
+          type: string
     ClusterLockKey:
       type: object
       properties:

stroom-core-client/src/main/java/stroom/alert/client/event/ConfirmEvent.java

@@ -26,25 +26,42 @@ public class ConfirmEvent extends CommonAlertEvent<ConfirmEvent.Handler> {
     public static GwtEvent.Type<Handler> TYPE;
     private final ConfirmCallback callback;
 
-    private ConfirmEvent(final SafeHtml message, final Level level, final ConfirmCallback callback) {
-        super(message, level);
+    private ConfirmEvent(final SafeHtml message,
+                         final SafeHtml detail,
+                         final Level level,
+                         final ConfirmCallback callback) {
+        super(message, detail, level);
         this.callback = callback;
     }
 
+    public static void fire(final HasHandlers handlers,
+                            final SafeHtml message,
+                            final SafeHtml detail,
+                            final ConfirmCallback callback) {
+        handlers.fireEvent(new ConfirmEvent(message, detail, Level.QUESTION, callback));
+    }
+
     public static void fire(final HasHandlers handlers, final SafeHtml message, final ConfirmCallback callback) {
-        handlers.fireEvent(new ConfirmEvent(message, Level.QUESTION, callback));
+        handlers.fireEvent(new ConfirmEvent(message, null, Level.QUESTION, callback));
+    }
+
+    public static void fireWarn(final HasHandlers handlers,
+                                final SafeHtml message,
+                                final SafeHtml detail,
+                                final ConfirmCallback callback) {
+        handlers.fireEvent(new ConfirmEvent(message, detail, Level.WARN, callback));
     }
 
     public static void fireWarn(final HasHandlers handlers, final SafeHtml message, final ConfirmCallback callback) {
-        handlers.fireEvent(new ConfirmEvent(message, Level.WARN, callback));
+        handlers.fireEvent(new ConfirmEvent(message, null, Level.WARN, callback));
     }
 
     public static void fire(final HasHandlers handlers, final String message, final ConfirmCallback callback) {
-        handlers.fireEvent(new ConfirmEvent(fromString(message), Level.QUESTION, callback));
+        handlers.fireEvent(new ConfirmEvent(fromString(message), null, Level.QUESTION, callback));
     }
 
     public static void fireWarn(final HasHandlers handlers, final String message, final ConfirmCallback callback) {
-        handlers.fireEvent(new ConfirmEvent(fromString(message), Level.WARN, callback));
+        handlers.fireEvent(new ConfirmEvent(fromString(message), null, Level.WARN, callback));
     }
 
     public static Type<Handler> getType() {
@@ -68,6 +85,10 @@ public ConfirmCallback getCallback() {
         return callback;
     }
 
+
+    // --------------------------------------------------------------------------------
+
+
     public interface Handler extends EventHandler {
 
         void onConfirm(ConfirmEvent event);

stroom-core-client/src/main/java/stroom/alert/client/presenter/CommonAlertPresenter.java

@@ -87,7 +87,7 @@ private void doShow() {
                         .build())
                 .height(Size
                         .builder()
-                        .initial(height)
+//                        .initial(height)
                         .min(200)
                         .resizable(true)
                         .build())

stroom-core-shared/src/main/java/stroom/security/shared/ChangeDocumentPermissionsRequest.java

@@ -57,6 +57,10 @@ public Cascade getCascade() {
         return cascade;
     }
 
+
+    // --------------------------------------------------------------------------------
+
+
     public enum Cascade implements HasDisplayValue {
         NO("No"),
         CHANGES_ONLY("Changes only"),
@@ -72,5 +76,9 @@ public enum Cascade implements HasDisplayValue {
         public String getDisplayValue() {
             return displayValue;
         }
+
+        public static boolean isCascading(final Cascade cascade) {
+            return cascade == CHANGES_ONLY || cascade == ALL;
+        }
     }
 }