From 47a1987a1c0bae046fafe482e83a4dbff30fc4bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= <jan.pesek@wultra.com>
Date: Wed, 18 Oct 2023 17:59:10 +0200
Subject: [PATCH 1/3] Fix #1080: Protection against duplicate entries in the
 pa_operation_template table

---
 ...add-constraint-operation-template-name.xml | 14 ++++
 .../1.5.x/db.changelog-version.xml            |  1 +
 .../model/entity/OperationTemplateEntity.java |  2 +-
 .../OperationTemplateRepositoryTest.java      | 76 +++++++++++++++++++
 .../OperationTemplateServiceBehaviorTest.java | 64 ++++++++++++++++
 5 files changed, 156 insertions(+), 1 deletion(-)
 create mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml
 create mode 100644 powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/database/repository/OperationTemplateRepositoryTest.java
 create mode 100644 powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationTemplateServiceBehaviorTest.java

diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml
new file mode 100644
index 000000000..7a5c7d211
--- /dev/null
+++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd">
+
+    <changeSet id="1"  logicalFilePath="powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml" author="Jan Pesek">
+        <preConditions onFail="MARK_RAN">
+            <tableExists tableName="pa_operation_template" />
+            <columnExists tableName="pa_operation_template" columnName="template_name" />
+        </preConditions>
+        <comment>Add unique constraint to pa_operation_template.template_name</comment>
+        <addUniqueConstraint tableName="pa_operation_template" columnNames="template_name" />
+    </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml
index ce290d088..59f934cfe 100644
--- a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml
+++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml
@@ -8,5 +8,6 @@
     <include file="20230426-add-column-totp-seed.xml" relativeToChangelogFile="true" />
     <include file="20230723-add-table-unique-value.xml" relativeToChangelogFile="true" />
     <include file="20230822-add-tag-1.5.0.xml" relativeToChangelogFile="true" />
+    <include file="20231018-add-constraint-operation-template-name.xml" relativeToChangelogFile="true" />
 
 </databaseChangeLog>
\ No newline at end of file
diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/OperationTemplateEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/OperationTemplateEntity.java
index 144545087..d2667980c 100644
--- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/OperationTemplateEntity.java
+++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/OperationTemplateEntity.java
@@ -45,7 +45,7 @@ public class OperationTemplateEntity implements Serializable {
     @Column(name = "id")
     private Long id;
 
-    @Column(name = "template_name", nullable=false)
+    @Column(name = "template_name", nullable=false, unique = true)
     private String templateName;
 
     @Column(name = "operation_type", nullable=false)
diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/database/repository/OperationTemplateRepositoryTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/database/repository/OperationTemplateRepositoryTest.java
new file mode 100644
index 000000000..2e5efcb1f
--- /dev/null
+++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/database/repository/OperationTemplateRepositoryTest.java
@@ -0,0 +1,76 @@
+/*
+ * PowerAuth Server and related software components
+ * Copyright (C) 2023 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.getlime.security.powerauth.app.server.database.repository;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.getlime.security.powerauth.app.server.database.model.entity.OperationTemplateEntity;
+import io.getlime.security.powerauth.crypto.lib.enums.PowerAuthSignatureTypes;
+import org.hibernate.exception.ConstraintViolationException;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.boot.test.autoconfigure.orm.jpa.TestEntityManager;
+import org.springframework.context.annotation.Import;
+
+import java.util.Optional;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * Test for {@link OperationTemplateRepository}.
+ *
+ * @author Jan Pesek, jan.pesek@wultra.com
+ */
+@DataJpaTest
+@Import(ObjectMapper.class)
+class OperationTemplateRepositoryTest {
+
+    @Autowired
+    private OperationTemplateRepository repository;
+
+    @Autowired
+    private TestEntityManager entityManager;
+
+    @Test
+    void testDuplicateOperationTemplateCreation() {
+        final String templateName = "login";
+
+        repository.save(createOperationTemplateEntity(templateName));
+        entityManager.flush();
+
+        Optional<OperationTemplateEntity> entity = repository.findTemplateByName(templateName);
+        assertTrue(entity.isPresent());
+        assertEquals(templateName, entity.get().getTemplateName());
+
+        repository.save(createOperationTemplateEntity(templateName));
+        assertThrows(ConstraintViolationException.class, () -> entityManager.flush());
+    }
+
+    private static OperationTemplateEntity createOperationTemplateEntity(String templateName) {
+        final OperationTemplateEntity entity = new OperationTemplateEntity();
+        entity.setTemplateName(templateName);
+        entity.setOperationType(templateName);
+        entity.setDataTemplate("A2");
+        PowerAuthSignatureTypes[] signatureTypes = {PowerAuthSignatureTypes.POSSESSION};
+        entity.setSignatureType(signatureTypes);
+        entity.setMaxFailureCount(5L);
+        entity.setExpiration(300L);
+        return entity;
+    }
+
+}
diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationTemplateServiceBehaviorTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationTemplateServiceBehaviorTest.java
new file mode 100644
index 000000000..cd62151e8
--- /dev/null
+++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationTemplateServiceBehaviorTest.java
@@ -0,0 +1,64 @@
+/*
+ * PowerAuth Server and related software components
+ * Copyright (C) 2023 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package io.getlime.security.powerauth.app.server.service.behavior.tasks;
+
+import com.wultra.security.powerauth.client.model.enumeration.SignatureType;
+import com.wultra.security.powerauth.client.model.request.OperationTemplateCreateRequest;
+import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException;
+import io.getlime.security.powerauth.app.server.service.model.ServiceError;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * Test for {@link OperationTemplateServiceBehavior}.
+ *
+ * @author Jan Pesek, jan.pesek@wultra.com
+ */
+@SpringBootTest
+class OperationTemplateServiceBehaviorTest {
+
+    @Autowired
+    private OperationTemplateServiceBehavior service;
+
+    @Test
+    void testDuplicateOperationTemplateCreation() throws Exception {
+        final String templateName = "login";
+
+        service.createOperationTemplate(createOperationTemplateCreateRequest("login"));
+        assertFalse(service.getAllTemplates().isEmpty());
+
+        final GenericServiceException exception = assertThrows(GenericServiceException.class, () ->
+                service.createOperationTemplate(createOperationTemplateCreateRequest(templateName)));
+        assertEquals(ServiceError.OPERATION_TEMPLATE_ALREADY_EXISTS, exception.getCode());
+    }
+
+    private static OperationTemplateCreateRequest createOperationTemplateCreateRequest(String templateName) {
+        final OperationTemplateCreateRequest request = new OperationTemplateCreateRequest();
+        request.setTemplateName(templateName);
+        request.setOperationType(templateName);
+        request.setDataTemplate("A2");
+        request.getSignatureType().add(SignatureType.POSSESSION_KNOWLEDGE);
+        request.setMaxFailureCount(5L);
+        request.setExpiration(300L);
+        return request;
+    }
+
+}

From 65486b818eacca12ed60280944eead1b8da104a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= <jan.pesek@wultra.com>
Date: Tue, 24 Oct 2023 16:43:12 +0200
Subject: [PATCH 2/3] Move liquibase changelog to 1.6.x and fix other issues

---
 .../1.5.x/db.changelog-version.xml                    |  1 -
 ...0231018-add-constraint-operation-template-name.xml | 11 ++++++-----
 .../1.6.x/db.changelog-version.xml                    |  8 ++++++++
 .../powerauth-java-server/db.changelog-module.xml     |  1 +
 .../tasks/OperationTemplateServiceBehaviorTest.java   |  2 +-
 5 files changed, 16 insertions(+), 7 deletions(-)
 rename docs/db/changelog/changesets/powerauth-java-server/{1.5.x => 1.6.x}/20231018-add-constraint-operation-template-name.xml (56%)
 create mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.6.x/db.changelog-version.xml

diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml
index 59f934cfe..ce290d088 100644
--- a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml
+++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml
@@ -8,6 +8,5 @@
     <include file="20230426-add-column-totp-seed.xml" relativeToChangelogFile="true" />
     <include file="20230723-add-table-unique-value.xml" relativeToChangelogFile="true" />
     <include file="20230822-add-tag-1.5.0.xml" relativeToChangelogFile="true" />
-    <include file="20231018-add-constraint-operation-template-name.xml" relativeToChangelogFile="true" />
 
 </databaseChangeLog>
\ No newline at end of file
diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml b/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231018-add-constraint-operation-template-name.xml
similarity index 56%
rename from docs/db/changelog/changesets/powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml
rename to docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231018-add-constraint-operation-template-name.xml
index 7a5c7d211..b44048f4d 100644
--- a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml
+++ b/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231018-add-constraint-operation-template-name.xml
@@ -3,12 +3,13 @@
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd">
 
-    <changeSet id="1"  logicalFilePath="powerauth-java-server/1.5.x/20231018-add-constraint-operation-template-name.xml" author="Jan Pesek">
+    <changeSet id="1" logicalFilePath="powerauth-java-server/1.6.x/20231018-add-constraint-operation-template-name.xml" author="Jan Pesek">
         <preConditions onFail="MARK_RAN">
-            <tableExists tableName="pa_operation_template" />
-            <columnExists tableName="pa_operation_template" columnName="template_name" />
+            <not>
+                <uniqueConstraintExists tableName="pa_operation_template" columnNames="template_name" constraintName="pa_operation_template_template_name_uk" />
+            </not>
         </preConditions>
         <comment>Add unique constraint to pa_operation_template.template_name</comment>
-        <addUniqueConstraint tableName="pa_operation_template" columnNames="template_name" />
+        <addUniqueConstraint tableName="pa_operation_template" columnNames="template_name" constraintName="pa_operation_template_template_name_uk" />
     </changeSet>
-</databaseChangeLog>
\ No newline at end of file
+</databaseChangeLog>
diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.6.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.6.x/db.changelog-version.xml
new file mode 100644
index 000000000..d362d850e
--- /dev/null
+++ b/docs/db/changelog/changesets/powerauth-java-server/1.6.x/db.changelog-version.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd">
+
+    <include file="20231018-add-constraint-operation-template-name.xml" relativeToChangelogFile="true" />
+
+</databaseChangeLog>
diff --git a/docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml b/docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml
index 59f6011e5..cae01c7d2 100644
--- a/docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml
+++ b/docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml
@@ -14,5 +14,6 @@
 
     <include file="1.4.x/db.changelog-version.xml" relativeToChangelogFile="true" />
     <include file="1.5.x/db.changelog-version.xml" relativeToChangelogFile="true" />
+    <include file="1.6.x/db.changelog-version.xml" relativeToChangelogFile="true" />
 
 </databaseChangeLog>
\ No newline at end of file
diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationTemplateServiceBehaviorTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationTemplateServiceBehaviorTest.java
index cd62151e8..ab4b1782e 100644
--- a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationTemplateServiceBehaviorTest.java
+++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationTemplateServiceBehaviorTest.java
@@ -42,7 +42,7 @@ class OperationTemplateServiceBehaviorTest {
     void testDuplicateOperationTemplateCreation() throws Exception {
         final String templateName = "login";
 
-        service.createOperationTemplate(createOperationTemplateCreateRequest("login"));
+        service.createOperationTemplate(createOperationTemplateCreateRequest(templateName));
         assertFalse(service.getAllTemplates().isEmpty());
 
         final GenericServiceException exception = assertThrows(GenericServiceException.class, () ->

From 525862e72107e4e974a24199a713555e4f479cbf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= <jan.pesek@wultra.com>
Date: Mon, 30 Oct 2023 09:25:04 +0100
Subject: [PATCH 3/3] Add a migration guide for the table change

---
 docs/PowerAuth-Server-1.6.0.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 docs/PowerAuth-Server-1.6.0.md

diff --git a/docs/PowerAuth-Server-1.6.0.md b/docs/PowerAuth-Server-1.6.0.md
new file mode 100644
index 000000000..6101a7856
--- /dev/null
+++ b/docs/PowerAuth-Server-1.6.0.md
@@ -0,0 +1,9 @@
+# Migration from 1.5.x to 1.6.0
+
+This guide contains instructions for migration from PowerAuth Server version `1.5.x` to version `1.6.0`.
+
+## Database Changes
+
+### Forbid name duplication for operation templates.
+
+Add unique constraint to `templateName` column in `pa_operation_template` table.